On 5/2/23 14:34, Abuse Department - Advision via mailop wrote:
> I'm starting to think that this is not a malicious activity but some
> kind of anonymization/url checking action from some Microsoft or anti
> Malware system.
>
> Those are some example of the encoded parameters
>
> [...]
>
> uggcf://jjj.vafgbtebz.dbz/zbeffduv_fey/?uy=vg
> applying rot13 twice give
> https://www.instagram.com/moreschi_srl/?nl=vg
Surely, rot13 was only applied once... :) except for the 'vg' part.
There are many strange things happening on line, and only the originator
can answer as to intent.
We once came across a distant cousin of who you describe here, rot13
applied to HTTP requests.
So, instead of sending:
GET /url HTTP/1.1
they sent us:
TRG /hey UGGC/1.1
This failed, of course, but someone suggested handling the TRG verb, and
wrapping the response in rot13, to see what would happen.
We never did.
Daniel K.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
