[Dshield] /sumthin Revisited

Doug Roberts doug at chewygravy.com
Mon Jan 6 04:50:48 GMT 2003


At 08:33 PM 1/5/2003 -0600, you wrote:
>Also I am trying to collect logs of as many /sumthing requests as I can 
>get my
>hands on for further analysis. For those that can, please forward the related
>logs to noam at noameppel.com !

I found these on a single server that hosts about 18 domains under my 
administration. The first two block are from two domains, the large third 
block is an amalgamation of the remaining domains. If you need/want 
something more detailed, let me know. Unfortunately, I don't have any 
tcpdump logs for this server yet.

200.179.208.46 - - [19/Oct/2002:00:48:33 -0400] "GET /sumthin HTTP/1.1" 404 
325 "-" "-"
12.101.142.190 - - [23/Oct/2002:08:08:18 -0400] "GET /sumthin HTTP/1.0" 404 
313 "-" "-"
206.14.129.51 - - [27/Oct/2002:06:08:20 -0500] "GET /sumthin HTTP/1.0" 404 
313 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:12:50 -0500] "GET /sumthin HTTP/1.0" 404 
313 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:31 -0500] "GET /sumthin HTTP/1.0" 404 
313 "-" "-"
150.188.8.162 - - [24/Nov/2002:21:23:21 -0500] "GET /sumthin HTTP/1.0" 404 
313 "-" "-"

200.179.208.46 - - [19/Oct/2002:00:48:46 -0400] "GET /sumthin HTTP/1.1" 404 
322 "-" "-"
12.101.142.190 - - [23/Oct/2002:08:08:18 -0400] "GET /sumthin HTTP/1.0" 404 
310 "-" "-"
206.14.129.51 - - [27/Oct/2002:06:08:20 -0500] "GET /sumthin HTTP/1.0" 404 
310 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:12:50 -0500] "GET /sumthin HTTP/1.0" 404 
310 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:32 -0500] "GET /sumthin HTTP/1.0" 404 
310 "-" "-"

