homepage Welcome to WebmasterWorld Guest from 54.205.254.108
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

This 103 message thread spans 4 pages: 103 ( [1] 2 3 4 > >     
Server Farms - May 2013
Ongoing Hosting Data Center Discussion
incrediBILL




msg:4570885
 8:14 pm on May 5, 2013 (gmt 0)

Continuation of the March 2013 thread:
[webmasterworld.com...]

 

wilderness




msg:4570895
 9:04 pm on May 5, 2013 (gmt 0)

ACENET, INC
ACENETMI 173.230.240.0 - 173.230.255.255 173.230.240.0/20
ALLOC4 192.64.32.0 - 192.64.35.255 192.64.32.0/22
ACENETMI 207.45.176.0 - 207.45.191.255 207.45.176.0/20
ACENETMI 68.171.208.0 - 68.171.223.255 68.171.208.0/20
ACENETMI 2607:F548:: - 2607:F548:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

keyplyr




msg:4571370
 1:48 am on May 7, 2013 (gmt 0)



LocoDigital Datacenters
176.119.24.0 - 176.119.31.255

keyplyr




msg:4571742
 5:51 am on May 8, 2013 (gmt 0)

Found a spoofed browser UA with unnatural header from:

78.108.63.40 - 78.108.63.47
78.108.63.40/29

Owned by teknikbyran.se, a Swedish TOR/anonymization service.


Other ranges registered to them are:

78.108.48.0 - 78.108.48.31
78.108.48.0/27

78.108.48.32 - 78.108.48.63
78.108.48.32/27

route: 78.108.48.0/20

blend27




msg:4571816
 11:56 am on May 8, 2013 (gmt 0)

72.46.159.121 (72-46-159.unassigned.userdns.com) | Mozilla/5.0 (Windows NT 5.2; rv:16.0) Gecko/20100101 Firefox/16.0

Bad Headers, No Robots.txt, IP in Project Honey Pot, ServerFarm Range. ----> Rhhhhaabit..

anyway,

Versaweb, LLC

72.46.128.0-72.46.159.255 | 72.46.128.0/19
76.164.192.0 - 76.164.239.255 76.164.192.0/19
208.64.24.0 - 208.64.31.255 | 208.64.24.0/21
208.66.72.0 - 208.66.79.255 | 208.66.72.0/21

dstiles




msg:4571902
 4:10 pm on May 8, 2013 (gmt 0)

New Rackspace range, registered in March...

162.209.0.0 - 162.209.127.255
162.209.0.0/17

My full Rackspace list is now...

31.222.128.0 - 31.222.191.255
37.188.96.0 - 37.188.127.255
46.38.160.0 - 46.38.191.255
50.56.0.0 - 50.57.255.255
64.39.0.0 - 64.39.31.255
64.49.192.0 - 64.49.255.255
65.61.128.0 - 65.61.191.255
66.216.64.0 - 66.216.127.255
67.192.0.0 - 67.192.255.255
67.207.128.0 - 67.207.223.255
69.20.0.0 - 69.20.127.255
72.3.128.0 - 72.3.255.255
72.4.112.0 - 72.4.127.255
72.32.0.0 - 72.32.255.255
74.205.0.0 - 74.205.127.255
78.136.0.0 - 78.136.63.255
89.234.0.0 - 89.234.63.255
92.52.64.0 - 92.52.127.255
94.236.0.0 - 94.236.127.255
95.138.128.0 - 95.138.191.255
98.129.0.0 - 98.129.255.255
108.166.0.0 - 108.166.127.255
108.171.160.0 - 108.171.191.255
120.136.32.0 - 120.136.47.255
162.209.0.0 - 162.209.127.255
164.177.128.0 - 164.177.159.255
166.78.0.0 - 166.78.255.255
173.203.0.0 - 173.203.255.255
174.143.0.0 - 174.143.255.255
184.106.0.0 - 184.106.255.255
198.61.128.0 - 198.61.255.255
198.101.128.0 - 198.101.255.255
204.232.128.0 - 204.232.255.255
207.97.192.0 - 207.97.255.255
209.61.128.0 - 209.61.191.255
209.114.32.0 - 209.114.63.255
212.64.128.0 - 212.64.159.255
212.100.224.0 - 212.100.255.255

keyplyr




msg:4572111
 1:02 am on May 9, 2013 (gmt 0)


livenet.pl / slaskdatacenter.pl
31.6.70.0 - 31.6.71.255
178.19.104.0 - 178.19.111.255

