Jump to content

Cookie stuffing question


Recommended Posts

Hi all,

I decided to have a look at some spam links that I have been getting. The initial link gets redirected and has a bunch of stuff added to the header. I'm trying to work out what this cookie value is actually doing.

k=SFMyNTY.g3QAAAAIbQAAAARhdW5xdAAAAAFtAAAABDk5OTNtAAAACndQT2pnck96QVJtAAAAA2hpZG0AAAAkR09VRXNHUXdpekdWSFptRWhFcnZQcVFaV3ZsWE1UV1F2Q1hsbQAAAAJobGQAA25pbG0AAAACcmR0AAAABGQACl9fc3RydWN0X19kABhFbGl4aXIuVGRleC5Sb3RhdGlvbkRhdGFkAA5jbGlja2VkX29mZmVyc3QAAAAAZAAIbGFuZGluZ3NsAAAAAWIAAAZ7amQAC3NlZW5fb2ZmZXJzbAAAAAFiAABPQGptAAAABXN1Yl8xZAADbmlsbQAAAAVzdWJfMmQAA25pbG0AAAAHdHJhY2tlcm0AAAAHbm90cmFja20AAAADdW5xbQAAAAxYbmhyQmRtcmxxc20.XZnyU-49Qn1pYk8vC6TQUzgU17fLo9Xwsbi1f7Y94zQ; uord=7a34e4b715635466bc5f46dbf117ad70


When I Base64 decrypt it looks like a referral tracker, but there are still a bunch of unreadable characters.

Can someone help me make sense of this? There must be some sort of character substitution or extra encoding going on.

(It could be a totally normal click tracker, but I'm sure this spam will be trying to do more than that).


Link to comment
Share on other sites

It will be just normal tracking, they want to know what email address clicked the spam in the same way as legitimate marketing people do.

The encoding could be anything, as long as their software knows how to decode it, they can reverse it to know who you are.


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...