Wednesday, June 11, 2008

Hackers trying different user agents to bypass bot filters perhaps?

This is pretty clearly hacker traffic as the same IP is basically trying out different user agents one after another...the same thing is coming in from different networks:

1 74.86.171.82 5/2/2008 11:54:44 AM Mozilla/4.0 (compatible; MSIE 5.0; Windows 98)
2 74.86.171.82 5/2/2008 11:54:44 AM Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1)
1 74.86.171.82 5/2/2008 11:54:43 AM Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MyIE2; MRA 4.4 (build 01348))
2 74.86.171.82 5/2/2008 11:54:43 AM Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
2 74.86.171.82 5/2/2008 11:54:43 AM Mozilla/5.0 (Windows NT 5.1; U) Opera 7.54 [ru]
3 74.86.171.82 5/2/2008 11:54:43 AM Mozilla/5.0 (compatible; Googlebot/2.1;+http://www.google.com/bot.html)
4 74.86.171.82 5/2/2008 11:54:43 AM Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
2 74.86.171.82 5/2/2008 11:54:42 AM Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://www.tropicdesigns.net)
1 74.86.171.82 5/2/2008 11:54:42 AM Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; MRA 4.0 (build 00768))
3 74.86.171.82 5/2/2008 11:54:42 AM Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)
1 74.86.171.82 5/2/2008 11:54:42 AM Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.1 (build 00975))
4 74.86.171.82 5/2/2008 11:54:42 AM Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
2 74.86.171.82 5/2/2008 11:54:42 AM Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)

6 77.188.143.240 3/21/2008 12:02:48 AM Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
5 77.188.143.240 3/21/2008 12:02:47 AM Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
6 77.188.143.240 3/21/2008 12:02:47 AM Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
6 77.188.143.240 3/21/2008 12:02:45 AM Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET)
12 77.188.143.240 3/21/2008 12:02:45 AM Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1)
8 77.188.143.240 3/21/2008 12:02:44 AM Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7
3 68.178.99.210 3/20/2008 5:46:16 PM Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
1 84.121.217.19 3/20/2008 3:13:25 PM Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET)
2 84.121.217.19 3/20/2008 3:13:24 PM Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; InfoPath.1)
2 84.121.217.19 3/20/2008 3:13:23 PM Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
2 84.121.217.19 3/20/2008 3:13:23 PM Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
1 84.121.217.19 3/20/2008 3:13:22 PM Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
1 84.121.217.19 3/20/2008 3:13:21 PM Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.7) Gecko/20060909 Firefox/1.5.0.7