ForumPostersUnion.com
|
|||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
| Spiders, Crawlers and web robots Intelligence on search engine spider bots and identification, bad bots from spam botnets, content scrapers, tools to identify web robots, blocking malicious bots. |
 |
|
|
Thread Tools |
|
#1
10-05-2008, 10:24 AM
|
||||
|
||||
|
Unidentified bot running from VeriSign.com data center
10:12 AM Guest Viewing User Profile
69.58.178.32 Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12; ips-agent) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Fi OrgName: VeriSign Infrastructure & Operations OrgID: VIO-2 Address: 21345 Ridgetop Circle City: Dulles StateProv: VA PostalCode: 20166 Country: US NetRange: 69.58.176.0 - 69.58.191.255 CIDR: 69.58.176.0/20 NetName: VRSNNETBLK-3 NetHandle: NET-69-58-176-0-1 Parent: NET-69-0-0-0-0 NetType: Direct Assignment NameServer: NS1.CRSNIC.NET NameServer: NS2.NSIREGISTRY.NET Comment: RegDate: 2008-01-29 Updated: 2008-01-29 RAbuseHandle: NETWO480-ARIN RAbuseName: Network Admin RAbusePhone: +1-703-948-4300 RAbuseEmail: netadmin@verisign.com RNOCHandle: NETWO480-ARIN RNOCName: Network Admin RNOCPhone: +1-703-948-4300 RNOCEmail: netadmin@verisign.com RTechHandle: NETWO480-ARIN RTechName: Network Admin RTechPhone: +1-703-948-4300 RTechEmail: netadmin@verisign.com OrgTechHandle: NETWO480-ARIN OrgTechName: Network Admin OrgTechPhone: +1-703-948-4300 OrgTechEmail: netadmin@verisign.com
__________________
|
|
#2
03-26-2010, 01:09 AM
|
|||
|
|||
|
I got "some" visits starting with 69.58.178.* check them.
The way the pages are crawled is very weird. It also seems like it in the older visits it used to crawl 5 pages and leave, and in the newer it crawls 10 to 11 pages on each visit on a site with more, most times hitting / page only on same visit. Visit date: 2010-03-16 09:56:35 IP: 69.58.178.29 NS-Lookup: ips-crawl4.colo-fo.ilg1.verisign.com System: Linux Browser: FireFox 3.5.3 Country: United States Visit date: 2010-03-07 09:53:04 IP: 69.58.178.32 NS-Lookup: ips-crawl7.colo-fo.ilg1.verisign.com System: Linux Browser: FireFox 3.5.3 Country: United States Visit date: 2010-02-16 11:13:23 IP: 69.58.178.27 NS-Lookup: ips-crawl2.colo-fo.ilg1.verisign.com System: Linux Browser: FireFox 3.5.3 Country: United States Visit date: 2010-01-15 06:23:11 IP: 69.58.178.30 NS-Lookup: ips-crawl5.colo-fo.ilg1.verisign.com System: Linux Browser: FireFox 3.5.3 Country: United States Visit date: 2009-12-12 13:28:37 IP: 69.58.178.26 NS-Lookup: ips-crawl1.colo-fo.ilg1.verisign.com System: Linux Browser: FireFox 3.5.3 Country: United States Visit date: 2009-11-15 09:30:06 IP: 69.58.178.31 NS-Lookup: ips-crawl6.colo-fo.ilg1.verisign.com System: Linux Browser: FireFox 3.5.3 Country: United States Visit date: 2009-11-13 22:35:55 IP: 69.58.178.28 NS-Lookup: ips-crawl3.colo-fo.ilg1.verisign.com System: Linux Browser: FireFox 3.5.3 Country: United States Visit date: 2009-10-15 08:00:30 IP: 69.58.178.31 NS-Lookup: ips-crawl6.colo-fo.ilg1.verisign.com System: Linux Browser: FireFox 1.0.7 Country: United States Visit date: 2009-09-14 14:17:53 IP: 69.58.178.30 NS-Lookup: ips-crawl5.colo-fo.ilg1.verisign.com System: Linux Browser: FireFox 1.0.7 Country: United States Visit date: 2009-08-16 17:04:18 IP: 69.58.178.26 NS-Lookup: ips-crawl1.colo-fo.ilg1.verisign.com System: Linux Browser: FireFox 1.0.7 Country: United States Visit date: 2009-07-15 09:25:01 IP: 69.58.178.26 NS-Lookup: ips-crawl1.colo-fo.ilg1.verisign.com System: Linux Browser: FireFox 1.0.7 Country: