Master List of Known Bots

[webDOMinator]

Yeah, agreed, this guy has it going for him... using machine learning and probabilistic answers. Nice one!

 

[Graybeard]

The problem is the lag time to check every IP address ... If you could license his database to be used locally ...
His platform is designed for fraud detection at the cart checkout.

 

[Anastasia Stefanuk]

I had the same problem. It's nice you share it with us.

 

[Graybeard]

Spot the B0t:

Hint: I cookied him while he was using his proxy -- then he fucked up and came in with his real German IP to see if I was up -- his bot's outdated user-agent was denied a connection =444 blackhole

 

[Graybeard]

HAHA what an amateur -- Busted AGAIN

 

[Graybeard]

Was this one of the bot'masters'?

 

[azgold]

Love that song and seems pretty perfect.

I wish I spoke the same language (code) as you, so I could better understand this stuff.

 

[Graybeard]

40% of ad network traffic is bots ... it's a buy-sell thing too many opportunities and too much fraud ...

 

[Daceyank]

Beside that you also should write some instructions to Google Analytics not to track them if you still didn't blocked them at first, sometimes people count bot traffic at start of the website like something really really good and do it by mistake LOL

 

[Graybeard]

Too much work to maintain if I charged for that info.
GA hides the IP of the request anyway so it is useless for this purpose ...

Bots hitting my net-trap now become 302 *zombies* and are 'pushed out to serve their *new master*
I am hijacking the b0Tz now

 

[Graybeard]

Let's play *spot-the-bot*! Do you see a =~/pattern/ here?

image 320bots — Postimage.org

----------------
1 104.57.149.72 - - [27/Jul/2019:02:01:40 +0000] "GET /ttm/a=3-12 HTTP/1.1" 200 333 "http://sp.p
opcash.net/go/146014/501442/aHR0cCUzQSUyRiUyRnd3dy5iZWRyZWUuY2x1YiUyRg==?cb=6635685783023382" "Mozilla
/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0"
2 24.211.251.201 - - [27/Jul/2019:01:52:53 +0000] "GET /accpost/?=3-12 HTTP/1.1" 302 181 "https:
//the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203
Firefox/3.6.13"
3 67.213.237.15 - - [27/Jul/2019:01:46:56 +0000] "GET /accpost/?=3-12 HTTP/1.1" 302 181 "https:/
/the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gec
ko) Chrome/65.0.3325.181 Safari/537.36"
4 73.172.36.132 - - [27/Jul/2019:01:45:35 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https:/
/the.domain/ttm/a=3-12" "Mozilla/5.0 (Linux; Android 6.0.1; SAMSUNG-SM-T377A Build/MMB29K) AppleWebKit
/537.36 (KHTML, like Gecko) Chrome/64.0.3282.156 Safari/537.36"
5 104.59.236.241 - - [27/Jul/2019:01:38:23 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https:
//the.domain/ttm/a=3-12" "Mozilla/5.0 (Linux; Android 4.2.2; SM-T310 Build/JDQ39) AppleWebKit/537.36 (
KHTML, like Gecko) Chrome/54.0.2840.99"
6 69.30.184.237 - - [27/Jul/2019:01:32:55 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https:/
/the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.0; Win64; x64; rv:53.0.1) Gecko/20100101 Firefox/53
.0.1"
7 71.177.88.17 - - [27/Jul/2019:00:41:14 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https://
the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.0; Win64; x64; rv:54.0.1) Gecko/20100101 Firefox/54.
0.1"
8 104.222.43.84 - - [26/Jul/2019:20:43:13 +0000] "GET / HTTP/1.1" 302 181 "-" "Mozilla/5.0 (Wind
ows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0"
9 67.84.81.12 - - [26/Jul/2019:20:43:03 +0000] "GET /accpost/?=3-12 HTTP/1.1" 302 181 "https://t
he.domain/ttm/a=3-12" "Mozilla/5.0 (Linux; Android 7.1.1; Nexus 7 Build/NMF26Q) AppleWebKit/537.36 (KH
TML, like Gecko) Chrome/42.0.2311.154 Safari/537.36"
10 82.214.220.176 - - [26/Jul/2019:20:42:42 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https:
//the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.2; WOW64; rv:56.0.2) Gecko/20100101 Firefox/56.0.2
"
11 66.119.59.223 - - [26/Jul/2019:20:42:33 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https:/
/the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.0; Win64; x64; rv:54.0.1) Gecko/20100101 Firefox/54
.0.1"
12 167.250.108.93 - - [26/Jul/2019:20:42:13 +0000] "GET /accpost/?=3-12 HTTP/1.1" 302 181 "https:
//the.domain/ttm/a=3-12" "Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML,
like Gecko) CriOS/37.0.2062.60 Mobile/11D257 Safari/9537.53 (000860)"
13 97.77.157.242 - - [26/Jul/2019:20:41:20 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https:/
/the.domain/ttm/a=3-12" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, li
ke Gecko) Chrome/39.0.2171.95 Safari/537.36"
14 70.168.33.228 - - [26/Jul/2019:20:41:18 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https:/
/the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:56.0.1) Gecko/20100101 Firefox/56
.0.1"
15 107.129.126.190 - - [26/Jul/2019:20:41:12 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https
://the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0"
16 50.113.85.146 - - [26/Jul/2019:20:40:03 +0000] "GET /accpost/?=3-12 HTTP/1.1" 302 181 "https:/
/the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
"
17 98.114.47.210 - - [26/Jul/2019:20:21:28 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https:/
/the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0.1) Gecko/20100101 Firefox/5
6.0.1"
18 12.192.27.203 - - [26/Jul/2019:20:10:03 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https:/
/the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.0; rv:51.0.2) Gecko/20100101 Firefox/51.0.2"
19 12.35.98.86 - - [26/Jul/2019:19:56:31 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https://t
he.domain/ttm/a=3-12" "Mozilla/5.0 (Linux; Android 6.0.1; SGP611 Build/23.5.A.1.291) AppleWebKit/537.3
6 (KHTML, like Gecko) Chrome/57.0.2987.132 Safari/537.36"
20 50.255.169.133 - - [26/Jul/2019:19:49:11 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https:
//the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.
0"
21 131.226.0.35 - - [26/Jul/2019:19:48:52 +0000] "GET /accpost/?=3-12 HTTP/1.1" 302 181 "https://
the.domain/ttm/a=3-12" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/
60.0"
22 70.183.115.182 - - [26/Jul/2019:19:46:35 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 482 "https:
//the.domain/ttm/a=3-12" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:19.0) Gecko/20100101 Firefox
/19.0"
23 69.193.184.3 - - [26/Jul/2019:19:36:59 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 482 "https://
the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0"
24 108.170.108.155 - - [26/Jul/2019:19:36:33 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 482 "https
://the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.3; rv:52.0) Gecko/20100101 Firefox/52.0"
25 99.203.56.144 - - [26/Jul/2019:19:19:12 +0000] "GET /accpost/?=2-10 HTTP/2.0" 302 481 "https:/
/the.domain/ttm/a=2-10" "Mozilla/5.0 (Linux; Android 6.0.1; SM-G935P Build/MMB29M; wv) AppleWebKit/537
.36 (KHTML, like Gecko) Version/4.0 Chrome/64.0.3282.137 Mobile Safari/537.36"

 

[Graybeard]

and now Twitter gets my new slave bots

I am just running test volumes (still)