What are the compiled regex in rintel? #161
Comments
|
tl;dr; Prevent accidently clicking malware or other malicious links, but still be able to share threat intelligence. Still be able to post contact info such as links or e-mail addresses while trying to stop them from getting picked up by bots and spammed. This has become quite common in the threat intelligence community to obfuscate known malicious links / content to prevent someone from accidently clicking on it. Especially as some exploits will execute just by visiting a page and don't require any user interaction. Also have to watch for today's oh so helpful browsers, email clients, etc automatically detect links (even if they aren't actually hyperlinked) and create the link for you. So instead of writing a blog post about http://badwebsite.com/PageWithMalware.html where someone might accidently click that and infect themselves, you write it like hxxp://badwebsite dot com/PageWithMalware[.]html so you can't accidently click on it. An older reason, more with e-mails and contact info was to try to prevent bots from scraping the websites and gathering details for spamming. So instead of putting youremail@yourdomain.com on the front page of your website, then getting lots of spam. People began various obfuscations that people could see, but might confuse simple bots such as youremail at yourdomain dot com, or youremail[@]yourdomain(.)com. |
From my understanding, these regex are used to detect obfuscated URLs. But I neither know much about URL obfuscation nor I am aware of why such URLs will be used in any typical site.
Can you please share some more knowledge about this?
The text was updated successfully, but these errors were encountered: