Someone set these guys loose on one of my sites today and the abuse made a royal mess of my logs:
malware-svc-gw.qualys.com
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E)
robots.txt? NO
This
may have been what they were doing --
"[A] FREE service that proactively scans web sites of any size, anywhere in the world for malware infections and threats. ..." [
qualys.com...]
-- because the UA "Crawler" matches. [
qualys.com...]
Functionally, they attacked.
Also, unlike most exploit-probes/scans,
none of the attempted exploits were PHP-related. Rather, after hitting root and its links, paths attempted were Amazon directory paths, and hits repeatedly included arrays of product and possible account numbers,
none of which were applicable to the site. However, keyword pairs used in the URIs
[were, and uniquely so...
I can't help but surmise there may have been more than 'proactive scanning' going on. Even if not, it really ticks me off this attack could be sicced on any site by anyone.
Here's an obfuscated transcript so you can see which words you might want to add to your banned-URI lists. And I urge you to block:
malware-svc-gw.qualys.com
a.k.a.
64.39.104.103 [
projecthoneypot.org...]
Threat Level: 41 Keep scrolling for the dicy stuff:
16:36:12 /
16:36:14 /dir
16:36:14 /dir
16:36:14 /filename.html
16:36:14 /botbait
16:36:15 /dir/filename.html
16:36:15 /dir/filename.html
16:36:15 /dir
16:36:17 /filename.html
16:36:18 /dir/filename.html
16:36:18 /dir/filename.html
16:36:18 /dir
16:36:18 /filename.html
16:36:18 /filename.html
16:36:18 /dir/filename.html
16:36:18 /dir/filename.html
16:36:19 /dir/filename.html
16:36:20 /dir/filename.html
16:36:20 /dir/filename.html
16:36:20 /filename.html
16:36:21 /dir/filename.html
16:36:21 /filename.html
16:36:21 /dir/filename.html
16:36:22 /dir/filename.html
16:36:22 /dir/filename.html
16:36:22 /dir/filename.html
16:36:23 /dir/filename.html
16:36:23 /dir/filename.html
16:36:24 /dir/filename.html
16:36:24 /dir/filename.html
16:36:24 /dir/filename.html
16:36:25 /dir/filename.html
16:36:26 /botbait
16:36:26 /filename.html
16:36:27 /dir
16:36:27 /dir/filename.html
16:36:28 /dir
16:36:28 /
16:36:28 /dir/filename.html
16:36:29 /filename.html
16:36:29 /dir
16:36:29 /dir/filename.html
16:36:30 /ref=gno_logo
16:36:30 /dir/filename.html
16:36:30 /botbait
16:36:32 /gp/subs/primeclub/signup/main.html/ref=nav_swm_prm_201110?pf_rd_p=nnnnnnnnnn&pf_rd_s=nav-sitewide-msg&pf_rd_t=4201&pf_rd_i=navbar-4201&pf_rd_m=Lorem-Ipsum&pf_rd_r=Lorem-Ipsum
16:36:32 /gp/yourstore/home/ref=topnav_ys
16:36:32 /dir/filename.html
16:36:33 /gp/goldbox/ref=cs_top_nav_gb27
16:36:33 /dir/filename.html
16:36:33 /gp/gc/nav-split/ref=topnav_gcsplit
16:36:33 /dir/filename.html
16:36:34 /gp/css/homepage.html/ref=topnav_ya
16:36:34 /gp/gift-central/ref=cm_gift_button_gc_lp
16:36:35 /dir/filename.html
16:36:35 /dir/filename.html
16:36:35 /dir/filename.html
16:36:36 /yourdigitalitems/ref=topnav_ydi
16:36:36 /Help/b/ref=topnav_help?ie=UTF8&node=nnnnnn
16:36:36 /dir/filename.html
16:36:37 /gp/cart/view.html/ref=gno_cart
16:36:37 /gp/site-directory/ref=topnav_sad
16:36:37 /gp/search/ref=sr_nr_i_0?rh=k:Name+&+Name,i:movies-tv&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:37 /wishlist/ref=topnav_lists
16:36:38 /gp/search/ref=sr_nr_i_1?rh=k:Name+&+Name,i:stripbooks&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:38 /gp/search/ref=sr_nr_i_2?rh=k:Name+&+Name,i:popular&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:39 /gp/search/ref=sr_nr_i_3?rh=k:Name+&+Name,i:electronics&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:39 /gp/search/ref=sr_nr_seeall_2?rh=k:Name+&+Name,i:stripbooks&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:39 /gp/search/ref=sr_nr_seeall_1?rh=k:Name+&+Name,i:stripbooks&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:39 /gp/search/ref=sr_1_ti_4?rh=i:textbooks-tradein,k:Lorem-Ipsum&keywords=Lorem-Ipsum&ie=UTF8&qid=nnnnnnnnnn&sr=8-4-ti
