homepage Welcome to WebmasterWorld Guest from 184.72.82.126
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

This 169 message thread spans 6 pages: < < 169 ( 1 2 3 [4] 5 6 > >     
Server Farms, Elron Technologies and more
wilderness




msg:4456469
 3:25 pm on May 22, 2012 (gmt 0)

single root request.
No images, no robots.

Visited a few times previously.

207.232.29.zzz - - [22/May/2012:15:27:14 +0100] "GET / HTTP/1.1" 403 559 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.14) Gecko/20100824 BonEcho/2.0.0.14"

207.232.0.0 - 207.232.63.255
199.203.0.0 - 199.203.255.255

 

keyplyr




msg:4531533
 7:39 pm on Dec 27, 2012 (gmt 0)

...and just when ya think you've got 'em all :)

wilderness




msg:4531634
 6:11 am on Dec 28, 2012 (gmt 0)

Techie Hosting
TECHIEMEDIA 199.80.56.0 - 199.80.63.255 199.80.56.0/21
TECHIEMEDIA 208.71.128.0 - 208.71.131.255 208.71.128.0/22
TECHIEMEDIA 208.90.152.0 - 208.90.155.255 208.90.152.0/22
TECHIEMEDIA 173.0.176.0 - 173.0.191.255 173.0.176.0/20
TECHIEMEDIA 108.60.64.0 - 108.60.95.255 108.60.64.0/19

blend27




msg:4532585
 6:59 pm on Jan 2, 2013 (gmt 0)

TULSACONNECT2 67.214.96.0 - 67.214.111.255 67.214.96.0/20

First Hosting Range added in 2013 for me!

67.214.103.109 UA: Opera/9.80 (Windows NT 6.1; U; ru) Presto/2.8.131 Version/11.10

Requesting:
/wp-login.php
/administrator/index.php
/admin.php

... Kind of makes it less fun catching them, cause I don't have any PHP on this site. So it's 99.99% either a scraper of a hack attempt. Too easy...

wilderness




msg:4532592
 7:28 pm on Jan 2, 2013 (gmt 0)

Thank blend.

TULSACONNECT 65.38.0.0 - 65.38.31.255
TULSACONNECT2 67.214.96.0 - 67.214.111.255

Savis 208.132.128.0 - 208.138.15.255
Tulsaconnect
CW-208-136-160-B 208.136.160.0 - 208.136.175.255
CW-208-165-96-B 208.165.96.0 - 208.165.111.255
CW-208-137-184-C 208.137.184.0 - 208.137.187.255
CW-208-152-96-C 208.152.96.0 - 208.152.103.255
CW-208-135-238-B (208.135.238.0 - 208.135.239.255

blend27




msg:4533306
 6:05 pm on Jan 4, 2013 (gmt 0)

199.59.60.212 Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.02

This one has been bugging out since late August. Even passing out cookies on the subsequent requests.

Anyway,

HOSTWINDS, LLC.

199.59.56.0 - 199.59.63.255 HOSTWINDS-21-1 199.59.56.0/21
198.84.64.0 - 198.84.127.255 HOSTWINDS-18-2 198.84.64.0/18
198.143.96.0 - 198.143.127.255 HOSTWINDS-19-1 198.143.96.0/19
192.119.64.0 - 192.119.127.255 HOSTWINDS-18-3 192.119.64.0/18
142.11.192.0 - 142.11.255.255 HOSTWINDS-18-1 142.11.192.0/18
108.174.192.0 - 108.174.207.255 HOSTWINDS-20-1 108.174.192.0/20

wilderness




msg:4534156
 1:01 am on Jan 8, 2013 (gmt 0)

OVH Hosting
OVH-142.4.192.0 - 142.4.223.255 142.4.192.0/19
OVH-192.95.0.0 - 192.95.63.255 192.95.0.0/18
OVH-198.27.64.0 - 198.27.127.255 198.27.64.0/18
OVH-198.100.144.0 - 198.100.159.255 198.100.144.0/20
OVH-198.245.48.0 - 198.245.63.255 198.245.48.0/20

blend27




msg:4534159
 1:18 am on Jan 8, 2013 (gmt 0)

Don, I think OVH list is at least twice that. I'll dig in, see what I could find, but here is a snapshot:

[bgp.he.net...]

OVH has one of the most blocked IP numbers on the block. They are on the same level of Planet and such...

wilderness




msg:4534163
 1:47 am on Jan 8, 2013 (gmt 0)

blend,
The ARIN output was massive and required condensing.
ARIN doen't include RIPE ranges.

blend27




msg:4534167
 2:49 am on Jan 8, 2013 (gmt 0)

OVH is mostly RIPE, not to get into it.. I got FR(worst), NL, PL, GB, CA... In my book anything OVH is 403(well, record and learn), just an opinion.. including 'Ovh Systems'.

not2easy




msg:4534182
 4:54 am on Jan 8, 2013 (gmt 0)

I have these in addition for OVH (FR):
37.59.0.0 - 37.59.63.255
37.59.0.0/16 OVH France

