M247 - Part II - Crawler, Spider, and User Agent ID forum at WebmasterWorld

Forum Moderators: open

Message Too Old, No Replies

M247 - Part II

Unfortunately here we go again.

blend27

1:40 pm on Apr 10, 2021 (gmt 0)

RE:

M247(AS9009)
Has been bugging out for about a month now..

Continuation from : [webmasterworld.com...]

New Ranges:
193.29.104.0 - 193.29.104.255 ++
193.29.104.0/24
193.29.105.0/24
193.29.106.0/24
193.29.107.0/24

Different countries so/but still 193.29.104.0/22

Most from what I see with M247/GLOBALAXS is /22-ooz but split in /24-oz.., and then network admin brags that work was done on multiple continents, right..

which brings me to 193.29.108.0/22 at HostCram, less known but that is how all this started.

lucy24

4:12 pm on Apr 10, 2021 (gmt 0)

193.29.104.0/22
+ 193.29.108.0/22
= 193.29.104.0/21
which makes it easier :)

I think in the previous thread I misunderstood and was looking for “M247” in the UA.

Oddly enough I find only one (1) lone occurrence of the whole /21 in the past year-plus of logs.

193.29.106.abc - - [30/Dec/2020:04:51:12 -0800] "GET /wp-login.php HTTP/1.1" 403 7619 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"

Haha. Logged headers show three different header anomalies (yes, one of them is bad_agent) without even looking at the IP.

SumGuy

1:04 am on Apr 17, 2021 (gmt 0)

I have 5 hits to my static business IP on Dec 9 last year from 193.29.104.62 on ports 465, 2526, 2525, 587 and 26. On Feb 19 another hit from 193.29.104.117 on port 23, and 3 hits on April 7 from 193.29.104.198 on port 80.

The 193.29.104.0/24 subnet (or perhaps a larger subnet) was already in my router's blocking list when the April 7 http attempt was made. All others were blocked as unsolicited incoming packets.

M247 - Part II

Unfortunately here we go again.

blend27

lucy24

SumGuy

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week