Hi Greasemonkey and welcome to WebmasterWorld [webmasterworld.com]

I was able to stop the attack via cloudflare by blocking all of Amazon ASN 14618

I'd call that ideal.
The User Agent is not a specific bot UA so it is someone who's running a script to do whatever they were trying to do. I have notes back to 2017 with a similar UA, (Different Chrome versions, some with Edge) just scraping in some cases and trying WP vulnerabilities in other cases.

I could have offered some quick help, but I'm still sorting out that lump of IPs. You do not want to block individual IPs, particularly when they are server farm IPs like Amazon's. Amazon hosts bad bots and anyone with a script can be hosted on any host.

One example, from 44.192.0.0 - 44.255.255.255 - you could block with CIDR 44.192.0.0/10 but why go through that if you can block them with CloudFlare?

Sometimes, the best tool is what you have available.

@not2easy+ thank you kindly. Was worried about blocking (actually now using a managed challenge page in the firewall) all traffic from Amazon. However, as a test I turned the rule off this morning and they were back within a few hours - back on it goes.

The url's are fully formed - so I presume its scrapping not looking for vulnerabilities.

That said, there enough traffic I wonder if its not a DDOS (we haven't had any communication).

Occasionally someone might have an interest in the contents (all of it) of a site and hire someone to just scrape it. Those are the kinds of things I suspect when an aggressive crawl gets going. Now that AI is happy to help folks, it might be someone with not much understanding of how the site owner might even be aware of it.

These are just my thoughts, nothing I've seen discussed but just thinking of the people using the internet without needing as much learning or understanding as it used to take.

Hmmmm, as I suggested the blocking the entire ASN is not ideal for me. I have an API connecting using Amazon servers.

I'm blocking the main offending IP 44.199.53.160 and hoping I can keep the site up until I figure something more effective.

Ok the API seems to be only using 2 IP's so I have gone back to blocking all ASN traffic from Amazon excluding those 2 IP's.

And fine tuning this block a little more via Cloudflare, in place of blocking ASN or IP's I've switched to a block of the user agent:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36

I can easily switch back to the IP or ASN block if needed and I've left the exception for the 2 IP's required for the API connection using AWS ASN.

Sorry for spamming your forum.

I will report the IP's via abuseipdb.com once my account is approved.

[edited by: not2easy at 2:39 pm (utc) on Oct 16, 2023]
[edit reason] charter/ToS compliance [/edit]

Sorry for spamming your forum.

Don't worry Greasemonkey, you have not spammed the forum. I did need to edit the link to comply with the Charter, sorry.

BTW, that Welcome link above (new tab) can introduce you to details about how these forums work and where to find different settings you might want to use. ;)

IP list, sorted but not reduced to blocks:

3.80.188.152
3.82.209.39
3.83.31.118
3.83.92.64
3.83.241.59
3.84.52.61
3.84.162.192
3.86.94.135
3.86.164.177
3.86.182.175
3.86.184.62
3.87.1.70
3.87.10.212
3.88.132.9
3.89.20.131
3.89.92.77
3.89.92.77
3.89.131.222
3.91.200.225
3.92.186.24
3.95.167.78
17.241.227.8
17.241.227.168
18.206.154.189
18.207.227.123
18.212.178.28
18.233.148.232
23.22.249.12
34.201.33.153
34.201.40.105
34.226.249.40
34.227.16.15
34.227.113.243
35.171.160.136
44.199.53.160
44.201.161.12
44.202.11.171
44.203.35.60
44.203.35.60
44.203.124.178
44.203.137.139
44.203.196.134
44.203.255.23
44.204.30.252
44.204.83.48
44.204.152.193
44.204.192.190
44.204.192.190
44.206.243.242
44.210.145.141
44.211.194.97
44.211.220.248
44.211.255.253
44.212.21.80
47.128.62.87
52.23.200.104
52.87.177.185
52.87.193.146
52.87.226.101
52.91.71.204
52.91.162.126
52.207.180.235
52.207.247.134
54.82.251.17
54.84.109.215
54.87.98.50
54.152.117.233
54.159.140.29
54.167.41.185
54.173.30.106
54.175.201.216
54.208.145.38
54.210.42.160
54.210.246.177
54.211.164.89
54.221.96.120
54.227.119.48
54.236.183.130
100.27.26.223
100.27.30.43
107.20.123.50
217.113.194.233

I started doing that but considered that using CloudFlare for blocking was probably more efficient in this case.

