1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 4:43 am May 21, 2026

Forum Moderators: open

Message Too Old, No Replies

Nmap Scripting Engine

GET /nmaplowercheck

         

SumGuy

12:25 am on Feb 6, 2023 (gmt 0)

5+ Year Member Top Contributors Of The Month



I had this sequence of hits recently from 103.187.190.61 which belongs to AS135133 PI DATA CENTERS PRIVATE LIMITED (India):

POST /sdk
GET /nmaplowercheck1675455083
GET /evox/about
GET /nmaplowercheck1675455083
GET /HNAP1

The UA was:

Mozilla/5.0 (compatible; Nmap Scripting Engine; [nmap.org...]

I was curious about the "nmaplowercheck" thing. I found this exchange about it on twitter:

=============
Have you noticed the "/nmaplowercheck<digits>" requests when scanning Web servers with nmap? Where do they come from?

The culprit is "identify_404()" in its HTTP lib. It allows to see how the server answers to not-found pages: with 404 or 200 code?

[github.com...]
==============

The only action I'm taking regarding this is to (as usual) add the entire AS to my router's IP blocking list. If anyone here finds it interesting then please do discuss. I have no idea what they're trying to do (except for the usual trying to hack a web server).

blend27

3:15 pm on Feb 12, 2023 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



DATA CENTERS PRIVATE LIMITED

...tells me all I need to know to put ether entire AS OR entire /24 till I investigate farther
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. General SEO Issues / Crawler, Spider, and User Agent ID 4:43 am May 21, 2026