I'm seeing quite a few hits for the past two or three weeks from (usually) "broadband" IPs that have been compromised and are being driven with FWD_FOR from WebAir ranges - probably only a handful of IPs. Not sure if the WebAir IPs have been compromised or if they are "owned" by baddies.
184.108.40.206 : 220.127.116.11 - 18.104.22.168
22.214.171.124 : 126.96.36.199 - 188.8.131.52
These are using IPs I've never come across before, such as unknown BR IP ranges (ie they have not shown up in my logs before).
Anyone here using WebAir hosting?