Is this a bad cookie?

Discussion in 'SpywareBlaster & Other Forum' started by Mr Smith, May 25, 2005.

Thread Status:
Not open for further replies.
  1. Mr Smith

    Mr Smith Registered Member

    Joined:
    May 25, 2005
    Posts:
    4
    First thing I want to say is I do not know alot about computers, ok , now why I am here. My ZoneAlarm told me my IE had sent someting to an IP address called h8.aintermail.net (I was too busy to read the warning so I allowed it :doubt: ) I then did a google search to see what i could find & all I found was this.....
    // (c) 2004 Acrelic Interactive. All rights reserved worldwide.
    var co = "iqp";
    var hostPort = "ai.aintermail.net";

    loc = new String( document.location );
    proto = loc.substr( 0, 5 );
    if( proto == "http:" )
    {
    document.write('<img src="http://h8.aintermail.net/images/mlopen_track.html?mlid=538"></img>' );
    document.write('<img src="http://h8.aintermail.net/images/mlopen_track.html?mlid=539"></img>' );
    document.write('<img src="http://h8.aintermail.net/images/mlopen_track.html?mlid=540"></img>' );
    document.write('<img src="http://h8.aintermail.net/images/mlopen_track.html?mlid=541"></img>' );
    document.write('<img src="http://h8.aintermail.net/images/mlopen_track.html?mlid=670"></img>' );
    document.write('<img src="http://h8.aintermail.net/images/mlopen_track.html?mlid=1022"></img>' );
    document.write('<img src="http://h8.aintermail.net/images/mlopen_track.html?mlid=1023"></img>' );
    document.write('<img src="http://h8.aintermail.net/images/mlopen_track.html?mlid=1024"></img>' );
    }

    var domain = null;
    function writeTag( actionCode )
    {
    if( proto == "http:" )
    {
    var name = "val_50567"; // "ai-vb";
    var value = getCookieValue( name );
    var tag = "";

    // if( value == null ) alert( "writeTag() writing new cookie; value == null" );
    // else if( value.length == 0 ) alert( "writeTag() writing new cookie; value.length == 0 " );

    if( value == null || value.length == 0 )
    {
    value = writeCookie( co, name );
    }

    switch( actionCode )
    {
    case 0: // Hidden INPUT text box
    tag = "<input type='hidden' name='" + name + "' value='" + value + "'></input>";
    //tag = "<input type='text' name='" + name + "' value='" + value + "'></input>";
    break;
    case 1: // Standard IMG tracking tag
    // tag = "<img src='http://" + hostPort + "/spacer.gif'></img>";
    tag = "<img src='http://" + hostPort + "/spacer.gif?vb=" + value + "'></img>";
    break;
    }
    document.write( tag );

    // alert( tag );
    }
    }// writeTag()

    function getCookieValueByOffset( beginOffset )
    {
    var endOffset = document.cookie.indexOf( ";", beginOffset );
    if( endOffset == -1 ) endOffset = document.cookie.length;
    return unescape( document.cookie.substring( beginOffset, endOffset ) );
    }// getCookieValueByOffset()

    function getCookieValue( name )
    {
    var beginNameOffset = 0;
    var cookieLength = document.cookie.length;
    var nameEq = name + "=";
    var nameEqLength = nameEq.length;
    while( beginNameOffset < cookieLength )
    {
    var beginValueOffset = beginNameOffset + nameEqLength;
    if( document.cookie.substring( beginNameOffset, beginValueOffset ) == nameEq )
    {
    return getCookieValueByOffset( beginValueOffset );
    }
    beginNameOffset = document.cookie.indexOf( " ", beginNameOffset );
    if( beginNameOffset == -1 )
    {
    return null;
    }
    beginNameOffset++;
    }
    return null;
    }// getCookieValue()

    function getRandomInteger()
    {
    return Math.round( Math.random() * 100000 );
    }// getRandomInteger()

    function writeCookie( co, name )
    {
    // Write a vb into a new cookie that expires approx. two years from today.
    var d = new Date();
    var th = d.getTime();
    th = "" + th;
    var ip = '<!--#echo var="REMOTE_ADDR"-->';
    var value = co + ":" + ip + ":" + getRandomInteger();
    var thLength = 32 - value.length;
    value += th.substring( th.length - thLength, th.length );
    var expires = new Date( d.getTime() + ( 3600000 * 24 * 365 * 2 ) );
    var fullCookieValue = escape( name ) + "=" + escape( value ) +
    "; expires=" + expires.toGMTString() + "; path=/;";
    if( domain != null && domain.length() > 0 )
    {
    fullCookieValue += " domain=" + domain + ";";
    }
    document.cookie = fullCookieValue;
    return value;
    }// writeCookie()

    writeTag(1);

    // EOF

    .....is this info on how to make a cookie? if so is it a bad one, I think it is because it sent info from my pc, & can you please add this cookie to the list of coockies in Spyware Blaster. I have banned my pc from communicating with the IP range this was connecting to 208.48.64.0-208.48.127.255
    Thanks for any replys you can give me, & I say again can you ad it to the banned list in spyware Blaster, Mr Smith. :)
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey Mr. Smith,

    Just curious....does EmailLabs ring a bell with you :doubt:
     
  3. Mr Smith

    Mr Smith Registered Member

    Joined:
    May 25, 2005
    Posts:
    4
    Sorry no! who are they? When I click on your link it `times out`!
     
  4. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    It appears they are an e-mail company or portal....and when I went to the URL you had in your first post(h8.aintermail.net)....it took me to a page dealing with EmailLabs....which is the same thing as going to www.elabs3.com

    Who is your ISP and\or who is your e-mail provider :doubt:
    Hmmm....I just went to it again and it goes right there.
     

    Attached Files:

  5. Mr Smith

    Mr Smith Registered Member

    Joined:
    May 25, 2005
    Posts:
    4
    I had my firewall setup to block that IP :oops: I had a look but still don`t know who they are! my email is by o2.pl , I`m in Poland & my ISP is TPSA.sa , I think anyway, because they showup alot on my fire wall log, I`m linked to the internet via a local private computer/server. I haven`t been to their site today either so how did i get that cookie or whatever it is/was.Also today I had a look to see what ports were listening & 2 of the ports were TCP445 & TCP135, on a web site that lists trojans & ports that they use it said that these are trojan ports, is that right that if these 2 ports are listening that it is `always` because of a trojan?
    Thanks Mr Smith :doubt:
     
Thread Status:
Not open for further replies.