Welcome to WebmasterWorld Guest from 54.221.9.209

Forum Moderators: Ocean10000 & incrediBILL

Message Too Old, No Replies

Bots coming from Peg Tech

198.2.192.0/18

     
7:54 pm on Jun 8, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month

joined:Apr 9, 2011
posts:12707
votes: 244


Met this under the "indexphp botnet" header (a group I can only identify after-the-fact by behavior pattern):

198.2.204.145
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4

As of a few months ago, the range 198.2.128.0/18 was unassigned. It's now
198.2.128.0/18 MailChimp (dunno who they are, but they sure don't sound like a likely source of human traffic)
and
198.2.192.0/18 PegTech

The latter name brings up vague mental associations of the not-good variety. Closer investigation turns up two other PegTech ranges involving the same botnet-- each of them alongside a subrange registered in China. Is this one of those "never met a customer they didn't like" hosts?
12:02 am on June 10, 2013 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:5808
votes: 64



MailChimp may not sound like a legit source of traffic, but neither did MailRU when it first came on the scene. That's not to say MailChimp isn't monkey'n around, just that it probably needs further investigation.

Don't know anything PegTech them except they're a server farm and bad behavior has come from their ranges enough times for me to ban them. So far these are the PegTech ranges I have:

142.0.128.0 - 142.0.143.255
142.0.128.0/20

192.74.224.0 - 192.74.255.255
192.74.224.0/19

198.2.192.0 - 198.2.255.255
198.2.192.0/18

198.200.32.0 - 198.200.63.255
198.200.32.0/19

199.180.100.0 - 199.180.103.255
199.180.100.0/22

199.188.104.0 - 199.188.111.255
199.188.104.0/21
2:22 pm on June 10, 2013 (gmt 0)

Junior Member

joined:Mar 16, 2012
posts: 95
votes: 0


pegtech and iptelligent all blocked - had to
7:02 pm on June 10, 2013 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3092
votes: 2


Mailchimp, to me, is a mailing ;ist provider that sometimes sends me spam - not necessarily their fault, lots of mailing list servers do. :( To my mind, though, mail servers of any kind should not be accessing web sites, either on their own or as a customer proxy.

DNS says the range was registered 17 April. Thanks for the heads-up. Now blocked.

I have a note against my December 2012 database entry for 142.0.128.0/20 that pegtech leases at least some of the range to China.
9:42 pm on June 10, 2013 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:May 31, 2005
posts:1108
votes: 0


A comment spammer and rule breaker according to Project Honeypot [projecthoneypot.org...]
It started it's bad behaviour about 3 weeks ago.
8:53 pm on June 22, 2013 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3092
votes: 2


Hit from another peg-tech range today...

137.175.0.0 - 137.175.127.255
137.175.0.0/17