Author Archives: dontai

Android Studio 2.1.2: Downgrading Gradle Versions

Damn, that was hard. Android Studio 2.1.2 is really a bitch to tame. I had not used AS for a while, so when I opened it I needed to upgrade, which I did. That is when the pain started. If you are using an older phone than Android v21 Lollipop then you will need add a lower version of gradle 2.10 to work.

The different versions of Android require different versions of gradle. Upgrade your android version and your gradle version will correspond. Upgrade Android Studio and you support and older version of Android spells trouble.

This is a preview of Android Studio 2.1.2: Downgrading Gradle Versions. Read the full post (339 words, 0 images, estimated 1:21 mins reading time)

cable.net.co Content Scraper: Research, Ban

You never know what you will find in your travels. dynamic-ip-181500198200.cable.net.co was content scraping me, so I decided to target it. It is part of the large Semalt botnet that started with keywords-monitoring-your-success.com and free-video-tool.comand then continued with fix-website-errors, with a sprinkling of buttons-for-websites thrown in.

Its host name is unique in that it is numerically very long. I could see remnants of a decimal IP address, but there was something odd.

Their pattern is not as predictable as required by a computer but that is precisely the point: They want to fool anti-bot software, but allow their admin staff to figure it out. If staff have a couple of errors it is no problem.

This is a preview of cable.net.co Content Scraper: Research, Ban. Read the full post (349 words, 0 images, estimated 1:24 mins reading time)

unassigned.psychz.net Comment Spammer: Research, Ban

unassigned.psychz.net spammed me, so I tracked them down. They use a lot of various IP ranges.

They have a hostname lookup of host 199.15.112.8 199.15.112.0 – 199.15.119.255 199.15.112.0/21 but this hostname has been used for so many more IPs.

Research:
23.91.13.35
23.228.228.142

45.35.1.10 45.34.0.0 – 45.35.255.255 45.34.0.0/15
45.34.0.0 – 45.35.105.255 45.35.0.0/18 45.35.64.0/19 45.35.96.0/21 45.35.104.0/23
45.35.71.119
45.35.75.57
45.35.90.36
45.35.90.36
45.35.105.172

66.249.75.140
66.249.75.231

74.117.56.250 74.117.56.0 – 74.117.63.255 74.117.56.0/21
74.117.58.193
74.117.62.54
74.117.62.54

107.160.192.167

108.171.240.170 108.171.240.0 – 108.171.255.255 108.171.240.0/20
108.171.240.86
108.171.240.86
108.171.255.189

173.224.209.59 173.224.208.0 – 173.224.223.255 173.224.208.0/20
173.224.211.52
173.224.218.223
173.224.218.223
173.224.218.83

174.132.240.146

192.168.10.202 192.168.0.0 – 192.168.255.255 192.168.0.0/16

This is a preview of unassigned.psychz.net Comment Spammer: Research, Ban. Read the full post (145 words, 0 images, estimated 35 secs reading time)

LGL Red Leather Shoes Model 369-3

LGL leather shoes, model 369-3, oxblood leather and elastic. Right view. Toronto, Canada Photo 1 by Don Tai

LGL leather shoes, model 369-3, oxblood leather and elastic. Right view. Toronto, Canada Photo 1 by Don Tai

Bought these shoes used, I did, because they are really funky and fun. After I bought them home I tried to identify them and, even with the power of the internet, could not. The logo on the inside bottom of the shoes looks like “LGL”, “or a wierd “IGI”. They are oxblood coloured with multi-coloured elastic in between the strips of leather. Distinctive they are, but still I cannot identify them. If you know the maker of these shoes please leave me a message. Thanks.

This is a preview of LGL Red Leather Shoes Model 369-3. Read the full post (514 words, 10 images, estimated 2:03 mins reading time)

hosted-by.leaseweb.com: Research, Ban

I have had a couple encounters with this spammer, but only one where they left an actual IP for me to ban. The rest I have only the host name, much more difficult to track down.

Research them and you will know they are a formidable entity to track and ban. There is a lot of IP ranges to cover.

