Posts Tagged ‘194.59.120.11 web traffic’

What’s with IP 194.59.120.11?

September 4, 2008

The traffic for our popular website that we analyze with FireGen contains quite a few connections from IP 194.59.120.11. While this doesn’t resolve to a domain name, it appears that it belongs to Deutsches Patentamt or The German Patent and Trade Mark Office¬†(www.dpma.de). From the application-specific logs we can tell that is not actually using the site but it is up there, at the same level of traffic with various search engine crawlers (Yahoo, Google, etc…). To keep an eye on it, we added the IP in the “Monitored IP Addresses” list in FireGen so the next reports will tag any connections from this IP. In the mean time, we used the IP Forensics feature in FireGen (http://www.eventid.net/firegen/ipforensics_report.asp) to see what kind of traffic is generated by this IP. It turned out that every 5 seconds it makes and HTML request for the default page of www.eventid.net¬†and nothing else, as if it would monitor the availability of this website. We will keep an eye on it and if necessary block it at the firewall level.

Advertisements