Encrypted URL Values

Discussion in 'other security issues & news' started by SerialSuccess, Jun 8, 2012.

Thread Status:
Not open for further replies.
  1. SerialSuccess

    SerialSuccess Registered Member

    Joined:
    Jun 8, 2012
    Posts:
    2
    Location:
    United States
    I keep getting these URLs in my logs and I am attempting to determine what they mean. It appears to be some form of encryption but I cannot figure out what encryption is being used. Below are some examples - does anybody have any ideas?

    /browse.php?u=wJzJ8QIDl3Xguo1SMl%2Fubz4%3D&b=21
    /browse.php?u=nD%2FEcQpRO1nwnWmX%2Fgni62E%3D&b=21
    /browse.php?u=QyUt7CI4AOcln5ZLOOVjVVU%3D&b=21
    /browse.php?u=jzqAyry28op%2FbJTEF83kR0M%3D&b=21
    /browse.php?u=GuD2noNQkPJqGdQwAq%2FdbIE%3D&b=21
    /browse.php?u=pOIStYzc7J3cOTxdEYjDpW4%3D&b=21
    /browse.php?u=tqZvhskgPHOU3RKBWnjfbWk%3D&b=5
    /browse.php?u=O1S1Er7T6B0RqyfmYdtKrdY%3D&b=5
    /browse.php?u=RnRfOODGEkfEX4f96WkSKZU%3D&b=5
    /browse.php?u=eAwOfTKIUVWtxewPvr%2BMleI%3D&b=5
    /browse.php/Kg2H4A4b/aaoX9YpD/Pc8oTLY_/3D/b29/
    /browse.php/HRK_2Bhc/97hZ55cQ/vsTuLiVK/w_3D/b29/
    /browse.php/vYugv5nV/ttGN9xa8/qBrOClo_/3D/b29/
    /browse.php/qqGqvF8x/xwyITtrZ/B5ztwP8_/3D/b29/
    /browse.php?u=C%2FGj2odqzBSLqTVgtbo5xZ8%3D&b=21
    /browse.php?u=Zq9JsFfZ2lXmRvpdTlGlA0Y%3D&b=21
     
  2. tomazyk

    tomazyk Guest

    In which logs do you get this?

    Can you post the whole URLs or the whole log?
     
  3. SerialSuccess

    SerialSuccess Registered Member

    Joined:
    Jun 8, 2012
    Posts:
    2
    Location:
    United States
    I wrote a custom log program based on IIS in order to capture incoming traffic as I am getting hit with a lot of proxy-related traffic. The URLs I sent you are from different web proxies but they all has the same page name and encrypted strings on the end.

    I went further and I think those encrypted components are URLs - almost as if they are taking URLs from my site, encrypting them and then somehow embedding those URLs into query string values that point back to their sites.

    I had one person tell me that these were Glype proxies but I have no way of confirming that as the main URLs of the web proxies do not provide any information to that end.
     
  4. tomazyk

    tomazyk Guest

    I'm sorry, I can't help you. That's too much for me.

    Hope someone else can give you more information...
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.