Hi, I just noticed a strange scan in the web logs of all .ch and .li domains. Friends recognized similar scans. So far I dont know what the purpose of this scan is... MS collection information? /www/www.swordlord.ch/access_log:195.141.86.145 - - [24/May/2002:20:50:05 +0200] "GET http://www.swordlord.ch/hgfserd.aspx HTTP/1.0" 302 289 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" /www/www.swordlord.ch/access_log:195.141.86.145 - - [25/May/2002:13:15:26 +0200] "GET http://www.swordlord.ch/Default.aspx HTTP/1.0" 302 289 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" /www/www.swordlord.ch/access_log:195.141.86.145 - - [25/May/2002:14:37:35 +0200] "GET http://www.swordlord.ch/ertdfgderww.aspx HTTP/1.0" 302 289 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" Owner of the IP acording to RIPE is: inetnum: 195.141.86.144 - 195.141.86.151 netname: Microsoft-NET descr: Microsoft AG descr: Thurgauerstrasse 74 descr: 8050 Zuerich country: CH admin-c: TR8175-RIPE tech-c: TR8175-RIPE status: ASSIGNED PA notify: ip-regat_private mnt-by: AS6730-MNT changed: robert.guentenspergerat_private 20010806 source: RIPE cheers, Andreas ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun May 26 2002 - 17:58:39 PDT