<div>
Our site uses <a href="http://www.YourDomain.com" rel="ugc">www.YourDomain.com</a>. I didn't setup the * record. The IPs are all external IPs from various providers. I guess I could block them, but I'm still wondering why this is happening. This is new as of 9/9/15.
</div>


Our site uses www.YourDomain.com [http://www.YourDomain.com]. I didn't setup the * record. The IPs are all external IPs from various providers. I guess I could block them, but I'm still wondering why this is happening. This is new as of 9/9/15.

<div>
I could be a simple hack attempt. &nbsp;There are a few known wpad.dat hacks that exist. &nbsp;It could be an attempt to see if your server is vulnerable.<br />
<br />
Dan
</div>


I could be a simple hack attempt.  There are a few known wpad.dat hacks that exist.  It could be an attempt to see if your server is vulnerable.

Dan

<div>
<div class="content wysiwyg-content">
I have a server running Windows 2003 R2 SP2. This is my production web server. Starting on 9/9, the IIS logs have been filling up with errors about a wpad.dat file. I've scanned the machine for malware/viruses with a few different programs and they all come back clean. I've attached a screen shot of the errors. Any help would be appreciated.<br />
<a href="https://filedb.experts-exchange.com/incoming/2015/09_w39/940242/Screen-Shot-2015-09-23-at-10.53.43-A.png" target="_blank" class="file-inline" title="screen shot of error log (13 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>Screen-Shot-2015-09-23-at-10.53.43-A.png</a>
</div>
</div>


Screen-Shot-2015-09-23-at-10.53.43-A.png

I have a server running Windows 2003 R2 SP2. This is my production web server. Starting on 9/9, the IIS logs have been filling up with errors about a wpad.dat file. I've scanned the machine for malware/viruses with a few different programs and they all come back clean. I've attached a screen shot of the errors. Any help would be appreciated.

WPAD.dat 404 errors flooding IIS logs

IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.

Microsoft IIS Web Server

Anti-virus software was originally developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats. In particular, modern antivirus software can protect from malicious browser helper objects (BHOs), browser hijackers, ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, malicious layered service providers (LSPs), dialers, fraud tools, adware and spyware. Some products also include protection from other computer threats, such as infected and malicious URLs, spam, scam and phishing attacks, online identity theft (privacy), online banking attacks, social engineering techniques, Advanced Persistent Threat (APT), botnets and DDoS attacks.