DMVG Site Analyzer

Forum Moderators: open

Message Too Old, No Replies

DMVG Site Analyzer

lucy24

5:52 pm on Aug 9, 2018 (gmt 0)

UA: DMVG Technology - Site Analyzer - http://www.dmvg.tech
IP: 104.238.81.abc
robots.txt: no
HTTPS: no
status: blocked by headers

Last I checked, 104.238.64.0/18 was GoDaddy.

I include the full list of requests, as it’s educational:

/ 
/contact.html 
/contactus.html 
/contact-us.html 
/contact/default.asp 
/contact-us/ 
/contact.asp 
/contactus.cfm 
/contact.htm 
/contactus.htm 
/contact.php 
/contact.aspx 
/contact 
/contact_us.htm 
/ContactUs.aspx 
/contact-us.aspx 
/contact-us-2 
/about/contact-us

Punchline: My 403 page is made for humans. It includes a link to /dirname/contact.html.

(/contact-us-2? Really? Does some CMS use this name?)

keyplyr

8:03 pm on Aug 9, 2018 (gmt 0)

I include the full list of requests, as it’s educational:

Yeah, educational to other bad bot runners interested to see what they should be scanning for.

lucy24

8:43 pm on Aug 9, 2018 (gmt 0)

Oh, I'm sure they just bought a list from somewhere. Like the bots that request every possible permutation of /wp-admin/. They didn't all come up with their own lists from scratch.

What do you learn from a contact form, anyway? Are they fishing for email addresses?

Edit: One bit of their website is headed “Take control of your security”. Thanks, dmvg, but that list of 403s should tell you everything you need to know about my security.

Further edit: Turns out they had the identical shopping list way back in March. I checked logs in case they’d also tried my “real” site. (They hadn’t.) Only my personal site--and then only by HTTP. I just didn’t happen to notice that time.

keyplyr

8:50 pm on Aug 9, 2018 (gmt 0)

What do you learn from a contact form, anyway?

Most Contact pages would likely reveal more valuable data than any other page at a site: Business Name, Address, Phone Numbers, Email addresses, etc. This info aggregated with other data such as Business Type, Products/Services, Region, Server Location, OS, and any other data revealed during this exchange is bundled into products sold to many buyers. Information is money.

[added]

Last I checked, 104.238.64.0/18 was GoDaddy

It's likely this UA will also come from other ranges in the future...

DMVG Partners with Cloudflare... DMVG will find the best host for your site or application AND manage the relationship for you

source: dmvg.tech

So it may be prudent to use UA if blocking.