-
tommanCuriously, SackOverflow's Wall of Clownflare lets me in anyway despite the "browser non grata" message
-
tommandunno why
-
tommanit "blinks" for a second, then... it loads the correct page anyway
-
tommangot the browser check crap again from toastytech.com, in fact also got the very same "green arrow spinner" browser check from forum.thinkpads.com!
-
tommanI did captured some network traffic
-
tommanwithout the "wssplashchk" cookie, the request is served by a server which identifies as "openresty/1.27.1.1"
-
tommanThat site sends the browser check crap: a page with a SVG animation, and of course, some obfuscated JS
-
tommanbpa.st/DR5Q example (localization is done server-side)
-
tommanThat JS crap then redirects to some weirdo URL on the same server: toastytech.com/z0f76a1d14fd21a8fb5f…0b54a2be4d49030b349c7&ts=1776656097 in this case
-
tommanThen that 302s you to whatever page you wanted to view, now with your unique wssplashchk cookie set
-
tommanThis is being done at the hosting server level - toastytech.com resolves to 200.69.18.145, and if you go to 200.69.18.145, then you get the exact same challenge crapola
-
tommanUnfortunately searching for "wssplashchk" and "wsidchk" (the only two recognizable strings here) yield nothing useful, just a bunch of noise from... page scanners?
-
tomman(which are also eating the redirect
-
tommanOh, and a bunch of cookie policy pages
-
tommanI'll recheck tomorrow, but I suspect these checks are being dynamically enforced and removed depending on the server load, your IP reputation, your country, the phase of the moon, and the color of your underwear
-
tommanurlscan.io/result/019da8fe-af53-75ae-9396-2d45b9e4ee3f I also tried one of those "page scanners" - the IP is the same at least
-
tommanthis will be a very awkward email to fire up to Nathan...
12 hours ago