46.105.158.240 - 46.105.158.247
46.105.0.0/16 OVH France

213.251.184.0 - 213.251.187.255
213.251.128.0/18 OVH France

Edited because my tabs disappeared

blend27




msg:4534400
 6:44 pm on Jan 8, 2013 (gmt 0)

94.229.78.61 with UA: Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0

Multiple attempts Requesting:
/
/register/
/login.php
/signup.php


94.229.64.0 - 94.229.79.255 UK-UKSERVERS-20081112 94.229.64.0/20
78.157.192.0 - 78.157.223.255 UK-UKSERVERS-20070831 78.157.192.0/19
78.110.160.0 - 78.110.175.255 UK-UKSERVERS-20070814 78.110.160.0/20
77.75.120.0 - 77.75.127.255 UK-UKSERVERS-20070510 77.75.120.0/22
77.74.192.0 - 77.74.199.255 UK-UKSERVERS-20070424 77.74.192.0/21

dstiles




msg:4534439
 8:50 pm on Jan 8, 2013 (gmt 0)

From my own database, including FR, CA and other countries, for OVH:

5.39.0.0 - 5.39.127.255
5.135.0.0 - 5.135.255.255
37.59.0.0 - 37.59.255.255
46.105.0.0 - 46.105.255.255
77.111.192.0 - 77.111.255.255
87.98.128.0 - 87.98.255.255
91.121.0.0 - 91.121.255.255
94.23.0.0 - 94.23.255.255
109.190.0.0 - 109.190.255.255
142.4.192.0 - 142.4.223.255
176.31.0.0 - 176.31.255.255
178.32.0.0 - 178.33.255.255
178.236.224.0 - 178.236.239.255
188.165.0.0 - 188.165.255.255
192.95.0.0 - 192.95.63.255
198.27.64.0 - 198.27.127.255
198.100.144.0 - 198.100.159.255
198.245.48.0 - 198.245.63.255
213.186.32.0 - 213.186.63.255
213.251.128.0 - 213.251.191.255

Including one re-assignment (2-year-old original) and one new one from blend27's list, for UK Dedicated Servers:

77.74.192.0 - 77.74.199.255
77.75.120.0 - 77.75.127.254
78.110.160.0 - 78.110.175.255
78.157.192.0 - 78.157.223.255
81.19.176.0 - 81.19.191.255
94.229.64.0 - 94.229.79.255

wilderness




msg:4535001
 1:39 pm on Jan 10, 2013 (gmt 0)

Interserver, Inc
INTERSERVER 173.214.160.0 - 173.214.175.255 173.214.160.0/20
INTERSERVER 192.64.80.0 - 192.64.87.255 192.64.80.0/21
INTERSERVER 199.231.184.0 - 199.231.191.255 199.231.184.0/21
INTERSERVER 206.72.192.0 - 206.72.207.255 206.72.192.0/20
INTERSERVER 209.159.144.0 - 209.159.159.255 209.159.144.0/20
INTERSERVER 64.20.32.0 - 64.20.63.255 64.20.32.0/19
INTERSERVER 66.23.224.0 - 66.23.239.255 66.23.224.0/20
INTERSERVER 66.45.224.0 - 66.45.255.255 66.45.224.0/19
INTERSERVER 68.168.208.0 - 68.168.223.255 68.168.208.0/20
INTERSERVER 69.10.32.0 - 69.10.63.255 69.10.32.0/19
INTERSERVER 2604:A00:: - 2604:A00:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

blend27




msg:4535072
 5:54 pm on Jan 10, 2013 (gmt 0)

66.154.100.75 - UA: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:16.0) Gecko/20100101 Firefox/16.0

Requested supporting files from the page. Reverse points to "Canadian farma" site, oops...403 :).

Belongs to: ASSERTIVENETWORKS

66.154.96.0 - 66.154.127.255 ASSERTIVENETWORKS 66.154.96.0/19

keyplyr




msg:4535655
 12:31 pm on Jan 13, 2013 (gmt 0)

weebly cloud hosting
199.34.228.0 - 199.34.231.255
199.34.228.0/22

hostopia & aplus hosting > InternetNamesForBusiness.com
64.29.144.0 - 64.29.159.255
64.29.144.0/20

Both of these are geared toward amateur site builders so probably not a malicious bot threat... more of a FYI.

wilderness




msg:4535665
 2:38 pm on Jan 13, 2013 (gmt 0)

