Girl Geekette dotNet

I was thumbing through my website and checking the theme, working on come CSS when I happened to look at my logs. It seemed every time I clicked on a post to check some alignments of the theme, that there was another entry right under mine - from a different IP address. The 2nd time I noticed it, I figured that maybe it was a coincidence and someone happened to click on the post the same time I did. The third and fourth time it happened, I had to wonder. Below is a copy and paste from my logs. The 192 address is mine, but look at the log entries right below mine:

192.168.1.100 - - [17/Sep/2005:00:03:39 -0400] "GET /category/security/ HTTP/1.1" 200 8538
66.249.65.172 - - [17/Sep/2005:00:03:40 -0400] "GET /category/security/ HTTP/1.1" 200 8520
192.168.1.100 - - [17/Sep/2005:00:04:05 -0400] "GET /2005/09/06/hacking-to-learn-what-the-media-doest-tell-you/ HTTP/1.1" 200 11431
66.249.65.172 - - [17/Sep/2005:00:04:06 -0400] "GET /2005/09/06/hacking-to-learn-what-the-media-doest-tell-you/ HTTP/1.1" 200 11440
192.168.1.100 - - [17/Sep/2005:00:04:17 -0400] "GET /2005/09/06/comp-tias-securitycheet-sheet/ HTTP/1.1" 200 7178
66.249.65.172 - - [17/Sep/2005:00:04:18 -0400] "GET /2005/09/06/comp-tias-securitycheet-sheet/ HTTP/1.1" 200 7247
192.168.1.100 - - [17/Sep/2005:00:05:11 -0400] "GET /2005/09/05/wireless-networking-warchalking/ HTTP/1.1" 200 7950
66.249.65.172 - - [17/Sep/2005:00:05:12 -0400] "GET /2005/09/05/wireless-networking-warchalking/ HTTP/1.1" 200 7947
192.168.1.100 - - [17/Sep/2005:00:05:29 -0400] "GET /2005/09/05/wireless-networking-all-the-wars/ HTTP/1.1" 200 8180
66.249.65.172 - - [17/Sep/2005:00:05:30 -0400] "GET /2005/09/05/wireless-networking-all-the-wars/ HTTP/1.1" 200 8272
192.168.1.100 - - [17/Sep/2005:00:05:40 -0400] "GET /2005/09/04/wireless-networking-the-wifi-movie/ HTTP/1.1" 200 7207
66.249.65.172 - - [17/Sep/2005:00:05:41 -0400] "GET /2005/09/04/wireless-networking-the-wifi-movie/ HTTP/1.1" 200 7177
192.168.1.100 - - [17/Sep/2005:00:06:00 -0400] "GET /2005/09/03/wireless-networking-borrowing-an-internet-connection/ HTTP/1.1" 200 8244
66.249.65.172 - - [17/Sep/2005:00:06:01 -0400] "GET /2005/09/03/wireless-networking-borrowing-an-internet-connection/ HTTP/1.1" 200 8242

Someone? Something? Was mimicking my every move. By this time, I became extremely curious. I wondered who/what was mimicking my every move and how. I decided to do a whois on the IP address:

OrgName: Google Inc.
OrgID:
GOGL Address: 1600 Amphitheatre Parkway City: Mountain View
StateProv: CA
PostalCode: 94043 Country: US

NetRange: 66.249.64.0 - 66.249.95.255
CIDR: 66.249.64.0/19

NetName: GOOGLE
NetHandle: NET-66-249-64-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation

NameServer: NS1.GOOGLE.COM
NameServer: NS2.GOOGLE.COM

Comment:
RegDate: 2004-03-05
Updated: 2004-11-10
OrgTechHandle: ZG39-ARIN
OrgTechName: Google Inc.
OrgTechPhone: +1-650-318-0200
OrgTechEmail: arin-contact@google.com

# ARIN WHOIS database, last updated 2005-09-16 19:10 #
Enter ? for additional hints on searching ARIN’s WHOIS database.

The IP Address originates from Google! I saw that and decided to go back to the site and see how long this would go on. Strangely enough, this stopped right after I did a WHOIS on the IP address. Now, I have to wonder what IS going on. Why, and how.

