Re: Bad exit node: freeMe69

To: or-talk@xxxxxxxxxxxxx

Subject: Re: Bad exit node: freeMe69

From: Flamsmark <flamsmark@xxxxxxxxx>

Date: Thu, 20 Aug 2009 18:10:51 -0400

Delivered-to: archiver@xxxxxxxx

Delivered-to: or-talk-outgoing@xxxxxxxx

Delivered-to: or-talk@xxxxxxxx

Delivery-date: Thu, 20 Aug 2009 18:10:56 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=DAB4hUYpyrfG9ZlVTQVa7yNiYVPgzpE5Fe8mzDSSldY=; b=jx0255eFq6gkGALdM/vKcoK2d0RFi6I1lfs3UkX50jNETPeLF3MMAXCTbx6B+bSvO+ YRFgZKiM4EK4egfgphOLnXRoFTkecl7fP3ys+uSPv4638OOmtAa9/eX+AvtL38AVST02 O0sjn+HumCAwHZ/GfrSYfHCUQB6Mk6a8aifm4=

Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=Fh+aIs8yLRHKGi7ikwQen79ZhzkUufNNIgTG7Tjmf9po9rkx+Qh5ySvPBacyJbRCu4 6EIqGVxQhNU3EyANPIVc2LB0limF9Ah1TClKi0BX9ejS98a4Nor3wJR9ZVAWgH1py7MD sI7WGUCtPcVLjEBvC1K9XUpZtp3Q8Ft1/8PSU=

In-reply-to: <5FE0B39E-48A4-4B07-879D-93FFA1C9C6B7@xxxxxxxxx>

References: <4e79549a0908201402n60ef4658y3968e9e66328e618@xxxxxxxxxxxxxx> <5FE0B39E-48A4-4B07-879D-93FFA1C9C6B7@xxxxxxxxx>

Reply-to: or-talk@xxxxxxxxxxxxx

Sender: owner-or-talk@xxxxxxxxxxxxx

On Thu, Aug 20, 2009 at 17:29, Tom Hek <tor@xxxxxxxxx> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Aug 20, 2009, at 23:02 PM, KT wrote:

Exit node freeMe69 [1] is injecting the following snippet to response body:

<script type="text/_javascript_"
src="" href="http://s.tobban.com/solver/cpt.php" target="_blank">http://s.tobban.com/solver/cpt.php"></script>

[1] http://tinyurl.com/mz9d7e

It's actually injected by it's ISP, Comcast. The IP which s.tobban.com resolves to is assigned to Comcast. I don't think the exit node admin can't do anything about it.

Wow, that sort of script injection sounds like something that the FCC might have a problem with.