The 52s and 54s in the middle stand out because they're almost bound to be bad neighborhoods in any case. (I currently have both as bad_range, with selective hole-poking.)

In case anyone wondered: it's a trivial RegEx to expand each number to 3 digits with leading zero as needed, and then deploy the text editor's Sort Lines function.

I have downloaded all the data from Cloudflare for the past 24 hrs if anyone is interested?

It looks as though things have pause as of 7:00 AM EST today (we'll see if they start back up).

2.3 million events by this user agent in approx 19 hours of active spamming/crawling (roughly 30 times a second).

There's a couple of apple IP's there, I'm surprised they're causing problems.

If anyone gets useful or necessary non-human hits from Amazon IP's (beyond maybe archive.org or some other legit search engine) then I'd like to know how that works. I know that when I renew certs with letsencrypt that I temporarily disable the IP-blocking I do in the router, but after renewal they go right back up.

@sumguy I presume those Apple IP's are my mistake trying to catch them in my htaccess during the first wave.

Here is a complete list of all blocked by my cloudflare rule:

counttimestamplabel
7952023-10-16T14:45:00Z44.199.53.160
02023-10-16T14:45:00Z174.129.49.227
02023-10-16T14:45:00Z67.202.12.24
02023-10-16T14:45:00Z18.207.186.198
02023-10-16T14:45:00Z52.207.220.54
27772023-10-16T15:00:00Z44.199.53.160
02023-10-16T15:00:00Z174.129.49.227
02023-10-16T15:00:00Z67.202.12.24
02023-10-16T15:00:00Z18.207.186.198
02023-10-16T15:00:00Z52.207.220.54
15772023-10-16T15:15:00Z44.199.53.160
02023-10-16T15:15:00Z174.129.49.227
02023-10-16T15:15:00Z67.202.12.24
02023-10-16T15:15:00Z18.207.186.198
02023-10-16T15:15:00Z52.207.220.54
35892023-10-16T15:30:00Z44.199.53.160
02023-10-16T15:30:00Z174.129.49.227
02023-10-16T15:30:00Z67.202.12.24
02023-10-16T15:30:00Z18.207.186.198
02023-10-16T15:30:00Z52.207.220.54
36492023-10-16T15:45:00Z44.199.53.160
02023-10-16T15:45:00Z174.129.49.227
02023-10-16T15:45:00Z67.202.12.24
02023-10-16T15:45:00Z18.207.186.198
02023-10-16T15:45:00Z52.207.220.54
34082023-10-16T16:00:00Z44.199.53.160
02023-10-16T16:00:00Z174.129.49.227
02023-10-16T16:00:00Z67.202.12.24
02023-10-16T16:00:00Z18.207.186.198
02023-10-16T16:00:00Z52.207.220.54
34802023-10-16T16:15:00Z44.199.53.160
02023-10-16T16:15:00Z174.129.49.227
02023-10-16T16:15:00Z67.202.12.24
02023-10-16T16:15:00Z18.207.186.198
02023-10-16T16:15:00Z52.207.220.54
37662023-10-16T16:30:00Z44.199.53.160
02023-10-16T16:30:00Z174.129.49.227
02023-10-16T16:30:00Z67.202.12.24
02023-10-16T16:30:00Z18.207.186.198
02023-10-16T16:30:00Z52.207.220.54
21812023-10-16T16:45:00Z44.199.53.160
02023-10-16T16:45:00Z174.129.49.227
02023-10-16T16:45:00Z67.202.12.24
02023-10-16T16:45:00Z18.207.186.198
02023-10-16T16:45:00Z52.207.220.54
11162023-10-16T17:00:00Z44.199.53.160
02023-10-16T17:00:00Z174.129.49.227
02023-10-16T17:00:00Z67.202.12.24
02023-10-16T17:00:00Z18.207.186.198
02023-10-16T17:00:00Z52.207.220.54
40042023-10-16T17:15:00Z44.199.53.160
02023-10-16T17:15:00Z174.129.49.227
02023-10-16T17:15:00Z67.202.12.24
