I'm running a nodejs server with the express framework. I'm using Keymetrics.io to keep track of my app's status.
I have been keeping track of 500 and 404 errors and sending them to Keymetrics and the 404 errors show something strange I have not seen before, I hope someone can clear up what this exactly is.
Basically I keep getting these URL post requests every 2-3 minutes:
- /V9vc4AAAA/JU70M/cUPBuAAA/
- /QLId/1Mv30AAAA/lPVraBAAA/
- /V9vc4AAAA/JU70M/cUPBuAAA/
- /85V/xCAA/LamkyCA/3lMmCAAAAAA/
- /BXiuX/AuNt/B/bjX/
- /3GUYKAAAAAA/8xjakDAA/LnBQqDA/
- /85V/xCAA/LamkyCA/3lMmCAAAAAA/
- /Cbeo8A/DsZuoAA/BF3Zj/
- /3GUYKAAAAAA/8xjakDAA/LnBQqDA/
- /QLId/1Mv30AAAA/lPVraBAAA/
Obviously my server points them to a 404 page but does anyone know what this is? is it a bot? do I need to be aware of some vulnerability?
Some header examples of the requests
{ accept: '*/*',
'user-agent': 'Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)',
host: '109.235.76.136:8080',
'content-length': '701',
connection: 'Keep-Alive',
'cache-control': 'no-cache',
cookie: 'vacwatch=s%3Am_Rj28ASGR2gLNOoZT385QxXJTaPuGAp.7g89Wz41URpTiJSxQ8R8UaQgMRPUl94NNjruqluZR40' }
{ accept: '*/*',
'user-agent': 'Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)',
host: '109.235.76.136:8080',
'content-length': '677',
connection: 'Keep-Alive',
'cache-control': 'no-cache',
cookie: 'vacwatch=s%3AfdU50VdWoHd3jSmbbGKt4IXUTWvauxa4.OpRmN39XUis7sDkJrRtn83Uw%2FSo5VyJ1fZRcXT7HWH8' }
edit: The requests come from multiple different IP's