2009 Sep 30, 4:07The hashing part makes sense, but not the 'why no URL query' bit: "But because victim=12345 has already been visited they satisfy condition 2 and they get the 404 page fooling them into
thinking the site has already been taken down. So query strings don't really work." You could implement the same thing in the path and even were that not the case there's no telling that
removing the query would get you the same page. What's described here is a general method to circumvent the AP filter not an explaination as to why it avoids the query portion of the URL.
phishing technical web browser http url hash