blog.layer2.org :: Who the heck is 142.166.3.122 and 142.166.3.123 (radianrss-1.0)?

{ 2007 10 15 }

Who the heck is 142.166.3.122 and 142.166.3.123 (radianrss-1.0)?

I’ve been perusing through my logs lately and found the user agent “radianrss-1.0″ numerous times. I’d never heard of this program (maybe an RSS reader?), so I did a google search. The only commentary I found was this post speculating that 142.166.3.123 was possibly involved in the compromise of katester.net.

Interestingly enough, the rest of the search results are the traffic statistics pages of various Wordpress blogs around the Internet. There doesn’t seem to be a clear answer for what “radianrss” is, or why 142.166.3.122-123 is constantly indexing all of my blog posts.

[evian]$ grep "142.166.3.123" access.log
142.166.3.123 - - [15/Oct/2007:01:02:23 -0700] "GET /2007/10/14/if-youre-not-already-start-using-dd-wrt/ HTTP/1.1" 200 14022 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:01:52:14 -0700] "GET /feed/atom/ HTTP/1.1" 200 36826 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:03:36:42 -0700] "GET /feed/atom/ HTTP/1.1" 200 36826 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:04:02:18 -0700] "GET /2007/10/14/if-youre-not-already-start-using-dd-wrt/ HTTP/1.1" 200 14023 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:06:23:53 -0700] "GET /2007/10/06/the-new-ubuntu-is-coming-already/ HTTP/1.1" 200 10915 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:07:00:07 -0700] "GET /2007/10/07/apt-get-does-have-an-option-for-automatic-security-updates/ HTTP/1.1" 200 12223 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:07:01:49 -0700] "GET /2007/10/14/if-youre-not-already-start-using-dd-wrt/ HTTP/1.1" 200 14023 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:07:57:22 -0700] "GET /2007/10/08/use-mozilla-firefox-under-wine-to-reach-those-windows-only-sites/ HTTP/1.1" 200 13046 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:09:06:34 -0700] "GET /2007/10/12/rails-ruby-scriptconsole-has-tab-completion/ HTTP/1.1" 200 16010 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:09:17:26 -0700] "GET /feed/atom/ HTTP/1.1" 200 13032 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:09:27:21 -0700] "GET /feed/atom/ HTTP/1.1" 200 36826 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:10:02:07 -0700] "GET /2007/10/14/if-youre-not-already-start-using-dd-wrt/ HTTP/1.1" 200 14022 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:10:17:18 -0700] "GET /2007/10/14/slow-ssh-logins-in-ubuntu-feisty-704/ HTTP/1.1" 200 12895 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:12:46:43 -0700] "GET /2007/10/13/use-ps2pdf-to-create-pdfs-from-any-linux-application/ HTTP/1.1" 200 11739 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:13:01:23 -0700] "GET /2007/10/14/if-youre-not-already-start-using-dd-wrt/ HTTP/1.1" 200 14022 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:13:03:56 -0700] "GET /2007/10/14/slow-ssh-logins-in-ubuntu-feisty-704/ HTTP/1.1" 200 12882 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:14:32:48 -0700] "GET /feed/atom/ HTTP/1.1" 200 36826 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:15:08:14 -0700] "GET /feed/atom/ HTTP/1.1" 200 36825 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:15:08:21 -0700] "GET /2007/10/14/slow-ssh-logins-in-ubuntu-feisty-704/ HTTP/1.1" 200 12894 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:15:08:26 -0700] "GET /2007/10/14/if-youre-not-already-start-using-dd-wrt/ HTTP/1.1" 200 14014 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:16:01:29 -0700] "GET /2007/10/14/if-youre-not-already-start-using-dd-wrt/ HTTP/1.1" 200 14023 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:16:03:03 -0700] "GET /2007/10/14/slow-ssh-logins-in-ubuntu-feisty-704/ HTTP/1.1" 200 12882 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:18:29:20 -0700] "GET /2007/10/14/slow-ssh-logins-in-ubuntu-feisty-704/ HTTP/1.1" 200 12901 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:18:29:21 -0700] "GET /2007/10/14/if-youre-not-already-start-using-dd-wrt/ HTTP/1.1" 200 14008 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:18:47:46 -0700] "GET /feed/atom/ HTTP/1.1" 200 36826 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:19:01:27 -0700] "GET /2007/10/14/if-youre-not-already-start-using-dd-wrt/ HTTP/1.1" 200 14028 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:19:02:41 -0700] "GET /2007/10/14/slow-ssh-logins-in-ubuntu-feisty-704/ HTTP/1.1" 200 12896 "-" "radianrss-1.0"
142.166.3.123 - - [15/Oct/2007:19:49:08 -0700] "GET /feed/atom/ HTTP/1.1" 200 36818 "-" "radianrss-1.0"

This is traffic just from today - less than 24 hours! Looking back a little further I also found

142.166.3.123 - - [14/Oct/2007:17:35:13 -0700] "GET /2007/10/14/slow-ssh-logins-in-ubuntu-feisty-704 HTTP/1.1" 200 450 "-" "Java/1.5.0_11"

which has decided to use Java 1.5 as its user agent string.

I’m curious to know why this IP address is retrieving all of my (and others’) Wordpress blog(s), and why so frequently. Its not like the page has changed between each retrieval. Have you found this IP address in your logs, the “radianrss-1.0″ user agent string, or anything else of interest?

