Welcome to WebmasterWorld Guest from 54.164.198.240

Forum Moderators: Ocean10000 & keyplyr

Message Too Old, No Replies

Fortinet

     
8:56 pm on May 1, 2015 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 1, 2012
posts: 86
votes: 0


Getting multiple hits from a British Columbia IP:
208.91.114.4 - - [30/Apr/2015:20:01:44 -0400] "GET / HTTP/1.1" 403 202 "-" "-"

IP is currently banned because of no referrer/ UA and on three blacklists.

Fortinet, Inc.
208.91.114.0 - 208.91.115.255
208.91.114.0/23

I can not find any info in the archives. Is Fortinet deserving of a ban on its 209./23?
1:11 am on May 2, 2015 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:15305
votes: 703


Where are you getting British Columbia from? I've got the range listed as US since way back, and latest lookup says Sunnyvale. (Which is, admittedly, stronger grounds for suspicion than BC would be.)

Incidentally, I'm getting 112/22 rather than 114/23.

:: further detour to raw logs ::

208.91.113.22 - - [12/Jun/2014:09:51:01 -0700] "GET / HTTP/1.1" 403 3339 "-" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.10) Gecko/20070227 Red Hat/1.5.0.10-0.1.el4 Firefox/1.5.0.10"

I guess it was the FF 1 (hahahahahaha) that got them 403'd.
1:35 am on May 2, 2015 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Nov 5, 2005
posts: 2040
votes: 1


lucy: They're global, with British Columbian and other Canadian connections [fortinet.com...] and past problems [projecthoneypot.org...]

slipkid: Seeing as how you never know who/what is behind (their) firewalls, I'd err on the tighter-block side of things.

208.91.112.0 - 208.91.115.255 (208.91.112.0/22) [myip.ms...]
3:10 am on May 2, 2015 (gmt 0)

Junior Member

5+ Year Member

joined:Sept 1, 2012
posts: 86
votes: 0


Lucy24: I got the BC location from whatsmyip....
The narrower block from tcpiput...
I decided to post the info I did because it did not conform to what I found for an IP look-up on domaintoo...

Thanks to you and Pfui for your help.
7:07 pm on May 2, 2015 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3209
votes: 17


I had it down as Canada but a recheck places it in CA-USA. I have the range listed as a source of proxies and as such enabled.
8:14 pm on May 2, 2015 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Jan 26, 2014
posts:197
votes: 0


Any proxies in particular? Or are you generally well-disposed toward proxies? ;)
11:55 pm on May 2, 2015 (gmt 0)

Moderator This Forum from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:12913
votes: 891


I've been allowing fortinet.com since they provide security/firewall for a wide-range of companies, many of which have employees who (when the coast is clear) may venture out on the www and buy something from me :)

Haven't seen any indication of proxy hits from this range, but then again I can't remember when I last had a visit.
7:48 pm on May 4, 2015 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3209
votes: 17


trintragula - its own proxies. I have no reason to think they are subversive. :)

NOTE: Not all proxies are advertised as such. Some look just like an ordinary access and even omit forwarding information.