Looking through some recent logs I noticed an HTTP request for:

/key/ASWD56xxxCSA

In case that string somehow uniquely identifies me, I've obscured 3 numbers with xxx. But if others also are seeing this, and the sum of those 3 numbers is 11, then it's likely this is a generic string, but what it indicates I have no idea. Yandex and google have requested that file(?) a few dozen times in 2016-2017, a couple times in 2019, once in 2022 and one again last week. These are all HTTP requests (port 80). Not seen for HTTPS (port 443).

They all come from google and yandex IP's. The google IP's are the usual google-bot (66.249.64 - 79) with the usual UA but sometimes there's a referer in the request like //ie.57nnn.net/alexa/ie/index.asp (nnn = 3 diff. number sequence). The first 2 characters change (can be ie, kg, mt, w).

The 2 requests in 2019 were the last from google, the UA for those were:

Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)

The requests last year and last week were from yandex. The UA was:

Mozilla/5.0:(compatible;YandexBot/3.0;+http//yandex.com/bots)

Some of these google/yandex hits from 2016-17 happened within a few days of each other (does this raise a few eyebrows?). I was blocking yandex back in 2017 and prior, so it got a 403 from me. The last 2 they got a 404. Google always got a 404.

A web-search for the actual ASWD string does turn up results that seem to indicate that this key/file is legit (and static) and present on some sites. Any idea what it's for?

[edited by: not2easy at 2:44 am (utc) on Oct 29, 2023]
[edit reason] disabled smileys [/edit]