The bots are all using blank UAs from a wide array of IPs.
They keep asking for the following:
Over and over and over, hundreds of times per IP in some cases.
This is apparently an old Zen cart vulnerability, about 6 months old best I can tell.
So why is a botnet hammering on my servers which don't have Zen cart, looking feverishly for this stuff at such a late date?