Welcome to WebmasterWorld Guest from 107.21.183.163

Forum Moderators: Ocean10000 & incrediBILL

Message Too Old, No Replies

Bots coming from Peg Tech

198.2.192.0/18

     

lucy24

7:54 pm on Jun 8, 2013 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



Met this under the "indexphp botnet" header (a group I can only identify after-the-fact by behavior pattern):

198.2.204.145
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4

As of a few months ago, the range 198.2.128.0/18 was unassigned. It's now
198.2.128.0/18 MailChimp (dunno who they are, but they sure don't sound like a likely source of human traffic)
and
198.2.192.0/18 PegTech

The latter name brings up vague mental associations of the not-good variety. Closer investigation turns up two other PegTech ranges involving the same botnet-- each of them alongside a subrange registered in China. Is this one of those "never met a customer they didn't like" hosts?

keyplyr

12:02 am on Jun 10, 2013 (gmt 0)

WebmasterWorld Senior Member keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month




MailChimp may not sound like a legit source of traffic, but neither did MailRU when it first came on the scene. That's not to say MailChimp isn't monkey'n around, just that it probably needs further investigation.

Don't know anything PegTech them except they're a server farm and bad behavior has come from their ranges enough times for me to ban them. So far these are the PegTech ranges I have:

142.0.128.0 - 142.0.143.255
142.0.128.0/20

192.74.224.0 - 192.74.255.255
192.74.224.0/19

198.2.192.0 - 198.2.255.255
198.2.192.0/18

198.200.32.0 - 198.200.63.255
198.200.32.0/19

199.180.100.0 - 199.180.103.255
199.180.100.0/22

199.188.104.0 - 199.188.111.255
199.188.104.0/21

dougwilson

2:22 pm on Jun 10, 2013 (gmt 0)



pegtech and iptelligent all blocked - had to

dstiles

7:02 pm on Jun 10, 2013 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



Mailchimp, to me, is a mailing ;ist provider that sometimes sends me spam - not necessarily their fault, lots of mailing list servers do. :( To my mind, though, mail servers of any kind should not be accessing web sites, either on their own or as a customer proxy.

DNS says the range was registered 17 April. Thanks for the heads-up. Now blocked.

I have a note against my December 2012 database entry for 142.0.128.0/20 that pegtech leases at least some of the range to China.

Dijkgraaf

9:42 pm on Jun 10, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



A comment spammer and rule breaker according to Project Honeypot [projecthoneypot.org...]
It started it's bad behaviour about 3 weeks ago.

dstiles

8:53 pm on Jun 22, 2013 (gmt 0)

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 5+ Year Member



Hit from another peg-tech range today...

137.175.0.0 - 137.175.127.255
137.175.0.0/17
 

Featured Threads

Hot Threads This Week

Hot Threads This Month