tracker1/bad_actor.aspx

## bad_actor.aspx
<%@ Page Language="C#" AutoEventWireup="true"%><!DOCTYPE html>
<%
  // This code is required for host that do special 404 handling...
  Response.Status = "403 Access Denied";
  Response.StatusCode = 403;
  Response.AddHeader("X-Robots-Tag", "noindex,noarchive"); //don't store this in any index
%><html>
<head>
  <title>ClassicCars.com - Bad Request</title>
  <style type="text/css">
  /* Eric Meyer's Reset CSS v2.0 - http://cssreset.com */
  html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,center,dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td,article,aside,canvas,details,embed,figure,figcaption,footer,header,hgroup,menu,nav,output,ruby,section,summary,time,mark,audio,video{border:0;font-size:100%;font:inherit;vertical-align:baseline;margin:0;padding:0;font-family:sans-serif;line-height:1.2em;}
  article,aside,details,figcaption,figure,footer,header,hgroup,menu,nav,section{display:block}
  body{line-height:1}ol,ul{list-style:none}blockquote,q{quotes:none}blockquote:before,blockquote:after,q:before,q:after{content:none}table{border-collapse:collapse;border-spacing:0}
  code,pre{font-family:monospace;}

  body { padding:1em; }
  h1 { font-size:2em; line-height:1.2em; }
  h2 {  font-size:1.5em; line-height:1.2em; }
  p { margin-top: 1em; }
</style>
</head>
<body>
  <h1>ClassicCars.com</h1>
  <h2>ACCESS DENIED</h2>
  <p>Your user-agent, ip address or request parameters have identified your request as invalid or otherwise bad.</p>
  <p>If you have questions, please contact <u><span>development</span><span>&#64;</span><span>DOMAIN.COM</span></u>.</p>
<br />
<pre>
ERROR_CODE: BAD-ACTOR
IP_ADDR   : <%=Request.ServerVariables["REMOTE_ADDR"]%>
USER_AGENT: <%=Request.ServerVariables["HTTP_USER_AGENT"]%>
</pre>
</body>
</html>

## web.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
  <!-- ... -->
  <system.webserver>
    <!-- ... -->
    <rewrite>
      <!-- ... -->
      <rules>
        <!-- ================================================================== -->
        <!-- ================================================================== -->
        <!-- BAD ACTORS - BEGIN - THE FOLLOWING RULES ARE FOR BAD AGENTS/REQUESTS/SPAM -->
		    <!--
                http://perishablepress.com/2013-user-agent-blacklist/
                http://perishablepress.com/2014-micro-blacklist/
                http://perishablepress.com/2013-ip-blacklist/
        -->
        <!-- ================================================================== -->
        <!--
        <rule name="BadActors_2013_1">
          <conditions>
            <add input="{HTTP_USER_AGENT}" pattern="(\&lt;|\&gt;|&amp;lt|&amp;gt|\'|\$x0E|%0A|%0D|%27|%3C|%3E|%00|@\$x|\!susie|_irc|_works|\+select\+|\+union\+|\&lt;\?|1,1,1,|3gse|4all|4anything|5\.1\;\sxv6875\)|59\.64\.153\.|85\.17\.|88\.0\.106\.|98|a_browser|a1\ssite|abac|abach|abby|aberja|abilon|abont|abot|accept|access|accoo|accoon|aceftp|acme|active|address|adopt|adress|advisor|agent|ahead|aihit|aipbot|alarm|albert|alek|alexa\stoolbar\;\s\(r1\s1\.5\)|alltop|alma|alot|alpha|america\sonline\sbrowser\s1\.1|amfi|amfibi|anal|andit|anon|ansearch|answer|answerbus|answerchase|antivirx|apollo|appie|arach|archive|arian|aboutoil|asps|aster|atari|atlocal|atom|atrax|atrop|attrib|autoh|autohot|av\sfetch|avsearch|axod|axon|baboom|baby|back|baid|bali|bandit|barry|basichttp|batch|bdfetch|beat|beaut|become|bee|beij|betabot|biglotron|bilgi|binlar|bison|bitacle|bitly|blaiz|blitz|blogl|blogscope|blogzice|bloob|blow|bord|bond|boris|bost|bot\.ara|botje|botw|bpimage|brand|brok|broth|browseabit|browsex|bruin|bsalsa|bsdseek|built|bulls|bumble|bunny|busca|busi|buy|bwh3|cafek|cafi|camel|cand|captu|casper|catch|ccbot|ccubee|cd34|ceg|cfnetwork|cgichk|cha0s|chang|chaos|char|char\(|chase\sx|check_http|checker|checkonly|checkprivacy|chek|chill|chttpclient|cipinet|cisco|cita|citeseer|clam|claria|claw|cloak|clshttp|clush|coast|cmsworldmap|code\.com|cogent|coldfusion|coll|collect|comb|combine|commentreader|common|comodo|compan|compatible\-|conc|conduc|contact|control|contype|conv|cool|copi|copy|coral|corn|cosmos|costa|cowbot|cr4nk|craft|cralwer|crank|crap|crawler0|crazy|cres|cs\-cz|cshttp|cuill|CURI|curl|curry|custo|cute|cyber|cz3|czx|daily|dalvik|daobot|dark|darwin|data|daten|dcbot|dcs|dds\sexplorer|deep|deps|detect|dex|diam|diavol|diibot|dillo|ding|disc|disp|ditto|dlc|doco|dotbot|drag|drec|dsdl|dsok|dts|duck|dumb|eag|earn|earthcom|easydl|ebin|echo|edco|egoto|elnsb5|email|emer|empas|encyclo|enfi|enhan|enterprise_search|envolk|erck|erocr|eventax|evere|evil|ewh|exac|exploit|expre|extra|eyen|fang|fast|fastbug|faxo|fdse|feed24|feeddisc|feedfinder|feedhub|fetch|filan|fileboo|fimap|find|firebat|firedownload\/1\.2pre\sfirefox\/3\.6|firefox\/0|firs|flam|flash|flexum|flicky|flip|fly|focus|fooky|forum|forv|fost|foto|foun|fount|foxy\/1\;|free|friend|frontpage|fuck|fuer|futile|fyber|gais|galbot|gbpl|gecko\/2001|gecko\/2002|gecko\/2006|gecko\/2009042316|gener|geni|geo|geona|geth|getr|getw|ggl|gira|gluc|gnome|go\!zilla|goforit|goldfire|gonzo|google\swireless|gosearch|got\-it|gozilla|grab|graf|greg|grub|grup|gsa\-cra|gsearch|gt\:\:www|guidebot|guruji|gyps|haha|hailo|harv|hash|hatena|hax|head|helm|herit|heritrix|hgre|hippo|hloader|hmse|hmview|holm|holy|hotbar\s4\.4\.5\.0|hpprint|href\s|httpclient|httpconnect|httplib|httrack|human|huron|hverify|hybrid|hyper|ia_archiver|iaskspi|ibm\sevv|iccra|ichiro|icopy|ics\)|ida|ie\/5\.0|ieauto|iempt|iexplore\.exe|ilium|ilse|iltrov|indexer|indy|ineturl|infonav|innerpr|inspect|insuran|intellig|interget|internet_explorer|internetx|intraf|ip2|ipsel|irlbot|isc_sys|isilo|isrccrawler|isspi|jady|jaka|jam|jenn|jet|jiro|jobo|joc|jupit|just|jyx|jyxo|kash|kazo|kbee|kenjin|kernel|keywo|kfsw|kkma|kmc|know|kosmix|krae|krug|ksibot|ktxn|kum|labs|lanshan|lapo|larbin|leech|lets|lexi|lexxe|libby|libcrawl|libcurl|libfetch|libweb|light|linc|lingue|linkcheck|linklint|linkman|lint|list|litefeeds|livedoor|livejournal|liveup|lmq|loader|locu|london|lone|loop|lork|lth_|lwp|mac_f|magi|magp|mail\.ru|main|majest|mam|mama|mana|marketwire|masc|mass|mata|mvi|mcbot|mecha|mechanize|mediapartners|metadata|metalogger|metaspin|metauri|mete|mib\/2\.2|microsoft\.url|microsoft_internet_explorer|mido|miggi|miix|mindjet|mindman|miner|mips|mira|mire|miss|mist|mizz|mj12|mlbot|mlm|mnog|moge|moje|mooz|more|mouse|mozdex)"></add>
          </conditions>
          <action type="Rewrite" url="bad_actor.aspx" />
        </rule>
        <rule name="BadActors_2013_2">
          <conditions>
            <add input="{HTTP_USER_AGENT}" pattern="(mozilla\/0|mozilla\/1|mozilla\/4\.61\s\[en\]|mozilla\/firefox|mpf|msie\s2|msie\s3|msie\s4|msie\s5|msie\s6\.0\-|msie\s6\.0b|msie\s7\.0a1\;|msie\s7\.0b\;|msie6xpv1|msiecrawler|msnbot\-media|msnbot\-products|msnptc|msproxy|msrbot|musc|mvac|mwm|my_age|myapp|mydog|myeng|myie2|mysearch|myurl|nag|name|naver|navr|near|netants|netcach|netcrawl|netfront|netinfo|netmech|netsp|netx|netz|neural|neut|newsbreak|newsgatorinbox|newsrob|newt|next|ng\-s|ng\/2|nice|nikto|nimb|ninja|ninte|nog|noko|nomad|norb|note|npbot|nuse|nutch|nutex|nwsp|obje|ocel|octo|odi3|oegp|offby|offline|omea|omg|omhttp|onfo|onyx|openf|openssl|openu|opera\s2|opera\s3|opera\s4|opera\s5|opera\s6|opera\s7|orac|orbit|oreg|osis|our|outf|owl|p3p_|page2rss|pagefet|pansci|parser|patw|pavu|pb2pb|pcbrow|pear|peer|pepe|perfect|perl|petit|phoenix\/0\.|phras|picalo|piff|pig|pingd|pipe|pirs|plag|planet|plant|platform|playstation|plesk|pluck|plukkie|poe\-com|poirot|pomp|post|postrank|powerset|preload|press|privoxy|probe|program_shareware|protect|protocol|prowl|proxie|proxy|psbot|pubsub|puf|pulse|punit|purebot|purity|pyq|pyth|query|quest|qweer|radian|rambler|ramp|rapid|rawdog|rawgrunt|reap|reeder|refresh|reget|relevare|repo|requ|request|rese|retrieve|rip|rix|rma|roboz|rocket|rogue|rpt\-http|rsscache|ruby|ruff|rufus|rv\:0\.9\.7\)|salt|sample|sauger|savvy|sbcyds|sbider|sblog|sbp|scagent|scan|scej_|sched|schizo|schlong|schmo|scorp|scott|scout|scrawl|screen|screenshot|script|seamonkey\/1\.5a|search17|searchbot|searchme|sega|semto|sensis|seop|seopro|sept|sezn|seznam|share|sharp|shaz|shell|shelo|sherl|shim|shopwiki|silurian|simple|simplepie|siph|sitekiosk|sitescan|sitevigil|sitex|skam|skimp|skygrid|sledink|sleip|slide|sly|smag|smurf|snag|snapbot|snapshot|snif|snip|snoop|sock|socsci|sogou|sohu|solr|some|soso|spad|span|spbot|speed|sphere|spin|sproose|spurl|sputnik|spyder|squi|sqwid|sqworm|ssm_ag|stack|stamp|statbot|state|steel|stilo|strateg|stress|strip|style|subot|such|suck|sume|sunos\s5\.7|sunrise|superbot|superbro|supervi|surf4me|surfbot|survey|susi|suza|suzu|sweep|swish|sygol|synapse|sync2it|systems|szukacz|tagger|tagoo|tagyu|take|talkro|tamu|tandem|tarantula|tbot|tcf|tcs\/1|teamsoft|tecomi|teesoft|teleport|telesoft|tencent|terrawiz|test|texnut|thomas|tiehttp|timebot|timely|tipp|tiscali|titan|tmcrawler|tmhtload|tocrawl|todobr|tongco|toolbar\;\s\(r1|topic|topyx|torrent|track|translate|traveler|treeview|tricus|trivia|trivial|true|tunnel|turing|turnitin|tutorgig|twat|tweak|twice|tygo|ubee|uchoo|ultraseek|unavail|unf|universal|unknown|upg1|urlbase|urllib|urly|user\-agent\:|useragent|usyd|vagabo|valet|vamp|vci|veri\~li|verif|versus|via|vikspider|virtual|visual|void|voyager|vsyn|w0000t|w3search|walhello|walker|wand|waol|watch|wavefire|wbdbot|weather|web\.ima|web2mal|webarchive|webbot|webcat|webcor|webcorp|webcrawl|webdat|webdup|webgo|webind|webis|webitpr|weblea|webmin|webmoney|webp|webql|webrobot|webster|websurf|webtre|webvac|webzip|wells|wep_s|wget|whiz|widow|win67|windows\-rss|windows\s2000|windows\s3|windows\s95|windows\s98|windows\sce|windows\sme|winht|winodws|wish|wizz|worio|works|world|worth|wwwc|wwwo|wwwster|xaldon|xbot|xenu|xirq|y\!tunnel|yacy|yahoo\-mmaudvid|yahooseeker|yahooysmcm|yamm|yand|yandex|yang|yoono|yori|yotta|yplus\s|ytunnel|zade|zagre|zeal|zebot|zerx|zeus|zhuaxia|zipcode|zixy|zmao|zmeu|zune)" />
          </conditions>
          <action type="Rewrite" url="bad_actor.aspx" />
        </rule>
        <rule name="BadActors_2013_3">
          <conditions>
            <add input="{HTTP_USER_AGENT}" pattern="(black\shole|titan|webstripper|netmechanic|cherrypicker|emailcollector|emailsiphon|webbandit|emailwolf|extractorpro|copyrightcheck|crescent|wget|sitesnagger|prowebwalker|cheesebot|teleport|teleportpro|miixpc|telesoft|website\squester|webzip|moget/2\.1|webzip\/4\.0|websauger|webcopier|netants|mister\spix|webauto|thenomad|www-collector-e|rma|libweb/clshttp|asterias|httplib|turingos|spanner|infonavirobot|harvest/1\.5|bullseye/1\.0|mozilla/4\.0\s\(compatible;\sbullseye;\swindows\s95\)|crescent\sinternet\stoolpak\shttp\sole\scontrol\sv\.1\.0|cherrypickerse/1\.0|cherrypicker\s/1\.0|webbandit/3\.50|nicerspro|microsoft\surl\scontrol\s-\s5\.01\.4511|dittospyder|foobot|webmasterworldforumbot|spankbot|botalot|lwp-trivial/1\.34|lwp-trivial|wget/1\.6|bunnyslippers|microsoft\surl\scontrol\s-\s6\.00\.8169|urly\swarning|wget/1\.5\.3|linkwalker|cosmos|moget|hloader|humanlinks|linkextractorpro|offline\sexplorer|mata\shari|lexibot|web\simage\scollector|the\sintraformant|true_robot/1\.0|true_robot|blowfish/1\.0|jennybot|miixpc/4\.2|builtbottough|propowerbot/2\.14|backdoorbot/1\.0|tocrawl/urldispatcher|webenhancer|tighttwatbot|suzuran|vci\swebviewer\svci\swebviewer\swin32|vci|szukacz/1\.4|queryn\smetasearch|openfind\sdata\sgathere|openfind|xenu\'s\slink\ssleuth\s1\.1c|xenu's|zeus|repomonkey\sbait\s&amp;\stackle/v1\.01|repomonkey|zeus\s32297\swebster\spro\sv2\.9\swin32|webster\spro|erocrawler|linkscan/8\.1a\sunix|keyword\sdensity/0\.9|kenjin\sspider|cegbfeieh)" />
