Inktomi corporation showing in Google Analytics reports

Filed under: News | 15 Comments

Have you noticed a large amount of direct traffic from Inktomi Corporation in your Google Analytics reports? In my case the traffic was all coming from Bethesda, Maryland though I have read reports with the same issue form different cities. The visits are all direct and are one page per visit (or very close to it). The browser is “Mozilla Compatible Agent” and it is version 5.0. I have thousands of these visits (see screenshot below).

What is this? Well it appears this is the Yahoo! bot executing the Google Analytics Javascript and Google is not filtering it out correctly. Inktomi was a search engine data provider back in the day, but Yahoo! scooped them up back during the 2000 dot com bubble.

Until Google fixes their filters, the best way to get rid of them is to make an Advanced Segment that excludes the provider “inktomi.com” and the browser “Mozilla Compatible Agent. You could also do this in a Filter, but using an Advanced Segment makes sure you’re not throwing anything away and it’s likely Google will fix this in the near future anyway. Here’s what my Advanced Segment looks like:

Read the latest posts

15 Responses to “Inktomi corporation showing in Google Analytics reports”

  1. Patrick says:

    Hi,

    I am also seeing this in the GA of my website too. It started happening in July 1st. Wonder if it’s confirmed (or not) whether it’s a bug in GA?

    Rgds,
    Patrick

    • JG says:

      It’s a little bit of both I believe. The bot in question is not correctly providing its UserAgent and is apparently executing Javascript, but Google Analytics should be able to figure this out and filter it. It might be a ploy to detect cloaking, but whatever the reason it should be filtered out along with other bot traffic.

    • Tom Olson says:

      I believe this problem comes straight from an organization, with criminal intent from two sources.
      One belongs to http://www.annangelxxx.com aka Cynthia Riveria and her co-conspirator Catalin Radu located @ 823 Rossville Ave., in Staten Island, N.Y. They are in partnership w/ a individual named Mark Prince, CEO of 2much.com, Live Cam Networks. She (AnnAngel) uses this site as a forum to scam victims. She uses Yahoo always as the email source which is traced back to Sunnyvale, CA. even though she insists she is in Ghana, Africa. They are also associated with My free cams and Jasmine. This is no small operation and scan the network looking for victims to scam. Mark Prince operates out of Canada and both these folks are tech savvy evil. Be careful.

    • Tom Olson says:

      I am also convinced they have someone working with them as a co-operative working within Microsoft located in there corporate office in Washington. They have been doing their criminal activity for 13+ years now & no one has taken them serious….FBI, FTC, Postal Svc, W3C. Its a shame. But I continue to learn more about this wicked deceitful practice.

    • kingscairn says:

      Peer Block 1.0+(r484) – Beta Release; it’s the old Peer Guardian P to P (using since Bear ShareLimewire etc etc days but havn’t dwnld’d tunes in years)..
      ‘ Blocking http’
      Range =Inktomi Corporation
      Source = 10.0.0.3:49177
      Destination = (private)
      Protocol = TCP
      Action = blocked

  2. Max says:

    That answers a few questions!
    thanks
    Max

  3. Bfreedom says:

    Thank you, this has been driving me a wall. I searched through my file logs, no good way to parse them and couldnt find it. I set up the filter and it removed all the junk. I’ve been trying to fix this for a couple months now, thanks again

  4. Happening to me to. It’s really annoying. The fact that the bot visits for just a milli-second throws the statistics way off. Could this be affecting rankings given that Google uses these factors in its algorithm?

    Had a look around but can’t seem to find anywhere to complain/bring this to their attention.

    Been going on for a while now. You think they would have realised.

    • JG says:

      AFAIK nothing from GA is used in search rankings, just shared within GA for cross comparisons.

      But yes, I too would have thought Google would have caught on by now.

  5. Great Boo says:

    Have been seeing this on several sites since the summer – can’t believe Google hasn’t caught on yet.

    I eventually got fed up and created a filter for the IP range Inktomi are using – but only a few days later they changed the IP they’re spidering from. So for now I’m sticking to an Advanced Segment to correct the data.

    I’m not entirely sure it isn’t getting counted in AdSense traffic too – though thankfully it doesn’t seem to be generating fake clicks.

    This skews all the stats badly – bounce rate etc especially since it’s all single page visits. I hope Google isn’t using bounce rate and time on site in its ranking algo – or the search guys have better filters than the analytics guys.

  6. David Sewell says:

    Since mid December 2012 these visits from Inktomi are now reported as coming from Microsoft Corp.
    The alliance between Yahoo and Bing continues to evolve.

  7. ros booker says:

    i am finding a lot of scammers from Nigeria are using location inktomi corp. sunnyvale CA united states
    their ip addresses are almost identical. just the last 2 numbes differnet but often the ones im checking on are in sequence

  8. I don’t think that Google is actually filtering *any* bot traffic for you.. since most bots/crawlers aren’t executing JS, they aren’t filtering the bots per-se.

