HXXP browser protocol

Sean Harlow sean at seanharlow.info
Thu Sep 13 16:38:19 UTC 2012


On Sep 13, 2012, at 12:34, Matthew Black wrote:

> Checking if anyone else has heard of this protocol. It seems to be a method of bypassing security filtering software.
> 
> The reason I ask is that we received a security alert with a link hxxp://pastebin.com/###.
> 
> Seems very suspicious and want to know if anyone can shed light. Is this a new phishing/malware methodology?


Using "hxxp" is a common method to prevent auto-linking by various email/IM clients and/or forum software to then require the user to actively copy/paste the URL to get the content.

In the case of a security alert, I could see it being used if the destination is in fact an example of an attack site to prevent someone from inadvertently clicking the link and getting infected.
---
Sean Harlow
sean at seanharlow.info



More information about the NANOG mailing list