Full Disclosure mailing list archives
Re: On Skype URL eavesdropping
From: Alex <fd () daloo de>
Date: Fri, 17 May 2013 11:53:54 +0200
Its funny to see Microsoft using SSH ;) 22/tcp open ssh VanDyke VShell sshd 3.8.6.476 (protocol 2.0) Btw, nmap thinks it is Vista Device type: general purpose Running: Microsoft Windows Vista OS details: Microsoft Windows Vista Have 2 log entries: [29/Apr/2013:15:09:36 +0200] [18/Apr/2013:14:46:29 +0200] HEAD, no user agent and so on. Don't use Skype. Am 2013-05-17 03:53, schrieb Bruce Ediger:
On Fri, 17 May 2013, Kirils Solovjovs wrote: Requests always come from the same IP 65.52.100.214.Oddly, I have an HTTP request from 65.52.100.214 in my apache log files. It asked for http://stratigery.com/scripting.ftp.html [1] by far the mostpopular page on my web site. It used a HEAD. Referer and user agent both '-' That much is the same as everyone else. I have a little more to add. I have p0f version 2 running at the same time. I can match up the 65.52.100.214 with this from p0f: UNKNOWN [8192:56:1:48:M1460,N,N,S:.:?:?] p0f also claims an "ethernet/modem" link. I find 1 other hit in my p0f log file with that OS guess, from 1.23.166.134, which was also asking for http://stratigery.com/scripting.ftp.html [1], but with a GET. 1.23.166.134 had a referer of http://www.google.co.in [2]1.23.166.134 had a user agent of " Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 1.1.4322; .NET CLR 3.5.30729; InfoPath.1; .NET4.0C; .NET4.0E)"65.52.100.214 hit my web server at 2013-04-30 07:26:26-06 1.23.166.134 hit my web server at 2012-04-09 11:26:00-06 Note that I do not use Skype at all. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html [3] Hosted and sponsored by Secunia - http://secunia.com/ [4]
Links: ------ [1] http://stratigery.com/scripting.ftp.html [2] http://www.google.co.in [3] http://lists.grok.org.uk/full-disclosure-charter.html [4] http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- On Skype URL eavesdropping Kirils Solovjovs (May 16)
- Re: On Skype URL eavesdropping Jeffrey Walton (May 16)
- Re: On Skype URL eavesdropping Bruce Ediger (May 16)
- Re: On Skype URL eavesdropping Alex (May 17)