![]() ![]() Here is what I would have gotten without my typo: One interesting tidbit, while researching this I fat-fingered a lookup and the DNS server gave me an interesting IP back: We'll post whatever we find in the diary. Also if you have any web/proxy log entries (or even better pcaps of all traffic related to one of these IPs) feel free to send them in. So let us know if you have any theories (or maybe you know exactly whats going on here) See Below for new information. The string "" showed up on a few sites as the top search results so someone or some program is looking for this traffic as well. ![]() The webserver is running lighttpd/1.4.11 ( ) Visiting one of these hinkey URLs always provides the following (well at least in the few I tried): All of the logs I could find show this activity only in the March-April 2006 timeframe so relatively new. All of the hostnames resolve to 61.135.170.153. If you search for the string "" in google you get 3 pages of proxy and web logs showing requests for various URLs that follow the form: Thats about 6800 miles away from the host in China ( 61.135.170.153). So here is an example URL that might show up in your logs: I was able to find plenty of examples on the internet without referencing yours specifically) (Thanks to Jeremy for the report and the offer to share. ![]() Imagine reviewing your webserver or proxy logs and seeing requests for a website completely unrelated to your organization,īut an IP address in your address block appears in the hostname. One of our readers has come across an interesting phenomenon in his proxy logs that we're hoping someone can shed some light on. ![]()
0 Comments
Leave a Reply. |