Mobile app version of vmapp.org
Login or Join
Murphy175

: A single request appears to have come from all the browsers? Should I be worried? I was looking over my site access logs when I noticed a request with the following user agent string:

@Murphy175

Posted in: #Security #UserAgent

I was looking over my site access logs when I noticed a request with the following user agent string:


"Mozilla/5.0 (Windows; U; Windows NT
5.1; en-US; rv:1.9.2.12) Gecko/20101026
Firefox/3.6.12","Mozilla/5.0
(Windows; U; Windows NT 5.1; pl-PL;
rv:1.8.1.24pre) Gecko/20100228
K-Meleon/1.5.4","Mozilla/5.0 (X11;
U; Linux x86_64; en-US)
AppleWebKit/540.0 (KHTML,like Gecko)
Chrome/9.1.0.0
Safari/540.0","Mozilla/5.0 (Windows;
U; Windows NT 5.1; en-US)
AppleWebKit/532.5 (KHTML, like Gecko)
Comodo_Dragon/4.1.1.11
Chrome/4.1.249.1042
Safari/532.5","Mozilla/5.0 (X11; U;
Linux i686 (x86_64); en-US;
rv:1.9.0.16) Gecko/2009122206
Firefox/3.0.16
Flock/2.5.6","Mozilla/5.0 (Windows;
U; Windows NT 6.0; en-US)
AppleWebKit/533.1 (KHTML, like Gecko)
Maxthon/3.0.8.2
Safari/533.1","Mozilla/5.0 (Windows;
U; Windows NT 6.0; en-US;
rv:1.8.1.8pre) Gecko/20070928
Firefox/2.0.0.7
Navigator/9.0RC1","Opera/9.99
(Windows NT 5.1; U; pl)
Presto/9.9.9","Mozilla/5.0 (Windows;
U; Windows NT 6.1; zh-HK)
AppleWebKit/533.18.1 (KHTML, like
Gecko) Version/5.0.2
Safari/533.18.5","Seamonkey-1.1.13-1(X11;
U; GNU Fedora fc 10)
Gecko/20081112","Mozilla/5.0
(compatible; MSIE 9.0; Windows NT 6.1;
Win64; x64; Trident/5.0; .NET CLR
2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC
6.0; Zune 4.0; Tablet PC 2.0; InfoPath.3; .NET4.0C;
.NET4.0E)","Mozilla/4.0 (compatible;
MSIE 7.0; Windows NT 6.1; WOW64;
SLCC2; .NET CLR 2.0.50727; .NET CLR
3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; MS-RTC LM 8; .NET4.0C;
.NET4.0E; InfoPath.3)"


The request appears to have originated from 91.121.153.210 - which appears to be owned by these guys: www.medialta.eu/accueil.html
I find this rather impressive - a request from 'all' user-agents.

There's actually quite a few of these requests over at least the few days - so it naturally piqued my interested.

Searching Google simply seems to produce a very long list of websites which make their Apache access logs publicly available...

Is this some weird indication that we're being targeted? And by who?

10.01% popularity Vote Up Vote Down

Login to follow query

More posts by @Murphy175

Login to post a comment!

1 Comments

Sorted by latest first Latest Oldest Best

 

@Harper822

You failed to share the ip address of the request - so its a bit more difficult to answer the who - but a good idea of why could be a simple scan to check and see if the website is working with all browsers.

This is standard for many developers when they make a change -
services like BrowserShots.org generally show up this way.

10% popularity Vote Up Vote Down

Back to top | Use Dark Theme