1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 9:14 pm May 4, 2026

Forum Moderators: open

Message Too Old, No Replies

Nokia bad behaviour

Is this a cloud, a bot or a proxy?

         

dstiles

8:21 pm on Jun 1, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Until a fortnight ago I hadn't seen any adverse activity on my server involving an IP assigned to Nokia. Not a single IP logged for them

In the past couple of weeks I've logged three IP ranges and been hit by more than a dozen IPs more than 70 times in all.

Today was a flurry of about ten IPs coming in looking like a bad bot. They came in using proxies identified as:

1.1 i-10313582-1034-VM.lhr.nokloud.nrc:80 (squid/2.7.STABLE7)
from IPs such as 10.220.102.20 (ie "local" IPs).

UA for all hits:

Mozilla/5.0 (Windows NT 6.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1

which is an obsolete browser using a very sparse UA string given that it claims to be Windows.

Hits were to apparently random sites and pages and seemed to be carry the old-style google referer BUT on analysis the referer showed URL details but with a site URL as keyword (field q in referer):

http:// www.google.com /url?sa=t&rct=j&q=www.example.com&source=web&cd=2&ved=0CCkQFjAC&url=http%3A%2F%2Fwww.example.com%2Fpagename.asp&ei=IijsTIzYAYLCcfeB2fYO&usg=AFQjCNFJ5Fn8pm2lVcZCt46Jn6A7v_S4TQ

Needless to say if went straight for pagename.asp on the given site.

Another instance had a referer of

http:// www.google.com /url?sa=t&rct=j&q=www.example.co.uk&source=web&cd=2&ved=0CCkQFjAC&url=http%3A%2F%2Fwww.example.co.uk%2Fsrch%2Fsrch.asp%3Fgdoc%3Dpl%26first%3D1000%26howmany%3D200%26data%3D%26field%3D%26match%3Dand%26dir%3DNext%2B200%26mde%3Dlist%26category%3Dall&ei=IijsTIzYAYLCcfeB2fYO&usg=AFQjCNFJ5Fn8pm2lVcZCt46Jn6A7v_S4TQ

where srch.asp and its querystring matched exactly the target, a sub-record returned by a search of the site.

I have two theories:

1) nokia is hosting bots on a cloud (there has been talk online of a nokia cloud but unsure of its use or extent). If this is so then this could be a bot of some kind; it could in any case be a nokia bot. If it's a bot then it would seem to be scraping google for results using very specific search keywords.

2) it's a genuine proxy but if so it has some odd signatures. I would not have expected a proxy to show the same browser UA every time (this implies a single "user"). Nor would I expect it to come out of nowhere with such a prominence within a couple of weeks - surely it takes time to propagate a new service amongst its (presumably phone) users - our server is, after all, a small one and we would not expect so many hits on so many sites from one person within one day (ie today), all with the same google-ish referer.

For the moment I am assigning "server" status (ie blocked) to all three nokia ranges. If anyone has a good reason for me reassigning these ranges to User or Proxy I'd be interested in why.

Ranges:

131.228/16 (new today and most pervasive so far)

147.243/16 (I have a note on this one: "sub-assigned to various countries including CN and SG")

192.100.102.0 - 192.100.133.255 (odd range assignment!)
This was the earliest range seen: same UA but no referer

keyplyr

12:55 am on Jun 2, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month




Quite often I see bad behavior coming from (spoofed?) mobile UAs and/or wireless IP ranges. I just figured these bad agents know how to use these ranges that otherwise are allocated to mobile customers only.

dstiles

6:36 pm on Jun 2, 2012 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



The nokia ranges have never come to my attention before, even as mobile devices. They do not seem, as IP ranges, to be forged in DNS. And the UAs I'm seeing are not typical mobile decice ones.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 9:14 pm May 4, 2026