Normally when I get a SPAM email with a weblink in it I like to have a look at what is on the remote page without allowing it to exploit Firefox, Internet Explorer or Chrome vulnerabilities.

So I request the bogus page using wget

When requesting a SPAM link using wget the first couple of pages can usually be a redirect to another or a series of sites.

This time I tried to request the urls in the SPAM pages and I got 403 permission denied with my wget client. It was actively rejecting the wget HTTP_USER_AGENT of “Wget/1.14 (linux-gnu)”. So I used the -U wget option to request the page via wget but with a user agent from my Chrome browser.

wget -S \
-U "Mozilla/5.0 (X11; Linux x86_64) \
AppleWebKit/537.17 (KHTML, like Gecko) \
Chrome/24.0.1312.70 Safari/537.17" \
http://losebellyfatwinners.com/

This successfully downloaded the SPAM page.

But I discovered looking at the HTML a cool weblink that returns the geoip location

If you go here http://j.maxmind.com/app/geoip.js

You get this javascript snippet:

function geoip_country_code() { return 'AU'; }
function geoip_country_name() { return 'Australia'; }
function geoip_city()         { return 'Baulkham Hills'; }
function geoip_region()       { return '02'; }
function geoip_region_name()  { return 'New South Wales'; }
function geoip_latitude()     { return '-33.7500'; }
function geoip_longitude()    { return '151.0000'; }
function geoip_postal_code()  { return ''; }
function geoip_area_code()    { return ''; }
function geoip_metro_code()   { return ''; }

So I finally understand how bogus dating ads say you can meet people from reasonably nearby because they are using the GeoIP information provided by a provider such as maxmind.com