Just noticed the same thing from a different IP with a very disturbing reverse DNS entry:

75.125.128.nnn hosted on ThePlanet of course.
rDNS -> hacker-nin.com.

Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10

This one has also been running a while:
From 09/09/07 - 09/09/13 attempted 606 pages and still going

I haven't seen this on my logs yet, but thanks for the heads up. What's the deal with THEPlanet, I know they have dedicated servers and they had an explosion that took them offline.

That was an 'electrical explosion,' just so we don't start any panic here.

The Planet is a hosting provider, just like any other. They have their share of customers who rent their servers to crawl the Web for good and bad purposes, just like any other. However, most of us in this forum look very carefully at traffic coming from another server, since that indicates that there is 'no human behind the monitor,' and therefore, that the requests may be of little benefit to us, even if innocuous.

I looked through my recent logs, and don't see anything like these requests. I've got "hardy" and "feisty" Unbuntus, but no "jaunty" requests, and all appear to be human (or possibly screen-shooters, for the one-page sessions). Most of them had on-target and typical-for-these-sites search referrers. All had valid headers.

Jim

New this month, "hacker-nin.com" and "67-148-61-nnn.dia.static.qwest.net" alternate and come a' callin'/crawlin' every few days.

All hacker-nin.com URIs are .html files; no graphics, no 403 trap graphics; no referers; no follow-ups to custom 403s; no dropped connections suggesting a real person having a problem. My first take was a bookmark/link-check thing but now? Dunno.

The .static.qwest URIs are the same but met with 200s. (No longer:) hacker-nin.com is met w/ 403s from the get-go because I blocked The Planet's 75.125.0.0/16 almost exactly a year ago.

UA always "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042523 Ubuntu/9.04 (jaunty) Firefox/3.0.10". Other Ubuntu/jaunty hits from numerous other places behave normally.

09-03: Two hits to two pages (12:18:50 to 22:07:43) --
67-148-61-nnn.dia.static.qwest.net - - [03/Sep/2009:12:18:50 -0700] "GET /dir/filename.html HTTP/1.1" 200

09-06: One hit:
67-148-61-nnn.dia.static.qwest.net - - [06/Sep/2009:06:03:53 -0700] "GET /dir/filename.html HTTP/1.1" 200

09-08: Eight hits to four pages (04:34:59 to 21:49:05) --
hacker-nin.com - - [08/Sep/2009:04:34:59 -0700] "GET /dir/filename.html HTTP/1.1" 403

09-09: One hit:
67-148-61-nnn.dia.static.qwest.net - - [09/Sep/2009:21:29:18 -0700] "GET /dir/filename.html HTTP/1.1" 200

09-10: Nine hits to same page (04:40:24 to 04:45:53) --
hacker-nin.com - - [10/Sep/2009:04:40:24 -0700] "GET /dir/filename.html HTTP/1.1" 403

09-11: One hit:
67-148-61-nnn.dia.static.qwest.net - - [11/Sep/2009:20:43:16 -0700] "GET /dir/filename.html HTTP/1.1" 200