GrnEyedDvl
Active member
As with others we have seen a huge spike this week in traffic. Mostly from China, Singapore, Hong Kong, the usual suspects. But today we had 50 thou and most of them showed up from the US and Germany. At least at first glance.
However when you run a whois on the IPs I had thousands of sequential IPs pointing back to Hong Kong that displayed as Germany or US in the guest view list. While every other country I checked was reporting correctly. And then I found some that were the other way around. Reporting as HK but actually from Germany or the US.
Here is one example. That top IP is 207.108.11.247 if that image is hard to read. And it clearly says Hong Kong. But a report on that IP from whatismyipaddress.com says Germany and a report on the same IP address from whois.com says Las Vegas NV.
The only addresses I am finding with a discrepancy have Hong Kong at one end or the other. The other two in this shot are from Brazil and Venezuela and they show up the same no matter which service I use to look them up.
Looking it up on ICANN shows a registrant with a BS mailing address in Hong Kong and then a second registrant in Wilmington Delaware. It looks almost like a sub registration.
So I think the Chinese are definitely playing games with internet registrations in order to get around CloudFlare or other country based blocks so they can do their nefarious crap. And there are thousands of them. I had a list of sequential IP addresses nearly 17,000 long. Mostly in the 207.xxx.xxx.xxx and 142.xxx.xxx.xxx ranges.
However when you run a whois on the IPs I had thousands of sequential IPs pointing back to Hong Kong that displayed as Germany or US in the guest view list. While every other country I checked was reporting correctly. And then I found some that were the other way around. Reporting as HK but actually from Germany or the US.
Here is one example. That top IP is 207.108.11.247 if that image is hard to read. And it clearly says Hong Kong. But a report on that IP from whatismyipaddress.com says Germany and a report on the same IP address from whois.com says Las Vegas NV.
The only addresses I am finding with a discrepancy have Hong Kong at one end or the other. The other two in this shot are from Brazil and Venezuela and they show up the same no matter which service I use to look them up.
Looking it up on ICANN shows a registrant with a BS mailing address in Hong Kong and then a second registrant in Wilmington Delaware. It looks almost like a sub registration.
So I think the Chinese are definitely playing games with internet registrations in order to get around CloudFlare or other country based blocks so they can do their nefarious crap. And there are thousands of them. I had a list of sequential IP addresses nearly 17,000 long. Mostly in the 207.xxx.xxx.xxx and 142.xxx.xxx.xxx ranges.
