Estoy obteniendo registros como (usando el servidor Apache):
119.131.152.148 - - [20/Apr/2016:18:17:47 +0900] "HEAD /?MDY0MDc5OTQ5NTE4MDY3OTY0MzcwNDMxODU2ODUxMTkwNzEyMjY5OTA0MDI4MTQ0ODYxNDE3NTAyODYyMjEwMzU5MzcxMDIwMzY2ODM2OTQwODk0MjI5NTk1MTk0Mzc2NjI2NjE4NDg2MzQ0MzkwODg3OTA0NzE5MTA0Njc3ODQxMzA2NjA5ODY0NTExNTQxMDUwMzM0MTgxOTQxNzIxNjEwMzA0NTk4MTQwODQ0MzQ3NzkwMDY1NzExMjM4NzEwMTQ0MjM4NTYwNTUwMDY4MTU2MDEyMjkwNTYxOTEwMDU1ODAwNTMwNTc3OTc2NjQ3MTkzMDA3NDQ2MDE3MzY4NDAzMTExMzU0OTc2NzYwMTkwMTU1NzAwNTE5MTQ1NjY2MzYxNjIzODQ2NDMzMDA4NTE0ODc2NzE3ODgyNzkwMTYxODQzNTI0MjkxMTg0ODUwNDg1MjE2NjU0MTQyNDYxMTI5NzQ4MjAyMDcwNzMzMTIzNTE5MzI0NzU3NjExMzQwOTUyNTg5MjA2MTEzMTM1MTA0NzIxNDA5NTUxMDg1NjA1NzQzMDYyNjg4MDYxMDEzMjIxMzU2NzEyMDk4NDA1MzYyMTg0MjY5OTQ5ODA5MTIzNDYwNjAxNjA0MTYyODE0MTkwMTQyMTMyODA2NTQyNDI1MTQxMTQ0MTI4ODMxMDU5MTU1ODc1MDE1MjEyMDA3NjYxNDcxMzYzNDgwMTQwMTk2MjUwNjA1MTc4OTM4NzYwODAxMjE2Mzg0MjAwMTM2Mzg1MTIxMjQ1MzE4ODYwODEzNDU3ODIyMDA2MjUyNjEwMjAyMDIwMzY3MDUwMTIyMTE3MDU4MTQxNzg2NjgwOTE4NTg2MTc0OTkwMDYwMzU1NDIzMTE5MTg2NDA3NTEzNDU3NTcyMDgxMTQzMDU1ODUyMDQxMTMwMjEzMjExMTIwODU5ODExMjQ1NDY3NzAwMTY1MDg3ODg0ODA3NDM0NjQ2ODMwNTQyMjgyOTAxMTYxMTk0NjA2MDE2NDM1MDg2NTYxODMwOTI4MDI5MDYyNzA1NDkzMjAwODczNzQ5NjIwODI0NDk0MjUxMTg5ODI5NzU5MzAwMDAxMzU2NzcxMjYwMzI0MTIyMDQ3OTcxNzYwMjE2NDEwNzM2NjQwMjY3MDc4MjUwMDM3MjE2MDgxMTA0NDY1NDIzNDYxMTQ3NTIwMzcwMDMyODUzMTgxODA4NTM0NTEwMzExOTU1NDI3NTIyMDUyNzQ5NDc2NzE5OTg2MDUyNDkwMjcwMTA0MjUwMDk2MzQ4ODY4NTEzNTY0OTc0NDgxNjExMDAxODE5MjAzODA0OTkzOTA2NTA4MzU0MjMxNzE0MDcyNDk5MDQ2MTEwNjk2MjE0OTAxMTkxOTYxNjg5NjQwMTgwMjA0NjE0NDc3ODEwODgxNjM1NDkwNzc3NzM2MDgzMDkyOTA4MDU3OTE5Mzc1MDAwOTMxMDIxODY4ODY3MTExNzc3MjAwMjEzNzQzMDg5MTkyMDM3MTU2OTI0MjEzNjQ0NzIxODAzMTE3MTIxNTYwMjAxOTAxMDI4MTAwOTI3NjU