1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 3:21 pm May 4, 2026

Forum Moderators: open

Message Too Old, No Replies

forwarded faviconbot

         

lucy24

1:57 am on Jul 10, 2015 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



:: can't figure out if this belongs in SSID or Google, but since both are premoderated, someone else can decide ::

I found this while-- stop me if you've heard this one-- looking for something else, and the more I investigate the more puzzling it gets. 
2015-06-20:21:38:11
IP: 66.249.84.216
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20110814 Firefox/6.0 Google favicon
X-Forwarded-For: 66.127.52.abc

2015-06-20:21:38:12
IP: 66.249.84.228
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20110814 Firefox/6.0 Google favicon
X-Forwarded-For: 66.127.52.abc

2015-06-22:07:27:37
IP: 66.249.81.192
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20110814 Firefox/6.0 Google favicon
X-Forwarded-For: 41.164.184.abc

2015-06-30:06:12:39
IP: 66.249.83.174
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20110814 Firefox/6.0 Google favicon
X-Forwarded-For: 47.55.217.abc

2015-06-30:17:40:29
IP: 66.249.84.228
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20110814 Firefox/6.0 Google favicon
X-Forwarded-For: 124.122.35.abc

2015-07-01:22:28:34
IP: 66.249.84.228
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20110814 Firefox/6.0 Google favicon
X-Forwarded-For: 199.30.25.abc

2015-07-05:13:22:47
IP: 66.249.81.195
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20110814 Firefox/6.0 Google favicon
X-Forwarded-For: 77.81.187.abc
(remaining headers snipped). Position of User-Agent header, immediately after IP, looks wonky but is normal for Google.

#1 I've quoted the headers from one active site. Two other sites with logged headers show identical information, where "identical" = originating Google IP may vary in the final digit, and timestamp may be a second or two earlier or later, but in each case the "X-Forwarded-For" is exactly the same. Visit one, visit all.

#2 The conjunction of Google favicon with X-Forwarded-For header began abruptly on 20 June. Since then, all favicon visits have looked like this.

#3 In six of the seven cases, the trio of requests (three sites, one server) were preceded by a seemingly ordinary human visit from the exact IP named in the X-Forwarded-For header, where "preceded" can mean anything from a few seconds to many hours. (I do not have the kind of sites where this can happen by random probability.)

#4 The first three IPs are unexceptionable (my own ISP and a familiar Canadian range); three others are from various places outside North America; the seventh is... 199.30.you-know-the-rest. That's the only one that didn't correlate with a preceding human(oid) visit. (I went so far as to dig some other sites' logs out of the trash in case they were involved too, but no joy.)

In short: wtf?

aristotle

4:52 pm on Jul 10, 2015 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



This is kind of a stab in the dark, but could this be something that Google's browsers, Chrome and/or android, are involved with?
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 3:21 pm May 4, 2026