Welcome to WebmasterWorld Guest from 23.23.62.93

Forum Moderators: Ocean10000 & incrediBILL

Message Too Old, No Replies

The return of Choopa

173.199.116.xxx and 173.199.114.xxx

   
4:25 am on Oct 24, 2012 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Server farm.

173.199.116.195 and 173.199.114.219
11:50 pm on Oct 24, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I have a bigger range logged as in TITLE+cabra :)

NetRange 73.199.64.0 - 173.199.127.255
CIDR 173.199.64.0/18
Name CHOOPA-NETBLK07
Source [whois.arin.net...]

I also have 7 other ranges under the same category(cabra), will double check and post here.
12:52 am on Oct 25, 2012 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



That would be awesome. I'm going through my logs right now to see exactly what they were up to, but they DOUBLED the amount of traffic on our site today and yesterday.

Two of the ips came back as belonging to VBBCOM

I used maxmind as a service for fraud detection and they now have a service that is GeoIp and one of them returns the "Organization". To check it out it's free to demo for now... it's how I found the VBBCOM and when I search for info on them the first link is a torrent!

I'll post more when I parse the logs.
I'm almost afraid of what I'll find.
1:38 am on Oct 25, 2012 (gmt 0)

10+ Year Member



I was hit today, basically brought a server to a standstill with requests.

Here's the list of IP's I saw:

173.199.114.163
173.199.114.187
173.199.114.211
173.199.114.235
173.199.115.123
173.199.115.75
173.199.116.203
173.199.116.227
173.199.116.27
173.199.116.51
173.199.117.251
173.199.119.131
173.199.119.35
173.199.119.59
173.199.119.67
173.199.120.131
173.199.120.139
173.199.120.19
173.199.120.27
 
Claiming to be User-Agent: AhrefsBot/4.0
1:40 am on Oct 25, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Choopa(cabra) ranges in my book. Lots of these are GAMEServers.

108.61.0.0 - 108.61.255.255
73.199.64.0 - 173.199.127.255
209.222.0.0 - 209.222.31.255
68.232.160.0 - 68.232.191.255
216.155.128.0 - 216.155.159.255
64.237.32.0 - 64.237.63.25
66.55.128.0 - 66.55.159.255
208.167.224.0 - 208.167.255.255

I use several year old blogs/guestbooks/forums(open forum, set it and forget it :) ) seeded with HoneyPots, SCRAPE attempts, comment/referrer spamming, the IP data is then verified against DNSstuff, as well as ARIN, RIPE and so on...
1:42 am on Oct 25, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



correction to the first reply by me: NetRange 173.199.64.0 - 173.199.127.255
4:56 am on Oct 25, 2012 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Sell some of them have the user agent of

QippoBot/1.4 ( [qippo.com...]
2:33 pm on Oct 25, 2012 (gmt 0)

5+ Year Member



# Choopa Networks/Game Servers/Undernet/Server Central/Internode
deny from 8.2.0.0/24
deny from 8.2.120.0/23
deny from 8.2.122.0/24
deny from 8.7.233.0/24
deny from 8.9.3.0/24
deny from 8.9.4.0/23
deny from 8.9.6.0/24
deny from 8.9.8.0/23
deny from 8.9.11.0/24
deny from 8.9.15.0/24
deny from 8.9.16.0/23
deny from 8.9.30.0/23
deny from 8.9.36.0/23
deny from 8.12.16.0/21
deny from 8.12.64.0/23
deny from 8.12.68.0/22
deny from 8.18.92.0/23
deny from 62.67.42.0/24
deny from 63.209.32.0/22
deny from 63.209.36.0/23
deny from 63.209.148.0/24
deny from 63.210.145.0/24
deny from 63.210.148.0/23
deny from 63.211.105.0/24
deny from 63.211.110.0/23
deny from 64.154.38.0/24
deny from 64.237.32.0/19
deny from 66.55.128.0/19
deny from 67.43.224.0/20
deny from 67.215.0.0/20
deny from 68.71.63.0/24
deny from 68.232.160.0/19
deny from 72.10.160.0/20
deny from 74.115.168.0/24
deny from 91.217.135.0/24
deny from 108.61.0.0/16
deny from 146.20.36.0/22
deny from 146.20.40.0/21
deny from 173.199.64.0/18
deny from 193.106.32.0/22
deny from 195.122.134.0/23
deny from 199.48.176.0/21
deny from 204.15.232.0/22
deny from 206.125.164.0/22
deny from 208.80.38.0/24
deny from 208.82.120.0/22
deny from 208.167.224.0/19
deny from 209.222.0.0/19
deny from 209.246.142.0/23
deny from 209.246.170.0/24
deny from 212.187.208.0/23
deny from 212.187.246.0/23
deny from 213.19.130.0/23
deny from 213.19.136.0/23
deny from 213.244.180.0/24
deny from 213.244.191.0/24
deny from 216.32.200.0/21
deny from 216.32.208.0/22
deny from 216.155.128.0/19
deny from 217.163.10.0/23
deny from 217.163.22.0/23
deny from 217.163.24.0/21
12:41 am on Oct 26, 2012 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



We may need to be careful when blocking ranges starting 173.

[173.194.73.106...]

I was checking referrers and one in analytics only came back with this url.

[173.194.73.106...]

IT'S GOOGLE.. I guess google mobile?
 

Featured Threads

Hot Threads This Week

Hot Threads This Month