1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 9:13 pm May 4, 2026

Forum Moderators: open

Message Too Old, No Replies

What is KKman (bad bot?)

Should it be banned?

         

Merganser

5:00 am on Jan 19, 2010 (gmt 0)

10+ Year Member



I am getting some curious behavior from a browser/bot which produces KKman2.0 in the log file.

It comes to my site every couple of days and uses different IPs to repeatedly hit free download links (which are disallowed in my robot.txt file but, it does not seem to check my robots.txt file). It also does not hit all the free download links, it seems to just focus on one. Each time it visits, it hits the same link 10 - 20 times. Then it comes back in a few days and hits the same link again 10-20 times. Each time it spreads the hits out by 40 seconds or so. This goes on and on and definitely would not be human behavior. I am thinking this pattern of changing IPs and 40 second delays is to disguise its malicious intent. In my log files, these instances are always uniquely identifiable with "KKman2.0" listed in the entry, see example log file below. I manually changed my site information to 'BlahBlah' in the logs just for posting purposes here. I am not real savvy in interpreting the log file so any general explanation of how to interpret the log file would also be helpful.

Does anyone have any thoughts on what is happening here? Should I ban this entity? Would 'KKman2.0' be considered the UA for banning purposes? Any help is greatly appreciated.

219.252.44.nn - - [16/Jan/2010:15:58:13 -0800] "GET BlahBlah HTTP/1.0" 200 389030 "BlahBlah" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; KKman2.0)"
67.202.42.nn - - [16/Jan/2010:16:01:06 -0800] "GET BlahBlah HTTP/1.0" 200 466247 "BlahBlah" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; KKman2.0)"
212.233.221.nn - - [16/Jan/2010:16:02:23 -0800] "GET BlahBlah HTTP/1.0" 200 334368 "BlahBlah" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; KKman2.0)"
190.176.159.nn - - [16/Jan/2010:16:02:43 -0800] "GET BlahBlah HTTP/1.1" 200 245199 "BlahBlah" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; KKman2.0)"
69.114.133.nn - - [16/Jan/2010:16:03:40 -0800] "GET BlahBlah HTTP/1.0" 200 466247 "BlahBlah" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; KKman2.0)"
190.176.159.nn - - [16/Jan/2010:16:05:23 -0800] "GET BlahBlah HTTP/1.0" 200 466247 "BlahBlah" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; KKman2.0)"
62.60.136.nn - - [16/Jan/2010:16:05:41 -0800] "GET BlahBlah HTTP/1.0" 200 456980 "BlahBlah" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; KKman2.0)"
212.233.221.nn - - [16/Jan/2010:16:05:43 -0800] "GET BlahBlah HTTP/1.0" 200 206212 "BlahBlah" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; KKman2.0)"

[edited by: incrediBILL at 5:26 pm (utc) on Jan. 19, 2010]
[edit reason] Obscured IPs [/edit]

dstiles

10:05 pm on Jan 19, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I've had it listed as "suspect browser" for some time now. Can't say I've seen anything untowards from it. It seems to be a Vhinese? variant of MSIE although on a related web site it looks more like a Mozilla variant.

Merganser

2:39 am on Jan 21, 2010 (gmt 0)

10+ Year Member



A suspicion of Chinese is usually enough for me. Anyone else have any insight?
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 9:13 pm May 4, 2026