Ask HN: Odd Traffic from Googlebot
I've been analyzing server logs and noticed some oddities with traffic originating from Google. I did verify the ASN and reverse DNS. Everything checks out.
Every Googlebot request has a forged or bogus HTTP Host: header, usually populated with some random third-world site I've never heard of. The Referer is likewise forged, and usually points to a page on the bogus Host: header domain.
Is this some coding bug in Googlebot or are they checking for some SSRF exploit I don't quite understand?