The livenet.pl company site is hosted at:
Network Communication
91.203.220.0 - 91.203.223.255

dstiles




msg:4572431
 6:58 pm on May 9, 2013 (gmt 0)

Didn't have those two ranges. Thanks. For livenet PL I now have:

31.6.70.0 - 31.6.71.255
91.204.160.0 - 91.204.163.255
91.238.134.0 - 91.238.135.255
178.19.104.0 - 178.19.111.255
212.59.224.0 - 212.59.255.255

I have no evidence for 91.203.220.0/22 being a bad range - had it logged since 2010 with no bad IPs.

keyplyr




msg:4572470
 7:46 pm on May 9, 2013 (gmt 0)

And thanks for the Rackspace list. I was actually missing about half of those!

RE: 91.203.220.0/22 - The Network Communication site does identify as a hosting datacenter.

keyplyr




msg:4573355
 10:27 pm on May 12, 2013 (gmt 0)

VPNTunnel anon service:


5.254.137.0 - 5.254.137.255
5.254.137.0/24

5.254.140.0 - 5.254.140.255
5.254.140.0/24

probably more

keyplyr




msg:4573404
 4:55 am on May 13, 2013 (gmt 0)

Wholesaleinternet colo/dedi servers:
204.12.192.0 - 204.12.255.255
204.12.192.0/18

dstiles




msg:4573675
 8:01 pm on May 13, 2013 (gmt 0)

5.254.128.0 - 5.254.159.255 blocked - server farm and VPN tunnels (which can be used for antisocial purposes).

Wholesale Internet...

69.30.192.0 - 69.30.255.255
69.197.128.0 - 69.197.191.255
119.63.200.0 - 119.63.207.255
173.208.128.0 - 173.208.255.255
204.12.192.0 - 204.12.255.255
208.110.64.0 - 208.110.95.255

(may be more - that's just the ones brought to my attention via bad activity).

wilderness




msg:4574495
 7:49 pm on May 15, 2013 (gmt 0)

Optimal Link Corporation
OPLINK-NET 66.187.64.0 - 66.187.79.255 66.187.64.0/20
OPLINK-NET 216.230.224.0 - 216.230.239.255 216.230.224.0/20

66.187.64.153 - - [15/May/2013:11:36:42 -0600] "GET /MySub/MySubSub/MyPage.html HTTP/1.1" 403 613 "-" "-"

from 2012
216.230.231.62 - - [02/Oct/2012:13:05:20 +0100] "GET /MySub/MyPage HTTP/1.1" 200 60078 "http://www.google.com/url?q=http://www.example.com/MYSub/MyPage.html&sa=U&ei=c9hqUPa1I-S62wW33ID4Bw&ved=0CIMCEBYwSw&usg=AFQjCNFoY4e3jzczQTmpgnpZQPudvRTOGA" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; SV1; .NET CLR 2.0.50727)"

keyplyr




msg:4574928
 10:38 am on May 17, 2013 (gmt 0)

Netalia AB Hosting in LU
185.5.45.0 - 185.5.45.255
185.5.45.0/24

dstiles




msg:4575082
 7:22 pm on May 17, 2013 (gmt 0)

Netalia...