16:36:39 /dir/filename.html
16:36:40 /gp/search/ref=sr_nr_seeall_3?rh=k:Name+&+Name,i:stripbooks&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:40 /gp/search/ref=sr_nr_seeall_7?rh=k:Name+&+Name,i:stripbooks&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:41 /gp/search/ref=sr_nr_seeall_4?rh=k:Name+&+Name,i:stripbooks&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:41 /gp/search/ref=sr_nr_seeall_5?rh=k:Name+&+Name,i:movies-tv&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:41 /gp/search/ref=sr_nr_seeall_12?rh=k:Name+&+Name,i:movies-tv&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:42 /gp/search/ref=sr_nr_seeall_10?rh=k:Name+&+Name,i:stripbooks&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:42 /gp/search/ref=sr_nr_seeall_13?rh=k:Name+&+Name,i:movies-tv&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:42 /gp/search/ref=sr_nr_seeall_9?rh=k:Name+&+Name,i:stripbooks&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:43 /gp/search/ref=sr_nr_seeall_8?rh=k:Name+&+Name,i:movies-tv&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:43 /gp/search/ref=sr_nr_seeall_11?rh=k:Name+&+Name,i:stripbooks&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:43 /gp/search/ref=sr_1_ti_14?rh=i:textbooks-tradein,k:nnnnnnnnnn&keywords=nnnnnnnnnn&ie=UTF8&qid=nnnnnnnnnn&sr=8-14-ti
16:36:44 /Someones-Name/e/Lorem-Ipsumref=sr_ntt_srch_lnk_14?qid=nnnnnnnnnn&sr=8-14
16:36:44 /gp/search/ref=sr_nr_seeall_6?rh=k:Name+&+Name,i:stripbooks&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:44 /gp/search/ref=sr_nr_seeall_14?rh=k:Name+&+Name,i:stripbooks&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:45 /gp/search/ref=sr_nr_seeall_8?rh=k:Name+&+Name,i:movies-tv&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:45 /gp/reader/nnnnnnnnnn/ref=sib_books_pg?p=S039&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:45 /Someones-Name/e/Lorem-Ipsum/ref=sr_ntt_srch_lnk_16?qid=nnnnnnnnnn&sr=8-16
16:36:46 /Someones-Name/e/Lorem-Ipsum/ref=sr_ntt_srch_lnk_15?qid=nnnnnnnnnn&sr=8-15
16:36:46 /gp/search/ref=sr_1_ti_15?rh=i:textbooks-tradein,k:nnnnnnnnnn&keywords=nnnnnnnnnn&ie=UTF8&qid=nnnnnnnnnn&sr=8-15-ti
16:36:46 /gp/search/ref=sr_nr_seeall_15?rh=k:Name+&+Name,i:stripbooks&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:47 /gp/reader/nnnnnnnnnn/ref=si_aps_sup?p=random&ie=UTF8&qid=nnnnnnnnnn
16:36:47 /gp/reader/nnnnnnnnnn/ref=sib_books_pg?p=S039&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:47 /gp/search/ref=sr_nr_seeall_16?rh=k:Name+&+Name,i:stripbooks&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:48 /gp/search/ref=sr_pg_2?rh=i:aps,k:Name+&+Name&page=2&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:48 /gp/search/ref=sr_pg_3?rh=i:aps,k:Name+&+Name&page=3&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:48 /gp/registry/wishlist/ref=gno_listpop_wi/nnn-nnnnnnn-nnnnnnn
16:36:49 /gp/reader/nnnnnnnnnn/ref=si_aps_sup?p=random&ie=UTF8&qid=nnnnnnnnnn
16:36:49 /gp/registry/wedding/ref=gno_listpop_wr/nnn-nnnnnnn-nnnnnnn
16:36:49 /gp/gift-central/organizer/ref=gno_listpop_gil/nnn-nnnnnnn-nnnnnnn
16:36:50 /gp/reader/nnnnnnnnnn/ref=sib_books_pg?p=S005&keywords=Name+&+Name&ie=UTF8&qid=nnnnnnnnnn
16:36:50 /gp/registry/baby/ref=gno_listpop_br/nnn-nnnnnnn-nnnnnnn
16:36:50 /gp/prime/signup/videos/ref=sa_menu_aiv_prm0/nnn-nnnnnnn-nnnnnnn?ie=UTF8&redirectURL=L2Iv&redirectQueryParams=Lorem-Ipsum
16:36:51 /b/ref=sa_menu_aiv_piv_t10/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnnnnnn
16:36:51 /gp/video/library/ref=sa_menu_aiv_yvl0/nnn-nnnnnnn-nnnnnnn
