Strange Log entries

**Euclid** · October 21st, 2002, 11:49 PM

I just pulled this out of my log file any idea what it means. Kindof odd

http://207.68.164.250/cgi-bin/linkrd...tz%2en3t%2enet

I went to http://207.68.164.250 and it is a login for Hotmail, any idea why someone would try a url such as the one above?

***Spyder32*** · October 21st, 2002, 11:54 PM

Unless it is the IP address of the hotmail site, just converted from hotmail.com, it could be someone setting up a fake login to steal your password. I'd watch out, I've seen plenty of these with Hotmail, AOL, and even Credit Card reports.

**Euclid** · October 21st, 2002, 11:56 PM

yea thats what it looks like to me. I just dont understand why they would use a url like that and use my site at the end of it

oh yea, I thought i gave the whole log entry but i didnt

here it is

212.138.47.11 - - [21/Oct/2002:17:51:11 -0500] "GET / HTTP/1.0" 200 745 "http://207.68.164.250/cgi-bin/linkrd?_lang=EN&lah=414a403c1944088c764bcd8a049dc56d&lat=1035236038&hm___action=http%3a%2f%2fersatz%2en3t%2enet" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; YComp 5.0.0.0)"

***Spyder32*** · October 21st, 2002, 11:58 PM

I don't know about the using your site part, but by using that url, they could signup for like .tk and use a hotmaillogin.tk thing to fool people. I'm not sure why their using your site or what exactly it is, but they can definitely use a free re-direction service to make the url look better or more catchy.

**Euclid** · October 22nd, 2002, 12:06 AM

This just in..... Used trusty AO IP locater and got this

cache1-2.ruh.isu.net.sa (212.138.47.11) is located in Riyadh, Ar-riyad (administrative Region), Al-wusta (region), Saudi Arabia.

***ammo*** · October 22nd, 2002, 06:19 AM

Is this a web server log?
They might have been looking for a proxy...

Ammo

Thread: Strange Log entries

Thread Tools

Display

Strange Log entries

Posting Permissions