Kintiskton LLC UU-65-208-151-112-D1 (NET-65-208-151-112-1) 65.208.151.112 - 65.208.151.119
Kintiskton LLC UU-63-110-158-48-D8 (NET-63-110-158-48-1) 63.110.158.48 - 63.110.158.55
Kintiskton LLC UU-65-200-90-160-D6 (NET-65-200-90-160-1) 65.200.90.160 - 65.200.90.175
Kintiskton LLC UU-65-200-47-D8 (NET-65-200-47-0-1) 65.200.47.0 - 65.200.47.7

This text on their homepage calls for reciprocal treatment...

Darned if I could find their home page - was hoping for a bit of a laugh. Tried http to all their addresses (not that many given they are only in groups of 8/16...) but no joy.

Kintiskton LLC UU-65-208-151-112-D1 (NET-65-208-151-112-1) 65.208.151.112 - 65.208.151.119
Kintiskton LLC UU-63-110-158-48-D8 (NET-63-110-158-48-1) 63.110.158.48 - 63.110.158.55
Kintiskton LLC UU-65-200-90-160-D6 (NET-65-200-90-160-1) 65.200.90.160 - 65.200.90.175
Kintiskton LLC UU-65-200-47-D8 (NET-65-200-47-0-1) 65.200.47.0 - 65.200.47.7

and just in case here's the cidr's to save a bit of time.

63.110.158.48/29
65.200.47.0/29
65.200.90.160/28
65.208.151.112/29

Happy New year everyone.

Phred

darned if I could find their home page

many times, it's a simple as their name dot com ;)

many times, it's a simple as their name dot com ;)

Ok, so I'm an idiot! (shakes head) LOL!

Perhaps "webmasters as a group" are so accustomed to wading through all the deception (ARIN, colo's, tracert, ping, etc., etc.) that the obvious is an obscure thought ;)

Let me shed some light on something I've seen in that range:

65.208.151.*

01/20/2008 "my-heritrix-crawler(+http://mywebsite.com)"
02/07/2008 "my-heritrix-crawler(+http://mywebsite.com)"
02/08/2008 "my-heritrix-crawler(+http://mywebsite.com)"
03/28/2008 "my-heritrix-crawler(+http://mywebsite.com)"
04/12/2008 "my-heritrix-crawler(+http://mywebsite.com)"
04/13/2008 "my-heritrix-crawler(+http://mywebsite.com)"
05/04/2008 "my-heritrix-crawler(+http://mywebsite.com)"
10/05/2008 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
10/23/2008 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
10/23/2008 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
11/02/2008 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

Is it possible they just changed the UA to avoid getting blocked?

Didn't work.

Yes, seeing 65.208.151.* with the same behavior mentioned in the original post.

Also: while ownership of 63.110.148.11n does not match, it came crawling along with the others. That's why I said "presumably"

Can anyone determine what type of service Verizon is providing based on the IPs referenced?

Perhaps their AUP could be of use if we only knew...

Bill,
Perhaps the following will only dilute/confuse your inquiry?

Using the 65.208. range provides the following name:

"MCI Communications Services, Inc. d/b/a Verizon Business" as a backbone.

Insert the name into a new ARIN inquiry and your given a larger group of IP's.

All of which offer the following reference:
verizonbusiness dot com rather than the customers contact.

Probing further and without answering your question, it should be possible to take the resulting name ranges and do more inquires at ARIN, using "subnet" to get a list of customers within each range. HOWEVER the resulting inquires will be very large and chopped off at 256 lines. (I've never been able to determine a method of retrieving the additional lines using "subnet" past 256.)

Gee Don, I didn't want to actually *DO* the work ;)

I was busy chasing other venues such as business entity registrations and stuff trying to figure out who/what it is.

What I found out doesn't link the domain name referenced above with the name displayed in ARIN, all it did was create more questions than answers.

I do know this particular crawler is getting attention from quite a few on the web wondering what's going on.

Bill,
I'm seeing more and more proxies and/or vulnerable IP's from major service providers being utilized. (aslo using tracert regularly, which I didn't in previous years).

That fake googlebot thread and the Comcast references are one example. That Opera thread another Ex.
There are more and I'm sure they'll continue to appear.

You'd thing these major providers wouldn't have such vulnerabilities in their systems!

Don

I get pounded periodically by Verizon and AT&T proxy range users. I banned them for a while, but the list was growing long. Added to my other deny lists it became too much.

Now when I see they're coming from proxy ranges and aren't too much of a threat, I just chalk it up to acceptable collateral damage. While some keep adding guards to the gates, I've actually become more liberal.

found this in whois:

Registrant:
World Intellectual Property Protection Organization
Domain Name: KINTISKTON.COM
wippo.org

[edited by: incrediBILL at 6:09 am (utc) on Feb. 14, 2009]
[edit reason] removed personal details [/edit]

The laugh of the day. From wippo.org :

"1. It is illegal to operate a website; internet site; world internet site; domain site for any commercial use if you don’t have a World Internet license. Failure to produce your World Internet license to operate any type of website; internet site; world internet site; domain site will involve immediate termination of your website; internet site; world internet site; domain site.

2...

3. To obtain a World Internet License you will require the following identification to use the World Internet.

Birth Certificate 70 points
Social security number/Tax file number 30 points
Drivers license30 points
Credit Card 20 points

Total 150 points"

Their Manifesto isn't going to go over well with the Intellectual Property community (concerned w/ legal ownership of copyrights; trademarks; patents). And the fact X number of people will fall for their 'requirements' and pony up ideal ID Theft data makes my hair stand on end.

[edited by: incrediBILL at 6:12 am (utc) on Feb. 14, 2009]
[edit reason] See TOS #26 [/edit]

It seems that Kintiskton.com is not registered by the persons/firm that send out the web crawler. I found a thread on google (http://www.google.com/support/forum/p/Google+Analytics/thread?tid=1db75dde1659d09d&hl=en) in which this crawler is discussed as well, and one of the contributors there did check if the dot com name was registered and found it was not. So he registered the domain to see what would happen next, hence the mismatch in information between the domain name and the ip-addresses.
I guess it also explains the text on the site ;)

PS: my websites were hit yesterday by this crawler, hence my search for more information on the net. I blocked the ip's in my .htaccess files.

[edited by: Muirwen at 9:46 am (utc) on Feb. 17, 2009]

Muirwen, have you tried googling the supposed authority?

I thought it funny that using quotes, some 70 results show up - among which a .com with the same name as the ID used by the person who stated they registered the K. domain name.

Net kooks like to use aliases and pseudonyms.

This comes from a MSN games forum: "In case you don't know me, my name is Dr. Robert Smith M.D. So far, I've been an investigator from the World Internet Authority for 21.5 years."

Maybe we should just hope that agent Smith stays busy and let him continue playing his eccentric games. I simply 403 on sight and get on with my own stuff.

The people in the coffee shop are giving me odd looks cause I'm LOL.

OMG,...I had such a good laugh! Wippo.org made my day! Period!

Okay fellas, I'm starting a new registry:

World Wide Oxygen.

Unless you are registered you can't breathe. Trust me. Register now.