5.254.128.0 - 5.254.159.255 (Sweden)
185.5.44.0 - 185.5.47.255 (sweden)
212.59.64.0 - 212.59.95.255 (UK owned by Netlink Solutions US)

There may be more - that's just the ranges that violated my traps.

wilderness




msg:4575408
 8:01 am on May 19, 2013 (gmt 0)

Front Range Hosting (FRHL)
FRHOST-1 64.111.29.128 - 64.111.29.255 64.111.29.128/25
FRH-NET 198.147.20.0 - 198.147.23.255 198.147.20.0/22
FRHV6-NET 2604:2880:: - 2604:2880:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
FRH-NET 192.40.56.0 - 192.40.59.255 192.40.56.0/22

WeHostWebSites (WEHOST-1)
a 2011 thread [webmasterworld.com]
NET-WEHOST-2 64.27.48.0 - 64.27.63.255 64.27.48.0/20
NET-WEHOST-4 192.82.248.0 - 192.82.255.255 192.82.248.0/21
HANDY-3 209.151.95.160 - 209.151.95.167 209.151.64.0/19
HANDY-4 209.151.95.192 - 209.151.95.207 209.151.64.0/19
NET-WEHOST-3 68.71.128.0 - 68.71.159.255 68.71.128.0/19
WEHOST-IPV6-NETBLOCK 2607:FC88:: - 2607:FC88:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
NET-WEHOST-1 72.18.128.0 - 72.18.159.255 72.18.128.0/19
NET-WEHOST-5 173.248.128.0 - 173.248.191.255 173.248.128.0/18

Two of the above are part of a backbone (Latisys), which offers another addition.

wilderness




msg:4575479
 4:02 pm on May 19, 2013 (gmt 0)

Latisys

There are a couple of old threads with singe range mentions.
I didn't chase the CDIR's

MDH-DATA393-216-7-160-0 216.7.160.0 - 216.7.191.255
MDH-DATA393-209-151-64-0 209.151.64.0 - 209.151.95.255
MDH-DATA393-64-119-160-0 64.119.160.0 - 64.119.191.255
MDH-DATA393-209-197-224-0 209.197.224.0 - 209.197.255.255
MDH-DATA393-205-214-64-0 205.214.64.0 - 205.214.95.255
MDH-DATA393-65-38-160-0 65.38.160.0 - 65.38.191.255
MDH-DATA393-208-42-224-0 208.42.224.0 - 208.42.255.255
MDH-DATA393-205-209-32-0 205.209.32.0 - 205.209.63.255
MDH-DATA393-64-92-192-0 64.92.192.0 - 64.92.223.255
MDH-DATA393-72-1-96-0 72.1.96.0 - 72.1.127.255
LATISYS-DENVER-IPV6-BLOCK 2604:6900:: - 2604:6900:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
MDH-DATA393-216-239-224-0 216.239.224.0 - 216.239.239.255

dstiles




msg:4575508
 7:08 pm on May 19, 2013 (gmt 0)

For FrontRange I have...

65.183.64.0 - 65.183.95.255 (my setting is: DSL)
192.40.56.0 - 192.40.59.255
198.147.20.0 - 198.147.23.255
216.17.128.0 - 216.17.255.255

For 64.111.29.128 I had nothing but now have
Data102: 64.111.16.0 - 64.111.31.255
which includes the FrontRange range.

For 209.151.95.160 I have
Latisys: 209.151.64 - 95.255
Otherwise I was missing one but have all the others.

Only had 2 under data393 but some of yours were under Latisys and some I didn't have at all - thanks!

keyplyr




msg:4576009
 6:20 am on May 21, 2013 (gmt 0)



BACloud.com
185.25.48.0 - 185.25.48.63
185.25.48.0/26

FortressITX
208.116.0.0 - 208.116.63.255
208.116.0.0/18

wilderness




msg:4576164
 12:27 pm on May 21, 2013 (gmt 0)

FORTRESSITX 208.116.0.0 - 208.116.63.255 208.116.0.0/18
FORTRESSITX 216.67.224.0 - 216.67.255.255 216.67.224.0/19
FORTRESSITX 50.60.0.0 - 50.61.255.255 50.60.0.0/15
FORTRESSITX 63.140.0.0 - 63.140.15.255 63.140.0.0/20
FORTRESSITX 65.98.0.0 - 65.98.127.255 65.98.0.0/17
FORTRESSITX 69.194.160.0 - 69.194.175.255 69.194.160.0/20
FORTRESSITX 69.57.160.0 - 69.57.191.255 69.57.160.0/19
FORTRESSITX 69.72.128.0 - 69.72.255.255 69.72.128.0/17
FITX-IPV6-1 2604:800:: - 2604:800:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

dstiles




msg:4576328
 9:27 pm on May 21, 2013 (gmt 0)

