|Firefox Browser just passing through|
| 9:47 pm on May 7, 2013 (gmt 0)|
This is one of those under-the-radar robots. Logs tell me they've stopped by periodically since late June of 2012, but I never noticed until they ventured beyond the front page. (I am not a front-driven site-- in fact until recently I didn't even have a front page-- so I generally ignore requests for / alone, even without robots.txt.)
Disclaimer: I realize that the following is equivalent to "a man in his thirties, average height, average weight, brown hair, no distinguishing marks". But you never know.
IP: 18.104.22.168 (exactly)
UA: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0 (always)
Considering FF's recent behavior, this alone is enough to raise suspicion: the same version for over 10 months? At the time of their first visit, FF was just starting its update binge; the current version was 13.0 but 12.0 was no more than 2 months old.
WhoIs says they belong to RCN Corporation, which is apparently a regular human ISP. The main cause for suspicion is that they're based in Herndon, VA.
Hm. Maybe it's time to add Old Firefox to the Old MSIE group. (Redirect to a page that says "I'm sorry, but the server thinks you are a robot." No links; captcha for e-mail. Exceptions for one directory and a couple of IP ranges.)
| 2:00 am on May 8, 2013 (gmt 0)|
|The main cause for suspicion is that they're based in Herndon, VA. |
RCN is of course based in Hendron.
This IP is Brookline., Mass, however please keep in mind the GEO's are less-than-accurate.
I had the same visitor and subsequent returns, in June of 2012.
22.214.171.124 - - [25/Jun/2012:19:39:21 +0100] "GET / HTTP/1.1" 200 6010 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0"
I added a deny at that time.
I've a couple of older references to different RCN IP's (2003 & 2006).
The 2003 was doing HEAD checks.
I've two other RCN ranges denied.
RCN is likely the provider for some type of mobile device.
| 6:50 pm on May 8, 2013 (gmt 0)|
I also have 126.96.36.199 going back to June 2012 - 56 hits so far, which is large for my small server.
Also 188.8.131.52 banned Feb/Mar this year for over 70 hits.
I think these are "bad users" rather than ISP activity.