homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Gold Sponsor 2015!
Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
Forum Library, Charter, Moderators: DixonJones & mademetop

Website Analytics - Tracking and Logging Forum

ff-in-fNN.google log entries
legit or not?

10+ Year Member

Msg#: 3731661 posted 4:28 pm on Aug 26, 2008 (gmt 0)

We've recently seen log entries such as

ff-in-f84.google.com - - .. "GET /#*$!x... HTTP/1.1" ..."Mozilla/5.0 (compatible; Google Keyword Tool;+https://adwords.google.com/select/KeywordToolExternal)"

They're now appearing every 7 minutes (approx) and get the same page each time.

Using netstat, we can see the "equivalent" IP and when we check out that IP, we find the following information:

Reverse DNS: ff-in-f84.google.com.
Reverse DNS authenticity: [Could be forged: hostname ff-in-f84.google.com. does not exist]
ASN: 15169
IP range connectivity: 1
Registrar (per ASN): ARIN

Should we assume that the ff-in-f84.google.com access is not legit?

I've seen references to ff-in-fNN.google elsewhere in WW, such as in the AdWords forum, but cannot find where anybody has categorically ruled out that these are really coming from Google. Maybe this one is not legit and others of similar syntax are legit?


Receptional Andy

Msg#: 3731661 posted 7:04 pm on Aug 26, 2008 (gmt 0)

If the IP is assigned to Google, it's almost certainly authentic, except in a small number of cases where the connections may be through a proxy at Google. The reverse DNS error just means that Google haven't configured things properly ( = ff-in-f84.google.com but ff-in-f84.google.com !=

See also the thread below on the same UA and similar IP range:

Is this legitimate Google [webmasterworld.com]


10+ Year Member

Msg#: 3731661 posted 7:42 pm on Aug 26, 2008 (gmt 0)

Thanks for the info and related link.

If this is a legit access, why would we see the same log entry (same page request) coming in every 6-7 minutes?

Not that it's related, but we recently implemented rewrites (301's) to use new simplified url convention and the page that is constantly being pulled is one of those that go thru a re-write AND it uses an option in the query string that indicates its from an AdWords campaign.


WebmasterWorld Senior Member g1smd us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

Msg#: 3731661 posted 9:17 pm on Aug 26, 2008 (gmt 0)

The IP address 66.249.85.nnn is related to the named GFE-FF datacentre.

The f84- in your URL does match the .84 in the final octet of the IP address.

However, that datacentre stopped being available for search over a year ago. It looks like some other services still reside on servers elsewhere within that Class-C block.

Who or what was accessing your site is unknown to me, but the access came from Google, or from someone using a tool hosted at Google (whether that person was at the GooglePlex, or elsewhere in the world, is also unclear).

See also: [webmasterworld.com...]

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Website Analytics - Tracking and Logging
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved