New malware at work? Fake referrer 11m.php and trying various .asp URLs.
Ric Werme
ric at wermenh.com
Sun Nov 29 13:09:18 EST 2015
My web hit counter reported 56K references to miscellaneous pages.
Lots of references from poneytelecom.eu (and others), mostly to .asp
pages that don't exist, and a referrer string of 11m.php to both my domains
hosted at bizland.com, e.g.
08:22:23 ADMIN/cache.asp 195-154-194-59.rev.poneytelecom.eu:
http://wermenh.com/11m.php
HTTP_resp: 404
HTTP_size: 18
08:22:23 ADMIN/inc/Logout.asp 195-154-194-59.rev.poneytelecom.eu:
http://wermenh.com/11m.php
HTTP_resp: 404
HTTP_size: 18
08:22:24 Admin/IMAGES/check.asp 195-154-194-59.rev.poneytelecom.eu:
http://wermenh.com/11m.php
HTTP_resp: 404
HTTP_size: 18
08:22:24 Admin/Image/Thumb.asp 195-154-194-59.rev.poneytelecom.eu:
http://wermenh.com/11m.php
HTTP_resp: 404
HTTP_size: 18
Nothing jumped out from Google. My guess it's new malware of some sort.
Anyone else seeing this? There's probably no impact on my domains, but if
this load is hitting all the domains all the web hosters host, it could be
annoying to lots of people.
-Ric
--
ric at WermeNH.com http://WermeNH.com/
More information about the gnhlug-discuss
mailing list