adscanner

Forum Moderators: open

Message Too Old, No Replies

adscanner

TorontoBoy

12:26 pm on May 18, 2018 (gmt 0)

UA: Mozilla/5.0 (compatible; adscanner/)
Protocol: HTTP/1.1
Robots.txt: Yes
Host: HEG Mass DE
85.25.210.41
85.25.176.0 - 85.25.211.255
85.25.176.0/20 85.25.192.0/20 85.25.208.0/22
Github code: [github.com...]

GET /wp-example/wp-content/uploads/2017/07/adidas-evolution-white-1-680.jpg HTTP/1.1

Did an initial reconnaissance hit, just to see if I am alive. Only went after a single image?

lucy24

5:09 pm on May 18, 2018 (gmt 0)

Only went after a single image?

Is that single image associated with some particular WP plugin which, if present, could point them in the direction of further exploits? I occasionally see robots requesting some nonexistent CSS file with /wp/ in the URLpath, and have tended to assume that's what they are after.

TorontoBoy

7:13 pm on May 18, 2018 (gmt 0)

@lucy24 No, the image is my original image, unconnected to any specific plugin. I don't use any fancy pants carousel or other image handler.

keyplyr

9:03 pm on May 18, 2018 (gmt 0)

This specific IP address is registered to: startdedicated.de.
The ranges are owned by GoDaddy (formerly hosteurope.de) and sub-allocated to various clients.

Host: HEG Mass DE

HEG = heg.com (GoDaddy)
Mass = a lot (measure) allocated
DE = Germany

GoDaddy
85.25.0.0 - 85.25.255.255
85.25.0.0/16

In addition to adscanner, the /16 is home to several other beneficial agents IMO: ADmantX, LexxeBot, TipTop, madaali.de

lucy24

12:46 am on May 19, 2018 (gmt 0)

Host: HEG Mass DE

Is it just me or ... does your blood run cold when you see the conjunction of {in Germany} + {starts with H}?

keyplyr

1:28 am on May 19, 2018 (gmt 0)

That's a stretch...

lucy24

3:21 am on May 19, 2018 (gmt 0)

I'm not saying there's any actual relationship, just that I got a visceral reaction.

adscanner

TorontoBoy

lucy24

TorontoBoy

keyplyr

lucy24

keyplyr

lucy24

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week