host-64-166-83.ubernet.com.bd was testing my security, so I thought I would out them. ubernet.com.bd is an IP telephone and ISP, out of Bangledesh.
This guy seems to have an older and a newer pattern. The older pattern starts with 220.47 and then appends the last 2 octets of the host name. The newer pattern starts with 45 and appends the last 3 octets of the host name.
host-161-148.ubernet.com.bd 18.104.22.168 22.214.171.124 – 126.96.36.199 188.8.131.52/21
lyncdiscover.dps.gov.co has nothing to do with the Government of Columbia, and a good thing, because it is a content scraper bot.
dps.gov.co is the Departamento para la Prosperidad Social, part of the Columbian Government. I am unsure how a content scraper got hold of a Columbian Government extent, legally.
As this is a Government site I have contacted their tech contact, but they do not look too sophisticated. At least I have done my part to try to stop this abuse of the dps.gv.co host name.
184.108.40.206 220.127.116.11 /15 COLOMBIA TEL
Permanent link to this post
(95 words, 0 images, estimated 23 secs reading time)
boostgram.com tried to crack my site security. I need him disabled. Boostgram is hosted by Digital Ocean, which hosts a lot of spamming sites.
production.ap.9612d3.boostgram.com 18.104.22.168 22.214.171.124 – 126.96.36.199 188.8.131.52/16
production.ap.90c84e.boostgram.com 184.108.40.206 144.200.78.
production.ap.831aab.boostgram.com 220.127.116.11 18.104.22.168 – 22.214.171.124 126.96.36.199/16
production.ap.9b51e1.boostgram.com 188.8.131.52 155.81.225.
production.ap.ecaad3.boostgram.com 184.108.40.206 236.170.211.
production.ap.e06883.boostgram.com 220.127.116.11 18.104.22.168 – 22.214.171.124 126.96.36.199/16
production.ap.3393bc.boostgram.com 188.8.131.52 184.108.40.206 – 220.127.116.11 18.104.22.168/16
sl-reverse.com is a content spammer that is creeping into my site and I want it stopped. I’ll hunt them down and ban them. Sl-reverse also uses servers in Canada, Germany, Singapore, Japan and Italy, to name a few.
If they botnet my butt I will get more aggressive on them.
6.1f.5177.ip4.static.sl-reverse.com 22.214.171.124 126.96.36.199/24 SOFTLAYER
d7.85.7a9f.ip4.static.sl-reverse.com 188.8.131.52 184.108.40.206/24 SOFTLAYER
hn.kd.dhcp is spamming my site, so I need to remove it. This guy has been around for quote a while and has a long list of IPs, but not so long a list of IP ranges. This spammer runs out of Henan Province, China, but has used Jilin, Chongqing, Guangdong, and Shanghai
These may be related: hn.kd.ny.adsl; hn.ly.kd.adsl; hn.kd.dhcp
220.127.116.11 hn.kd.dhcp 2017-jan-04
18.104.22.168 hn.kd.dhcp 2016-oct-06
22.214.171.124 126.96.36.199 – 188.8.131.52 184.108.40.206/15 China Unicom Henan
unassigned.calpop.com is a comment spammer, small yes, but still needs removal. They change this hostname’s IP a lot and move between different companies such as Calpop, CoreExpress, AirlineReservations.Com, and ATMLINK. They are out of Los Angeles. I am unsure if calpop.com is still in business, as Yelp postings suggest they are now closed. Their bot is still somehow finding electricity and connectivity to spam me, so the company and store die but the bot lives on…
unassigned.calpop.com 220.127.116.11 2016-sept-14 referrer spam
no-reverse-dns-configured.com is a content spammer, and I need to eliminate him from hitting my site. Here are the details required to ban him. If these strict IPs are not sufficient then ban the range.
I did not ban the AWS ranges because IPs usually come up with AWS host names, and I ban them already.
18.104.22.168 no-reverse-dns-configured.com 2016-oct-10
22.214.171.124 – 126.96.36.199 188.8.131.52/20 Quasi SEYCHELLES
This guy hn.kd.ny.adsl seems innocent enough, until I tried to look him up, only to find no positive IP address. Others have posted that they, too, cannot find his IP address in order to ban him. Hmmm, let me track him down.
This hacker is prolific in that he rarely repeats the third octet, making it harder to ban by a narrower range. You’ll need to go up to the second octet to cover his IP ranges. He uses predominantly China Unicom Henan. Only once did he go to China Unicon Fujian, which might just be an outlier data point.
midex.zomro.com scrapes my site for awstat tags. I do not know why, and they do it multiple times. It is very annoying.
There is a ransomware listing for crasher121.zomro.com 184.108.40.206. There are other comments such as “220.127.116.11 is involved in malware incidents, spamming activity, ssh attacks, ddos” so caution is required. I did not research zomro.net, as I do not know if the .com and .net sites are related.
18.104.22.168 anconsul.ru 2016-nov-06 zomro
midex.zomro.com 22.214.171.124 126.96.36.199 – 188.8.131.52 184.108.40.206/23
midex.zomro.com 220.127.116.11 18.104.22.168/24
zuahbbazek1.zomro.com 22.214.171.124 126.96.36.199/24
ipredator.se is a Swedish VPN service that is comment spamming my site.
anon-48-125.vpn.ipredator.se 188.8.131.52 – 184.108.40.206 PrivActually
host anon-44-42.vpn.ipredator.se 220.127.116.11
exit1.ipredator.se 18.104.22.168 CYBERDYNE Monrovia I did not realize that I had banned this before. If this changes I will hunt it down again. There are a few IPs that have used this host name. They continue to content scrape me.
Add 46.246. to the two octets in the host name.
Permanent link to this post
(94 words, 0 images, estimated 23 secs reading time)