[Dshield] Odd incoming HTTP Request Traffic

reverse forum at dshield.org
Fri Aug 12 02:22:47 GMT 2005



Hello - I have consistently been seeing some odd http traffic coming through my firewall. Below are three samples of the HTTP Request Header. We are not any of these domains, but yet they are somehow being refered to us. The only thing common with these requests is the "X-Forwarded-For" command. I was thinking of blocking based on the "X-Forwarded-For" command with some regex code, but I'd like to know why we're seeing these. Does anyone know what's going on?

Thanks,
Jason

GET http://www.thebugs.ws/top/in.php?id=1008 HTTP/1.0
Referer: http://www.adrenalinewarez.info
Accept: */*
Accept-Language: en
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 5.02; Windows 98)
X-Forwarded-For: 204.151.10.175
Host: www.thebugs.ws

GET http://www.oday-warez.com/cgi-bin/intellilink/in.cgi?id=1105054720 HTTP/1.0
Referer: http://www.oday-warez.com/cgi-bin/intellilink/in.cgi?id=1105054720
Accept: */*
Accept-Language: en-us
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows ME)
X-Forwarded-For: 205.157.134.226
Host: www.oday-warez.com

GET http://www.warezenergy.com/in.php?id=AdrenalineWarez HTTP/1.0
Referer: http://www.adrenalinewarez.info
Accept: */*
Accept-Language: en-us
Pragma: no-cache
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)
X-Forwarded-For: 209.124.89.156
Host: www.warezenergy.com


This message was sent via the web forum at
http://forum.dshield.org



More information about the list mailing list