host-64-166-83.ubernet.com.bd was testing my security, so I thought I would out them. ubernet.com.bd is an IP telephone and ISP, out of Bangledesh.
Pattern:
This guy seems to have an older and a newer pattern. The older pattern starts with 220.47 and then appends the last 2 octets of the host name. The newer pattern starts with 45 and appends the last 3 octets of the host name.
lyncdiscover.dps.gov.co has nothing to do with the Government of Columbia, and a good thing, because it is a content scraper bot.
dps.gov.co is the Departamento para la Prosperidad Social, part of the Columbian Government. I am unsure how a content scraper got hold of a Columbian Government extent, legally.
As this is a Government site I have contacted their tech contact, but they do not look too sophisticated. At least I have done my part to try to stop this abuse of the dps.gv.co host name.
Research:
186.170.31.134 186.170.0.0 /15 COLOMBIA TEL
186.170.31.134
186.170.31.134
sl-reverse.com is a content spammer that is creeping into my site and I want it stopped. I’ll hunt them down and ban them. Sl-reverse also uses servers in Canada, Germany, Singapore, Japan and Italy, to name a few.
If they botnet my butt I will get more aggressive on them.
hn.kd.dhcp is spamming my site, so I need to remove it. This guy has been around for quote a while and has a long list of IPs, but not so long a list of IP ranges. This spammer runs out of Henan Province, China, but has used Jilin, Chongqing, Guangdong, and Shanghai
These may be related: hn.kd.ny.adsl; hn.ly.kd.adsl; hn.kd.dhcp
unassigned.calpop.com is a comment spammer, small yes, but still needs removal. They change this hostname’s IP a lot and move between different companies such as Calpop, CoreExpress, AirlineReservations.Com, and ATMLINK. They are out of Los Angeles. I am unsure if calpop.com is still in business, as Yelp postings suggest they are now closed. Their bot is still somehow finding electricity and connectivity to spam me, so the company and store die but the bot lives on…
no-reverse-dns-configured.com is a content spammer, and I need to eliminate him from hitting my site. Here are the details required to ban him. If these strict IPs are not sufficient then ban the range.
I did not ban the AWS ranges because IPs usually come up with AWS host names, and I ban them already.
This guy hn.kd.ny.adsl seems innocent enough, until I tried to look him up, only to find no positive IP address. Others have posted that they, too, cannot find his IP address in order to ban him. Hmmm, let me track him down.
This hacker is prolific in that he rarely repeats the third octet, making it harder to ban by a narrower range. You’ll need to go up to the second octet to cover his IP ranges. He uses predominantly China Unicom Henan. Only once did he go to China Unicon Fujian, which might just be an outlier data point.
midex.zomro.com scrapes my site for awstat tags. I do not know why, and they do it multiple times. It is very annoying.
There is a ransomware listing for crasher121.zomro.com 93.170.169.52. There are other comments such as “109.248.33.212 is involved in malware incidents, spamming activity, ssh attacks, ddos” so caution is required. I did not research zomro.net, as I do not know if the .com and .net sites are related.
ipredator.se is a Swedish VPN service that is comment spamming my site.
Observation:
anon-48-125.vpn.ipredator.se 46.246.32.0 – 46.246.63.255 PrivActually
host anon-44-42.vpn.ipredator.se 46.246.44.42
exit1.ipredator.se 197.231.221.211 CYBERDYNE Monrovia I did not realize that I had banned this before. If this changes I will hunt it down again. There are a few IPs that have used this host name. They continue to content scrape me.
anon-45-30.vpn.ipredator.se 46.246.45.30
anon-47-29.vpn.ipredator.se 46.246.47.29
Pattern:
Add 46.246. to the two octets in the host name.
