[Dshield] Bizarre HTTP GET

CunningPike cunningpike at gmail.com
Mon Jul 28 20:02:50 GMT 2008


Greetings,

Has anyone else encountered HTTP GETs like the following? It looks to be 
pre-loaded with a whole bunch of session-related cookies - almost a 
session brute-force attempt:

SRC: GET /esdb/ HTTP/1.0
SRC: Host: www.dnv.org
SRC: Cookie: 
CFGLOBALS=urltoken%3DCFID%23%3D5114828%26CFTOKEN%23%3D4df075f6e9570c6b%2D69B123B0%2DC293%2D63BC%2D8214A6C04C3BEDEC%23lastvisit%3D%7Bts%20%272008%2D07%2D28%2005%3A44%3A48%27%7D%23timecreated%3D%7Bts%20%272008%2D07%2D28%2005%3A44%3A48%27%7D%23hitcount%3D2%23cftoken%3D4df075f6e9570c6b%2D69B123B0%2DC293%2D63BC%2D8214A6C04C3BEDEC%23cfid%3D5114828%23
SRC: Cookie: EHRLES1=UserID=120097&SessionID=njLibvFq4EPJ1XIbddWd
SRC: Cookie: clsect=2
SRC: Cookie: vCard_senderemail=deleted
SRC: Cookie: vCard_sendername=deleted
SRC: Cookie: vCard_recpemail=deleted
SRC: Cookie: vCard_recpname=deleted
SRC: Cookie: WWWSLB=36
SRC: Cookie: DFSEX=0
SRC: Cookie: DFSRM=0
SRC: Cookie: DFSID=69B123CF%2DC293%2D63BC%2D8E9B64941A808E71
SRC: Cookie: ctk=NDg4ZGJmMzM0NmJkNDE2OGNhN2JiMTliYmRjZg%3D%3D
SRC: Cookie: ASPSESSIONIDSARQCRBR=PJGMNBNCCGELJMEDPCEGFKEG
SRC: Cookie: SWID=16E3EC6E-CF85-446A-9D4C-96ECB622741B
SRC: Cookie: DilbertServerID=1527
SRC: Cookie: daytimer=cid=us&shopperid=07AEE5F8701748C08186911E3136B728
SRC: Cookie: cpage=%2FDefault%2Easp%3F
SRC: Cookie: REFERRER=(null)
SRC: Cookie: MEMBER_PAGE=sherry67/fun2.html
SRC: Cookie: ec_token=2E388J5728585X
SRC: Cookie: 
cs=aRL8zWKg7VZKYty0w0mD/AGXTD6XF3p5wnJcPpCDKruklai90AfsjdcXewjHnzw+nObctrcn2LZHN0w+kYGrftcXTD6hAEy2lxdMCK8HxD6fzL2uEDRcqhBBqnjHgErJlxdMfjcHDB6XN0w+lxdMftdHDA6Q==
SRC: Cookie: 
uu=XKLbDI/uRzDn2Fb4zx2itAbRbbqgkW2cM7Jb6qPi7pnW8n4psxLr/IbXTunh9jrpluc7SgCRbbqQoi6589J
SRC: 
u+gMCH1nD8c04cnI+6aAxHon2F/vMJ9HN7ccTi1zwMRuMUDFI75AxSU4Upfj/NBWZbrRl2X6zki0aY/I/WbOC7ihAQh64Q5IuKgMC7vmwMn6ZsJFtGgZxLZqg1lvs+IFtuqhHirorYP0uIKH5MnCxbbqmRsta4JFt/LhNvyqgkX0uINFNuqCRS/wxmP26oIH5MlCxbbqgkW3q4MEtiq
SRC: Cookie: nCircleBlog=70.189.65.104.119791217249048649
SRC: Cookie: CRAYOLA_POPUP=%7Bts%20%272008%2D07%2D28%2008%3A44%3A07%27%7D
SRC: Cookie: CRAYOLA_ANON=%7Bts%20%272008%2D07%2D28%2008%3A44%3A07%27%7D
SRC: Cookie: cl_def_hp=tulsa
SRC: Cookie: cl_def_lang=en
SRC: Cookie: coxlocale=tulsa%3Ben
SRC: Cookie: mid=0
SRC: Cookie: pid=0
SRC: Cookie: CLENETid=1:27.
