Rapid UA Changes...

Each instance (grouping) of log spamming comes with it's own unique UA String, while maintaining what appears to be the same IP Number.

The event takes only a total of 42 Seconds and changes UA Strings 15 times - once for each URL spammed.

69.225.183.** - - [09/Nov/2004:05:26:48 -0800] "GET / HTTP/1.1" 200 20402 "www.wwcompo+ites.com" "Opera/7.21 (Windows 98; U) [en]"
69.225.183.** - - [09/Nov/2004:05:26:54 -0800] "GET /Icon.ico HTTP/1.1" 200 1078 "www.findtut+rials.com" "JoeDog/1.00 [en] (X11; I; Siege 2.59)"
69.225.183.** - - [09/Nov/2004:05:26:55 -0800] "GET /Traptrap HTTP/1.1" 200 175 "www.tot+via.com" "Lynx/2.7.1 libwww-FM/2.14"
69.225.183.** - - [09/Nov/2004:05:27:00 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.tot+via.com" "Lynx/2.7.1 libwww-FM/2.14"
69.225.183.** - - [09/Nov/2004:05:27:01 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.esit+blast.com" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 95; YComp 5.0.0.0)"
69.225.183.** - - [09/Nov/2004:05:27:01 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.esit+blast.com" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 95; YComp 5.0.0.0)"
69.225.183.** - - [09/Nov/2004:05:27:01 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.esit+blast.com" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 95; YComp 5.0.0.0)"
69.225.183.** - - [09/Nov/2004:05:27:03 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.searc+-engines-guide.com" "Konqueror/3.1; (Konqueror/3.1; i686 Linux;;datecode)"
69.225.183.** - - [09/Nov/2004:05:27:03 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.searc+-engines-guide.com" "Konqueror/3.1; (Konqueror/3.1; i686 Linux;;datecode)"
69.225.183.** - - [09/Nov/2004:05:27:04 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.searc+-engines-guide.com" "Konqueror/3.1; (Konqueror/3.1; i686 Linux;;datecode)"
69.225.183.** - - [09/Nov/2004:05:27:05 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.l+ok.com" "Mozilla/5.0 (X11; U; Linux; i686; en-US; rv:1.5)Gecko Epiphany/1.0.6"
69.225.183.** - - [09/Nov/2004:05:27:05 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.l+ok.com" "Mozilla/5.0 (X11; U; Linux; i686; en-US; rv:1.5)Gecko Epiphany/1.0.6"
69.225.183.** - - [09/Nov/2004:05:27:06 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.l+ok.com" "Mozilla/5.0 (X11; U; Linux; i686; en-US; rv:1.5)Gecko Epiphany/1.0.6"
69.225.183.** - - [09/Nov/2004:05:27:06 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.b+oble.com" "Mozilla/3.01 (compatible)"
69.225.183.** - - [09/Nov/2004:05:27:12 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.b+oble.com" "Mozilla/3.01 (compatible)"
69.225.183.** - - [09/Nov/2004:05:27:12 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.ebr+ndz.com" "Konqueror/3.0;(Konqueror/3.0; i686 Linux;;datecode)"
69.225.183.** - - [09/Nov/2004:05:27:18 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.stan+ord.edu" "MSIE (MSIE 6.0; Windows XP) Opera 7.11 [en]"
69.225.183.** - - [09/Nov/2004:05:27:18 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.quick+egister.net" "Mozilla/5.0 (X11; U; Linux; i686; en-US; rv:1.6)Gecko"
69.225.183.** - - [09/Nov/2004:05:27:20 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.quick+egister.net" "Mozilla/5.0 (X11; U; Linux; i686; en-US; rv:1.6)Gecko"
69.225.183.** - - [09/Nov/2004:05:27:23 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.infoh+way.com" "Mozilla/4.0 (compatible)"
69.225.183.** - - [09/Nov/2004:05:27:24 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.makem+top.co.uk" "Mozilla/5.0 (X11; U; Linux; i686; en-US; rv:1.4)Gecko Netscape/7.1"
69.225.183.** - - [09/Nov/2004:05:27:26 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.pedag+net.com" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90)"
69.225.183.** - - [09/Nov/2004:05:27:26 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.seor+nk.com" "Mozilla/5.0 (X11; U; Linux; i686; en-US; rv:1.7)Gecko"
69.225.183.** - - [09/Nov/2004:05:27:31 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.seor+nk.com" "Mozilla/5.0 (X11; U; Linux; i686; en-US; rv:1.7)Gecko"
69.225.183.** - - [09/Nov/2004:05:27:31 -0800] "GET /Blahblah.html HTTP/1.1" 403 480 "www.avatarse+rch.com" "Mozilla/5.0 (X11; U; Linux; i686; en-US; rv:1.0.2)Gecko"

While I am fully aware of the significance of Log Spamming [google.com], what I'd like to know is exactly HOW events like these are carried out?

Are we talking an application, or program?

What's the methodology used here?

Do these hits / impressions have some measurement driven income attached to them? My thinking is along the "Click my banner ad" lines we have all read before.

Thanks.

Rapid UA Changes...

...used during log spamming events.

pendanticist

Dreamquick

PHPot

pendanticist

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week