I went to the IP and it sent a single file (1B) containing a line break. I don't know if they changed it recently, but that's what happens on that URL right now.
To test "correctly", you'd likely want to use the requests library or, at the least, ussend the same User-Agent header that it does.
(And, for all we know, they could just be targeting certain IP addresses... or only responding the "malicious" response the first time the URL is requested per IP... or some other weird conditions that we aren't aware of.)
To test "correctly", you'd likely want to use the requests library or, at the least, ussend the same User-Agent header that it does.
(And, for all we know, they could just be targeting certain IP addresses... or only responding the "malicious" response the first time the URL is requested per IP... or some other weird conditions that we aren't aware of.)