wilderness
msg:4456551 | 6:42 pm on May 22, 2012 (gmt 0) |
Psychz
216.24.199.zz - - [22/May/2012:17:09:28 +0100] "GET /MySub/MuSub-sub/MyPage.html HTTP/1.0" 200 37093 "http://example.com/MySub/MuSub-sub/MyPage.html" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Babya Discoverer 8.0:"
Note malformed UA and trailing space near end and prior to version number.
There's an old thread on Babya Discoverer [webmasterworld.com], which is claimed to be a browser. Freely downloadable.
There's a 2009 heads up by keyplr on another IP from this host [webmasterworld.com]
|
dstiles
msg:4456612 | 9:11 pm on May 22, 2012 (gmt 0) |
I block 199.203/16 on a few sites but not all; I have it listed as Israel, which is always a potential hazard source, but have no bad hits within that range since at least last October.
I still have both bonecho and babya listed as browsers, although both with the caveat "suspicious". Can't say I've seen anything particularly noticable with them.
My experience of non-mainstream browsers, addons and toolbars has been that malformed UAs are the norm. Some right cowboys out there. :(
(Apologies to concientious and hard-working cowboys everywhere!) :)
psychz - I noticed that range a couple of days ago and blocked yet another of their IP ranges.
|
wilderness
msg:4456618 | 9:27 pm on May 22, 2012 (gmt 0) |
| I block 199.203/16 on a few sites but not all; I have it listed as Israel, which is always a potential hazard source, but have no bad hits within that range since at least last October. |
|
The majority of google references to this org are to an Israel company, however if you sift through them, you'll see the correct references to the hosting company. I made the same mistake at forst. [edited by: incrediBILL at 9:35 pm (utc) on May 22, 2012]
[edit reason] fixed formatting [/edit]
|
AussieWebmaster
msg:4456643 | 10:12 pm on May 22, 2012 (gmt 0) |
Psychz is a behavioral targeting company so may have a number of sites tied together that are tracking clicks
|
wilderness
msg:4456653 | 10:30 pm on May 22, 2012 (gmt 0) |
| Psychz is a behavioral targeting company |
|
I behave just fine under most normal circumstances and don't need anybody generating patterns of irrationality ;)
|
JasonD
msg:4456873 | 9:35 am on May 23, 2012 (gmt 0) |
Just as a heads up I am the founder of Pzyche, the behavioural business Aussie Webmaster mentions above. Unofrtunately he made a mistake and Psychz, the business mentioned in this thread, is a different business altogether.
Psychz is a web hosting business and not us (psychz.net) [edited by: incrediBILL at 2:16 pm (utc) on May 23, 2012]
[edit reason] delinked URL [/edit]
|
wilderness
msg:4457291 | 9:24 am on May 24, 2012 (gmt 0) |
Had a handful of ranges from various IP's and providers, requesting WordPress pages on a sites that is without WP.
The Rewrite was one range of this provider, and the other three courtesy of WHOIS.
VAULT-NETWORKS 199.59.96.0 - 199.59.99.255
RewriteCond %{REMOTE_ADDR} ^204\.11\.23[2-9]\. [OR]
VAULT-NETWORKS 206.253.168.0 - 206.253.175.255
VAULT-NETWORKS 208.64.64.0 - 208.64.71.255
|
dstiles
msg:4458431 | 6:21 pm on May 27, 2012 (gmt 0) |
After another psychz hit today, my total ranges now are:
74.117.56.0 - 74.117.63.255
108.171.240.0 - 108.171.255.255
173.224.208.0 - 173.224.223.255
199.15.112.0 - 199.15.119.255
199.71.212.0 - 199.71.215.255
199.119.200.0 - 199.119.207.255
208.87.240.0 - 208.87.243.255
216.24.192.0 - 216.24.207.255
|
wilderness
msg:4474834 | 2:19 am on Jul 12, 2012 (gmt 0) |
Had a couple of these.