InternetNamesForBusiness
MEGA-13 206.225.88.0 - 206.225.91.255 206.225.88.0/22
MEGA-6 209.235.128.0 - 209.235.159.255 209.235.128.0/19
MEGA-7 216.55.132.0 - 216.55.135.255 216.55.132.0/22
MEGA-8 (216.55.144.0 - 216.55.159.255 216.55.144.0/20
MEGA-9 216.55.172.0 - 216.55.175.255 216.55.172.0/22
MEGA-10 216.55.188.0 - 216.55.191.255 216.55.188.0/22
MEGA-1 216.251.32.0 - 216.251.47.255 216.251.32.0/20
EXP-INFB-109-24 216.82.109.0 - 216.82.109.255 216.82.109.0/24
MEGA-2 64.29.144.0 - 64.29.159.255 64.29.144.0/20
MEGA-3 69.49.96.0 - 69.49.127.255 69.49.96.0/19
MEGA-11 66.226.64.0 - 66.226.71.255 66.226.64.0/21
MEGA-12 66.226.80.0 - 66.226.95.255 66.226.80.0/20
MEGA-4 2001:1810:: - 2001:1810:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

wilderness




msg:4535668
 2:46 pm on Jan 13, 2013 (gmt 0)

weebly cloud hosting
199.34.228.0 - 199.34.231.255
199.34.228.0/22


WEEBLYNET2 74.115.48.0 - 74.115.51.255 74.115.48.0/22

dstiles




msg:4535746
 8:24 pm on Jan 13, 2013 (gmt 0)

Some of the InternetNamesForBusiness ranges are sub-ranges of larger Codero ranges, which should also be blocked (eg all 216.55 can be combined).

keyplyr




msg:4535756
 9:27 pm on Jan 13, 2013 (gmt 0)

Thanks dstiles, good catch.

keyplyr




msg:4535876
 10:43 am on Jan 14, 2013 (gmt 0)


In-Solve Hosting, Russia
81.177.166.0 - 81.177.167.255
81.177.166.0/23

dstiles




msg:4535992
 8:40 pm on Jan 14, 2013 (gmt 0)

I actually block 81.176.0.0/15 - RTCOMM-RU

keyplyr




msg:4536000
 9:17 pm on Jan 14, 2013 (gmt 0)

Isn't Sochitelecom (81.176.0.0 - 81.176.2.255) a Cable ISP?

wilderness




msg:4536018
 9:49 pm on Jan 14, 2013 (gmt 0)

Some of the InternetNamesForBusiness ranges are sub-ranges of larger Codero ranges, which should also be blocked (eg all 216.55 can be combined).


dstiles,
I've had 216.55.128-191 denied since 2004 under the former name of Abacus America Inc.
Today that same company operates under the name of aplusnet, however the 216.55. IP's have been reassigned.

There is a small community college in the 216.55.
216.55.112.0 - 216.55.127.255
My nephew attends and the college was involved in an extensive widget project.
They offer wifi on-campus for students.

not2easy




msg:4536103
 6:32 am on Jan 15, 2013 (gmt 0)

A few more XEEX showed up
113.212.64.0 - 113.212.95.255 - XEEX India
113.212.64.0/19

216.151.128.0 - 216.151.159.255 - XEEX-COMMUNICATIONS
216.151.128.0/19

dstiles




msg:4536283
 8:15 pm on Jan 15, 2013 (gmt 0)

Wilderness - A DNS check shows 216.55.128.0/18 is still codero, which is always blocked. Some of the sub-ranges are assigned to InternetNames. I have nothing blocked in the range 216.55.112.0/20.

Keyplr - it may be but it's part of an annoying /15 and Russian and belonging to rtcomm.

blend27




msg:4538467
 11:11 pm on Jan 22, 2013 (gmt 0)

PEG TECH INC

199.188.104.0 - 199.188.111.255 199.188.104.0/21
199.180.100.0 - 199.180.103.255 199.180.100.0/22
192.74.224.0 - 192.74.255.255 192.74.224.0/19
142.4.96.0 - 142.4.127.255 142.4.96.0/19
142.0.128.0 - 142.0.143.255 142.0.128.0/20

OK Now!, several requests from each range with the past 2 month. Every IP is in projectHoneyPot(API) as a "comments spammer".

blend27




msg:4538477
 11:50 pm on Jan 22, 2013 (gmt 0)

add these to XEEX:

69.26.160.0 - 69.26.191.255
69.26.160.0/19

209.159.140.0 - 209.159.141.255 (via Trit Networks)

dstiles




msg:4538753
 8:30 pm on Jan 23, 2013 (gmt 0)

I have a note on the range 142.0.128.0/20 that part of the range is leased to China.

blend27




msg:4538817
 2:15 am on Jan 24, 2013 (gmt 0)

leased to China


With some heavy duty adult content hosted there as well.

keyplyr




msg:4538829
 2:59 am on Jan 24, 2013 (gmt 0)




With some heavy duty adult content hosted there as well.

Commonly referred to as hobby sites :)

wilderness




msg:4538860
 7:31 am on Jan 24, 2013 (gmt 0)

Versaweb (old thread [webmasterworld.com])

76.164.196.194 - - [Thu Jan 24 06:22:51 2013] "GET / HTTP/1.1" 403 0 "-" "-"

VWEB-208-64-24 208.64.24.0 - 208.64.31.255 208.64.24.0/21
VWEB-208-66-72 208.66.72.0 - 208.66.79.255 208.66.72.0/21
VWEB-72-46-128 72.46.128.0 - 72.46.159.255 72.46.128.0/19
VWEB-76-164-192 76.164.192.0 - 76.164.239.255 76.164.224.0/20 76.164.192.0/19

This 169 message thread spans 6 pages: < < 169 ( 1 2 3 [4] 5 6 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved