[SpamCop-List] Re: SC still can't parse these links, needs updated
MikeE at ster.invalid
Sat Jul 2 16:55:06 EDT 2005
Bob Itguy wrote:
The gig there is a graphic that shows a pharm promo and a link which is
'broken' with a space so SC can't deobfuscate.
The browser or a GET function will convert that to
which does a frame thing to get to
which is where the payload is.
SC can parse it if there isn't a dot space dot, and determine the IP as
184.108.40.206 which is .cn - CNC Guangxi which is spamhaused for the
ROKSO Leo Kuvayev / BadCow. -- which spamhause refers to as 'bulletproof
Maybe you wish SC could do the notify, but you actually aren't missing
much or anything by it failing the deobfuscation step. The notify would
be falling on deaf ears. The only benefit there would have been to
deobfuscating it would be to publish the URL on the stats page for
sc-surbl to scrape for its db.
If SC had deobfuscated, its notify for that IP is a devnull
Using postmaster#cnc-noc.net at devnull.spamcop.net for statistical
kibitzer, not SC admin
More information about the SpamCop-List