Trying to understand HTTP request containing base64 encoded part and email address
I have public webserver serving static html pages and when analyzing error logs I found type of attempted GET that I don't understand.
They are formed like this and fail because request is too long:
/data=04|01|firstname.lastname@example.com|c2453b5a486d424d3cb508da0364a970|7c14dfa4c0fc47259f0476a443deb095|0|0|637826028838084502|Unknown|TWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0=|1000&sdata=ZZ1oSGmGhS5
I found out that part starting with TWFpbGZsb3... is base64 encoded and decodes to Mailflow|{"V":"0.0.0000","P":"Win32","AN":"Mail","WT":2}.
These requests come from ips belonging to Azure datacenter.
Searching internet for this string shows several pages with nearly same or similar queries. What I find interesting is the part firstname.lastname@example.com. It is actually work email address of real person living in my country. But different name and organisation in each query. Persons or their organisations are not connected to my website in any way.
My webserver has no route starting with /data or anything else similar to to these queries. Email addresses of actual people caught my attention. Otherwise I would have considered these only as noise in the logs.
What might be meaning of these requests and why might they contain email addresses of actual people? Is it maybe an attempt to use exploit against some specific application?
