VISUALANALYTICS.COM (173.166.136.106) HDB Scanning
27 June, 2013 - 14:07
Looks like VISUALANALYTICS.COM was looking to make a buck off of soldierx.com's HDB. What a bunch of crooks.
173.166.136.106 - - [26/Jun/2013:10:45:06 -0400] "GET /sites/all/themes/soldierx/print.css?A HTTP/1.1" 200 850 "http://www.soldierx.com/hdb" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36"
173.166.136.106 - - [26/Jun/2013:10:45:11 -0400] "-" 408 161 "-" "-"
173.166.136.106 - - [26/Jun/2013:10:45:11 -0400] "-" 408 161 "-" "-"
173.166.136.106 - - [26/Jun/2013:10:45:11 -0400] "-" 408 161 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:26:10 -0400] "GET /hdb HTTP/1.0" 200 33080 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:32:47 -0400] "GET /hdb HTTP/1.0" 200 33080 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:33:41 -0400] "GET /hdb HTTP/1.0" 200 33080 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:37:13 -0400] "GET /hdb HTTP/1.0" 200 33080 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:42:17 -0400] "GET /hdb HTTP/1.0" 200 33080 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:45:41 -0400] "GET /hdb HTTP/1.0" 200 33080 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:51:37 -0400] "GET /hdb HTTP/1.0" 200 33080 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:51:38 -0400] "GET //hdb/Shadow-Hawk-1 HTTP/1.0" 200 12961 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:51:38 -0400] "GET //hdb/0x000000-rvdh HTTP/1.0" 200 12418 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:51:38 -0400] "GET //hdb/0x0ptim0us HTTP/1.0" 403 342 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:51:39 -0400] "GET //hdb/0xcharlie HTTP/1.0" 200 14273 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:51:39 -0400] "GET /system/files/imagecache/hdb_thumbnail/hdb/200px-Charlie_Miller_Infiltrate_2012.jpg HTTP/1.1" 403 400 "http://10.12.12.24/pageScraper2/hackerlist.php" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.52 Safari/537.36"
173.166.136.106 - - [27/Jun/2013:14:51:39 -0400] "GET //hdb/404myth HTTP/1.0" 200 13445 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:51:39 -0400] "GET //hdb/Aaron-McGruder HTTP/1.0" 403 342 "-" "-"
173.166.136.106 - - [26/Jun/2013:10:45:11 -0400] "-" 408 161 "-" "-"
173.166.136.106 - - [26/Jun/2013:10:45:11 -0400] "-" 408 161 "-" "-"
173.166.136.106 - - [26/Jun/2013:10:45:11 -0400] "-" 408 161 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:26:10 -0400] "GET /hdb HTTP/1.0" 200 33080 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:32:47 -0400] "GET /hdb HTTP/1.0" 200 33080 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:33:41 -0400] "GET /hdb HTTP/1.0" 200 33080 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:37:13 -0400] "GET /hdb HTTP/1.0" 200 33080 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:42:17 -0400] "GET /hdb HTTP/1.0" 200 33080 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:45:41 -0400] "GET /hdb HTTP/1.0" 200 33080 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:51:37 -0400] "GET /hdb HTTP/1.0" 200 33080 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:51:38 -0400] "GET //hdb/Shadow-Hawk-1 HTTP/1.0" 200 12961 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:51:38 -0400] "GET //hdb/0x000000-rvdh HTTP/1.0" 200 12418 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:51:38 -0400] "GET //hdb/0x0ptim0us HTTP/1.0" 403 342 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:51:39 -0400] "GET //hdb/0xcharlie HTTP/1.0" 200 14273 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:51:39 -0400] "GET /system/files/imagecache/hdb_thumbnail/hdb/200px-Charlie_Miller_Infiltrate_2012.jpg HTTP/1.1" 403 400 "http://10.12.12.24/pageScraper2/hackerlist.php" "Mozilla/5.0 (Windows NT 5.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.52 Safari/537.36"
173.166.136.106 - - [27/Jun/2013:14:51:39 -0400] "GET //hdb/404myth HTTP/1.0" 200 13445 "-" "-"
173.166.136.106 - - [27/Jun/2013:14:51:39 -0400] "GET //hdb/Aaron-McGruder HTTP/1.0" 403 342 "-" "-"
As you can see, they've built (or bought) something running internally at 10.12.12.24 - pageScraper2/hackerlist.php