          </conditions>
          <action type="Rewrite" url="bad_actor.aspx" />
        </rule>
        <rule name="BadActors4_2014">
          <conditions>
            <add input="{HTTP_USER_AGENT}" pattern="(g00g1e|seekerspider|siclab|spam|sqlmap|rchiver|binlar|casper|checkprivacy|clshttp|cmsworldmap|comodo|curl|diavol|dotbot|email|extract|feedfinder|flicky|grab|harvest|httrack|ia_archiver|jakarta|kmccrew|libwww|loader|miner|nikto|nutch|planetwork|purebot|pycurl|python|scan|skygrid|sucker|turnit|vikspider|wget|winhttp|youda|zmeu|zune)" />
          </conditions>
          <action type="Rewrite" url="bad_actor.aspx" />
        </rule>
        <rule name="BadIP_2013_1">
          <conditions>
            <add input="{REMOTE_ADDR}" pattern="^(208.50.101.|78.234.5.2|98.150.108.228|69.41.14.215|64.124.98.10|64.125.188.25|64.124.203.72|8.28.16.|91.121.|77.222.61.|74.63.250.|27.159.223.|94.23.|89.185.228.|95.87.220.|69.94.34.|221.132.34.|114.33.237.|184.169.163.|69.162.68.|91.102.118.|27.54.93.|198.57.208.|142.4.215.|79.142.67.|65.111.165.|69.175.78.|37.59.47.|201.10.113.|1.234.27.|123.30.50.|89.221.250.|202.43.169.|41.210.123.|173.54.107.|69.169.94.|188.165.|93.185.106.|118.98.223.|200.63.102.|84.127.22.|151.28.208.|176.194.133.|213.184.242.|27.153.229.|72.47.196.|109.199.242.214|208.27.69.9|86.83.234.160|103.3.223.91|81.149.190.176|213.125.223.202|46.120.100.248|188.49.63.110|199.229.249.187|37.77.162.130|80.192.66.108|84.25.70.100|37.221.160.158|209.140.28.124|212.227.18.17|178.119.213.35|85.246.12.149|91.236.116.119|81.157.96.215|213.100.101.109|112.198.77.40|216.38.8.177|204.45.133.74|71.245.243.98|212.227.18.17|188.223.209.72|109.255.36.134|86.19.152.228|71.6.203.27|184.168.116.128|151.27.123.198|65.55.24.237|157.|81.144.138.34|111.73.46.4|186.222.83.11|60.234.45.151|157.|82.170.182.160|82.169.246.22|64.14.78.96|86.156.146.50|85.59.38.177|81.144.138.34|157.55.36.|8.28.16.|27.159.233.63|50.9.101.245|61.189.22.137|64.124.203.|74.217.148.|78.85.18.135|89.31.|109.108.163.154|110.85.115.183|120.37.208.95|120.37.210.111|120.43.4.142|120.39.23.174|124.243.124.206|150.70.64.|150.70.75.|150.70.172.|174.127.133.|200.98.197.|204.13.66.21|207.241.226.91|208.50.101.|221.206.105.219|183.61.245.|190.199.229.235|207.241.237.|82.165.136.)" />
          </conditions>
          <action type="Rewrite" url="bad_actor.aspx" />
        </rule>
        <rule name="BadIP_2014_1">
          <conditions>
            <add input="{REMOTE_ADDR}" pattern="^(123.151.39.|77.172.210.|174.94.131.|89.238.137.59|212.90.148.101|91.207.61.129|202.46.52.120|128.73.60.194|68.108.17.141|27.54.93.178|194.9.94.213|122.166.169.127|96.9.163.49|54.229.73.40|203.109.158.201|46.105.113.8|183.60.244.|54.232.102.193|195.157.124.186|118.39.113.219|27.255.56.87|69.161.138.1|192.96.204.42|178.63.52.200|27.252.92.103|37.59.65.58|186.202.126.94|186.213.72.146|186.219.44.6)" />
          </conditions>
          <action type="Rewrite" url="bad_actor.aspx" />
        </rule>
        -->
        <!-- ================================================================== -->
        <!-- BAD ACTORS - END -->
        <!-- ================================================================== -->

        <!-- ... -->
      </rules>
      <!-- ... -->
    </rewrite>
    <!-- ... -->
  </system.webServer>
  <!-- ... -->
</configuration>
	<%@ Page Language="C#" AutoEventWireup="true"%><!DOCTYPE html>
	<%
	// This code is required for host that do special 404 handling...
	Response.Status = "403 Access Denied";
	Response.StatusCode = 403;
	Response.AddHeader("X-Robots-Tag", "noindex,noarchive"); //don't store this in any index
	%><html>
	<head>
	<title>ClassicCars.com - Bad Request</title>
	<style type="text/css">
	/* Eric Meyer's Reset CSS v2.0 - http://cssreset.com */
	html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acronym,address,big,cite,code,del,dfn,em,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,center,dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td,article,aside,canvas,details,embed,figure,figcaption,footer,header,hgroup,menu,nav,output,ruby,section,summary,time,mark,audio,video{border:0;font-size:100%;font:inherit;vertical-align:baseline;margin:0;padding:0;font-family:sans-serif;line-height:1.2em;}
	article,aside,details,figcaption,figure,footer,header,hgroup,menu,nav,section{display:block}
	body{line-height:1}ol,ul{list-style:none}blockquote,q{quotes:none}blockquote:before,blockquote:after,q:before,q:after{content:none}table{border-collapse:collapse;border-spacing:0}
	code,pre{font-family:monospace;}

	body { padding:1em; }
	h1 { font-size:2em; line-height:1.2em; }
	h2 { font-size:1.5em; line-height:1.2em; }
	p { margin-top: 1em; }
	</style>
	</head>
	<body>
	<h1>ClassicCars.com</h1>
	<h2>ACCESS DENIED</h2>
	<p>Your user-agent, ip address or request parameters have identified your request as invalid or otherwise bad.</p>
	<p>If you have questions, please contact <u><span>development</span><span>@</span><span>DOMAIN.COM</span></u>.</p>
	<br />
	<pre>
	ERROR_CODE: BAD-ACTOR
	IP_ADDR : <%=Request.ServerVariables["REMOTE_ADDR"]%>
	USER_AGENT: <%=Request.ServerVariables["HTTP_USER_AGENT"]%>
	</pre>
	</body>
	</html>
	<?xml version="1.0" encoding="utf-8"?>
	<configuration>
	<!-- ... -->
	<system.webserver>
	<!-- ... -->
	<rewrite>
	<!-- ... -->
	<rules>
	<!-- ================================================================== -->
	<!-- ================================================================== -->
	<!-- BAD ACTORS - BEGIN - THE FOLLOWING RULES ARE FOR BAD AGENTS/REQUESTS/SPAM -->
	<!--
	http://perishablepress.com/2013-user-agent-blacklist/
	http://perishablepress.com/2014-micro-blacklist/
	http://perishablepress.com/2013-ip-blacklist/
	-->
	<!-- ================================================================== -->
	<!--
	<rule name="BadActors_2013_1">
	<conditions>
	<add input="{HTTP_USER_AGENT}" pattern="(\<\|\>\|&lt\|&gt\|\'\|\$x0E\|%0A\|%0D\|%27\|%3C\|%3E\|%00\|@\$x\|\!susie\|_irc\|_works\|\+select\+\|\+union\+\|\<\?\|1,1,1,\|3gse\|4all\|4anything\|5\.1\;\sxv6875\)\|59\.64\.153\.\|85\.17\.\|88\.0\.106\.\|98\|a_browser\|a1\ssite\|abac\|abach\|abby\|aberja\|abilon\|abont\|abot\|accept\|access\|accoo\|accoon\|aceftp\|acme\|active\|address\|adopt\|adress\|advisor\|agent\|ahead\|aihit\|aipbot\|alarm\|albert\|alek\|alexa\stoolbar\;\s\(r1\s1\.5\)\|alltop\|alma\|alot\|alpha\|america\sonline\sbrowser\s1\.1\|amfi\|amfibi\|anal\|andit\|anon\|ansearch\|answer\|answerbus\|answerchase\|antivirx\|apollo\|appie\|arach\|archive\|arian\|aboutoil\|asps\|aster\|atari\|atlocal\|atom\|atrax\|atrop\|attrib\|autoh\|autohot\|av\sfetch\|avsearch\|axod\|axon\|baboom\|baby\|back\|baid\|bali\|bandit\|barry\|basichttp\|batch\|bdfetch\|beat\|beaut\|become\|bee\|beij\|betabot\|biglotron\|bilgi\|binlar\|bison\|bitacle\|bitly\|blaiz\|blitz\|blogl\|blogscope\|blogzice\|bloob\|blow\|bord\|bond\|boris\|bost\|bot\.ara\|botje\|botw\|bpimage\|brand\|brok\|broth\|browseabit\|browsex\|bruin\|bsalsa\|bsdseek\|built\|bulls\|bumble\|bunny\|busca\|busi\|buy\|bwh3\|cafek\|cafi\|camel\|cand\|captu\|casper\|catch\|ccbot\|ccubee\|cd34\|ceg\|cfnetwork\|cgichk\|cha0s\|chang\|chaos\|char\|char\(\|chase\sx\|check_http\|checker\|checkonly\|checkprivacy\|chek\|chill\|chttpclient\|cipinet\|cisco\|cita\|citeseer\|clam\|claria\|claw\|cloak\|clshttp\|clush\|coast\|cmsworldmap\|code\.com\|cogent\|coldfusion\|coll\|collect\|comb\|combine\|commentreader\|common\|comodo\|compan\|compatible\-\|conc\|conduc\|contact\|control\|contype\|conv\|cool\|copi\|copy\|coral\|corn\|cosmos\|costa\|cowbot\|cr4nk\|craft\|cralwer\|crank\|crap\|crawler0\|crazy\|cres\|cs\-cz\|cshttp\|cuill\|CURI\|curl\|curry\|custo\|cute\|cyber\|cz3\|czx\|daily\|dalvik\|daobot\|dark\|darwin\|data\|daten\|dcbot\|dcs\|dds\sexplorer\|deep\|deps\|detect\|dex\|diam\|diavol\|diibot\|dillo\|ding\|disc\|disp\|ditto\|dlc\|doco\|dotbot\|drag\|drec\|dsdl\|dsok\|dts\|duck\|dumb\|eag\|earn\|earthcom\|easydl\|ebin\|echo\|edco\|egoto\|elnsb5\|email\|emer\|empas\|encyclo\|enfi\|enhan\|enterprise_search\|envolk\|erck\|erocr\|eventax\|evere\|evil\|ewh\|exac\|exploit\|expre\|extra\|eyen\|fang\|fast\|fastbug\|faxo\|fdse\|feed24\|feeddisc\|feedfinder\|feedhub\|fetch\|filan\|fileboo\|fimap\|find\|firebat\|firedownload\/1\.2pre\sfirefox\/3\.6\|firefox\/0\|firs\|flam\|flash\|flexum\|flicky\|flip\|fly\|focus\|fooky\|forum\|forv\|fost\|foto\|foun\|fount\|foxy\/1\;\|free\|friend\|frontpage\|fuck\|fuer\|futile\|fyber\|gais\|galbot\|gbpl\|gecko\/2001\|gecko\/2002\|gecko\/2006\|gecko\/2009042316\|gener\|geni\|geo\|geona\|geth\|getr\|getw\|ggl\|gira\|gluc\|gnome\|go\!zilla\|goforit\|goldfire\|gonzo\|google\swireless\|gosearch\|got\-it\|gozilla\|grab\|graf\|greg\|grub\|grup\|gsa\-cra\|gsearch\|gt\:\:www\|guidebot\|guruji\|gyps\|haha\|hailo\|harv\|hash\|hatena\|hax\|head\|helm\|herit\|heritrix\|hgre\|hippo\|hloader\|hmse\|hmview\|holm\|holy\|hotbar\s4\.4\.5\.0\|hpprint\|href\s\|httpclient\|httpconnect\|httplib\|httrack\|human\|huron\|hverify\|hybrid\|hyper\|ia_archiver\|iaskspi\|ibm\sevv\|iccra\|ichiro\|icopy\|ics\)\|ida\|ie\/5\.0\|ieauto\|iempt\|iexplore\.exe\|ilium\|ilse\|iltrov\|indexer\|indy\|ineturl\|infonav\|innerpr\|inspect\|insuran\|intellig\|interget\|internet_explorer\|internetx\|intraf\|ip2\|ipsel\|irlbot\|isc_sys\|isilo\|isrccrawler\|isspi\|jady\|jaka\|jam\|jenn\|jet\|jiro\|jobo\|joc\|jupit\|just\|jyx\|jyxo\|kash\|kazo\|kbee\|kenjin\|kernel\|keywo\|kfsw\|kkma\|kmc\|know\|kosmix\|krae\|krug\|ksibot\|ktxn\|kum\|labs\|lanshan\|lapo\|larbin\|leech\|lets\|lexi\|lexxe\|libby\|libcrawl\|libcurl\|libfetch\|libweb\|light\|linc\|lingue\|linkcheck\|linklint\|linkman\|lint\|list\|litefeeds\|livedoor\|livejournal\|liveup\|lmq\|loader\|locu\|london\|lone\|loop\|lork\|lth_\|lwp\|mac_f\|magi\|magp\|mail\.ru\|main\|majest\|mam\|mama\|mana\|marketwire\|masc\|mass\|mata\|mvi\|mcbot\|mecha\|mechanize\|mediapartners\|metadata\|metalogger\|metaspin\|metauri\|mete\|mib\/2\.2\|microsoft\.url\|microsoft_internet_explorer\|mido\|miggi\|miix\|mindjet\|mindman\|miner\|mips\|mira\|mire\|miss\|mist\|mizz\|mj12\|mlbot\|mlm\|mnog\|moge\|moje\|mooz\|more\|mouse\|mozdex)"></add>
	</conditions>
	<action type="Rewrite" url="bad_actor.aspx" />
	</rule>
	<rule name="BadActors_2013_2">
	<conditions>
	<add input="{HTTP_USER_AGENT}" pattern="(mozilla\/0\|mozilla\/1\|mozilla\/4\.61\s\[en\]\|mozilla\/firefox\|mpf\|msie\s2\|msie\s3\|msie\s4\|msie\s5\|msie\s6\.0\-\|msie\s6\.0b\|msie\s7\.0a1\;\|msie\s7\.0b\;\|msie6xpv1\|msiecrawler\|msnbot\-media\|msnbot\-products\|msnptc\|msproxy\|msrbot\|musc\|mvac\|mwm\|my_age\|myapp\|mydog\|myeng\|myie2\|mysearch\|myurl\|nag\|name\|naver\|navr\|near\|netants\|netcach\|netcrawl\|netfront\|netinfo\|netmech\|netsp\|netx\|netz\|neural\|neut\|newsbreak\|newsgatorinbox\|newsrob\|newt\|next\|ng\-s\|ng\/2\|nice\|nikto\|nimb\|ninja\|ninte\|nog\|noko\|nomad\|norb\|note\|npbot\|nuse\|nutch\|nutex\|nwsp\|obje\|ocel\|octo\|odi3\|oegp\|offby\|offline\|omea\|omg\|omhttp\|onfo\|onyx\|openf\|openssl\|openu\|opera\s2\|opera\s3\|opera\s4\|opera\s5\|opera\s6\|opera\s7\|orac\|orbit\|oreg\|osis\|our\|outf\|owl\|p3p_\|page2rss\|pagefet\|pansci\|parser\|patw\|pavu\|pb2pb\|pcbrow\|pear\|peer\|pepe\|perfect\|perl\|petit\|phoenix\/0\.\|phras\|picalo\|piff\|pig\|pingd\|pipe\|pirs\|plag\|planet\|plant\|platform\|playstation\|plesk\|pluck\|plukkie\|poe\-com\|poirot\|pomp\|post\|postrank\|powerset\|preload\|press\|privoxy\|probe\|program_shareware\|protect\|protocol\|prowl\|proxie\|proxy\|psbot\|pubsub\|puf\|pulse\|punit\|purebot\|purity\|pyq\|pyth\|query\|quest\|qweer\|radian\|rambler\|ramp\|rapid\|rawdog\|rawgrunt\|reap\|reeder\|refresh\|reget\|relevare\|repo\|requ\|request\|rese\|retrieve\|rip\|rix\|rma\|roboz\|rocket\|rogue\|rpt\-http\|rsscache\|ruby\|ruff\|rufus\|rv\:0\.9\.7\)\|salt\|sample\|sauger\|savvy\|sbcyds\|sbider\|sblog\|sbp\|scagent\|scan\|scej_\|sched\|schizo\|schlong\|schmo\|scorp\|scott\|scout\|scrawl\|screen\|screenshot\|script\|seamonkey\/1\.5a\|search17\|searchbot\|searchme\|sega\|semto\|sensis\|seop\|seopro\|sept\|sezn\|seznam\|share\|sharp\|shaz\|shell\|shelo\|sherl\|shim\|shopwiki\|silurian\|simple\|simplepie\|siph\|sitekiosk\|sitescan\|sitevigil\|sitex\|skam\|skimp\|skygrid\|sledink\|sleip\|slide\|sly\|smag\|smurf\|snag\|snapbot\|snapshot\|snif\|snip\|snoop\|sock\|socsci\|sogou\|sohu\|solr\|some\|soso\|spad\|span\|spbot\|speed\|sphere\|spin\|sproose\|spurl\|sputnik\|spyder\|squi\|sqwid\|sqworm\|ssm_ag\|stack\|stamp\|statbot\|state\|steel\|stilo\|strateg\|stress\|strip\|style\|subot\|such\|suck\|sume\|sunos\s5\.7\|sunrise\|superbot\|superbro\|supervi\|surf4me\|surfbot\|survey\|susi\|suza\|suzu\|sweep\|swish\|sygol\|synapse\|sync2it\|systems\|szukacz\|tagger\|tagoo\|tagyu\|take\|talkro\|tamu\|tandem\|tarantula\|tbot\|tcf\|tcs\/1\|teamsoft\|tecomi\|teesoft\|teleport\|telesoft\|tencent\|terrawiz\|test\|texnut\|thomas\|tiehttp\|timebot\|timely\|tipp\|tiscali\|titan\|tmcrawler\|tmhtload\|tocrawl\|todobr\|tongco\|toolbar\;\s\(r1\|topic\|topyx\|torrent\|track\|translate\|traveler\|treeview\|tricus\|trivia\|trivial\|true\|tunnel\|turing\|turnitin\|tutorgig\|twat\|tweak\|twice\|tygo\|ubee\|uchoo\|ultraseek\|unavail\|unf\|universal\|unknown\|upg1\|urlbase\|urllib\|urly\|user\-agent\:\|useragent\|usyd\|vagabo\|valet\|vamp\|vci\|veri\~li\|verif\|versus\|via\|vikspider\|virtual\|visual\|void\|voyager\|vsyn\|w0000t\|w3search\|walhello\|walker\|wand\|waol\|watch\|wavefire\|wbdbot\|weather\|web\.ima\|web2mal\|webarchive\|webbot\|webcat\|webcor\|webcorp\|webcrawl\|webdat\|webdup\|webgo\|webind\|webis\|webitpr\|weblea\|webmin\|webmoney\|webp\|webql\|webrobot\|webster\|websurf\|webtre\|webvac\|webzip\|wells\|wep_s\|wget\|whiz\|widow\|win67\|windows\-rss\|windows\s2000\|windows\s3\|windows\s95\|windows\s98\|windows\sce\|windows\sme\|winht\|winodws\|wish\|wizz\|worio\|works\|world\|worth\|wwwc\|wwwo\|wwwster\|xaldon\|xbot\|xenu\|xirq\|y\!tunnel\|yacy\|yahoo\-mmaudvid\|yahooseeker\|yahooysmcm\|yamm\|yand\|yandex\|yang\|yoono\|yori\|yotta\|yplus\s\|ytunnel\|zade\|zagre\|zeal\|zebot\|zerx\|zeus\|zhuaxia\|zipcode\|zixy\|zmao\|zmeu\|zune)" />
	</conditions>
	<action type="Rewrite" url="bad_actor.aspx" />
	</rule>
	<rule name="BadActors_2013_3">
	<conditions>
	<add input="{HTTP_USER_AGENT}" pattern="(black\shole\|titan\|webstripper\|netmechanic\|cherrypicker\|emailcollector\|emailsiphon\|webbandit\|emailwolf\|extractorpro\|copyrightcheck\|crescent\|wget\|sitesnagger\|prowebwalker\|cheesebot\|teleport\|teleportpro\|miixpc\|telesoft\|website\squester\|webzip\|moget/2\.1\|webzip\/4\.0\|websauger\|webcopier\|netants\|mister\spix\|webauto\|thenomad\|www-collector-e\|rma\|libweb/clshttp\|asterias\|httplib\|turingos\|spanner\|infonavirobot\|harvest/1\.5\|bullseye/1\.0\|mozilla/4\.0\s\(compatible;\sbullseye;\swindows\s95\)\|crescent\sinternet\stoolpak\shttp\sole\scontrol\sv\.1\.0\|cherrypickerse/1\.0\|cherrypicker\s/1\.0\|webbandit/3\.50\|nicerspro\|microsoft\surl\scontrol\s-\s5\.01\.4511\|dittospyder\|foobot\|webmasterworldforumbot\|spankbot\|botalot\|lwp-trivial/1\.34\|lwp-trivial\|wget/1\.6\|bunnyslippers\|microsoft\surl\scontrol\s-\s6\.00\.8169\|urly\swarning\|wget/1\.5\.3\|linkwalker\|cosmos\|moget\|hloader\|humanlinks\|linkextractorpro\|offline\sexplorer\|mata\shari\|lexibot\|web\simage\scollector\|the\sintraformant\|true_robot/1\.0\|true_robot\|blowfish/1\.0\|jennybot\|miixpc/4\.2\|builtbottough\|propowerbot/2\.14\|backdoorbot/1\.0\|tocrawl/urldispatcher\|webenhancer\|tighttwatbot\|suzuran\|vci\swebviewer\svci\swebviewer\swin32\|vci\|szukacz/1\.4\|queryn\smetasearch\|openfind\sdata\sgathere\|openfind\|xenu\'s\slink\ssleuth\s1\.1c\|xenu's\|zeus\|repomonkey\sbait\s&\stackle/v1\.01\|repomonkey\|zeus\s32297\swebster\spro\sv2\.9\swin32\|webster\spro\|erocrawler\|linkscan/8\.1a\sunix\|keyword\sdensity/0\.9\|kenjin\sspider\|cegbfeieh)" />
	</conditions>
	<action type="Rewrite" url="bad_actor.aspx" />
	</rule>
	<rule name="BadActors4_2014">
	<conditions>
	<add input="{HTTP_USER_AGENT}" pattern="(g00g1e\|seekerspider\|siclab\|spam\|sqlmap\|rchiver\|binlar\|casper\|checkprivacy\|clshttp\|cmsworldmap\|comodo\|curl\|diavol\|dotbot\|email\|extract\|feedfinder\|flicky\|grab\|harvest\|httrack\|ia_archiver\|jakarta\|kmccrew\|libwww\|loader\|miner\|nikto\|nutch\|planetwork\|purebot\|pycurl\|python\|scan\|skygrid\|sucker\|turnit\|vikspider\|wget\|winhttp\|youda\|zmeu\|zune)" />
	</conditions>
	<action type="Rewrite" url="bad_actor.aspx" />
	</rule>
	<rule name="BadIP_2013_1">
	<conditions>
	<add input="{REMOTE_ADDR}" pattern="^(208.50.101.\|78.234.5.2\|98.150.108.228\|69.41.14.215\|64.124.98.10\|64.125.188.25\|64.124.203.72\|8.28.16.\|91.121.\|77.222.61.\|74.63.250.\|27.159.223.\|94.23.\|89.185.228.\|95.87.220.\|69.94.34.\|221.132.34.\|114.33.237.\|184.169.163.\|69.162.68.\|91.102.118.\|27.54.93.\|198.57.208.\|142.4.215.\|79.142.67.\|65.111.165.\|69.175.78.\|37.59.47.\|201.10.113.\|1.234.27.\|123.30.50.\|89.221.250.\|202.43.169.\|41.210.123.\|173.54.107.\|69.169.94.\|188.165.\|93.185.106.\|118.98.223.\|200.63.102.\|84.127.22.\|151.28.208.\|176.194.133.\|213.184.242.\|27.153.229.\|72.47.196.\|109.199.242.214\|208.27.69.9\|86.83.234.160\|103.3.223.91\|81.149.190.176\|213.125.223.202\|46.120.100.248\|188.49.63.110\|199.229.249.187\|37.77.162.130\|80.192.66.108\|84.25.70.100\|37.221.160.158\|209.140.28.124\|212.227.18.17\|178.119.213.35\|85.246.12.149\|91.236.116.119\|81.157.96.215\|213.100.101.109\|112.198.77.40\|216.38.8.177\|204.45.133.74\|71.245.243.98\|212.227.18.17\|188.223.209.72\|109.255.36.134\|86.19.152.228\|71.6.203.27\|184.168.116.128\|151.27.123.198\|65.55.24.237\|157.\|81.144.138.34\|111.73.46.4\|186.222.83.11\|60.234.45.151\|157.\|82.170.182.160\|82.169.246.22\|64.14.78.96\|86.156.146.50\|85.59.38.177\|81.144.138.34\|157.55.36.\|8.28.16.\|27.159.233.63\|50.9.101.245\|61.189.22.137\|64.124.203.\|74.217.148.\|78.85.18.135\|89.31.\|109.108.163.154\|110.85.115.183\|120.37.208.95\|120.37.210.111\|120.43.4.142\|120.39.23.174\|124.243.124.206\|150.70.64.\|150.70.75.\|150.70.172.\|174.127.133.\|200.98.197.\|204.13.66.21\|207.241.226.91\|208.50.101.\|221.206.105.219\|183.61.245.\|190.199.229.235\|207.241.237.\|82.165.136.)" />
	</conditions>
	<action type="Rewrite" url="bad_actor.aspx" />
	</rule>
	<rule name="BadIP_2014_1">
	<conditions>
	<add input="{REMOTE_ADDR}" pattern="^(123.151.39.\|77.172.210.\|174.94.131.\|89.238.137.59\|212.90.148.101\|91.207.61.129\|202.46.52.120\|128.73.60.194\|68.108.17.141\|27.54.93.178\|194.9.94.213\|122.166.169.127\|96.9.163.49\|54.229.73.40\|203.109.158.201\|46.105.113.8\|183.60.244.\|54.232.102.193\|195.157.124.186\|118.39.113.219\|27.255.56.87\|69.161.138.1\|192.96.204.42\|178.63.52.200\|27.252.92.103\|37.59.65.58\|186.202.126.94\|186.213.72.146\|186.219.44.6)" />
	</conditions>
	<action type="Rewrite" url="bad_actor.aspx" />
	</rule>
	-->
	<!-- ================================================================== -->
	<!-- BAD ACTORS - END -->
	<!-- ================================================================== -->

	<!-- ... -->
	</rules>
	<!-- ... -->
	</rewrite>
	<!-- ... -->
	</system.webServer>
	<!-- ... -->
	</configuration>