It may be the "Built With" crawler.

Regards...jmcc

:: detour to raw logs ::

Oh, willya look at that. Not in vast numbers, but I find the element BW/ on all sites, going back to the beginning of last year. In mine the UA string always involves BW/1.1; bit.ly/3eZNDnO and most are from 35.something. (“Built With /1.1” doesn’t make an awful lot of sense, but what can you expect from a dumb robot.) And most are in pairs, mostly http, sometimes https, implying that they request with and without www each time.

:: further detour to headers to pry into reason for consistent 403 ::

botnet_agent AND bad_range. The latter is self-explanatory; the former is not the full UA string but the element Chrome/84.0.4147.105 which robots seem to have glommed onto.

Could is be a phishing bot? bit.ly is commonly used for planting nasties, Maybe it's looking for you to sacrifice youtself?

Just saw this oddity, from 34.1.18.192, acting like a cloaked cheater. Found this thread while looking it up:) It's coming from sites.google.com so its UA won't get G's robots.txt Welcome mat again.

Stop me if you’ve heard this one ... on 24 May, not long after my previous post, I got a cluster of visits from

34.0.128.abc
...
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko; compatible; BW/1.2; rb.gy/oupwis) Chrome/124.0.0.0 Safari/537.36

exactly as quoted in OP. And alas this one didn’t get a 403. Fortunately I haven‘t seen more of them.

If .gy were a country--which is by no means certain--it would be Guyana.