[ic] googleusercontent.com a spider?
DB
db at m-and-d.com
Thu Jul 30 13:45:21 UTC 2015
> Quoting Peter (peter at pajamian.dhs.org):
>> On 07/30/2015 09:14 AM, DB wrote:
>> > Today I saw alot of traffic from this IP:
>> >
>> > 162.201.155.104.in-addr.arpa name =
>> > 162.201.155.104.bc.googleusercontent.com.
>> >
>> > and it had obtained an IC session. Has anyone else seen this? Should it
>> > be added to the robots list? Thanks!
>>
>> It's a google cloud customer:
>>
>> NetRange: 104.154.0.0 - 104.155.255.255
>> CIDR: 104.154.0.0/15
>> NetName: GOOGLE-CLOUD
>> NetHandle: NET-104-154-0-0-1
>> Parent: NET104 (NET-104-0-0-0-0)
>> NetType: Direct Allocation
>> OriginAS: AS15169
>> Organization: Google Inc. (GOOGL-2)
>> RegDate: 2014-07-09
>> Updated: 2014-07-09
>> Comment: *** The IP addresses under this netblock are in use by
>> Google Cloud customers ***
>>
>> Check your webserver logs, what's the useragent?
>
> And the pages accessed. I bet it's somebody scanning for vulns.
>
> --
> Josh Lavin
> End Point Corporation
> phone +1.210.775.2088 <jlavin at endpoint.com>
I think you're right Josh... some type of scan I got over 6000 in my
access log from that IP like:
104.155.201.162 www.domain.com - [29/Jul/2015:17:11:00 -0400] "GET
/scan/MM=c9075c30b0eb97760b8d5cf8aa38cd3e:400:499:100.html?mv_more_ip=%40%40XTNbJ&mv_nextpage=Brand-Parts&pf=sql
HTTP/1.1" 200 132 "http://www.domain.com" "Mozilla/5.0 (Windows NT 6.1;
WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.63
Safari/537.36"
Blocking that IP, while crude, has helped.
DB
More information about the interchange-users
mailing list