Score:-1

Possible to identify the application that is causing these entries in IIS Log?

us flag
Tim

I'm wondering if it's possible to identity the program that is causing these log entries in IIS. Could that be CuppaCMS that the program is looking for, hoping to exploit a vulnerability if it's present?

2023-05-05 12:11:30 192.168.1.99 OPTIONS /Cuppa.ico - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 200 0 0 62
2023-05-05 12:11:30 192.168.1.99 PROPFIND /Cuppa.ico - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:11:34 192.168.1.99 PROPFIND /x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:11:34 192.168.1.99 PROPFIND /x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:11:34 192.168.1.99 PROPFIND /x86/x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:11:35 192.168.1.99 PROPFIND /x86/x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:11:36 192.168.1.99 PROPFIND /Handbuch/AVK+InternetSecurity+2006.pdf - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:11:36 192.168.1.99 PROPFIND /Handbuch - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:11:39 192.168.1.99 PROPFIND /Cuppa.ico - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:11:42 192.168.1.99 PROPFIND /x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:11:42 192.168.1.99 PROPFIND /x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:11:42 192.168.1.99 PROPFIND /x86/x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:11:42 192.168.1.99 PROPFIND /x86/x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:11:44 192.168.1.99 PROPFIND /Handbuch/AVK+InternetSecurity+2006.pdf - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:11:44 192.168.1.99 PROPFIND /Handbuch - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:11:45 192.168.1.99 PROPFIND /Cuppa.ico - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:11:48 192.168.1.99 PROPFIND /x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:11:48 192.168.1.99 PROPFIND /x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:11:48 192.168.1.99 PROPFIND /x86/x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:11:48 192.168.1.99 PROPFIND /x86/x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:11:49 192.168.1.99 PROPFIND /Handbuch/AVK+InternetSecurity+2006.pdf - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:11:49 192.168.1.99 PROPFIND /Handbuch - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:11:51 192.168.1.99 PROPFIND /Cuppa.ico - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:11:53 192.168.1.99 PROPFIND /x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:11:53 192.168.1.99 PROPFIND /x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:11:53 192.168.1.99 PROPFIND /x86/x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:11:53 192.168.1.99 PROPFIND /x86/x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:11:54 192.168.1.99 PROPFIND /Handbuch/AVK+InternetSecurity+2006.pdf - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:11:54 192.168.1.99 PROPFIND /Handbuch - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:11:54 192.168.1.99 PROPFIND /Cuppa.ico - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:11:54 192.168.1.99 PROPFIND /x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:11:54 192.168.1.99 PROPFIND /x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:11:54 192.168.1.99 PROPFIND /x86/x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:11:55 192.168.1.99 PROPFIND /x86/x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:11:55 192.168.1.99 PROPFIND /Handbuch/AVK+InternetSecurity+2006.pdf - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:11:55 192.168.1.99 PROPFIND /Handbuch - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:11:59 192.168.1.99 PROPFIND /Cuppa.ico - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:01 192.168.1.99 PROPFIND /x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:01 192.168.1.99 PROPFIND /x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:01 192.168.1.99 PROPFIND /x86/x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:01 192.168.1.99 PROPFIND /x86/x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:02 192.168.1.99 PROPFIND /Handbuch/AVK+InternetSecurity+2006.pdf - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:02 192.168.1.99 PROPFIND /Handbuch - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:04 192.168.1.99 PROPFIND /Cuppa.ico - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:04 192.168.1.99 PROPFIND /x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:04 192.168.1.99 PROPFIND /x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:04 192.168.1.99 PROPFIND /x86/x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:04 192.168.1.99 PROPFIND /x86/x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:04 192.168.1.99 PROPFIND /Handbuch/AVK+InternetSecurity+2006.pdf - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:05 192.168.1.99 PROPFIND /Handbuch - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:05 192.168.1.99 PROPFIND /Cuppa.ico - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:07 192.168.1.99 PROPFIND /x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:07 192.168.1.99 PROPFIND /x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:07 192.168.1.99 PROPFIND /x86/x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:07 192.168.1.99 PROPFIND /x86/x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:08 192.168.1.99 PROPFIND /Handbuch/AVK+InternetSecurity+2006.pdf - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:08 192.168.1.99 PROPFIND /Handbuch - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:10 192.168.1.99 PROPFIND /Cuppa.ico - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:10 192.168.1.99 PROPFIND /x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:10 192.168.1.99 PROPFIND /x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:10 192.168.1.99 PROPFIND /x86/x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:10 192.168.1.99 PROPFIND /x86/x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:10 192.168.1.99 PROPFIND /Handbuch/AVK+InternetSecurity+2006.pdf - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:10 192.168.1.99 PROPFIND /Handbuch - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:11 192.168.1.99 PROPFIND /Cuppa.ico - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:13 192.168.1.99 PROPFIND /x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:13 192.168.1.99 PROPFIND /x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:13 192.168.1.99 PROPFIND /x86/x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:13 192.168.1.99 PROPFIND /x86/x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:14 192.168.1.99 PROPFIND /Handbuch/AVK+InternetSecurity+2006.pdf - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:14 192.168.1.99 PROPFIND /Handbuch - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:24 192.168.1.99 PROPFIND /Cuppa.ico - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:26 192.168.1.99 PROPFIND /x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:26 192.168.1.99 PROPFIND /x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:26 192.168.1.99 PROPFIND /x86/x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:26 192.168.1.99 PROPFIND /x86/x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:27 192.168.1.99 PROPFIND /Handbuch/AVK+InternetSecurity+2006.pdf - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:27 192.168.1.99 PROPFIND /Handbuch - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:29 192.168.1.99 PROPFIND /Cuppa.ico - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:29 192.168.1.99 PROPFIND /x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:29 192.168.1.99 PROPFIND /x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:29 192.168.1.99 PROPFIND /x86/x86/BINN/dtspkg.dll - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 15
2023-05-05 12:12:29 192.168.1.99 PROPFIND /x86/x86/BINN - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:29 192.168.1.99 PROPFIND /Handbuch/AVK+InternetSecurity+2006.pdf - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
2023-05-05 12:12:30 192.168.1.99 PROPFIND /Handbuch - 80 - 10.100.0.190 Microsoft-WebDAV-MiniRedir/10.0.19045 - 404 0 2 0
us flag
Tim
Absent any explanation for the downvote I'll just assume that the downvoter is the perpetrator and has hacked into our server.
Score:1
vn flag

Microsoft-WebDAV-MiniRedir is the indicator that some Windows 10 machine maps a network drive to your server,

https://learn.microsoft.com/iis/publish/using-webdav/using-the-webdav-redirector

Whether you like it or not, that machine can generate all kinds of requests to your server when it attempts to manipulate the network drive.

BTW, if you are running a production web site and wonder if it might be hacked, hire a security professional. A forum like this isn't the place for that kind of consulting services.

us flag
Tim
Thanks. I am not asking for consuting services. The company for whom I have written some applications does have an outside team managing its network. What I wanted to know was whether it was possible to determine *from the combination of files that have been requested* what program might be making these requests from the IP address shown in the logs. The combination of files seems like it could be a tell-tale signature: the program is looking for a PDF with a German-sounding if not entirely German name (*Handbuch...*), an icon file called "cuppa.ico", and the "dtspkg.dll".
Lex Li avatar
vn flag
If you have access to that specific client machine, a tool like Process Monitor can reveals the app easily. If you don’t have access to it, then guessing from the access pattern is a lot more difficult because usually the file access pattern of an app is not fully documented.
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.