HXXP browser protocol

Sean Harlow sean at seanharlow.info
Thu Sep 13 16:38:19 UTC 2012

On Sep 13, 2012, at 12:34, Matthew Black wrote:

> Checking if anyone else has heard of this protocol. It seems to be a method of bypassing security filtering software.
> The reason I ask is that we received a security alert with a link hxxp://pastebin.com/###.
> Seems very suspicious and want to know if anyone can shed light. Is this a new phishing/malware methodology?

Using "hxxp" is a common method to prevent auto-linking by various email/IM clients and/or forum software to then require the user to actively copy/paste the URL to get the content.

In the case of a security alert, I could see it being used if the destination is in fact an example of an attack site to prevent someone from inadvertently clicking the link and getting infected.
Sean Harlow
sean at seanharlow.info

More information about the NANOG mailing list