[WEB4LIB] Weird URL

HTheyer htheyer at pacbell.net
Fri Oct 6 21:34:29 EDT 2000


This is a common way to bypass filters.  Bury the URL of the filtered site
in other URLs.  It will try the first one, that passes the filter, then try
the others in turn without going through the filter again.  This is a trick
a 14 year old taught me.

Hillary Theyer

----- Original Message -----
From: "Stacy Pober" <spober at manhattan.edu>
To: "Multiple recipients of list" <web4lib at webjunction.org>
Sent: Friday, October 06, 2000 4:49 PM
Subject: [WEB4LIB] Weird URL


> This is a bit off topic, but I was looking at a piece of spam email I
> received and found the most convoluted URL I have ever seen:
>
>
http://ad.doubleclick.net/clk;555195;3452810;i?http://rd.yahoo.com/geohome/g
/*http://00032100360014.com/@www.geocities.com/Heartland/Estates/5554/Phones
/Phone.htm/?http://rd.yahoo.com/M=3D77122.826220.2557699.389576/S=3D2716149:
NP/A=3D359579/?http://www.geocities.com/Heartland/Estates/5554/Phones/Phone.
htm
>
> I couldn't help but be curious so I plugged it into my browser, where it
> tries each domain referenced in the URL in turn.  I get a DNS failure
> at  00032100360014.COM but interestingly enough, that IS a registered
> domain according to my Sam Spade utility (registered to Geoecities).
>
> Okay, many spammers are actually net newbies, so it wouldn't be a great
> shock if the URL was totally malformed, but I have to wonder what is the
> point of the rerouting (trying each domain in turn).  Anyone know?
>
> I know spammers often reroute the mail to hide the true origination
> point, but what's the point of rerouting browsers when you are
> presumably trying to get them to click through to you?
>
> --
> Stacy Pober
> Information Alchemist
> Manhattan College Libraries
> spober at manhattan.edu
> http://www.manhattan.edu/library/



More information about the Web4lib mailing list