WTF IP Address 150.70.84.45

mailinatorm2

mailinatorm2

yo
Jan 23, 2009
756
7
0
I got clicks on a lot of my offers from IP 150.70.84.45 that I was promoting on facebook and for a couple offers that I wasn't promoting on facebook.

2q2oape.png




Let's look where the heck this IP's from:

14o0nwy.png


Trend Micro Japan? WTF? I'm not expecting/buying/targeting any Japanese traffic. Someone enlighten me WTF is going on lol.
 


You have their locale, now go and kill.

Disclaimer: beware of hired ninja and samurai.
 
xmcp123 said:
This is an IP Address from Trend Micro. It's a virus scanning crawler. They use a fuckton of IPs(including a lot from the 175.73.x.x roadrunner IP block), but that one always stands out.
Some moar IPs: #497054 - Pastie
Click to expand...

circa said:
It's from trend micro antivirus. When people have it installed it visits links on the pages they view to make sure they are safe or some shit.

Here's an email someone got from trend micro when asking about the ip:

Joomla! • View topic - this site has been hacked by [xxx]
Click to expand...


yep true - it´s from a virus scanner of trend micro and checks the webtraffic for viruses for example like circa said.
 
When I dream I see this IP address ... it features pretty heavily in the log files we have to delve in at times. There's a set of IPs traceable to Cupertino, CA that do exactly the same thing, think that's Symantec/Norton.
 
BTW here is the function tracking202 uses to filter IP's into real/non-real clicks. It's found in /202-config/functions-tracking202.php. IPs are formatted with ip2long().
[high=php]
function checkNetrange($click_id, $ip_address) {

$ip_address = ip2long($ip_address);

//check each netrange
/*google1 */ if (($ip_address >= 1208926208) and ($ip_address <= 1208942591)) { return true; }
/*MSN */ if (($ip_address >= 1093926912) and ($ip_address <= 1094189055)) { return true; }
/*google2 */ if (($ip_address >= 3512041472) and ($ip_address <= 3512074239)) { return true; }
/*Yahoo */ if (($ip_address >= 3640418304) and ($ip_address <= 3640426495)) { return true; }
/*google3 */ if (($ip_address >= 1123631104) and ($ip_address <= 1123639295)) { return true; }
/*level 3 communications */ if (($ip_address >= 1094189056) and ($ip_address <= 1094451199)) { return true; }
/*yahoo2 */ if (($ip_address >= 3515031552) and ($ip_address <= 3515039743)) { return true; }
/*Yahoo3 */ if (($ip_address >= 3633393664) and ($ip_address <= 3633397759)) { return true; }
/*Google5 */ if (($ip_address >= 1089052672) and ($ip_address <= 1089060863)) { return true; }
/*Yahoo */ if (($ip_address >= 1209925632) and ($ip_address <= 1209991167)) { return true; }
/*Yahoo */ if (($ip_address >= 1241907200) and ($ip_address <= 1241972735)) { return true; }
/*Performance Systems International Inc. */ if (($ip_address >= 637534208) and ($ip_address <= 654311423)) { return true; }
/*Microsoft */ if (($ip_address >= 3475898368) and ($ip_address <= 3475963903)) { return true; }
/*googleNew */ if (($ip_address >= -782925824) and ($ip_address <= -782893057)) { return true; }

//if it was none of theses, return false
return false;
}[/high]
 
Thanks, I noticed a ton of these IPs hitting prosper as well despite GEO IP script and dupe IP redirection, I was ripping my hair out trying to figure out how they bypassed the script.
 
You must log in or register to reply here.
Top Bottom
Back