Probethenet Scanner

Forum Moderators: open

Message Too Old, No Replies

Probethenet Scanner

Angonasec

12:35 pm on Feb 24, 2016 (gmt 0)

104.128.144.131 - - [15/Feb/2016:21:46:22] "GET / HTTP/1.0" 403 263 "-" "www.probethenet.com scanner"
104.128.144.131 - - [15/Feb/2016:21:46:22] "HEAD /redirect.php HTTP/1.0" 403 263 "-" "www.probethenet.com scanner"

WYSIWYG.

It's not necessary to risk visiting their site, a glimpse of whois reveals they dwell in a nefarious zone of a most peculiar nation.

Some may tolerate such vermin; we however, block it by several methods.

104.128.144.0 - 104.128.159.255
104.128.144.0/20

PS. Regulars will recall my posting newly-trapped expat Sinobots weekly, for many months.

Surprisingly, I spotted only one new expat Sinobot in the last +year+, so it really does look like we have them all kettled.

Or... they've tunnelled by my secret Sinobot-trap.

lucy24

5:54 pm on Feb 24, 2016 (gmt 0)

a nefarious zone of a most peculiar nation

It is not every day you find Canada described in precisely this way.

Funny. I've got a "redirect.php" too, but I bet it's got no relation to yours.

keyplyr

10:37 pm on Feb 24, 2016 (gmt 0)

From their info page, it appears this company is conducting research on how HTTP is being used across sites. So the "redirect" head test makes sense. Research on SMPT is also being looked at.

I block the UA attribute "scan" so it's a non-issue at my sites.