16:36:51 /Instant-Video/b/ref=sa_menu_aiv_vid0/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnnnnnn
16:36:52 /MP3-Music-Download/b/ref=sa_menu_mp3_str1/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnnnnnn
16:36:52 /gp/dmusic/mp3/player/ref=sa_menu_mp3_acp1/nnn-nnnnnnn-nnnnnnn
16:36:52 /gp/remembers/ref=gno_listpop_ar/nnn-nnnnnnn-nnnnnnn
16:36:53 /gp/feature.html/ref=sa_menu_mp3_mob1/nnn-nnnnnnn-nnnnnnn?ie=UTF8&docId=nnnnnnnnnn
16:36:53 /clouddrive/ref=sa_menu_acd_urc2/nnn-nnnnnnn-nnnnnnn
16:36:54 /clouddrive/learnmore/ref=sa_menu_acd_lrn2/nnn-nnnnnnn-nnnnnnn
16:36:54 /gp/feature.html/ref=sa_menu_mp3_and1/nnn-nnnnnnn-nnnnnnn?ie=UTF8&docId=nnnnnnnnnn
16:36:54 /dp/Lorem-Ipsum/ref=sa_menu_kdptqso3/nnn-nnnnnnn-nnnnnnn
16:36:54 /dp/Lorem-Ipsum/ref=sa_menu_kdpwtso3/nnn-nnnnnnn-nnnnnnn
16:36:55 /dp/Lorem-Ipsum/ref=sa_menu_kdpwtso33/nnn-nnnnnnn-nnnnnnn
16:36:56 /Kindle-Accessories/b/ref=sa_menu_kacces3/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnnnnnn
16:36:56 /gp/video/ontv/ontv/ref=sa_menu_aiv_wtv0/nnn-nnnnnnn-nnnnnnn
16:36:56 /Kindle-Newspapers/b/ref=sa_menu_knews3/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnnnnnn
16:36:56 /gp/feature.html/ref=sa_menu_karl3/nnn-nnnnnnn-nnnnnnn?ie=UTF8&docId=nnnnnnnnnn
16:36:57 /dp/Lorem-Ipsum/ref=sa_menu_kdpo3/nnn-nnnnnnn-nnnnnnn
16:36:57 /Kindle-Magazines/b/ref=sa_menu_kmag3/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnnnnnn
16:36:59 /Kindle-eBooks/b/ref=sa_menu_kbo3/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnnnnnn
16:36:59 /gp/digital/fiona/manage/ref=sa_menu_myk3/nnn-nnnnnnn-nnnnnnn
16:36:59 /b/ref=sa_menu_adr_gam4/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnnnnnn
16:37:00 /kindle-store-ebooks-newspapers-blogs/b/ref=sa_menu_kstore3/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnnnnnn
16:37:00 /gp/feature.html/ref=sa_menu_mp3_and1/nnn-nnnnnnn-nnnnnnn?ie=UTF8&docId=nnnnnnnnnn
16:37:00 /mobile-apps/b/ref=sa_menu_adr_app4/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnnnnnn
16:37:01 /Kindle-eBooks/b/ref=sa_menu_kbo3/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnnnnnn
16:37:01 /b/ref=sa_menu_adr_testd4/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnnnnnn
16:37:01 /gp/mas/your-account/myapps/ref=sa_menu_adr_yad4/nnn-nnnnnnn-nnnnnnn
16:37:01 /gp/feature.html/ref=sa_menu_adr_amz4/nnn-nnnnnnn-nnnnnnn?ie=UTF8&docId=nnnnnnnnnn
16:37:02 /kindle-store-ebooks-newspapers-blogs/b/ref=sa_menu_kstore3/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnnnnnn
16:37:02 /gp/feature.html/ref=sa_menu_mp3_and1/nnn-nnnnnnn-nnnnnnn?ie=UTF8&docId=nnnnnnnnnn
16:37:03 /Game-Downloads/b/ref=sa_menu_dgs_gam5/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnnnnn
16:37:03 /mobile-apps/b/ref=sa_menu_adr_app4/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnnnnnn
16:37:03 /Software-Downloads/b/ref=sa_menu_dgs_sft5/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnnnnnn
16:37:04 /gp/swvgdtt/your-account/manage-downloads.html/ref=sa_menu_dgs_gsl5/nnn-nnnnnnn-nnnnnnn
16:37:04 /b/ref=sa_menu_aud_bks6/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnnnnnn
16:37:04 /gp/audible/signup/display.html/ref=sa_menu_aud_mem6/nnn-nnnnnnn-nnnnnnn
16:37:04 /gp/bestsellers/books/nnnnnnnnnn/ref=sa_menu_aud_bst6/nnn-nnnnnnn-nnnnnnn
16:37:05 /b/ref=sa_menu_aud_new6/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnnnnnn
16:37:05 /Game-Downloads/b/ref=sa_menu_dgs_gam5/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnnnnn
16:37:06 /b/ref=sa_menu_aud_fav6/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnnnnnn
16:37:06 /books-used-books-textbooks/b/ref=sa_menu_bo8/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnn
16:37:06 /Kindle-eBooks/b/ref=sa_menu_kbo8/nnn-nnnnnnn-nnnnnnn?_encoding=UTF8&node=nnnnnnnnnn
##