02023-10-16T17:15:00Z18.207.186.198
02023-10-16T17:15:00Z52.207.220.54
40302023-10-16T17:30:00Z44.199.53.160
02023-10-16T17:30:00Z174.129.49.227
02023-10-16T17:30:00Z67.202.12.24
02023-10-16T17:30:00Z18.207.186.198
02023-10-16T17:30:00Z52.207.220.54
40462023-10-16T17:45:00Z44.199.53.160
02023-10-16T17:45:00Z174.129.49.227
02023-10-16T17:45:00Z67.202.12.24
02023-10-16T17:45:00Z18.207.186.198
02023-10-16T17:45:00Z52.207.220.54
41352023-10-16T18:00:00Z44.199.53.160
02023-10-16T18:00:00Z174.129.49.227
02023-10-16T18:00:00Z67.202.12.24
02023-10-16T18:00:00Z18.207.186.198
02023-10-16T18:00:00Z52.207.220.54
18122023-10-16T18:15:00Z44.199.53.160
02023-10-16T18:15:00Z174.129.49.227
02023-10-16T18:15:00Z67.202.12.24
02023-10-16T18:15:00Z18.207.186.198
02023-10-16T18:15:00Z52.207.220.54
02023-10-16T18:30:00Z44.199.53.160
02023-10-16T18:30:00Z174.129.49.227
02023-10-16T18:30:00Z67.202.12.24
02023-10-16T18:30:00Z18.207.186.198
02023-10-16T18:30:00Z52.207.220.54
02023-10-16T18:45:00Z44.199.53.160
02023-10-16T18:45:00Z174.129.49.227
02023-10-16T18:45:00Z67.202.12.24
02023-10-16T18:45:00Z18.207.186.198
02023-10-16T18:45:00Z52.207.220.54
02023-10-16T19:00:00Z44.199.53.160
02023-10-16T19:00:00Z174.129.49.227
02023-10-16T19:00:00Z67.202.12.24
02023-10-16T19:00:00Z18.207.186.198
02023-10-16T19:00:00Z52.207.220.54
02023-10-16T19:15:00Z44.199.53.160
02023-10-16T19:15:00Z174.129.49.227
02023-10-16T19:15:00Z67.202.12.24
02023-10-16T19:15:00Z18.207.186.198
02023-10-16T19:15:00Z52.207.220.54
02023-10-16T19:30:00Z44.199.53.160
02023-10-16T19:30:00Z174.129.49.227
02023-10-16T19:30:00Z67.202.12.24
02023-10-16T19:30:00Z18.207.186.198
02023-10-16T19:30:00Z52.207.220.54
02023-10-16T19:45:00Z44.199.53.160
02023-10-16T19:45:00Z174.129.49.227
02023-10-16T19:45:00Z67.202.12.24
02023-10-16T19:45:00Z18.207.186.198
02023-10-16T19:45:00Z52.207.220.54
02023-10-16T20:00:00Z44.199.53.160
02023-10-16T20:00:00Z174.129.49.227
02023-10-16T20:00:00Z67.202.12.24
02023-10-16T20:00:00Z18.207.186.198
02023-10-16T20:00:00Z52.207.220.54
21972023-10-16T20:15:00Z44.199.53.160
642023-10-16T20:15:00Z174.129.49.227
732023-10-16T20:15:00Z67.202.12.24
622023-10-16T20:15:00Z18.207.186.198
552023-10-16T20:15:00Z52.207.220.54
29492023-10-16T20:30:00Z44.199.53.160
1042023-10-16T20:30:00Z174.129.49.227
1052023-10-16T20:30:00Z67.202.12.24
752023-10-16T20:30:00Z18.207.186.198
592023-10-16T20:30:00Z52.207.220.54
33762023-10-16T20:45:00Z44.199.53.160
1132023-10-16T20:45:00Z174.129.49.227
1272023-10-16T20:45:00Z67.202.12.24
972023-10-16T20:45:00Z18.207.186.198
512023-10-16T20:45:00Z52.207.220.54
24062023-10-16T21:00:00Z44.199.53.160
712023-10-16T21:00:00Z174.129.49.227
932023-10-16T21:00:00Z67.202.12.24
702023-10-16T21:00:00Z18.207.186.198
692023-10-16T21:00:00Z52.207.220.54
24602023-10-16T21:15:00Z44.199.53.160
682023-10-16T21:15:00Z174.129.49.227
732023-10-16T21:15:00Z67.202.12.24
352023-10-16T21:15:00Z18.207.186.198
672023-10-16T21:15:00Z52.207.220.54
40542023-10-16T21:30:00Z44.199.53.160
1382023-10-16T21:30:00Z174.129.49.227
1062023-10-16T21:30:00Z67.202.12.24
1152023-10-16T21:30:00Z18.207.186.198
952023-10-16T21:30:00Z52.207.220.54
