Cookie stuffing question

[enquire]

Hi all,

I decided to have a look at some spam links that I have been getting. The initial link gets redirected and has a bunch of stuff added to the header. I'm trying to work out what this cookie value is actually doing.

k=SFMyNTY.g3QAAAAIbQAAAARhdW5xdAAAAAFtAAAABDk5OTNtAAAACndQT2pnck96QVJtAAAAA2hpZG0AAAAkR09VRXNHUXdpekdWSFptRWhFcnZQcVFaV3ZsWE1UV1F2Q1hsbQAAAAJobGQAA25pbG0AAAACcmR0AAAABGQACl9fc3RydWN0X19kABhFbGl4aXIuVGRleC5Sb3RhdGlvbkRhdGFkAA5jbGlja2VkX29mZmVyc3QAAAAAZAAIbGFuZGluZ3NsAAAAAWIAAAZ7amQAC3NlZW5fb2ZmZXJzbAAAAAFiAABPQGptAAAABXN1Yl8xZAADbmlsbQAAAAVzdWJfMmQAA25pbG0AAAAHdHJhY2tlcm0AAAAHbm90cmFja20AAAADdW5xbQAAAAxYbmhyQmRtcmxxc20.XZnyU-49Qn1pYk8vC6TQUzgU17fLo9Xwsbi1f7Y94zQ; uord=7a34e4b715635466bc5f46dbf117ad70

 

When I Base64 decrypt it looks like a referral tracker, but there are still a bunch of unreadable characters.

Can someone help me make sense of this? There must be some sort of character substitution or extra encoding going on.

(It could be a totally normal click tracker, but I'm sure this spam will be trying to do more than that).

 

[digininja]

It will be just normal tracking, they want to know what email address clicked the spam in the same way as legitimate marketing people do.

The encoding could be anything, as long as their software knows how to decode it, they can reverse it to know who you are.

 

[enquire]

Thanks digininja. I'd really like to find out how the tracking mechanism actually works and what information they are capturing. I know on an academic level what they do, but that's not quite the same as seeing the actual code.

[digininja]

As they've sent the link to you, it may be nothing more than an ID to your record in their database. A static link doesn't have any input from you so you wouldn't be adding anything extra to it.