homepage Welcome to WebmasterWorld Guest from 50.17.79.35
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

    
Bots coming from Peg Tech
198.2.192.0/18
lucy24




msg:4582372
 7:54 pm on Jun 8, 2013 (gmt 0)

Met this under the "indexphp botnet" header (a group I can only identify after-the-fact by behavior pattern):

198.2.204.145
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4

As of a few months ago, the range 198.2.128.0/18 was unassigned. It's now
198.2.128.0/18 MailChimp (dunno who they are, but they sure don't sound like a likely source of human traffic)
and
198.2.192.0/18 PegTech

The latter name brings up vague mental associations of the not-good variety. Closer investigation turns up two other PegTech ranges involving the same botnet-- each of them alongside a subrange registered in China. Is this one of those "never met a customer they didn't like" hosts?

 

keyplyr




msg:4582624
 12:02 am on Jun 10, 2013 (gmt 0)


MailChimp may not sound like a legit source of traffic, but neither did MailRU when it first came on the scene. That's not to say MailChimp isn't monkey'n around, just that it probably needs further investigation.

Don't know anything PegTech them except they're a server farm and bad behavior has come from their ranges enough times for me to ban them. So far these are the PegTech ranges I have:

142.0.128.0 - 142.0.143.255
142.0.128.0/20

192.74.224.0 - 192.74.255.255
192.74.224.0/19

198.2.192.0 - 198.2.255.255
198.2.192.0/18

198.200.32.0 - 198.200.63.255
198.200.32.0/19

199.180.100.0 - 199.180.103.255
199.180.100.0/22

199.188.104.0 - 199.188.111.255
199.188.104.0/21

dougwilson




msg:4582806
 2:22 pm on Jun 10, 2013 (gmt 0)

pegtech and iptelligent all blocked - had to

dstiles




msg:4582895
 7:02 pm on Jun 10, 2013 (gmt 0)

Mailchimp, to me, is a mailing ;ist provider that sometimes sends me spam - not necessarily their fault, lots of mailing list servers do. :( To my mind, though, mail servers of any kind should not be accessing web sites, either on their own or as a customer proxy.

DNS says the range was registered 17 April. Thanks for the heads-up. Now blocked.

I have a note against my December 2012 database entry for 142.0.128.0/20 that pegtech leases at least some of the range to China.

Dijkgraaf




msg:4582932
 9:42 pm on Jun 10, 2013 (gmt 0)

A comment spammer and rule breaker according to Project Honeypot [projecthoneypot.org...]
It started it's bad behaviour about 3 weeks ago.

dstiles




msg:4586761
 8:53 pm on Jun 22, 2013 (gmt 0)

Hit from another peg-tech range today...

137.175.0.0 - 137.175.127.255
137.175.0.0/17

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved