Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Bruce Ediger (bedigerstratigery.com)
Date: Thu May 16 2013 - 20:53:43 CDT
On Fri, 17 May 2013, Kirils Solovjovs wrote:
> Requests always come from the same IP 220.127.116.11.
Oddly, I have an HTTP request from 18.104.22.168 in my apache log files.
It asked for http://stratigery.com/scripting.ftp.html by far the most
popular page on my web site. It used a HEAD. Referer and user agent
That much is the same as everyone else. I have a little more to add.
I have p0f version 2 running at the same time. I can match up the
22.214.171.124 with this from p0f:
p0f also claims an "ethernet/modem" link.
I find 1 other hit in my p0f log file with that OS guess, from
126.96.36.199, which was also asking for
http://stratigery.com/scripting.ftp.html, but with a GET.
188.8.131.52 had a referer of http://www.google.co.in
184.108.40.206 had a user agent of " Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 1.1.4322; .NET CLR 3.5.30729; InfoPath.1; .NET4.0C; .NET4.0E)"
220.127.116.11 hit my web server at 2013-04-30 07:26:26-06
18.104.22.168 hit my web server at 2012-04-09 11:26:00-06
Note that I do not use Skype at all.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/