    Recently changed our URL structure and had an incredible spike in traffic (30% spike in “visits”, each view was a bounce)… the majority were actually coming from Microsoft (probably bing preview).

  9. WhereIsMyMindAT says:

    What is interesting. I found this page doing a search for Intomi. What’s *VERY STRANGE*. I have this page open, a Google Search Page, and FB (ie. not “surfing”).
    I have Peer Block installed (as Bizarre stuff going on with my machine).

    Intomi (on my machine) is going CRAZY trying to make outbound calls. (through port 80) Behaving like “Legit” traffic. (Peer Block allows you to “Block All” thus closes port 80) of course when I turn off “Blcok All” that traffic (without my knowledge) is going outbound.

    Inktomi is a VERY VISIBLE SUSPECT (I set the Log Filter to as high as it would let me—like 5000 lines before refresh—so it’s going crazy filling the log.

    What’s strange on my machine, it’s only trying to “go outbound” on one IP
    72.30.187.51:80
    (as I’m sure you know, Inktomi is registered across 72.30.0.0-72.30.255.255
    What is even *MORE BIZARRE* is that the ARIN Registrar is *STILL* Inktomi
    http://whois.arin.net/rest/net/NET-72-30-0-0-1/pft

    *AND* was just updated.
    Name Inktomi Corporation
    Handle INKT
    Street 701 First Ave
    City Sunnyvale
    State/Province CA
    Postal Code 94089
    Country US
    Registration Date 1999-07-09
    Last Updated 2013-04-02

    *SOMETHING* is amiss. I have my browser completely LOCKED.
    Of course, I see pings from Facebook going out (as expected, as I have a FB window open).
    Then G-D only knows *WHAT* is “Phoning Home” to MSFT—my CPU is ALWAYS “PHONING HOME” to MSFT this range—204.79.197.20
    And I have Updates turned off,etc. *NO REASON* should be phoning home.

    What is *ALSO* bizarre. Is (to give you a picture—Peer Block–Is going “Nuts”–I can see about 50-lines of IP’s it’s blocking–as mentioned, I have to torqued to 5000-lines n a log—so it’s just scrolling like crazy—so might be 3-4 lines per MS.

    HOWEVER, what’s *VERY STRANGE* is every so often (maybe 1-in 1000 lines–I’ll see “Road Runner” show up (again, those old enough to remember, now it was an ISP before the BUST).

    Now, it’s Time Warner ranges assigned to the “Herndon, VA” area. ?????

    *ALSO* to note. Since the original OP.

    The NSA admitted “infesting consumer cpus with Malware”
    The NSA Reportedly Infected 50,000+ Computer Networks With Malware — Are You Affected?
    http://www.forbes.com/sites/josephsteinberg/2013/11/26/the-nsa-reportedly-infected-50000-computer-networks-with-malware-are-you-affected/

    Which is *LAUGHABLE* they “admit” to 50,000. We all know a “script kiddie” in his parents basement can create 500,000.
    I mean, “Organized Crime” (Largest Bot Net busted—sending out most requests) was Conflicker
    10-MILLION BOTS SENDING OUT 10-*BILLION* REQUESTS. (Remember how HORRIBLE Conflicker was to get off cpu).

    The Fact NSA admitted to 50,000 really means 50,000,000.

    Thus my point, ESPECIALLY since everything about it is “rougue” (ie. “doesn’t make sense”).
    I would not doubt for a second could be a rouge doing “ping sweeps”

    To “what end?” Is the million dollar answer. Why NSA is sucking 100% of American Phone, Internet, etc. Traffic is also “to what end”
    A “Normally Active” Human Digital Footprint is about 10GB a day
    Let’s say 200,000,000 people create that footprint in America
    2*BILLION* GB PER DAY–of new information .

    I don’t care what kind of “BIG DATA” machine you have–there is no computational way nor human way to make sense of that.
    *UNLESS* (like the “Census”), their intent is to create Big Bucket Profiles, then filter down.

    Just like all Marketing Companies do (with a “Best Guess” scenario) whereas NSA will have “FACTUAL” data.

    Don’t laugh, since the OP, here’s another M.I.T. Technology review.
    (Someone without Billions of Dollars at their disposal)
    http://www.technologyreview.com/news/514351/has-big-data-made-anonymity-impossible/
    quote
    Last year Adam Sadilek, a University of Rochester researcher, and John Krumm, an engineer at Microsoft?s research lab, showed they could predict a person?s approximate location up to 80 weeks into the future, at an accuracy of above 80 percent.
    /quote

    *WOW*

  10. Nicole Jurawan says:

    Yea, they even have people pretending to be in the army scamming you!

Leave a Reply to Michael J. Ryan