4MzA5MzgxNDkyMDcwMjE3NTQzODM1MTk0MDc2MDgyMDA4MTk3MDMyNjQwODk5MjE0ODYyMjE0MzAxOTEyOTAwODI3NzAzMTQwMjU4NjM0OTUwMTQzNzUyMzgyNTExMjMzODQwODEwODkyMzQzMDgxMDI3MjE3ODY1MTA2NDg0NTczNzUwMjg3MDExMjA4MDIxOTkyNjIxMDA3MzY0ODg2NDAxNTg0MDIzMTg2MTI1NzkwNTM5OTE0MzcxOTA2MzEwNjU3NTAwMTI4MTcxODE2NzU4OTA1ODEwNTY0NzEwNTUyOTEwMTE1MTYzNjgyNTgxNDE1OTA1NjM4NzkwNjU2NTI1OTAwMDEyNTY1MTUwMzEzNTgyNDM0NjMxNjI2NjI1NzU5MjA2NTc1NDI0NTA1Mzg1MzExOTYxNjg2ODkzMDkz HTTP/1.1" 200 6014 "-" "-"
106.39.78.2 - - [21/Apr/2016:19:35:47 +0900] "HEAD /?MTM2MzI5ODYxMTA3Nzk1NzU3ODAwNzk1MjI3MTE4MTk2MDk4NzE0ODAxMzQ0NTQxNzIxODQyMjUyNjM1MDI4NzYyOTI5NTA1OTUyNjY2MzAxMDg1NzU5OTkyMDgyNzYzNzM4ODAwNDM0ODc0MjYwNTU3MDI5MTQyMTA5MjY5NzAwMDA4ODQ5MDcwNzYwNDIwNzU2MDI2MDg0NTM0ODc2ODEyNTMyNjQ1MTEwMTQyNjYzNzczMTIyNTY0MDQzMzA5MDMzNjY5MTgyMDEzNDQ5MTE4MDAzNDc1NjYyODA1MTU0NzU5MjkwOTg4NDYzNTEzMTk2NzEzNjcwODIwMDg2NzM1NDYwNjAzMzU2MDk4MTQxMzc4NjcxMDAzOTQ4NDI0ODAxNTM4NDE3Mzc0MTA4NTYyOTMxNTAyMTI0NzQxODAxNDQ2MzAzMDA4MTg4NjQxMDkwNzA1MzAwMjM0OTIwMDY3OTIwOTM2MTQ5NjgxNjk0MTA1NzY1OTEzMDcxODc3NDgxNDA5MDA5MzU3ODM0MDA4Mjk1NDk5NzUwODM1NDE0OTc0MTM0NDE1ODExMzEzMTg0NTM2MjgxOTYxOTY1NTU4MTU1MTIyMTkyMTE5Nzg1ODQ2MzkyMDQ5NDI3Mzc4MDI0MjcxNzY4ODA3MjI1ODc1MTgyMDc5NzQ2MzIzMTQzNDU4NTEwNTA5NzY4OTI3NjYwMDkzOTUxMjUzMjA4OTI4Njc5MTEzMjg1NDE5ODMwMjY0MDk5ODUxMTk1NDI0NzI1MjIxNDEzMzQwODcwMjczMjY0MjczMTIzODg5NjUzNzEwMjEzMjYyMzIwMjAwNDI0MTUwMTY5NDgyNjI2NTE4ODk0OTE3MjAxOTc4NDk2ODkzMTI1ODIwOTc4MTEzNTM3Njk3NDAwMzU0ODgzNTg0MDM1MjgzNTA5MDE0OTYwMTU0NzQwNjc2NjczMjA0MDQxMjY2NjAxMTExMzIwNjIwOTMwMDczODE2OTQzMTE3ODAzNDE0NDA4MzgwODIxNjIxMzQ0NTA1OTQ4MTE3Mzk4MTYwMjA0MTU5MTQ3ODcwMDMwMDg4OTA3MDcwMTQxMjM2NzExNzEwNjkwMjIxODE5NzM4NjA5MTYwNjE1NDY5ODE3OTg1Mjc4NTcxMzgzMDY1MDYxMTM1MjM1MTc1NTE5NDQ2MDc3NjMxMzQ4OTY1MTU2MTk1MTMwNDczMjE2OTAwNTMzMzYwNTgyNzQwODY3MTYwNDIxNzEzNjEwMDIxNjU0NTAxOTU1NzA3MzkwMDYzNDk5MDgyNDE3OTY4MTU0OTUxNTc2NDQ1NTU1MjEzMDk1MjMxMjAyOTMwMTIxNDAwNjI0ODE0ODk5MTY5NDU0Mzc5NDIwMzczNjYyNDUxMzc0MDU1NjkxMTQwMzA3MzExOTEwMjE5MTkwOTQxOTkyMzE0MzIwMDAyMDEzNDMxMDA5MTEyNTI2NDcwNDkwNDU5ODIxMTA2NzA3NzU1MDA3ODAyNjU2NTAxNzI1NDE5MzAwMDI0MzE3NTM2NjA1Mzc0ODQxNzAxOTk3NzQwODU3MDUyODE2OTE4ODAwODg2NzE1NjcwMDkwOTYzODYzMDU5NTQzMTgzMjIwNTMzNDE2NzMxNTU2NjQ1NjI0MTE1MzQwMjA3NTA1NDkwMTQwMDUxOTUzNDQ1Nzg1MDA5MzkzMjMzNzA5NTU5MzI1MjIwMTI5ODk2NjQzMDI2NTU5MzIwMDA1NDMwNDMzMjAxMTg4NzUwMzE0MTkxNTU0NDA0MDExOTA1MTI5MzcwMTIyOTAyNjQ3MTU1Mjc1NzY1NTExNTQzNTIyMjAxMjgxMTg2NDI0MDQ0NTY4MjkxODAyMDMwODE1NzkwNzc2NjA4NzYzMTUzODIzNDM4ODEzMzIyMTc0NDUxMDMzMzU1MTE2MDg1ODUwNTMzNTA4ODQyMjcxODIwOTA5Nzg3Njg2MTAwNDgwNTIxNDEzNjEwNDE3NzAwNDY0NjgxMjgw HTTP/1.1" 200 6043 "-" "-"
112.5.236.7 - - [21/Apr/2016:23:30:15 +0900] "HEAD /?MDE5NjIzNzMwNDA4ODEwMzU1MTEwMjU3ODQ2NTE1MDEwNDMzMzAwMDAxODI2MDA3NTYxOTkzNTM1OTczMDQzOTY0Mzk2ODAyMzc4MjIwMjQwODMyNjcyMTAzMTI2NTExOTk3MTE5NDg1MDc0OTYxODMxNzM0MDQ1MDM1ODMzNDQ4MDA0MTA5NjIyNjkxODA2MTcxNjEyMDM2NDM2MTA1ODAwOTUwMDQ0ODkxMTQ3NTA2ODUyMDE5ODUyMjg1MjA0NTA1MjM0MzcxNzYzMjkxNTgxMTQzMjY4MjQ4MzA3MjUyNDEyNzAxMTE4MDUxMTQ0MDc3MDAxMDU0NTA3MzkyMTg0MjkxNjg1NDg3MDg0MTI0MTgwNzY2MjE3MDEzOTI3NzcxMDU1MzM1OTM0MjEzMDMyOTk1ODEyNTA2NTk5ODAwODUyMDIxNzMwMDM3NTEyOTk3MDA0MTg5NzkzMTkxOTE0MTE0NTkyMTczMTI2MjE4MTAxNjU4NjI0OTUwNjM5NTQ1NTE2MTIzMTI1NDEzNTE4ODI0NTI5OTkxMjQ1NDI2MjYyMDQ4ODEyOTU1NTAyMjc0MzcyNDgyMDg5MjgzNzQ1MDk3NDMwNTk0MTAwMDUwNzAyNTAxNjE4MTM0MTU4MTIzNjc0OTUwMDAzNDM0MjQzNTIxNTU1NjU3Mzk0MTQwMzQzMjExNTIxNDI5MzgwOTYxNTAzMjg0MjQ2MDA5ODk2OTYzNDA5MTEwMzg0NjgwMTU1Nzk0MjQxMTI4NzI3OTAxODE0ODE4MDYxMDIxNTkwODY1OTc0MDMwODA0ODg4OTEzNDUzMTk5NTMwNjgzOTEyODk0MTkyNDgxOTgxNjEyODIyNzM2NjAwNjk3ODQ3NTE2MDk3OTcxMjMxNTIxMzA2ODgxNTcyMTM5NDY2NTk3MjAzOTU0MDY2NzA3ODA1ODI1MjQyMDc2NjI1NjQxMDUwNzk2MTMzNjExMTQ3NTIzNjQwNzE1NTU0MDg1MDUxNzg2NTMxOTA5NDQ1NTI5MjgwNDk3ODA0MDIyMTE3NjI1MTA0NjE5NDMxODgyNTEwNzM0MTQ4MTc5MDA2NzM1MjkyNjAwMDUwNTgxNjIxMzU3OTY4NDI1MTY0NzE2MjE4NzA3MjY4OTc4NDMxMjU1MjA1NTMxMTQ5NjIyMTEzMTAyNzYxNjAzMzYxNjU1NDI0NDk4MTc1ODMyMDM1MTA0NDM5ODMxNjMwODMxNTQwMDQwMTE5NjE2MzE4OTA5MjMyMDUyNDYwNTM3MTMzMDQ2MDU2MTUxMzM2ODA3MTA3OTMzODYxMDkyNjQ3MjM1MTM5MTQzNjIyOTIxNDIwNzcyNzMwMDIxODY1NzQwMTYyNjE1MTIwODEzNDQ2OTI0ODAxNzEwMzI1NDc1MTYyNjUxNTQwMDA4OTU0NzA3NzkxMDI4MTg1NzMyMDc4NzczMDE2MTE3Mjg1ODc5NjIyMTEzOTY5MTg3MTgwNTQ3Mzg2NjAxMTEwMjc5NzIxNjg2MTAxNDk4MDg1NjcxNzc5NTAyNDA2OTU5NjMxMzQwMjYxNzkxMTQ3MzQyODExNjAyNzc2NTc2MjkwNTU1Mzc1ODE3MTU5MDEyNTYzMjE2MzA5NzQ4MzExODU0NTI3ODIxMDQ4NDA0MjA5OTAyODEyMjAzMTYwMzM2NTk5MzYxMTI0NTA4NTYwMTE0NTkyODE3OTQwMTkxNTQ3MTE4MDE3ODQyMTAzOTIxMDM4MzU1OTgwMjMzNzU5NTQyMTU1MjY0MDQzNDE5MzIyOTg0NjQxOTQ4NTk0NjI1MDcxMjI4MjQzOTA1ODg2ODUzNjUwODA3ODQ5MzI5MTc5NTEyNjU5NzAwMjA2NDY3ODcxOTc4OTEwNzExMDIyNzAxOTc5OTA3MDg0OTA5NzAwNjk1MDU2MDIxMTY4ODkzODk1ODIxMDAzMzAxMzIwMzMyOTU1MTkxMTI5MjkyMjE4OTAzMzk0NDUzOTQwNjgyNTA5Mjgz HTTP/1.1" 200 6043 "-" "-"
124.89.33.132 - - [22/Apr/2016:08:14:46 +0900] "HEAD /?MDQ2MDAxOTU1NzE3OTk3NDM2NTIxNTU0MDAwNDI4MTY0MzI4MzMxNzA2OTkzOTkxMzYyMDQ0MDI4OTM4MTA0MTE4NTU0OTE3NDM1MDc5MzkxODE3ODgwNjM0MDIzODYxMjk5NDAzNTA5Mjc3NzUwMTQ1Mjc0Nzk3MDUzNzgzMDA5NjA1OTc4OTg4NTQxNTMyOTcyMzkwMTQzMzg2MzUzMDAxNTY1Mjg4MjMwNjk2MDEyNTQ3MDk0MjkyNTgwMTAwMjQ1MTg2MzUwNzU2NjI2NDE5MTE5NzQxMzk4NTA4NDE4ODIyNjAwODg0NzQxMDU1MTM1MDY2NzE5MjA1NjQ3NDg3ODIxNDk5NTI1MjQ1MTE4MjA0NjMxMjE2MTgxNzE1MjUwMTgyMDg0Nzc4MDM0NzYwMzE3MDAxMTA0MjYyMTAwMTcwMTM4NzY0MDY1MDU3OTE5ODE0NDczMzY2NDQxOTE2Njc0NDkxMDg0OTY0Nzg5NjAwOTAyNjI2MTMwNDU3MDgyMzk4MTYyNjEyMDY0MzAxNzA0MDI1ODgxNzgxMjAzNjQzMDYwNTU1MDk5NDAwODk0ODk5MTIxNjUyNzUxNzkzMDA0ODI2ODY3NzEzNTg4NDA5MjEwNzA3MjA3MDIwMDk4ODkyNzE3NDAzOTYzODE5OTcxNDI4NjY3NjIyMTUyMTQ0Nzc2NjA1NzA5MzU4NzcxOTI5OTYwNDUwMTI1NTI2MDA1NDE0MTAwODkyMTkwOTU3ODYxMzkyMDY2OTI1OTM3MzAyOTI2MTYxMjUwMTM0NjUwMzU0MDU0NDUwMzY5MzIwMDY2MjI4ODQwMTI1MzM2NDE0MTYzNTc5NTg1NjIwMzg0OTM0NzEwMjQwNTAxNTY1MjEyMjYxOTY4MDIwMzQ3MzQ1NDUxMjk4MDQ1ODU3MTc2Mzc4MTU0NjA1ODQyMTU2MzQwMDY2MjY2MjEwMDIzODkzMDE0OTE0NjQyODg4MDUyMDAxNTk5Njk0MTEyMjkwNjQyMzA1OTE4NjI5OTEwNzUyMzkyMzQ4MTM3OTQ3MjkwOTEzMDIzOTg1MTUxMzUzMzkxNTA4MDc5MjMxODIyNTAxOTMxMTkxMzgxMjIxNzg5NTI4MDkwMDkwMDgwMzA5NzM2MzkwNTExNjg2OTczOTgwMDM4NzY2MTk2MTE1NDI4MDI3OTEwMDM3MjQ3NDI1MDk1ODgxMzA5OTAxODAzODg1MjMxOTQ1MTMwMTM1MDMyMjQzMjA0NDEwODE2MTY5NTAwMzExMjYzMzUxMTY1NTg2NzIyOTExMTcyMzg3ODUwMTk4NDgwMDg4MTQxMjI1MDIyODAwNzMxMzI2NDQxNDcxNTkwMDIzMTU1NjY0NDgxMDEzNzI2MjkyNzUxOTU5NjUwMDEwMTM2MjQwMTQxMjEyODI1MTc2MTcxMjU0MTMwNzE5MjA3NTg0NDQwMzAxMzIzNTM2MzEwODE4MjI2MjI4MDIwNTQ2OTA0NDE0MzcyNzAxMTExMTM3NzAxMjU3MDkyODc0MjQ5MzE4OTk2NjkxMTUxODEzNTAzNzQ2MTA1MTAzMDUzMzA3MzQ4OTUwNTMxMDY0ODU0NDIwMDcwMTAxMTIzMjE3MzQ5NTc3MTkwNDkxOTMxNzU0MTI2MDc5ODQzMjA4MDQ5Njg0NDcwNDAzODI3MTExMDI2ODYxOTcyMjIwNjM5ODE3NTIwMzgyNjcxODU1MTY5MDMzNjM0MzE2MTQ1MjI4NDExNjIyMTA3ODUzMDU1MzkxMjI2MDIxMTQ3MDYzMjgxMjI5MjY1ODcxMjAyOTI4NTEzMjEzODMxNTcwNjIwOTY3OTczNTEwMTQwOTYyMzE2NTE2ODU5ODMwMzgxODM4NjA1MDgxMDQzMjg0MzI2MTA0NTkzMDEyMDUxNDEwNDQ5MTYwMTM2NjUwNDg0NDA3NTMzNDQwNTUwODkwNjAyMDU5MDgwNzQyODg3ODE1NDExNzMxOTgxMzI5NDMxNDgy HTTP/1.1" 200 6222 "-" "-"
De muchas direcciones IP diferentes, todas de China.
¿Qué quieren lograr? No parece un ataque de DOS, ya que no son tan frecuentes y no están cronometrados de ninguna manera aparente.
Mi primer pensamiento fue que podrían estar intentando explotar un error de desbordamiento del búfer, pero no es lo suficientemente largo como para alcanzar el límite de apache predeterminado de 8190 caracteres.
¿Alguna idea?
ACTUALIZACIÓN
¿Ahora estoy empezando a pensar que el parámetro es solo para evitar el almacenamiento en caché? Pero entonces, ¿por qué es tan largo? (sello de tiempo es suficiente).
ACTUALIZACIÓN (24 de abril)
Analicé mis otros registros y descubrí que no todos provenían de China. De una muestra de 1913 direcciones IP diferentes, el 98% se originó en China. Otros países donde: EE. UU., Italia, Japón, Rusia, Taiwán y Países Bajos.
Como en los registros anteriores, todos ellos no contienen más información, excepto esta (que podría aportar algo de luz a este caso):
107.178.194.119 - - [03/Mar/2016: 09: 44: 20 +0900] "HEAD /?MDQ1ODE1MDMzMjE2NTk2MzEyNTUwNTc1ODg0MDE2MDk2NzM4OTM0MzE5MDY5OTg3NzgwNTkwMTQ4MTg1MjA5MzgyMTQ3MTAyNDkxOTU2MDIxODk0NjkzNzQ0MTUyNzA0NTg0ODIwODk1NzM3NTcxNzE0ODI5MTA4MDgyODAzMTQyNjEzNzEzNTQzMjAwMTY1NDEwNzMxMTU4MjE4NjYyMjExMjE5MDk4MjgwNDM5NjE5NTA3MTYyOTg3MTg3NjAxMjkwNzU1MjAwMjA2ODkwNDM4MTM4NDI5OTcwOTA2NjYyOTg4MjQwODUwMDgzODYzMTkyNjQ0NTIzOTEzNzI0MDQ0NDExNDcyNjM5NjE5MjAyNjI1MzA1MzA1MjA2OTg3OTAwNjI1ODk2MTI2MTgxNTEyMTYxMDE4NzAzMzA1NDEyMDYyNjEwOTYzMDk5NDQyNjk3ODE2NzQ2Nzg2MzgxMDU2MjgzMDEwMTQ3NDE4NzI4NDA2MzE0NzI0MjkwNjYxNzA2MzU1MDMxNjYzODU0NjAyOTA5MTQ5MTgwODU2MTkxNjQ4MTAxNTU5MTMyNjA0NDY3NDY2NzMxODAxMTc2NDk0MTk3NzU2Nzg5NzE0NzYxNDMwMTAxOTQyNjI2MzA2MDU4ODM3MTczMTEzNzYzNjM2MzExMjg5MzQ2OTEyMTc1MDI5ODc3MjEzNDIxMDQzNjYwNDQ3MjQ2NTY3MDQ3MTEzMzE1MTEyMjEzMzQyNzAwOTkzMzMyNDMxMTg3MzI4MzgwMDExODg0Mjc3NTEwNTM0NTk0MzM3MTI2NDk5MjIxMzAwNjc1Njg0MTgxODc1OTgwNDU5MTI2ODc5NzYxODE4NTk0MDc4ODUwMjE5MjQzMjE2MTc5OTcwMTc5MjE5ODEwODgwOTUxODQ0MTU5MzI5MTI1NjYxMTM2ODAxMDc5OTkzMzgwNDkwNDM3Mzk5MTkyNTM5Njc5OTEzMTMyMzMzMzAxOTg1NjQ0MjQ5MTQ5ODE4MjQzNzAzNjg3MDgzODMwMjE5NTUyMTUxMTE5NjM5MTAxNjIwOTYzNjA5ODkyMDQzNzQ1MDc4MTY3NzQ5Njk2MDE0Mzc4ODEzMjIxMjkxODE4ODA2MTQ4NDAzMjg2MTAwNjQ4MjI4MzgwNTI4MjI2MTc1MTYxNTM2NDM5NjA1MjMyOTM4MjcwNDUzMzQ0MzY4MDA2Mjk1MDU3OTE3NDgzODcxMzExNTkwNTI4MzI1MDEyNzExMjAxODExOTkxMjk5ODAwMjIzMzQ2NTAwMTEyNzY5NDgzNjE4OTQyNzczNTUwNzM0ODIyNDM1MTU4MTkzMzI3ODAxNzc4NjYxMDUxNjQyNTM4NTYyMDA5ODQ2Njk3NzE0NzkyNDQwMTAxMjY4MzY0MjkzMDc5ODkwOTUxMzE5NzIzODU2MjAwMDI4ODcxMDM2MDYwOTA4NTk2NTExMjA0MzQzNjEwODUyNjI1ODg3MDc3Mzc4MDI4MDA2NzY4OTI3ODQxMjM5NTUwNDA5MDYzODMzMjkwNjE3MzQ5Nzg5MDAwNzc3MTcwNzQzMDU4NDE2MTY1MzE5MzIyNDg0MDQxNzk0NTg1MDQ3MTgzODUwMDY4ODAxODQzMzczOTYxNDU3Nzk0MjY4MTM5MDgxNDk2MTExOTM2NjA3ODkwNTA3MDk1ODU0MTA0NzM5MjcyMTE3OTgyODQ3ODEwMTE0MTAzMzUwMTc2MjI5Nzc0OTAzNzA0ODc2MDEwNjIxOTE0Njc1MTYzMjIxMzM2MzE3NjE5NDEzODUxOTE4NDk0ODg0MDQwMTIwNjUxNjE1NzkwMjk5ODMyMTA2MTIwOTU5MDAyMzQ1NDUxMzA2ODUxMjMzNDgwMjM5OTIwODY1MDQ5OTM1NTEzOTEwMDYyNzg0MzExNTUwMzQzMTEzMTc0ODIwMjEyODE0MzY2NTM5NDYxMDcxNDk0MzQ3MDM1MDk3NzkxNjE2MzYyNjI3NTkxNjExNjM0NzI3 HTTP/1.1" 200 6274 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E) AppEngine-Google; (+http: //code.google.com/appengine; appid: s~chensabinb3f2f1)"
La principal diferencia es:
Mozilla / 5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident / 5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E) AppEngine-Google; (+ http: //code.google.com/appengine; appid: s ~ chensabinb3f2f1)
Especialmente la última parte que apunta a alguna aplicación con algún nombre de usuario.
Compare ese registro con otros que contengan "AppEngine-Google", como este:
107.178.195.235 - - [13/Oct/2015:22:36:39 +0900] "GET /book-introduction/ HTTP/1.1" 301 545 "-" "AppEngine-Google; (+http://code.google.com/appengine; appid: s~tuxjamz)"
No estoy seguro de si es importante, pero parece que las solicitudes "normales" AppEngine-Google son GET (en lugar de HEAD) y la url no contiene un espacio después de "http:" como el registro "s ~ chensabinb3f2f1". Ambos IP de AppEngine-Google indican que son propiedad de google. Por ejemplo (nombre de host):
119.194.178.107.gae.googleusercontent.com
235.195.178.107.gae.googleusercontent.com