Are they just an issue with wefwef or trying to use an exploit

  • tarjeezy@lemmy.ca
    link
    fedilink
    English
    arrow-up
    13
    ·
    1 year ago

    The encoded string contains the URL zelensky dot zip. Zip is one of the newer top-level domains. It itself is not a zip file, but I am not going to visit that site to find out whatever treasures it has to offer…

        • Snipe_AT@lemmy.atay.dev
          link
          fedilink
          arrow-up
          1
          arrow-down
          18
          ·
          1 year ago

          sorry i’m missing it. why this specific TLD? can’t they just use any TLD for this and achieve the same thing? is there something special with .mov?

      • Snipe_AT@lemmy.atay.dev
        link
        fedilink
        arrow-up
        0
        arrow-down
        18
        ·
        edit-2
        1 year ago

        sorry i’m missing it. why this specific TLD? can’t they just use any TLD for this and achieve the same thing? why is this a reason to block it?

          • Snipe_AT@lemmy.atay.dev
            link
            fedilink
            arrow-up
            1
            arrow-down
            18
            ·
            1 year ago

            i think i understand that part but why is this specific event “another reason to block this TLD”? can’t they just use any TLD for this and achieve the same thing? is there another inherit security issue with .zip that doesn’t exist with other domains?

    • 𝙚𝙧𝙧𝙚@feddit.win
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Curl didn’t return anything. They’re likely just using it to log requests since the request path contains the data they need.

    • Gellis12@lemmy.ca
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Not just that, it looks for a navAdmin cookie in your browser and sends that to zelensky(dot)zip/save/<your cookie here> in the form of a GET request.