[tor-relays] Webiron
Operator AnonymizedDotio1
torrelay at anonymized.io
Sat Jan 30 01:26:50 UTC 2016
What does it change that webiron know or doesn't know if you have seen
those f*cking abuse email?
My exit node IP is listed as having an email sent to abuse at ... and I
never received any email at abuse at ...
I might be missing something but who cares about webiron? I care about
what my ISP thinks and they don't seems to think so highly of them
because it's one of the largest ISP on the webiron list and according to
that new feature of webiron, they never open their email.
On 2016-01-29 2:13 PM, Schokomilch NOC wrote:
> We quickly have created a poc to prevent their webbug of being useful:
>
> https://github.com/TheSchokomilchFoundation/IronFist
>
> IronFist will parse their latest JSON data (by downloading it via a
> Tor connection if a Tor-socks is available on 127.0.0.1:9050)
> It then generates a list of all current ip + email combinations, e.g.
>
> https://www.webiron.com/images/misc/2__._40.6.20_/quanhf@_____inamobile.com/webiron-logo_abuse.png
>
> https://www.webiron.com/images/misc/_88.93._44.86/noc@_____omein.nl/webiron-logo_abuse.png
>
> https://www.webiron.com/images/misc/_48.25_.83._6/abuse@m____kauf.de/webiron-logo_abuse.png
>
> https://www.webiron.com/images/misc/__.24_._8_._65/abuse@___servers.net/webiron-logo_abuse.png
>
> https://www.webiron.com/images/misc/__.24_._8_._65/abuse@___rce.com/webiron-logo_abuse.png
>
> https://www.webiron.com/images/misc/_08.__9._96._29/ipadmin@_____tewelcome.com/webiron-logo_abuse.png
>
> https://www.webiron.com/images/misc/6_._64._._4/security@___ic.net/webiron-logo_abuse.png
>
> https://www.webiron.com/images/misc/6_._64._._4/antispam@___.hz.zj.cn/webiron-logo_abuse.png
>
> https://www.webiron.com/images/misc/6_._64._._4/anti_spam@____.hz.zj.cn/webiron-logo_abuse.png
>
>
> Those urls could then be visited via the same Tor connections which
> would then make the tracker hopefully useless, as 100% of all URLS are
> visited.
>
> The latter functionality has not yet been included. It might not be
> prudent to do this after all.
>
>
> On 27.01.2016 05:10 AM, Nicholas Suan wrote:
>> Looks like Webiron is spamming again, and this time they're including
>> a web bug in the mail to see if you've opened it:
>>
>> https://www.webiron.com/images/misc/91.219.236.218/abuse@1d4.us/webiron-logo_abuse.png
>>
>>
>> https://www.webiron.com/abuse_feed/abuse@1d4.us
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list