24952023-10-16T21:45:00Z44.199.53.160
812023-10-16T21:45:00Z174.129.49.227
722023-10-16T21:45:00Z67.202.12.24
652023-10-16T21:45:00Z18.207.186.198
552023-10-16T21:45:00Z52.207.220.54
42242023-10-16T22:00:00Z44.199.53.160
922023-10-16T22:00:00Z174.129.49.227
1092023-10-16T22:00:00Z67.202.12.24
1022023-10-16T22:00:00Z18.207.186.198
752023-10-16T22:00:00Z52.207.220.54
39682023-10-16T22:15:00Z44.199.53.160
1072023-10-16T22:15:00Z174.129.49.227
1052023-10-16T22:15:00Z67.202.12.24
772023-10-16T22:15:00Z18.207.186.198
832023-10-16T22:15:00Z52.207.220.54
38932023-10-16T22:30:00Z44.199.53.160
932023-10-16T22:30:00Z174.129.49.227
762023-10-16T22:30:00Z67.202.12.24
602023-10-16T22:30:00Z18.207.186.198
592023-10-16T22:30:00Z52.207.220.54
41912023-10-16T22:45:00Z44.199.53.160
992023-10-16T22:45:00Z174.129.49.227
1082023-10-16T22:45:00Z67.202.12.24
722023-10-16T22:45:00Z18.207.186.198
742023-10-16T22:45:00Z52.207.220.54
39202023-10-16T23:00:00Z44.199.53.160
772023-10-16T23:00:00Z174.129.49.227
592023-10-16T23:00:00Z67.202.12.24
602023-10-16T23:00:00Z18.207.186.198
712023-10-16T23:00:00Z52.207.220.54
42102023-10-16T23:15:00Z44.199.53.160
1142023-10-16T23:15:00Z174.129.49.227
1182023-10-16T23:15:00Z67.202.12.24
702023-10-16T23:15:00Z18.207.186.198
702023-10-16T23:15:00Z52.207.220.54
40332023-10-16T23:30:00Z44.199.53.160
1072023-10-16T23:30:00Z174.129.49.227
692023-10-16T23:30:00Z67.202.12.24
862023-10-16T23:30:00Z18.207.186.198
882023-10-16T23:30:00Z52.207.220.54
41752023-10-16T23:45:00Z44.199.53.160
1162023-10-16T23:45:00Z174.129.49.227
842023-10-16T23:45:00Z67.202.12.24
722023-10-16T23:45:00Z18.207.186.198
612023-10-16T23:45:00Z52.207.220.54
18632023-10-17T00:00:00Z44.199.53.160
552023-10-17T00:00:00Z174.129.49.227
502023-10-17T00:00:00Z67.202.12.24
512023-10-17T00:00:00Z18.207.186.198
482023-10-17T00:00:00Z52.207.220.54
16532023-10-17T00:15:00Z44.199.53.160
362023-10-17T00:15:00Z174.129.49.227
662023-10-17T00:15:00Z67.202.12.24
592023-10-17T00:15:00Z18.207.186.198
462023-10-17T00:15:00Z52.207.220.54
16542023-10-17T00:30:00Z44.199.53.160
402023-10-17T00:30:00Z174.129.49.227
432023-10-17T00:30:00Z67.202.12.24
292023-10-17T00:30:00Z18.207.186.198
452023-10-17T00:30:00Z52.207.220.54
26592023-10-17T00:45:00Z44.199.53.160
722023-10-17T00:45:00Z174.129.49.227
742023-10-17T00:45:00Z67.202.12.24
702023-10-17T00:45:00Z18.207.186.198
762023-10-17T00:45:00Z52.207.220.54
42042023-10-17T01:00:00Z44.199.53.160
742023-10-17T01:00:00Z174.129.49.227
972023-10-17T01:00:00Z67.202.12.24
662023-10-17T01:00:00Z18.207.186.198
612023-10-17T01:00:00Z52.207.220.54
22712023-10-17T01:15:00Z44.199.53.160
862023-10-17T01:15:00Z174.129.49.227
662023-10-17T01:15:00Z67.202.12.24
582023-10-17T01:15:00Z18.207.186.198
442023-10-17T01:15:00Z52.207.220.54
41652023-10-17T01:30:00Z44.199.53.160
832023-10-17T01:30:00Z174.129.49.227
832023-10-17T01:30:00Z67.202.12.24
732023-10-17T01:30:00Z18.207.186.198
892023-10-17T01:30:00Z52.207.220.54
40782023-10-17T01:45:00Z44.199.53.160
842023-10-17T01:45:00Z174.129.49.227
942023-10-17T01:45:00Z67.202.12.24
682023-10-17T01:45:00Z18.207.186.198
782023-10-17T01:45:00Z52.207.220.54
22222023-10-17T02:00:00Z44.199.53.160
812023-10-17T02:00:00Z174.129.49.227
772023-10-17T02:00:00Z67.202.12.24
332023-10-17T02:00:00Z18.207.186.198
602023-10-17T02:00:00Z52.207.220.54
41562023-10-17T02:15:00Z44.199.53.160
692023-10-17T02:15:00Z174.129.49.227
732023-10-17T02:15:00Z67.202.12.24
632023-10-17T02:15:00Z18.207.186.198
582023-10-17T02:15:00Z52.207.220.54
40412023-10-17T02:30:00Z44.199.53.160
722023-10-17T02:30:00Z174.129.49.227
982023-10-17T02:30:00Z67.202.12.24
712023-10-17T02:30:00Z18.207.186.198
922023-10-17T02:30:00Z52.207.220.54
38172023-10-17T02:45:00Z44.199.53.160
992023-10-17T02:45:00Z174.129.49.227
1082023-10-17T02:45:00Z67.202.12.24
512023-10-17T02:45:00Z18.207.186.198
862023-10-17T02:45:00Z52.207.220.54
41922023-10-17T03:00:00Z44.199.53.160
742023-10-17T03:00:00Z174.129.49.227
672023-10-17T03:00:00Z67.202.12.24
822023-10-17T03:00:00Z18.207.186.198
752023-10-17T03:00:00Z52.207.220.54
21522023-10-17T03:15:00Z44.199.53.160
372023-10-17T03:15:00Z174.129.49.227
542023-10-17T03:15:00Z67.202.12.24
342023-10-17T03:15:00Z18.207.186.198
522023-10-17T03:15:00Z52.207.220.54
32492023-10-17T03:30:00Z44.199.53.160
832023-10-17T03:30:00Z174.129.49.227
972023-10-17T03:30:00Z67.202.12.24
562023-10-17T03:30:00Z18.207.186.198
622023-10-17T03:30:00Z52.207.220.54
32142023-10-17T03:45:00Z44.199.53.160
572023-10-17T03:45:00Z174.129.49.227
552023-10-17T03:45:00Z67.202.12.24
772023-10-17T03:45:00Z18.207.186.198
732023-10-17T03:45:00Z52.207.220.54
25192023-10-17T04:00:00Z44.199.53.160
752023-10-17T04:00:00Z174.129.49.227
752023-10-17T04:00:00Z67.202.12.24
882023-10-17T04:00:00Z18.207.186.198
582023-10-17T04:00:00Z52.207.220.54
25142023-10-17T04:15:00Z44.199.53.160
932023-10-17T04:15:00Z174.129.49.227
562023-10-17T04:15:00Z67.202.12.24
432023-10-17T04:15:00Z18.207.186.198
382023-10-17T04:15:00Z52.207.220.54
32092023-10-17T04:30:00Z44.199.53.160
552023-10-17T04:30:00Z174.129.49.227
852023-10-17T04:30:00Z67.202.12.24
702023-10-17T04:30:00Z18.207.186.198
792023-10-17T04:30:00Z52.207.220.54
33052023-10-17T04:45:00Z44.199.53.160
802023-10-17T04:45:00Z174.129.49.227
732023-10-17T04:45:00Z67.202.12.24
642023-10-17T04:45:00Z18.207.186.198
592023-10-17T04:45:00Z52.207.220.54
41502023-10-17T05:00:00Z44.199.53.160
952023-10-17T05:00:00Z174.129.49.227
992023-10-17T05:00:00Z67.202.12.24
742023-10-17T05:00:00Z18.207.186.198
932023-10-17T05:00:00Z52.207.220.54
41502023-10-17T05:15:00Z44.199.53.160
832023-10-17T05:15:00Z174.129.49.227
862023-10-17T05:15:00Z67.202.12.24
952023-10-17T05:15:00Z18.207.186.198
672023-10-17T05:15:00Z52.207.220.54
40032023-10-17T05:30:00Z44.199.53.160
822023-10-17T05:30:00Z174.129.49.227
1142023-10-17T05:30:00Z67.202.12.24
642023-10-17T05:30:00Z18.207.186.198
602023-10-17T05:30:00Z52.207.220.54
10592023-10-17T05:45:00Z44.199.53.160
482023-10-17T05:45:00Z174.129.49.227
392023-10-17T05:45:00Z67.202.12.24
292023-10-17T05:45:00Z18.207.186.198
232023-10-17T05:45:00Z52.207.220.54
5472023-10-17T06:00:00Z44.199.53.160
102023-10-17T06:00:00Z174.129.49.227
172023-10-17T06:00:00Z67.202.12.24
112023-10-17T06:00:00Z18.207.186.198
152023-10-17T06:00:00Z52.207.220.54
40292023-10-17T06:15:00Z44.199.53.160
972023-10-17T06:15:00Z174.129.49.227
882023-10-17T06:15:00Z67.202.12.24
602023-10-17T06:15:00Z18.207.186.198
682023-10-17T06:15:00Z52.207.220.54
24182023-10-17T06:30:00Z44.199.53.160
492023-10-17T06:30:00Z174.129.49.227
462023-10-17T06:30:00Z67.202.12.24
632023-10-17T06:30:00Z18.207.186.198
622023-10-17T06:30:00Z52.207.220.54
41612023-10-17T06:45:00Z44.199.53.160
1102023-10-17T06:45:00Z174.129.49.227
1022023-10-17T06:45:00Z67.202.12.24
842023-10-17T06:45:00Z18.207.186.198
902023-10-17T06:45:00Z52.207.220.54
40122023-10-17T07:00:00Z44.199.53.160
932023-10-17T07:00:00Z174.129.49.227
902023-10-17T07:00:00Z67.202.12.24
872023-10-17T07:00:00Z18.207.186.198
622023-10-17T07:00:00Z52.207.220.54
39372023-10-17T07:15:00Z44.199.53.160
1002023-10-17T07:15:00Z174.129.49.227
1052023-10-17T07:15:00Z67.202.12.24
792023-10-17T07:15:00Z18.207.186.198
932023-10-17T07:15:00Z52.207.220.54
23582023-10-17T07:30:00Z44.199.53.160
582023-10-17T07:30:00Z174.129.49.227
772023-10-17T07:30:00Z67.202.12.24
612023-10-17T07:30:00Z18.207.186.198
602023-10-17T07:30:00Z52.207.220.54
24222023-10-17T07:45:00Z44.199.53.160
912023-10-17T07:45:00Z174.129.49.227
832023-10-17T07:45:00Z67.202.12.24
442023-10-17T07:45:00Z18.207.186.198
702023-10-17T07:45:00Z52.207.220.54
43432023-10-17T08:00:00Z44.199.53.160
662023-10-17T08:00:00Z174.129.49.227
692023-10-17T08:00:00Z67.202.12.24
822023-10-17T08:00:00Z18.207.186.198
642023-10-17T08:00:00Z52.207.220.54
42132023-10-17T08:15:00Z44.199.53.160
782023-10-17T08:15:00Z174.129.49.227
802023-10-17T08:15:00Z67.202.12.24
672023-10-17T08:15:00Z18.207.186.198
1112023-10-17T08:15:00Z52.207.220.54
34952023-10-17T08:30:00Z44.199.53.160
902023-10-17T08:30:00Z174.129.49.227
952023-10-17T08:30:00Z67.202.12.24
492023-10-17T08:30:00Z18.207.186.198
592023-10-17T08:30:00Z52.207.220.54
24392023-10-17T08:45:00Z44.199.53.160
532023-10-17T08:45:00Z174.129.49.227
612023-10-17T08:45:00Z67.202.12.24
562023-10-17T08:45:00Z18.207.186.198
592023-10-17T08:45:00Z52.207.220.54
20962023-10-17T09:00:00Z44.199.53.160
712023-10-17T09:00:00Z174.129.49.227
852023-10-17T09:00:00Z67.202.12.24
652023-10-17T09:00:00Z18.207.186.198
352023-10-17T09:00:00Z52.207.220.54
17542023-10-17T09:15:00Z44.199.53.160
872023-10-17T09:15:00Z174.129.49.227
582023-10-17T09:15:00Z67.202.12.24
592023-10-17T09:15:00Z18.207.186.198
652023-10-17T09:15:00Z52.207.220.54
18982023-10-17T09:30:00Z44.199.53.160
502023-10-17T09:30:00Z174.129.49.227
512023-10-17T09:30:00Z67.202.12.24
492023-10-17T09:30:00Z18.207.186.198
432023-10-17T09:30:00Z52.207.220.54
30222023-10-17T09:45:00Z44.199.53.160
772023-10-17T09:45:00Z174.129.49.227
602023-10-17T09:45:00Z67.202.12.24
612023-10-17T09:45:00Z18.207.186.198
722023-10-17T09:45:00Z52.207.220.54
21442023-10-17T10:00:00Z44.199.53.160
582023-10-17T10:00:00Z174.129.49.227
342023-10-17T10:00:00Z67.202.12.24
632023-10-17T10:00:00Z18.207.186.198
562023-10-17T10:00:00Z52.207.220.54
35032023-10-17T10:15:00Z44.199.53.160
1002023-10-17T10:15:00Z174.129.49.227
902023-10-17T10:15:00Z67.202.12.24
772023-10-17T10:15:00Z18.207.186.198
462023-10-17T10:15:00Z52.207.220.54
14542023-10-17T10:30:00Z44.199.53.160
602023-10-17T10:30:00Z174.129.49.227
