funsec mailing list archives
(perhaps ot) web server weir log entries
From: Chaim Rieger <chaim.rieger () gmail com>
Date: Tue, 19 May 2009 11:03:44 -0700
starting yesterday i see the following in my access logs, and cant seem to figure out what the heck is going on, using lighttp, got any insight ? 77.108.102.246 - - [19/May/2009:10:07:10 -0700] "CONNECT 205.188.251.43:443 HTTP/1.0" 501 357 "-" "-" 77.66.227.146 - - [19/May/2009:10:07:10 -0700] "CONNECT 205.188.251.36:443 HTTP/1.0" 501 357 "-" "-" 77.66.227.146 - - [19/May/2009:10:07:10 -0700] "CONNECT 205.188.251.16:443 HTTP/1.0" 501 357 "-" "-" 60.168.252.7 xml.nbcsearch.com - [19/May/2009:10:07:10 -0700] "GET http://xml.nbcsearch.com/xml.php?affiliate=searchdao&Terms=food+nutrition&IP=208%2E127%2E94 %2E89 HTTP/1.0" 404 345 "-" "Mozilla/4.0 (compatible; MSIE 5.01; Windows 95; Alexa Toolbar)" 77.108.102.246 - - [19/May/2009:10:07:10 -0700] "CONNECT 205.188.251.31:443 HTTP/1.0" 501 357 "-" "-" 59.90.1.66 - - [19/May/2009:10:07:10 -0700] "CONNECT 205.188.251.6:443 HTTP/1.0" 501 357 "-" "-" 59.90.1.66 - - [19/May/2009:10:07:10 -0700] "CONNECT 205.188.251.1:443 HTTP/1.0" 501 357 "-" "-" 113.22.163.156 - - [19/May/2009:10:07:10 -0700] "GET http://n31.login.re3.yahoo.com/config/pwtoken_get?login=roseau () snet net&src=ygodgw&passwd=bc144134bc7b611 91e8e2f6c0833364c&challenge=FqJZxsmRe5Eq__AOpETXgvYrGqMd&md5=1 HTTP/1.0" 404 345 "-" "MobileRunner-J2ME" 117.13.200.239 adserver.adtech.de - [19/May/2009:10:07:10 -0700] "GET http://adserver.adtech.de/adiframe/3.0/932/2081232/0/225/ADTECH;target=_blank;grp=%5Bgro up%5D HTTP/1.1" 404 345 "http://www.vampirefreaks.com/" "mozilla/5.0 (windows; u; win98; en-us; rv:1.8.0.7) gecko/20060909 firefox/1.5.0.7" 95.79.193.64 - - [19/May/2009:10:07:10 -0700] "CONNECT 205.188.179.233:443 HTTP/1.0" 501 357 "-" "-" 77.66.227.146 - - [19/May/2009:10:07:10 -0700] "CONNECT 64.12.161.185:443 HTTP/1.0" 501 357 "-" "-" 117.14.247.15 adserver.adtech.de - [19/May/2009:10:07:10 -0700] "GET http://adserver.adtech.de/adiframe/3.0/932/2081232/0/225/ADTECH;target=_blank;grp=%5Bgrou p%5D HTTP/1.0" 404 345 "http://www.vampirefreaks.com/" "mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1; .net clr 1.1.4322)" 121.204.134.135 blueadvertise.com - [19/May/2009:10:07:10 -0700] "GET http://blueadvertise.com/publisher/____ic300250.php?cache=625 HTTP/1.0" 404 345 "-" "Moz illa/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 77.66.227.146 - - [19/May/2009:10:07:10 -0700] "CONNECT 205.188.251.31:443 HTTP/1.0" 501 357 "-" "-" 77.66.227.146 - - [19/May/2009:10:07:10 -0700] "CONNECT 205.188.251.21:443 HTTP/1.0" 501 357 "-" "-" 77.66.227.146 - - [19/May/2009:10:07:10 -0700] "CONNECT 64.12.200.89:443 HTTP/1.0" 501 357 "-" "-" 59.40.58.109 adserver.adtech.de - [19/May/2009:10:07:11 -0700] "GET http://adserver.adtech.de/adiframe/3.0/932/2067462/0/170/ADTECH;target=_blank;grp=%5Bgroup %5D HTTP/1.0" 404 345 "http://www.cheatcc.com/" "mozilla/4.0 (compatible; msie 6.0; windows nt 5.1)" 79.46.69.130 - - [19/May/2009:10:07:11 -0700] "" 400 349 "-" "-" 92.243.182.98 - - [19/May/2009:10:07:11 -0700] "CONNECT login.icq.com:443 HTTP/1.0" 501 357 "-" "-" 123.118.117.2 network.realmedia.com - [19/May/2009:10:07:11 -0700] "GET http://network.realmedia.com/RealMedia/ads/adstream_sx.ads/xbox-pro/300x250/ron/gmsent 1834/ss/a@x15 HTTP/1.0" 404 345 "http://www.xbox-pro.com/" "mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1)" 67.19.122.146 ad.reachjunction.com - [19/May/2009:10:07:11 -0700] "GET http://ad.reachjunction.com/st?ad_type=pop&ad_size=0x0§ion=505085&banned_pop_types= 29&pop_times=1&pop_frequency=86400 HTTP/1.1" 404 345 "http%3A%2F%2Fwww.rsfox.com%2Findex.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1. 1.43" 77.108.102.246 - - [19/May/2009:10:07:11 -0700] "CONNECT 64.12.161.153:443 HTTP/1.0" 501 357 "-" "-" 219.134.252.92 network.realmedia.com - [19/May/2009:10:07:11 -0700] "GET http://network.realmedia.com/RealMedia/ads/adstream_jx.ads/couponhill/728x90/ron/ents hpwmn/ss/a/1044233186@Top1 HTTP/1.1" 404 345 "http://www.couponhill.com" "mozilla/4.0 (compatible; msie 6.0; windows nt 5.0)" 66.39.218.8 www.ticketmaster.com - [19/May/2009:10:07:11 -0700] "GET http://www.ticketmaster.com/event/040042788C0D2230?artistid=805913&majorcatid=10004&minor catid=9 HTTP/1.1" 404 345 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.0 4506.648; .NET CLR 3.5.21022)" 77.108.102.246 - - [19/May/2009:10:07:11 -0700] "CONNECT 205.188.251.36:443 HTTP/1.0" 501 357 "-" "-" 123.118.117.116 content.pulse360.com - [19/May/2009:10:07:11 -0700] "GET http://content.pulse360.com/cgi-bin/context.cgi?id=88550819&cgroup=external_content_v ideo&color=orange&format=vid300x500swf&subid=92020793 HTTP/1.0" 404 345 "http://www.spineshealth.com/" "mozilla/4.0 (compatible; msie 6.0; windows nt 5.1)" 60.26.10.79 adserver.adtech.de - [19/May/2009:10:07:11 -0700] "GET http://adserver.adtech.de/adiframe/3.0/932/2067447/0/170/ADTECH;target=_blank;grp=%5Bgroup% 5D HTTP/1.1" 404 345 "http://www.mugglenet.com/" "mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1; .net clr 1.1.4322)" _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- (perhaps ot) web server weir log entries Chaim Rieger (May 19)
- <Possible follow-ups>
- Re: (perhaps ot) web server weir log entries Robert Graham (May 19)