loopip.com seems to lead to the Net Research Server software page...

Weird that it's comong from a Comcast IP range, though, so possibly spoofed.

Jim

I got one of those on 01/10/08

also from 76.103.128.xx

with UA - nrsbot/5.0(loopip.com/robot.html)

but rDNS showed
c-76-103-yyy-45.hsd1.ca.comcast.net

(it didn't take a bait from robots.txt file though)

[edited by: Tastatura at 1:40 am (utc) on Oct. 11, 2008]

-- we built an engine that imports the entire Open Directory Project and crawls each page looking for search engine forms. --

We got a visit from that IP as well, also on 9/27 from 74.95.0.#*$! with the same UA. Both are from Comcast Business Communications ranges.

REQUEST HEADERS:

HTTP Request item: Value
------------------------
Accept: image/gif, image/x-xbitmap, image/jpeg, image/png, */*
Connection: Close
Accept-Encoding: gzip
Content-Length: 0
Host: www.QQQQQQQ.tld
User-Agent: nrsbot/5.0(loopip.com/robot.html)
Accept-Charset: iso-8859-1,*,utf-8
Accept-Language: en
request_method: GET
server_protocol: HTTP/1.0

Other than that last April there was a hit from 75.101.193.xx(Amazon CC) with the same UA.

Anything searching for forms just HAS to be bad! It's usually so they can spam them. And in my experience nothing good ever comes from comcast, either.

The early ones this month came from 74.95.0.* which has an rDNS of loopip.com but the latest ones are from 76.103.128.* - 13 from 3rd to this date.

With a couple of exceptions they hit the home page, got rejected and went away. The exceptions were two pages that often get hit by bots (gods know why!) and there the hits were two in quick succession.