652023-10-17T10:30:00Z67.202.12.24
572023-10-17T10:30:00Z18.207.186.198
642023-10-17T10:30:00Z52.207.220.54
23122023-10-17T10:45:00Z44.199.53.160
872023-10-17T10:45:00Z174.129.49.227
602023-10-17T10:45:00Z67.202.12.24
542023-10-17T10:45:00Z18.207.186.198
522023-10-17T10:45:00Z52.207.220.54
26362023-10-17T11:00:00Z44.199.53.160
642023-10-17T11:00:00Z174.129.49.227
652023-10-17T11:00:00Z67.202.12.24
622023-10-17T11:00:00Z18.207.186.198
452023-10-17T11:00:00Z52.207.220.54
2712023-10-17T11:15:00Z44.199.53.160
132023-10-17T11:15:00Z174.129.49.227
112023-10-17T11:15:00Z67.202.12.24
142023-10-17T11:15:00Z18.207.186.198
82023-10-17T11:15:00Z52.207.220.54
02023-10-17T11:30:00Z44.199.53.160
02023-10-17T11:30:00Z174.129.49.227
02023-10-17T11:30:00Z67.202.12.24
02023-10-17T11:30:00Z18.207.186.198
02023-10-17T11:30:00Z52.207.220.54
02023-10-17T11:45:00Z44.199.53.160
02023-10-17T11:45:00Z174.129.49.227
02023-10-17T11:45:00Z67.202.12.24
02023-10-17T11:45:00Z18.207.186.198
02023-10-17T11:45:00Z52.207.220.54
02023-10-17T12:00:00Z44.199.53.160
02023-10-17T12:00:00Z174.129.49.227
02023-10-17T12:00:00Z67.202.12.24
02023-10-17T12:00:00Z18.207.186.198
02023-10-17T12:00:00Z52.207.220.54
02023-10-17T12:15:00Z44.199.53.160
02023-10-17T12:15:00Z174.129.49.227
02023-10-17T12:15:00Z67.202.12.24
02023-10-17T12:15:00Z18.207.186.198
02023-10-17T12:15:00Z52.207.220.54
02023-10-17T12:30:00Z44.199.53.160
02023-10-17T12:30:00Z174.129.49.227
02023-10-17T12:30:00Z67.202.12.24
02023-10-17T12:30:00Z18.207.186.198
02023-10-17T12:30:00Z52.207.220.54
02023-10-17T12:45:00Z44.199.53.160
02023-10-17T12:45:00Z174.129.49.227
02023-10-17T12:45:00Z67.202.12.24
02023-10-17T12:45:00Z18.207.186.198
02023-10-17T12:45:00Z52.207.220.54
02023-10-17T13:00:00Z44.199.53.160
02023-10-17T13:00:00Z174.129.49.227
02023-10-17T13:00:00Z67.202.12.24
02023-10-17T13:00:00Z18.207.186.198
02023-10-17T13:00:00Z52.207.220.54
02023-10-17T13:15:00Z44.199.53.160
02023-10-17T13:15:00Z174.129.49.227
02023-10-17T13:15:00Z67.202.12.24
02023-10-17T13:15:00Z18.207.186.198
02023-10-17T13:15:00Z52.207.220.54
02023-10-17T13:30:00Z44.199.53.160
02023-10-17T13:30:00Z174.129.49.227
02023-10-17T13:30:00Z67.202.12.24
02023-10-17T13:30:00Z18.207.186.198
02023-10-17T13:30:00Z52.207.220.54
02023-10-17T13:45:00Z44.199.53.160
02023-10-17T13:45:00Z174.129.49.227
02023-10-17T13:45:00Z67.202.12.24
02023-10-17T13:45:00Z18.207.186.198
02023-10-17T13:45:00Z52.207.220.54
02023-10-17T14:00:00Z44.199.53.160
02023-10-17T14:00:00Z174.129.49.227
02023-10-17T14:00:00Z67.202.12.24
02023-10-17T14:00:00Z18.207.186.198
02023-10-17T14:00:00Z52.207.220.54
02023-10-17T14:15:00Z44.199.53.160
02023-10-17T14:15:00Z174.129.49.227
02023-10-17T14:15:00Z67.202.12.24
02023-10-17T14:15:00Z18.207.186.198
02023-10-17T14:15:00Z52.207.220.54
02023-10-17T14:30:00Z44.199.53.160
02023-10-17T14:30:00Z174.129.49.227
02023-10-17T14:30:00Z67.202.12.24
02023-10-17T14:30:00Z18.207.186.198
02023-10-17T14:30:00Z52.207.220.54
02023-10-17T14:45:00Z44.199.53.160
02023-10-17T14:45:00Z174.129.49.227
02023-10-17T14:45:00Z67.202.12.24
02023-10-17T14:45:00Z18.207.186.198
02023-10-17T14:45:00Z52.207.220.54

