I have no idea what the purpose of this is but it's been hitting my web sites at least since the start of the month and becoming more persistent during the past few days. The IP is, as one would expect of a botnet-based scan, hit and run. Two hits per IP, then another two hits on a new IP, several of these in a short time, approx 30 secs apart. Sometimes a third hit on an IP. Source, unlike semalt, has no LANGUAGE and comes from most parts of the world, as far as I can tell - several from India and UA today, for example; also AU, BA, and many others but no BR so far.

Keeps hitting the same sites repeatedly - but then, I only have a couple of dozen-ish. All to home page only. HTTPS sites are hit in HTTP mode (same as semalt)

Unlike semalt, which I originally thought it might be, there is no referer with these hits, henc why I have no idea of their purpose. Again unlike semalt, it's firefox not chrome, though still an out-of-date version.

UA: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1

Secondary check is a very general, all-accepting HTTP_ACCESS