CCBot is listed in the Botcrawl directory as a security scanner from Common Crawl. The primary identifier for log review is CCBot.

Identification

  • User-agent pattern: CCBot
  • Family: Common Crawl
  • Type: Security
  • Kind: Scanner

Common use

Security scanning, malware checks, abuse prevention, compliance review, or vulnerability monitoring.

Verification and handling

Verify reverse DNS in crawl.commoncrawl.org and match IPs against Common Crawl's published JSON ranges.

Directory guidance marks the risk level as Neutral and the blocking decision as Depends. Do not rely on the user-agent string alone because user-agent strings can be copied or spoofed.

Robots.txt handling: Yes.

Identification

Aliases
Common Crawl crawler
Company
Common Crawl
Purpose
security
Identity Type
official-documented
Source Type
official
HTTP Agent
CCBot/2.0 (https://commoncrawl.org/faq/)

Verification And Behavior

Verification Method
Verify reverse DNS in crawl.commoncrawl.org and match IPs against Common Crawl's published JSON ranges.
Last Verified
2026-04-01
Last Checked
2026-05-20
Robots Token
CCBot
Respects Robots
yes
Spoofing Risk
User-agent strings for CCBot can be spoofed. Treat user-agent detection as a classification signal, then verify with published IP ranges, reverse DNS, signatures, operator documentation, or published operator documentation, IP ranges, reverse DNS, signatures, or other verified identity signals before allow-listing.

Common Use

Security scanning, malware checks, abuse prevention, compliance review, or vulnerability monitoring.

Detection Notes

Match `CCBot` as a case-insensitive substring in HTTP user-agent logs. Review bot_aliases for alternate names or product labels. Use bot_http_agent for full user-agent examples when the client sends a longer browser-like string. Do not treat a user-agent match alone as proof of identity for allow-listing.

Rules And Blocking Notes

User-agent: CCBot Disallow: /

Identification Note

User-agent strings can be spoofed. Use this record as an identification signal and confirm sensitive allow or block decisions with logs, DNS, IP ranges, request behavior, or operator documentation when available.

Source Operator Use API