I have a small sub-site in my website (a subdomain of a domain) that only I know about. It logs the IP addresses of all page requests. I'm getting requests from the IP 8.28.16.254 and I have no clue why. No one knows about this site and I'm absolutely sure it's not mine.
EDIT: This is the user agent -- Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; MS-RTC LM 8; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
What could it be?
Maybe it's server itself?
Other than that, are you completely sure no one knows about it?
It'd be of more interest to see the requests it's making. Wouldn't surprise me if it was scanning for known exploits.
FWIW, reverse DNS shows this:
DNS records for nat-dc5.es.bluecoat.com Host Type Data TTL nat-dc5.es.bluecoat.com A 8.28.16.254 600
A few seconds of googling also shows the IP address is blacklisted by cbl.abuseat.org and xbl.spamhause.org.
The company itself is a proxy/tunneling/caching company. That means they likely discovered your web site address by using a cell phone or network proxy (perhaps through your work or your ISP).
It is also possible that some browser plugin reported that you accessed the domain. But in that case it would be more likely that you have a google or bing bot on your page and not some unknown bot/scanner/whatever.
You could simply exclude every IP but your own in the .htaccess if you need to be sure, you are the only one that can access the subdomain. (assuming your sever setup supports it)
