Suspicious hits from Macintosh user agents

Forum Moderators: open

Message Too Old, No Replies

Suspicious hits from Macintosh user agents

ClosedForLunch

8:24 pm on Dec 5, 2023 (gmt 0)

For a few weeks now I've been seeing regular hits from 'Macintosh; Intel Mac OS' user agents

Mac OS version is always 10_xx

Always low versions of Chrome browser, 39 to 60

Headers are identical in every hit, including 'Upgrade-Insecure-Requests' which strictly speaking is not supported in Chrome less than version 44

The IPs seem to be various residential IPs predominately from English speaking countries: AU, CA, GB, IE, NZ, US

Seemingly no more than one hit from any given IP

Approximately 100 hits per day

Only the root domain is ever requested

I see that a very small number of these hits are also from 'Windows NT 6.1; WOW64' user agents, with the same characteristics as above

Interesting!

lucy24

11:03 pm on Dec 5, 2023 (gmt 0)

Compromised machines, running a seriously outdated robot script? 100 hits/day is definitely too few to consider a DDoS exploit, as might otherwise be suggested by the random IPs.

I hope they're getting blocked. I am very forgiving about older browsers, but Chrome <= 60 is too much even for me!

always 10_xx

Did you mean, exactly 10_\d\d and then nothing more? That, in itself, is so rare that you could block it--at least for values other than 10_15. Earlier whole numbers did occur, but I don't find a single 10_14 later than 2021. (At some time when I wasn't paying attention, Mac changed over to automatic system upgrades, so the only non-current OS you should see is in extremely elderly machines.)

SumGuy

12:44 am on Dec 8, 2023 (gmt 0)

I have seen slightly different strangeness from Mac user-agents:

[webmasterworld.com...]