2010-10-30 Interesting experience: trying to get a ...
Interesting experience: trying to get a peek at a spamvertised website with lynx, and all of a sudden all the IPs of the site stop responding on port 80. Makes me think research with a bit of caution is unwanted. Maybe time to fake the user-agent to be a vulnerable Internet Explorer (although things like p0f will still detect linux, that's a bit harder to fake).
The spam was a faked facebook notification:
Hi, You haven't been back to Facebook recently. You have received notifications while you were gone.Easy to spot as fake: I can't go back to facebook because I don't have an account there. "Facebook" makes Echelon look like a childish attempt at gathering information about people so I'll skip.
All links in the mail were to http://yourrxpress.net/ which resolves to:yourrxpress.net has address 220.127.116.11 yourrxpress.net has address 18.104.22.168 yourrxpress.net has address 22.214.171.124 yourrxpress.net has address 126.96.36.199 yourrxpress.net has address 188.8.131.52Interesting that *all* IPs started to firewall after I tried two times with lynx.