ExtortionLetterInfo Forums
ELI Forums => Getty Images Letter Forum => Topic started by: lucia on March 26, 2013, 04:25:40 PM
-
I got hit by something looking for images today:
Host: secure.onavo.com
IP: 72.251.244.19
Host: secure.onavo.com
IP: 72.251.244.17
Host: secure.onavo.com
IP: 72.251.244.18
Host: secure.onavo.com
IP: 72.251.244.13
Host: secure.onavo.com
IP: 72.251.244.11
All hit images with a blank referrer and blank user agent.
These IPs are with this:
Reverse DNS (PTR record) not available
ASN number 29791
ASN name (ISP) VOXEL-DOT-NET - Voxel Dot Net, Inc.
IP-range/subnet 72.251.192.0/18
72.251.192.0 - 72.251.255.255
I'd previously noted that voxel seems to be related to the picscout image search tool. So is the combination of "blank referrer" and "blank user agents'. (I advice everyone should block all "blank user agents" requests. )
They are all my own images so I don't have to quake in fear about any visits from the copyright police. :)
I'm going to make the tag #picscout to help people search on topics that might be realted to suspected picscout sightings. Bear in mine, we can't be sure. But I do suspect.
<b>Update</b>
I noticed something even weirder. All of these were forwarded from '107.6.95.25'. So, not only did they visit-- but they bounced through two IPs. I hadn't previosuly seen that.
not available
ASN number 29791
ASN name (ISP) VOXEL-DOT-NET - Voxel Dot Net, Inc.
IP-range/subnet 107.6.94.0/23
107.6.94.0 - 107.6.95.255
Network tools external website Ping 107.6.95.25
external website Traceroute 107.6.95.25
The first address is also Voxel!
-
Great info to look out for from the ELI Queen of Tech! Thanks!