[Ur] angelflow

Tue Sep 29 08:11:24 EDT 2020

This is most definitely spam/phishing/browser exploits.  Aside from
the content being utterly ridiculous and unrelated to this list,
curling the bitly link gives back a redirect to (mangled to avoid
accidental clicking)

hxxp://entrancejudgeroll. xyz/KSBQEDYXIP29112/numls/

That domain was registered in July 21 this year; that's older than I'd
expect for spam/phishing, but still suspiciously recent.  Also, the
bare domain with no path gives back a 403, while adding www gives back
a 503.  Both are very unusual on legitimate sites.

Attempting to curl that link gives back a 405 "Method not allowed",
suggesting they're blocking curl.  Setting the user agent to a various
useragents found on the Internet (including Firefox and Chrome on
Windows and OSX, Safari, IE6 and IE11), gave back simply "<pre>".  I
couldn't get anything else via curl.

I suspect that either they're targeting specific vulnerable browsers
that I didn't test, or they're using other headers to determine that
I'm not a real browser and give back something benign.  But there's no
way I'm letting a real browser touch that site, and don't have a handy
throwaway VM to test on.

In short: do not click that link.

On Tue, Sep 29, 2020 at 08:45:06AM +0200, Mark Clements wrote:
> Could someone confirm that this is not spam, please? I realise that angelflow has posted to this list before, but I don't like clicking on random URLs.
> 
> Kindly, Mark.
> 
> On 29/9/20 7:22 am, angelflow wrote:
> ur
> 
> 
> https://bit.ly/344E3af<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbit.ly%2F344E3af&data=02%7C01%7Cmark.clements%40ki.se%7C9bc9e010232f4318d77c08d86437dfb4%7Cbff7eef1cf4b4f32be3da1dda043c05d%7C0%7C0%7C637369538729622785&sdata=A0mJPm1e%2BIgrryqC7bgdK9HDiLl0KPV8B6Jr8wnzrZ8%3D&reserved=0>
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> While both products can send alerts and videos or images to your smartphone after detecting motion, we think wireless security cameras have the advantage when it comes to monitoring the front door. If used in tandem with a regular doorbell and placed strategically, security cameras can give a wider viewing area thus more surveillance power.
> 
> 
> 
> 
> 
> 
> 
> Be on your guard. Because when that other president’s pee tape comes out, some brave soul will have to stare at it to check that it’s real.
> 
> 
> ubhkwxj otosteal octahedric allegorizing
> 
> 
> kvrGoasila scribble conjugating horse-sense
> 
> 
> 
> _______________________________________________
> Ur mailing list
> Ur at impredicative.com<mailto:Ur at impredicative.com>
> https://eur01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.impredicative.com%2Fcgi-bin%2Fmailman%2Flistinfo%2Fur&data=02%7C01%7Cmark.clements%40ki.se%7C9bc9e010232f4318d77c08d86437dfb4%7Cbff7eef1cf4b4f32be3da1dda043c05d%7C0%7C0%7C637369538729652765&sdata=G5yiaVpa1PNbVd06Vb9OA3R9NueXXV6r5NuntN6kW%2Fg%3D&reserved=0
> 
> 
> 
> 
> 
> När du skickar e-post till Karolinska Institutet (KI) innebär detta att KI kommer att behandla dina personuppgifter. Här finns information om hur KI behandlar personuppgifter<https://ki.se/medarbetare/integritetsskyddspolicy>.
> 
> 
> Sending email to Karolinska Institutet (KI) will result in KI processing your personal data. You can read more about KI’s processing of personal data here<https://ki.se/en/staff/data-protection-policy>.

> _______________________________________________
> Ur mailing list
> Ur at impredicative.com
> http://www.impredicative.com/cgi-bin/mailman/listinfo/ur