homepage Welcome to WebmasterWorld Guest from 54.161.175.231
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

    
The return of Choopa
173.199.116.xxx and 173.199.114.xxx
Bewenched




msg:4511543
 4:25 am on Oct 24, 2012 (gmt 0)

Server farm.

173.199.116.195 and 173.199.114.219

 

blend27




msg:4512018
 11:50 pm on Oct 24, 2012 (gmt 0)

I have a bigger range logged as in TITLE+cabra :)

NetRange 73.199.64.0 - 173.199.127.255
CIDR 173.199.64.0/18
Name CHOOPA-NETBLK07
Source [whois.arin.net...]

I also have 7 other ranges under the same category(cabra), will double check and post here.

Bewenched




msg:4512033
 12:52 am on Oct 25, 2012 (gmt 0)

That would be awesome. I'm going through my logs right now to see exactly what they were up to, but they DOUBLED the amount of traffic on our site today and yesterday.

Two of the ips came back as belonging to VBBCOM

I used maxmind as a service for fraud detection and they now have a service that is GeoIp and one of them returns the "Organization". To check it out it's free to demo for now... it's how I found the VBBCOM and when I search for info on them the first link is a torrent!

I'll post more when I parse the logs.
I'm almost afraid of what I'll find.

bunltd




msg:4512038
 1:38 am on Oct 25, 2012 (gmt 0)

I was hit today, basically brought a server to a standstill with requests.

Here's the list of IP's I saw:

173.199.114.163
173.199.114.187
173.199.114.211
173.199.114.235
173.199.115.123
173.199.115.75
173.199.116.203
173.199.116.227
173.199.116.27
173.199.116.51
173.199.117.251
173.199.119.131
173.199.119.35
173.199.119.59
173.199.119.67
173.199.120.131
173.199.120.139
173.199.120.19
173.199.120.27
 
Claiming to be User-Agent: AhrefsBot/4.0

blend27




msg:4512039
 1:40 am on Oct 25, 2012 (gmt 0)

Choopa(cabra) ranges in my book. Lots of these are GAMEServers.

108.61.0.0 - 108.61.255.255
73.199.64.0 - 173.199.127.255
209.222.0.0 - 209.222.31.255
68.232.160.0 - 68.232.191.255
216.155.128.0 - 216.155.159.255
64.237.32.0 - 64.237.63.25
66.55.128.0 - 66.55.159.255
208.167.224.0 - 208.167.255.255

I use several year old blogs/guestbooks/forums(open forum, set it and forget it :) ) seeded with HoneyPots, SCRAPE attempts, comment/referrer spamming, the IP data is then verified against DNSstuff, as well as ARIN, RIPE and so on...

blend27




msg:4512040
 1:42 am on Oct 25, 2012 (gmt 0)

correction to the first reply by me: NetRange 173.199.64.0 - 173.199.127.255

Bewenched




msg:4512112
 4:56 am on Oct 25, 2012 (gmt 0)

Sell some of them have the user agent of

QippoBot/1.4 ( [qippo.com...]

OnThePike




msg:4512278
 2:33 pm on Oct 25, 2012 (gmt 0)

# Choopa Networks/Game Servers/Undernet/Server Central/Internode
deny from 8.2.0.0/24
deny from 8.2.120.0/23
deny from 8.2.122.0/24
deny from 8.7.233.0/24
deny from 8.9.3.0/24
deny from 8.9.4.0/23
deny from 8.9.6.0/24
deny from 8.9.8.0/23
deny from 8.9.11.0/24
deny from 8.9.15.0/24
deny from 8.9.16.0/23
deny from 8.9.30.0/23
deny from 8.9.36.0/23
deny from 8.12.16.0/21
deny from 8.12.64.0/23
deny from 8.12.68.0/22
deny from 8.18.92.0/23
deny from 62.67.42.0/24
deny from 63.209.32.0/22
deny from 63.209.36.0/23
deny from 63.209.148.0/24
deny from 63.210.145.0/24
deny from 63.210.148.0/23
deny from 63.211.105.0/24
deny from 63.211.110.0/23
deny from 64.154.38.0/24
deny from 64.237.32.0/19
deny from 66.55.128.0/19
deny from 67.43.224.0/20
deny from 67.215.0.0/20
deny from 68.71.63.0/24
deny from 68.232.160.0/19
deny from 72.10.160.0/20
deny from 74.115.168.0/24
deny from 91.217.135.0/24
deny from 108.61.0.0/16
deny from 146.20.36.0/22
deny from 146.20.40.0/21
deny from 173.199.64.0/18
deny from 193.106.32.0/22
deny from 195.122.134.0/23
deny from 199.48.176.0/21
deny from 204.15.232.0/22
deny from 206.125.164.0/22
deny from 208.80.38.0/24
deny from 208.82.120.0/22
deny from 208.167.224.0/19
deny from 209.222.0.0/19
deny from 209.246.142.0/23
deny from 209.246.170.0/24
deny from 212.187.208.0/23
deny from 212.187.246.0/23
deny from 213.19.130.0/23
deny from 213.19.136.0/23
deny from 213.244.180.0/24
deny from 213.244.191.0/24
deny from 216.32.200.0/21
deny from 216.32.208.0/22
deny from 216.155.128.0/19
deny from 217.163.10.0/23
deny from 217.163.22.0/23
deny from 217.163.24.0/21

Bewenched




msg:4512476
 12:41 am on Oct 26, 2012 (gmt 0)

We may need to be careful when blocking ranges starting 173.

[173.194.73.106...]

I was checking referrers and one in analytics only came back with this url.

[173.194.73.106...]

IT'S GOOGLE.. I guess google mobile?

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved