| Netscape
|
wilderness
msg:4534247 | 12:38 pm on Jan 8, 2013 (gmt 0) |
Does anybody have a clue what this all about?
Grabbed main page, supporting files, and one sub-directory page.
Using NINE different Class D IP's.
207.200.116.137 - - [08/Jan/2013:04:46:00 +0000] "GET / HTTP/1.1" 200 5772 "-" "Mozilla/4.0 (compatible; MSIE 7.0; AOL 8.0; Windows NT 5.1; Trident/4.0; GTB7.4; .NET CLR 1.0.3705)"
|
incrediBILL
msg:4534346 | 4:33 pm on Jan 8, 2013 (gmt 0) |
It says AOL from an AOL IP, were any of the IPs not from AOL?
|
wilderness
msg:4534382 | 5:56 pm on Jan 8, 2013 (gmt 0) |
Does AOL own Netscape?
Netscape Communications Corp. (NSCP)
all requests began with 207.200.116. and ended with different Class D's except a single duplicate use of a Class D.
|
blend27
msg:4534403 | 6:59 pm on Jan 8, 2013 (gmt 0) |
207.200.116.137 - cache-ntc-ac08.proxy.aol.com
| Using NINE different Class D IP's. |
|
I think that is the way AOL users browse the web, been like that for the longest time.
These are usual headers sent with the requests:
Host: www.example.com
Via: HTTP/1.1 (Velocity/3.1.2.1 [uScMs f p eN:t cCMp s ]), HTTP/1.1 spider-dtc-tf12.proxy.aol.com[CDBC70AC] (Prism/1.2.1), HTTP/1.1 cache-dtc-aa13.proxy.aol.com[CDBC7411] (Traffic-Server/6.1.5 [uScM])
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/msword, application/x-shockwave-flash, application/x-silverlight, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/x-mfe-ipt, */*
X-PageView: www.example.com/page.html
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; AOL 9.1; AOLBuild 4334.5012; Windows NT 5.1; Trident/4.0; chromeframe/23.0.1271.97; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; McAfee)
Accept-Language: en-us
Content-Length: 0
Referer: [google.com...]
Accept-Encoding: gzip, deflate
I have these IP ranges attributed to AOL(sorry for the long list):
60.32.104.208 - 60.32.104.215
61.246.218.48 - 61.246.218.63
61.246.219.128 - 61.246.219.131
62.52.90.0 - 62.52.91.255
62.78.12.0 - 62.78.15.255
62.78.26.0 - 62.78.31.255
63.120.103.128 - 63.120.103.255
63.176.159.0 - 63.176.159.255
63.176.165.0 - 63.176.165.255
63.176.171.0 - 63.176.171.255
63.176.175.0 - 63.176.175.255
63.205.38.208 - 63.205.38.215
64.12.0.0 - 64.12.255.255
64.160.129.200 - 64.160.129.207
64.236.0.0 - 64.236.79.255
64.236.82.0 - 64.236.89.255
64.236.90.32 - 64.236.255.255
65.82.128.64 - 65.82.128.71
65.223.13.176 - 65.223.13.191
66.127.210.176 - 66.127.210.183
66.185.128.0 - 66.185.159.255
68.127.4.144 - 68.127.4.151
68.127.132.128 - 68.127.132.135
69.77.164.192 - 69.77.164.223
70.150.93.184 - 70.150.93.191
72.3.162.32 - 72.3.162.39
81.80.139.80 - 81.80.139.95
81.218.3.176 - 81.218.3.179
81.218.5.144 - 81.218.5.159
96.46.132.104 - 96.46.132.111
118.102.163.144 - 118.102.163.147
125.16.144.250 - 125.16.144.250
141.156.153.160 - 141.156.153.167
152.163.0.0 - 152.163.255.255
158.253.0.0 - 158.253.3.255
162.84.98.24 - 162.84.98.31
172.128.0.0 - 172.216.255.255
192.118.108.0 - 192.118.111.255
192.203.190.0 - 192.203.190.255
192.245.232.0 - 192.245.232.255
193.95.176.144 - 193.95.176.151
193.189.232.0 - 193.189.232.255
194.146.100.0 - 194.146.100.255
195.93.0.0 - 195.93.127.255
195.112.166.224 - 195.112.166.227
195.126.249.104 - 195.126.249.111
195.127.25.96 - 195.127.25.127
195.127.170.192 - 195.127.170.199
195.188.232.0 - 195.188.235.255
198.69.67.0 - 198.69.67.255
198.81.0.0 - 198.81.31.255
204.148.8.0 - 204.148.9.255
204.148.96.0 - 204.148.103.255
205.149.192.0 - 205.149.255.255
205.188.0.0 - 205.188.255.255
206.47.170.32 - 206.47.170.63
207.24.28.112 - 207.24.28.127
207.24.28.160 - 207.24.28.175
207.25.102.0 - 207.25.102.255
207.35.237.224 - 207.35.237.231
208.22.113.240 - 208.22.113.247
209.47.31.0 - 209.47.31.127
209.202.101.48 - 209.202.101.55
210.8.67.192 - 210.8.67.223
212.63.174.66 - 212.63.174.66
217.38.0.0 - 217.38.255.255
217.48.0.0 - 217.49.255.255
217.161.128.0 - 217.161.255.255
218.103.100.128 - 218.103.100.135
|
lucy24
msg:4534471 | 10:15 pm on Jan 8, 2013 (gmt 0) |
Uhmm... Seriously? I think they do, in fact. Didn't they buy it back around 1997?
Yes, AOL is a pain. My current log-wrangling functions assume that the first three pieces of the IP will be the same. Some cell phones also change in mid-connection.
|
|
|
