China's iaskspider evolution and related crawling

Here's the latest on this little bullshit bot iaskspider from China.

Previously it crawled from 2 d-blocks using a simple name:

219.142.118.56 "iaskspider"
219.142.118.57 "iaskspider"
219.142.78.60 "iaskspider"
219.142.78.85 "iaskspider"

Now it claims to be Internet Explorer:

219.142.118.66 - "Mozilla/5.0 (compatible; iaskspider/1.0; MSIE 6.0)"

And appears to be checking anonymously for spider traps or some shit:

219.142.118.75 - "GET /robots.txt HTTP/1.0" 200 146 "-" "-"
219.142.118.70 - "GET /robots.txt HTTP/1.0" 200 146 "-" "-"
219.142.118.69 - "GET /robots.txt HTTP/1.0" 200 146 "-" "-"
219.142.118.54 - "GET /robots.txt HTTP/1.0" 200 146 "-" "-"

Don't ask me, I only block them, no clue what the hell is going on.

EDI Edacious Bullshit and Yeti from Korea

Don't know much about this piece of shit crawling from Korea except it looks at robots.txt and operates from 2 d-blocks:

222.231.50.166 "EDI/1.2.0 (Edacious & Intelligent Web Crawler)"
222.231.50.161 "EDI/1.2.0 (Edacious & Intelligent Web Crawler)"
222.231.42.10 "EDI/1.2.0 (Edacious & Intelligent Web Crawler)"
222.231.42.14 "EDI/0.9.3 (Edacious & Intelligent Web Crawler)"

Something in the next d-block in this bad neighborhood:

222.231.21.62 "Yeti"
222.231.21.55 "Yeti"
222.231.21.122 "Yeti"
222.231.21.122 "Yeti"

Bullshit of a feather flocks together.

No Cookies for Decommissioned Junction

I've been dumping affiliate programs lately because of the abysmal rate of cookie tracking and ever decreasing affiliate income vs. the PPC steady income rate.

This isn't terribly accurate as my script doesn't know if a cookie was accepted until the second page view. However, out of 3489 visitors in a sample I just took, that looked at 2 or more pages, the cookies were disabled by 22% of the returning visitors.

5926 Visitors
3489 Visitors > 1 Page View
2710 Cookies Enabled
779 Cookies Rejected

It doesn't take a rocket scientist to figure out that 22% of disabled cookies make affiliate programs relatively unattractive as almost 1/4 of the returning visitors wouldn't give me credit for anything they buy.

Out of the total visitors it's only 13%, but we don't know how many of the 2437 visitors that only viewed a single page had cookies enabled, but my suspicion is it's closer to 20%.

Taking into account that these numbers are POST bot filtering, so all of the bots that were blocked or banned didn't get included, this leads to two possible conclusions:

1) a lot more people aren't accepting cookies than previously thought or
2) there's a lot more low impact stealth bot activity than even I suspected.

Which is the right answer?

I'm sure the truth lies somewhere in the middle.

Telemarketing SEO Assholes

I was sitting here minding my own business today and the phone rang.

Normally, I would let "UNKNOWN CALLER" roll to voicemail but today I lost my mind and answered the damn phone.

ME: "Hello?"

SLIMEBALL: "Hi, do you own domain XYZ.COM?"

ME: "Um, yes I do, why do you ask?"

SLIMEBALL: "We have been looking at XYZ.COM and it's a strong website but doesn't have very good presence in the search engines and we'd like to offer our help."

About now the hair stands up on the back of my neck...

ME: "Excuse me? I rank very well in search engines and have a ton of top 10 longtail keywords"

This alone should be a tip that I know something about this shit...

SLIMEBALL: "Well, our research report shows you're lacking in many major keywords and we could help..."

ME: "Are you out of your mind? I get 500,000 visitors a month, how in the hell is that lacking?"

SLIMEBALL: "Um, well, we don't show you on the main..."

>CLICK!<

I just didn't have the heart to start yelling and screaming profanity at this slimeball as it was just too early in the morning.

My suspicion is they would probably sink my site so low in the SE's that I'd have to get a real job as my days of webmaster welfare would be over.

Fuck it, I'll stick with my "lacking listings" thank you very much.

Kudos on the Google Dance, Stellar AdSense Support, and my Google Gift

Sometimes we complain about AdSense support being slow and unresponsive but I have to give kudos on a same day response yesterday, and that was in the midst of Google preparing for the Google Dance party.

Now the Google Dance party was off the hook, the band kicked ass, it was rock'n baby!

