[BLOCK] Readrun.com

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
There is an epidemic of the following in apache logs lately:
"GET / "HTTP/1.1" http://readrun.com/item.php?group_ID =<###>&id=<###>" ...

These look like simple proxy tests. However, readrun.com resolves to a few
dozen European and Chinese addresses (probably zombies) and the
registration is through paycenter.com.cn with a fake address and phone
number in the US.

The name servers are ns0.iwantfreshmeet.com and ns0.yayathergood.com both
resolving to zombie addresses in the U.S. Put this all together and it
spells RBN. The "proxy tester" is probably a malicious web  site.

In case one of your customers has a vulnerable web site, you may want to
make sure your DNS server resolves readrun.com to .

Re: [BLOCK] Readrun.com

Quoted text here. Click to load it

Some ISPs do clean up zombies.

John Bokma                                      http://johnbokma.com/

Site Timeline