[sanesecurity] FP: Sanesecurity.Blurl.195

• From: Jeff Dairiki <dairiki@xxxxxxxxxxx>
• To: sanesecurity@xxxxxxxxxxxxx
• Date: Wed, 7 Aug 2013 10:38:49 -0700

False positive report:

Currently this appears to be listed as Sanesecurity.Blurl.195 (however
the last part of that name seems to change fairly often, I've seen it
listed as Sanesecurity.Blurl.194, .254, and .255).  The pattern
decodes to

  (.|/|@| |<|_)org2.salsalabs.com/dia/track.jsp('|"| |/|=|_|>| | |?|<)

This is the click-tracking URL for salsalabs which (so far as I can tell)
is a legitimate bulk-emailer.  They distribute newsletters for a number
of US non-profits and political groups (at least).

Cheers,
Jeff

• Follow-Ups:
  • [sanesecurity] Re: FP: Sanesecurity.Blurl.195
    • From: Steve Basford

Other related posts:

• » [sanesecurity] FP: Sanesecurity.Blurl.195 - Jeff Dairiki
• » [sanesecurity] Re: FP: Sanesecurity.Blurl.195- Steve Basford

1. Home
2. sanesecurity
3. Archive
4. 08-2013

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---