{ 13 }

Comments

Maria | 21-Oct-07 at 7:36 am | Permalink

Yes, I have seen that, however, it only appears in one blog for the moment, which is odd considering it shows up on the a small blog, one that isn’t the main. I tried to IP block it, but I see that it’s found its way back under a different IP.
solipsistic | 21-Oct-07 at 5:27 pm | Permalink

I updated the post to reflect the new retrieving by IP address 142.166.3.122.
hackd » what is radianrss? | 06-Nov-07 at 4:22 pm | Permalink

[...] lot of people seem to be wondering who exactly is behind the radianrss identifier that some of us have been [...]
Ahamed Bauani | 10-Nov-07 at 5:27 am | Permalink

Hi, Yes, they are coming to my blog from 142.166.3.122 From My Log:

142.166.3.122 - - [10/Nov/2007:00:25:16 -0800] “GET /articles/2007/11/red-hat-expands-linux-server-partners.html HTTP/1.1″ 200 5214 “-” “radianrss-1.0″
142.166.3.122 - - [10/Nov/2007:00:25:17 -0800] “GET /articles/2007/11/low-cost-pc-server-device-for-google.html HTTP/1.1″ 200 4388 “-” “radianrss-1.0″
142.166.3.122 - - [10/Nov/2007:00:25:19 -0800] “GET /articles/2007/11/skype-releases-20-for-linux-with-video.html HTTP/1.1″ 200 5231 “-” “radianrss-1.0″
142.166.3.122 - - [10/Nov/2007:00:25:19 -0800] “GET /articles/2007/11/gobuntu-truly-free-linux-distro-or-free.html HTTP/1.1″ 200 5019 “-” “radianrss-1.0″

Can Anyone tell me exactly what is going one from this network? This IP address is belong to: Stentor National Integrated Communications Network

http://www.bdnic.net/whois/index.php?domain=142.166.3.122

They are using FULL 142.166. IP Block!

With Thanks
Ahamed Bauani
http://www.bauani.org/
solipsistic | 11-Nov-07 at 10:24 pm | Permalink

Ahamed, I think the post in comment #3 provides a pretty good answer (http://hackd.net/2007/11/05/what-is-radianrss/). Visit http://www.radian6.com for information about the company.

The only thing I can say is that they should definitely optimize their algorithm to primarily use sitemaps/rss feeds. Pulling the full content for each blog post 3-4 per day is not efficient when doing that on thousands of blogs….
solipsistic | 11-Nov-07 at 10:27 pm | Permalink

Oh, and funny enough, they also have a blog - http://www.radian6.com/blog/ . I wonder who is indexing that one?
¿Qué es RadianRSS? | 08-Dec-07 at 11:28 am | Permalink

[...] Blog - Layer2 [...]
SticKer | 14-Mar-08 at 12:58 pm | Permalink

They are all over my site. On my blog, forum everywhere. And today i saw them visiting every few hours.

I wonder if they found something interesting on my site.

SticKer

Webicy.com
kelly | 14-Mar-08 at 8:08 pm | Permalink

I have seen them on my site too and I’ve been wondering what the heck they want I just did a google search and found this post. I found this a few months back and I think it might be helpful: http://cleverhack.com/2007/12/16/radian6-monitors-you/

*************

Radian6 monitors you!
Posted by joy

New crawler in my logs from an outfit called Radian6. From the Web site, they look to be a social media monitoring service for the Google Alerts challenged, I guess much in the same way as those other pre-existing social media monitoring services.

Host: 142.166.3.125
*
/feed/
Http Code: 200 Date: Dec 16 16:52:32 Http Version: HTTP/1.1 Size in Bytes: 7365
Referer: -
Agent: R6FeedFetcher(www.radian6.com/crawler)

**************
kelly | 14-Mar-08 at 8:13 pm | Permalink

To my believes its google that uses it to determine how relevant your site/blog it for maybe adsense

do u all have adsense? then that might be a clue.

here is their site: http://www.radian6.com/
ben | 07-Apr-08 at 11:48 am | Permalink

seems to me from what ive read on here and other pages its a blog crawling bot whos intention it is to track what people have been saying on certain products.

it only started checking my feed after i posted something about apple macintosh. the things damn annoying and i assume using up bandwith (how much i dont know but they dont half check alot!) so ive banned them.

stick “Deny from 142.66.0.0/16″ in your .htaccess file and it’ll ban them from your web page. seems to me there making a living off the opinions placed in our blogs and i dont want to be part of that commercial machine
Reputacion Online: ¿Tiene la reputación online problemas éticos? | Collabtopia | 20-Sep-08 at 6:11 am | Permalink

[...] es una pregunta que me vino a la cabeza al ver posts como el de Techtear (que citan a Blog Layer2 y HackD) y Telepieza. En todos estos blogs tratan de descubrir qué es ese robot o spider que [...]
Al McGregor | 14-Nov-08 at 1:02 pm | Permalink

142.166.3.123 - Is this site down as far as you know I have been hacked and this address has shown up at a web site that I have gone to. I kind of thought a certain person did this hack to my machine, however they posted this ip on there site. Is this possible? If so what do you think I should do at this point.

Thanks

blog.layer2.org

Who the heck is 142.166.3.122 and 142.166.3.123 (radianrss-1.0)?

{ 13 }

Comments

Post a Comment

Home

Categories

Search