Observation:
hosted-by.leaseweb.com confirmed because they spammed me, so I have their IP address
Leaseweb Deutschland
46.165.250.0 – 46.165.251.255
46.165.251.153
hosted-by.leaseweb.com 108.59.8.80
162.210.196.130 hosted-by.leaseweb.com

Leaseweb is scraping with an anon bot called “Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt)” and a bot “-”
91.109.16.0 – 91.109.23.255
95.211.142.0 – 95.211.144.255

This is a preview of hosted-by.leaseweb.com: Research, Ban. Read the full post (180 words, 0 images, estimated 43 secs reading time)

setaptr.net Content Spammer: Research, Ban

d15f328d.setaptr.net content spammed me, so I thought to look them up and ban them.

Observation:
d15f328d.setaptr.net 209.95.50.141

Pattern:
Convert hex to the IP 4 octets.

Research:
d15f2929.Setaptr.net 209.95.41.41 209.95.32.0 – 209.95.63.255 209.95.32.0/19 Hosting Services
d15f2997.setaptr.net 209.95.41.151
d15f29a4.setaptr.net 209.95.41.164
d15f328d.setaptr.net 209.95.50.141
d15f3237.setaptr.net 209.95.50.55
d15f32af.setaptr.net 209.95.50.175
d15f323c.setaptr.net 209.95.50.60
d15f328e.setaptr.net 209.95.50.142
d15f32a4.setaptr.net 209.95.50.164
d15f3277.setaptr.net 209.95.50.119
d15f326b.setaptr.net 209.95.50.107
d15f325f.setaptr.net 209.95.50.95
d15f3263.setaptr.net 209.95.50.99
d15f325b.setaptr.net 209.95.50.91
d15f325d.setaptr.net 209.95.50.93
d15f320d.setaptr.net 209.95.50.13
d15f33db.setaptr.net 209.95.51.219
d15f33eb.setaptr.net 209.95.51.235

6bb6e4cd.setaptr.net 107.182.228.205 107.182.224.0 – 107.182.239.255 107.182.224.0/20 Hosting Services
6bb6e6c8.setaptr.net 107.182.230.200
6bb6e664.setaptr.net 107.182.230.100
6bb6e60a.setaptr.net 107.182.230.10
6bb6e932.setaptr.net 107.182.233.50

6d7b651c.setaptr.net 109.123.101.28 109.123.101.0 – 109.123.101.255 UK2
6d7b65ab.setaptr.net 109.123.101.171
6d7b65b4.setaptr.net 109.123.101.180
6d7b65e2.setaptr.net 109.123.101.226

Permanent link to this post (97 words, 0 images, estimated 23 secs reading time)

static.cmcti.vn: Research, Ban

static.cmcti.vn tried to do some security funny business and was testing my security. I was curious so did research.

static.cmcti.vn is anything but static. In fact there is a lot of research on this host name. It seems this guy has been very active and has changed IPs on a very regular basis.

As Viet Nam is an emerging country I’m unsure about banning large swaths of IP ranges.

Observation:
static.cmcti.vn 183.91.3.182 comment spammed me and I now have a positive IP to ban.
static.cmcti.vn 101.99.23.217 2016-sept-23
101.99.52.242 static.cmcti.vn 2016-oct-19
101.99.11.18 static.cmcti.vn 2016-nov-04
113.20.116.83 static.cmcti.vn 2017-feb-13

This is a preview of static.cmcti.vn: Research, Ban. Read the full post (232 words, 0 images, estimated 56 secs reading time)

best-hosting.simplexhost.net Content Spammer: Research, Ban

best-hosting.simplexhost.net is a prolific content spammer, and a true chameleon, as it changes IP addresses very often. Look up its hostname and you will get 62.210.24.146, but ban this ip or even range and best-hosting.simplexhost.net spamming simply will not stop. This is good for fooling anti-bot engines.

Observed:
62.210.24.146 62.210.0.0 – 62.210.127.255 Iliad is a spoof and has nothing to do with best-hosting.simplexhost.net

Research:
185.89.100.0 185.89.100.0/24 EUNet USA Trusov Ilya Igorevych
185.89.100.7
185.89.100.48
185.89.100.56
185.89.100.56
185.89.100.134
185.89.100.160
185.89.100.181
185.89.100.221
185.89.100.223
185.89.100.231
185.89.100.236
185.89.100.239
185.89.100.248

185.89.101.0 185.89.101.0/24 Moscow Net Trusov Ilya Igorevych
185.89.101.15
185.89.101.27
185.89.101.30
185.89.101.31
185.89.101.43
185.89.101.56
185.89.101.62
185.89.101.80
185.89.101.119
185.89.101.160
185.89.101.163
185.89.101.175
185.89.101.218
185.89.101.218

Permanent link to this post (106 words, 0 images, estimated 25 secs reading time)

contabo.host: Research, Ban

contabo.host is a consistent content scraper from Germany. I’ve been banning IPs for a while, so thought it best to go for larger ranges. They are a hosting company, not an ISP. kontrollprozesse.contabo.host, a content spammer, was added 2016 Jul 27, and includes a larger ban range.

Observation:
vmi60316.contabo.host 5.189.137.81
vmi74707.contabo.host 5.189.142.153
vmi76252.contabo.host 5.189.162.103
vmi10785.contabo.host 79.143.180.67
vmi32368.contabo.host 213.136.84.244
m1131.contabo.host 178.238.239.246
kontrollprozesse.contabo.host host command maxed out and returned over 256 entries (2016 Jul 27)

Research:
Vmi37520.contabo.host 5.189.138.84 5.189.128.0 – 5.189.143.255 5.189.128.0/20 CONTABO 5.189.128.0 – 5.189.191.255 5.189.128.0.18
vmi55222.contabo.host 5.189.138.110
vmi53481.contabo.host 5.189.139.214
vmi38740.Contabo.host 5.189.142.182
vmi60944.contabo.host 5.189.153.59 5.189.144.0 – 5.189.159.255 5.189.144.0/20
M3124.contabo.host 5.189.144.124
M3124.contabo.host 5.189.144.124
vmi46878.contabo.host 5.189.155.137
vmi60164.contabo.host 5.189.168.169 5.189.160.0 – 5.189.175.255 5.189.160.0/20
m3506.contabo.host 5.189.173.106
Vmi57182.contabo.host 5.189.177.179 5.189.176.0 – 5.189.191.255 5.189.176.0/20
m0848.contabo.host 5.189.191.40

This is a preview of contabo.host: Research, Ban. Read the full post (562 words, 0 images, estimated 2:15 mins reading time)

100tb.com: Research, Ban

92b9149c.lon.100tb.com has content spammed me, so I tracked them down.

Observation:
92b9149c.lon.100tb.com 146.185.20.156

Research:
053f90f5.rdns.100tb.com 5.63.144.245
053f90e4.rdns.100tb.com 5.63.144.228
053f93b4.rdns.100tb.com 5.63.147.180
053f9304.rdns.100tb.com 5.63.147.4
053f95dc.rdns.100tb.com 5.63.149.220
053f96be.rdns.100tb.com 5.63.150.190
053f97cc.rdns.100tb.com 5.63.151.204

2582e0ca.rdns.100tb.com 37.130.224.202
2582e016.rdns.100tb.com 37.130.224.22
2582e3dc.rdns.100tb.com 37.130.227.220
2582e595.rdns.100tb.com 37.130.229.149
2582e595.rdns.100tb.com 37.130.229.149

6bb6e600.lon.100tb.com 107.182.230.54
6bb6ea00.lon.100tb.com 107.182.234.0
6bb6ee00.lon.100tb.com 107.182.238.38

6d7b6501.lon.100tb.com 109.123.101.1

92b91036.rdns.100tb.com 146.185.16.54
92b91a01.rdns.100tb.com 146.185.26.1
92b91b01.rdns.100tb.com 146.185.27.1
92b91b35.rdns.100tb.com 146.185.27.53
92b91b2d.rdns.100tb.com 146.185.27.45
92b91c01.rdns.100tb.com 146.185.28.1
92b91cb2.rdns.100tb.com 146.185.28.178
92b91d01.rdns.100tb.com 146.185.29.1
92b91fd6.rdns.100tb.com 146.185.31.214
92b91fd8.rdns.100tb.com 146.185.31.216
92b91fd8.rdns.100tb.com 146.185.31.216
92b91fda.rdns.100tb.com 146.185.31.218
92b91fd9.rdns.100tb.com 146.185.31.217

b9028b0c.lon.100tb.com 185.2.139.12
b950dc00.lon.100tb.com 185.80.220.0

Permanent link to this post (77 words, 0 images, estimated 18 secs reading time)