InBoxRevenge KS Forum

w w w.cnbc.com.provide.for.her.family.by.working.from.home.news.newsmarketnextgenonline3.com. This brilliant designed name is used to link to w w w.workathomedigital.com, a domain that was already suspended on 2012-10-20.

Of course, I agree that the overly long name in the URL is ridiculous; but sometimes absurdity has its advantages. For example, WOT cannot carry a rating for very lengthy "sub-domains". Specious websites that WOT would automatically obtained from PhishTank.com probably go unrecorded. Were some WOT user to adversely rate the domain name newsmarketnextgenonline3.com, sometimes WOT might not report a rating when the entire, extremely long URL is used in the query.

Actually WOT successfully manages to record the URL listed in the OP, but the adverse ratings of the base domain's scorecard did not influence the ratings for it. I'll fix that.

Never crossed my mind. But the reason you gave makes sense. Cliking at the WoT scorecard from high to short, you do see that the ratings are not consistent. Wonder why for.her.family.by.working.from.home.news.newsmarketnextgenonline3.com got less rated than provide.for.her.family.by.working.from.home.news.newsmarketnextgenonline3.com and her.family.by.working.from.home.news.newsmarketnextgenonline3.com one up and one down? This seems to suggest that all these nonsensical in-between sub-domains where actually used in spams, or doesn't it?

Boonsiri: it's a wildcard domain yes?

You can put whatever you want as subdomains, e.g.:

http://these.idiots.are.vastly.unskille ... nline3.com

WOT ratings are meaningless unless they focus on just the main domain:

newsmarketnextgenonline3.com

I'm sure you know this but why is WOT providing ratings based on what are arguably completely randomized subdomains?!

SiL

WOT picks up the reports from its "trusted sources" like PhishTank.com and assigns the reported URLs adverse ratings. WOT will also generate ratings on-the-fly for search queries, based upon a rating already in its database that is three levels (or less) "up" or "down" from the URL in the query.

PhishTank, based upon its own sources like clean-mx.de and a PayPal security team, may report scores of scam, one-shot, randomized URLs having the same base domain, as discovered in honeypots and other submitted email specimens. These reports typically find their way to the WOT database. Unlike PhishTank, other WOT trusted sources such as SURBL only report the base domain name.

Although they are not picked up by WOT, PhishTank additionally reports scores of URLs which are identical except for randomized search-strings (that part after the question-mark in the URLs).


Here is an example:
PhishTank incident report
http://www.phishtank.com/phish_detail.php?phish_id=1679595

WOT scorecard based upon PhishTank
http://www.mywot.com/en/scorecard/center-paypal-resolution-com.cgi-bin.dispatch98az7a98zd4a89z7a98z4d9.a98zd4a89z7a98z498zd48az7a98zd.grupomisako.com

WOT scorecard based upon SURBL
http://www.mywot.com/en/scorecard/grupomisako.com

WOT scorecard "in between" PhishTank and SIRBL input and generated on-the-fly
http://www.mywot.com/en/scorecard/dispatch98az7a98zd4a89z7a98z4d9.a98zd4a89z7a98z498zd48az7a98zd.grupomisako.com

Note that the confidence levels (represented by the row of silhouettes to the left of each rating) are lower for the "in between" case. To complicate matters, WOT users often submit their own ratings based upon what they have seen in the PhishTank and SURBL databases.


Anyhow, another reason for absurdly long scam URLs is to overflow a web browser's Navigation bar, so that the true base domain name is not visible.