Security Incidents mailing list archives
Workstations trying to GET /download/IEService215.chm HTTP/1.1 fr om 67.109.249.3
From: "Humes, David G." <David.Humes () jhuapl edu>
Date: Fri, 9 Jul 2004 15:01:41 -0400
Starting around July 8th we noticed workstations trying to access 67.109.249.3 on port 80 and do a GET /download/IEService215.chm HTTP/1.1 Analysis of the users' browsing activity did not reveal any pattern that would suggest that the activity was user-initiated. We suspect that this is something trying to "phone home", but not sure quite what. A reverse lookup of the IP just returns 67.109.249.3.ptr.us.xo.net, and whois just tells me that it belongs to XO. Has anyone else seen this and know what it is? Thanks. --Dave
Current thread:
- Workstations trying to GET /download/IEService215.chm HTTP/1.1 fr om 67.109.249.3 Humes, David G. (Jul 09)
- Re: Workstations trying to GET /download/IEService215.chm HTTP/1.1 fr om 67.109.249.3 Paul Schmehl (Jul 12)
- Re: Workstations trying to GET /download/IEService215.chm HTTP/1.1 fr om 67.109.249.3 Andy (Jul 12)
- Re: Workstations trying to GET /download/IEService215.chm HTTP/1.1 from 67.109.249.3 Paul Schmehl (Jul 12)
- Re: Workstations trying to GET /download/IEService215.chm HTTP/1.1 fr om 67.109.249.3 Ronaldo C Vasconcellos (Jul 12)
- Re: Workstations trying to GET /download/IEService215.chm HTTP/1.1 from 67.109.249.3 Thor Larholm (Jul 12)
- Re: Workstations trying to GET /download/IEService215.chm HTTP/1.1 from 67.109.249.3 Axel Pettinger (Jul 12)
- Re: Workstations trying to GET /download/IEService215.chm HTTP/1.1 from 67.109.249.3 Matthew Jonkman (Jul 12)