Enjoyed the various snacks, they were free and I never complain about free food.

The only thing I didn't try which looked good were the Pavlov's Dogs as I was snacked out and needed to save room for beer.

Google gets more love from me as their beer selections this year were far superior to last year, less cat piss and more beer for real beer drinkers. Last year I had to literally scour the place to find one lone tap with something that wasn't clear yellow cat piss that was tucked inside a building but this year the good beer was everywhere.

Just in case you haven't figured it out, I'm in love with Google at the moment,

I still use all the Google gifts I got last Christmas as the Google wireless mouse and USB expansion port are permanent fixtures on my laptop.

Last week when I went to get a new set of business cards printed I used my Google memory stick/keychain to take them to Kinkos and get them printed and cut while I waited, that was way cool too, no floppies, nothing.

My wife was poking fun at me and my giddy behavior with the memory stick "Have you never encountered technology before? Is this your first time?". Well, technically it was my first time handing someone my keychain to get something printed opposed to original copies or a floppy disk, just struck me as being cool.

I felt like Jack Bauer from 24 running into Kinkos:

"Quick Chloe, download the encrypted data off this chip that was just recovered in a covert sting and use our blowfish decryption algorithms to extract these business cards..."

Ah well, been there, done that, now it's old hat.

Besides, who can say anything bad about Google?

They give me free money every month, they give me free web traffic, they give me free gifts and then invite me into their building and give me free food, booze and entertainment.

It's almost like being a rich kid living off the family AdSense trust fund ;)

The only complaint I had about last nights Google Dance party is my feet hurt like hell by the time it was over!

Wait, I almost forgot, they were giving away t-shirts but the sizes were limited to LARGE, SMALL and WOMEN's. C'mon Google, did you take a serious look at how many 2X and 3X people you had waddling around the 'Plex last night?

What in the heck would I do with a LARGE t-shirt, dust my house with it?

Other than that one minor glitch, good job Google, loved it!

SCRAPER BUSTED #9 - Umax is baaaack

This is déjà vu day in the scraper busting dept. as Umax is back with a new virulent website.

BTW, if you want to read some funny misguided shit, this guy wants people to boycott the UMAX the scanner company because of something unrelated, like this spamming virus site maker that's the topic of this post.

What a screwball, sheesh.

WARNING - DO NOT GO TO THIS SITE!

IT WILL ATTEMPT TO INFECT YOUR PC WITH AN EXPLOIT!

Remember, I'm a trained professional, so don't try this site at home as this is some nasty shit.

However, if you're stupid enough [and most of you are] to attempt to access this site then use some goddamn common sense and disable your javascript and maybe java in your browser first or you might end up in a world of hurt.

For those of you real dumb fuckers, I mean the dumb as a pet rock variety, you'll get Trojan.ByteVerify installed on your machine if you visit these sites [see list at bottom] without proper precaution so don't blame me as YOU HAVE BEEN WARNED!

Crawler Info:

IP Address: 209.172.60.19 [ip-209-172-60-19.reverse.privatedns.com]
User Agent: lwp-trivial/1.41

Site info:

umax-ppc.net (66.199.247.42)

This is on the same server and host as the last reported site, but just in case you're too fucking lazy to click the link about and look it up for yourself it's repeated below.

Not sure this is even real information about this asshole, as other registrations say Russia, there's a shock, but they all seem to have FREEYAHO LLC in common.

American asshole information:

Registrant:
Sid Wongvorakul
979 Rutland Dr
Memphis, Tennessee 78243
United States

Registered through: FREEYAHO LLC.
Domain Name: UMAX-PPC.NET
Created on: 15-Dec-04
Expires on: 15-Dec-07
Last Updated on: 12-Jul-06

Administrative Contact:
Wongvorakul, Sid sidfeehit@yahoo.com
979 Rutland Dr
Memphis, Tennessee 78243
United States


Technical Contact:
Wongvorakul, Sid sidfeehit@yahoo.com
979 Rutland Dr
Memphis, Tennessee 78243
United States


Domain servers in listed order:
NS1.NEED-SITE.COM
NS2.NEED-SITE.COM

Russian asshole information:

Domain Name: SEHUNTRESS.BIZ
Domain ID: D10559406-BIZ
Sponsoring Registrar: WILD WEST DOMAINS, INC.
Sponsoring Registrar IANA ID: 440
Domain Status: clientDeleteProhibited
Domain Status: clientRenewProhibited
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Registrant ID: GODA-013273608
Registrant Name: DMITRIY SOLDATENKO
Registrant Organization: Freeyaho LLC.
Registrant Address1: a-n 262
Registrant City: Ulan-Ude
Registrant State/Province: Ru
Registrant Postal Code: 670042
Registrant Country: Russian Federation
Registrant Country Code: RU
Registrant Phone Number: +790.25651263
Registrant Email: soldde@mail.ru

