1. Home
  2. Forums Index
  3. WebmasterWorld / Website Analytics - Tracking and Logging 5:53 am May 14, 2026

Forum Moderators: DixonJones

Message Too Old, No Replies

log entries for iPhone visits

iPhone

         

revrob

3:42 pm on Sep 14, 2010 (gmt 0)

10+ Year Member



I've just noticed a series of log entries for visits presumably by an iPhone user, with the oddity that every single request for the different elements of the page, came from a different source IP address - the first three groups in the IP address were the same, 193.35.132 but the final number varied as each element on the page was requested with some numbers being used more than once but never consecutively.

There were a total of 29 log entries for that visit.
2 GET HTTP 1.0 requests based on google searches (as in the example below)
2 identical requests for index.html
then an incomplete set of requests for the page images (no button images for the page links), then a request for another html page (which was made before the download of the appropriate button image that would have been required to request the link), followed by the right number of requests for logo and button images for that page.

The format of each log entry was as shown here:

193.35.132.** - - [**/2010:1*:**:26 +0*00] "GET /index.html HTTP/1.0" 200 21225 www.mydomain "http://www.google.co.uk/m/search?q=a+b+c+d&**=*****=*****=********=*********t=*********=&action=&ltoken=*******" "Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_0_1 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A306 Safari/6531.22.7" "172.24.36.*"

and the only variables over about twenty consecutive entries was the final set of numbers in the originating IP address, and the item on my site being requested. The internal IP address on the end of the log entry was the same for each entry.

Is this normal for an iPhone, to be constantly switching IP address, or does this suggest an element of covert activity? I have other reasons to believe this MAY have been a malicious visit but I don't want to jump the gun. I don't get many iPhone visitors.

The only other times I have seen entries where the user agent has stayed the same and the source IP address has changed with each request have always been from known malicious bots.

The main source IP range resolves to
inetnum: 193.35.128.0 - 193.35.143.255
netname: Orange-PCS-1
descr: Orange Personal Communications Services Ltd.

Advice gratefully received. Many thanks.

revrob

9:21 pm on Sep 16, 2010 (gmt 0)

10+ Year Member



Just had exactly the same phenomenon again, only this time with an IP range in
195.93.21.*** - every line in the log, using a different final figure in the IP address.
That resolves to AOL Inc on a WHOIS lookup -
195.93.0.0 - 195.93.63.255 .
User agent this time was:-
"Mozilla/4.0 (compatible; MSIE 7.0; AOL 9.0; Windows NT 5.1; FunWebProducts; GTB6.5)" "-"

Dijkgraaf

3:43 am on Sep 20, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



It is not normal behavior for an iPhone. However you get the IP changing for each request when the browsing agent is behind a (load balancing) proxy server.
AOL is one that typically does this for all browsers, possibly Orange does this as well.
Why it request things twice is a bit more of a mystery, but it might just be a badly configured proxy rather than any malicious behavior. What other reasons do you have to thing it was malicious?

revrob

9:38 am on Sep 20, 2010 (gmt 0)

10+ Year Member



Thanks that's helpful. Maybe it was a badly configured proxy then. I'd rather not discuss publicly why I think it could have been malicious - let's just say I already know of a fair bit of specifically targeted malicious interest in particular parts of my site (as opposed to general hacking and bots etc. that go on all the time for everyone) and I am on a steep learning curve, trying to distinguish the general background hacking from the targeted stuff plus things like this that "look" odd but may be quite normal and harmless.
Thanks again.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Website Analytics - Tracking and Logging 5:53 am May 14, 2026