Encrypted URL Values

Discussion in 'other security issues & news' started by SerialSuccess, Jun 8, 2012.

Thread Status:
Not open for further replies.
  1. SerialSuccess

    SerialSuccess Registered Member

    Joined:
    Jun 8, 2012
    Posts:
    2
    Location:
    United States
    I keep getting these URLs in my logs and I am attempting to determine what they mean. It appears to be some form of encryption but I cannot figure out what encryption is being used. Below are some examples - does anybody have any ideas?

    /browse.php?u=wJzJ8QIDl3Xguo1SMl%2Fubz4%3D&b=21
    /browse.php?u=nD%2FEcQpRO1nwnWmX%2Fgni62E%3D&b=21
    /browse.php?u=QyUt7CI4AOcln5ZLOOVjVVU%3D&b=21
    /browse.php?u=jzqAyry28op%2FbJTEF83kR0M%3D&b=21
    /browse.php?u=GuD2noNQkPJqGdQwAq%2FdbIE%3D&b=21
    /browse.php?u=pOIStYzc7J3cOTxdEYjDpW4%3D&b=21
    /browse.php?u=tqZvhskgPHOU3RKBWnjfbWk%3D&b=5
    /browse.php?u=O1S1Er7T6B0RqyfmYdtKrdY%3D&b=5
    /browse.php?u=RnRfOODGEkfEX4f96WkSKZU%3D&b=5
    /browse.php?u=eAwOfTKIUVWtxewPvr%2BMleI%3D&b=5
    /browse.php/Kg2H4A4b/aaoX9YpD/Pc8oTLY_/3D/b29/
    /browse.php/HRK_2Bhc/97hZ55cQ/vsTuLiVK/w_3D/b29/
    /browse.php/vYugv5nV/ttGN9xa8/qBrOClo_/3D/b29/
    /browse.php/qqGqvF8x/xwyITtrZ/B5ztwP8_/3D/b29/
    /browse.php?u=C%2FGj2odqzBSLqTVgtbo5xZ8%3D&b=21
    /browse.php?u=Zq9JsFfZ2lXmRvpdTlGlA0Y%3D&b=21
     
  2. tomazyk

    tomazyk Guest

    In which logs do you get this?

    Can you post the whole URLs or the whole log?
     
  3. SerialSuccess

    SerialSuccess Registered Member

    Joined:
    Jun 8, 2012
    Posts:
    2
    Location:
    United States
    I wrote a custom log program based on IIS in order to capture incoming traffic as I am getting hit with a lot of proxy-related traffic. The URLs I sent you are from different web proxies but they all has the same page name and encrypted strings on the end.

    I went further and I think those encrypted components are URLs - almost as if they are taking URLs from my site, encrypting them and then somehow embedding those URLs into query string values that point back to their sites.

    I had one person tell me that these were Glype proxies but I have no way of confirming that as the main URLs of the web proxies do not provide any information to that end.
     
  4. tomazyk

    tomazyk Guest

    I'm sorry, I can't help you. That's too much for me.

    Hope someone else can give you more information...
     
Loading...
Thread Status:
Not open for further replies.