blend27
msg:4512018 | 11:50 pm on Oct 24, 2012 (gmt 0) |
I have a bigger range logged as in TITLE+cabra :)
NetRange 73.199.64.0 - 173.199.127.255
CIDR 173.199.64.0/18
Name CHOOPA-NETBLK07
Source [whois.arin.net...]
I also have 7 other ranges under the same category(cabra), will double check and post here.
|
Bewenched
msg:4512033 | 12:52 am on Oct 25, 2012 (gmt 0) |
That would be awesome. I'm going through my logs right now to see exactly what they were up to, but they DOUBLED the amount of traffic on our site today and yesterday.
Two of the ips came back as belonging to VBBCOM
I used maxmind as a service for fraud detection and they now have a service that is GeoIp and one of them returns the "Organization". To check it out it's free to demo for now... it's how I found the VBBCOM and when I search for info on them the first link is a torrent!
I'll post more when I parse the logs.
I'm almost afraid of what I'll find.
|
bunltd
msg:4512038 | 1:38 am on Oct 25, 2012 (gmt 0) |
I was hit today, basically brought a server to a standstill with requests.
Here's the list of IP's I saw:
173.199.114.163
173.199.114.187
173.199.114.211
173.199.114.235
173.199.115.123
173.199.115.75
173.199.116.203
173.199.116.227
173.199.116.27
173.199.116.51
173.199.117.251
173.199.119.131
173.199.119.35
173.199.119.59
173.199.119.67
173.199.120.131
173.199.120.139
173.199.120.19
173.199.120.27
Claiming to be User-Agent: AhrefsBot/4.0
|
blend27
msg:4512039 | 1:40 am on Oct 25, 2012 (gmt 0) |
Choopa(cabra) ranges in my book. Lots of these are GAMEServers.
108.61.0.0 - 108.61.255.255
73.199.64.0 - 173.199.127.255
209.222.0.0 - 209.222.31.255
68.232.160.0 - 68.232.191.255
216.155.128.0 - 216.155.159.255
64.237.32.0 - 64.237.63.25
66.55.128.0 - 66.55.159.255
208.167.224.0 - 208.167.255.255
I use several year old blogs/guestbooks/forums(open forum, set it and forget it :) ) seeded with HoneyPots, SCRAPE attempts, comment/referrer spamming, the IP data is then verified against DNSstuff, as well as ARIN, RIPE and so on...
|
blend27
msg:4512040 | 1:42 am on Oct 25, 2012 (gmt 0) |
correction to the first reply by me: NetRange 173.199.64.0 - 173.199.127.255
|
Bewenched
msg:4512112 | 4:56 am on Oct 25, 2012 (gmt 0) |
Sell some of them have the user agent of
QippoBot/1.4 ( [qippo.com...]
|
OnThePike
msg:4512278 | 2:33 pm on Oct 25, 2012 (gmt 0) |
# Choopa Networks/Game Servers/Undernet/Server Central/Internode
deny from 8.2.0.0/24
deny from 8.2.120.0/23
deny from 8.2.122.0/24
deny from 8.7.233.0/24
deny from 8.9.3.0/24
deny from 8.9.4.0/23
deny from 8.9.6.0/24
deny from 8.9.8.0/23
deny from 8.9.11.0/24
deny from 8.9.15.0/24
deny from 8.9.16.0/23
deny from 8.9.30.0/23
deny from 8.9.36.0/23
deny from 8.12.16.0/21
deny from 8.12.64.0/23
deny from 8.12.68.0/22
deny from 8.18.92.0/23
deny from 62.67.42.0/24
deny from 63.209.32.0/22
deny from 63.209.36.0/23
deny from 63.209.148.0/24
deny from 63.210.145.0/24
deny from 63.210.148.0/23
deny from 63.211.105.0/24
deny from 63.211.110.0/23
deny from 64.154.38.0/24
deny from 64.237.32.0/19
deny from 66.55.128.0/19
deny from 67.43.224.0/20
deny from 67.215.0.0/20
deny from 68.71.63.0/24
deny from 68.232.160.0/19
deny from 72.10.160.0/20
deny from 74.115.168.0/24
deny from 91.217.135.0/24
deny from 108.61.0.0/16
deny from 146.20.36.0/22
deny from 146.20.40.0/21
deny from 173.199.64.0/18
deny from 193.106.32.0/22
deny from 195.122.134.0/23
deny from 199.48.176.0/21
deny from 204.15.232.0/22
deny from 206.125.164.0/22
deny from 208.80.38.0/24
deny from 208.82.120.0/22
deny from 208.167.224.0/19
deny from 209.222.0.0/19
deny from 209.246.142.0/23
deny from 209.246.170.0/24
deny from 212.187.208.0/23
deny from 212.187.246.0/23
deny from 213.19.130.0/23
deny from 213.19.136.0/23
deny from 213.244.180.0/24
deny from 213.244.191.0/24
deny from 216.32.200.0/21
deny from 216.32.208.0/22
deny from 216.155.128.0/19
deny from 217.163.10.0/23
deny from 217.163.22.0/23
deny from 217.163.24.0/21
|
Bewenched
msg:4512476 | 12:41 am on Oct 26, 2012 (gmt 0) |
We may need to be careful when blocking ranges starting 173.
[173.194.73.106...]
I was checking referrers and one in analytics only came back with this url.
[173.194.73.106...]
IT'S GOOGLE.. I guess google mobile?
|
|
