by Guest on 2023/07/25 10:28:50 AM
Greetings!
I'm getting really strange patterns showing up in my peers tab on my Tixati,
What could be causing this?
Thanks in advance
(edited to hide IPs)
#####################
1.2.3.66:20480
1.2.3.67:20480
1.2.3.68:20480
1.2.3.69:20480
1.2.3.70:20480
1.2.3.71:20480
1.2.3.72:20480
1.2.3.73:20480
1.2.3.74:20480
1.2.3.75:20480
1.2.3.76:20480
1.2.3.77:20480
1.2.3.78:20480
#####################
1.2.3.178:20480
1.2.3.179:20480
1.2.3.180:20480
1.2.3.181:20480
1.2.3.182:20480
#####################
1.2.3.194:20480
1.2.3.195:20480
1.2.3.196:20480
1.2.3.197:20480
1.2.3.198:20480
1.2.3.199:20480
1.2.3.200:20480
1.2.3.201:20480
1.2.3.202:20480
1.2.3.204:20480
#####################
1.2.3.163:20480
1.2.3.164:20480
1.2.3.165:20480
1.2.3.166:20480
#####################
1.2.3.162:20480
1.2.3.163:20480
1.2.3.164:20480
1.2.3.165:20480
1.2.3.166:20480
1.2.3.167:20480
1.2.3.168:20480
1.2.3.169:20480
1.2.3.170:20480
1.2.3.171:20480
1.2.3.172:20480
1.2.3.173:20480
#####################
by Guest on 2023/07/26 01:35:43 AM
I've seen this before. Same port across big and close range of IPs is same people or person. Some people might just have a dynamic IP and you're getting their old ones from dht or pex. But it is weird that the range is very big. Look up the IP on a whois site and find out what kind of connection it is. Residential? Business? Datacenter?
by Guest on 2023/07/26 07:43:26 PM
I've concluded this is definitely another (Anti-Peer-2-Peer) AP2P enforcement botnet for Torrents.
Logging some trackers revealed which one it was originating from.
They are advertising these fake peer IP's via 1 specific tracker.
Whoever operates this botnet fundamentally does not understand how P2P works and the technical implementation here is exceptionally poor, if not diabolical.
ISP is Soft Layer and is 100% Data Center hosted (non-VPN)
This AP2P bot has two mirrored clusters in different geographical locations;
a) USA, California, Palo Alto
b) Netherlands, Amsterdam
Seems they might need "a hit" on an IP from each side of the Atlantic to deem them themselves having sufficient evidence to instigate something.
Looks to be operated by Sound Of New York and stars over top of a mountain company and dozens of subsidiaries.
There are significant observations and conclusions to be made from this BitTorrent botnet after conducting in-depth protocol analysis.
IE: The calculated high availability of Petabytes file volumes on these IP ranges but absolutely ZERO corresponding data transfers being one of them
(Kilobytes of Torrent traffic for PB of supposedly advertised files)
It's good fun hunting these down.