Getting multiple hits from a British Columbia IP: 208.91.114.4 - - [30/Apr/2015:20:01:44 -0400] "GET / HTTP/1.1" 403 202 "-" "-"
IP is currently banned because of no referrer/ UA and on three blacklists.
Fortinet, Inc. 208.91.114.0 - 208.91.115.255 208.91.114.0/23
I can not find any info in the archives. Is Fortinet deserving of a ban on its 209./23?
lucy24
1:11 am on May 2, 2015 (gmt 0)
Where are you getting British Columbia from? I've got the range listed as US since way back, and latest lookup says Sunnyvale. (Which is, admittedly, stronger grounds for suspicion than BC would be.)
Incidentally, I'm getting 112/22 rather than 114/23.
Lucy24: I got the BC location from whatsmyip.... The narrower block from tcpiput... I decided to post the info I did because it did not conform to what I found for an IP look-up on domaintoo...
Thanks to you and Pfui for your help.
dstiles
7:07 pm on May 2, 2015 (gmt 0)
I had it down as Canada but a recheck places it in CA-USA. I have the range listed as a source of proxies and as such enabled.
trintragula
8:14 pm on May 2, 2015 (gmt 0)
Any proxies in particular? Or are you generally well-disposed toward proxies? ;)
keyplyr
11:55 pm on May 2, 2015 (gmt 0)
I've been allowing fortinet.com since they provide security/firewall for a wide-range of companies, many of which have employees who (when the coast is clear) may venture out on the www and buy something from me :)
Haven't seen any indication of proxy hits from this range, but then again I can't remember when I last had a visit.
dstiles
7:48 pm on May 4, 2015 (gmt 0)
trintragula - its own proxies. I have no reason to think they are subversive. :)
NOTE: Not all proxies are advertised as such. Some look just like an ordinary access and even omit forwarding information.
