|SiteSpeedBot and misinformation, bad bot|
SiteSpeedBot claims that name is their user agent yet that would never pass my filters.
Yet somehow my data, that shouldn't be there if everything they said is true, magically appears on their servers.
|User-agent: SiteSpeedBot |
Without wasting any time I decided to see what's up and asked the site to crawl a bogus page.
It didn't ask for robots.txt like it claims, asked for the home page as SiteSpeedBot, then proceeded to ask for the bogus page as Firefox.
188.8.131.52 - "GET / HTTP/1.1" 200 2297 "-" "SiteSpeedBot"
184.108.40.206 - HEAD /bogus.html HTTP/1.1" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:220.127.116.11) Gecko/2009060308 Linux Mint/7 (Gloria) Firefox/3.0.11"
Then I tried again with a page it could find, and it sort of asked for robots.txt, not very clever really...
18.104.22.168 - "GET /page.htmlrobots.txt HTTP/1.1" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:22.214.171.124) Gecko/2009060308 Linux Mint/7 (Gloria) Firefox/3.0.11"
It actually asked for the page HEAD to verify it existed BEFORE asking for the robots.txt file, huh?
What a mess.
However, they claim to operate from multiple data centers around the world, so I'm just scratching the surface of their IPs it would seem.
Here's another IP and UA they used...
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:126.96.36.199) Gecko/20100908 CentOS/3.6-2.el5.centos Firefox/3.6.9 GTB7.1"
It seems they like 1&1 for hosting this thing from different data centers.
Anyone got anything else on this beast?
What bothers me about them, is IF they are providing Webmaster Tools, why is their bot visiting unless you asked it to?
I did a little scratching around, looking at whois and the IPs you provided.
The registrant for indeep76.com is located in Ukraine (that's a red flag for me).
Also, Reverse DNS for 188.8.131.52 is mail. smartviper. com. Put Smartviper . com into your browser and get this:
|SmartViper – a web service that collects and analyzes any data about domains and keywords they are optimized for. |
Reverse DNS for 184.108.40.206 is u15371126. onlinehome-server. com. If you type the last bits into a browser, it redirects to www. 1und1. de (1&1 in Germany)
Caught today pretending to be GoogleBot.
220.127.116.11 - - [01/Jul/2011:17:53:30 -0500] "GET [redacted] HTTP/1.0" 403 877 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; [google.com...]
canonical name mail.smartviper.com
BOGDAN ANDRIY ()
Kiev, P 03179
name class type data time to live
mail.smartviper.com IN A 18.104.22.168 1800s (00:30:00)
smartviper.com IN NS dns3.registrar-servers.com 1800s (00:30:00)
smartviper.com IN NS dns2.registrar-servers.com 1800s (00:30:00)
smartviper.com IN NS dns1.registrar-servers.com 1800s (00:30:00)
smartviper.com IN A 22.214.171.124 1800s (00:30:00)
smartviper.com IN NS dns5.registrar-servers.com 1800s (00:30:00)
smartviper.com IN NS dns4.registrar-servers.com 1800s (00:30:00)
smartviper.com IN SOA server: dns1.registrar-servers.com
minimum ttl: 3601
smartviper.com IN TXT v=spf1 ip4:126.96.36.199/32 a ~all 1800s (00:30:00)
188.8.131.52.in-addr.arpa IN PTR mail.smartviper.com 86400s (1.00:00:00)
Tracing route to mail.smartviper.com [184.108.40.206]...
hop rtt rtt rtt ip address fully qualified domain name
1 1 1 1 220.127.116.11 61.d3.5446.static.theplanet.com
2 1 1 0 18.104.22.168 po101.dsr01.dllstx5.networklayer.com
3 18 1 1 22.214.171.124 po51.dsr01.dllstx3.networklayer.com
4 1 1 0 126.96.36.199 e4-2.ibr03.dllstx3.networklayer.com
5 1 6 14 188.8.131.52 xe-3-0-0.er1.dfw2.us.above.net
6 1 1 1 184.108.40.206 xe-0-1-0.cr1.dfw2.us.above.net
7 28 28 28 220.127.116.11 xe-2-1-0.cr1.ord2.us.above.net
8 28 28 28 18.104.22.168 xe-1-1-0.er1.ord7.us.above.net
9 29 28 28 22.214.171.124 equinix.bb-b.cr.chi.us.oneandone.net
10 39 39 39 126.96.36.199 te-2-4.bb-d.ws.mkc.us.oneandone.net
11 40 39 39 188.8.131.52 te-1-1.bb-c.slr.lxa.us.oneandone.net
12 40 40 40 184.108.40.206 ae-11.gw-distp-a.slr.lxa.oneandone.net
13 40 40 40 220.127.116.11 ae-1.gw-prtr-r5-a.slr.lxa.oneandone.net
14 40 40 40 18.104.22.168 mail.smartviper.com
FTP - 21 Error: TimedOut
SMTP - 25 Error: TimedOut
HTTP - 80 HTTP/1.1 403 Forbidden
Date: Sat, 02 Jul 2011 10:25:10 GMT
POP3 - 110 Error: TimedOut
IMAP - 143 Error: TimedOut
First result in Google for that IP returns:
Hutsler Law Firm
22.214.171.124/ - Cached
Birmingham, Alabama, attorneys at Hutsler Law Firm represent clients in consumer law.
The following A records are set to 126.96.36.199:
appointmentnet.com, hutslerlaw.com, hutslerlawfirm.com, localpsychiatrists.com, ourstatesunited.com, ourstatesunited.org
|Hutsler [**typo for Hustler?] Law Firm |
That's OneandOne, aka 1and1. I've got them flagged as "kinda hinky though I can't say where or how I picked up this idea". (See further up this thread.)
asp = viper, right? IP that will bite you in the ### if given half a chance?
Couple of other IP's in the same block, heaps of different UA on 188.8.131.52