For anyone following this thread - I had assumed they would buzz off once they realized they'd been blocked - I was wrong.

They've now double downed and are now hitting at a rate of over 100 per second for the last 6 hours using the same user agent however now coming from 2 Amazon ASN's

14618 - AMAZON-AES
16509 - AMAZON-02

The most active IP is still 44.199.53.160

@Greasemonkey -
Your list boils down to these 5 AWS IP's:

174.129.49.227
18.207.186.198
44.199.53.160
52.207.220.54
67.202.12.24

Because I'm IP-blocking AWS in my router, those hits don't show up in my webserver logs.

See also:

https://www.abuseipdb.com/check/44.199.53.160

[edited by: not2easy at 3:03 pm (utc) on Oct 20, 2023]
[edit reason] charter/ToS compliance [/edit]

Yep, I'm blocking these at cloudflare and have reported all.... And will continue reporting daily until they stop.

Interesting side note, and this is just opinion.....

We've had a strange uptick in phishing emails that seems strangely related. Its hard to describe, however we've received multiple emails from similar names about an out of stock product asking us to stop sending them "our return policy". The text of the emails similar (and out of context), and the names are all similar (different spelling). The product is one of our most popular and is currently out of stock.

New range from 16509 - AMAZON-02 is out of Singapore is really ramping up....

47.128.0.0/16

That range is actually:
47.128.0.0 - 47.131.255.255
47.128.0.0/14