Website has a lot of requests of 'fqexpack' url from Android devices

Question

Recently our website started to get a lot of requests for /fqexpack url from devices with user agent, somehow connected to Android, like

Dalvik/1.6.0 (Linux; U; Android 4.0.4; GT-S5303 Build/IMM76D)
Dalvik/1.6.0 (Linux; U; Android 4.0.3; M532 Build/IML74K)
Dalvik/1.2.0 (Linux; U; Android 2.2; SAMSUNG-SGH-I897 Build/FROYO)

These requests has fairly uniform day time distribution.

Of course, our site doesn't have page with that address, and also we have not published any links with this substring.

Google knows nothing about it.

Our site is targeted to Russian audience, but these requests happens even when it is night in Russia.

Also we have IP-addresses of these users.

What do you think this link may mean?

Site is hosted at Amazon, it is a .NET IIS-hosted application.

By the way, I have noticed, that all user agents are not of mobile browsers, that have user agent like `Mozilla/5.0 (Linux; Android 4.1.2; Boost Build/JZO54K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.57 Mobile Safari/537.36 OPR/18.0.1290.67495` — Mikhail Brinchuk, Jan 17 '14 at 12:12
And also it seem that all these requests are made not using host name of site, but its public ip-address. — Mikhail Brinchuk, Jan 17 '14 at 12:17
I think, these requests were made by this app: https://play.google.com/store/apps/details?id=com.cleanmaster.security (http://www.foresafe.com/report/D9BC96AF4CB01D1927ECABCA985FA27A) — Mikhail Brinchuk, Jan 17 '14 at 12:56

score 0 · Accepted Answer · answered Jan 24 '14 at 17:38

0

I have written an email to developers of enter link description here, they have not replied yet.

And also we've deleted elastic ip, that had those requests.

So for now we do not have this problem.

answered Jan 24 '14 at 17:38

Mikhail Brinchuk

111
3

Website has a lot of requests of 'fqexpack' url from Android devices

1 Answers1