BACloud 185.25.48.0/22 not 26

I had all but one of the Fortress-ITX ones. Thanks for the update.

keyplyr




msg:4576767
 2:14 am on May 23, 2013 (gmt 0)

Another bad neighborhood

vps.net(UK2) cloud servers, UK

109.123.64.0 - 109.123.64.255
109.123.64.0/24

109.123.93.0 - 109.123.93.255
109.123.93.0/24

dstiles




msg:4577166
 6:55 pm on May 23, 2013 (gmt 0)

UK2 are known servers here. In fact my own server is owned by this company...

37.123.112.0 - 37.123.119.255
46.23.64.0 - 46.23.79.255
77.92.64.0 - 77.92.95.255
83.170.64.0 - 83.170.127.255
109.123.64.0 - 109.123.127.255
176.67.160.0 - 176.67.175.255

keyplyr




msg:4577236
 11:45 pm on May 23, 2013 (gmt 0)

Thanks for the UK2

keyplyr




msg:4578377
 11:51 pm on May 27, 2013 (gmt 0)


Bad bots coming from:

Peg Tech

142.0.128.0 - 142.0.143.255
142.0.128.0/20

142.4.96.0 - 142.4.127.255
142.4.96.0/19

192.74.224.0 - 192.74.255.255
192.74.224.0/19

198.2.192.0 - 198.2.255.255
198.2.192.0/18

199.180.100.0 - 199.180.103.255
199.180.100.0/22

199.188.104.0 - 199.188.111.255
199.188.104.0/21

keyplyr




msg:4578398
 1:01 am on May 28, 2013 (gmt 0)



Data mining from Default Route

74.120.12.0 - 74.120.15.255
74.120.12.0/22

dstiles




msg:4578725
 8:07 pm on May 28, 2013 (gmt 0)

pegtech - I have an extra one...

198.200.32.0 - 198.200.63.255

keyplyr




msg:4578902
 7:08 am on May 29, 2013 (gmt 0)


@dstiles

Is UA-Networking, GB a server farm?

91.210.100.0 - 91.210.103.255
91.210.100.0/22

dstiles




msg:4579163
 7:28 pm on May 29, 2013 (gmt 0)

Difficult to assess absolutely but a random scan of several IPs in the range showed a predominance of open ports such as...

22/tcp filtered ssh
25/tcp filtered smtp
1080/tcp open socks
1085/tcp filtered unknown
2222/tcp filtered unknown
2525/tcp filtered unknown
8080/tcp open http-proxy
8085/tcp filtered unknown

Either this is a server farm, a business range (with a lot of open computers within it) or a very badly infected set of broadband machines. I'd opt for the former.

DNS does not give an email address (eg abuse@) that might suggest a domain name and I found no other domain name associated with it. Suspicious.

A blog at bannasties(.)com includes the following...

"... a bunch in 91.210.101.0/24, 91.210.102.0/24 and 91.210.103.0/24 They committed sins like using spammer tools, being obvious spambots ..."

For myself, I have 7 sub-ranges listed at 91.210/16, all RU or UA except this one. I wonder if it's hiding behind the GB location (the range name does include the term UA). The actual address in DNS is Wales but the phone is not a UK number. A quick check at blacklistalert shows no bad marks against the range in general and nothing shown for uce-protect (which often shows known nasties).

keyplyr




msg:4579189
 8:26 pm on May 29, 2013 (gmt 0)

Thanks. I got similar vague results when I checked. Didn't ping any ports however.

What alerted me to the range was a series of requests for index.php which I don't use, and my server defaults to index.html.

This 103 message thread spans 4 pages: 103 ( [1] 2 3 4 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved