Why hxxp

Really, just take a step back for a moment, take a deep breath, and think about that last thought for a minute or or two The fact is, I myself came across a page full of links all starting with "hxxp" myself just yesterday.

This is something that I'd never seen in 30 years of working in IT. Being an IT guy, I found that simply cutting and pasting the information into the browser brought me to the sites just fine, but I was curious and found myself wondering if this was some new protocol or something.

The nature of IT is that you have to stay up on current changes, as I'm sure you're both aware, and it's become second nature to do research for me about things like this when they come up. This forum had one of the better explanations as far as the gist of what was being conveyed goes, at least enough for someone experienced like myself to make sense of As I also work with new people and outside customers extensively and write documentation for these groups for a living, I've developed an ability to see things through a new persons eyes over time.

The documentation that I have written includes training manuals, procedure manuals, orientation documentation, etc. I say this not to boast, but simply for your awareness. So, I write for people who are unfamiliar with various terms and processes, and the purpose and intent of what I write is always with the purpose of providing clarity of whatever I have written about to the extent that the person reading the material can teach themselves and has a high degree of proficiency after reading the material alone without needing any other source of reference.

I really had no desire to enter into your petty little squabble whatsoever, though I was aware of there being a chance that some one or two of you might rear your head and think you'd felt some slight pin prick I intended to keep the post light-hearted and positive, for the benefit of any newbie just searching and coming across the information for the first time, and I had very much hoped that enough time had passed that no one would really be concerned with any prior spat that had gone on and that my providing this additional clarity would not ruffle anyones feathers It's time to let it go, guys If this is still being indexed five years from now, someone coming across it in response to a search will see this as if it was just posted, and it will seem as fresh to him as when the post was only a couple of hours old from his perspective No harm intended Posted 04 May - PM So, having provided this background information for you, I hope you can now see that no, my intent of posting was not to say that anyone was right or wrong, but simply to provide a more clear, concise, and complete explanation for anyone who might happen to be searching for an explanation of this not-so-commonly known method of hiding links from search engines.

The point is that this is not the point The reason we use that here and the only reason I have seen it used elsewhere is to cripple the link without completing obscuring it We are not trying to avoid it being picked up by search engines and don't really care all that much if Google finds it We are simply trying to protect the people that visit here from harm When you preface your comments with: Quite Right, Jack, my man!

It is true that this will have the effect of masking the link and it is true that anyone can still get to the link with very little effort, but that isn't why we do it and the original question was: I know http is almost always used, but what in the world is "hxxp"?

I'm not sure, I googled it and didn't find any safe-looking info to look at We were answering that question That said, I appreciate your desire and effort to make communication clear I have encountered more than enough technological writing that cannot be deciphered without an advanced engineering degree and sometimes even with it Although UBC mail filtering systems have the capability to process and defang URLs, this functionality is not enabled.

Should the decision be made in the future to do automated defanging of URLs, we would communicate this change clearly, in advance, to the UBC community.

Gmail does something similar, but you cannot tell by hovering over URLs in messages. The use of hxxp is a common method used to defang a URL. When composing or receiving an email, email software [Outlook, Gmail, iOS mail, etc] will not automatically turn hxxp URLs into clickable links. We recommend it for mass internal communications to help raise security awareness amongst the UBC community.

We wanted to choose a defanging method that would work everywhere. Before deciding to use hxxp, we did testing with different mail clients to see how we should handle our own URL defanging. It's why many users post that as hxxp. In many cases website owners advice to post malicious url with "hxxp", so that no one can click on that accidentally and visit the url.

Last edited: Aug 16, Anupam said:. Click to expand Dec 4, 2, 11, I've often wondered, somewhat warily, but have not heard either of these answers until now. MalwareFire, do you believe the hxxp most always identifies a malicious site, or as Anupam stated, websites simple restrict links?

Update: I found the following excerpt. Fake Virus Removal Scam Takes Control of Victims' Computers Consumers also have complained to the IC3 about a telephone scam involving a caller who claims to be a tech support employee of a well-known company that develops, manufactures and supports software.

Victims reported calls from someone with an Indian accent who claims that their computers are infected with viruses. Posted 30 July - AM Yes and then what you tell the computer to visit is newurl, not oldurl.

So the "string" that is actually send to your browser is "newurl" not "oldurl" hence hxxp is irrelevant. Avast will never know how you called that thing internally. Posted 30 July - AM When I said "it may not work on all pages", it was met to mean that all pages may not display correctly, but of course, depending on the hacker, etc, they may not be displaying a page, just executing java script, downloading files, etc.

Posted 30 July - AM This is just wrong. Hxxp is not used at any point here except as a string somewhere in the internal processing of the server to which no AV has access to anyways. That's why hxxp is used to disable links. It's not a hacking technique, it's not uesd by hackers and it can not be used to display a page, execute javascript or downlading files.

This brings me back to the previous statement "You can not use hxxp because it's not a valid protocol and no browser or javascript or anything really will know how to use it". Posted 30 July - PM Yes and then what you tell the computer to visit is newurl, not oldurl. Posted 30 July - PM But the security software can not look at the string before it is send to your browser It doesn't matter at all if you dynamically changed it or not. There's no in between, there's no "i send it to the browser and then, mid evaluation I change it because The brwoser and the AV get it at the same time and they get the same thing.

What you're suggesting is that I'm walking down the street and looking for an address and then there's one malicious guy, that wants to show me the wrong way. But he decides to do it dynamically, so he thinks of a malicious address, then before he says it he changes it to the real address so I won't catch on to the wrong addres.

So he tells me the real address and expects me to be fooled because he was thinking of a different address before. It just doesn't work. Back to Am I infected? Reply to quoted posts Clear. Site Changelog. Sign In Use Twitter.