Added rest:
HOSTINGSERVICES-INC (NET6-2606-2E00-1) 2606:2E00:: - 2606:2E00:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
HOSTINGSERVICES-INC 173.244.192.0 - 173.244.223.255
HOSTINGSERVICES-INC 173.255.128.0 - 173.255.143.255
HOSTINGSERVICES-INC 174.127.64.0 - 174.127.127.255
HOSTINGSERVICES-INC 198.105.208.0 - 198.105.223.255
HOSTINGSERVICES-INC 199.189.104.0 - 199.189.111.255
HOSTINGSERVICES-INC 199.195.192.0 - 199.195.199.255
HOSTINGSERVICES-INC 206.217.192.0 - 206.217.223.255
HOSTINGSERVICES-INC 216.119.144.0 - 216.119.159.255
HOSTINGSERVICES-INC 50.115.112.0 - 50.115.127.255
HOSTINGSERVICES-INC 67.213.208.0 - 67.213.223.255
HOSTINGSERVICES-INC 69.4.224.0 - 69.4.239.255
|
keyplyr
msg:4474935 | 10:37 am on Jul 12, 2012 (gmt 0) |
Thanks (I think)
|
dstiles
msg:4475121 | 7:59 pm on Jul 12, 2012 (gmt 0) |
Thanks, Wilderness.
Got an extra one at 98.158.176/20
Total list now (after adding several from above!):
50.115.112.050.115.127.255
67.213.208.067.213.223.255
69.4.224.069.4.239.255
98.158.176.098.158.191.255
173.244.192.0173.244.223.255
173.255.128.0173.255.143.255
174.127.64.0174.127.127.255
198.105.208.0198.105.223.255
199.189.104.0199.189.111.255
199.195.192.0199.195.199.255
206.217.192.0206.217.223.255
216.119.144.0216.119.159.255
|
wilderness
msg:4475130 | 8:33 pm on Jul 12, 2012 (gmt 0) |
Thanks for the addition.
|
keyplyr
msg:4475132 | 8:43 pm on Jul 12, 2012 (gmt 0) |
And I was just about to jump into the Pacific Ocean...
|
wilderness
msg:4475917 | 10:29 pm on Jul 15, 2012 (gmt 0) |
SimpliQ SIMPLIQ-HOSTING 74.117.152.0 - 74.117.159.255
Elvsoft Corp INTOVPS-HOSTING-US 74.117.156.0 - 74.117.159.255
74.117.158.98 - - [15/Jul/2012:20:48:33 +0100] "GET / HTTP/1.1" 200 6010 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)"
|
keyplyr
msg:4476170 | 7:21 pm on Jul 16, 2012 (gmt 0) |
and another - thanks Don
|
wilderness
msg:4476179 | 7:52 pm on Jul 16, 2012 (gmt 0) |
There may be more IP's, having a less than stellar few days and have simply become lazy in some regards ;)
|
wilderness
msg:4476607 | 2:33 am on Jul 18, 2012 (gmt 0) |
H4Y Technologies LLC MNT-199-83-208-0-21 199.83.208.0 - 199.83.215.255
Monticello Networks, Inc. MONTI-NET-1 199.83.208.0 - 199.83.215.255
199.83.209.zz - - [18/Jul/2012:02:19:43 +0100] "GET /MyFolder/MySub/MyPage.html HTTP/1.0" 200 25779 "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1"
There four more listings in ARIN, however unable to retrieve IP ranges.
These last three of the eight are Peer1.
I've not compared these to previous Peer1 IP's, to determine if there are Peer subnets or new ranges.
