AW: strange .ch scan by

From: Pascal C. Kocher (pascal.kocherat_private)
Date: Tue May 28 2002 - 00:03:32 PDT

  • Next message: Keyser Soze: "Re: GET /proxy-test.php"

    Hi all
    > Hi, I just noticed a strange scan in the web logs of all .ch and .li 
    > domains. Friends recognized similar scans. So far I dont know what 
    > the purpose of this scan is... MS collection information?
    > /www/ - - 
    > [24/May/2002:20:50:05 +0200] "GET 
    > HTTP/1.0" 302 289 "-" 
    > "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 
    > 1.0.3705)"
    We recorded the same pattern on all of our virtual servers. Preceeding
    that pattern, on an irregular timed basis they where trying to get (as proxy).
    Can you also confirm this?
    Best regards,
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Tue May 28 2002 - 08:26:05 PDT