Another funny fake user agent string

Forum Moderators: open

Message Too Old, No Replies

Another funny fake user agent string

notriddle

8:48 pm on Jul 20, 2019 (gmt 0)

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_3) AppleWebKit/[WEBKIT_VERSION] (KHTML, like Gecko, Mediapartners-Google) Chrome/[CHROME_VERSION] Safari/[WEBKIT_VERSION]

Doesn't request robots.txt (despite claiming to be Google's adbot). It comes from 45.12.xxx.xxx, 152.89.xxx.xxx, 194.36.xxx.xxx, 181.177.xxx.xxx, and 23.89.xxx.xxx (this one has RDNS pointing at rdns.scalabledns.com, while none of the other addresses have any RDNS records at all).

It's probably a bunch of infected machines?

lucy24

11:55 pm on Jul 20, 2019 (gmt 0)

It's probably a bunch of infected machines?

When the IPs don’t all boil down to “the usual suspects” (i.e. the AWS ranges we all know and love), that's definitely a possibility. But they could also be robots distributed among different servers. (Let's not entertain the possibility of infected servers.)

23.89 is, or was recently, Enzu. 45.12 and 152.89 are interesting because the last time I checked systematically (early 2018) they were both unassigned. So it could all be new server ranges. Picking a random IP in 45.12 I get
45-12-aaa-bbb.servers-news.com
Hmmmm. Not necessarily your aaa.bbb, of course.

tangor

12:49 am on Jul 21, 2019 (gmt 0)

@notriddle ... Welcome to Webmasterworld!

Spider spotting is an engaging pastime, you will find a lot of similarly minded players!

notriddle

2:45 pm on Jul 21, 2019 (gmt 0)

Let's not entertain the possibility of infected servers

Why not? This wouldn't be the first WordPress worm.

lucy24

5:48 pm on Jul 21, 2019 (gmt 0)

Er, that was satire.