enquire Posted December 8, 2019 Share Posted December 8, 2019 Hi all, I decided to have a look at some spam links that I have been getting. The initial link gets redirected and has a bunch of stuff added to the header. I'm trying to work out what this cookie value is actually doing. k=SFMyNTY.g3QAAAAIbQAAAARhdW5xdAAAAAFtAAAABDk5OTNtAAAACndQT2pnck96QVJtAAAAA2hpZG0AAAAkR09VRXNHUXdpekdWSFptRWhFcnZQcVFaV3ZsWE1UV1F2Q1hsbQAAAAJobGQAA25pbG0AAAACcmR0AAAABGQACl9fc3RydWN0X19kABhFbGl4aXIuVGRleC5Sb3RhdGlvbkRhdGFkAA5jbGlja2VkX29mZmVyc3QAAAAAZAAIbGFuZGluZ3NsAAAAAWIAAAZ7amQAC3NlZW5fb2ZmZXJzbAAAAAFiAABPQGptAAAABXN1Yl8xZAADbmlsbQAAAAVzdWJfMmQAA25pbG0AAAAHdHJhY2tlcm0AAAAHbm90cmFja20AAAADdW5xbQAAAAxYbmhyQmRtcmxxc20.XZnyU-49Qn1pYk8vC6TQUzgU17fLo9Xwsbi1f7Y94zQ; uord=7a34e4b715635466bc5f46dbf117ad70 When I Base64 decrypt it looks like a referral tracker, but there are still a bunch of unreadable characters. Can someone help me make sense of this? There must be some sort of character substitution or extra encoding going on. (It could be a totally normal click tracker, but I'm sure this spam will be trying to do more than that). Link to comment Share on other sites More sharing options...
digininja Posted December 8, 2019 Share Posted December 8, 2019 It will be just normal tracking, they want to know what email address clicked the spam in the same way as legitimate marketing people do. The encoding could be anything, as long as their software knows how to decode it, they can reverse it to know who you are. Link to comment Share on other sites More sharing options...
enquire Posted December 8, 2019 Author Share Posted December 8, 2019 Thanks digininja. I'd really like to find out how the tracking mechanism actually works and what information they are capturing. I know on an academic level what they do, but that's not quite the same as seeing the actual code. Link to comment Share on other sites More sharing options...
digininja Posted December 9, 2019 Share Posted December 9, 2019 As they've sent the link to you, it may be nothing more than an ID to your record in their database. A static link doesn't have any input from you so you wouldn't be adding anything extra to it. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.