Welcome to WebmasterWorld Guest from

Forum Moderators: Ocean10000 & incrediBILL

Message Too Old, No Replies

SiteSpeedBot and misinformation, bad bot

11:33 pm on Feb 3, 2011 (gmt 0)

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

SiteSpeedBot claims that name is their user agent yet that would never pass my filters.

Yet somehow my data, that shouldn't be there if everything they said is true, magically appears on their servers.

User-agent: SiteSpeedBot
Disallow: /

Without wasting any time I decided to see what's up and asked the site to crawl a bogus page.

It didn't ask for robots.txt like it claims, asked for the home page as SiteSpeedBot, then proceeded to ask for the bogus page as Firefox. - "GET / HTTP/1.1" 200 2297 "-" "SiteSpeedBot" - HEAD /bogus.html HTTP/1.1" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/2009060308 Linux Mint/7 (Gloria) Firefox/3.0.11"

Then I tried again with a page it could find, and it sort of asked for robots.txt, not very clever really... - "GET /page.htmlrobots.txt HTTP/1.1" "Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/2009060308 Linux Mint/7 (Gloria) Firefox/3.0.11"

It actually asked for the page HEAD to verify it existed BEFORE asking for the robots.txt file, huh?

HEAD /page.html
GET /page.htmlrobots.txt

What a mess.

However, they claim to operate from multiple data centers around the world, so I'm just scratching the surface of their IPs it would seem.

Here's another IP and UA they used...
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20100908 CentOS/3.6-2.el5.centos Firefox/3.6.9 GTB7.1"

It seems they like 1&1 for hosting this thing from different data centers.

Anyone got anything else on this beast?
12:16 am on Feb 4, 2011 (gmt 0)

5+ Year Member

What bothers me about them, is IF they are providing Webmaster Tools, why is their bot visiting unless you asked it to?

I did a little scratching around, looking at whois and the IPs you provided.

The registrant for indeep76.com is located in Ukraine (that's a red flag for me).

Also, Reverse DNS for is mail. smartviper. com. Put Smartviper . com into your browser and get this:
SmartViper a web service that collects and analyzes any data about domains and keywords they are optimized for.

Reverse DNS for is u15371126. onlinehome-server. com. If you type the last bits into a browser, it redirects to www. 1und1. de (1&1 in Germany)
2:19 am on Jul 2, 2011 (gmt 0)

Caught today pretending to be GoogleBot.
Robots.txt: NO - - [01/Jul/2011:17:53:30 -0500] "GET [redacted] HTTP/1.0" 403 877 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; [google.com...]

canonical name mail.smartviper.com


11a kv.85
Kiev, P 03179

DNS records
name class type data time to live
mail.smartviper.com IN A 1800s (00:30:00)
smartviper.com IN NS dns3.registrar-servers.com 1800s (00:30:00)
smartviper.com IN NS dns2.registrar-servers.com 1800s (00:30:00)
smartviper.com IN NS dns1.registrar-servers.com 1800s (00:30:00)
smartviper.com IN A 1800s (00:30:00)
smartviper.com IN NS dns5.registrar-servers.com 1800s (00:30:00)
smartviper.com IN NS dns4.registrar-servers.com 1800s (00:30:00)
smartviper.com IN SOA server: dns1.registrar-servers.com
email: hostmaster.registrar-servers.com
serial: 2008080810
refresh: 10001
retry: 1801
expire: 604801
minimum ttl: 3601
3601s (01:00:01)
smartviper.com IN TXT v=spf1 ip4: a ~all 1800s (00:30:00) IN PTR mail.smartviper.com 86400s (1.00:00:00)

Tracing route to mail.smartviper.com []...

hop rtt rtt rtt ip address fully qualified domain name
1 1 1 1 61.d3.5446.static.theplanet.com
2 1 1 0 po101.dsr01.dllstx5.networklayer.com
3 18 1 1 po51.dsr01.dllstx3.networklayer.com
4 1 1 0 e4-2.ibr03.dllstx3.networklayer.com
5 1 6 14 xe-3-0-0.er1.dfw2.us.above.net
6 1 1 1 xe-0-1-0.cr1.dfw2.us.above.net
7 28 28 28 xe-2-1-0.cr1.ord2.us.above.net
8 28 28 28 xe-1-1-0.er1.ord7.us.above.net
9 29 28 28 equinix.bb-b.cr.chi.us.oneandone.net
10 39 39 39 te-2-4.bb-d.ws.mkc.us.oneandone.net
11 40 39 39 te-1-1.bb-c.slr.lxa.us.oneandone.net
12 40 40 40 ae-11.gw-distp-a.slr.lxa.oneandone.net
13 40 40 40 ae-1.gw-prtr-r5-a.slr.lxa.oneandone.net
14 40 40 40 mail.smartviper.com

Trace complete

Service scan
FTP - 21 Error: TimedOut
SMTP - 25 Error: TimedOut
HTTP - 80 HTTP/1.1 403 Forbidden
Server: nginx
Date: Sat, 02 Jul 2011 10:25:10 GMT
Content-Type: text/html
Content-Length: 162
Connection: close
POP3 - 110 Error: TimedOut
IMAP - 143 Error: TimedOut

From CentralOps

First result in Google for that IP returns:

Hutsler Law Firm - Cached
Birmingham, Alabama, attorneys at Hutsler Law Firm represent clients in consumer law.


The following A records are set to
appointmentnet.com, hutslerlaw.com, hutslerlawfirm.com, localpsychiatrists.com, ourstatesunited.com, ourstatesunited.org

4:08 am on Jul 2, 2011 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month

Hutsler [**typo for Hustler?] Law Firm

That's OneandOne, aka 1and1. I've got them flagged as "kinda hinky though I can't say where or how I picked up this idea". (See further up this thread.)

74.80-81 maximumasp
asp = viper, right? IP that will bite you in the ### if given half a chance?
5:22 am on Jul 2, 2011 (gmt 0)

Couple of other IP's in the same block, heaps of different UA on