I called. They've had quite a few calls lately…
Thomas Reece isn't real of course. I called to see if they knew what was going on, and they did. They are reporting it. I just hope they go as far as they can!
|  | Home | Switchboard | Unix Administration | Red Hat | TCP/IP Networks | Neoliberalism | Toxic Managers | 
| (slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and bastardization of classic Unix | |||||||
|  | 
Using sliding scale of blocking
	Referer spam as a trap to distribute spyware
We will understand under referer spam using fake referer in GET requests. This is widespread abuse and, for some reason, it does not depend whether you post your site HTTP logs on the Web or don't. May be they just don't care to check. But if you do post publicly HTTP stats from your site (which is actually a narcissism ;-) please delete the referer section not to feed the pests. In other case this is a self-inflicted problem. We need to distinguish them from bangers. the latter simply access a page or a set of pages multiple times for no obvious reason. Bangers typically use the same page they access as a referer or no referer at all.
Fake access of your pages completely destroys http statistics for your site, be they from referer spammers or bangers. So, please understand that if you do post HTTP stats publicly (very bad idea) you post garbage. In other words you became a spammer on your own right.
In no way anybody now can trust high ranking of particular page without double checking if this is the result of activity of one or several referer spammer or bangers. Without weeding out the most obnoxious referer spammers/bangers you typically get completely wrong information about which pages are the most popular on your site (see below). And most naive webmasters actually are fooled this way. Also some popular web applcations does not provide access to raw HTTP logs so it is impossible to perform analysis that is required for their detection.
Trying to improve, enhance the page targeted by referer spammer is a very typical error of such webmasters. They do not check if accesses to the page are "human" or by some evil bots. For example, when one see
| Filter | Viewed | Average size | Entry | Exit | 
|---|---|---|---|---|
| /Skeptics/Financial_skeptic/Casino_capitalism/Twelve_apostles_of... | 2,628 | 62.54 KB | 27 | 15 | /WWW/HTTP_log_analysis/Awstats/ | 8,721 | 44.39 KB | 146 | 145 | 
it is extremely naive to assume that the first page got almost 3000 hits: all of those are from referer spammers/bangers. The real number is 25. As for the second page, we have exactly the same effect: it would be good if the number of real hits has been more then 100.
The truth is that most accesses to your site now are from bots, not humans :-). For example in one week Softpanorama site was accessed from 14735 unique addresses. Less then 5K of them can be classified as "real users" ( users that actually read at least one page on the site). That means that bots represent 66% of all IP addresses that accessed the site. and many of those bots are completely broken or rogue or both. I doubt that you should be too exited that a pack of stupid or evil robots hit particular page one hundred thousand times in a month. Nobody read a single letter from this page.
This corruption of HTTP stats is a real damage such spammers/bangers inflict (other then stealing bandwidth). Their activity completely destroy validity of your raw web logs. Like with email spam you now need to provide filtering to extract "real" hits from the mass of bogus hits. Otherwise you can't understand your traffic at all.
But at the same time too much zeal trying to block them is self-defeating too. Combination of blocking most obnoxious and filtering the rest works best. Of course that presuppose you have access to your web logs and know to to analyze them using Perl or other scripting language tools. If not your are royally screwed. So in a way like email spammers actually educated users about SMTP mail, this kind of pests has some educational value too ;-).
Some success in weeding out top spanners/scammers can be achieved by careful usage of combination of .htaccess blacklist based and rewriting rules.
Please note that typically IP addresses (and they typically use a block of addresses, sometimes several C-class network segments) from which referer spam comes are also engaged in other violations such as PHP probes and Requests for non-existing web pages and excessive number of 4xx codes.
|  | 
It is better to extract activity of suspected IP and decide based on this activity whether you want it to continue of be blocked. Also you need to understand what the spammer wants to achieve. For example, if referer is the same as accessed page it does not make sense to block such request, unless they bank some of your pages really hard. Or if they also are engaged in other violations such as PHP probes or Frivolous POSTs.
The top cadidates to your deny list should be pests who advertize their sites for a month or so and are at the top of "useless pagehits" stats (hits on the same page from the same ip, see below). You do not need to run after everybody doing this. There are way too many pests. And life is short. Even if your site is popular a couple of dozen of deny statements targeted at top pests is usually enough.
You need to distinguish those pests from "bangers" -- sites that access one of two pages on your website continuously each minute or so, as if checking if the site is up. They completely destroy HTTP stats for the pages in question promoting them to the very top. Unlike referer spammers they usually use the same page they access as a referer.
Bangers are bots that access one or several page repeatedly (sometimes once or twice each minute) for a long period of time, sometimes many months. The amount of hits per month can be in ten thousand range per month. Motivation of those pests is unclear but the destructive influence on quality of http logs stats is evident: they screw the HTTP stats propelling affected pages to the top.
12925 95.47.137.94 - 95.47.137.94.ptr.serverdale.net - /Commercial_linuxes/Oracle_linux/registration.shtml 12836 95.47.137.94 - - /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml
Unlike referer spammers they typically use iether the page they access as referer or no referer at all. Looks like they also are more numerous then referer spammers, coming from larger number of IPs.
The simplest way to get bangers is to use a specialized script. They can vary in sophistication from the most primitive to complex scripting language scripts. In a simplest form you can get top bander using something like
if [[ $1 =~ 'gz' ]] ; then gzip -cd $1 | fgrep -v '" 4' | fgrep -v '" 5' | egrep -v "favicon|robots|\.css" | perl -pe 's/^(.*)\[.+?\].+GET (\/.+?) HTTP\/.*$/\1 \2/' | sort | uniq -c | sort -rn | head -50 | tee pages_per_ip.lst else cat $1 | fgrep -v '" 4' | fgrep -v '" 5' | egrep -v "favicon|robots|\.css| | perl -pe 's/^(.*)\[.+?\].+GET (\/.+?) HTTP\/.*$/\1 \2/' | sort | uniq -c | sort -rn | head -50 | tee pages_per_ip.lst fi
They also are different from bots that imitate human traffic (see The Dark Art of Bots How to Make $2 Million Online Without a Human Audience - The Atlantic): their traffic pattern is so obviously stupid that it leaves no doubt about its origin. Here is a pretty telling sample:
95.47.137.94 - - [30/Nov/2014:12:13:35 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:14:29 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:14:45 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:15:17 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:16:43 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:17:22 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:18:14 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:18:15 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:18:55 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:20:22 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:21:32 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:22:08 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:22:53 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:23:19 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:26:04 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:28:32 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:28:34 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:29:22 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:31:17 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:31:42 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:32:10 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:33:57 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:34:35 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:34:39 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:35:33 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:36:10 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:36:32 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:37:39 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:38:19 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:39:19 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:40:01 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:41:28 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:43:13 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:43:28 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:45:52 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:46:00 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:46:50 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:47:26 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:48:17 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:49:05 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:49:52 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:50:46 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:51:19 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:52:53 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:54:42 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:57:21 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:57:27 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:12:58:24 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:00:00 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:00:38 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:01:26 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:02:16 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:02:37 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:03:11 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:04:38 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:05:12 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:08:25 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:09:04 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:10:17 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47035 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:11:05 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57346 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:12:30 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 46605 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:13:20 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57352 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:14:23 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47041 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:15:29 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57352 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:16:18 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57352 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:17:18 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57352 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:18:17 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47041 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:18:25 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47041 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:18:54 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57352 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:20:22 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47041 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:21:09 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57352 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:21:43 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57352 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:25:09 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57352 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:26:45 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57352 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:27:15 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47041 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:28:23 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47041 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:30:00 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47041 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:30:34 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57352 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:31:58 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47041 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:32:39 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57352 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:32:52 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57352 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:32:58 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47041 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:33:41 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47041 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:35:24 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57352 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:35:54 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47041 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:36:44 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57352 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:37:14 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47041 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:37:33 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47041 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:38:12 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57352 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:39:45 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47041 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:40:27 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57352 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:41:31 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47041 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:41:31 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47041 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:42:18 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57352 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:43:48 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47041 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:44:43 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57352 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:45:17 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57352 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:45:48 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47041 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:46:18 +0000] "GET /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml HTTP/1.1" 200 57352 "http://www.softpanorama.org/Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" 95.47.137.94 - - [30/Nov/2014:13:47:44 +0000] "GET /Commercial_linuxes/Oracle_linux/registration.shtml HTTP/1.1" 200 47041 "http://www.softpanorama.org/Commercial_linuxes/Oracle_linux/registration.shtml" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
Sometimes "bursts" of accesses to the same page look like an undebugged robot get into a "forever" loop and then somehow escapes from it:
86.124.180.144 - - [07/Jan/2015:07:22:31 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:32 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 496263 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:40 +0000] "GET /topupdates.shtml HTTP/1.0" 200 15906 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:40 +0000] "GET /scriptorama.shtml HTTP/1.0" 200 69810 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:41 +0000] "GET /index.shtml HTTP/1.0" 200 48336 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:41 +0000] "GET /Utilities/beautifiers.shtml HTTP/1.0" 200 84991 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:42 +0000] "GET /Lang/switchboard.shtml HTTP/1.0" 301 403 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:42 +0000] "GET /SE/reverse_engineering_links.shtml HTTP/1.0" 200 54732 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:42 +0000] "GET /Lang/l HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:42 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:43 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:43 +0000] "GET /Lang/l HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:43 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:44 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:44 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:44 +0000] "GET /Lang/l HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:44 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:45 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:45 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:46 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:46 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:46 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:46 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:46 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:47 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:47 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:47 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:47 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:47 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:48 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:48 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:48 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:48 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:49 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:49 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:49 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:49 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:50 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:50 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:50 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:50 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:50 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:51 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:51 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:51 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:51 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:51 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:52 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:52 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:52 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:53 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:52 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:22:53 +0000] "GET /Lang/java.shtml HTTP/1.0" 200 90556 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:25 +0000] "GET /topvisited.shtml HTTP/1.0" 200 7265 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:26 +0000] "GET /topupdates.shtml HTTP/1.0" 200 15906 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:26 +0000] "GET /topvisited.shtml HTTP/1.0" 200 7265 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:26 +0000] "GET /topupdates.shtml HTTP/1.0" 200 15906 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:26 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:26 +0000] "GET /scriptorama.shtml HTTP/1.0" 200 51328 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:26 +0000] "GET /scriptorama.shtml HTTP/1.0" 200 69810 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:26 +0000] "GET /switchboard.shtml HTTP/1.0" 200 123527 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:28 +0000] "GET /scriptorama.shtml HTTP/1.0" 200 69810 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:28 +0000] "GET /scriptorama.shtml HTTP/1.0" 200 69810 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:29 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:29 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:30 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:30 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:31 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:31 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:31 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:32 +0000] "GET /www.softpanorama.net/Net/index.shtml HTTP/1.0" 301 401 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:32 +0000] "GET /www.softpanorama.netNet/Application_layer/ssh.shtml HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:32 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:32 +0000] "GET /Net/index.shtml HTTP/1.0" 200 88273 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:33 +0000] "GET /www.softpanorama.netNet/Application_layer/vnc.shtml HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:33 +0000] "GET /www.softpanorama.netNet/Application_layer/nfs.shtml HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:33 +0000] "GET /www.softpanorama.netNet/Application_layer/ssh.shtml HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:33 +0000] "GET /www.softpanorama.netMail/index.shtml HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:34 +0000] "GET /www.softpanorama.netNet/Application_layer/vnc.shtml HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:34 +0000] "GET /www.softpanorama.netNet/Application_layer/nfs.shtml HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:34 +0000] "GET /www.softpanorama.netNet/Application_layer/ssh.shtml HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:34 +0000] "GET /www.softpanorama.netMail/index.shtml HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:35 +0000] "GET /www.softpanorama.netNet/Application_layer/vnc.shtml HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:35 +0000] "GET /www.softpanorama.netNet/Application_layer/nfs.shtml HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:35 +0000] "GET /www.softpanorama.netMail/index.shtml HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:35 +0000] "GET /www.softpanorama.net/Net/troubleshooting.shtml HTTP/1.0" 301 411 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:35 +0000] "GET /www.softpanorama.net/Net/tcp_protocol_layers.shtml HTTP/1.0" 301 415 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:36 +0000] "GET /Net/tcp_protocol_layers.shtml HTTP/1.0" 200 43581 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:36 +0000] "GET /Net/troubleshooting.shtml HTTP/1.0" 200 86207 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:36 +0000] "GET /www.softpanorama.net/Net/firewalls.shtml HTTP/1.0" 301 405 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:37 +0000] "GET /www.softpanorama.net/Net/osi_protocol_layers.shtml HTTP/1.0" 301 415 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:37 +0000] "GET /www.softpanorama.net/Net/Transport_layer/udp.shtml HTTP/1.0" 301 415 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:37 +0000] "GET /www.softpanorama.net/Net/Transport_layer/tcp_handshake.shtml HTTP/1.0" 301 425 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:37 +0000] "GET /Net/firewalls.shtml HTTP/1.0" 200 80622 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:37 +0000] "GET /www.softpanorama.net/Net/Transport_layer/nat.shtml HTTP/1.0" 301 415 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:37 +0000] "GET /Net/osi_protocol_layers.shtml HTTP/1.0" 200 42667 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:37 +0000] "GET /Net/Transport_layer/udp.shtml HTTP/1.0" 200 28666 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:37 +0000] "GET /www.softpanorama.net/Net/Transport_layer/index.shtml HTTP/1.0" 301 417 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:37 +0000] "GET /Net/Transport_layer/nat.shtml HTTP/1.0" 200 36607 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:37 +0000] "GET /Net/Transport_layer/tcp_handshake.shtml HTTP/1.0" 200 65916 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:38 +0000] "GET /www.softpanorama.net/Net/Netutils/index.shtml HTTP/1.0" 301 410 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:38 +0000] "GET /www.softpanorama.net/Net/Internet_layer/routing.shtml HTTP/1.0" 301 418 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:38 +0000] "GET /www.softpanorama.net/Net/Internet_layer/index.shtml HTTP/1.0" 301 416 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:38 +0000] "GET /Net/Transport_layer/index.shtml HTTP/1.0" 200 37498 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:38 +0000] "GET /www.softpanorama.net/Net/Internet_layer/icmp.shtml HTTP/1.0" 301 415 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:38 +0000] "GET /Net/Netutils/index.shtml HTTP/1.0" 200 42604 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:38 +0000] "GET /Net/Internet_layer/index.shtml HTTP/1.0" 200 41569 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:38 +0000] "GET /www.softpanorama.net/Net/Internet_layer/cidr_and_vlsm.shtml HTTP/1.0" 301 424 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:38 +0000] "GET /www.softpanorama.net/Net/Internet_layer/arp.shtml HTTP/1.0" 301 414 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:38 +0000] "GET /Net/Internet_layer/routing.shtml HTTP/1.0" 200 83923 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:38 +0000] "GET /www.softpanorama.net/Net/Application_layer/samba.shtml HTTP/1.0" 301 419 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:39 +0000] "GET /Net/Internet_layer/cidr_and_vlsm.shtml HTTP/1.0" 200 198 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:38 +0000] "GET /Net/Internet_layer/icmp.shtml HTTP/1.0" 200 72380 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:39 +0000] "GET /www.softpanorama.net/Net/Application_layer/index.shtml HTTP/1.0" 301 419 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:39 +0000] "GET /Net/Application_layer/samba.shtml HTTP/1.0" 200 90588 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:38 +0000] "GET /Net/Internet_layer/arp.shtml HTTP/1.0" 200 132887 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:39 +0000] "GET /www.softpanorama.net/Net/Application_layer/ftp.shtml HTTP/1.0" 301 417 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:39 +0000] "GET /Net/Application_layer/index.shtml HTTP/1.0" 200 29988 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:39 +0000] "GET /www.softpanorama.net/DNS/index.shtml HTTP/1.0" 301 401 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:39 +0000] "GET /www.softpanorama.infoAdmin/perl_admintools.shtml HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:40 +0000] "GET /www.softpanorama.info/Scripting/tcl.shtml HTTP/1.0" 301 405 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:39 +0000] "GET /Net/Application_layer/ftp.shtml HTTP/1.0" 200 67782 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:40 +0000] "GET /DNS/index.shtml HTTP/1.0" 200 119135 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:40 +0000] "GET /www.softpanorama.info/Scripting/shells.shtml HTTP/1.0" 301 408 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:40 +0000] "GET /www.softpanorama.info/Scripting/python.shtml HTTP/1.0" 301 408 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:40 +0000] "GET /Scripting/tcl.shtml HTTP/1.0" 200 142074 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:40 +0000] "GET /www.softpanorama.info/Scripting/php.shtml HTTP/1.0" 301 405 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:40 +0000] "GET /www.softpanorama.infoAdmin/perl_admintools.shtml HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:40 +0000] "GET /Scripting/shells.shtml HTTP/1.0" 200 103984 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:41 +0000] "GET /www.softpanorama.info/Scripting/perl.shtml HTTP/1.0" 301 406 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:40 +0000] "GET /Scripting/python.shtml HTTP/1.0" 200 270064 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:41 +0000] "GET /www.softpanorama.info/Scripting/index.shtml HTTP/1.0" 301 407 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:40 +0000] "GET /Scripting/php.shtml HTTP/1.0" 200 267665 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:41 +0000] "GET /www.softpanorama.info/Scripting/Piping/pipes.shtml HTTP/1.0" 301 414 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:41 +0000] "GET /www.softpanorama.infoAdmin/perl_admintools.shtml HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:41 +0000] "GET /www.softpanorama.info/Scripting/Javascript/index.shtml HTTP/1.0" 301 418 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:41 +0000] "GET /Scripting/perl.shtml HTTP/1.0" 200 329414 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:41 +0000] "GET /Scripting/Piping/pipes.shtml HTTP/1.0" 200 174 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:41 +0000] "GET /Scripting/index.shtml HTTP/1.0" 200 81158 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:41 +0000] "GET /www.softpanorama.info/Scripting/Articles/index.shtml HTTP/1.0" 301 416 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:41 +0000] "GET /Scripting/Javascript/index.shtml HTTP/1.0" 200 179 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:42 +0000] "GET /tutils/route.shtml HTTP/1.0" 301 403 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:42 +0000] "GET /Scripting/Articles/index.shtml HTTP/1.0" 200 174 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:42 +0000] "GET /tutils/ifconfig_in_solaris.shtml HTTP/1.0" 301 403 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:42 +0000] "GET /WWW/lowcase.shtml HTTP/1.0" 200 23672 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:42 +0000] "GET /WWW/lowcase.shtml HTTP/1.0" 200 23672 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:42 