bb.sky.com is a regular content scraper on my site, so I have decided to track them down. I finally figured out their hex IP address, so I can target ranges better.
Sky is a very large TV and internet provider in the Uk. They have a huge range of IPs.
fregat.ua is a bot from Russia. It was logged for ransomware, so you really don’t want them to try to break into your site. Quite bold, they are, trying to get my login and admin pages, so they are a definite security threat for trying to break into my site. Fregat.ua is an ISP with a web page.
This is part of the keywords-monitoring-your-success.com, free-video-tool.com Semalt Botnet that spread to other South American hosts, but they have changed the referrer name slightly to keywords-monitoring-success.com. This host is tricky because they only provide the last 2 octets of the IP address, leaving me to guess the first two.
Here is my clue: customer-qro-199-67.megared.net.mx
There are clues to the same pattern used by megared.net.mx, using a variety of new 2 initial octets combined with the last 2 from the host name. While I only have this one IP as a content scraper, their reputation is one of an email spammer. I guess they moved into a newer but related business model.
Briggs and Stratton lawnmower carb clean was pretty easy, but messy. The carb is easy to maintain.
Not is he, diligent at dumping his gas after last summer’s end, so it was no surprise when his lawnmower would not start this spring. As the grass was getting to the 1 foot mark, there was some urgency to get it going. Alas, no amount of pulling would start the mower. The carb must be cleaned.
Empty the lawn mower of all gas. Keep the gas in a proper container, as you’ll need it later. Remove the air cleaner cover and air cleaner, one bolt, Philips head.
Speaking Chinese and English, it is what I do. As my mother tongue is English and I live in Toronto, Canada, it was natural for me to post in English and use Google, Bing, Yahoo, DuckDuckGo and other English biased search engines. I also have the ability to speak and write in Chinese, so I often do bilingual posts just for fun. As I regularly monitor my raw access server log, I can see that Google, Bing, Yahoo, DuckDuckGo, Baidu, Sogou, 360, Yandex and other search engines regularly index my content. I wondered how well they index my posts, and if there are any hints and tips that might make getting my content indexed better.
Persistent this botnet is. It’s like a virus that mutates but does not go away. Or an itch you scratch but does not stop. virtua.com.br has a content scraping bot going at my site that I need to stop. virtua.com.br is part of a large Semalt-led botnet I am trying to remove. They have no website. The host addresses I receive on my access log do not resolve, and there’s nothing specific on Google. I’m just giving this a simple domain ban to see how it goes. They also have a huge number of IP blocks, as they are connected to Akamai in the US.
Both keywords-monitoring-your-success.com and free-video-tool.com are Semalt tools for content scraping. This botnet is pretty extensive and tiring to kill.
The raw access log entries look seemingly legit, but being referred from the two Semalt tools, they could not be legit users.
These host names and Ip address, masquerading as valid browsers, took up a lot of my bandwidth. This botnet used mainly companies from Brazil such as TELEFÔNICA BRASIL, Vivo, Global Village, Brasil Telecom, Yawl, portalmail but also used a bunch of Italian and US companies as well.
Virtua.com.br continues to content scrape for Semalt. I have a separate research report on them.
This one is difficult. They are elusive. They use partial IP ranges that start randomly, like a disk that needs defragmenting. This masks their use of larger IP ranges. The names James Prado and Private Layer are always involved. What they do is bury the hosted-ny.securefastserver into small IP segments, but the IP ranges before and after are also owned by the same company but are under the Private Layer or James Prado name. Tricky. Just ban the complete range, as it is the same company.
DNS Record:
Fast Serv Inc. d.b.a. QHoster.com
1 Mapp Str.
Belize City, Belize
This content scraper pinspb.ru is a regular on my site and I’d like to ban it. Very mysterious and hard to pin down. Not much on the DNS record. At least they have a web site. They look like an ISP. They have a lot of IP blocks.
