homepage Welcome to WebmasterWorld Guest from 54.204.128.190
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL

Search Engine Spider and User Agent Identification Forum

This 109 message thread spans 4 pages: < < 109 ( 1 2 [3] 4 > >     
Server Farms - Feb. 2014
Ongoing Hosting Data Center Discussion
incrediBILL




msg:4643255
 12:20 pm on Feb 7, 2014 (gmt 0)

Continuation of the Sept 2013 thread:
[webmasterworld.com...]

 

keyplyr




msg:4652633
 9:14 am on Mar 10, 2014 (gmt 0)


205.237.88.140 - - [10/Mar/2014:01:32:48 -0700] "GET / HTTP/1.0" 403 1343 "-" "=Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16"

Grand Web Solutions
205.237.88.0 - 205.237.95.255
205.237.88.0/21

keyplyr




msg:4652636
 9:20 am on Mar 10, 2014 (gmt 0)


Portlane, Sweden
80.67.0.0 - 80.67.31.255
80.67.0.0/19

Sigmatic, Finland
80.69.172.0 - 80.69.175.255
80.69.160.0/20

Angonasec




msg:4652677
 12:12 pm on Mar 10, 2014 (gmt 0)

Scandinavia does seem to be losing its pristine snow-like reputation.

Iceland is particularly worrying too. HQ of arch-nasty Opera.
And radical plans to become the copyright infringing Mecca of the Northern hemisphere.

keyplyr




msg:4653600
 8:45 am on Mar 13, 2014 (gmt 0)

Choopa

68.232.160.0 - 68.232.191.255
68.232.160.0/19

173.199.64.0 - 173.199.127.255
173.199.64.0/18

lucy24




msg:4656538
 9:08 pm on Mar 23, 2014 (gmt 0)

These folks seem to have been dormant for a while, based on post numbers that come up in search:

82.145.32.0/19
Iomart hosting, UK

I don't normally notice isolated requests for images, but the UA "PHP/5.3.19" kinda sticks out like a sore thumb.

keyplyr




msg:4656551
 11:30 pm on Mar 23, 2014 (gmt 0)


Thanks lucy24, I didn't have that one.

Iomart block list is now:

82.145.32.0 - 82.145.63.255
82.145.32.0/19

83.142.224.0 - 83.142.231.255
83.142.224.0/21

95.154.217.0 - 95.154.255.255
95.154.192.0/18

109.169.5.128 - 109.169.255.255
109.169.0.0/18

217.147.80.0 - 217.147.92.255
217.147.80.0/20

not2easy




msg:4656581
 4:15 am on Mar 24, 2014 (gmt 0)

I also have 212.38.176.0 - 212.38.191.255 as "Thrust::VPS LA|TX IOMART" 212.38.160.0/19

not2easy




msg:4656582
 4:30 am on Mar 24, 2014 (gmt 0)

I picked up all these choopas last December in a previous post here and looked up CIDRs for them, in case someone needs a complete list:

64.237.32.0 - 64.237.63.255
64.237.32.0/19

66.55.128.0 - 66.55.159.255
66.55.128.0/19

68.232.160.0 - 68.232.191.255
68.232.160.0/19

108.61.0.0 - 108.61.255.255
108.61.0.0/16

173.199.64.0 - 173.199.127.255
173.199.64.0/18

208.167.224.0 - 208.167.255.255
208.167.224.0/19

209.222.0.0 - 209.222.31.255
209.222.0.0/19

216.155.128.0 - 216.155.159.255
216.155.128.0/19

keyplyr




msg:4656611
 7:26 am on Mar 24, 2014 (gmt 0)



I also have 212.38.176.0 - 212.38.191.255 as "Thrust::VPS LA|TX IOMART" 212.38.160.0/19

@not2easy - Fist off, thanks for the additional range.

However 212.38.160.0/19 = 212.38.160.0 - 212.38.191.255
but I know what you meant:)

not2easy




msg:4656865
 7:05 pm on Mar 24, 2014 (gmt 0)

You're right keyplyr, I had two ranges there, one inside the other and the CIDR is for the containing range. I was in the middle of something else - Thanks for spotting it!

keyplyr




msg:4657028
 7:18 am on Mar 25, 2014 (gmt 0)


Incero

23.29.112.0 - 23.29.127.255
23.29.112.0/20

23.227.160.0 - 23.227.191.255
23.227.160.0/19

107.155.64.0 - 107.155.127.255
107.155.64.0/18

keyplyr




msg:4657031
 7:29 am on Mar 25, 2014 (gmt 0)

New (for me) HostWinds range:

23.238.0.0 - 23.238.127.255
23.238.0.0/17

Which brings my HostWinds block list to:

23.238.0.0 - 23.238.127.255
23.238.0.0/17

23.254.128.0 - 23.254.255.255
23.254.128.0/17

108.174.192.0 - 108.174.207.255
108.174.192.0/20

142.11.192.0 - 142.11.255.255
142.11.192.0/18

192.119.64.0 - 192.119.127.255
192.119.64.0/18

192.236.128.0 - 192.236.255.255
192.236.128.0/17

198.84.64.0 - 198.84.127.255
198.84.64.0/18

198.143.96.0 - 198.143.127.255
198.143.96.0/19

199.59.56.0 - 199.59.63.255
199.59.56.0/21

lucy24




msg:4657229
 9:41 pm on Mar 25, 2014 (gmt 0)

Scandinavia does seem to be losing its pristine snow-like reputation.