65.115.124.167 - - [10/Nov/2002:13:12:51 -0500] "GET /sumthin HTTP/1.0" 404 
322 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:35 -0500] "GET /sumthin HTTP/1.0" 404 
322 "-" "-"
150.188.8.162 - - [24/Nov/2002:21:23:22 -0500] "GET /sumthin HTTP/1.0" 404 
322 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:12:51 -0500] "GET /sumthin HTTP/1.0" 404 
321 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:35 -0500] "GET /sumthin HTTP/1.0" 404 
321 "-" "-"
150.188.8.162 - - [24/Nov/2002:21:23:23 -0500] "GET /sumthin HTTP/1.0" 404 
321 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:12:51 -0500] "GET /sumthin HTTP/1.0" 404 
321 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:35 -0500] "GET /sumthin HTTP/1.0" 404 
321 "-" "-"
150.188.8.162 - - [24/Nov/2002:21:23:23 -0500] "GET /sumthin HTTP/1.0" 404 
321 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:12:51 -0500] "GET /sumthin HTTP/1.0" 404 
320 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:36 -0500] "GET /sumthin HTTP/1.0" 404 
320 "-" "-"
150.188.8.162 - - [24/Nov/2002:21:23:23 -0500] "GET /sumthin HTTP/1.0" 404 
320 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:12:53 -0500] "GET /sumthin HTTP/1.0" 404 
323 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:36 -0500] "GET /sumthin HTTP/1.0" 404 
323 "-" "-"
150.188.8.162 - - [24/Nov/2002:21:23:15 -0500] "GET /sumthin HTTP/1.0" 404 
323 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:12:52 -0500] "GET /sumthin HTTP/1.0" 404 
321 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:36 -0500] "GET /sumthin HTTP/1.0" 404 
321 "-" "-"
150.188.8.162 - - [24/Nov/2002:21:23:17 -0500] "GET /sumthin HTTP/1.0" 404 
321 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:12:52 -0500] "GET /sumthin HTTP/1.0" 404 
321 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:36 -0500] "GET /sumthin HTTP/1.0" 404 
321 "-" "-"
150.188.8.162 - - [24/Nov/2002:21:23:23 -0500] "GET /sumthin HTTP/1.0" 404 
321 "-" "-"
200.179.208.46 - - [19/Oct/2002:00:48:33 -0400] "GET /sumthin HTTP/1.1" 404 
323 "-" "-"
12.101.142.190 - - [23/Oct/2002:08:08:18 -0400] "GET /sumthin HTTP/1.0" 404 
311 "-" "-"
206.14.129.51 - - [27/Oct/2002:06:08:20 -0500] "GET /sumthin HTTP/1.0" 404 
311 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:12:50 -0500] "GET /sumthin HTTP/1.0" 404 
311 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:31 -0500] "GET /sumthin HTTP/1.0" 404 
311 "-" "-"
150.188.8.162 - - [24/Nov/2002:21:23:12 -0500] "GET /sumthin HTTP/1.0" 404 
311 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:12:53 -0500] "GET /sumthin HTTP/1.0" 404 
326 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:36 -0500] "GET /sumthin HTTP/1.0" 404 
326 "-" "-"
150.188.8.162 - - [24/Nov/2002:21:23:23 -0500] "GET /sumthin HTTP/1.0" 404 
326 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:12:53 -0500] "GET /sumthin HTTP/1.0" 404 
326 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:36 -0500] "GET /sumthin HTTP/1.0" 404 
326 "-" "-"
150.188.8.162 - - [24/Nov/2002:21:23:22 -0500] "GET /sumthin HTTP/1.0" 404 
326 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:12:53 -0500] "GET /sumthin HTTP/1.0" 404 
326 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:36 -0500] "GET /sumthin HTTP/1.0" 404 
326 "-" "-"
150.188.8.162 - - [24/Nov/2002:21:23:14 -0500] "GET /sumthin HTTP/1.0" 404 
326 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:12:53 -0500] "GET /sumthin HTTP/1.0" 404 
325 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:36 -0500] "GET /sumthin HTTP/1.0" 404 
325 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:12:52 -0500] "GET /sumthin HTTP/1.0" 404 
325 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:35 -0500] "GET /sumthin HTTP/1.0" 404 
325 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:12:53 -0500] "GET /sumthin HTTP/1.0" 404 
325 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:35 -0500] "GET /sumthin HTTP/1.0" 404 
325 "-" "-"
150.188.8.162 - - [24/Nov/2002:21:23:17 -0500] "GET /sumthin HTTP/1.0" 404 
325 "-" "-"
200.179.208.46 - - [19/Oct/2002:00:48:32 -0400] "GET /sumthin HTTP/1.1" 404 
324 "-" "-"
12.101.142.190 - - [23/Oct/2002:08:08:18 -0400] "GET /sumthin HTTP/1.0" 404 
312 "-" "-"
206.14.129.51 - - [27/Oct/2002:06:08:20 -0500] "GET /sumthin HTTP/1.0" 404 
312 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:12:50 -0500] "GET /sumthin HTTP/1.0" 404 
312 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:31 -0500] "GET /sumthin HTTP/1.0" 404 
312 "-" "-"
206.14.129.51 - - [27/Oct/2002:06:08:20 -0500] "GET /sumthin HTTP/1.0" 404 
312 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:12:51 -0500] "GET /sumthin HTTP/1.0" 404 
312 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:35 -0500] "GET /sumthin HTTP/1.0" 404 
312 "-" "-"
150.188.8.162 - - [24/Nov/2002:21:23:22 -0500] "GET /sumthin HTTP/1.0" 404 
312 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:12:54 -0500] "GET /sumthin HTTP/1.0" 404 
323 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:35 -0500] "GET /sumthin HTTP/1.0" 404 
323 "-" "-"
150.188.8.162 - - [24/Nov/2002:21:23:23 -0500] "GET /sumthin HTTP/1.0" 404 
323 "-" "-"
206.14.129.51 - - [27/Oct/2002:06:08:20 -0500] "GET /sumthin HTTP/1.0" 404 
316 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:12:51 -0500] "GET /sumthin HTTP/1.0" 404 
316 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:35 -0500] "GET /sumthin HTTP/1.0" 404 
316 "-" "-"
150.188.8.162 - - [24/Nov/2002:21:23:17 -0500] "GET /sumthin HTTP/1.0" 404 
316 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:12:54 -0500] "GET /sumthin HTTP/1.0" 404 
320 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:35 -0500] "GET /sumthin HTTP/1.0" 404 
320 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:12:54 -0500] "GET /sumthin HTTP/1.0" 404 
320 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:35 -0500] "GET /sumthin HTTP/1.0" 404 
320 "-" "-"
65.115.124.167 - - [10/Nov/2002:13:13:01 -0500] "GET /sumthin HTTP/1.0" 404 
316 "-" "-"
61.220.190.139 - - [10/Nov/2002:17:22:35 -0500] "GET /sumthin HTTP/1.0" 404 
316 "-" "-"
150.188.8.162 - - [24/Nov/2002:21:23:15 -0500] "GET /sumthin HTTP/1.0" 404 
316 "-" "-"


Doug
doug at chewygravy.com
========================= 




More information about the list mailing list