On Fri, 2009-09-11 at 14:37 +0200, Matus UHLAR - fantomas wrote:
> On 10.09.09 18:28, MySQL Student wrote:
> > I've seen this pattern in spam quite a bit lately:
> > 
> > href="http://EXAMPLE.com/jazert/html/?39.6d.3d.31.66.67.6b.79.77.63.77.63.65.6e.74.69.6e.6e.69
> > .61.6c.5f.68.31.33.33.2e.6f.39.39.41.4d.2e.30.30.45.33.39.2e.30.32.30.61.64.6b.37.61.76.61.67.63.31.66.
> > 62.2e.6a.61.7a.65.72.74.2e.68.74.6d.6c3az8fO"
> 
> what kind of URL/service is this? Isn't it worth to block this at all?

The 'doubleheadedrover' domain currently shows up in Razor(E8),
uribl_black, surbl_jp, and invaluement.

But it wasn't in all of those when he first started posting about it.
So he is looking for a way of identifying bad urls by examining the path
portion rather than the domain....


-- 
Daniel J McDonald, CCIE # 2495, CISSP # 78281, CNX
www.austinenergy.com

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to