The following is a puzzle constructed by Trinity
An interesting find
The HTML page in question contains mainly random text, but one paragraph in particular has raised suspicions within the team.
As a precautionary measure before investigating the incident further E2E decided to block traffic from and to the range of South Korean IP addresses 220.127.116.11/16.
Answer from Trinity
The key to understanding this puzzle is to take the IP address of the fictitious company that is given at the start of the puzzle and convert it from dot quad notation into decimal. This can be achieved easily by using online conversion tools. 18.104.22.168 represented in decimal format is 1445840419, a number which can be found on the 4th line of the maths equations shown in the puzzle.
Further investigation of the decimal format for IP addresses shows that the maximum number that an IPv4 address can have in decimal format can be calculated by converting the dot quad notation of 255.255.255.255 into the decimal form 4294967295. There is a clue to this in the puzzle - the first number that appears in the puzzle on the first line of maths is one more than the maximum permitted number !
All of the other numbers that appear in the puzzle are too high to be IP addresses with the exception of 243344696. Converting this number into a dot quad IP address gives 22.214.171.124, which is why the 126.96.36.199/16 range was blocked.
In fact, the full URL of the offending web page, showing that the IP address of the company is being posted to a South Korean IP address, is contained in plain text in the puzzle by combining the end of maths line 3 and 4…. 243344696?a=1445840419&b=8265124721 or in dot quad format 188.8.131.52?a=184.108.40.206&b=8265124721