My collection of sites was hit 11400 times between midnight last night and 9:42 am this morning (GMT) by 94.109.215.128

That's once every 3 seconds

Naturally, my sites coped with this.

So what do you think? definitely a bot of some sorts. Given that it was probably not a DOS attack, it may have been looking for email addresses or something like that.

A search for that IP returns no results what-so-ever in google

Anyone got any ideas? whois points to a Belgian company selling ADSL

EDIT:

Looking at last nights logs as well as this mornings I can see the total was

14175 page requests, each spawning it's own session, over 12 hours from 9:45 pm to 9:42am

Actually it looks like a customer on that service (a reverse lookup in nslookup comes up with cust-128-215-109-94.dyn.versatelads1.be).  Unfortunately, that doesn't really give us any more real info.  The computer could be a zombie, or the user could actively be running a bot; but that level of activity seems a little low for a DOS attack without a concerted attack from other computers.  Is it trying to connect to just port 80, or is it hitting multiple ports?  Also, can you tell if it's just a standard request packet or if there's more data being sent (like a GET type of string)?

It's making a full request with GET params - and the request is going all the way through my app, which only logs requests after all other processing is done.

Although my app powers 20 similar sites, it was just one site that was really being hit.

A vulnerability in my app meant that if a request came in for site 1 that was actually meant for site 2; site 1 would still process the request and return as if it was site 2.

I have now fixed this oversight - and have decided to log mal-formed requests for a bit. 13,500 requests in less than 24 hours; of which less than 100 were real people.

i know most of the requests are bots because the javascript tracking I have is never parsed and generally records 300-500 page views per day (combined for all 20!)

Some bots are welcome (eg googlebot). I may re-visit my robots.txt file.

Unless some other developer was trying to implement something and just got the IP or whatever incorrect.
Did it stop the next day? Maybe they realised the error on debugging their own script