Targeted lame scan from 190.10.8.107

1 reply [Last post]
RaT
RaT's picture
Offline
SX High Council
Joined: 2008/03/12

This one is interesting as it's small and targeted, maybe part of a larger campaign. Notice the User Agent is chosen from a list for each GET request.

190.10.8.107 - - [10/Aug/2014:08:44:56 -0400] "GET /upload/ HTTP/1.0" 302 450 "-" "Mozilla/5.0 (Windows; U; Win 9x 4.90; fi; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
190.10.8.107 - - [10/Aug/2014:08:56:56 -0400] "GET /sqlfiles/ HTTP/1.0" 302 454 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 4.4 (build 01348); .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
190.10.8.107 - - [11/Aug/2014:13:19:46 -0400] "GET /php/upload.php HTTP/1.0" 302 464 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; MRA 3.0 (build 00614))"
190.10.8.107 - - [11/Aug/2014:13:20:52 -0400] "GET /fileupload/upload.php HTTP/1.0" 302 478 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.4 (build 01334))"
190.10.8.107 - - [11/Aug/2014:13:22:00 -0400] "GET /simple-upload-53.php HTTP/1.0" 302 476 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; fi-FI; rv:1.7.12) Gecko/20050919 Firefox/1.0.7"
190.10.8.107 - - [11/Aug/2014:13:29:39 -0400] "GET /modules/filemanagermodule/actions/picker.php?id=0 HTTP/1.0" 302 534 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [ru]"
190.10.8.107 - - [11/Aug/2014:20:32:23 -0400] "GET /openconf/author/submit.php HTTP/1.0" 302 488 "-" "Opera/8.01 (J2ME/MIDP; Opera Mini/1.2.3004; ru; U; ssr)"
190.10.8.107 - - [12/Aug/2014:12:08:40 -0400] "GET /wp-config.php-bak HTTP/1.0" 302 470 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ru) Opera 8.54"
190.10.8.107 - - [12/Aug/2014:12:09:21 -0400] "GET /wp-config.phpbak HTTP/1.0" 302 468 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461; SV1)"
190.10.8.107 - - [12/Aug/2014:18:10:22 -0400] "GET /wp-content/themes/GTD/upload/ HTTP/1.0" 302 494 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MyIE2; SV1; .NET CLR 1.1.4322)"
190.10.8.107 - - [12/Aug/2014:19:56:22 -0400] "GET /wp-content/plugins/page-flip-image-gallery/layouts.xml HTTP/1.0" 302 544 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; MRA 4.6 (build 01425))"
190.10.8.107 - - [13/Aug/2014:12:57:22 -0400] "GET /dev/backup/ HTTP/1.0" 302 458 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; MRA 4.5 (build 01399))"
190.10.8.107 - - [13/Aug/2014:13:04:39 -0400] "GET /dev/backups/ HTTP/1.0" 302 460 "-" "Mozilla/5.0 (compatible; Konqueror/3.0-rc1; i686 Linux; 20020521)"
190.10.8.107 - - [13/Aug/2014:13:37:38 -0400] "GET /dev/ HTTP/1.0" 302 444 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; InfoPath.1; .NET CLR 2.0.50727)"
190.10.8.107 - - [13/Aug/2014:20:45:28 -0400] "GET /1'/ HTTP/1.0" 302 442 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; TISA)"
190.10.8.107 - - [14/Aug/2014:01:17:37 -0400] "GET / HTTP/1.1" 302 438 "-" "=Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
190.10.8.107 - - [14/Aug/2014:01:17:41 -0400] "GET / HTTP/1.1" 200 12574 "-" "=Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"