United States Visit date: 2009-06-15 22:43:23 IP: 69.58.178.27 NS-Lookup: ips-crawl2.colo-fo.ilg1.verisign.com System: Linux Browser: FireFox 1.0.7 Country: United States Visit date: 2009-05-18 08:00:29 IP: 69.58.178.29 NS-Lookup: ips-crawl4.colo-fo.ilg1.verisign.com System: Linux Browser: FireFox 1.0.7 Country: United States Visit date: 2009-04-14 16:32:42 IP: 69.58.178.29 NS-Lookup: ips-crawl4.colo-fo.ilg1.verisign.com System: Linux Browser: FireFox 1.0.7 Country: United States Visit date: 2009-03-16 15:15:46 IP: 69.58.178.33 NS-Lookup: ips-crawl8.colo-fo.ilg1.verisign.com System: Linux Browser: FireFox 1.0.7 Country: United States Visit date: 2009-02-22 00:19:42 IP: 69.58.178.30 NS-Lookup: ips-crawl5.colo-fo.ilg1.verisign.com System: Linux Browser: FireFox 1.0.7 Country: United States Visit date: 2009-01-28 22:38:12 IP: 69.58.178.29 NS-Lookup: ips-crawl4.colo-fo.ilg1.verisign.com System: Linux Browser: FireFox 1.0.7 Country: United States Visit date: 2008-12-22 06:25:55 IP: 69.58.178.31 NS-Lookup: ips-crawl6.colo-fo.ilg1.verisign.com System: Linux Browser: FireFox 1.0.7 Country: United States So I've been visited by these: 69.58.178.26 69.58.178.27 69.58.178.28 69.58.178.29 69.58.178.30 69.58.178.31 69.58.178.32 69.58.178.33 got any more in mind I should ban ? related info: http://www.projecthoneypot.org/ip_69.58.178.26 http://www.projecthoneypot.org/ip_69.58.178.29 http://www.projecthoneypot.org/ip_69.58.178.30 http://www.projecthoneypot.org/ip_69.58.178.31 http://www.projecthoneypot.org/ip_69.58.178.33 check comments
|
|
#3
03-26-2010, 01:43 AM
|
|||
|
|||
|
check this post:
http://www.forumpostersunion.com/sho...1320#post51320
|
|
#4
05-05-2010, 11:13 AM
|
||||
|
||||
Hello Sneaky Sneaky
This is very odd. Verisign's ips-agent doing some kind of mobile impersonation with multiple user agents:
Code:
Host: 69.58.178.31 /robots.txt Agent: BlackBerry9000/4.6.0.167 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/102 ips-agent / Agent: BlackBerry9000/4.6.0.167 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/102 ips-agent /contact/ Agent: BlackBerry9000/4.6.0.167 Profile/MIDP-2.0 Configuration/CLDC-1.1 VendorID/102 ips-agent /blog/category/things-to-do/ Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.3; ips-agent) Gecko/20090824 Fedora/1.0.7-1.1.fc4 Firefox/3.5.3 Is there any reason to not ban this undocumented visitor?
|
|
#5
05-05-2010, 11:23 AM
|
||||
|
||||
|
I don't know if this bot is internal or if one of their clients is running it, my theory is, if a bot will not identify itself and tell you what they are doing with the data collected, then you as a webmaster have every right to ban it.
__________________
|
|
#6
06-22-2011, 09:39 AM
|
|||
|
|||
|
I know this is old, but the more info the better.
I just got hit by this the first time. It behaved as your previous posts and used two different IPs both from "VeriSign Infrastructure & Operations" Everything else including the blackberry Agent for the first gets. The one thing odd was the content it grabbed. Since this was the first time I've been hit, I can possibly tie it to recent trends. It grabbed content which was just added three days ago which was fairly high in SEO (at least for us) the past three days, and is related to a password on the lulz password list ajcuivd289, which is probably associated with black-hat utilties. So this may either be some sort of malware or seo related bot.
|
|
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
|
|
All times are GMT -5. The time now is 02:34 AM.