We quickly have created a poc to prevent their webbug of being useful:
https://github.com/TheSchokomilchFoundation/IronFist
IronFist will parse their latest JSON data (by downloading it via a Tor connection if a Tor-socks is available on 127.0.0.1:9050) It then generates a list of all current ip + email combinations, e.g.
https://www.webiron.com/images/misc/2__._40.6.20_/quanhf@_____inamobile.com/... https://www.webiron.com/images/misc/_88.93._44.86/noc@_____omein.nl/webiron-... https://www.webiron.com/images/misc/_48.25_.83._6/abuse@m____kauf.de/webiron... https://www.webiron.com/images/misc/__.24_._8_._65/abuse@___servers.net/webi... https://www.webiron.com/images/misc/__.24_._8_._65/abuse@___rce.com/webiron-... https://www.webiron.com/images/misc/_08.__9._96._29/ipadmin@_____tewelcome.c... https://www.webiron.com/images/misc/6_._64._._4/security@___ic.net/webiron-l... https://www.webiron.com/images/misc/6_._64._._4/antispam@___.hz.zj.cn/webiro... https://www.webiron.com/images/misc/6_._64._._4/anti_spam@____.hz.zj.cn/webi...
Those urls could then be visited via the same Tor connections which would then make the tracker hopefully useless, as 100% of all URLS are visited.
The latter functionality has not yet been included. It might not be prudent to do this after all.
On 27.01.2016 05:10 AM, Nicholas Suan wrote:
Looks like Webiron is spamming again, and this time they're including a web bug in the mail to see if you've opened it:
https://www.webiron.com/images/misc/91.219.236.218/abuse@1d4.us/webiron-logo...
https://www.webiron.com/abuse_feed/abuse@1d4.us _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays