Written by James McDonald

February 21, 2013

Normally when I get a SPAM email with a weblink in it I like to have a look at what is on the remote page without allowing it to exploit Firefox, Internet Explorer or Chrome vulnerabilities.

So I request the bogus page using wget

When requesting a SPAM link using wget the first couple of pages can usually be a redirect to another or a series of sites.

This time I tried to request the urls in the SPAM pages and I got 403 permission denied with my wget client. It was actively rejecting the wget HTTP_USER_AGENT of “Wget/1.14 (linux-gnu)”. So I used the -U wget option to request the page via wget but with a user agent from my Chrome browser.

wget -S \
-U "Mozilla/5.0 (X11; Linux x86_64) \
AppleWebKit/537.17 (KHTML, like Gecko) \
Chrome/24.0.1312.70 Safari/537.17" \

This successfully downloaded the SPAM page.

But I discovered looking at the HTML a cool weblink that returns the geoip location

If you go here http://j.maxmind.com/app/geoip.js

You get this javascript snippet:

function geoip_country_code() { return 'AU'; }
function geoip_country_name() { return 'Australia'; }
function geoip_city()         { return 'Baulkham Hills'; }
function geoip_region()       { return '02'; }
function geoip_region_name()  { return 'New South Wales'; }
function geoip_latitude()     { return '-33.7500'; }
function geoip_longitude()    { return '151.0000'; }
function geoip_postal_code()  { return ''; }
function geoip_area_code()    { return ''; }
function geoip_metro_code()   { return ''; }

So I finally understand how bogus dating ads say you can meet people from reasonably nearby because they are using the GeoIP information provided by a provider such as maxmind.com



Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Meraki Open Source Licenses

Until today I assumed that Meraki was built in-house with only closed source software. But having a look at the...


If you have Veeam backup failing with the Updating BCD failed with Cannot update SafeBoot flag and SentinelOne is...