On Fri, 2009-09-11 at 14:37 +0200, Matus UHLAR - fantomas wrote: > On 10.09.09 18:28, MySQL Student wrote: > > I've seen this pattern in spam quite a bit lately: > > > > href="http://EXAMPLE.com/jazert/html/?39.6d.3d.31.66.67.6b.79.77.63.77.63.65.6e.74.69.6e.6e.69 > > .61.6c.5f.68.31.33.33.2e.6f.39.39.41.4d.2e.30.30.45.33.39.2e.30.32.30.61.64.6b.37.61.76.61.67.63.31.66. > > 62.2e.6a.61.7a.65.72.74.2e.68.74.6d.6c3az8fO" > > what kind of URL/service is this? Isn't it worth to block this at all?
The 'doubleheadedrover' domain currently shows up in Razor(E8), uribl_black, surbl_jp, and invaluement. But it wasn't in all of those when he first started posting about it. So he is looking for a way of identifying bad urls by examining the path portion rather than the domain.... -- Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX www.austinenergy.com
signature.asc
Description: This is a digitally signed message part