GoKawiilI'm here looking through logs on my unnamed reverse proxy and CDN service. The crawler bot swarm has been hitting my PHP application like I've upset them so I'm seeing which weird user agent strings are being allowed to connect. There's "Sogou" and "meta-webindexer" and a small number of requests from "SleepBot/1.0"
What's SleepBot?
The ASN is Google and the UA string is: "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; SleepBot/1.0; +http //sleepbot com/) Chrome/131.0.0.0 Safari/537.36" [edited to make link non-clickable]
So I visit the site. And it looks like the homepage of an interesting tech and ambient music guy who is still running a Shoutcast online radio stream but otherwise hasn't been seen online in 5 years. The Wayback Machine shows few changes in over a decade. But the resume link brings up a GitHub account with a different URL and username which reported 1 issue in March of this year. It goes deeper.
What's going on? Is a Google or adjacent employee running a personal scraper or just custom UA string while browsing the web? Did someone make a typo? Or is it some kind of weird security game / ARG ("Alternate Reality Game") and I'm the sap who's taken the bait?