Welcome to WebmasterWorld Guest from 34.201.121.213

Forum Moderators: Ocean10000

Hit from "Blockchain Network Solutions"

Not sure what it's trying to accomplish

     
1:29 am on Jun 4, 2019 (gmt 0)

Junior Member

Top Contributors Of The Month

joined:Sept 8, 2016
posts:87
votes: 0


Got a hit yesterday from 31.40.253.189. BGP lookup shows that it's part of 31.40.252.0/23 (Blockchain Network Solutions Ltd).

A little more digging for Blockchain Network gives this:

31.40.252.0/23
213.166.78.0/23
213.166.76.0/23
2.57.76.0/23 (AS43444)
176.119.141.0/24 (AS43444)

Two of those are listed as being in the UK, the other 3 in Russia. The hit was directly to a pdf file on my site, but with some extra junk added on the end:

/some-pdf-file.pdf/phpAds/click.php3

That generated a 404 response from my server. The entire user-agent was:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

I'm now going to be adding all the above CIDR's to my router's blocking list. That list now consists of almost 28,000 CIDR's comprising about 582 million usable IPv4 addresses.
7:30 am on June 4, 2019 (gmt 0)

Senior Member

WebmasterWorld Senior Member wilderness is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2001
posts:5505
votes: 5


ends with SV1 must be at least fifteen years old.
10:06 am on June 4, 2019 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member dstiles is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 14, 2008
posts:3254
votes: 18


Thanks for the ranges, SumGuy, but re-check them. The same "owner" is listed for 31.40.252.0/22 which suggests similar usage.