not2easy - 7:54 pm on Jan 15, 2013 (gmt 0)
I'm seeing a new weirdo in UAs:
"h t t p://www.google(dot)com" (fake referer)
"Mozilla/5.0 (X11; Linux x86_64; rv:2.0b9pre) Gecko/20110111 Firefox/4.0b9pre"
that got found with the "GET / HTTP/1.1" search of raw logs. "Firefox/4.0b9pre" was a beta version from late 2010, no clue about that other "0b9pre" in there. It came in on a blocked range anyway (109.206.179.nnn)but thought I would leave it here in case anyone else is looking.