Yup, that's right, someone decided we need to hide on the net so much they actually created a Proxy Web Host and it appears scrapers are using them, what a shocker.
I found them as AdSense was trying to crawl thru the proxy:
BAD_AGENT: 18.104.22.168 [prx1.proxywebhost.com.] requested 3 pages as "Mediapartners-Google/2.1"So who are these people using for their provider?
Layered TechnologiesThat's a HUGE block of IP's to just block out of hand, so how much abuse has been coming from this range? Let's search on "72.232." and see what pops up.
22.214.171.124 - 126.96.36.199
First, it appears I already banned a c-block over there running a multi-IP scraper trying random user agents:
BANNED=188.8.131.52 yrkqi3jrmnbrsk3mUpnrwungWhy were they banned?
BANNED=184.108.40.206 utgkm gylmugtdblyppqqu
BANNED=220.127.116.11 pt tkglswaqatq k rfxqolbtqbygxlhvS0qqv
BANNED=18.104.22.168 djpqaegrbxpfbqnkxvqeniqfogyb rnt
BANNED=22.214.171.124 wbdprvjiqbw jbsvqse7
BANNED=126.96.36.199 upehrsqqqevdljtwrgkkbthk e
BANNED=188.8.131.52 7jrxquabdwlgn wyjnoxtyxdryvffjbVdjw
BANNED=184.108.40.206 kdxiqiyu3yicfupymhimbp nlb v oghtqre
BANNED=220.127.116.11 henlvvdiranneq0cddlfdiXeivbwylon bxic
BANNED=18.104.22.168 vdpPPvxlkwmwpPyy8gpshni8y dwe q8lewlhfl
BANNED=22.214.171.124 didII6ye6It wermhvcx 6jmwcblyxj
BANNED=126.96.36.199 r8nawcyepuDfymmbdi8xdsfah8sfqkwhuy eu
On a different day they claimed to be this:
188.8.131.52 "FAST-WebCrawler/2.2.5 - Lycos/Alltheweb/Fast"Reverse DNS claimed it was galaxy-webhosting.co.uk which is in Layered's IP block.
184.108.40.206 "FAST-WebCrawler/2.2.5 - Lycos/Alltheweb/Fast"
220.127.116.11 "FAST-WebCrawler/2.2.5 - Lycos/Alltheweb/Fast"
18.104.22.168 "FAST-WebCrawler/2.2.5 - Lycos/Alltheweb/Fast"
Now, for your amusement, here's the same IP within an hour trying more than one user agent:
00:14:06 22.214.171.124 "FAST-WebCrawler/2.2.5 - Lycos/Alltheweb/Fast"Hey, if one user agent doesn't work, spin the roulette wheel, right?
00:52:07 126.96.36.199 "plblilwkchhs2qfkv rbXbgveu xsxwsxauspuX"
Sorry idiot, NO user agents work on my site, so let's move along.
OK, at least this one was creative, someone decided to explain it was a User-Agent:
188.8.131.52 "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;"Just a few garden variety scrapings:
184.108.40.206 "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)"Then another random attempt on .58 from above:
220.127.116.11 "Mozilla/4.0 (compatible ; MSIE 6.0; Windows NT 5.1)"
18.104.22.168 "qyerqcuylypknmarpuoudyeawwft"It's just so cute that they fucking don't get it, random user agents or valid user agents, you just keep knocking but you can't come in and play so piss off.
22.214.171.124 "hbcudylrrturxtxwtMhoqq9sMsr uw pfM"
126.96.36.199 "brn jxvcgitdurvqhivtrhthtknu"
188.8.131.52 "fxddbq qxduqghdpbdgnptqrCtioive"
184.108.40.206 "jni0 kjn0flJxuenr0oek0b0rpjx"
Another proxy event that I banned:
220.127.116.11 "Mediapartners-Google/2.1"Legit spiders crawling outside their range just scream "BLOCK ME! PROXY!", gotta love it.
Then this idiot thought no user agent would work, WRONG!
18.104.22.168 ""... and a bunch more IPs doing stupid shit, but I'm too lazy to list 'em all here
Word to the wise, it looks like a scraper haven over there so consider blocking it.
According to their web site it looks like all server hosting so probably safe to block the whole range, but they have provided some amusement with their vaudeville scraper show thus far so maybe I'll just keep an eye on them for now and see if they come up with something new to toss at the bot blocker.