Host information:

OrgName: EZZI.NET
OrgID: EZZIN
Address: AccessIT - Hosting Services
Address: 75 Broad Street, Suite 1902
City: New York
StateProv: NY
PostalCode: 10004
Country: US

ReferralServer: rwhois://rwhois.s2.ezzi.net:4321

NetRange: 66.199.224.0 - 66.199.255.255

The rest of this prolific virus spamming assholes domains hosted on the same box:

1day.us
adsadult.com
adscom.us
adsname.com
alprazolam-xanax.com
art-xxx.com
baikal-guide.com
baikal-hotel.com
baikal-hotel.info
baikal-hotel.net
baikal-info.com
baikal-shop.com
baikal-tour.biz
baikal-travel.info
baikalguide.com
baikalhotel.com
baikalhotel.info
baikalhotel.net
baikalshop.info
baikalsk.com
baikalsk.info
baikalsk.net
bbsporn.com
board-online.com
board-online.net
dimattic.com
dsdomain.com
forum-online.biz
free-hit.com
free-virgin-pic.com
freeyaho.com
hotel-baikal.com
hotel-baikal.info
hotel-shop.info
hotelbaikal.com
hotelbaikal.info
hotelbaikal.net
info-baikal.com
lake-baikal.info
lakebaikal.info
need-site.com
nude-teacher.com
online-info.info
payday-loan-top.com
pharmacy-affiliate-program.com
popular-screen-savers.com
porn-samples.com
porn-teacher.com
porn-teen-pic.com
porno-sample.com
ppc-se.biz
ppc-se.com
ppc-se.info
ppc-se.net
qoclick.com
qoclick.net
reseller-porn.com
sampleclip.net
sehuntress.biz
sehuntress.com
sehuntress.info
sehuntress.net
seohuntress.com
sex--free.com
sex--x.com
sexy-teacher.net
showavailable.com
solo-teens.com
specific911.biz
specific911.com
specific911.info
specific911.net
specific911.org
top-10-shop.com
top-new-affiliate-programs.com
umax-forum.com
umax-ppc.com
umax-ppc.net
umax-se.biz
umax-se.com
umax-se.info
umax-se.net
umax-se.org
umax-search-ppc-se-board.com
umax-search-ppc-se.com
umax-search-ppc.com
umax-search-se.com
umax-search-search-engine.com
umax-search.biz
umax-search.com
umax-search.info
umax-search.net
umax.org
umaxforum-umax-forum.com
umaxppc.com
umaxppc.net
umaxppcsearch.com
umaxse.biz
umaxse.com
umaxse.info
umaxse.net
umaxse.org
umaxsearch-ppc-se.com
umaxsearch-ppc.com
umaxsearch-se.com
umaxsearch-search-engine.com
virgin-sexy.com
webmasterdiscuss.com
weekly-pay-ppc-se.com
weekly-pay.com
weekly-teens.com
work-at-home-top.com
xanax-shop.info
yula.us
arshan.info

If you think I have a bad attitude in this post, you're very perceptive, as this fucker really pisses me off more than the usual garden variety scraper and hosting companies that allow this shit on their premises make my blood boil.

I'm trying to resist calling the whole lot of them a bunch of cocksucking assholes, but I think I'm losing that battle..

SCRAPER BUSTED #8 - Categorico Strikes Again from Canada

This is the same bunch of fucknuts I busted previously as Vipse Corp and Categorico with a new twist as this domain is ShopNews.com and claims to be registered to some fucker in Canada, not Italy, but the same Adsense account: "Advertise on www.categorico.com".

Scraping data:

IP Address: 66.240.172.2 [www130.mediaserve.net.]
User Agent: InetURL/1.0

Site data:

shopsnews.com (66.240.172.29)

Domain Name: SHOPSNEWS.COM
Registrant:
Logan Vernissa
306, 809-890 Crowfoot Cres.
Calgary, Alberta T7G 7T4
CA
507-454-0941
Fax:101-787-4348

The scraping and server are from the same d-block hosted here:

OrgName: Broadspire Inc.
OrgID: BRSP
Address: 10200 Sepulveda Blvd. Suite 160
City: Mission Hills
StateProv: CA
PostalCode: 91345
Country: US

NetRange: 66.240.128.0 - 66.240.191.255

You know what to do, block these fuckers and cut them off at the knees.

