A single request appears to have come from all the browsers? Should I be worried?
- by HorusKol
I was looking over my site access logs when I noticed a request with the following user agent string:
"Mozilla/5.0 (Windows; U; Windows NT
5.1; en-US; rv:1.9.2.12) Gecko/20101026
Firefox/3.6.12\",\"Mozilla/5.0
(Windows; U; Windows NT 5.1; pl-PL;
rv:1.8.1.24pre) Gecko/20100228
K-Meleon/1.5.4\",\"Mozilla/5.0 (X11;
U; Linux x86_64; en-US)
AppleWebKit/540.0 (KHTML,like Gecko)
Chrome/9.1.0.0
Safari/540.0\",\"Mozilla/5.0 (Windows;
U; Windows NT 5.1; en-US)
AppleWebKit/532.5 (KHTML, like Gecko)
Comodo_Dragon/4.1.1.11
Chrome/4.1.249.1042
Safari/532.5\",\"Mozilla/5.0 (X11; U;
Linux i686 (x86_64); en-US;
rv:1.9.0.16) Gecko/2009122206
Firefox/3.0.16
Flock/2.5.6\",\"Mozilla/5.0 (Windows;
U; Windows NT 6.0; en-US)
AppleWebKit/533.1 (KHTML, like Gecko)
Maxthon/3.0.8.2
Safari/533.1\",\"Mozilla/5.0 (Windows;
U; Windows NT 6.0; en-US;
rv:1.8.1.8pre) Gecko/20070928
Firefox/2.0.0.7
Navigator/9.0RC1\",\"Opera/9.99
(Windows NT 5.1; U; pl)
Presto/9.9.9\",\"Mozilla/5.0 (Windows;
U; Windows NT 6.1; zh-HK)
AppleWebKit/533.18.1 (KHTML, like
Gecko) Version/5.0.2
Safari/533.18.5\",\"Seamonkey-1.1.13-1(X11;
U; GNU Fedora fc 10)
Gecko/20081112\",\"Mozilla/5.0
(compatible; MSIE 9.0; Windows NT 6.1;
Win64; x64; Trident/5.0; .NET CLR
2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC
6.0; Zune 4.0; Tablet PC 2.0; InfoPath.3; .NET4.0C;
.NET4.0E)\",\"Mozilla/4.0 (compatible;
MSIE 7.0; Windows NT 6.1; WOW64;
SLCC2; .NET CLR 2.0.50727; .NET CLR
3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MS-RTC LM 8; .NET4.0C;
.NET4.0E; InfoPath.3)"
The request appears to have originated from 91.121.153.210 - which appears to be owned by these guys: http://www.medialta.eu/accueil.html
I find this rather impressive - a request from 'all' user-agents.
There's actually quite a few of these requests over at least the few days - so it naturally piqued my interested.
Searching Google simply seems to produce a very long list of websites which make their Apache access logs publicly available...
Is this some weird indication that we're being targeted? And by who?