Notifications
Clear all

URL with Wild Cards

2 Posts
2 Users
0 Reactions
593 Views
kastajamah
(@kastajamah)
Posts: 113
Estimable Member
Topic starter
 

Good Afternoon Everyone,

 

I am reviewing an email with an embedded image when the user clicks on it, it is supposed to take them to a website.  The issue I am having is, the URL contains asterisks.

It looks something this:
http://**P14.**C/pelotosyy.php?utm_campaign= and then a series of random letters, numbers, and other random characters.

Anyone seen this before and if so, how did you decode it?

 
Posted : 11/05/2023 9:21 pm
(@athulin)
Posts: 1158
Noble Member
 

I'd start at the other end.  Are '*' legal characters in HTTP URLs or URIs? Are they legal in DNS host names?

If not, is there some kind of encoding issue that makes it seem that they are present?

If not, do they serve some other purpose: is the data you are looking at intended to be modified before it is used?  That is, is "**P14.**C" just a string intended to be replaced by a real authority, or even authority+path before it is used? (That might be a  way from avoiding having a hostile/unwanted host name  present in a static file, and instead doing the nonsensical-to-hostile modification in core, which may be less amenable to detection by antivirus/similar software.

 

 

 
Posted : 14/05/2023 5:16 pm
Share: