[Snort-users] Fwd:

Bjoern Meier bjoern.meier at ...11827...
Tue Jan 29 16:12:54 EST 2013


hi,


2013/1/29 Jeff Jarmoc <jeff at ...14428...>

> Obfuscated redirect to
> hxxp://www.news.com.december.bestdrops.2012.fxsprime<dot>com
>
> That site in turn gives a 302 to pinterest.  Weird that it doesn't seem to
> do anything; maybe it's fingerprinting browsers?
>
> HTTP/1.1 302 Moved Temporarily
> Server: nginx/1.2.6
> Date: Tue, 29 Jan 2013 20:00:11 GMT
> Content-Type: text/html
> Content-Length: 160
> Connection: keep-alive
> Location: hxxp://www.pinterest.com/
> P3P: CP="CAO COR CURa ADMa DEVa OUR IND ONL COM DEM PRE"
>

has changing the UA an effect on this site? Maybe it's hiding something
more-
I often used this to let the server give a 200er only if you have a right
UA. So, no need of hashing passwords or something like that.

Greetings,
Björn
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130129/314e881e/attachment.html>


More information about the Snort-users mailing list