AW: strange .ch scan by 195.141.86.145
From: Pascal C. Kocher (pascal.kocher@netbeat.biz)Date: 05/28/02
- Previous message: List-Collector: "RE: strange .ch scan by 195.141.86.145"
- Next in thread: Rainer Duffner: "Re: AW: strange .ch scan by 195.141.86.145"
- Reply: Rainer Duffner: "Re: AW: strange .ch scan by 195.141.86.145"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 May 2002 09:03:32 +0200 From: "Pascal C. Kocher" <pascal.kocher@netbeat.biz> To: "Andreas Wiesmann" <lordandrej@swordlord.org>, <incidents@securityfocus.com>
Hi all
> Hi, I just noticed a strange scan in the web logs of all .ch and .li
> domains. Friends recognized similar scans. So far I dont know what
> the purpose of this scan is... MS collection information?
>
> /www/www.swordlord.ch/access_log:195.141.86.145 - -
> [24/May/2002:20:50:05 +0200] "GET
> http://www.swordlord.ch/hgfserd.aspx HTTP/1.0" 302 289 "-"
> "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
> 1.0.3705)"
We recorded the same pattern on all of our virtual servers. Preceeding
that pattern, on an irregular timed basis they where trying to get
http://www.w3c.org (as proxy).
Can you also confirm this?
Best regards,
Pascal.
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
- Previous message: List-Collector: "RE: strange .ch scan by 195.141.86.145"
- Next in thread: Rainer Duffner: "Re: AW: strange .ch scan by 195.141.86.145"
- Reply: Rainer Duffner: "Re: AW: strange .ch scan by 195.141.86.145"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
