2010-10-30
Interesting experience: trying to get a ...
Interesting experience: trying to get a peek at a spamvertised website with lynx, and all of a sudden all the IPs of the site stop responding on port 80. Makes me think research with a bit of caution is unwanted. Maybe time to fake the user-agent to be a vulnerable Internet Explorer (although things like p0f will still detect linux, that's a bit harder to fake).The spam was a faked facebook notification:
Hi, You haven't been back to Facebook recently. You have received notifications while you were gone.Easy to spot as fake: I can't go back to facebook because I don't have an account there. "Facebook" makes Echelon look like a childish attempt at gathering information about people so I'll skip.All links in the mail were to http://yourrxpress.net/ which resolves to:
yourrxpress.net has address 88.255.78.101 yourrxpress.net has address 88.255.78.102 yourrxpress.net has address 86.55.211.121 yourrxpress.net has address 86.55.211.122 yourrxpress.net has address 86.55.211.123Interesting that *all* IPs started to firewall after I tried two times with lynx.