“webinar”/ “VOLUUM”/
Welcome to Our Community
Wanting to join the rest of our members? Feel free to sign up today.

Master List of Known Bots

Discussion in 'Programming and Scripts' started by Graybeard, Sep 10, 2018.

  1. webDOMinator

    webDOMinator Service Manager Service Manager affiliate

    Yeah, agreed, this guy has it going for him... using machine learning and probabilistic answers. Nice one!
     
  2. Voluum
  3. Graybeard

    Graybeard Well-Known Member affiliate

    5,207
    2,535
    113
    The problem is the lag time to check every IP address ... If you could license his database to be used locally ...
    His platform is designed for fraud detection at the cart checkout.
     
  4. Anastasia Stefanuk

    Anastasia Stefanuk Affiliate affiliate

    7
    0
    1
    I had the same problem. It's nice you share it with us.
     
  5. Graybeard

    Graybeard Well-Known Member affiliate

    5,207
    2,535
    113
    Spot the B0t:
    [​IMG]

    Hint: I cookied him while he was using his proxy -- then he fucked up and came in with his real German IP to see if I was up -- his bot's outdated user-agent was denied a connection =444 blackhole ;)
     
  6. Graybeard

    Graybeard Well-Known Member affiliate

    5,207
    2,535
    113
    HAHA what an amateur -- Busted AGAIN :)

    [​IMG]
     
    Last edited: Jul 25, 2019
  7. Graybeard

    Graybeard Well-Known Member affiliate

    5,207
    2,535
    113
    [​IMG]

    Was this one of the bot'masters'?

     
    azgold likes this.
  8. azgold

    azgold Administrator Administrator Dojo Master affiliate

    11,110
    6,883
    113
    Love that song and seems pretty perfect. :D

    I wish I spoke the same language (code) as you, so I could better understand this stuff.
     
  9. Graybeard

    Graybeard Well-Known Member affiliate

    5,207
    2,535
    113
    40% of ad network traffic is bots ... it's a buy-sell thing too many opportunities and too much fraud ...
     
  10. Daceyank

    Daceyank Affiliate affiliate

    85
    19
    8
    Beside that you also should write some instructions to Google Analytics not to track them if you still didn't blocked them at first, sometimes people count bot traffic at start of the website like something really really good and do it by mistake LOL
     
  11. Graybeard

    Graybeard Well-Known Member affiliate

    5,207
    2,535
    113
    Too much work to maintain if I charged for that info.
    GA hides the IP of the request anyway so it is useless for this purpose ...

    Bots hitting my net-trap now become 302 *zombies* and are 'pushed out to serve their *new master* ;)
    I am hijacking the b0Tz now :D
     
  12. Graybeard

    Graybeard Well-Known Member affiliate

    5,207
    2,535
    113
    Let's play *spot-the-bot*! Do you see a =~/pattern/ here?

    image 320bots — Postimage.org

    ----------------
    1 104.57.149.72 - - [27/Jul/2019:02:01:40 +0000] "GET /ttm/a=3-12 HTTP/1.1" 200 333 "http://sp.p
    opcash.net/go/146014/501442/aHR0cCUzQSUyRiUyRnd3dy5iZWRyZWUuY2x1YiUyRg==?cb=6635685783023382" "Mozilla
    /5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0"
    2 24.211.251.201 - - [27/Jul/2019:01:52:53 +0000] "GET /accpost/?=3-12 HTTP/1.1" 302 181 "https:
    //the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203
    Firefox/3.6.13"
    3 67.213.237.15 - - [27/Jul/2019:01:46:56 +0000] "GET /accpost/?=3-12 HTTP/1.1" 302 181 "https:/
    /the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gec
    ko) Chrome/65.0.3325.181 Safari/537.36"
    4 73.172.36.132 - - [27/Jul/2019:01:45:35 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https:/
    /the.domain/ttm/a=3-12" "Mozilla/5.0 (Linux; Android 6.0.1; SAMSUNG-SM-T377A Build/MMB29K) AppleWebKit
    /537.36 (KHTML, like Gecko) Chrome/64.0.3282.156 Safari/537.36"
    5 104.59.236.241 - - [27/Jul/2019:01:38:23 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https:
    //the.domain/ttm/a=3-12" "Mozilla/5.0 (Linux; Android 4.2.2; SM-T310 Build/JDQ39) AppleWebKit/537.36 (
    KHTML, like Gecko) Chrome/54.0.2840.99"
    6 69.30.184.237 - - [27/Jul/2019:01:32:55 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https:/
    /the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.0; Win64; x64; rv:53.0.1) Gecko/20100101 Firefox/53
    .0.1"
    7 71.177.88.17 - - [27/Jul/2019:00:41:14 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https://
    the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.0; Win64; x64; rv:54.0.1) Gecko/20100101 Firefox/54.
    0.1"
    8 104.222.43.84 - - [26/Jul/2019:20:43:13 +0000] "GET / HTTP/1.1" 302 181 "-" "Mozilla/5.0 (Wind
    ows NT 6.1; WOW64; rv:27.0) Gecko/20100101 Firefox/27.0"
    9 67.84.81.12 - - [26/Jul/2019:20:43:03 +0000] "GET /accpost/?=3-12 HTTP/1.1" 302 181 "https://t
    he.domain/ttm/a=3-12" "Mozilla/5.0 (Linux; Android 7.1.1; Nexus 7 Build/NMF26Q) AppleWebKit/537.36 (KH
    TML, like Gecko) Chrome/42.0.2311.154 Safari/537.36"
    10 82.214.220.176 - - [26/Jul/2019:20:42:42 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https:
    //the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.2; WOW64; rv:56.0.2) Gecko/20100101 Firefox/56.0.2
    "
    11 66.119.59.223 - - [26/Jul/2019:20:42:33 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https:/
    /the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.0; Win64; x64; rv:54.0.1) Gecko/20100101 Firefox/54
    .0.1"
    12 167.250.108.93 - - [26/Jul/2019:20:42:13 +0000] "GET /accpost/?=3-12 HTTP/1.1" 302 181 "https:
    //the.domain/ttm/a=3-12" "Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML,
    like Gecko) CriOS/37.0.2062.60 Mobile/11D257 Safari/9537.53 (000860)"
    13 97.77.157.242 - - [26/Jul/2019:20:41:20 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https:/
    /the.domain/ttm/a=3-12" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, li
    ke Gecko) Chrome/39.0.2171.95 Safari/537.36"
    14 70.168.33.228 - - [26/Jul/2019:20:41:18 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https:/
    /the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:56.0.1) Gecko/20100101 Firefox/56
    .0.1"
    15 107.129.126.190 - - [26/Jul/2019:20:41:12 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https
    ://the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0"
    16 50.113.85.146 - - [26/Jul/2019:20:40:03 +0000] "GET /accpost/?=3-12 HTTP/1.1" 302 181 "https:/
    /the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0
    "
    17 98.114.47.210 - - [26/Jul/2019:20:21:28 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https:/
    /the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0.1) Gecko/20100101 Firefox/5
    6.0.1"
    18 12.192.27.203 - - [26/Jul/2019:20:10:03 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https:/
    /the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.0; rv:51.0.2) Gecko/20100101 Firefox/51.0.2"
    19 12.35.98.86 - - [26/Jul/2019:19:56:31 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https://t
    he.domain/ttm/a=3-12" "Mozilla/5.0 (Linux; Android 6.0.1; SGP611 Build/23.5.A.1.291) AppleWebKit/537.3
    6 (KHTML, like Gecko) Chrome/57.0.2987.132 Safari/537.36"
    20 50.255.169.133 - - [26/Jul/2019:19:49:11 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 481 "https:
    //the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.
    0"
    21 131.226.0.35 - - [26/Jul/2019:19:48:52 +0000] "GET /accpost/?=3-12 HTTP/1.1" 302 181 "https://
    the.domain/ttm/a=3-12" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/
    60.0"
    22 70.183.115.182 - - [26/Jul/2019:19:46:35 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 482 "https:
    //the.domain/ttm/a=3-12" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:19.0) Gecko/20100101 Firefox
    /19.0"
    23 69.193.184.3 - - [26/Jul/2019:19:36:59 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 482 "https://
    the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0"
    24 108.170.108.155 - - [26/Jul/2019:19:36:33 +0000] "GET /accpost/?=3-12 HTTP/2.0" 302 482 "https
    ://the.domain/ttm/a=3-12" "Mozilla/5.0 (Windows NT 6.3; rv:52.0) Gecko/20100101 Firefox/52.0"
    25 99.203.56.144 - - [26/Jul/2019:19:19:12 +0000] "GET /accpost/?=2-10 HTTP/2.0" 302 481 "https:/
    /the.domain/ttm/a=2-10" "Mozilla/5.0 (Linux; Android 6.0.1; SM-G935P Build/MMB29M; wv) AppleWebKit/537
    .36 (KHTML, like Gecko) Version/4.0 Chrome/64.0.3282.137 Mobile Safari/537.36"
     
  13. Graybeard

    Graybeard Well-Known Member affiliate

    5,207
    2,535
    113
    and now Twitter gets my new slave bots ;)
    [​IMG]
    I am just running test volumes (still)
     
MI