Maybe these are older than my records, but I bumped into two new (for me, anyway) Google ranges this week: 74.125.0.0 - 74.125.255.255 74.125.0.0/16 looking for no-indexed images with User_agent "GoogleProducer; (+http://goo.gl/7y4SX)"
72.14.192.0 - 72.14.255.255 72.14.192.0/18 looking for "HEAD /feed/ HTTP/1.1" with the same UA as the other one.
They visited just 3 minutes apart.
not2easy
5:19 pm on Aug 11, 2013 (gmt 0)
Too late to edit, but I finally found out that the two Google ranges have to do with mobile content and rss feeds. I should have tried it earlier, but after finding no info searching for the UA GoogleProducer, I visited the shortened URL in the string and it has an explanation. Maybe this info should be moved to another thread.
dstiles
7:07 pm on Aug 11, 2013 (gmt 0)
I blocked 74.125.0.0/16 in Jan 2010. It's been used for really nasty things from G itself in the past.
For what it's worth, I block ALL of the following G ranges with the exception of true googlebot sub-ranges within them (ie there is an rDNS entry for them).
I accept there are some user proxies within the above ranges (translate, rss etc) but they are more trouble than they are worth because most seem to be used for a wide variety of purposes and there is no single usage nor solid rDNS for any of them. Which is typical of G. :(
not2easy
3:51 pm on Aug 12, 2013 (gmt 0)
Thanks for that info, I did block the ranges because on the explanation page linked to in the UA it says that the person using the GoogleProducer UA has verified that they own the content requested, which I know is a lie. I had only been blocking the Translate range, so I will look into this list also.
Not a brand-new range, but Forums search is silent, so worth repeating.
I checked backward: 172.254 is Time Warner, so just the /16
Edit: 185.5.216.0/22 Poland
Isolated robot from 185.5.219.238. The Polish ranges I've met tend to be so dirty that I've adopted a one-strike rule and don't bother to look up the hostname unless I've previously met humans from the same place.
dstiles
7:09 pm on Aug 28, 2013 (gmt 0)
172.255/16 is nobis and bloacked. For nobis I have (all blocked):
I have 185.5.216.0/22 listed as DSL and spot-check of a few IPs for open ports suggests this is so. 185.5.219.238 seems to be a rogue. The range was registered by me in Feb this year and has shown no adverse activity since.
keyplyr
2:37 am on Aug 29, 2013 (gmt 0)
Thanks dstiles. I didn't have one of the Nobis/Ubiquity ranges.
wilderness
11:46 am on Sep 3, 2013 (gmt 0)
B2 Net Solutions
Two of these ranges are sublets and part of other backbones.
No robots. No supporting files.
B2 Net Solutions ValueVPS VALUEVPS 198.20.175.0 - 198.20.175.127 198.20.175.42 - - [01/Sep/2013:08:14:28 -0600] "GET /MySub/MySubSub/MyPage.html HTTP/1.1" 403 614 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727 ; .NET CLR 4.0.30319)" 198.20.175.42 - - [01/Sep/2013:08:20:04 -0600] "GET /MySub/MySubSub/SamePage.html HTTP/1.1" 403 644 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
