I'm seeing quite a few hits for the past two or three weeks from (usually) "broadband" IPs that have been compromised and are being driven with FWD_FOR from WebAir ranges - probably only a handful of IPs. Not sure if the WebAir IPs have been compromised or if they are "owned" by baddies.
18.104.22.168 : 22.214.171.124 - 126.96.36.199
188.8.131.52 : 184.108.40.206 - 220.127.116.11
These are using IPs I've never come across before, such as unknown BR IP ranges (ie they have not shown up in my logs before).
Anyone here using WebAir hosting?