ForumPostersUnion.com


   

Go Back   Forum Posters Union > Search Engine Intelligence & Research > Spiders, Crawlers and web robots
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Spiders, Crawlers and web robots Intelligence on search engine spider bots and identification, bad bots from spam botnets, content scrapers, tools to identify web robots, blocking malicious bots.

Reply
 
Thread Tools
  #1  
Old 10-05-2008, 10:24 AM
AnthonyCea's Avatar
AnthonyCea AnthonyCea is offline
Publisher
 
Join Date: Feb 2006
Posts: 31,664
Unidentified bot running from VeriSign.com data center

10:12 AM Guest Viewing User Profile
69.58.178.32
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12; ips-agent) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Fi



OrgName: VeriSign Infrastructure & Operations
OrgID: VIO-2
Address: 21345 Ridgetop Circle
City: Dulles
StateProv: VA
PostalCode: 20166
Country: US

NetRange: 69.58.176.0 - 69.58.191.255
CIDR: 69.58.176.0/20
NetName: VRSNNETBLK-3
NetHandle: NET-69-58-176-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.CRSNIC.NET
NameServer: NS2.NSIREGISTRY.NET
Comment:
RegDate: 2008-01-29
Updated: 2008-01-29

RAbuseHandle: NETWO480-ARIN
RAbuseName: Network Admin
RAbusePhone: +1-703-948-4300
RAbuseEmail: netadmin@verisign.com

RNOCHandle: NETWO480-ARIN
RNOCName: Network Admin
RNOCPhone: +1-703-948-4300
RNOCEmail: netadmin@verisign.com

RTechHandle: NETWO480-ARIN
RTechName: Network Admin
RTechPhone: +1-703-948-4300
RTechEmail: netadmin@verisign.com

OrgTechHandle: NETWO480-ARIN
OrgTechName: Network Admin
OrgTechPhone: +1-703-948-4300
OrgTechEmail: netadmin@verisign.com
Reply With Quote
  #2  
Old 03-26-2010, 01:09 AM
orasis orasis is offline
BANNED
 
Join Date: Mar 2010
Posts: 259
I got "some" visits starting with 69.58.178.* check them.
The way the pages are crawled is very weird. It also seems like it in the older visits it used to crawl 5 pages and leave, and in the newer it crawls 10 to 11 pages on each visit on a site with more, most times hitting / page only on same visit.


Visit date: 2010-03-16 09:56:35
IP: 69.58.178.29
NS-Lookup: ips-crawl4.colo-fo.ilg1.verisign.com
System: Linux
Browser: FireFox 3.5.3
Country: United States


Visit date: 2010-03-07 09:53:04
IP: 69.58.178.32
NS-Lookup: ips-crawl7.colo-fo.ilg1.verisign.com
System: Linux
Browser: FireFox 3.5.3
Country: United States

Visit date: 2010-02-16 11:13:23
IP: 69.58.178.27
NS-Lookup: ips-crawl2.colo-fo.ilg1.verisign.com
System: Linux
Browser: FireFox 3.5.3
Country: United States

Visit date: 2010-01-15 06:23:11
IP: 69.58.178.30
NS-Lookup: ips-crawl5.colo-fo.ilg1.verisign.com
System: Linux
Browser: FireFox 3.5.3
Country: United States

Visit date: 2009-12-12 13:28:37
IP: 69.58.178.26
NS-Lookup: ips-crawl1.colo-fo.ilg1.verisign.com
System: Linux
Browser: FireFox 3.5.3
Country: United States

Visit date: 2009-11-15 09:30:06
IP: 69.58.178.31
NS-Lookup: ips-crawl6.colo-fo.ilg1.verisign.com
System: Linux
Browser: FireFox 3.5.3
Country: United States

Visit date: 2009-11-13 22:35:55
IP: 69.58.178.28
NS-Lookup: ips-crawl3.colo-fo.ilg1.verisign.com
System: Linux
Browser: FireFox 3.5.3
Country: United States

Visit date: 2009-10-15 08:00:30
IP: 69.58.178.31
NS-Lookup: ips-crawl6.colo-fo.ilg1.verisign.com
System: Linux
Browser: FireFox 1.0.7
Country: United States

Visit date: 2009-09-14 14:17:53
IP: 69.58.178.30
NS-Lookup: ips-crawl5.colo-fo.ilg1.verisign.com
System: Linux
Browser: FireFox 1.0.7
Country: United States

Visit date: 2009-08-16 17:04:18
IP: 69.58.178.26
NS-Lookup: ips-crawl1.colo-fo.ilg1.verisign.com
System: Linux
Browser: FireFox 1.0.7
Country: United States

Visit date: 2009-07-15 09:25:01
IP: 69.58.178.26
NS-Lookup: ips-crawl1.colo-fo.ilg1.verisign.com
System: Linux
Browser: FireFox 1.0.7
Country: United States

Visit date: 2009-06-15 22:43:23
IP: 69.58.178.27
NS-Lookup: ips-crawl2.colo-fo.ilg1.verisign.com
System: Linux
Browser: FireFox 1.0.7
Country: United States

Visit date: 2009-05-18 08:00:29
IP: 69.58.178.29
NS-Lookup: ips-crawl4.colo-fo.ilg1.verisign.com
System: Linux
Browser: FireFox 1.0.7
Country: United States

Visit date: 2009-04-14 16:32:42
IP: 69.58.178.29
NS-Lookup: ips-crawl4.colo-fo.ilg1.verisign.com
System: Linux
Browser: FireFox 1.0.7
Country: United States

Visit date: 2009-03-16 15:15:46
IP: 69.58.178.33
NS-Lookup: ips-crawl8.colo-fo.ilg1.verisign.com
System: Linux
Browser: FireFox 1.0.7
Country: United States

Visit date: 2009-02-22 00:19:42
IP: 69.58.178.30
NS-Lookup: ips-crawl5.colo-fo.ilg1.verisign.com
System: Linux
Browser: FireFox 1.0.7
Country: United States

Visit date: 2009-01-28 22:38:12
IP: 69.58.178.29
NS-Lookup: ips-crawl4.colo-fo.ilg1.verisign.com
System: Linux
Browser: FireFox 1.0.7
Country: United States

Visit date: 2008-12-22 06:25:55
IP: 69.58.178.31
NS-Lookup: ips-crawl6.colo-fo.ilg1.verisign.com
System: Linux
Browser: FireFox 1.0.7
Country: United States

So I've been visited by these:
69.58.178.26
69.58.178.27
69.58.178.28
69.58.178.29
69.58.178.30
69.58.178.31
69.58.178.32
69.58.178.33

got any more in mind I should ban ?


related info:
http://www.projecthoneypot.org/ip_69.58.178.26
http://www.projecthoneypot.org/ip_69.58.178.29
http://www.projecthoneypot.org/ip_69.58.178.30
http://www.projecthoneypot.org/ip_69.58.178.31
http://www.projecthoneypot.org/ip_69.58.178.33
check comments
Reply With Quote
  #3  
Old 03-26-2010, 01:43 AM
orasis orasis is offline
BANNED
 
Join Date: Mar 2010
Posts: 259
check this post:
http://www.forumpostersunion.com/sho...1320#post51320
Reply With Quote
  #4  
Old 05-05-2010, 11:13 AM
miqrogroove's Avatar
miqrogroove miqrogroove is offline
Super Member
 
Join Date: Dec 2008
Posts: 372
Question Hello Sneaky Sneaky

This is very odd. Verisign's ips-agent doing some kind of mobile impersonation with multiple user agents:

Code:
Host: 69.58.178.31
 
/robots.txt
Agent: BlackBerry9000/4.6.0.167 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/102 ips-agent
 
/
Agent: BlackBerry9000/4.6.0.167 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/102 ips-agent
 
/contact/
Agent: BlackBerry9000/4.6.0.167 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/102 ips-agent
 
/blog/category/things-to-do/
Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.3; ips-agent) Gecko/20090824 Fedora/1.0.7-1.1.fc4 Firefox/3.5.3
It continued hitting a bunch of /blog/ paths and avoided the forum, etc.

Is there any reason to not ban this undocumented visitor?
Reply With Quote
  #5  
Old 05-05-2010, 11:23 AM
AnthonyCea's Avatar
AnthonyCea AnthonyCea is offline
Publisher
 
Join Date: Feb 2006
Posts: 31,664
I don't know if this bot is internal or if one of their clients is running it, my theory is, if a bot will not identify itself and tell you what they are doing with the data collected, then you as a webmaster have every right to ban it.
Reply With Quote
  #6  
Old 06-22-2011, 09:39 AM
HealthyPasswords HealthyPasswords is offline
Super Member
 
Join Date: Jun 2011
Posts: 5
I know this is old, but the more info the better.

I just got hit by this the first time. It behaved as your previous posts and used two different IPs both from "VeriSign Infrastructure & Operations" Everything else including the blackberry Agent for the first gets.

The one thing odd was the content it grabbed. Since this was the first time I've been hit, I can possibly tie it to recent trends. It grabbed content which was just added three days ago which was fairly high in SEO (at least for us) the past three days, and is related to a password on the lulz password list ajcuivd289, which is probably associated with black-hat utilties.

So this may either be some sort of malware or seo related bot.
Reply With Quote
Reply



Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 01:39 AM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
2006-2011 ForumPostersUnion.com