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:42 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:42 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:42 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:42 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:43 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:43 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:43 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:43 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:43 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:43 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:43 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:43 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:43 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:43 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:44 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:44 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:44 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:44 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:44 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:44 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:44 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:44 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:44 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:44 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:45 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:45 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:45 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:45 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:45 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:45 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:45 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:45 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:46 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:46 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:46 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:52 +0000] "GET /index.shtml HTTP/1.0" 200 48336 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:52 +0000] "GET /WWW/Content_management/Blogs/blosxom.shtml HTTP/1.0" 200 97312 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:52 +0000] "GET /Xwindows/exporting_display.shtml HTTP/1.0" 200 85754 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:52 +0000] "GET /Utilities/Screen/screenrc_examples.shtml HTTP/1.0" 200 145056 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:52 +0000] "GET /Tools/sort.shtml HTTP/1.0" 200 88777 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:53 +0000] "GET /Tools/exec.shtml HTTP/1.0" 200 48206 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:52 +0000] "GET /Tools/tr.shtml HTTP/1.0" 200 85430 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:53 +0000] "GET /Tools/cut.shtml HTTP/1.0" 200 54705 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:53 +0000] "GET /Tools/Find/selecting_files_by_age.shtml HTTP/1.0" 200 44539 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:53 +0000] "GET /Tools/Awk/awk_one_liners.shtml HTTP/1.0" 200 77318 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:53 +0000] "GET /Solaris/Processes_and_memory/swap_space_management.shtml HTTP/1.0" 200 80012 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:53 +0000] "GET /Social/Toxic_managers/Micromanagers/understanding_micromanagers.shtml HTTP/1.0" 200 123202 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:53 +0000] "GET /Skeptics/Political_skeptic/Two_party_system_as_poliarchy/index.shtml HTTP/1.0" 200 74868 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:53 +0000] "GET /Skeptics/groupthink.shtml HTTP/1.0" 200 659888 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:54 +0000] "GET /Skeptics/Financial_skeptic/Unemployment/Bulletin/unempoyment2010.shtml HTTP/1.0" 200 1205523 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:54 +0000] "GET /Skeptics/Financial_skeptic/Casino_capitalism/Corruption_of_regulators/index.shtml HTTP/1.0" 200 79016 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:54 +0000] "GET /Scripting/Perlorama/perl_in_command_line.shtml HTTP/1.0" 200 104762 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:54 +0000] "GET /Scripting/Shellorama/bash_command_history_reuse.shtml HTTP/1.0" 200 41869 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:54 +0000] "GET /OFM/gui_vs_command_line.shtml HTTP/1.0" 200 68929 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:54 +0000] "GET /Net/Netutils/route_in_linux.shtml HTTP/1.0" 200 39271 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:54 +0000] "GET /Net/Application_layer/SSH/passwordless_ssh_login.shtml HTTP/1.0" 200 78305 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:54 +0000] "GET /Net/Sniffers/snoop.shtml HTTP/1.0" 200 88049 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:55 +0000] "GET /Mail/spam.shtml HTTP/1.0" 200 230655 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:55 +0000] "GET /Logs/syslog.shtml HTTP/1.0" 200 69878 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:55 +0000] "GET /Hardware/Dell/Servers/DRAC/can_not_connect_to_idrac7.shtml HTTP/1.0" 200 52305 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:55 +0000] "GET /Logs/Syslog_ng/configuration_examples.shtml HTTP/1.0" 200 69016 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:55 +0000] "GET /Hardware/Tablets/index.shtml HTTP/1.0" 200 41670 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:55 +0000] "GET /Copyright/License_classification/social_dynamics_of_BSD_and_GPL.shtml HTTP/1.0" 200 178006 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:55 +0000] "GET /Commercial_linuxes/RHEL/Installation/installing_x11_and_gnome_on_rhel6.shtml HTTP/1.0" 200 53200 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:55 +0000] "GET /Commercial_linuxes/Devices/disk_partitioning.shtml HTTP/1.0" 200 40741 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:55 +0000] "GET /Commercial_linuxes/LVM/recovery_of_lvm_partitions.shtml HTTP/1.0" 200 119252 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:56 +0000] "GET /Bulletin/Humor/index.shtml HTTP/1.0" 200 376189 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:31:56 +0000] "GET /Admin/system_monitoring.shtml HTTP/1.0" 200 72195 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:31 +0000] "GET /Skeptics/Political_skeptic/Bulletin/political_skeptic2013.shtml HTTP/1.0" 200 987043 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:31 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:31 +0000] "GET /Skeptics/Political_skeptic/Bulletin/political_skeptic2013.shtml HTTP/1.0" 200 1005526 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:31 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1094161 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:51 +0000] "GET /topupdates.shtml HTTP/1.0" 200 15906 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:51 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:51 +0000] "GET /bulletin.shtml HTTP/1.0" 200 185 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:51 +0000] "GET /scriptorama.shtml HTTP/1.0" 200 36841 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:51 +0000] "GET /netorama.shtml HTTP/1.0" 200 52567 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:51 +0000] "GET /Skeptics/Political_skeptic/neocons.shtml HTTP/1.0" 200 50559 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:52 +0000] "GET /Skeptics/Political_skeptic/index.shtml HTTP/1.0" 200 85131 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:52 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/democracy_as_a_universal_opener_for_access_to_natural_resources.shtml HTTP/1.0" 200 54965 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:52 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/index.shtml HTTP/1.0" 200 196763 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:52 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/color_revolutions.shtml HTTP/1.0" 200 187481 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:52 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/switchboard.shtml HTTP/1.0" 301 399 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:52 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/nulandgate.shtml HTTP/1.0" 200 68598 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:52 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Compradors/ukrainian_compradors.shtml HTTP/1.0" 200 118946 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:53 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_07.shtml HTTP/1.0" 200 1294051 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:53 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:53 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:53 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:53 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:53 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:53 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:54 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:54 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:54 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:54 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:54 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:54 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:54 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:55 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:55 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:55 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:55 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:55 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:55 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:55 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:56 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:56 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:56 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 86.124.180.144 - - [07/Jan/2015:07:38:56 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5"
But look at the accesses from a different IP that look like a replay of this session with similar errors
.112.27.200 - - [07/Jan/2015:07:31:25 +0000] "GET /topvisited_history.shtml HTTP/1.0" 200 50259 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:26 +0000] "GET /topvisited_history.shtml HTTP/1.0" 200 50259 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:33 +0000] "GET /www.softpanorama.netNet/Application_layer/telnet.shtml HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:34 +0000] "GET /www.softpanorama.netNet/Application_layer/telnet.shtml HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:35 +0000] "GET /www.softpanorama.netNet/Application_layer/telnet.shtml HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:36 +0000] "GET /www.softpanorama.net/Net/sniffers.shtml HTTP/1.0" 301 404 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:36 +0000] "GET /Net/sniffers.shtml HTTP/1.0" 200 57836 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:37 +0000] "GET /www.softpanorama.net/Net/Transport_layer/tcp.shtml HTTP/1.0" 301 415 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:37 +0000] "GET /Net/Transport_layer/tcp.shtml HTTP/1.0" 200 49153 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:38 +0000] "GET /www.softpanorama.net/Net/Internet_layer/ipv6.shtml HTTP/1.0" 301 415 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:38 +0000] "GET /Net/Internet_layer/ipv6.shtml HTTP/1.0" 200 82185 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:38 +0000] "GET /www.softpanorama.net/Net/Application_layer/telnet.shtml HTTP/1.0" 301 420 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:39 +0000] "GET /Net/Application_layer/telnet.shtml HTTP/1.0" 200 49327 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:39 +0000] "GET /www.softpanorama.infoEditors/tcl_editors.shtml HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:40 +0000] "GET /www.softpanorama.infoEditors/tcl_editors.shtml HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:41 +0000] "GET /www.softpanorama.infoEditors/tcl_editors.shtml HTTP/1.0" 404 3818 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:42 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:43 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:43 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:44 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:44 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:44 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:45 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:45 +0000] "GET /switchboard.shtml HTTP/1.0" 200 105033 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:52 +0000] "GET /Xwindows/Troubleshooting/can_not_open_display.shtml HTTP/1.0" 200 52296 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:53 +0000] "GET /Tools/Find/using_exec_option_and_xargs_in_find.shtml HTTP/1.0" 200 62977 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:53 +0000] "GET /Social/Toxic_managers/Communication/diplomatic_communication.shtml HTTP/1.0" 200 159407 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:54 +0000] "GET /Scripting/Shellorama/arithmetic_expressions.shtml HTTP/1.0" 200 89630 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:54 +0000] "GET /Net/Internet_layer/arp.shtml HTTP/1.0" 200 132887 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:55 +0000] "GET /History/index.shtml HTTP/1.0" 200 99066 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:31:55 +0000] "GET /Commercial_linuxes/Performance_tuning/tcp_performance_tuning.shtml HTTP/1.0" 200 170462 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:38:53 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/index.shtml HTTP/1.0" 200 58982 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:38:53 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Compradors/index.shtml HTTP/1.0" 200 303652 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:38:53 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:38:53 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:38:53 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:38:53 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:38:54 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:38:54 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:38:54 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:38:54 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:38:55 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:38:55 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:38:55 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:38:55 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:38:56 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtml HTTP/1.0" 200 1075679 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5" 79.112.27.200 - - [07/Jan/2015:07:38:56 +0000] "GET /Skeptics/Political_skeptic/Fifth_column/Color_revolutions/Euromaydan/Bulletin/euromaydan14_06.shtm
From the reaction of denying access you can determine whether this is abandoned bot ot not. In case human reads log or access site for his own purposes along with running a bot, there are frantic attempt to access root file of the website the next day or almost immediately after denying access.
If such attempts are missing then robot is abandoned and can do the same stupid things for months to come.
If you see that addresses cluster into network segment, this network segment can be blocked. Typically such providers does not provide useful hits at all, so the risk is minimal. See Using deny directive in apache .htaccess
Please note that in addition to C-class segments (or segments defined by netmask) you can also block access by domain name rather than IP address. For example
deny from .poneytelecom.eu
works for 62-210-83-26.rev.poneytelecom.eu, 62-210-142-7.rev.poneytelecom.eu and 62.210.91.168 62-210-91-168.rev.poneytelecom.eu
You generally need local cashing DNS server for that. Otherwise requests can overload your DNS server with requests in self-inflicted denial of service attack.
Blocking should be done using sliding scale of blocking. In simplest form that means that need to tag each like with comment that specify expiration date (say, current day +90) and on that date run a script (via at command or cron) that cleans expired entries. If you discover the pest again the next term of blocking should be 180 days and so on.
Usually they quickly realize that their target is gone and typically 90 days block is enough so that they exclude your site from their robot. but some robot are iether abandoned and run on autopilot or the user never check the results. For them deny statement should last a year or more.
If after that period activity stops you can delete this IP or C-class segment in order not to clutter blocking list as there way too many pests and a new one require your attention ;-). The cowboys work is never done... If he still banging your site double the period.
Again, for the most obnoxious pests you can block all IPs for the domain (they usually own C-class segment, rarely several C-class segment), not just single IP. Example were such policy is efficient is domain poneytelecom.eu. Looks like they are also active in other questionable areas as one participant in forum Online.net noted:
Posté 10 janvier 2014 - 03:58
For months now I have received regular spam from what is fairly obviously criminal Russian spammers (.ru domains, register anonymously in Russia and so on).
The spam comes from a serial spammer in Turkey, Turk Telecom (who ignore reports), but the domains are hosted by poneytelecom.eu which in turn is a client of Proxad.net, and Tiscali.fr (a fake domain). Proxad is a free.fr/online.net front and while there is an abuse address for proxad they never acknowledge complaints nor do they act on reports about the criminals they host, even after a hundred or more reports to them, on the same spammer, although with similar domains like
pillmedsuse.ru
which sent me 10 junk emails with these two domains just today, and about the same every day. There are many more similar domains, all .ru and all hosted by Proxad/online. Incidentally also, a registered contact for online.net is [email protected], which is a nonexistent email.
I did once receive a response from a jerk at free.fr, which essentially called my issue a non issue as follows:
Francois Petillon said:
"I am working for free.fr (ISP) and part of my job is to take care of free.fr mail servers. If you had issues with any other part of Iliad business ("proxad.net" is just the name of the network), I just can't help."
That's it. Francois works for Proxad (which is just a name, he says), but doesn't have a clue (or the initiative, or care) to forward the problem to anyone. So, the question is; is Proxad/Online/Free/Iliad/Poneytelcom a spammer organization, or not?
The key is to limit yourself to just top dozen and study their behavior. Or if your site is really popular, two dozen of pests. Those who are real pests you need to watch on monthly basis, spending a couple of hours each month to analyze your logs, as they migrate from one IP to another or even from one C-class network to another. I saw pests who used five C class network segments for their activities.
That also somewhat helps to prevent you paying attention to "false positives" -- pages with high access count, but for which the count is the direct result of pests activities. Please note that the problem of false tops is more complex then that and now in no way you trust Web stats without filtering "false positives".
Sometimes referer spam is often a "referer scam" -- it represents a trap that is designed to lure you to visit the page it refers. Such sites are often malware distribution sites. If you have a initial inclination doing such things, use wget. And the first thing to check is not the content of the page, but how long DNS record for particular site exists. For example it would be really stupid to try to visit the following sites -- nothing to see there:
| - https://putin.moykrest.ru | 858 | 926 | 
| - http://alcoholism.spbdyet.ru | 793 | 857 | 
| - http://iphone-6.moykrest.ru | 725 | 789 | 
| - http://shop.spbdyet.ru | 636 | 692 | 
| - http://fbmessenger.afdfloral.com | 541 | 581 | 
| - https://vk.com/page-74059968_48349947 | 388 | 416 | 
| - http://mylove.spbdyet.ru | 284 | 308 | 
| - http://videostripe.afdfloral.com | 245 | 245 | 
| - http://incity.afdfloral.com | 220 | 232 | 
| - http://www.moykrest.ru | 102 | 102 | 
One simple way to detect such sites is to compare this with stats from completely different site AWstats, which can be found via Google. For exampele AWStats for domain http://www.valcesano.com (as of Dec 11, 2014)
| - http://iphone-6.moykrest.ru | 124 | 124 | 
| - https://putin.moykrest.ru | 124 | 124 | 
| - http://shop.spbdyet.ru | 120 | 120 | 
| - http://alcoholism.spbdyet.ru | 96 | 96 | 
| - https://vk.com/page-74059968_48349947 | 68 | 68 | 
| - http://fbmessenger.afdfloral.com | 56 | 56 | 
| - http://incity.afdfloral.com | 56 | 56 | 
| - http://mylove.spbdyet.ru | 28 | 28 | 
| - http://www.paygreendayloans.com | 24 | 24 | 
Now you see the real picture ;-). The key idea is that many people would be interested to seel click on those referred site which are referring to so many webPages on their web site. Such spammers/scammers often aquire discontinued domains, so domain names can be quite respectable. But the content is not.
And they change IPs periodically so they are not that easy to suppress by IP. Sometimes you can efficiently weed them out by referer string as they advertize selected sites that they own. But often they mask their sites with short URLs, so this is not 100% reliable method.
Stupidity of traversing (many hits for the same page) and other abuses committed from this IPs are much better heuristic.
Still, no question they are pretty nasty pests, which have considerable skills in their craft and use automated tools.
So deal only with those who produce top number of hits and consume considerable bandwidth. As you can see from the sample below they often produce three or more hits per minute to the same page. Driving up popularity of their sites in HTTP stats, popularity which is actually fake.
Due to those pests you can generally forget about using non-filtered logs for HTTP stats. Everything is distorted by their activity. For example below they drive particular page to the top ranking but this ranking has nothing to do with actually interest of web users. Here is one example when it would be a big mistake to assume that particular page is really popular:
212.129.33.212 - - [01/Dec/2014:20:39:18 +0000] "GET /WWW/HTTP_log_analysis/Awstats/ HTTP/1.0" 200 29812 "http://iphone-6.moy krest.ru" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" 212.129.33.212 - - [01/Dec/2014:20:39:18 +0000] "GET /WWW/HTTP_log_analysis/Awstats/ HTTP/1.0" 200 29812 "http://iphone-6.moy krest.ru" "Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0" 212.129.33.212 - - [01/Dec/2014:20:39:18 +0000] "GET /WWW/HTTP_log_analysis/Awstats/ HTTP/1.0" 200 29812 "http://iphone-6.moy krest.ru" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36 OPR/ 23.0.1522.77 (Edition Campaign 37)" 212.129.33.212 - - [01/Dec/2014:20:41:13 +0000] "GET /WWW/HTTP_log_analysis/Awstats/ HTTP/1.0" 200 49285 "http://adf.ly/uUZm9 " "Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0" 212.129.33.212 - - [01/Dec/2014:20:41:14 +0000] "GET /WWW/HTTP_log_analysis/Awstats/ HTTP/1.0" 200 29812 "http://adf.ly/uUZm9 " "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 YaBrowser/14.7.1916.15705 Safari/537.36" 212.129.33.212 - - [01/Dec/2014:20:41:15 +0000] "GET /WWW/HTTP_log_analysis/Awstats/ HTTP/1.0" 200 29812 "http://adf.ly/uUZm9 " "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 YaBrowser/14.7.1916.15705 Safari/537.36" 212.129.33.212 - - [01/Dec/2014:20:41:15 +0000] "GET /WWW/HTTP_log_analysis/Awstats/ HTTP/1.0" 200 29812 "http://adf.ly/uUZm9 " "Opera/9.80 (Windows NT 5.1) Presto/2.12.388 Version/12.17" 212.129.33.212 - - [01/Dec/2014:20:46:10 +0000] "GET /WWW/HTTP_log_analysis/Awstats/ HTTP/1.0" 200 49285 "https://twitter.com /esif22" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" 212.129.33.212 - - [01/Dec/2014:20:46:11 +0000] "GET /WWW/HTTP_log_analysis/Awstats/ HTTP/1.0" 200 29812 "https://twitter.com /esif22" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" 212.129.33.212 - - [01/Dec/2014:20:46:11 +0000] "GET /WWW/HTTP_log_analysis/Awstats/ HTTP/1.0" 200 29812 "https://twitter.com /esif22" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" 212.129.33.212 - - [01/Dec/2014:20:46:11 +0000] "GET /WWW/HTTP_log_analysis/Awstats/ HTTP/1.0" 200 49285 "https://twitter.com /esif22" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" 212.129.33.212 - - [01/Dec/2014:20:46:33 +0000] "GET /WWW/HTTP_log_analysis/Awstats/ HTTP/1.0" 200 49285 "http://www.google.d k/url?url=http://afdfloral.com/file/gov.php%3Fsid%3D28&rct=j&q=&esrc=s&sa=U&ei=I5VxVNzLNcmtPKzDgXg&ved=0CAYQFjAA&usg=AFQjCNGg V2ZkxzpejxQQtYh36tkHqIg-KA" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0" 212.129.33.212 - - [01/Dec/2014:20:46:33 +0000] "GET /WWW/HTTP_log_analysis/Awstats/ HTTP/1.0" 200 29812 "http://www.google.d k/url?url=http://afdfloral.com/file/gov.php%3Fsid%3D28&rct=j&q=&esrc=s&sa=U&ei=I5VxVNzLNcmtPKzDgXg&ved=0CAYQFjAA&usg=AFQjCNGg V2ZkxzpejxQQtYh36tkHqIg-KA" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36 OPR/23.0.1522.77" 212.129.33.212 - - [01/Dec/2014:20:46:34 +0000] "GET /WWW/HTTP_log_analysis/Awstats/ HTTP/1.0" 200 29812 "http://www.google.d k/url?url=http://afdfloral.com/file/gov.php%3Fsid%3D28&rct=j&q=&esrc=s&sa=U&ei=I5VxVNzLNcmtPKzDgXg&ved=0CAYQFjAA&usg=AFQjCNGg V2ZkxzpejxQQtYh36tkHqIg-KA" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 YaBrowser/14.7.1916.15705 Safari/537.36" 212.129.33.212 - - [01/Dec/2014:20:46:34 +0000] "GET /WWW/HTTP_log_analysis/Awstats/ HTTP/1.0" 200 49285 "http://www.google.d k/url?url=http://afdfloral.com/file/gov.php%3Fsid%3D28&rct=j&q=&esrc=s&sa=U&ei=I5VxVNzLNcmtPKzDgXg&ved=0CAYQFjAA&usg=AFQjCNGg V2ZkxzpejxQQtYh36tkHqIg-KA" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 YaBrowser/14.7.1916.15705 Safari/537.36" 212.129.33.212 - - [01/Dec/2014:20:47:22 +0000] "GET /WWW/HTTP_log_analysis/Awstats/ HTTP/1.0" 200 49285 "https://vk.com/page -74059968_48349947" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/5 37.36 OPR/23.0.1522.77" 212.129.33.212 - - [01/Dec/2014:20:47:23 +0000] "GET /WWW/HTTP_log_analysis/Awstats/ HTTP/1.0" 200 30990 "https://vk.com/page -74059968_48349947" "Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0" 212.129.33.212 - - [01/Dec/2014:20:47:23 +0000] "GET /WWW/HTTP_log_analysis/Awstats/ HTTP/1.0" 200 29812 "https://vk.com/page -74059968_48349947" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 YaBrowse r/14.7.1916.15705 Safari/537.36" 212.129.33.212 - - [01/Dec/2014:20:47:23 +0000] "GET /WWW/HTTP_log_analysis/Awstats/ HTTP/1.0" 200 29812 "https://vk.com/page -74059968_48349947" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/5 37.36" 212.129.33.212 - - [01/Dec/2014:20:47:49 +0000] "GET /WWW/HTTP_log_analysis/Awstats/ HTTP/1.0" 200 49285 "https://plus.google .com/+AndreyEsipov/posts" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Sa --More--
The most constructive way is to create your own set of custom shell or Perl scripts and study their behaviour for one-two hours each month. One very simple script is to count number of accesses to the same page from each IP
gzip -cd httplog.gz | perl -pe 's/^(.*)\[.+?\].+GET (\/.+?) HTTP\/.*$/\1 \2/' | sort | uniq -c | sort -rn | head -50
Top 20 or so records usually point to the most nasty "pests of the month" (you need to check DNS names to see if they represent proxy of large organizations or universities):
  12925 95.47.137.94 - -  /Commercial_linuxes/Oracle_linux/registration.shtml
  12836 95.47.137.94 - -  /Commercial_linuxes/RHEL/Registration/rhel5_registration.shtml
   7020 212.129.33.212 - -  /WWW/HTTP_log_analysis/Awstats/
   3129 46.55.23.55 - -  /Net/Application_layer/SSH/socks4_proxy.shtml
   2416 212.129.33.212 - -  /Logs/index.shtml
    1840 212.129.33.212 - -  /CSS/
   1514 129.49.68.71 - -  /Net/Linux_networking/RHEL_networking/index.shtml
   1248 195.154.43.26 - -  /WWW/HTTP_log_analysis/Awstats/
    912 212.129.33.212 - -  /Commercial_unixes/AIX/index.shtml
    774 207.73.71.62 - -  /Logs/syslog.shtml
    772 212.129.33.212 - -  /WWW/HTTP_log_analysis/
For most obnoxious offenders such as spammer advertizing the domains "moykrest.ru", spbdyet.ru, afdfloral.com and it is easy to generate the deny statements using ithere referer ot number accesses to the page from a given IP (see above)
They typically are also at the top of the list of IPs which produce most 4xx codes as well. It is just important not to fall into "excessive zeal" blunder and limit yourself to the top dozen (let's call it "dirty dozen") or even less. Life is short and the number of pests in infinite ;-). For example blocking IPs from which they advertize just three domains
moykrest.ru spbdyet.ru afdfloral.comtypically cuts referer spam 50%.
After such generation you need to weed out duplicates as typically multiple domains point to the same IP. You also might need to check when DNS was created.
That creates opportunity to generate deny lists semi-automatically as well as ease the burden of analyzing referer spam. Blocking 10-20 addresses allow to cut referer spam 80% (as i mentioned before most IPs that produce referer spam are engaged in other nefarious behavior, so they should be blocked for good).
Again, it is better to block only top dozen or, if your site is very popular, two dozens. After that I think the game is not worth the candles.
Here are some categories that I uncovered so far:
188.126.53.232 - - [20/Aug/2012:21:33:47 -0700] "GET / HTTP/1.1" 200 168 "http://the-pokerstars.ru" "-" 188.126.53.232 - - [21/Aug/2012:07:09:24 -0700] "GET / HTTP/1.1" 200 168 "http://the-pokerstars.ru" "-"
The idea here is simple -- to boost pagerank via referer logs, which for some sites are publicly available and are analyzed by robots of major search engines. So this is a way to dupe such search engines ;-). Here is how one day summary of "Links from an external page" section of AWstats report looks for a very polluted Web site:
Links from an external page (other web sites except search engines)
http://astanafans.comhttp://allcycling.ru 102 102 http://rusport.eu 102 102 http://paydays-loans.org 51 51 http://sexchattesten.com 46 46 http://dating.datinganders.com 41 41 http://www.der-messershop.ch/de/Bear-Grylls 32 32 http://pikavippii.net 32 32 http://www.vapornine.com 26 26 ... ... ...Here is another one:
As you can see all top references are bogus which means that this part of HTTP request can generally be ignored unless you weed out the offenders. That latter is easier said then done.
Sometimes access requests are outright funny:
5.135.167.93 - - [02/May/2013:14:13:32 -0700] "GET /WWW/HTTP_log_analysis/requests_for_nonexisting_web_pages.shtml HTTP/1.1" 200 115488 "http://eyeuser.com/blogs/viewstory/1442823" "Mozilla/4.0 top rated Online casinos (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60"or
5.135.167.150 - - [02/May/2013:16:21:34 -0700] "GET /Bulletin/Humor/last_but_not_least.shtml HTTP/1.1" 200 7289 "http://onlinecasino.forumotion.com/" "Mozilla/4.0 <a href=\"http://onlinecasino.forumotion.com/\">Best Online Casinos</a> (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60"
176.31.122.7 - - [01/Sep/2012:09:14:24 -0700] "GET /../../CSS/main.css HTTP/1.0" 400 126 "http://www.softpanor ama.org/../../CSS/main.css" "Opera/9.80 (Windows NT 6.1; U; MRA 6.0 (build 5711); ru) Presto/2.10.289 Version/ 12.00" 188.165.240.186 - - [01/Sep/2012:09:21:12 -0700] "GET /../CSS/main.css HTTP/1.0" 400 126 "http://www.softpanor ama.org/../CSS/main.css" "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)" 81.200.28.126 - - [01/Sep/2012:09:28:55 -0700] "GET /../CSS/main.css HTTP/1.0" 400 126 "http://www.softpanoram a.org/../CSS/main.css" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.54 [en]" 31.184.238.40 - - [01/Sep/2012:10:30:56 -0700] "GET /../../../../CSS/main.css HTTP/1.0" 400 126 "http://www.so ftpanorama.org/../../../../CSS/main.css" "Opera/9.80 (Windows NT 6.1; U; ru) Presto/2.9.168 Version/11.52" 24.125.39.15 - - [01/Sep/2012:11:09:28 -0700] "GET /Skeptics/Political_skeptic/American_exceptionalism/main.cs s HTTP/1.1" 404 17716 "http://www.softpanorama.org/Skeptics/Political_skeptic/American_exceptionalism/national _security_state.shtml" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0" 59.57.14.123 - - [01/Sep/2012:11:13:02 -0700] "GET /../../../../../CSS/main.css HTTP/1.0" 400 126 "http://www. softpanorama.org/../../../../../CSS/main.css" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.27 Safari/536.11" 188.165.240.186 - - [01/Sep/2012:11:19:36 -0700] "GET /../../../../../CSS/main.css HTTP/1.0" 400 126 "http://w ww.softpanorama.org/../../../../../CSS/main.css" "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)" 91.237.249.120 - - [01/Sep/2012:11:32:01 -0700] "GET /../../CSS/main.css HTTP/1.0" 400 126 "http://www.softpan orama.org/../../CSS/main.css" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0. 874.121 Safari/535.2"
198.143.128.39 - - [28/Sep/2012:21:41:48 -0700] "GET /switchboard.shtml HTTP/1.0" 200 75992 "http://www.softpanorama.org/switchboard.shtml" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5" 198.143.128.39 - - [28/Sep/2012:21:41:48 -0700] "GET /Hardware/Peripherals/switchboard.shtml HTTP/1.0" 301 396 "http://www.softpanorama.org/switchboard.shtml" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5" 198.143.128.39 - - [28/Sep/2012:21:41:48 -0700] "GET /Hardware/Peripherals/switchboard.shtml HTTP/1.0" 301 396 "http://www.softpanorama.org/switchboard.shtml" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5" 222.124.35.116 - - [29/Sep/2012:01:55:04 -0700] "GET /Hardware/Peripherals/programmable_keyboards.shtm/Windows/Keyboard_and_mouse/keyloggers.shtml HTTP/1.1" 404 23846 "http://www.softpanorama.org/Windows/Keyboard_and_mouse/keyloggers.shtml" "Opera/9.80 (Windows NT 6.1; U; MRA 5.10 (build 5339); ru) Presto/2.10.289 Version/12.00" 222.124.35.116 - - [29/Sep/2012:01:55:09 -0700] "GET /Hardware/Peripherals/programmable_keyboards.shtm/Windows/Keyboard_and_mouse/mousekeys.shtml HTTP/1.1" 404 23846 "http://www.softpanorama.org/Windows/Keyboard_and_mouse/mousekeys.shtml" "Opera/9.80 (Windows NT 6.1; U; MRA 5.10 (build 5339); ru) Presto/2.10.289 Version/12.00" 178.32.151.208 - - [29/Sep/2012:02:23:26 -0700] "GET /WWW/HTTP_log_analysis/nouveautes.html HTTP/1.1" 404 23846 "http://www.softpanorama.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)"
41.158.128.190 - - [10/Oct/2012:02:23:14 -0700] "GET /Hardware/Peripherals/programmable_keyboards.shtm/Windows/Keyboard_and_mouse/intellitype.shtml/Windows/Keyboard_and_mouse/clipboard_managers.shtml/Windows/Keyboard_and_mouse/Clipboard_managers/arsclip.shtml HTTP/1.1" 301 524 "http://www.softpanorama.org/Windows/Keyboard_and_mouse/Clipboard_managers/arsclip.shtml" "Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20100101 Firefox/14.0" 41.158.128.190 - - [10/Oct/2012:02:23:20 -0700] "GET /Hardware/Peripherals/programmable_keyboards.shtm/Windows/Keyboard_and_mouse/intellitype.shtml/Windows/Keyboard_and_mouse/clipboard_managers.shtml/Windows/Keyboard_and_mouse/Clipboard_managers/arsclip.shtml/Windows/Keyboard_and_mouse/Clipboard_managers/clip.shtml HTTP/1.1" 301 584 "http://www.softpanorama.org/Windows/Keyboard_and_mouse/Clipboard_managers/clip.shtml" "Mozilla/5.0 (Windows NT 6.1; rv:14.0) Gecko/20100101 Firefox/14.0"
Sometimes there is some pattern here as if the bot assumed that particular page serves as index page for the site, but most often it's just crazy requests from undebugged evil bots. Here is an example of really crazy requests:
190.202.87.134 - - [28/Sep/2012:20:19:27 -0700] "GET /Hardware/Peripherals/programmable_keyboards.shtm/Windows/Keyboard_and_mouse/keyboard_shortcuts.shtml HTTP/1.0" 404 23846 "http://www.softpanorama.org/Windows/Keyboard_and_mouse/keyboard_shortcuts.shtml" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.56 Safari/536.5 Comodo_Dragon/19.2.0.0"
Special case of crazy requests is GET requests with imbedded image( url(data:image/png... )
203.82.80.15 - - [29/Sep/2012:02:37:18 -0700] "GET /Net/url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAEYAAAAOCAYAAACSJWqFAAAABGdBTUEAALGPC%2fxhBQAAAAlwSFlzAAALEgAACxIB0t1%2b%2fAAAAAd0SU1FB9oGAhENK17O5ogAAAAZdEVYdENvbW1lbnQAQ3JlYXRlZCB3aXRoIEdJTVBXgQ4XAAAAGXRFWHRTb2Z0d2FyZQBQYWludC5ORVQgdjMuNS44NzuAXQAAA99JREFUSMfdlmtMm1UYx%2fkOM1vmBck2EIyZOiLZJRLlMhaXhQSjmRiHiVmi7gKpjshlBAiMhYG0C3UdinyYCUYMgm6MsYVLuV%2fLaArl1pYWGLQwJ6OIEeKnn%2bcdZc4CS6vDyJ7kn%2feck5Nz3vPL%2f3nO8fDYIDFpnwsZvjPL2Ss38T9eTFTmdzT0ahi9paUmJgKNvxejfl6M%2b3phFt8BX0%2b0vp4hHo97WO1zNJtvE5rdyLOJbXjHVZBbpsZo1TPSUIY%2byIdxAWRMyCSk932CTj9PHsnmcRk%2f%2bgv1COGQ1N7zfwAztbBIrWGKoKwWfFJv8vSpBqIVlWiNOkaH2tBGBWPxW3KNwXcTOvFtE3pUYN4QqhPa4uhLbct6HfaCUsmF%2fPwVPy%2bNOY%2fbFhZoH79DZH4nPkkd%2bCS0E5lbg2aoF4OuhcZDQbTt2kxL4Fbad26mS6RWk9%2bmv60RILciyXm%2fAIUYV1hxB9RpyTnrBsYBQALkDEv1wJgUgz%2ffxXB3jqzKAQKSGtnxWRMJpVq6BnUoFbnEhu7lZOgrfPD%2bXg7HvYTsyPOogp9iJQDbPTlDcRmM5BpHKpWtZ4pIAFQOGPegrOGi44X11A9PoLXNUNAwgrLOIPpjpJ3JoOr6DVo1AlJ3D58X5PFCShjbFK%2bzK%2fXVVdxh4y9A7kORUsriALPFhfk8TC47Z5UUWo6X4y8TlnaZ%2bEtqrvWZsPxqJ1ueR8XVq0zMLlCsn6dk8Hc6zb%2bQcz6HgPT9bJWHrbqWBMJf7iaUB2pLkavzk5Q%2f%2bT1MboFxSqHl2PdpKYGycnbGlpJW0olRpFVCSgrmyWkuaueZ%2fe0PrFN2SnR26scXkZ%2fPZ1tu%2bKpr3YciXwK0bmD%2bdZ1ZTiVHbVkNzlvpPyD7Ss3Zsg6%2bb%2b1FP2lBdkrG6ISNIq0d48g0tW0mCppttEwskph8Gu%2bs8DUL7X3XuAvnP4PiVGhVa9SZmn4LA5NGBkzl9Pcp6OlKISP9JDcqK%2flGgPm2eZxLHdMoNPOUNunIPJPF9nMHVtxKS25xLr421%2bA4HFO37mDcuK7NM5NoWtPR1gQz1BDIoDqQ8qJDvPfum3SIwlthWqB2bJHi2m4%2b%2fPgYkZ%2fE8ExmBK5cy86wNlQM3eqh48p%2bTOog8dINwqjeTX%2fVPgrPHSQ5OZmcPAVfXPyS9IS3UaX6Ex0bwZPxoRvzsO6E6baZ7usxDAkYw9XBGKpfw1gVTp86kbpujbit5LyY9g4HThwkP8mH6q%2bf4%2fBHkY8%2fGMuMNcQ42sxAU5IAc5ThmqOY2nOwTA9zTbx%2b9yhP4K2IZnv2EaJk0ahSvKku3PGPwfwJAW1Er1YzJJgAAAAASUVORK5CYII%3d) HTTP/1.1" 404 21815 "http://www.softpanorama.org/Net/troubleshooting.shtml" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
109.193.39.218 - - [28/Sep/2012:21:29:51 -0700] "GET /Skeptics/Political_skeptic/American_exceptionalism/national HTTP/1.1" 404 23846 "http://www.softpanorama.org/WWW/HTTP_log_analysis/blocking_referer _spam.shtml" "yacybot (freeworld/global; x86_64 Mac OS X 10.6.8; java 1.6.0_35; Europe/de) http://yacy.net/bot.html"
In rare case when you have dount to block or not to blokc pariotuclar jerk, you can try to retrive some of those pages.
Because of the danger of spyware/malware you need to do it using wget imitating IE or Firefox, as this can be a trap.
That can be done programmatically via scripts that loops wget requests and analyze results. It is imporant to provide false identification string for wget (IE is OK ;-) and program a separate get attempt for favicon as those guys are pretty tricky...
|  | Switchboard | ||||
| Latest | |||||
| Past week | |||||
| Past month | |||||
|  |  |  | 
193.53.89.197 Unresolved 62.33.244.157 Unresolved 88.150.136.178 h88-150-136-178.host.redstation.co.uk 109.194.164.85 109x194x164x85.dynamic.tmn.ertelecom.ru 222.255.174.10 dynamic.vdc.vn 46.138.47.22 Unresolved 193.232.65.107 Unresolved 188.186.83.165 net83.186.188-165.tmn.ertelecom.ru 188.186.55.85 net55.186.188-85.tmn.ertelecom.ru 188.186.142.123 188x186x142x123.dynamic.kirov.ertelecom.ru 188.186.103.59 net103.186.188-59.tmn.ertelecom.ru 176.214.253.82 176x214x253x82.dynamic.tmn.ertelecom.ru 176.214.227.225 Unresolved 46.53.218.59 nat5-minsk-pool-46-53-218-59.telecom.by 31.204.96.187 Unresolved 222.88.236.236 Unresolved 98.183.184.218 ip98-183-184-218.hr.hr.cox.net 91.135.102.182 Unresolved 66.249.81.168 google-proxy-66-249-81-168.google.com 50.135.126.117 c-50-135-126-117.hsd1.wa.comcast.net 27.252.45.65 65.45.252.27.dyn.cust.vf.net.nz 213.89.199.103 c213-89-199-103.bredband.comhem.se 183.207.228.115 cache.IDC.js.chinamobile.com 178.62.140.111 Unresolved 178.158.223.6 Unresolved
|  |  |  | 
   1858 192.151.152.219  Unresolved
   1655 142.54.173.19  Unresolved
   1588 192.187.115.69  Unresolved
   1546 192.151.144.242  Unresolved
   1540 107.150.49.242  Unresolved
   1450 69.197.128.163  Unresolved
   1381 69.197.128.20  Unresolved
   1370 192.187.125.100  Unresolved
   1324 63.141.239.186  Unresolved
   1316 68.64.174.3  Unresolved
   1199 69.197.128.44  Unresolved
   1179 198.204.252.211  Unresolved
   1014 63.141.243.66  Unresolved
   1006 216.244.80.82  Unresolved
    936 173.208.205.93  Unresolved
    794 142.54.184.26  Unresolved
    761 68.64.172.29  Unresolved
    678 142.54.172.219  Unresolved
    586 192.151.150.106  Unresolved
    582 37.187.93.152  ns3371997.ip-37-187-93.eu
    546 74.91.23.52  Unresolved
    535 46.151.52.178  Unresolved
    518 76.164.192.43  doors-sincerely.co.uk
    516 46.118.124.52  SOL-FTTB.52.124.118.46.sovam.net.ua
|  |  |  | 
Referrer spam is becoming increasingly common. At best, it will only render your log files useless. At worst, it can cause your site to be dropped by search engines and your running costs to skyrocket. Here's how to block spurious referrers.
Log files are a useful tool for webmasters. It helps to know how people are finding your site, and what software they are using to view it, among other things. A strange decision by a small group of bloggers, though, has given unscrupulous marketers another window of opportunity to manipulate search engines to increase their traffic.
The decision made by these short-sighted bloggers was to display, on their site, a list of recent referrers to each page. I can't imagine any reason why a visitor might be in the least bit interested in seeing this, but nevertheless many sites now display referrers on every page.
As search engine spiders visit sites, they grab the contents of each page they visit. They use this snapshot in their index - meaning that although a page may change every minute or two, a search engine may be using a single copy of a page for several days, or even weeks.
So a referral URL that is on a page when the spiders come to visit can have quite a bit of value, if the search engine visiting uses link popularity in any way (Google uses link popularity, as do many others).
So marketers have started to use programs to visit pages using a fake referral header, to get their URLs listed on as many sites as possible, in the hopes that this will increase their traffic.
However, this renders log files almost completely useless. These fake visitors usually visit from search engines, having searched for a keyphrase relevant to their own site. They skew statistics relating to number of visitors received, the countries used to visit, the technology used to view the page, how users found the page, how long they spent on the site ... and so on.
A webmaster may find their search engine rankings dropping because of this, and they may find search engines have removed them completely. Many sites that use spam techniques are quickly identified and penalised, and penalties will often be applied to sites that link to them as well.
There are plenty of techniques available for blocking referrer spam, and everyone has their favourite. Personally, I use a combination of two techniques.
The first is fairly simple - my referrer log is not indexable. I don't display referrers on the pages of my site. My referral log is publicly available, but search engines are instructed to ignore it. This removes the main incentive for people to referrer-spam my site (the other reason for this type of spam - the hope that the site owner will themselves visit the spamming URL - is less common, because it has such a low response rate).
Second, I use an .htaccess file to block requests from whatever I've managed to identify as either a crawler designed to find URLs to spam or a spamming URL. This is a relatively simple blacklist, and though it cannot work as a long term solution to this problem, it keeps me happy for now.
TimI found several words that were very common in a large amount of my referer spam. I decided to eliminate a chunk of the individual sites by blocking on that word. There is the risk that I will block someone legitimate but I am willing to take the chance to save myself from the annoyance.
RewriteCond %{HTTP_REFERER} (poker) [NC,OR]
RewriteCond %{HTTP_REFERER} (casino) [NC,OR]
RewriteCond %{HTTP_REFERER} (pharmacy) [NC,OR]
RewriteCond %{HTTP_REFERER} (inkjet) [NC,OR]
RewriteCond %{HTTP_REFERER} (blackjack) [NC,OR]
RewriteCond %{HTTP_REFERER} (diet) [NC,OR]
RewriteCond %{HTTP_REFERER} (drugs) [NC,OR]
RewriteCond %{HTTP_REFERER} (holdem) [NC,OR]
RewriteCond %{HTTP_REFERER} (mortgage) [NC,OR]
RewriteCond %{HTTP_REFERER} (loan) [NC,OR]
I did attempt to be selective of what words I did this with. I don't think many sites have inkjet in their url. Could be wrong but again it's worth the chance.
|  |  |  | 
Nov 13 2013 | The Atlantic
All it takes is a firm grasp of arbitrage economics and a flexible ethical code.
Sadly, bot traffic is not a bunch of these guys with iPads (Reuters).
Here is the weirdest thing about the modern web: humans are only one constituency, and maybe not the most profitable one.
Consider the case of an anonymous publishing executive who spoke with the media trade magazine, Digiday, about purchasing bulk robot traffic to his former company's website.
By robot, I mean software that is designed to simulate a human being browsing the web. Bots, as they are known, are relatively easy to create, and now you can easily purchase their services to build a nice business, if you are willing to bend the rules of digital publishing.
Arbitrage... Now With More Robots
In this case, the publisher paid $10,000 to $35,000 for the cheapest possible traffic, which companies domiciled outside the United States could provide for about $0.002 per visit. Then, they turned around and sold those visits for between $0.0025 and $0.004 through advertising networks, which act as clearinghouses for bulk advertising buys across the web.
That's a pretty weird media business model, but it doesn't take a genius to realize this is a good arbitrage opportunity. Even if you only make one-tenth of a penny per visit, it's not that expensive to buy millions of visits, so you can make some serious money.
Let's do the math here. They were getting between 5 and 17.5 million visits per day and selling them for a fraction of a penny more to generate between $12,500 and $70,000 in revenue per day.
If they maxed out every day, buying the most traffic possible and selling it at the highest price, they'd make $2.1 million a month without ever creating anything that a human might want to look at.
But Isn't This Fraud?
Yes, it is certainly fraud in the colloquial sense and may be fraud in the legal sense, too, as the publishing executive readily admitted. Robots don't buy anything, and showing them ads remains ineffective.
The providers of the non-human traffic do not acknowledge that they are sending bots to load web pages. They tell the publishers that the traffic will be of "unknown quality." This is the code word. The publishers know that "unknown quality" means "unknown robots" but they sell ads anyway.
And yet, the bots (at least the cheap ones) leave tell-tale tracks in the analytics software that companies use to track their visitors.
"You can tell it's bot traffic just by looking at the analytics. We'd see a traffic spike in our real-time analytics dashboard and then we would see all of our traffic for the day serve in a couple of hours," the publisher told DigiDay. "Or it would all come from users using the same really old version of Internet Explorer. Almost all our users had Flash versions from 2003, according to Google Analytics. That just doesn't happen with real users."
In other words, detecting the simplest bots probably isn't hard. But ad networks don't really want to know about the makeup of their visitor pool because it might hurt their businesses. Same goes for publishers.
So, strangely, for now, there's a really tidy profit to be made showing web pages to robots.
|  |  |  | 
This is a tactic used by spammers to get webmasters, curious to research their referrers, to visit the desired website. Also referred to as log spam or referrer bombing. It's not necessarily malicious, but it's definitely annoying.
August 31, 2011 | businesshut.com
If you've launched a new website recently and were excited to see referrals from golbnet or forexmarket, you have been spammed. This is a tactic used by spammers to get webmasters, curious to research their referrers, to visit the desired website. Also referred to as log spam or referrer bombing. It's not necessarily malicious, but it's definitely annoying.
It's funny that people are doing this now, because I had a chat about how someone could do this with my co-worker, Taylor Pratt, while working at LunaMetrics in 2007.
Your best option is to simply ignore these referrers. Do not visit the websites. They're spam, so they don't deserve your business, but there's also the chance that you'll wind up on a site filled with viruses and other malware. If you don't want the referrals to show up in your Google Analytics account, you also have a few options for removing them.
How to get rid of referral spam:
1. I always recommend keeping at least one GA account with no filters. Make sure you have one profile that will show these referrals, just in case there's a problem as you create new filters. (You always want to have access to your raw data.) If you don't already have a separate profile, create a new Google Analytics profile and start anew.
2. On what will now be your "good" profile, you can create a few filters to eliminate the golbnet and forexmarket referrer spam entries.
Create an "include" filter that only includes your domain name. If someone uses your Google Analytics account ID on another domain, this will prevent them from showing up in your analytics.
- Filter Type: Custom > INCLUDE
- Filter Field: hostname
- Filter Pattern: yourdomain\.com
- *The filter pattern is RegEx, so you should escape the period with a backslash.
- Case Sensitive: No
|  |  |  | 
January 17, 2005 | How Now Brownpau
Referrer Spam. For myself and for anyone curious about my inbound traffic, my installation of Refer is public, but hidden from search engines by a robots exclusion <meta>. That, as many of you webmasters may have found by now, does nothing to deter referrer spam.
As of late, this site and many others have been under attack by a persistent referrer and blog comment spammer, with visits from just about every open proxy on the web, plus more than a few zombie machines, linking back to dozens, perhaps hundreds, of domains. Each of the domains uses fake whois info, and showed, until recently, a fake "suspension" notice to throw off any webmasters who followed the link, fooling them into thinking that the spammer had already been taken out. The jubilation was premature, of course: the sites are now flooded with links to all sorts of sleazy online scams, their pagerank artificially boosted by spam posted to unmaintained weblog comment threads and referrer logs. The flood of inbound traffic from this spammer's zombie network is so heavy that it operates like a DOS attack: consuming bandwidth, sucking up server resources, and slowing - or even bringing down - the victim site. Witness the growing tide of spammed referrers, or see an untended referrer log taken over by pornographic links.
Myself, I'm keeping most of the flood at bay with an .htaccess blacklist. Amusingly, the spammer's own comment spams, huge strings of domains inside
<h1>tags, are an excellent way to generate a domain-based blacklist, since he seems quite intent on flooding comment threads with almost every domain he's registered. Denying by IP is an exercise in futility, since the zombie network just keeps growing, most likely fed by trojans installed by the unsuspecting clicks of indiscriminate file sharers.More info on this attack elsewhere:
- Norweigan blogger Ann Elisabeth has been very much on top of the problem, getting info from open proxies, complaining to the FTC, emailing and calling the colo/hosting services used by the spammer.
Arve Bersvendsen and ThePete comment on the fake "suspended" pages and the spammer's webhost. - John Sinteur has a quick PHP code block which redirects the referrer spam right back to the spammer.
- Track this story on Technorati through the spam tag and links to Ann Elisabeth's efforts.
- And remember this from the not-too-distant past: Mark Pilgrim on weblog spam. War is hell.
Update, 25 Jan 2005: Ann Elisabeth seems to have discovered the culprits, and Photodude laments Verio's poor response to the crisis.
6 thoughts on "Referrer Spam Attack"
- Ann Elisabeth's blog on January 17, 2005 at 6:37 pm said:
My referrers
I thought I'd give back by putting up the legitimate referrers in my log, those linking to the blog. Some may be from me posting comments, while others are links in blog entries. http://www.tbray.org/ongoing/When/200x/2005/01/16/RefererBS Got an amazin…
I called. They've had quite a few calls lately…
Thomas Reece isn't real of course. I called to see if they knew what was going on, and they did. They are reporting it. I just hope they go as far as they can!
.htaccess is my friend
Happiness is looking at your log file and seeing hundreds of referrer spam attempts with a 403 error code. Paulo…
More Victims Of "Referer" Spam
I talked a bit about my experience with referer spam, here, here, here and here.
There's slowly word getting out from other victims:The flood of inbound traffic from this spammer's zombie network is so heavy that it operates like a DOS attack...
just published a crude but effective fix for those running B2 Evolution blogs. Course I'm the kinda guy who breaks eggs with a sledgehammer so it might not be your style – but may be of help to some.
permalink here – http://technicallyoverboard.com/blog/index.php?title=referral_spamstorm_b2_evo_fix&more=1&c=1&tb=1&pb=1
| Google matched content |