And some attackers use UPX as a compressor of malware to bypass detection*:
-http://%s?o??:%d/Mo?.m+-O
-http://upx.sf.net *
GET /-Mo?.m+-O HTTP/1.0
Host: -%s?o??:%d
User-Agent: Malzilla original browser
Referer: -http://%s?o??:%d/Mo?.m+-O
Accept-Encoding: gzip
Normally one should get a 400 Bad Request,
polonus