[SpamCop.net - protecting the internet through technology]

[SpamCop-List] Blocking a notorius spam-friendly domain with my Hosts file

George Langford, Sc.D. amenex at amenex.com
Tue Apr 19 10:01:24 EDT 2005 

When I look at items on a popular auction site, my Symantec
history log records long URL's that begin like these:

     http://e-2dj6wjkyuoajmlp.stats.esomniture.com/...
     http://e-2dj6wjnyokajchq.stats.esomniture.com/...
     http://e-2dj6wfk4ckczifo.stats.esomniture.com/...
     http://e-2dj6wjkyaod5iho.stats.esomniture.com/...
     http://e-2dj6wjny-1lajsg.stats.esomniture.com/...
     http://e-2dj6wjkoqhajkdp.stats.esomniture.com/...
     http://e-2dj6wjnyclczobp.stats.esomniture.com/...
     http://e-2dj6wjkycndpedq.stats.esomniture.com/...
     http://e-2dj6wjligjcpgbo.stats.esomniture.com/...
     http://e-2dj6wjkoggcjmhp.stats.esomniture.com/...
     http://e-2dj6wjnyspajgaq.stats.esomniture.com/...
     http://e-2dj6wfl4oncpoao.stats.esomniture.com/...

     ... and there are even more ...

If you look up esomniture.com with us.openrbl.org, you will see
why I think that this domain is worthy of being blocked from
access to my (or just about anyone else's) computer.

I have captured dozens of these, where the "e-2dj6wjny-1lajsg,"
portions are all different. In fact, they are ten alphanumeric
characters different.  At 64 different combinations per character,  
that's rather daunting.  I have tried using wild cards, to wit, 
"e-2dj6w??????????," but that has proven ineffective. When I look 
up these domains with us.openrbl.org, I am always given the same 
IP address, the one that corresponds with esomniture.com's nameserver.  
Placing that numeric IP address in my Hosts file has also proven 
ineffective.

My questions are:
1. Is there an algorithm buried in the sourcecodes of the pages
that I am viewing that generates all these 64^10 different names ?
2. Is there another way of blocking these URL's ?
3. Is there a WhoIs that converts the 64^10 domain names into the
255 different IP addy's that the Internet uses to identify servers 
in the esomniture.com system (as in 255.stats.esomniture.com) ?

George Langford

More information about the SpamCop-List mailing list