I'm having the exact opposite problem. I've created several new
addresses that i'm hoping to get clogged up with spam so that I can have
a fluid target to write rules against, but so far... nothing.
craig@dioxidized, where i posted a bunch of ads on craigslist with the
address exposed has not gotten anyhting in 48 hours.
red@dioxidized, where teh same thing was done on reddit, nothing.
posted a few addresses in pastebin in hopes that bots might find them
So, does anyone have any idea how to get a freshly made email address to
get clogged with spam in the shortest amount of time?
Many thanks!
Oh, and just joining the list, glad to see that there's a community here!
Lucas
On 06/06/2014 05:32 PM, Philip Prindeville wrote:
We’re getting a lot of spam that contains URL’s which look like (remove the
####):
http://mab####sut.com/20220362/vuxtxumsrnsst6unlornt3umtfuwznvv~5v0nmro0ysnx_u_usqzxsrwlln_t_t_tomtdyumplnl_ts_tn_ttce/unnt7uqs_mrn_ttdfw3yuw_h_03xo_gl_67_8gw_buutxveumpomte3yuo_tlltcx3yumsrnsstziaumte3umm/lst0x0ut0xut7eunty1um_ttf1umnrt2utezdeuteutyutw2utv3utvaut0u_0czz_xz66_a298zty8ux97xvd/e_o8zetdy97utd3aut09ultcdaumtd3un_unsrrtw3utwv8utweut80utecegutfnutaeut263yutdzeumt9cul_ol
http://ihn####yc.org/20219021/vuv~5xtxumssmqst6um_ulnmt3untfuwznvv0nmro0ysnx_u_usqzxs/rwlln_t_t_tomtdyumplnl_tpsqntceum_tt7uqn_momntdfw3yuv_/h2fz_h_7fwo_48txveum_tqmte3yuo_tlltcx3yumssmqstziaumte/3ummlst0x0ut0xut7eunty1u_ttf1umnrt2utezdeuteutyutw2utv/3utvaut0u_vce2c3e3dty8u7z_ox97tdy97utd3aut09ultcdaumtd/3uoonlm_utw3utwv8utweut80utecegutfnutaeut263yutdzeumt9cul_ol
http://iea####to.com/whos/be2aaf2163fd72c9975ec76b00288831
http://cp.mk-k####bcc.com/b70b761a4447c8c67c6e9038d1de210a97a45dea243016466fa7c1444ab14bb1abc5cc032da9130670fdfc882f064d6860e488e378ca0ded95d2cdf134d434767a3055d838fe41ca19d924b5a65cf04f
http://ifs####pc.com/20220362/vuxtxumsn_tpmt6unlorv~5nt3umtfuwznvv0nmro0ysnx_u_usqzxsrwlln_t_t_to/mtdyumplnl_tllpqtceunmt7uqs_moomtdfw3yuv_h_kkx_1_7f_jn_uetxveuolnt/e3yuo_tlltcx3yu_uprtziaumte3ummlst0x0ut0xut7eunty1uptf1umnrt2utezd/euteutyutw2utv3utvaut0u_h3cz6zdd_38ezc8zety8ujv299_ox97tdy97utd3au/t09ultcdaumtd3uompqmotw3utwv8utweut80utecegutfnutaeut263yutdzeumt9cul_ol
http://nig####gu.com/20220362/vuxtxums_tqq_ut6unlornt3umtfuwznvvv~50nmro0ysnx_u_usqzxsrwlln_t_t_tomtdyumplnlsm_tnntceum/_tt7uqr_mrsotdfw3yuw768_ko_ff_jn_uetxveuompnte3yuo_tlltcx3yuqsrotziaumte3ummlst0x0ut0xut/7eunty1uptf1umnrt2utezdeuteutyutw2utv3utvaut0u_xzce303zy_8fcd381_vdd3dev8e_zyfxve398ty8u/jv299_ox97tdy97utd3aut09ultcdaumtd3uopp_tqqtw3utwv8utweut80utecegutfnutaeut263yutdzeumt9cul_ol
Some observations… The URL’s should be fairly easy to filter against via a
regex. Anyone have some working rules they could share?
The other thing is, the URL is almost always hosted by solarvps.com, in the
CIDR block 65.181.64.0/18.
Is there an easy way to do a domain lookup on the host portion of the URL and
then filter it if it’s in this subnet?
Thanks,
-Philip