Robot MKDB From Oxford

No clue what the fuck this is but the reverse DNS suggests that this shit escaped from an Oxford computer science lab.

129.67.94.182 [marina.robots.ox.ac.uk.] requested 1 pages as "mkdb"

Didn't ask for robots.txt whatever it was.

Blah

Yahoo-Test/4.0 fails pop quiz

It wasn't Slurp so they got a error message, test failed, sorry Yahoo!

216.145.49.15 - "GET /robots.txt HTTP/1.0" 200 146 "-" "Yahoo-Test/4.0"
216.145.49.15 - "GET / HTTP/1.0" 200 1173 "-" "Yahoo-Test/4.0"

Study harder next time.

Adsense Scraper with CACHE pages

In a new twist, here's a scraper with CACHE pages pretending he's Google.

Easy target for a flood of DMCA notices...

IP: 66.246.252.172
User Agent: ""

Here's the fuckhead's information:

Registrant:
Dragulescu Radu
Victoriei, bl.7,
sc. D, ap. 3
Timisoara, Timis 01900
Romania

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: PHOTOIDEAS.NET
Created on: 18-Dec-05
Expires on: 18-Dec-07
Last Updated on: 01-Aug-06

Administrative Contact:
Radu, Dragulescu office@2x.ro
Victoriei, bl.7,
sc. D, ap. 3
Timisoara, Timis 01900
Romania
40726367488

Technical Contact:
Radu, Dragulescu office@2x.ro
Victoriei, bl.7,
sc. D, ap. 3
Timisoara, Timis 01900
Romania
40726367488

Domain servers in listed order:
NS1-FRANKLIN.NSWEBHOST.COM
NS2-FRANKLIN.NSWEBHOST.COM

The hosting appears to be thru nac.net:

OrgName: Net Access Corporation
OrgID: NAC
City: Parsippany
StateProv: NJ
PostalCode: 07054
Country: US

I think they're gonna get a letter about this asshole...

Inhoster Blog Spam Haven Servers Blocked

Inhosting is just filthy with blog spammers which is bizarre as usually I find a mix of activity on dedicated servers but this place seems to be overflowing with nothing but spammers and just one scraper, Snoopy.

I'm positive they are all spammers as every IP address listed below, except Snoopy, ONLY accessed my post form on a specific server, nothing else.

They host some of the usual garden variety bullshit spammers and Snoopy the scraper:

85.255.116.178 "Snoopy v1.2" "/"
85.255.117.218 "PussyCat 1.0, Murzillo compatible"
85.255.117.222 "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4"
85.255.117.226 ""
85.255.118.106 "PussyCat 1.0, Murzillo compatible"
85.255.118.114 "PussyCat 1.0, Murzillo compatible"

Then they have a few of the amazing changing user agent spammers from this IP sorted by user agent for your viewing pleasure:

85.255.117.250 "Mozilla/4.0 (compatible; MSIE 4.0; MSN 2.6; Windows 95; Gateway2000)"
85.255.117.250 "Mozilla/4.0 (compatible; MSIE 4.0; Windows 95)"
85.255.117.250 "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)"
85.255.117.250 "Mozilla/4.0 (compatible; MSIE 5.01; Windows 95)"
85.255.117.250 "Mozilla/4.0 (compatible; MSIE 5.01; Windows 95; USA On-Site)"
85.255.117.250 "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)"
85.255.117.250 "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98; 981)"
85.255.117.250 "Mozilla/4.0 (compatible; MSIE 5.01; Windows 98; QXW0332q)"
85.255.117.250 "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
85.255.117.250 "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; DT)"
85.255.117.250 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
85.255.117.250 "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.9) Gecko/20020311"
85.255.117.250 "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc1) Gecko/20020417"
85.255.117.250 "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc2) Gecko/20020510"
85.255.117.250 "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc3) Gecko/20020523"
85.255.117.250 "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1a) Gecko/20020611"
85.255.117.250 "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.1b) Gecko/20020721"
85.255.117.250 "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.2a) Gecko/20020910"
85.255.117.250 "Opera/6.01 (Windows 98; U) [en]"
85.255.117.250 "Opera/6.04 (Windows 2000; U) [en]"
85.255.117.250 "Opera/6.04 (Windows 98; U) [en]"
85.255.117.250 "Opera/6.04 (Windows XP; U) [en]"
85.255.117.250 "Opera/7.0 (Windows 2000; U) [en]"
85.255.117.250 "Opera/7.0 (Windows NT 5.0; U) [en]"
85.255.117.250 "Opera/7.02 Bork-edition (Windows NT 5.0; U) [en]"

