Wondering if anyone has seen this irritating fellow.
Since I started blocking any "Java/1.?.?_?" User-Agent, I saw a lot of requests blocked from 126.96.36.199 (apparently assigned to PSINet, Inc. by Cogent Communications?)
So I blocked that IP, and saw a rapid string of requests being blocked, with a mix of Java User-Agents (1.6.0_26, 1.6.0_29, 1.6.0_30) and fake Safari User-Agent "Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/533.3 (KHTML, like Gecko) Qt/4.7.1 Safari/533.3". Also a few with just "Mozilla/5.0".
Was wondering if anyone else had come across this? Project Honeypot has a few comments about crawling from there dating back to October 2012.