Does anyone have any ideas / suggestions or similar experiences? The only thing I can think of is that someone at Google was monitoring every time an Google ad was displayed on the site and decided to "follow" along with every page at the same time. That would be a reasonable explanation. Maybe I should be asking Google what they are doing by following people like this. Do they do this to everyone that displays Google ads? Is there someone watching every page you go to?

——–

Strangely enough, after I posted this story, I went back and checked my logs again. It seems like not all pages are mimicked, but many are still being mimicked. Notice sometimes Google hit pages on its own (even twice in a row). Sometimes it hit the same ones I did, and sometimes it did not hit them at the same time I did.

192.168.1.100 - - [17/Sep/2005:00:28:43 -0400] "GET /2005/09/17/followed-by-google-privacy-and-security-issues/ HTTP/1.1" 200 7948
66.249.65.172 - - [17/Sep/2005:00:28:43 -0400] "GET /2005/09/17/followed-by-google-privacy-and-security-issues/ HTTP/1.1" 200 7957
66.249.65.172 - - [17/Sep/2005:00:28:44 -0400] "GET /2005/09/17/followed-by-google-privacy-and-security-issues/ HTTP/1.1" 200 7973
192.168.1.100 - - [17/Sep/2005:00:29:51 -0400] "GET /2005/09/17/followed-by-google-privacy-and-security-issues/ HTTP/1.1" 200 7933
66.249.65.172 - - [17/Sep/2005:00:29:52 -0400] "GET /2005/09/17/followed-by-google-privacy-and-security-issues/ HTTP/1.1" 200 7968
192.168.1.100 - - [17/Sep/2005:00:30:44 -0400] "GET /2005/09/16/ntfs-alternate-data-streams/ HTTP/1.1" 200 9206
192.168.1.100 - - [17/Sep/2005:00:30:51 -0400] "GET /2005/09/17/followed-by-google-privacy-and-security-issues/ HTTP/1.1" 200 7980
192.168.1.100 - - [17/Sep/2005:00:30:58 -0400] "GET /category/bios/ HTTP/1.1" 200 7648
66.249.65.172 - - [17/Sep/2005:00:30:59 -0400] "GET /category/bios/ HTTP/1.1" 200 7608
192.168.1.100 - - [17/Sep/2005:00:31:01 -0400] "GET /2005/08/20/bios-beep-codes-general/ HTTP/1.1" 200 7643
66.249.65.172 - - [17/Sep/2005:00:31:01 -0400] "GET /2005/08/20/bios-beep-codes-general/ HTTP/1.1" 200 7668
66.249.65.172 - - [17/Sep/2005:00:31:19 -0400] "GET /feed/ HTTP/1.1" 200 1686
66.249.65.172 - - [17/Sep/2005:00:31:20 -0400] "GET / HTTP/1.1" 200 8547
66.249.65.172 - - [17/Sep/2005:00:31:20 -0400] "GET / HTTP/1.1" 200 8547
192.168.1.100 - - [17/Sep/2005:00:33:52 -0400] "GET /category/networking/ HTTP/1.1" 200 8512
66.249.65.172 - - [17/Sep/2005:00:33:53 -0400] "GET /category/networking/ HTTP/1.1" 200 8465
192.168.1.100 - - [17/Sep/2005:00:34:07 -0400] "GET / HTTP/1.1" 200 8601
192.168.1.100 - - [17/Sep/2005:00:34:17 -0400] "GET /2005/09/17/followed-by-google-privacy-and-security-issues/ HTTP/1.1" 200 7944
66.249.65.172 - - [17/Sep/2005:00:34:18 -0400] "GET /2005/09/17/followed-by-google-privacy-and-security-issues/ HTTP/1.1" 200 7964
192.168.1.100 - - [17/Sep/2005:00:34:37 -0400] "GET /category/registry-tweaks/ HTTP/1.1" 200 8874