Another of the same rotating user agent shit on a different IP

85.255.117.251 "Mozilla/4.0 (compatible; MSIE 5.01; Windows 95; USA On-Site)"
85.255.117.251 "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
85.255.117.251 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"
85.255.117.251 "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.7) Gecko/20011221"
85.255.117.251 "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530"
85.255.117.251 "Opera/7.02 Bork-edition (Windows NT 5.0; U) [en]"

And YET another that didn't hit as often

85.255.117.253 "Mozilla/4.0 (compatible; MSIE 4.0; MSN 2.6; Windows 95; Gateway2000)"
85.255.117.253 "Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.7) Gecko/20011221"
85.255.117.253 "Opera/6.04 (Windows 2000; U) [en]"

For the grand finale, a D-block of Firefox Linux spammers:

85.255.118.82 "Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3"
85.255.118.83 "Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3"
85.255.118.84 "Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3"
85.255.118.85 "Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3"
85.255.118.86 "Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3"
85.255.118.130 "Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3"
85.255.118.132 "Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3"
85.255.118.133 "Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3"
85.255.118.134 "Mozilla/5.0 (X11; U; Linux i686; ru; rv:1.8.0.3) Gecko/20060425 SUSE/1.5.0.3-7 Firefox/1.5.0.3"

Block block block block...

Here's the range of troublemaker IPs to block

netname: INHOSTER
inetnum: 85.255.112.0 - 85.255.127.255

They also have this range but I don't have any activity that has been tracked from here:

netname: INHOSTER
netnum: 195.95.218.0 - 195.95.219.255

Enjoy the silence with the fucking spammers gone.

Taiwan Scraping from C and D-Blocks

Didn't check the archive file to see if this was more widespread because as this was a single instance today of a coordinated scrape attempt from multiple IPs at the same time.

The D-block scraping attempt from "61.66.36" was nothing new as small blocks of scraping IPs turn up all the time.

However, the C-block scraping from "218.162." at the same has implications as this normally would've been harder to identify in small 1-4 page bursts.

The scraping C-block:

61.66.36.185 [adsl-61-66-36-185.TC.sparqnet.net.] requested 2 pages as "Mozilla/4.0 (compatible ; MSIE 6.0; Windows NT 5.1)"
61.66.36.186 [adsl-61-66-36-186.TC.sparqnet.net.] requested 3 pages as "Mozilla/4.0 (compatible ; MSIE 6.0; Windows NT 5.1)"
61.66.36.187 [adsl-61-66-36-187.TC.sparqnet.net.] requested 3 pages as "Mozilla/4.0 (compatible ; MSIE 6.0; Windows NT 5.1)"

The scraping D-block:

218.162.169.65 [218-162-169-65.dynamic.hinet.net.] requested 1 pages as "Mozilla/4.0 (compatible ; MSIE 6.0; Windows NT 5.1)"
218.162.170.209 [218-162-170-209.dynamic.hinet.net.] requested 3 pages as "Mozilla/4.0 (compatible ; MSIE 6.0; Windows NT 5.1)"
218.162.172.171 [218-162-172-171.dynamic.hinet.net.] requested 4 pages as "Mozilla/4.0 (compatible ; MSIE 6.0; Windows NT 5.1)"
218.162.175.60 [218-162-175-60.dynamic.hinet.net.] requested 3 pages as "Mozilla/4.0 (compatible ; MSIE 6.0; Windows NT 5.1)"
218.162.179.74 [218-162-179-74.dynamic.hinet.net.] requested 1 pages as "Mozilla/4.0 (compatible ; MSIE 6.0; Windows NT 5.1)"

Looks like they're getting smarter and your average webmaster will never spot this kind of activity.

Time to block Taiwan entirely?

SES San Jose 7-10 2006

Anyone I know going to be there this week?

I'm heading down to the speakers party tonight (oops, did I let out a surprise) so if anyone I know is there tonight maybe we'll pound a brew or two together.

Bet you can't figure out which session I'll be speaking at...

Google Crawls Thru Yahoo Japan

This odd Google crawling thru Yahoo Japan occurrence must be via some sort of proxy or translation server, no clue, but this shit is weird.

211.14.9.244 requested 2 pages as "Mediapartners-Google/2.1"

211.14.9.240/28
YAHOO-NET
Yahoo Japan Corp.

Makes you scratch your head doesn't it?

Perhaps you have lice or dandruff, stay away from me...