|
Security Incidents
mailing list archives
strange .ch scan by 195.141.86.145
From: Andreas Wiesmann <lordandrej () swordlord org>
Date: Sat, 25 May 2002 16:36:29 +0200
Hi, I just noticed a strange scan in the web logs of all .ch and .li
domains. Friends recognized similar scans. So far I dont know what
the purpose of this scan is... MS collection information?
/www/www.swordlord.ch/access_log:195.141.86.145 - -
[24/May/2002:20:50:05 +0200] "GET
http://www.swordlord.ch/hgfserd.aspx HTTP/1.0" 302 289 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
1.0.3705)"
/www/www.swordlord.ch/access_log:195.141.86.145 - -
[25/May/2002:13:15:26 +0200] "GET
http://www.swordlord.ch/Default.aspx HTTP/1.0" 302 289 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
1.0.3705)"
/www/www.swordlord.ch/access_log:195.141.86.145 - -
[25/May/2002:14:37:35 +0200] "GET
http://www.swordlord.ch/ertdfgderww.aspx HTTP/1.0" 302 289 "-"
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR
1.0.3705)"
Owner of the IP acording to RIPE is:
inetnum: 195.141.86.144 - 195.141.86.151
netname: Microsoft-NET
descr: Microsoft AG
descr: Thurgauerstrasse 74
descr: 8050 Zuerich
country: CH
admin-c: TR8175-RIPE
tech-c: TR8175-RIPE
status: ASSIGNED PA
notify: ip-reg () sunrise ch
mnt-by: AS6730-MNT
changed: robert.guentensperger () sunrise net 20010806
source: RIPE
cheers,
Andreas
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
- strange .ch scan by 195.141.86.145 Andreas Wiesmann (May 26)
|
Intro
