There is something bizarre going on in our logs. It is interesting that the first of such links comes from aQuantive - now Microsoft advertising.
We have a site that is running some Google advertising supposedly (did not set this up myself). There is a bunch of traffic - all from different networks in Canada - where these visitors hit that ad landing page, then jump over to another web site on our server.
For this particular company, it is highly unlikely that 10 or 20 visitors per day in Canada are clicking on their ads legitimately (if that is in fact the source).
Additionally there are strange Google redirect links in our logs, and a lot of searches in Google.ca (Google Canada) that are ending up at this site.
One thing I noticed is that initial attempts at this type of traffic were coming from international locations other than Canada, some of which we have blocked. Perhaps because they cannot get to the site via these locations they set up shop in Canada and attempt to access our site through some weird redirect through a form. Will have to keep looking into that.
The traffic started on September 1st 2009. Here are the IP addresses involved:
10/9/2009 8:30:38 PM 70.83.96.135
10/9/2009 8:27:18 PM 70.83.96.135
10/9/2009 4:52:29 PM 99.240.97.84
10/9/2009 12:54:38 PM 99.248.203.79
10/9/2009 9:07:30 AM 24.186.175.130
10/9/2009 9:06:41 AM 24.186.175.130
10/9/2009 9:06:22 AM 24.186.175.130
10/9/2009 9:05:35 AM 24.186.175.130
10/9/2009 9:04:51 AM 24.186.175.130
10/9/2009 9:04:06 AM 216.239.45.19
10/9/2009 9:03:34 AM 216.239.45.19
10/9/2009 9:02:25 AM 216.239.45.19
10/8/2009 11:52:36 PM 98.111.75.233
10/8/2009 11:41:25 AM 99.230.181.71
10/8/2009 11:41:03 AM 99.230.181.71
10/8/2009 11:16:19 AM 65.254.6.82
10/8/2009 11:10:52 AM 68.178.43.83
10/8/2009 11:05:59 AM 24.177.28.130
10/8/2009 10:23:32 AM 70.79.189.119
10/8/2009 10:23:26 AM 70.79.189.119
10/8/2009 10:18:40 AM 98.243.28.190
10/8/2009 9:24:55 AM 71.126.247.202
10/8/2009 7:37:24 AM 64.72.8.3
10/8/2009 7:36:28 AM 64.72.8.3
10/8/2009 7:36:28 AM 64.72.8.3
10/7/2009 10:25:02 PM 76.174.128.45
10/7/2009 9:48:20 PM 98.247.76.189
10/7/2009 9:46:38 PM 98.247.76.189
10/7/2009 9:38:59 PM 98.247.76.189
10/6/2009 12:02:20 PM 64.62.114.34
10/5/2009 9:13:58 PM 98.247.76.189
10/5/2009 9:13:18 PM 98.247.76.189
10/5/2009 9:12:00 PM 98.247.76.189
10/5/2009 4:29:15 PM 64.105.65.4
10/5/2009 8:09:05 AM 24.18.190.143
10/2/2009 5:58:09 PM 98.247.76.189
10/2/2009 5:09:25 PM 98.247.76.189
10/2/2009 4:12:45 PM 98.247.76.189
10/2/2009 3:57:34 PM 98.247.76.189
10/2/2009 3:46:32 PM 98.247.76.189
10/2/2009 7:48:34 AM 64.105.65.105
9/29/2009 4:47:54 PM 67.171.17.196
9/28/2009 4:49:28 PM 70.102.156.98
9/24/2009 1:25:39 PM 72.86.22.146
9/24/2009 1:01:32 PM 72.86.22.146
9/21/2009 3:58:43 PM 76.22.80.65
9/10/2009 2:14:01 PM 76.28.231.49
9/2/2009 4:24:01 PM 71.39.140.20
9/1/2009 3:09:50 PM 216.99.5.100
9/1/2009 3:09:23 PM 216.99.5.100