SRC: Cookie: CTOpt=time=1217249030638&sess=31267557671
SRC: Cookie: Apache=70.189.65.104.305671217249028920
SRC: Cookie: DOESBROWSERACCEPTCOOKIES=true
SRC: Cookie: bowtie=7/28/2008 5:44:05 AM
SRC: Cookie: SESS388d7b52fe6c27d2aa44abf18a9e18f5=ced65dmr7t0ivgi6m2eo253553
SRC: Cookie: mmlID=93448404
SRC: Cookie: customer=107947749
SRC: Cookie: order=74197621
SRC: Cookie: ASPSESSIONIDASSAASAR=GMAKJFCCDJBGKLNIIHFHGEAD
SRC: Cookie: 
SESS3f4f40b66af5a88185d3cdeee42c51df=cabbc17ccf3fa317d7aacc5939b767e1
SRC: Cookie: CFTOKEN=4df075f6e9570c6b-69B123B0-C293-63BC-8214A6C04C3BEDEC
SRC: Cookie: CFID=5114828
SRC: Cookie: ASPSESSIONIDSADDCRQT=MAFPKONCFEJFFFNEANIEMIDI
SRC: Cookie: 
MSTk=qs=06oENya4ZG5X757KKL0xhi4IDo8OINeZnkPNp8JeC4KYxPlud3QTsaXj51ZvZuZDDmtFZ2Hq8-RqBwMWFJgneKQOuTvap04WzrxmFW9ZJbt_m2_bm6_Ujoe5KdION9XyBZADyUAjqOhV5ogDJrUww6zjHOb-ndzsL6Gaizx-JkI6zphcZsy3jXX3nCqUVs-tDwxEI7Vm-l6C1CIXjwg7mpM61HL
SRC: rEcUREYYrVK,YT0z
SRC: Cookie: SessionCounters=-1=1,1=1
SRC: Cookie: SLTk=Exp=7/25/2008 5:42:58 AM
SRC: Cookie: LastURL=http://www.beclutter-free.com/default.pk
SRC: Cookie: Domain=beclutter-free.com
SRC: Cookie: 
VisitorID=52c70e3e-06b9-4f44-9191-908b841e2c91&Exp=7/28/2011 5:42:58 AM
SRC: Cookie: RandomSeed=1656187007
SRC: Cookie: SessionID=c89affca-26c7-4d41-852b-6524ac8dfcf0
SRC: Cookie: ASPSESSIONIDQSRRBDBD=KIKBFGMCMFDFGNONJIDDPFBN, 
comment_by_existing=deleted, Coyote-2-45199505=a140101:0, 
session_id=192bd2b3f61e2d804f7cd875ef73d13f, user_id=deleted, 
recSerBox=1, recViewBox=1, 
MC1=V=2&GUID=7EA9C99D78EA4BEA9E69073667E0EE2F, 
AnandTechVisitedDate=7/28/2008 8:42:34 AM, ATLASTVISITEDSYS=7/28/2008 
8:42:34 AM, ATLASTVISITED=7/28/2008 8:42:34 AM, 
atusessionw=c4fae3e2-ddb8-43a7-9a73-9da7971ed57e, 
ASP.NET_SessionId=cfxenb55qyaph52pubkzrwym, 
ASPSESSIONIDCCTQRSSQ=FNCOJMLDNBOOPDBIMMNMCNGG, check%5Fcookie=1, 
Visitor=LastUpdated=7%2F28%2F2008+8%3A42%3A33+AM&DateNew=7%2F28%2F2008+8%3A42%3A33+AM&UsID=84546524, 
TLTHID=6C976809451D5D276A4FA9BDE15F1688, 
TLTSID=6C976809451D5D276A4FA9BDE15F1688z0, gbShowActions=True, 
SES%5FAFX=32066811, SES%5FBBB=7%2F28%2F20083465003, 
session-token=2J14tyfHeablq/E8o5vH34mzd7r+3WwsWN6swM+GHojeJxOrJRmao4ZZyjkVbC/HnlZablBXtKJFu5t4fo4a5XSComGLTWp2mxYqcXBLln6MYBcz6kg6BOXKadorGWUeM75bPJuSbbJHVk4xh/H7cqOYXISAYezpyWXKP//VttE7oGoh0/rzIRvKUN+GmOhT75xBfaQoKN0=, 
ubid-main=102-6925827-456
SRC: 8451, session-id=102-7741321-4364915, session-id-time=1217833200l, 
_cookie=OK, PHPSESSID=192bd2b3f61e2d804f7cd875ef73d13f, 
RUUID=2571083%3A32354115, BX=f9e330t48rfl6&b=3&s=vr, 
NovaId=1178761725940911354, PREF=_lm=1217248938:v=2:frschk=1, 
SS=Q0=VkNGUw, JServSessionIdroot=jp23zvxnk2.JS1, 
JSESSIONID=JyvSLN2QfH5PGSnr9WTsLp7d1cy15vXCM1b31kzsRfQnQG41Gbct!-965242952, 
krts=BEE1A2038B634522B5BFF0AF4D79F380, 
krtt=4D8FE08CA91742A2BA0CF0AF4D79F380, 
krta=AA37AF88973E4068953BF0AF4D79F380, 
TimeTrack=LastSeenDateTime=07/28/2008 12:41:49 
PM&IssueDateTime=07/28/2008 12:41:49 PM, 
YourSavedSettings=2S76V1HA81ZEV3_YOUR_SAVED_SETTINGS_NEED_THIS_COOKIE, 
ShortUrlAddressesAndFunAds=28C8TL104WUU2H3A3IY3PMI_0_ACCEPT_COOKIE_FOR_SMALL_ADDRESSES_AND_FUN_ADS, 
userid=4n3J6GJI9v, 
pds%5Flife=d=AQAdZMKMA9Hp2aji9%2F5UEWuTCL7IuorEa4aDXwtUny9t8%2FKoSkVxcZiiesUQ1q%2Bx1BkNwWGZF5pa%2BgugtLfJ0c30&v=5, 
csxslt=no, 
pds%5Fsess=d=AQC3dYx%2BAw646%2BXXzxastpQOQ8b3lQiKwnBO2t326NLn8el1nPJmefeAdcPVikRsDDMdjLo0C5ME%2Fx7G1WEQwlK4&v=5, 
cartexists=yes, 
pds%5Fvcart%5Fsess=d=TD3j6hAA1k6lWjghi8jKBkSxSh9IAAQAAgBpAAAAAQA%3D&v=5, 
returning=1, browserid=version=0&v=5&os=0&browser=0, 
recentlocs=d=K8kIuxQAyV1%2Bd6gw9oB0WCJVPHK9BkofSAAIAFoAPwAAAEAAPgA8AEJvb2tzLCBUZXh0Ym9va3MsIFVzZWQgQm9va3MsIERWRHMsIE11c2ljLCBUb3lzLCBIb21lICYgR2lmdBoAV2ViSG9zdC9pbmRleC5hc3A%2Fej15JnJ2PTE%3D
SRC: Cookie: comment_by_existing=deleted
SRC: Cookie: Coy
SRC: ote-2-45199505=a140101:0
SRC: Cookie: session_id=edea9cad57fa4ea044d2112cb130935c
SRC: Cookie: user_id=deleted
SRC: Cookie: recSerBox=1
SRC: Cookie: recViewBox=1
SRC: Cookie: MC1=V=2&GUID=7EA9C99D78EA4BEA9E69073667E0EE2F
SRC: Cookie: AnandTechVisitedDate=7/28/2008 8:42:34 AM
SRC: Cookie: ATLASTVISITEDSYS=7/28/2008 8:42:34 AM
SRC: Cookie: ATLASTVISITED=7/28/2008 8:42:34 AM
SRC: Cookie: atusessionw=c4fae3e2-ddb8-43a7-9a73-9da7971ed57e
SRC: Cookie: ASP.NET_SessionId=k12rlqremxlcc555yxo3o345
SRC: Cookie: ASPSESSIONIDCCTQRSSQ=FNCOJMLDNBOOPDBIMMNMCNGG
SRC: Cookie: check%5Fcookie=1
SRC: Cookie: 
Visitor=LastUpdated=7%2F28%2F2008+8%3A42%3A33+AM&DateNew=7%2F28%2F2008+8%3A42%3A33+AM&UsID=84546524
SRC: Cookie: TLTHID=6C976809451D5D276A4FA9BDE15F1688
SRC: Cookie: TLTSID=6C976809451D5D276A4FA9BDE15F1688z0
SRC: Cookie: gbShowActions=True
SRC: Cookie: SES%5FAFX=32066811
SRC: Cookie: SES%5FBBB=7%2F28%2F20083465003
SRC: Cookie: 
session-token=2J14tyfHeablq/E8o5vH34mzd7r+3WwsWN6swM+GHojeJxOrJRmao4ZZyjkVbC/HnlZablBXtKJFu5t4fo4a5XSComGLTWp2mxYqcXBLln6MYBcz6kg6BOXKadorGWUeM75bPJuSbbJHVk4xh/H7cqOYXISAYezpyWXKP//VttE7oGoh0/rzIRvKUN+GmOhT75xBfaQoKN0=
SRC: Cookie: ubid-main=102-6925827-4568451
SRC: Cookie: session-id=064-7249049-3252126
SRC: Cookie: session-id-time=1217335449
SRC: Cookie: _cookie=OK
SRC: Cookie: PHPSESSID=7b67gthtqulfi3dd4ls8bvl9b4
SRC: Cookie: RUUID=2571083%3A32354115
SRC: Cookie: BX=f9e330t48rfl6&b=3&s=vr
SRC: Cookie: NovaId=1178761725940911354
SRC: Cookie: PREF=_lm=121724893
SRC: 8:v=2:frschk=1
SRC: Cookie: SS=Q0=VkNGUw
SRC: Cookie: JServSessionIdroot=jp23zvxnk2.JS1
SRC: Cookie: JSESSIONID=34355F7F7F2A3745ECF560D79B7002A4
SRC: Cookie: krts=BEE1A2038B634522B5BFF0AF4D79F380
SRC: Cookie: krtt=4D8FE08CA91742A2BA0CF0AF4D79F380
SRC: Cookie: krta=AA37AF88973E4068953BF0AF4D79F380
SRC: Cookie: TimeTrack=LastSeenDateTime=07/28/2008 12:41:49 
PM&IssueDateTime=07/28/2008 12:41:49 PM
SRC: Cookie: 
YourSavedSettings=2S76V1HA81ZEV3_YOUR_SAVED_SETTINGS_NEED_THIS_COOKIE
SRC: Cookie: 
ShortUrlAddressesAndFunAds=28C8TL104WUU2H3A3IY3PMI_0_ACCEPT_COOKIE_FOR_SMALL_ADDRESSES_AND_FUN_ADS
SRC: Cookie: userid=4n3J6GJI9v
SRC: Cookie: 
pds%5Flife=d=AQAdZMKMA9Hp2aji9%2F5UEWuTCL7IuorEa4aDXwtUny9t8%2FKoSkVxcZiiesUQ1q%2Bx1BkNwWGZF5pa%2BgugtLfJ0c30&v=5
SRC: Cookie: csxslt=no
SRC: Cookie: 
pds%5Fsess=d=AQC3dYx%2BAw646%2BXXzxastpQOQ8b3lQiKwnBO2t326NLn8el1nPJmefeAdcPVikRsDDMdjLo0C5ME%2Fx7G1WEQwlK4&v=5
SRC: Cookie: cartexists=yes
SRC: Cookie: 
pds%5Fvcart%5Fsess=d=TD3j6hAA1k6lWjghi8jKBkSxSh9IAAQAAgBpAAAAAQA%3D&v=5
SRC: Cookie: returning=1
SRC: Cookie: browserid=version=0&os=0&browser=0
SRC: Cookie: 
recentlocs=d=K8kIuxQAyV1%2Bd6gw9oB0WCJVPHK9BkofSAAIAFoAPwAAAEAAPgA8AEJvb2tzLCBUZXh0Ym9va3MsIFVzZWQgQm9va3MsIERWRHMsIE11c2ljLCBUb3lzLCBIb21lICYgR2lmdBoAV2ViSG9zdC9pbmRleC5hc3A%2Fej15JnJ2PTE%3D&v=5
SRC: User-Agent: Mozilla/4.0 (compatible; IE-Favorites-Check-0.5)
SRC:

--
CP




More information about the list mailing list