Funny you should say that.
5.133.219.68 - - [25/Mar/2014:05:04:14 -0700] "GET / HTTP/1.0" 200 2521 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/10.0.2"
5.133.201.79 - - [25/Mar/2014:05:04:15 -0700] "GET / HTTP/1.0" 200 2521 "-" "Mozilla/5.0 (Windows NT 5.1; rv:6.0) Gecko/20100101 Firefox/10.0.2"


5.133.192.0/19

OBEnetworks and assorted other names. When I went to look them up, I got no further than
Obenetwork · Start · Internet · Hosting · Konsult · Om oss · Kontakt. Dedikerad
Server från Obenetwork. QuadCore Xeon, 8 GB RAM, SAS RAID1. Från 990kr/
mån.

(990 skr/mo? Holy ### that's expensive.* If they can afford that, can't they afford a more modern UA?)


Iceland is particularly worrying too. HQ of arch-nasty Opera.

Does Norway know this?


* Further lookup tells me the swedish krona is not what it used to be, but it still works out to over $100 US. And that's their "starting from" level.

keyplyr




msg:4657258
 11:01 pm on Mar 25, 2014 (gmt 0)



IMO $100 US a month is pretty reasonable for a VPS and way cheap for a dedicated box (which is what they are boasting.)

blend27




msg:4657612
 11:48 pm on Mar 26, 2014 (gmt 0)

inetnum: 46.22.166.0 - 46.22.166.255
inetnum: 46.22.164.0 - 46.22.165.255
inetnum: 46.22.173.0 - 46.22.173.255
netname: E-RING-NETWORK
descr: E-RING KRAKOW DATA CENTER
country: PL

keyplyr




msg:4658023
 5:47 pm on Mar 27, 2014 (gmt 0)

Tov Bank-inform, Ukraine
These are servers hosting websites.
Lots of compromised machines being used for refer spam and possibly bot-nets:

37.57.0.0 - 37.57.255.255
37.57.0.0/16

80.73.0.0 - 80.73.7.255
80.73.0.0/21

80.73.9.0 - 80.73.15.255
80.73.9.0/24

80.73.9.0 - 80.73.15.255
80.73.10.0/23
80.73.12.0/22

109.86.0.0 - 109.86.2.255
109.86.0.0/23
109.86.2.0/24

109.86.4.0 - 109.87.255.255
109.86.4.0/22
109.86.8.0/21
109.86.16.0/20
109.86.32.0/19
109.86.64.0/18
109.86.128.0/17
109.87.0.0/16

159.224.0.0 - 159.224.255.255
159.224.0.0/16

178.150.0.0 - 178.151.255.255
178.150.0.0/15

lucy24




msg:4658046
 7:11 pm on Mar 27, 2014 (gmt 0)

80.73.0.0 - 80.73.7.255
80.73.0.0/21

80.73.9.0 - 80.73.15.255
80.73.9.0/24

80.73.9.0 - 80.73.15.255
80.73.10.0/23
80.73.12.0/22

Special dispensation for 80.73.8 or can we proceed directly to /20 ?

Edit: Same question applies to 109.86.3.

keyplyr




msg:4658067
 9:47 pm on Mar 27, 2014 (gmt 0)


Dunno - I use a tool that gives me the CIDR. That's what the tool generated, so I assume the interim gaps aren't registered. Of course the danger is they will be picked up by an ISP, whatever the odds of that are.

keyplyr




msg:4658090
 11:07 pm on Mar 27, 2014 (gmt 0)

RE: Tov Bank-inform
So for those brave:

80.73.0.0 - 80.73.15.255
80.73.0.0/20

109.86.0.0 - 109.87.255.255
109.86.0.0/15

159.224.0.0 - 159.224.255.255
159.224.0.0/16

178.150.0.0 - 178.151.255.255
178.150.0.0/15

not2easy




msg:4658147
 5:40 am on Mar 28, 2014 (gmt 0)

New in L.A. 03/04/14 POWERUPHOSTING:
162.244.8.0 - 162.244.15.255
162.244.8.0/21

not2easy




msg:4658351
 12:48 am on Mar 29, 2014 (gmt 0)

