Had something strange happen a few minutes ago. A legit user (filled out my bot trap form with challenge question and asked a question concerning the site's topic) visited today from an Amazon IP range:
23.21.180.__ Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_2_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8C148 Safari/6533.18.5" The user came in via a Google search.
Anything in the 23.21.180.__ range with a Via: header of "Onavo" is the Onova product for iPhone and Android. Its a compression service which speeds up mobile browsing. I'm keeping a close eye on it, but for now it appears to be legit users coming through this. The X-Forwarded-For header also properly contains the real user's IP address.