nanog mailing list archives
Re: HXXP browser protocol
From: Sean Harlow <sean () seanharlow info>
Date: Thu, 13 Sep 2012 12:38:19 -0400
On Sep 13, 2012, at 12:34, Matthew Black wrote:
Checking if anyone else has heard of this protocol. It seems to be a method of bypassing security filtering software. The reason I ask is that we received a security alert with a link hxxp://pastebin.com/###. Seems very suspicious and want to know if anyone can shed light. Is this a new phishing/malware methodology?
Using "hxxp" is a common method to prevent auto-linking by various email/IM clients and/or forum software to then require the user to actively copy/paste the URL to get the content. In the case of a security alert, I could see it being used if the destination is in fact an example of an attack site to prevent someone from inadvertently clicking the link and getting infected. --- Sean Harlow sean () seanharlow info
Current thread:
- HXXP browser protocol Matthew Black (Sep 13)
- Re: HXXP browser protocol Sean Harlow (Sep 13)
- Re: HXXP browser protocol Landon Stewart (Sep 13)
- Re: HXXP browser protocol Sean Harlow (Sep 13)
- Re: HXXP browser protocol Sean Harlow (Sep 13)
- Re: HXXP browser protocol Landon Stewart (Sep 13)
- Re: HXXP browser protocol Ricky Beam (Sep 13)
- Re: HXXP browser protocol Sean Harlow (Sep 13)