I've strange demands during my log every single day in the same IP... they all are such as this: - - [12/Jul/2000:04:07:15 -0400] "GET /images/logo design.digital HTTP/1." 304 - "-" "Mozilla/3.01 (compatible )"

More often than not this IP demands the pictures, with no HTML pages... I believed that somebody was connecting to my images, however it demands items that nobody may wish to connect to like top logo design or even the pixel graphic.

I am just curious what it's... Any ideas? Can One track it lower with this IP?

[This message continues to be edited by sunsmile (edited 07-14-2000).]
Regrettably Samspade is lower, and so i can't perform a definitive research, however i had a glance at IP possession (through http://ipindex.dragonstar.net/c/192/192_218.html) and emerged using the following :

The nearest Ip/range which i emerged with was Mitsubishi Electric Corporation (NET-MELCO-IPNET4)

Howveer, the IP *range* wasn't specified meaning certainly one of three things :

1. The IP was forged by anyone to get the images
2. Dynamic Insolvency practitioners? That's, a dial-in network from Mitsubishi?
3. Something different that we can't think about

When Samspade's support I'll perform a full search and let guess what happens I've found.
Here's what little I'm able to add (samspade continues to be lower :-( )

[root@host log]# nslookup
Server: ns.cfoxhost.com

Title: ps.melco.co.jp

The domain title given here doesn't seem like a dial-as much as me. A whois research at http://www.nic.ad.jp/cgi-bin/whois_gate on "melco.co.jp" produces this result:

[ JPNIC database provides info on network administration. Its me is ]
[ limited to network administration reasons. For more information, use ]
[ 'whois -h whois.nic.ad.jp help'. To suppress Japanese output, add '/e' at ]
[ the finish of command, e.g. 'whois -h whois.nic.ad.jp xxx/e'. ]

Domain Information:
a. [Domain Title] MELCO.CO.JP
g. [Organization] Mitsubishi Electric Corporation
j. [Address] 2-2-3, Marunouchi, Chiyoda-ku, Tokyo, japan, 100-8310, Japan
l. [Organization Type] Corporation
m. [Administrative Contact] TA189JP
n. [Technical Contact] ST245JP
n. [Technical Contact] HS732JP
p. [Title Server] ins01.melco.co.jp
p. [Title Server] gw01.melco.co.jp
p. [Title Server] melconws.melco.co.jp
s. [Network Number] 133.229..
s. [Network Number] 192.218.140.
y. [Reply Mail] staff@melit.melco.co.jp
[Condition] Connected
[Registered Date]
[Connected Date]
[Last Update] 2000/03/13 11:15:02 (JST)

So it's a subdomain of melco.co.jp (in line with the domain title).

Chuck Fox
Because of everybody who responded for the help. I still keep getting image demands out of this IP. What is your opinion I'm able to do about this other then renaming the pictures?
You can always block the IP.

Create a .htaccess file within the directory which has the look(s) inside it using the following:

deny from

Whether it's always exactly the same IP then which should ensure that it stays from happening. If you wish to try to lower the likelihood of the IP altering simply take a chunk from the finish from the IP.


deny from 192.218.140

You need to block more, simply take another chunk off. Be cautious though. The greater you are taking off, the greater likelihood of obstructing more and more people than you need to.

(note: I am no expert only at that stuff, I simply realize that works best for certain cases.)

Justin K.
A pessimistic person sees the glass as half empty, positive half full... much more fact the glass is totally full. Partly with water and partly with air.
I am afraid to bar it - let's say the IP is dynamic and another person is applying it for legitimate demands...
If it's a dynamically designated IP it will have transformed right now. Also, you could utilize the domain title (ps.melco.co.jp) rather than the IP. I simply did another nslookup which is still exactly the same IP and domain title. During my personal opinion, this isn't a dialup it is a static IP and you will securely deny them.
Your call though! :-)

Chuck Fox

In the info you gave it appears like it's a "caching server" utilized by ISP's to improve speed and employ less outgoing bandwidth by storing images in your area in order for there dialup customers.

You describe that the logs only shows images being loaded and so i would opt for that theory. We make use of a caching server and ours has got the same browser tag of "Mozilla/3.01 (compatible )" when fetching images.

It's most likely not something you need to block as well as be worried about.

Usually cache servers, if this sounds like the situation here should return a couple of times within a couple of days after which should stop gathering images when the user doesn't return to your page.

Hope that can help!
Yeah, that will most likely explain it, because the images which are being asked for don't seem like the kind of images someone may wish to steal :-)

Just info.

  • 1