Tuesday, November 21, 2006

Bezeqint Hosts Scrapers, Spammers and more

The previous post about Hunting Picscout assumes that they are operating out of bezeqint.net which is where their website is hosted. The decision to block the first range of bezeqint.net from the previous post was easy because it appears to be a data center where residential customers wouldn't be blocked.

Then there is this other barrage of crap coming from what claims to be BEZEQINT-CABLES which may be residential but I can't read Hebrew so who knows. Anyone that can translate Bezeqint's site and give us more clues would be greatly appreciated.

This one particular IP tried to crawl about 300 pages:

84.110.241.167 "Mozilla/4.0 (compatible; MSIE 5.0; Windows NT 4.0)"
Garden variety scraper or part of Picscout?

Hard to say.

However, we have found a new rash of activity while researching bezeqint.net looking for PicScout but these were all in my spam trap, no referrers, all one shot attempts to post something that was blocked, mostly about Viagra.

The spammers all came from these blocks:
inetnum: 84.110.208.0 - 84.110.223.255
netname: BEZEQINT-CABLES

inetnum: 84.110.224.0 - 84.110.239.255
netname: BEZEQINT-CABLES

inetnum: 84.110.240.0 - 84.110.255.255
netname: BEZEQINT-CABLES
Here's the big list which makes me wonder if it's DHCP or a botnet?
84.110.208.4 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.211.29 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.217.105 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.217.116 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.217.192 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.220.146 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.220.90 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.224.132 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.224.15 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.224.15 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.224.152 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.225.61 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.225.84 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.225.95 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.226.179 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.226.248 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.226.93 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.226.94 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.227.133 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.227.175 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.228.115 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.228.126 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.229.104 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.229.189 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.229.240 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.229.250 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.229.73 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.231.107 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.231.12 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.231.134 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.231.154 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.231.200 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.231.52 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.231.99 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.232.216 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.232.239 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.232.5 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.233.177 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.233.193 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.233.207 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.233.229 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.233.245 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.233.252 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.233.39 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.234.113 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.235.110 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.236.103 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.236.112 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.236.116 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.236.157 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.236.8 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.236.93 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.237.49 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.237.93 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.238.117 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.238.221 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.238.37 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.239.139 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.239.69 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.240.110 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.240.242 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.240.39 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.240.42 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.241.132 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.241.149 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.241.163 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.241.187 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.241.45 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.241.98 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.242.118 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.242.141 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.242.86 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.242.88 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.243.107 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.243.125 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.243.17 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.243.86 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.244.148 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.244.185 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.244.201 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.244.240 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.244.254 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.244.4 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.245.122 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.245.124 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.245.154 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.245.247 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.246.10 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.246.223 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.246.226 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.246.41 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.247.126 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.247.28 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.248.165 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.248.226 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.249.117 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.249.201 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.249.217 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.249.218 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.250.120 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.250.131 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.250.155 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.250.189 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.250.213 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.250.68 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.250.71 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.250.87 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.251.112 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.251.141 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.251.150 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.251.80 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.252.10 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.252.133 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.252.165 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.252.178 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.252.44 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.253.151 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.253.186 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.253.83 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.254.213 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.254.237 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.254.33 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.254.67 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.255.214 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.255.248 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.255.55 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.255.81 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
84.110.255.84 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Don't know what in the hell is going on with Bezeqint but I think I'm going to start tracking to see if I'm getting any legitimate traffic from there and if not, I'll just block their entire network as nothing good seems to be coming from them.

2 comments:

bull said...

Done this long ago:
deny from 82.80.240.0/21
deny from 82.80.248.0/21
deny from 84.110.208.0/20
deny from 84.110.240.0/20
Now switching over to iptables for cleaner logs and smaller htaccess ;)

Anonymous said...

Like bull, these guys were blocked at my firewall long ago.

They annoyed me, so I went after all the traces of them I could find.

So you may also want to consider other Bezequint hosting CIDR blocks like:

84.108.128.0/20
88.152.0.0/18
88.152.64.0/20
192.114.146.0/23
192.115.184.0/21
212.25.64.0/19
212.25.96.0/19
212.179.0.0/18

and some of their ADSL customers too:

88.153.85.0/16
88.154.85.0/16

YMMV etc etc.