66.249.65.172 - - [17/Sep/2005:00:34:38 -0400] "GET /category/registry-tweaks/ HTTP/1.1" 200 8814
66.249.65.172 - - [17/Sep/2005:00:34:38 -0400] "GET /category/registry-tweaks/ HTTP/1.1" 200 8856
192.168.1.100 - - [17/Sep/2005:00:35:02 -0400] "GET /2005/08/24/windows-backup-and-restore-system-registry/ HTTP/1.1" 200 8666
66.249.65.172 - - [17/Sep/2005:00:35:02 -0400] "GET /2005/08/24/windows-backup-and-restore-system-registry/ HTTP/1.1" 200 8652
192.168.1.100 - - [17/Sep/2005:00:35:42 -0400] "GET /2005/08/24/windows-backup-and-restore-system-registry/ HTTP/1.1" 200 8613
192.168.1.100 - - [17/Sep/2005:00:35:43 -0400] "GET /valid-RSS.png HTTP/1.1" 304 -
192.168.1.100 - - [17/Sep/2005:00:35:43 -0400] "GET /valid-Atom.png HTTP/1.1" 304 -
192.168.1.100 - - [17/Sep/2005:00:35:43 -0400] "GET /images/topicslashdot.gif HTTP/1.1" 304
192.168.1.100 - - [17/Sep/2005:00:33:52 -0400] "GET /category/networking/ HTTP/1.1" 200 8512
66.249.65.172 - - [17/Sep/2005:00:33:53 -0400] "GET /category/networking/ HTTP/1.1" 200 8465
192.168.1.100 - - [17/Sep/2005:00:39:52 -0400] "GET /category/registry-tweaks/ HTTP/1.1" 200 8889
192.168.1.100 - - [17/Sep/2005:00:39:54 -0400] "GET /2005/08/24/windows-backup-and-restore-system-registry/ HTTP/1.1" 200 8605
192.168.1.100 - - [17/Sep/2005:00:39:58 -0400] "GET /2005/08/24/microsoft-outlook-setting-rules-in-outlook-to-reduce-spam/ HTTP/1.1" 200 8222
192.168.1.100 - - [17/Sep/2005:00:40:01 -0400] "GET /2005/08/24/microsoft-IE-40-loading-web-pages-faster/ HTTP/1.1" 200 8320
66.249.65.172 - - [17/Sep/2005:00:40:02 -0400] "GET /2005/08/24/microsoft-IE-40-loading-web-pages-faster/ HTTP/1.1" 200 8319
192.168.1.100 - - [17/Sep/2005:00:40:04 -0400] "GET /2005/08/24/gmail-invites-google-talk/ HTTP/1.1" 200 8109

Now, what I have to wonder is 2 things. I have a Google toolbar. Could that be playing into it? The other thing is, I am wondering if maybe it has something to do with 2 ads per page or 3. In the "rules" it says you can have up to 3 ads per page. Another thing I have noticed is that it will get the page itself, but not any graphics on that page. Images that are on a post that I have to download to my hardrive to view the page I am seeing, but I do not see them when Google loads them. Are they cached? Is Google just getting the actual page?

———- To be continued.

I am still seeing it in my logs, but now it is not doing it on every page I go to. I have not seen this before in my logs. Also, I do not see it mimic anyone else’s page movements. So, that would rule out the theory of it being the Google ads. Otherwise, anyone else who went to a page where there was a Google ad, it would do the same. So now, I am wondering about the Google tool bar. But, surely I am not the only person who has visited my site with a Google Tool Bar.

———-

I still have not had a chance to run any tests on this. But, with a little searching and guessing, I am thinking it maybe the Google Bar in IE. I will try to test this some later.