Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Unusual packets hitting server - Page 2
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Unusual packets hitting server

2»

Comments

  • SCDanielSCDaniel Member

    @KwiceroLTD said:
    I've been puzzeled with this for a day now, a ton of unusual packets hitting the server, all coming from public proxies (I googled a few ips), and TOR.

    Just confirming KwiceroLTD, you've got a StatusCake IP in the list of suspicious IPs there (it has our User Agent also). Are you using StatusCake? If not PM me your URL and I'll have your site removed from our system!

  • KwiceroLTDKwiceroLTD Member

    @SCDaniel said:
    Just confirming KwiceroLTD, you've got a StatusCake IP in the list of suspicious IPs there (it has our User Agent also). Are you using StatusCake? If not PM me your URL and I'll have your site removed from our system!

    We do, might have gotten mixed up by accident.

  • BlazeMuisBlazeMuis Member

    Seems like they keep attacking the old IP... What a dumbass xD

    Thanked by 1KwiceroLTD
  • KwiceroLTDKwiceroLTD Member

    @joodle said:
    Seems like they keep attacking the old IP... What a dumbass xD

    Yep, lol. Layer 4 attacks never my issue, only layer 7 attacks here which become a pain, OVH doesn't filter them iirc.

  • KwiceroLTDKwiceroLTD Member

    @joodle said:
    I keep seeing this now.. Nothing is currently hosted on my domain (joodle.nl @ OVH)

    > 212.250.202.217|Sat 28 Mar 2015 22:02:39 +0100|200|180||GET /KS2008R2.gz HTTP/1.1|Connection: keep-alive|Content-Type: application/x-www-form-urlencoded|Accept-Encoding: gzip, deflate|Host: joodle.nl|Max-Forwards: 10|User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5|X-Original-URL: /KS2008R2.gz|X-Forwarded-For: 199.115.228.98:60341|X-ARR-LOG-ID: 0acc9adc-46ad-4c9b-8403-73cded296a92|Content-Length: 8
> 212.250.202.217|Sat 28 Mar 2015 22:02:40 +0100|200|180||GET /KS2012R2.gz HTTP/1.1|Connection: keep-alive|Content-Type: application/x-www-form-urlencoded|Accept-Encoding: gzip, deflate|Host: joodle.nl|Max-Forwards: 10|User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5|X-Original-URL: /KS2012R2.gz|X-Forwarded-For: 199.115.228.98:47004|X-ARR-LOG-ID: 98d3e5b7-b662-493b-8825-9a7dc9cf3467|Content-Length: 8
> 212.250.202.217|Sat 28 Mar 2015 22:02:45 +0100|200|180||GET /KS2012R2.gz HTTP/1.1|Connection: keep-alive|Content-Type: application/x-www-form-urlencoded|Accept-Encoding: gzip, deflate|Host: joodle.nl|Max-Forwards: 10|User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1|X-Original-URL: /KS2012R2.gz|X-Forwarded-For: 199.115.228.98:36140|X-ARR-LOG-ID: 06a8a937-5977-425c-ae9a-6a63df526d8f|Content-Length: 8
> 212.250.202.217|Sat 28 Mar 2015 22:02:47 +0100|200|180||GET /KS2008R2.gz HTTP/1.1|Connection: keep-alive|Content-Type: application/x-www-form-urlencoded|Accept-Encoding: gzip, deflate|Host: joodle.nl|Max-Forwards: 10|User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5|X-Original-URL: /KS2008R2.gz|X-Forwarded-For: 199.115.228.98:46310|X-ARR-LOG-ID: 6c227663-bd28-4daf-ac52-413d2dbd0f80|Content-Length: 8
> 212.250.202.217|Sat 28 Mar 2015 22:02:52 +0100|200|157||GET /KS2008R2.gz HTTP/1.1|Connection: keep-alive|Content-Type: application/x-www-form-urlencoded|Accept-Encoding: gzip, deflate|Host: joodle.nl|Max-Forwards: 10|User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5|X-Original-URL: /KS2008R2.gz|X-Forwarded-For: 199.115.228.98:55190|X-ARR-LOG-ID: c04d32aa-37ab-478b-8972-4c6775207d96|Content-Length: 8
> 212.250.202.217|Sat 28 Mar 2015 22:02:57 +0100|200|180||GET /KS2008R2.gz HTTP/1.1|Connection: keep-alive|Content-Type: application/x-www-form-urlencoded|Accept-Encoding: gzip, deflate|Host: joodle.nl|Max-Forwards: 10|User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5|X-Original-URL: /KS2008R2.gz|X-Forwarded-For: 199.115.228.98:51685|X-ARR-LOG-ID: b969eb23-64e0-4a17-976b-6878a2740609|Content-Length: 8
> 212.250.202.217|Sat 28 Mar 2015 22:03:10 +0100|200|157||GET /KS2012R2.gz HTTP/1.1|Connection: keep-alive|Content-Type: application/x-www-form-urlencoded|Accept-Encoding: gzip, deflate|Host: joodle.nl|Max-Forwards: 10|User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1|X-Original-URL: /KS2012R2.gz|X-Forwarded-For: 199.115.228.98:44673|X-ARR-LOG-ID: a0efb399-7de0-46bf-82ab-6edb66b79f26|Content-Length: 8
> 212.250.202.217|Sat 28 Mar 2015 22:03:35 +0100|200|180||GET /KS2008R2.gz HTTP/1.1|Connection: keep-alive|Content-Type: application/x-www-form-urlencoded|Accept-Encoding: gzip, deflate|Host: joodle.nl|Max-Forwards: 10|User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)|X-Original-URL: /KS2008R2.gz|X-Forwarded-For: 199.115.231.162:34198|X-ARR-LOG-ID: fa1c9ad8-ff8b-4c88-b740-89933352b3e6|Content-Length: 8
>

    Same IP over and over again.. And no, that file is not on the main domain he's accessing. (should be ktd.joodle.nl..)

    Not surprised.... X-FORWARDED-FOR....
    199.115.228.98
    Volumedrive.

Sign In or Register to comment.