host671420043112.direcway.com is a whisper bot that content scraped me. They are unique in that their hostname is somewhat ambiguous, making machine reading more difficult. All octets can be 2 or 3 digits long, allowing for much ambiguity.
whisper is a very much hated botnet that continues to attack my site, one ip at a time, small but relentless.
Observation:
host671420043112.direcway.com predicted IP is 67.142.112.43
Pattern:
The host name has all of the IP digits but is ambiguous. The first octet can be either 2 or 3 digits, so look at their IP ranges. The third and fourth octets are reversed. The third octet has a prepended “00”.
Research:
host671420016387.direcway.com 67.142.87.163
host671420043112.direcway.com 67.142.112.43
host67142009112.direcway.com 67.142.112.9
host671420025163.direcway.com 67.142.163.25
host671420026173.direcway.com 67.142.173.26
host6714200252235.direcway.com 67.142.235.252
host6714200140203.direcway.com 67.142.203.140
host7216800236160.direcway.com 72.168.160.236
host7216800141161.direcway.com 72.168.161.141
host7216800112167.direcway.com 72.168.167.112
host721693680.direcway.com 72.169.80.36
host7216916781.direcway.com 72.169.81.167
host721700017.direcway.com 72.170.7.1
host721710012424.direcway.com 72.171.24.124
host721710059192.direcway.com 72.171.192.59
host9773002786.direcway.com 97.73.86.27
host977300186150.direcway.com 97.73.150.186
host184536833.direcway.com 184.53.33.68
host1845313253.direcway.com 184.53.53.132
host174320000.direcway.com 174.32.0.0
host1743200228238.direcway.com 174.32.238.228
host17433006326.direcway.com 174.33.26.63
host17433006647.direcway.com 174.33.47.66
host17433006202.direcway.com 174.33.202.6