PEER1-H4Y-TECHNOLOGIES 76.74.177.64 - 76.74.177.127
PEER1-H4Y-TECHNOLOGIES-02 64.34.254.64 - 64.34.254.127
PEER1-H4Y-TECHNOLOGIES-03 69.172.213.128 - 69.172.213.255
|
tangor
msg:4476675 | 9:53 am on Jul 18, 2012 (gmt 0) |
How is this going to change after ip6? Instead of millions we'll be looking at billions or more... Sigh! I don't want to ban my refrigerator or air-conditioner. :)
|
keyplyr
msg:4476681 | 10:40 am on Jul 18, 2012 (gmt 0) |
tangor - your refrigerator has been on my watch list for some time!
|
wilderness
msg:4480617 | 5:14 pm on Jul 31, 2012 (gmt 0) |
no robts
No supporting files.
Thorn Communications, Inc THORNNET-1 216.213.0.0 - 216.213.191.255
DR Soft THORN-DRSOFT-COLO 216.213.45.0 - 216.213.45.255
216.213.45.zzz - - [31/Jul/2012:17:47:11 +0100] "GET /MyFolder/SubFolder/MyPage.html HTTP/1.0" 200 25779 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
216.213.45.zzz - - [31/Jul/2012:17:47:12 +0100] "GET /MyFolder/SubFolder/Root.html HTTP/1.0" 200 9641 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
|
keyplyr
msg:4480646 | 6:16 pm on Jul 31, 2012 (gmt 0) |
wilderness, besides dedi servers, Thorn Communications is also an ISP.
Our Internet access services give you the benefits of Thorn's network, the unparalleled expertise of our network engineers, and reliable connectivity to the global Internet. Online services inlcude: e-mail, Web access and file transfer.
Available through both leased line and colocation services, access to the Internet is offered through frame relay, dedicated lines or ATM, so you can take advantage of the speed and price that suits your connectivity needs. |
|
|
wilderness
msg:4480660 | 6:52 pm on Jul 31, 2012 (gmt 0) |
Many thanks keyplr.
| so you can take advantage of the speed and price that suits your connectivity needs. |
|
Such blazing speed allowed this user to download a 26kb page, read the page and then proceed to the root index all within one-second ;)
|
wilderness
msg:4482058 | 10:39 pm on Aug 5, 2012 (gmt 0) |
Netriplex
keyplr has a 2011 thread [webmasterworld.com] on this that is closed.
NETRIPLEX LLC NETR-AVL-1 216.59.0.0 - 216.59.63.255
Microglobe LLC NETRIPLEX-AVL-216-59-3-0 216.59.3.0 - 216.59.3.255
the subnet appeared caching pages as other visitors viewed them.
Subnet some type of content filter.
|
wilderness
msg:4486902 | 5:34 pm on Aug 21, 2012 (gmt 0) |
Westhost
206.130.96.0 - 206.130.127.255
208.131.128.0 - 208.131.159.255
209.236.64.0 - 209.236.79.255
67.212.224.0 - 67.212.239.255
68.169.32.0 - 68.169.47.255
69.36.160.0 - 69.36.191.255
|
keyplyr
msg:4486996 | 9:07 pm on Aug 21, 2012 (gmt 0) |
Thanks for the Westhost ranges wilderness
|
wilderness
msg:4487002 | 9:25 pm on Aug 21, 2012 (gmt 0) |
FWIW, they used to be the server for this website ;)
Upon searching my data, plenty of saved pages came up, highlighting the link.
|
keyplyr
msg:4487396 | 11:23 pm on Aug 22, 2012 (gmt 0) |
Yeah, it's kind of a double standard. I have 2 sites on Godaddy, but I block external requests from Godaddy.
|
wilderness
msg:4487402 | 12:12 am on Aug 23, 2012 (gmt 0) |
I do the same for the company I host from.
|
dstiles
msg:4487729 | 7:24 pm on Aug 23, 2012 (gmt 0) |
It does not matter where you host a web site. If the IP range is of a server farm, it should be blocked by other web sites (valid bots excepted). There is no reason why a server should access another server unless there is a valid connection or reason.
|
| This 169 message thread spans 6 pages: 169 ( [1] 2 3 4 5 6 ) > > |
|
|
