Hey guys,

Got a user agent popping up in my access logs 21,863 times within a 3 week period - noticed it due to the S.N.O.W.4 suffix:

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET4.0C; .NET CLR 3.5.30729; MS-RTC LM 8; .NET4.0E; S.N.O.W.4; S.N.O.W.4)

All requests originate from the same IP address: 95.172.68.155

Behaviour pattern makes me suspect it's a bot. If it is a bot, it's a pretty rude one. Ignoring robots.txt and doing things like this (Referer and UA grepped out):

95.172.68.155 - - [23/Jun/2013:02:55:25 +0100] "GET /lightbox/css/jquery.lightbox-0.5.css HTTP/1.1"
95.172.68.155 - - [23/Jun/2013:02:55:52 +0100] "GET /lightbox/css/jquery.lightbox-0.5.css HTTP/1.1"
95.172.68.155 - - [23/Jun/2013:02:56:47 +0100] "GET /lightbox/css/jquery.lightbox-0.5.css HTTP/1.1"
95.172.68.155 - - [23/Jun/2013:02:56:57 +0100] "GET /lightbox/css/jquery.lightbox-0.5.css HTTP/1.1"
95.172.68.155 - - [23/Jun/2013:02:57:08 +0100] "GET /lightbox/css/jquery.lightbox-0.5.css HTTP/1.1"
95.172.68.155 - - [23/Jun/2013:02:57:19 +0100] "GET /lightbox/css/jquery.lightbox-0.5.css HTTP/1.1"
95.172.68.155 - - [23/Jun/2013:02:57:26 +0100] "GET /lightbox/css/jquery.lightbox-0.5.css HTTP/1.1"
95.172.68.155 - - [23/Jun/2013:02:58:02 +0100] "GET /lightbox/css/jquery.lightbox-0.5.css HTTP/1.1"
95.172.68.155 - - [23/Jun/2013:02:58:16 +0100] "GET /lightbox/css/jquery.lightbox-0.5.css HTTP/1.1"

Anyone got any more information on this one?