Forum Moderators: open
It didn't request robots.txt
The user-agent is set to "Mozilla/4.0 (compatible; MSIE 6.0; Windows XP)"
When I do a traceroute it led back to cyveillance-gw.customer.alter.net (157.130.46.178)
Anyone else seen this address/subnet?
Can anyone confirm this is actually Cyveillance?
I've checked the older ip ranges listed and I don't see 65.222.x.y - does anyone know how much of 65.222.x.y I should block to stop these guys? They sure are persistant.
63.148.99.224 - 63.148.99.255
63.146.13.64 - 63.146.13.95
65.213.208.128 - 65.213.208.159
65.222.176.96 - 65.222.176.127
65.118.41.192 - 65.118.41.223
65.222.185.72 - 65.222.185.79
A quick whois turned up a netrange of 66.222.176.96-127
63.146.13.64-95
63.148.99.224-255
65.118.41.192-223
65.213.208.128-159
65.222.176.96-127
65.222.185.72-79
66.222.176.96-127
Also, there's someone called Performance Systems on 38.x.x.x - I've heard bad reports about them too
Could you provide additional information as my HOST and WHOIS doesn't confirm this finding.
host 66.222.176.97
97.176.222.66.in-addr.arpa domain name pointer d66-222-176-97.abhsia.telus.net.
whois 66.222.176.97
OrgName: TELUS Communications Inc.
NetRange: 66.222.128.0 - 66.222.255.255
I don't see the connection, perhaps you caught a stealth crawler, but there are many stealth crawlers other than Cyveillance. Cyveillance tends to register their IP blocks as Cyveillance, which is silly, but they do for the IPs we know about.
Hmm, I could be wrong about that. I may have made a transcription error. Basically, I found a new IP in the logs with no hostname. It definitely started 66, and showed up as Cyveillance with whois. I didn't have any record for Cyveillance in that series so added them to the list, but I may have got one of the numbers wrong while copying over. Alas, I deleted the orginal entry from the log so can't recheck it. I'll delete that block from my .htaccess rules and keep a lookout for them returning.
