New malware at work? Fake referrer 11m.php and trying various .asp URLs.

Sun Nov 29 13:09:18 EST 2015

My web hit counter reported 56K references to miscellaneous pages.

Lots of references from poneytelecom.eu (and others), mostly to .asp
pages that don't exist, and a referrer string of 11m.php to both my domains
hosted at bizland.com, e.g.

08:22:23  ADMIN/cache.asp   195-154-194-59.rev.poneytelecom.eu:   
    http://wermenh.com/11m.php
         HTTP_resp: 404
         HTTP_size: 18

08:22:23  ADMIN/inc/Logout.asp   195-154-194-59.rev.poneytelecom.eu:   
    http://wermenh.com/11m.php
         HTTP_resp: 404
         HTTP_size: 18

08:22:24  Admin/IMAGES/check.asp   195-154-194-59.rev.poneytelecom.eu:   
    http://wermenh.com/11m.php
         HTTP_resp: 404
         HTTP_size: 18

08:22:24  Admin/Image/Thumb.asp   195-154-194-59.rev.poneytelecom.eu:   
    http://wermenh.com/11m.php
         HTTP_resp: 404
         HTTP_size: 18

Nothing jumped out from Google.  My guess it's new malware of some sort.

Anyone else seeing this?  There's probably no impact on my domains, but if
this load is hitting all the domains all the web hosters host, it could be
annoying to lots of people.

  -Ric

-- 
ric at WermeNH.com                http://WermeNH.com/