New crawler for me: ZemlyaCrawl out of CLOUD-SOUTH
198.101.8.0 - 198.101.15.255
198.101.8.0/21
UA: "ZemlyaCrawl/1.0 (+http://zemlyaozer.com/bot)"
Right between OVH and Rackspace

lucy24




msg:4658353
 12:57 am on Mar 29, 2014 (gmt 0)

Right between OVH and Rackspace

I was going to say "How thoughtful of them!" thinking it meant one tidy /19. But I've got OVH at 198.100.144.0/20 and Rackspace at 198.101.128.0/17 so I suppose that's what you meant :(

Uncharacteristically, I have already met and blocked ZemlyaCrawl.

not2easy




msg:4658364
 2:28 am on Mar 29, 2014 (gmt 0)

And another BuyURL (unless I missed it here) from IDEALHOSTING at
213.238.175.0 - 213.238.175.255
213.238.168.0/21
on a normal looking if old UA:
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:22.0) Gecko/20100101 Firefox/22.0"
caught it by double checking some non-human looking browsing.

not2easy




msg:4658367
 4:22 am on Mar 29, 2014 (gmt 0)

And another new Datashack:
DataShack
192.187.96.0 - 192.187.127.255
it has urhostscom
192.187.114.48 - 192.187.114.55
in there too.

not2easy




msg:4658387
 6:45 am on Mar 29, 2014 (gmt 0)

More FIBERGRID WEBEXXPURTS
91.108.180.0 - 91.108.180.255
91.108.180.0/24

ECATEL - I picked this one up last July:
89.248.170.0/23
89.248.170.8 - 89.248.171.127
but have not seen it on any sites except the one that is parked, so it had been sort of ignored. Now I find a close relative:
89.248.169.0 - 89.248.169.105
89.248.169.0/24
but it looks like there must be some broader range that covers the whole thing or is this a mixed use server/ISP outfit?
Or did they just get the two little broom closets?

keyplyr




msg:4658395
 8:45 am on Mar 29, 2014 (gmt 0)

As far as the Webexpurts range, it is actually:
91.108.180.0 - 91.108.183.255
91.108.180.0/22

not2easy




msg:4658434
 4:27 pm on Mar 29, 2014 (gmt 0)

Thank you keyplyr, I updated my record. I have been getting some strange results from RIPE queries recently. For one query on
178.11.136.0 - 178.11.255.255
it returned a CIDR of:
178.0.0.0/12
which does not seem to be reliable.

keyplyr




msg:4658457
 6:02 pm on Mar 29, 2014 (gmt 0)

178.11.136.0 - 178.11.255.255 is Vodafone, a European ISP.
178.0.0.0/12 is the route, or net block range that the ISP is on.

I only block individual IP addresses with ISPs. Probably just one person running a bot, or browser-side downloader, or a script-kiddie. These are pests and I usually block for a couple weeks, then remove.

dstiles




msg:4658470
 8:39 pm on Mar 29, 2014 (gmt 0)

WEBEXXPURTS - actually 91.108.176.0 - 91.108.183.255 (/21)

ECATEL - actually 89.248.160.089.248.175.255 (/20)

not2easy - RIPE is more fragmented than (eg) Arin - you have to be careful reading it. In this case 178.0.0.0/12 is correct (belongs to arcor, although I have it as vodafone, which it was in 2011 when I registered the range in my db).

When reading any RIPE DNS response, always scroll down to the end, where the wider range (if relevant) is shown along with the actual "owner". There are often clues on the way in the form of email and web addresses.

bhukkel




msg:4658474
 9:07 pm on Mar 29, 2014 (gmt 0)

151.237.184.0/22 is also a webexxpurts range. This range is in the spamhaus drop list today.

dstiles




msg:4658478
 9:27 pm on Mar 29, 2014 (gmt 0)

Several new-ish google ranges, registered or updated last October/November.

Many linux wgets in about 50 minutes on 19 IPs from those ranges.

NetRange: 23.251.128.0 - 23.251.159.255
CIDR: 23.251.128.0/19
OriginAS: AS15169
NetName: GOOGLE-CLOUD

NetRange: 23.236.48.0 - 23.236.63.255
CIDR: 23.236.48.0/20
OriginAS: AS15169
NetName: GOOGLE-CLOUD

NetRange: 162.222.176.0 - 162.222.183.255
CIDR: 162.222.176.0/21
OriginAS: AS15169
NetName: GOOGLE-CLOUD

NetRange: 108.59.80.0 - 108.59.95.255
CIDR: 108.59.80.0/20
OriginAS: AS15169
NetName: GOOGLE-CLOUD

This 109 message thread spans 4 pages: < < 109 ( 1 2 [3] 4 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Search Engines / Search Engine Spider and User Agent Identification
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved