Today I noticed another hit from this same server farm in Germany with something pretending to be a Windows browser:
188.8.131.52 [elbe016.server4you.de.] requested 16 pages as "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x4.90)"So I checked my archives and sure enough it's been here a time or two before attempting to get inside and there was some hit's from other assocated IP's in their range.
Who hosts this mess appears to be intergenia.de:
netnum: 184.108.40.206 - 220.127.116.11Which also owns plusserver.de, server4you.de, server4you.com, netfabrik.de, and some end user services who's IP's may be a part of intergenia.de's range, no clue.
descr: intergenia AG
The plusserver.de, server4you.de and netfabrik.de both appear to use this range:
inetnum: 18.104.22.168 - 22.214.171.124The server4you.com seems to have this block:
descr: PlusServer - Dedicated Premium Serverhosting
OrgName: Server4You Inc.Which means the crawler that started this search still can't be pinned down to a specific hosting block for server4you other than the reverse DNS claims it's server4you.de. I poked around doing a few nslookups in that range and they return either return static-ip-62-75-*-*.inaddr.intergenia.de or someserver.server4you.de so I'm a little hesitant just to block the whole intergenia.de range.
NetRange: 126.96.36.199 - 188.8.131.52
So it looks like I'll block the obvious hosting ranges by IP and server4you.de by reverse DNS for now.