Following on from a couple of other recent threads about possible visits from Google employees I wonder if someone could help me with this?
In the early hours of the morning (GMT) on the 8th. September and again on 17th. September my site was visited from nearly 100 IP addresses in Google's 18.104.22.168/16 network. On both occasions around 1GB of executable files (mostly trial software) were downloaded. I'm not sure what Google uses that network for. Some say it's Google translation services whilst others suggest these visits are the result of people clicking on links in emails sent to GMail accounts. However, I doubt that 100 people would be simultaneously translating/downloading items from my small site and I don't send any newsletters/mailers of any kind at all. Other people say these IP addresses are used by Site Verification services but I wouldn't think that downloading lots of files would be required for that purpose. Another suggestion is that this IP range is used by Google for anything and everything apart from their search engine web sites.
As my site is on shared hosting I don't have access to the full server logs so I can't be absolutely sure what these visitors are doing, but it seems that most of the files they're downloading are ones that are part of an affiliate scheme in which I participate. Rather than having affiliate links to a publisher on my site, my affiliate code is embedded into the executable files that I host myself. Thus, if someone subsequently registers the trial version of the software that they've downloaded then that sale is attributed to me.
Can anyone suggest what Google may be up to with these strange visits? I wonder if they're trying to determine if my site is an affiliate or not. I haven't renamed the files from their defaults so similarly named files probably exist on plenty of other sites and it doesn't take a genius to work out that these files are indeed part of an affiliate scheme. If you take the trouble to look at them in a hex editor the affiliate code is quite plain to see.
We've got a recent thread in our Search Engine Spiders forum about this IP range - and yes, it does look like Google does use it for verification. See Google-Site-Verification/1.0 IPs [webmasterworld.com]
Thanks guys. I'd seen the thread Tedster mentioned but wasn't convinced that site verification accounted for all the "cavorting" (as incrediBILL perfectly put it) with around 100 IP addresses involved and multiple file downloads. The idea that this activity might be related to malware checking does sound very plausible.