Ridiculous long spam-domain name.

Did you receive an insanely stupid spam message? Or yet another spam message with (!!) no URL? Post it here so we can continue to laugh at mentally-challenged spammers.

Ridiculous long spam-domain name.

Postby Boonsiri » Thu Dec 27, 2012 10:12 am

w w w.cnbc.com.provide.for.her.family.by.working.from.home.news.newsmarketnextgenonline3.com. This brilliant designed name is used to link to w w w.workathomedigital.com, a domain that was already suspended on 2012-10-20.
User avatar
Boonsiri
Spam Investigator
 
Posts: 299
Joined: Fri Jan 23, 2009 12:28 pm

Re: Ridiculous long spam-domain name.

Postby NotBuyingIt » Thu Dec 27, 2012 7:31 pm

Of course, I agree that the overly long name in the URL is ridiculous; but sometimes absurdity has its advantages. For example, WOT cannot carry a rating for very lengthy "sub-domains". Specious websites that WOT would automatically obtained from PhishTank.com probably go unrecorded. Were some WOT user to adversely rate the domain name newsmarketnextgenonline3.com, sometimes WOT might not report a rating when the entire, extremely long URL is used in the query.

Actually WOT successfully manages to record the URL listed in the OP, but the adverse ratings of the base domain's scorecard did not influence the ratings for it. I'll fix that.
NotBuyingIt
Spammer Killing Machine
 
Posts: 612
Joined: Sun Jun 13, 2010 5:22 pm

Re: Ridiculous long spam-domain name.

Postby Boonsiri » Fri Dec 28, 2012 7:02 am

NotBuyingIt wrote:...sometimes WOT might not report a rating when the entire, extremely long URL is used in the query....
Never crossed my mind. But the reason you gave makes sense. Cliking at the WoT scorecard from high to short, you do see that the ratings are not consistent. Wonder why for.her.family.by.working.from.home.news.newsmarketnextgenonline3.com got less rated than provide.for.her.family.by.working.from.home.news.newsmarketnextgenonline3.com and her.family.by.working.from.home.news.newsmarketnextgenonline3.com one up and one down? This seems to suggest that all these nonsensical in-between sub-domains where actually used in spams, or doesn't it?
User avatar
Boonsiri
Spam Investigator
 
Posts: 299
Joined: Fri Jan 23, 2009 12:28 pm

Re: Ridiculous long spam-domain name.

Postby spamislame » Mon Dec 31, 2012 7:26 pm

Boonsiri: it's a wildcard domain yes?

You can put whatever you want as subdomains, e.g.:

http://these.idiots.are.vastly.unskille ... nline3.com

WOT ratings are meaningless unless they focus on just the main domain:

newsmarketnextgenonline3.com

I'm sure you know this but why is WOT providing ratings based on what are arguably completely randomized subdomains?!

SiL
User avatar
spamislame
Site Admin
 
Posts: 5058
Joined: Tue May 09, 2006 9:18 am

Re: Ridiculous long spam-domain name.

Postby NotBuyingIt » Mon Dec 31, 2012 7:56 pm

WOT picks up the reports from its "trusted sources" like PhishTank.com and assigns the reported URLs adverse ratings. WOT will also generate ratings on-the-fly for search queries, based upon a rating already in its database that is three levels (or less) "up" or "down" from the URL in the query.

PhishTank, based upon its own sources like clean-mx.de and a PayPal security team, may report scores of scam, one-shot, randomized URLs having the same base domain, as discovered in honeypots and other submitted email specimens. These reports typically find their way to the WOT database. Unlike PhishTank, other WOT trusted sources such as SURBL only report the base domain name.

Although they are not picked up by WOT, PhishTank additionally reports scores of URLs which are identical except for randomized search-strings (that part after the question-mark in the URLs).


Here is an example:
PhishTank incident report
http://www.phishtank.com/phish_detail.php?phish_id=1679595

WOT scorecard based upon PhishTank
http://www.mywot.com/en/scorecard/center-paypal-resolution-com.cgi-bin.dispatch98az7a98zd4a89z7a98z4d9.a98zd4a89z7a98z498zd48az7a98zd.grupomisako.com

WOT scorecard based upon SURBL
http://www.mywot.com/en/scorecard/grupomisako.com

WOT scorecard "in between" PhishTank and SIRBL input and generated on-the-fly
http://www.mywot.com/en/scorecard/dispatch98az7a98zd4a89z7a98z4d9.a98zd4a89z7a98z498zd48az7a98zd.grupomisako.com

Note that the confidence levels (represented by the row of silhouettes to the left of each rating) are lower for the "in between" case. To complicate matters, WOT users often submit their own ratings based upon what they have seen in the PhishTank and SURBL databases.


Anyhow, another reason for absurdly long scam URLs is to overflow a web browser's Navigation bar, so that the true base domain name is not visible.
NotBuyingIt
Spammer Killing Machine
 
Posts: 612
Joined: Sun Jun 13, 2010 5:22 pm


Return to Sloppy, Lazy and Stupid Spammers

Who is online

Users browsing this forum: No registered users and 1 guest