Nothing special about the IP: 177.134.201.nn Brazilian range that I haven't met before. Don't get much traffic from Brazil, whether robotic or human.

Nothing special about the UA: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0

It only jumped out at me because it racked up a solid string of 404s-- or rather three sets of equal size, all on the same calendar day:

07:34:51 ... /Disclaimer.aspx
07:34:52 ... /m-paco-rabanne-parfum-118,autres-2788.html
07:34:52 ... /g-promotions-2,task-essential-416.html
07:34:52 ... /p-1-million-vaporisateur-200-ml-paco-rabanne-parfum-2216-68.html
07:34:52 ... /g-promotions-2,10-a-20-1799.html
07:34:52 ... /g-promotions-2,70-et-plus-1805.html
07:34:52 ... /p-ultrared-man-vaporisateur-50-ml-paco-rabanne-parfum-2243-68.html
07:34:53 ... /blog

12:58:45 ... /letrat.htm
12:58:45 ... /peignoir-personnalise.html
12:58:45 ... /activiteiten
12:58:46 ... /m-paco-rabanne-parfum-118,non-1779.html
12:58:46 ... /frais-de-port.html
12:58:46 ... /g-promotions-2,vitaman-424.html
12:58:46 ... /g-nouveautes-1,lancaster-3667.html
12:58:46 ... /scheidsrechters

13:48:49 ... /p-xs-pour-homme-vaporisateur--100-ml-paco-rabanne-parfum-2233-68.html
13:48:49 ... /g-promotions-2,40-a-50-1802.html
13:48:49 ... /letrao.htm
13:48:50 ... /Competitie
13:48:50 ... /letrap.htm
13:48:50 ... /p-deodorant-stick-ultraviolet-man-75-ml-paco-rabanne-parfum-2249-8.html
13:48:50 ... /provincies
13:48:50 ... /beker-van-vlaanderen

Isn't that weird? "Disclaimer.aspx" and "blog" are the kinds of things you would expect a robot to ask for. The ones that use the shotgun method, coming in with a long list of possible vulnerabilities.

The "letrat, letrap, letrao" otoh makes me wonder if it will be back next week to ask for letra[a-nqrsu-z].

That leaves 19 pages that could perfectly well exist-- on some site in Belgium. They're hardly generic names. But it isn't referer spam, because there wasn't one.

What on earth do you suppose they were looking for?