strange .ch scan by 195.141.86.145

From: Andreas Wiesmann (lordandrej@swordlord.org)
Date: 05/25/02

Previous message: Christian Vogel: "Re: continues SCAN Proxy attempt"
Next in thread: List-Collector: "RE: strange .ch scan by 195.141.86.145"
Reply: List-Collector: "RE: strange .ch scan by 195.141.86.145"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 25 May 2002 16:36:29 +0200
To: incidents@securityfocus.com
From: Andreas Wiesmann <lordandrej@swordlord.org>

Hi, I just noticed a strange scan in the web logs of all .ch and .li
domains. Friends recognized similar scans. So far I dont know what
the purpose of this scan is... MS collection information?

/www/www.swordlord.ch/access_log:195.141.86.145 - -
[24/May/2002:20:50:05 +0200] "GET
http://www.swordlord.ch/hgfserd.aspx HTTP/1.0" 302 289 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
1.0.3705)"
/www/www.swordlord.ch/access_log:195.141.86.145 - -
[25/May/2002:13:15:26 +0200] "GET
http://www.swordlord.ch/Default.aspx HTTP/1.0" 302 289 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
1.0.3705)"
/www/www.swordlord.ch/access_log:195.141.86.145 - -
[25/May/2002:14:37:35 +0200] "GET
http://www.swordlord.ch/ertdfgderww.aspx HTTP/1.0" 302 289 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
1.0.3705)"

Owner of the IP acording to RIPE is:
inetnum: 195.141.86.144 - 195.141.86.151
netname: Microsoft-NET
descr: Microsoft AG
descr: Thurgauerstrasse 74
descr: 8050 Zuerich
country: CH
admin-c: TR8175-RIPE
tech-c: TR8175-RIPE
status: ASSIGNED PA
notify: ip-reg@sunrise.ch
mnt-by: AS6730-MNT
changed: robert.guentensperger@sunrise.net 20010806
source: RIPE

cheers,
Andreas

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

Previous message: Christian Vogel: "Re: continues SCAN Proxy attempt"
Next in thread: List-Collector: "RE: strange .ch scan by 195.141.86.145"
Reply: List-Collector: "RE: strange .ch scan by 195.141.86.145"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

AW: strange .ch scan by 195.141.86.145
... I just noticed a strange scan in the web logs of all .ch and .li ... So far I dont know what ... MS collection information? ... We recorded the same pattern on all of our virtual servers. ...
(Incidents)
Re: no returns ?
... >> Greedy people are always ripe for the take. ... > I dont think its greed, rather ingenuity. ...
(uk.people.consumers.ebay)