who are marshal dot com and what do they want? - Crawler, Spider, and User Agent ID forum at WebmasterWorld - WebmasterWorld

Forum Moderators: open

Message Too Old, No Replies

who are marshal dot com and what do they want?

lucy24

1:49 am on Apr 20, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

:: insert boilerplate about how I'm not sure this is the right venue to ask ::

Slightly odd. Here is their entire visit:

192.41.10.### - - [time] "GET /{directory}/{page.html} HTTP/1.0" 200 43199 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)"
192.41.10.### - - [time+one second] "GET /{same directory}/{stylesheet.css} HTTP/1.0" 200 4023 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)"

Could almost mistake them for a human, but who uses MSIE 5.anything?

Did not ask for robots.txt the way good robots are supposed to. (But if I made everyone follow this rule, I would have to lock out google.)

Conversely, did not get favicon the way most humans do unless they're on a mobile device.

Did not get images. (There are two, neither of them unique to this page.) This fact conveys no information.

Did get stylesheet-- but note that it didn't give the originating page as referrer.

The 192.41.0-63 range apparently belongs to marshal.com, aka m86security.com. I don't think I've met them before, but 192 doesn't seem like an especially nice neighborhood.

Looked them up and honestly can't figure out what they do. Am vaguely leaning towards the "I dunno, I just don't like your face" lockout.

:: insert further boilerplate about how it would have been much easier to Search this question if everyone named Marshal(l) had spent the last few years asleep ::

wilderness

3:14 am on Apr 20, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

192.41.10.###

Were there three characters in this IP or two?

Icon Developments
192.41.0.0 - 192.41.101.255

Not sure how you get Marshall from that IP range?
There's a class group missing from this "192.41.0-63", perhaps that's how you mistakenly acquired Marshall?

I'm still seeing some MSIE 5.5;, mostly from Euro IP's, however they could be fake UA's as well.

Leosghost

3:46 am on Apr 20, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

<OT but relevant>
There are no end of people in Europe behind various gov't systems and in large corps etc still using MSIE5.5 ..I know people still using win95 at home and winME.!

There are fakes ( although why anyone would want to fake that particular UA ? )..but there are a lot of real humans behind those UA's too..

I know one guy here who still says he's "going on "AOL".." and that "each country has its own internet" ..he runs his own business and is very bright ..in other ways ..but like many people ,computors and the innerweb are totally beyond him ..

"as long as the machine he has will cut out the vinyl letters for his sign business he is not about to "upgrade"..not when he paid out $40K dollars equivalent for software that sends letters to a vinyl sheet cutter 10 years ago and no one has invented new letters yet that his machine can't do"..

That is what he told me ..I just translated it from the original French.

I've given up trying to set him right ..there are too many of "him"..
</OT but relevant>

wilderness

4:13 am on Apr 20, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

</OT but relevant>

At least they got Front Page Express for free when they updated from 5.0 to 5.5 ;)

lucy24

4:21 am on Apr 20, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

I'm getting:
192.41.10.100
Reverse DNS: btmupdates.marshal.com

Icon Updates is the host. marshal etc is the ISP. (This is from a different source than where I originally looked it up.)

Can't remember where, but I recently met an MSIE 3.something.

:: shuffling papers ::

Here's a
Mozilla/4.0 (compatible; MSIE 4.01; Digital AlphaServer 1000A 4/233; Windows NT; Powered By 64-Bit Alpha Processor)

That last part sounds like my calculator, but I am probably reading it backward. Although they do live awfully close to someone I blocked for reasons unknown.

Oh, here they are:

Mozilla/2.0 (compatible; MSIE 3.02; Windows CE; 240x320)

That was from somewhere in Germany. Are they simply being retro?

wilderness

4:27 am on Apr 20, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

is the host

aka "server farm".

Deny the entire range and stop dinking around.

dstiles

6:48 pm on Apr 20, 2011 (gmt 0)

WebmasterWorld Senior Member

10+ Year Member

Top Contributors Of The Month

Mozilla/2 and /3 are usually mobiles, especially if they include the screen size (eg 240x320).

Not seeing so many in that format recently - probably old-style phones.

I block almost all MSIE 5.x (and certainly 4.x unless a proven mobile).

And ANYTHING that comes from a server farm unless it can prove it's an accepted bot (eg bing, yandex - even google). As to google not hitting robots.txt - I think google has lost it anyway. I allow their bot IF it has a good rDNS entry but not otherwise. Same with bing. Both are careless about their rDNS and both have a high rejection rate here.