Fixed Intel
Aggregated IntelVulnerabilities

/proxy/ URL scans with IP addresses, (Mon, Mar 16th)

Attempts to find proxy servers are among the most common scans our honeypots detect. Most of the time, the attacker attempts to use a host header or include the hostname in the URL to trigger the proxy server forwarding the request. In some cases, common URL prefixes like "/proxy/" are used. This...

FIFixed Intel Team||1 min read|4 Views

Aggregated from SANS ISC

This article was automatically aggregated from an external source. Content may be summarized.

Read Original

Full Analysis

Attempts to find proxy servers are among the most common scans our honeypots detect. Most of the time, the attacker attempts to use a host header or include the hostname in the URL to trigger the proxy server forwarding the request. In some cases, common URL prefixes like "/proxy/" are used. This weekend, I noticed a slightly different pattern in our logs:

Source: SANS ISC

Original Source

SANS ISC