Hi all > Hi, I just noticed a strange scan in the web logs of all .ch and .li > domains. Friends recognized similar scans. So far I dont know what > the purpose of this scan is... MS collection information? > > /www/www.swordlord.ch/access_log:195.141.86.145 - - > [24/May/2002:20:50:05 +0200] "GET > http://www.swordlord.ch/hgfserd.aspx HTTP/1.0" 302 289 "-" > "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR > 1.0.3705)" We recorded the same pattern on all of our virtual servers. Preceeding that pattern, on an irregular timed basis they where trying to get http://www.w3c.org (as proxy). Can you also confirm this? Best regards, Pascal. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue May 28 2002 - 08:26:05 PDT