W
WSW
Please note the IP address is probably spoofed because I am getting these
from various sites and they all have different IP's.
Is this a worm or what? I've seen this happen on more than one site on the
same server.
There isn't even a form on the site like that with those fields, but the
form definately went through the server according to the headers.. I've been
seeing them from various sites as well. The headers indicate that it was
send through the web server though.
Received: from nt1 [216.23.168.145] by mail.websiteworld.com
(SMTPD32-8.04) id A6E442021A; Mon, 01 Dec 2003 06:32:52 -0500
Date: 01 Dec 2003 06:32:52 -0500
From: <[email protected]>
To: <[email protected]>
Content-Transfer-Encoding: 8bit
Content-Type: Text/plain; charset=windows-1252
Subject: Feedback From Website World
MIME-Version: 1.0
Reply-to: [email protected] To: [email protected] From: [email protected] Subject:
(FACF0618,Email)fzp 9 Do1soVQ7U2iGDg .
Message-Id: <200312010632718.SM01308@nt1>
X-RCPT-TO: <[email protected]>
Status: U
X-UIDL: 367770777
****************************************************************************
***
Category:
Name: [email protected]
To: [email protected]
From: [email protected]
Subject: YvKET2ma(FACF0618,Name)AW
ny2MQqMD9cRQELJ
..
Company: [email protected]
To: [email protected]
From: [email protected]
Subject: HPlLid(FACF0618,Company)N3r
WFcGL93TKeY43cI PfvgpV9
..
Telephone: [email protected]
To: [email protected]
From: [email protected]
Subject: (FACF0618,Telephone)Lrx4n
ZSW7nfoVC JJW2Mita
..
FAX: [email protected]
To: [email protected]
From: [email protected]
Subject: zp9Kk(FACF0618,FAX)
mW69855RtE7Q1o0 9KRK7gHq Wk0uDx
..
Email: [email protected]
To: [email protected]
From: [email protected]
Subject: (FACF0618,Email)fzp 9
Do1soVQ7U2iGDg
..
Remote Name: 194.14.129.130
HTTP User Agent:
Date: 12/01/2003
Comments:
body
from various sites and they all have different IP's.
Is this a worm or what? I've seen this happen on more than one site on the
same server.
There isn't even a form on the site like that with those fields, but the
form definately went through the server according to the headers.. I've been
seeing them from various sites as well. The headers indicate that it was
send through the web server though.
Received: from nt1 [216.23.168.145] by mail.websiteworld.com
(SMTPD32-8.04) id A6E442021A; Mon, 01 Dec 2003 06:32:52 -0500
Date: 01 Dec 2003 06:32:52 -0500
From: <[email protected]>
To: <[email protected]>
Content-Transfer-Encoding: 8bit
Content-Type: Text/plain; charset=windows-1252
Subject: Feedback From Website World
MIME-Version: 1.0
Reply-to: [email protected] To: [email protected] From: [email protected] Subject:
(FACF0618,Email)fzp 9 Do1soVQ7U2iGDg .
Message-Id: <200312010632718.SM01308@nt1>
X-RCPT-TO: <[email protected]>
Status: U
X-UIDL: 367770777
****************************************************************************
***
Category:
Name: [email protected]
To: [email protected]
From: [email protected]
Subject: YvKET2ma(FACF0618,Name)AW
ny2MQqMD9cRQELJ
..
Company: [email protected]
To: [email protected]
From: [email protected]
Subject: HPlLid(FACF0618,Company)N3r
WFcGL93TKeY43cI PfvgpV9
..
Telephone: [email protected]
To: [email protected]
From: [email protected]
Subject: (FACF0618,Telephone)Lrx4n
ZSW7nfoVC JJW2Mita
..
FAX: [email protected]
To: [email protected]
From: [email protected]
Subject: zp9Kk(FACF0618,FAX)
mW69855RtE7Q1o0 9KRK7gHq Wk0uDx
..
Email: [email protected]
To: [email protected]
From: [email protected]
Subject: (FACF0618,Email)fzp 9
Do1soVQ7U2iGDg
..
Remote Name: 194.14.129.130
HTTP User Agent:
Date: 12/01/2003
Comments:
body