Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- I Hate Stock Spamz
March 11, 2008, 12:45 am
rate this thread
"GET / "HTTP/1.1" http://readrun.com/item.php?group_ID =<###>&id=<###>" ...
These look like simple proxy tests. However, readrun.com resolves to a few
dozen European and Chinese addresses (probably zombies) and the
registration is through paycenter.com.cn with a fake address and phone
number in the US.
The name servers are ns0.iwantfreshmeet.com and ns0.yayathergood.com both
resolving to zombie addresses in the U.S. Put this all together and it
spells RBN. The "proxy tester" is probably a malicious web site.
In case one of your customers has a vulnerable web site, you may want to
make sure your DNS server resolves readrun.com to 127.0.0.1 .