Interesting experience: trying to get a ... / 2010-10-30

2010-10-30 Interesting experience: trying to get a ... 9 years ago
Interesting experience: trying to get a peek at a spamvertised website with lynx, and all of a sudden all the IPs of the site stop responding on port 80. Makes me think research with a bit of caution is unwanted. Maybe time to fake the user-agent to be a vulnerable Internet Explorer (although things like p0f will still detect linux, that's a bit harder to fake).

The spam was a faked facebook notification:

   Hi,
   You haven't been back to Facebook recently. You have received
   notifications while you were gone.
Easy to spot as fake: I can't go back to facebook because I don't have an account there. "Facebook" makes Echelon look like a childish attempt at gathering information about people so I'll skip.

All links in the mail were to http://yourrxpress.net/ which resolves to:

yourrxpress.net has address 88.255.78.101
yourrxpress.net has address 88.255.78.102
yourrxpress.net has address 86.55.211.121
yourrxpress.net has address 86.55.211.122
yourrxpress.net has address 86.55.211.123
Interesting that *all* IPs started to firewall after I tried two times with lynx.

Tags: , , ,

, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred.

PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers pgp key statistics for 0x5BA9368BE6F334E4 Koos van den Hout
RSS
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated in 0.004045 seconds.