Why http://127.0.0.3/res.php referring users?

Hello community,

I am very new user on website/web security. Recently I have noticed I am receiving traffic that referring url is http://127.0.0.3/res.php?key=0x5118873580bbfa7d9aaacf610cba86864b95b376&action=get&id=2780371.
Here, key is fixed but id is always changing. Also the bytes size is over 32000.

It would be very helpful if any expert explain what is it and if it is some kind of malicious please let me know how i will write firewall rules for stop it. Note, I am using google recaptcha.

Thank you.

Google has a few links for that URL, but it’s not clear what it is. Could be something about 2captcha, could be also someone trying to trick your server into sending a request to itself.

As for blocking, the following firewall rule should do the trick

(http.referer contains "127.0.0.3/res.php")

Though if you do not expect any 127.0.0 strings in your referrers, you could also go for

(http.referer contains "127.0.0")

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.