On 3/10/2018 11:22 AM, Matus UHLAR - fantomas wrote:
this is apparently not the case of one url redirector (shortener)
points to
another shortener.
I really hope that the DecodeShortURLs only checks fopr redirection at
those
known redirectors (shorteners), not each http->https shortener and only
evaluates redirection between them, ignoring http->https redirects
But also keep in mind that it is NOT rare for the initial shortner found
in a spam... to redirect to a spammer's page (that isn't a URL
shortner), then THAT page then redirects to the spammer's OTHER page
(that isn't a URL shortner)... where the FIRST one is NOT blacklisted
very many places... but the second page (that is often the final
destination)... *is* heavily blacklisted. Often, the first page is
hosted at a legit site that was hacked into by criminal spammers - and
is HARDER for blacklists to list due to their good reputation. Then the
2nd final destination page is just a heavily blacklisted spammer's
throwaway domain. Therefore, there is some value to following the
redirects a little further than what you suggest, and then collecting
all of those host names or domains, checking ALL of them against
URI/domain blacklists. (within reason... after too many redirects, it is
better to just stop and add points to the spam score)
--
Rob McEwen
https://www.invaluement.com
+1 (478) 475-9032
