Do you have an IP?

Woops! The IP is 80.58.13.42. I looked it up but it wouldn't resolve. Now I try again and it says:
Host name: 80.58.13.42.proxycache.rima-tde.net
rima-tde.net is listed as being in Madrid.
My browser can't resolve this domain, but it can find telefonica.es, which is the organization of record. It seems to be a Spanish phone company. It looks legit. But its behavior was odd, not quite like anything I had seen before.

This is what I have:
Date : 06/04/03 14:15:57 ¦ Wed Jun/04/03 - 14/15/57 PM
Host : 80.58.13.42.proxycache.rima-tde.net
Show Who: 80.58.13.42.proxycache.rima-tde.net
IP : 80.58.13.42
Browser : Under the Rainbow 2.2
Refer :
Host : www.xxxxxx.xxx
VIA :: HTTP/1.1 proxy[AC1E2545] (Traffic-Server/5.5.1-58900 [uScM])
ForFarX :: 80.34.12.87
HttpClientIP:: 80.34.12.87

IP also has been 80.58.13.44 but same ForFarX/HttpClientIP
Almost every day for last 10 days and only asks for 1 page.

GeorgeGG

I'm getting the same thing, this Under the Rainbow 2.2. My stats are reporting as a browser. The requests are coming from 80.58.13.107, and it's about 216 requests for particular pages a day.

I looked it up but it wouldn't resolve

Looks like a DSL ISP to me although I didn't translate the page.

http ://telefonicaonline.com/on/0,,v%5Fsegmento+AHOG+v%5Fidioma+es,00.html

80.58.0.0 - 80.58.24.255
descr: Spain
notify: adminis.ripe@telefonica.es

Good, bad, or ugly?

It's hit me too and it isn't a browser that does GZIP encoding which leads me to believe it is of evil intent.

Good, bad, or ugly?

Oaf,
Either they haven't honored me with their presence or they did and I wasn't alarmed.
Usually my alarm goes off most-especially when there is a solitary line entry in my logs. My procedure is that I do a WHOIS and mark that line as a "snoop," not taking any action at that point.

There was a time when I was denying HEAD requests from future access in order to reduce spam. I no longer do that. Rather deal with the spam in mail filters.

Sorry I couldn't help you.

No problem.

I just thought it was interesting. No referrer, no images, just a page that wasn't sent GZIPped. It doesn't look terribly evil and there isn't anything that could lead to e-mail spam on my web site.

My concern is bandwidth.

I continue to see this in my logs, (under the rainbow 2.2) and it's coming every day and grabbing about 200+/- pages each time.

I continue to see this in my logs, (under the rainbow 2.2) and it's coming every day and grabbing about 200+/- pages each time.

Does it grab images or robots.txt? Anything that leads you to believe it's a browser and not a bot.

every day and grabbing about 200+/-

bhartzer
If you do NOT deisire it to continue visiting? Just stop it with htaccess.
There are a variety of ways to do this.

deny from 80.58.13.
will work (were it me however I'd take the entire 80.58.)

SetEnvIf User-Agent Rainbow keep_out
order allow,deny
deny from 80.58.13.
allow from all
deny from env=keep_out

as part of a more complete htaccess will also work.

Just to add for future reference:

I saw "Under+the+Rainbow+2.2" from "80.58.13.42" also; It visited twice: On June 21st it requested my home page only. On June 22nd it requested my links page, only. That's all -- not the 200+ pages like others experienced, but without requesting the various images, flash, etc. that are on those pages. Also, both requests were GET, not HEAD. I'm allowing it, for now.