Security Incidents mailing list archives
AW: strange .ch scan by 195.141.86.145
From: "Pascal C. Kocher" <pascal.kocher () netbeat biz>
Date: Tue, 28 May 2002 09:03:32 +0200
Hi all
Hi, I just noticed a strange scan in the web logs of all .ch and .li domains. Friends recognized similar scans. So far I dont know what the purpose of this scan is... MS collection information? /www/www.swordlord.ch/access_log:195.141.86.145 - - [24/May/2002:20:50:05 +0200] "GET http://www.swordlord.ch/hgfserd.aspx HTTP/1.0" 302 289 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
We recorded the same pattern on all of our virtual servers. Preceeding that pattern, on an irregular timed basis they where trying to get http://www.w3c.org (as proxy). Can you also confirm this? Best regards, Pascal. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- AW: strange .ch scan by 195.141.86.145 Pascal C. Kocher (May 28)
- Re: AW: strange .ch scan by 195.141.86.145 Rainer Duffner (May 30)