207.253.45.194 -> [netvention.com...]
These are also active via http:
207.253.45.195
207.253.45.196
207.253.45.197
207.253.45.198

If you do a tracerout on any of the above IPs or 207.253.45.203 they all fallow the same pattern. It looks like that is their bot's IP.
It's a B2B engine.

I've had the same UA hit my sites from Washington State U. In my case it seems that someone in their Comp. Sci. Dept. was doing a class project out of one of their labs.

There must be some sort of Java-based program out there that all these people are using. I have yet to find which one it is.

Believe it or not I have also seen a few Altavista spiders with this same UA as well. It was just a temporary thing but they have used it.

That was what was irritating me. I recalled some university using it, but not which. It was that or a research institution like IBM. Washington U, hu? Do you happen to know if they have posted about their project before I go digging around their pages?

Last time I got one of their spiders, it was libwww/version#. Now it's this java thing. Makes one wonder if they are really doing something, or just experimenting with different types of technology.

Luckily the DNS had computer_science division or something. I didn't mind them grabbing the stuff if it was for some research but after time I was getting sick of them eating up bandwidth. I just went to their CS Dept. page on their site and asked the Head Techie if they were doing some sort of research.

He told me it was coming out of a lab classroom and that he would look into it. After he replied it stopped for a few days and then started back up again. It was like clockwork, everyday from 1-3 p.m. So, remembering my old college days, I assumed it was some student using their high-speed connection to grab a bunch of stuff. If it was a researcher I imagine that they would dedicate a computer and let it run day and night. But who knows.

Since it was comming out of a CS I lab, I just went ahead and banned their IP.

>>Last time I got one of their spiders, it was libwww/version#. Now it's this java thing. Makes one wonder if they are really doing something, or just experimenting with different types of technology.

Could be in my case. That's probably how the guys that made Google started out.

I don't think there is anything to worry about unless they are grabbing a lot of pages like a bot and where they are coming from seems suspicious. It is probably some open source page downloading tool/web browser out there that spits out this UA when it's used.

If there are any Java2 SDK developers or Java platform user out there I'm sure they can give us a better insight

Java 1.3.0 is the default useragent that the java runtime uses for URLConnections, it could be anything from a browser or spider to a horribly failed class project. It's probably not a professional anything though or at least at this point it's far from it otherwise they would have set a UA of some kind.

>>horribly failed class project.

I hope it failed, they deserved it in my view.

Thanks Dan.

On April 17, I had a bot with a user agent of
Java1.1.8 coming from cache2.gw.utexas.edu that
was trying a new GET at a rate of 13 times per
second. I detected them on the fly and cut them
off from my cgi-bin, but they went on to suck up
a couple hundered static pages.

I complained to abuse@utexas.edu and sent them
the zipped log, but never got an answer.