Another MSN Spam Domain


Here reported a fast analysis of the latest domain catched by my MSN-HoneyPot

Today I received the following advisory by my offline contact:

Xxx scrive:
%random2% hello %random3%

Let’s dissect

Source code for:
Server IP: [ ]
hpHosts Status: Not Checked
MDL Status: Not Checked
PhishTank Status: Not Checked
Date: sabato 20 dicembre 2008

<meta HTTP-EQUIV=”REFRESH” content=”0; url=″>

As you can see its used a Metarefresh = 0 that silently redirects you to

<script language=”JavaScript”>
function x(){window.status=”SOHBET”}
function y(){self.focus()};

<meta http-equiv=”refresh” content=”0;url=“>

Another Metarefresh for

This is the Destination URL..

as you can understand this time we are in front off an MSN Spam Domain..

Server Type: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7a
mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/
IP Address:



DNS Lookup


IP Location Malaysia
– Wilayah Persekutuan – Kuala Lumpur – Whei Meng Wong
Response Code: 200
Domain Status: Registered And Active Website

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: