Found a log entry from 142.252.249.27 this morning:
142.252.249.27 - - [09/Sep/2019:07:59:18 -0700] "HEAD /backup.zip HTTP/1.1" 404 4128 "http://www.freefixer.com/backup.zip" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
The bot running at 142.252.249.27 is scanning freefixer.com for backups, databases, data, code, bitcoin wallets, bitcoin cash wallets, litecoin wallets, dogecoin wallets, etc. It looks for various file formats such as .zip, .rar, .dat, .7z, .sql, .mdb, .mdf, .tgz, .tar and .sql. Here’s the complete lite of requests that 142.252.249.27 did:
HEAD /backup.zip HEAD /backup.rar HEAD /backup.dat HEAD /backup.7z HEAD /backup.sql HEAD /backup.mdb HEAD /backup.mdf HEAD /backup.tgz HEAD /backup.tar.gz HEAD /db.zip HEAD /db.rar HEAD /db.dat HEAD /db.7z HEAD /db.sql HEAD /db.mdb HEAD /db.mdf HEAD /db.tgz HEAD /db.tar.gz HEAD /web.zip HEAD /web.rar HEAD /web.dat HEAD /web.7z HEAD /web.sql HEAD /web.mdb HEAD /web.mdf HEAD /web.tgz HEAD /web.tar.gz HEAD /database.zip HEAD /database.rar HEAD /database.dat HEAD /database.7z HEAD /database.sql HEAD /database.mdb HEAD /database.mdf HEAD /database.tgz HEAD /database.tar.gz HEAD /data.zip HEAD /data.rar HEAD /data.dat HEAD /data.7z HEAD /data.sql HEAD /data.mdb HEAD /data.mdf HEAD /data.tgz HEAD /data.tar.gz HEAD /web.zip HEAD /web.rar HEAD /web.dat HEAD /web.7z HEAD /web.sql HEAD /web.mdb HEAD /web.mdf HEAD /web.tgz HEAD /web.tar.gz HEAD /wwwroot.zip HEAD /wwwroot.rar HEAD /wwwroot.dat HEAD /wwwroot.7z HEAD /wwwroot.sql HEAD /wwwroot.mdb HEAD /wwwroot.mdf HEAD /wwwroot.tgz HEAD /wwwroot.tar.gz HEAD /www.zip HEAD /www.rar HEAD /www.dat HEAD /www.7z HEAD /www.sql HEAD /www.mdb HEAD /www.mdf HEAD /www.tgz HEAD /www.tar.gz HEAD /code.zip HEAD /code.rar HEAD /code.dat HEAD /code.7z HEAD /code.sql HEAD /code.mdb HEAD /code.mdf HEAD /code.tgz HEAD /code.tar.gz HEAD /test.zip HEAD /test.rar HEAD /test.dat HEAD /test.7z HEAD /test.sql HEAD /test.mdb HEAD /test.mdf HEAD /test.tgz HEAD /test.tar.gz HEAD /admin.zip HEAD /admin.rar HEAD /admin.dat HEAD /admin.7z HEAD /admin.sql HEAD /admin.mdb HEAD /admin.mdf HEAD /admin.tgz HEAD /admin.tar.gz HEAD /user.zip HEAD /user.rar HEAD /user.dat HEAD /user.7z HEAD /user.sql HEAD /user.mdb HEAD /user.mdf HEAD /user.tgz HEAD /user.tar.gz HEAD /sql.zip HEAD /sql.rar HEAD /sql.dat HEAD /sql.7z HEAD /sql.sql HEAD /sql.mdb HEAD /sql.mdf HEAD /sql.tgz HEAD /sql.tar.gz HEAD /wallet.zip HEAD /wallet.rar HEAD /wallet.dat HEAD /wallet.7z HEAD /wallet.sql HEAD /wallet.mdb HEAD /wallet.mdf HEAD /wallet.tgz HEAD /wallet.tar.gz HEAD /wallet.backup.zip HEAD /wallet.backup.rar HEAD /wallet.backup.dat HEAD /wallet.backup.7z HEAD /wallet.backup.sql HEAD /wallet.backup.mdb HEAD /wallet.backup.mdf HEAD /wallet.backup.tgz HEAD /wallet.backup.tar.gz HEAD /litecoin.zip HEAD /litecoin.rar HEAD /litecoin.dat HEAD /litecoin.7z HEAD /litecoin.sql HEAD /litecoin.mdb HEAD /litecoin.mdf HEAD /litecoin.tgz HEAD /litecoin.tar.gz HEAD /Litecoin.zip HEAD /Litecoin.rar HEAD /Litecoin.dat HEAD /Litecoin.7z HEAD /Litecoin.sql HEAD /Litecoin.mdb HEAD /Litecoin.mdf HEAD /Litecoin.tgz HEAD /Litecoin.tar.gz HEAD /Bitcoin.zip HEAD /Bitcoin.rar HEAD /Bitcoin.dat HEAD /Bitcoin.7z HEAD /Bitcoin.sql HEAD /Bitcoin.mdb HEAD /Bitcoin.mdf HEAD /Bitcoin.tgz HEAD /Bitcoin.tar.gz HEAD /bitcoin.zip HEAD /bitcoin.rar HEAD /bitcoin.dat HEAD /bitcoin.7z HEAD /bitcoin.sql HEAD /bitcoin.mdb HEAD /bitcoin.mdf HEAD /bitcoin.tgz HEAD /bitcoin.tar.gz HEAD /HShare.zip HEAD /HShare.rar HEAD /HShare.dat HEAD /HShare.7z HEAD /HShare.sql HEAD /HShare.mdb HEAD /HShare.mdf HEAD /HShare.tgz HEAD /HShare.tar.gz HEAD /btc.zip HEAD /btc.rar HEAD /btc.dat HEAD /btc.7z HEAD /btc.sql HEAD /btc.mdb HEAD /btc.mdf HEAD /btc.tgz HEAD /btc.tar.gz HEAD /bch.zip HEAD /bch.rar HEAD /bch.dat HEAD /bch.7z HEAD /bch.sql HEAD /bch.mdb HEAD /bch.mdf HEAD /bch.tgz HEAD /bch.tar.gz HEAD /btm.zip HEAD /btm.rar HEAD /btm.dat HEAD /btm.mdb HEAD /btm.mdf HEAD /btm.tgz HEAD /btm.tar.gz HEAD /bcd.zip HEAD /bcd.rar HEAD /bcd.dat HEAD /bcd.7z HEAD /bcd.sql HEAD /bcd.mdb HEAD /bcd.mdf HEAD /bcd.tgz HEAD /bcd.tar.gz HEAD /bcx.zip HEAD /bcx.rar HEAD /bcx.dat HEAD /bcx.7z HEAD /bcx.sql HEAD /bcx.mdb HEAD /bcx.mdf HEAD /bcx.tgz HEAD /bcx.tar.gz HEAD /qianbao.zip HEAD /qianbao.rar HEAD /qianbao.dat HEAD /qianbao.7z HEAD /qianbao.sql HEAD /qianbao.mdb HEAD /qianbao.mdf HEAD /qianbao.tgz HEAD /qianbao.tar.gz HEAD /doge.zip HEAD /doge.rar HEAD /doge.dat HEAD /doge.7z HEAD /doge.sql HEAD /doge.mdb HEAD /doge.mdf HEAD /doge.tgz HEAD /doge.tar.gz HEAD /dogecoin.zip HEAD /dogecoin.rar HEAD /dogecoin.dat HEAD /dogecoin.7z HEAD /dogecoin.sql HEAD /dogecoin.mdb HEAD /dogecoin.mdf HEAD /dogecoin.tgz HEAD /dogecoin.tar.gz HEAD /backup.zip HEAD /backup.rar HEAD /backup.dat HEAD /backup.7z HEAD /backup.sql HEAD /backup.mdb HEAD /backup.mdf HEAD /backup.tgz HEAD /backup.tar.gz HEAD /db.zip HEAD /db.rar HEAD /db.dat HEAD /db.7z HEAD /db.sql HEAD /db.mdb HEAD /db.mdf HEAD /db.tgz HEAD /db.tar.gz HEAD /data.zip HEAD /data.rar HEAD /data.dat HEAD /data.7z HEAD /data.sql HEAD /data.mdb HEAD /data.mdf HEAD /data.tgz HEAD /data.tar.gz HEAD /web.zip HEAD /web.rar HEAD /web.dat HEAD /web.7z HEAD /web.sql HEAD /web.mdb HEAD /web.mdf HEAD /web.tgz HEAD /web.tar.gz HEAD /wwwroot.zip HEAD /wwwroot.rar HEAD /wwwroot.dat HEAD /wwwroot.7z HEAD /wwwroot.sql HEAD /wwwroot.mdb HEAD /wwwroot.mdf HEAD /wwwroot.tgz HEAD /wwwroot.tar.gz HEAD /database.zip HEAD /database.rar HEAD /database.dat HEAD /database.7z HEAD /database.sql HEAD /database.mdb HEAD /database.mdf HEAD /database.tgz HEAD /database.tar.gz HEAD /www.zip HEAD /www.rar HEAD /www.dat HEAD /www.7z HEAD /www.sql HEAD /www.mdb HEAD /www.mdf HEAD /www.tgz HEAD /www.tar.gz HEAD /code.zip HEAD /code.rar HEAD /code.dat HEAD /code.7z HEAD /code.sql HEAD /code.mdb HEAD /code.mdf HEAD /code.tgz HEAD /code.tar.gz HEAD /test.zip HEAD /test.rar HEAD /test.dat HEAD /test.7z HEAD /test.sql HEAD /test.mdb HEAD /test.mdf HEAD /test.tgz HEAD /test.tar.gz HEAD /admin.zip HEAD /admin.rar HEAD /admin.dat HEAD /admin.7z HEAD /admin.sql HEAD /admin.mdb HEAD /admin.mdf HEAD /admin.tgz HEAD /admin.tar.gz HEAD /user.zip HEAD /user.rar HEAD /user.dat HEAD /user.7z HEAD /user.sql HEAD /user.mdb HEAD /user.mdf HEAD /user.tgz HEAD /user.tar.gz HEAD /sql.zip HEAD /sql.rar HEAD /sql.dat HEAD /sql.7z HEAD /sql.sql HEAD /sql.mdb HEAD /sql.mdf HEAD /sql.tgz HEAD /sql.tar.gz HEAD /bf.zip HEAD /bf.rar HEAD /bf.dat HEAD /bf.7z HEAD /bf.sql HEAD /bf.mdb HEAD /bf.mdf HEAD /bf.tgz HEAD /bf.tar.gz HEAD /beifen.zip HEAD /beifen.rar HEAD /beifen.dat HEAD /beifen.7z HEAD /beifen.sql HEAD /beifen.mdb HEAD /beifen.mdf HEAD /beifen.tgz HEAD /beifen.tar.gz HEAD /shujuku.zip HEAD /shujuku.rar HEAD /shujuku.dat HEAD /shujuku.7z HEAD /shujuku.sql HEAD /shujuku.mdb HEAD /shujuku.mdf HEAD /shujuku.tgz HEAD /shujuku.tar.gz HEAD /shuju.zip HEAD /shuju.rar HEAD /shuju.dat HEAD /shuju.7z HEAD /shuju.sql HEAD /shuju.mdb HEAD /shuju.mdf HEAD /shuju.tgz HEAD /shuju.tar.gz HEAD /ziliao.zip HEAD /ziliao.rar HEAD /ziliao.dat HEAD /ziliao.7z HEAD /ziliao.sql HEAD /ziliao.mdb HEAD /ziliao.mdf HEAD /ziliao.tgz HEAD /ziliao.tar.gz HEAD /freefixer.zip HEAD /freefixer.com.zip HEAD /www.freefixer.com.zip HEAD /freefixer.rar HEAD /freefixer.com.rar HEAD /www.freefixer.com.rar HEAD /freefixer.dat HEAD /freefixer.com.dat HEAD /www.freefixer.com.dat HEAD /freefixer.7z HEAD /freefixer.com.7z HEAD /www.freefixer.com.7z HEAD /freefixer.sql HEAD /freefixer.com.sql HEAD /www.freefixer.com.sql HEAD /freefixer.mdb HEAD /freefixer.com.mdb HEAD /www.freefixer.com.mdb HEAD /freefixer.mdf HEAD /freefixer.com.mdf HEAD /www.freefixer.com.mdf HEAD /freefixer.tgz HEAD /freefixer.com.tgz HEAD /www.freefixer.com.tgz HEAD /freefixer.tar.gz HEAD /freefixer.com.tar.gz HEAD /www.freefixer.com.tar.gz
Vanta Telecommunications Limited and egihosting.com are names that shows up then I did a lookup in ARIN register, as shown in the screenshot below. I’m assuming one of their customers have been hacked.



If you’ve been following this blog for the last week you know that I’ve been trying to weed out fake Bingbots, Yandexbots and Googlebots and other types of bad behaviour. Since 142.252.249.27 is currently trying to gain access to non-public information I’m going to block it in Apache’s .htaccess file.