I'm seeing quite a few hits for the past two or three weeks from (usually) "broadband" IPs that have been compromised and are being driven with FWD_FOR from WebAir ranges - probably only a handful of IPs. Not sure if the WebAir IPs have been compromised or if they are "owned" by baddies.
188.8.131.52 : 184.108.40.206 - 220.127.116.11
18.104.22.168 : 22.214.171.124 - 126.96.36.199
These are using IPs I've never come across before, such as unknown BR IP ranges (ie they have not shown up in my logs before).
Anyone here using WebAir hosting?