Google redirects

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Google redirects

Alex Regan
Hi all,

Are we still considering google redirects more dangerous than useful?

<p class="p1" style="border-style: none;"><span><span class="s2"><font
face="Arial">
<a id="m_-3026591700316280140ct0_1"
href="http://a29842.actonservice.com/acton/ct/29842/s-00cd-1708/Bct/q-0050/l-0035:1388/ct0_1/1?sid=TV2%3Aok73
T3SOd&elqTrackId=731BA3C25E8C727EDA32C1350B460CC5&elq=1dc278553a2445bb88bcc9b73bf4ef85&elqaid=57&elqat=1&elqCampaignId=172"
target="_blank"
data-saferedirecturl="https://www.google.com/url?hl=en&amp;q=http://a29842.actonservice.com/acton/ct/29842/s-00cd-1708/Bct/q-0050/l-0035:1388/ct0_1/1?sid%3DTV2%253Aok73T3SOd&amp;source=gmail&amp;ust=1503490335765000&amp;usg=AFQjCNGJYJXi_nPpi424G2eWZcDO38LiNA"
title="null" data-targettype="webpage">
714-263-3683</a>&nbsp;Office<br></font></span></span><span><span
class="s2"><font face="Arial">

This one for actonservice.com isn't dangerous, but we also see this
frequently abused.
Reply | Threaded
Open this post in threaded view
|

Re: Google redirects

Kevin A. McGrail-5
Hard to say without context but I'm seeing spams using www.google-munge-.com/url?q=<tiny url redirectors> trying to obfuscate things.  Is that what you mean?

--
Kevin A. McGrail
VP Fundraising, Apache Software Foundation
Chair Emeritus Apache SpamAssassin Project

On Fri, Jun 29, 2018 at 11:00 AM, Alex <[hidden email]> wrote:
Hi all,

Are we still considering google redirects more dangerous than useful?

<p class="p1" style="border-style: none;"><span><span class="s2"><font
face="Arial">
<a id="m_-3026591700316280140ct0_1"
href="<a href="http://a29842.actonservice.com/acton/ct/29842/s-00cd-1708/Bct/q-0050/l-0035:1388/ct0_1/1?sid=TV2%3Aok73 T3SOd&amp;elqTrackId=731BA3C25E8C727EDA32C1350B460CC5&amp;elq=1dc278553a2445bb88bcc9b73bf4ef85&amp;elqaid=57&amp;elqat=1&amp;elqCampaignId=172" rel="noreferrer" target="_blank">http://a29842.actonservice.com/acton/ct/29842/s-00cd-1708/Bct/q-0050/l-0035:1388/ct0_1/1?sid=TV2%3Aok73
T3SOd&elqTrackId=731BA3C25E8C727EDA32C1350B460CC5&elq=1dc278553a2445bb88bcc9b73bf4ef85&elqaid=57&elqat=1&elqCampaignId=172"
target="_blank"
data-saferedirecturl="https://www.google.com/url?hl=en&amp;q=http://a29842.actonservice.com/acton/ct/29842/s-00cd-1708/Bct/q-0050/l-0035:1388/ct0_1/1?sid%3DTV2%253Aok73T3SOd&amp;source=gmail&amp;ust=1503490335765000&amp;usg=AFQjCNGJYJXi_nPpi424G2eWZcDO38LiNA"
title="null" data-targettype="webpage">
714-263-3683</a>&nbsp;Office<br></font></span></span><span><span
class="s2"><font face="Arial">

This one for actonservice.com isn't dangerous, but we also see this
frequently abused.

Reply | Threaded
Open this post in threaded view
|

Re: Google redirects

Alex Regan
Hi,

On Fri, Jun 29, 2018 at 11:03 AM, Kevin A. McGrail <[hidden email]> wrote:
> Hard to say without context but I'm seeing spams using
> www.google-munge-.com/url?q=<tiny url redirectors> trying to obfuscate
> things.  Is that what you mean?

Here's an example from a few minutes ago.

Not able to show full message.<br><a
href="https://www.google.com/url?q=https%3A%2F%2Fbit.ly%2F2tCHvqn&sa=D&sntz=1&usg=AFQjCNH6AHsFU36jxICY3RhFTs
OmW7X_wg">Click here</a> to continue!<br><br><br>Yahoo error code: 8uxqr

I have four rules with different methods of google redirects that were
created some time ago. It was so bad at one point that I didn't worry
about false positives, but now should probably include some other
conditional (such as KAM_SHORT or something) before adding points.
Reply | Threaded
Open this post in threaded view
|

Re: Google redirects

Kevin A. McGrail-5
On 6/29/2018 11:33 AM, Alex wrote:
> Hi,
>
> On Fri, Jun 29, 2018 at 11:03 AM, Kevin A. McGrail <[hidden email]> wrote:
>> Hard to say without context but I'm seeing spams using
>> www.google-munge-.com/url?q=<tiny url redirectors> trying to obfuscate
>> things.  Is that what you mean?
> Here's an example from a few minutes ago.

Your example and mine are the same.  I just added a rule called
GOOGLESHORT to KAM.cf a few minutes ago.a

Regards,
KAM