IP observed as execution node in coordinated botnet attack against Australian e-commerce site paperh ...
show moreIP observed as execution node in coordinated botnet attack against Australian e-commerce site paperhugz.au on 2026-06-15. Attack pattern: multiple blocked data centre IPs (DZCRD/DRZD AS132817) attempted to access specific product pages, were blocked with 403 responses, then this clean residential IP immediately executed the same request within seconds and received 200 response. Pattern repeated across multiple product categories throughout the day. Part of sustained campaign running since approximately 2026-05-26 using residential proxy botnet with role-separated nodes (data centre IPs for probing, clean Australian residential IPs for execution). Other confirmed nodes in same campaign include 103.76.236.x/103.76.237.x/103.76.238.x/103.76.239.x ranges (DZCRD AS132817). Suspected Mirai-variant botnet based on confirmed Aisuru infection on associated node 110.145.77.122 (Telstra, same campaign).
show less
IP observed as execution node in coordinated botnet attack against Australian e-commerce site paperh ...
show moreIP observed as execution node in coordinated botnet attack against Australian e-commerce site paperhugz.au on 2026-06-15. Attack pattern: multiple blocked data centre IPs (DZCRD/DRZD AS132817) attempted to access specific product pages, were blocked with 403 responses, then this clean residential IP immediately executed the same request within seconds and received 200 response. Pattern repeated across multiple product categories throughout the day. Part of sustained campaign running since approximately 2026-05-26 using residential proxy botnet with role-separated nodes (data centre IPs for probing, clean Australian residential IPs for execution). Other confirmed nodes in same campaign include 103.76.236.x/103.76.237.x/103.76.238.x/103.76.239.x ranges (DZCRD AS132817). Suspected Mirai-variant botnet based on confirmed Aisuru infection on associated node 110.145.77.122 (Telstra, same campaign).
show less
IP observed as execution node in coordinated botnet attack against Australian e-commerce site paperh ...
show moreIP observed as execution node in coordinated botnet attack against Australian e-commerce site paperhugz.au on 2026-06-15. Attack pattern: multiple blocked data centre IPs (DZCRD/DRZD AS132817) attempted to access specific product pages, were blocked with 403 responses, then this clean residential IP immediately executed the same request within seconds and received 200 response. Pattern repeated across multiple product categories throughout the day. Part of sustained campaign running since approximately 2026-05-26 using residential proxy botnet with role-separated nodes (data centre IPs for probing, clean Australian residential IPs for execution). Other confirmed nodes in same campaign include 103.76.236.x/103.76.237.x/103.76.238.x/103.76.239.x ranges (DZCRD AS132817). Suspected Mirai-variant botnet based on confirmed Aisuru infection on associated node 110.145.77.122 (Telstra, same campaign).
show less
Fake google bot
IP: 45.150.179.55 Hostname: 45.150.179.55
Mozilla/5.0 (compatible; Googlebot/2.1 ...
show moreFake google bot
IP: 45.150.179.55 Hostname: 45.150.179.55
Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html), Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36
show less
Automated headless browser attack on WordPress/WooCommerce site.
80-100+ simultaneous asset reques ...
show moreAutomated headless browser attack on WordPress/WooCommerce site.
80-100+ simultaneous asset requests in under 2 seconds mapping
all plugins and theme files, followed by wp-login.php probe via
Wordfence login hardening. Pattern repeated across 3 consecutive
days from different Australian Telstra IPv6 addresses in Melbourne,
Adelaide and Sydney suggesting coordinated botnet or VPN rotation.
FunnelKit/WooCommerce AJAX endpoints specifically targeted.
show less
Automated headless browser attack on WordPress/WooCommerce site.
80-100+ simultaneous asset reques ...
show moreAutomated headless browser attack on WordPress/WooCommerce site.
80-100+ simultaneous asset requests in under 2 seconds mapping
all plugins and theme files, followed by wp-login.php probe via
Wordfence login hardening. Pattern repeated across 3 consecutive
days from different Australian Telstra IPv6 addresses in Melbourne,
Adelaide and Sydney suggesting coordinated botnet or VPN rotation.
FunnelKit/WooCommerce AJAX endpoints specifically targeted.
show less
Automated headless browser attack on WordPress/WooCommerce site.
80-100+ simultaneous asset reques ...
show moreAutomated headless browser attack on WordPress/WooCommerce site.
80-100+ simultaneous asset requests in under 2 seconds mapping
all plugins and theme files, followed by wp-login.php probe via
Wordfence login hardening. Pattern repeated across 3 consecutive
days from different Australian Telstra IPv6 addresses in Melbourne,
Adelaide and Sydney suggesting coordinated botnet or VPN rotation.
FunnelKit/WooCommerce AJAX endpoints specifically targeted.
show less
fake cpanel emails advising website is going to be deleted
0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED R ...
show morefake cpanel emails advising website is going to be deleted
0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
The query to Validity was blocked.
See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[109.172.9.208 listed in sa-accredit.habeas.com]
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - baikeshare.com
show less
IP: 134.122.135.140 Hostname: 134.122.135.140
Googlebot/2.1 (+http://www.google.com/bot.html) looki ...
show moreIP: 134.122.135.140 Hostname: 134.122.135.140
Googlebot/2.1 (+http://www.google.com/bot.html) looking for vulnerabilities. Fake Google Bot
show less
Received: from d218-3.smtp-out.eu-west-2.amazonses.com (d218-3.smtp-out.eu-west-2.amazonses.com. [23 ...
show moreReceived: from d218-3.smtp-out.eu-west-2.amazonses.com (d218-3.smtp-out.eu-west-2.amazonses.com. [23.249.218.3])
by mx.google.com with ESMTPS id ffacd0b85a97d-4255d90d586si1704328f8f.993.2025.10.02.16.33.31
for <sdsdsdsdsd'@st.casaalvoradaferroeaco.com.br>
show less