1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 12:03 pm May 4, 2026

Forum Moderators: open

Message Too Old, No Replies

woorank

         

lucy24

9:16 pm on Dec 8, 2019 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Probably the same organization as discussed here, three years ago [webmasterworld.com].

IP: 3.234.92.abc, 52.70.79.abc, 54.88.26.abc
UA:
Mozilla/5.0 (compatible; woorankreview/2.0; +https://www.woorank.com/)
Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1 (compatible; woorankreview/2.0; +https://www.woorank.com/)
Mozilla/5.0 (iPad; CPU OS 11_0 like Mac OS X) AppleWebKit/604.1.34 (KHTML, like Gecko) Version/11.0 Mobile/15A5341f Safari/604.1 (compatible; woorankreview/2.0; +https://www.woorank.com/)
robots.txt: delayed
Headers: generally humanoid, but may omit Accept-Language (and may include a whole lot of extraneous guff)
Curious pattern of behavior, involving multiple sets of requests from various IPs (each of the three is an exact /32) and different UAs. “delayed” means they asked for robots.txt only after many html requests. Also asked for sitemap, but this was blocked, so I don’t know what they would have done with it.

Showed up only at my personal site; all I can be sure of is that I didn’t invite them. (And they didn’t request any interior pages that some other site might plausibly have linked to.)

I don’t log headers on redirects, but will tentatively say based on 301 in access logs that they requested all four possible configurations:
http://example.com
https://example.com
http://www.example.com
https://www.example.com

The 54. IP was used only for robots.txt and sitemap.xml.

After a total of
:: counting on fingers ::
21 requests for / root with the basic UA from the 3. IP, they went on to robots.txt, sitemap and--really--
/vOq9ZyOMH3/4grnVnaoc4HlabkBX/mqkiBeMHbe1L0VT/VjfFdETrgCNuCnxnZ9/WBOEgQfDh14CuTaS
(I don't know if this is Base64 for something, or just an over-the-top equivalent of Googlebot's nonexistent-file-name, test-for-404 request.)

After this they moved on to three packages, each with a different UA (vanilla, iPhone, iPad), some sets from the 52. IP:
/ root (blocked)
stylesheet used by 403 page
navigation icon used by 403 page
/piwik.js (blocked)

Then they took a two-second breather and finally made a single HEAD request for the favicon.

tangor

2:29 am on Dec 10, 2019 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Thanks! Haven't seen it yet. Will watch for it.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 12:03 pm May 4, 2026