Thanks for the information so based of what that resource says and from what I understand surely that field should only say "anonymous" or "username" if on those files / folders in my Nginx config I use "auth_basic" ?
http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html
The fact they are inputting that header unlike everyone else just alerts me.
Because I don't use auth_basic anywhere would anything bad happen if I did the following.
if($remote_user != "^$") { #Block requests where the user is not empty / missing
return 444;
}
Their IP is also listed on stopforumspam's database what also raises suspicion further https://www.stopforumspam.com/ipcheck/176.57.129.88
http://www.networkflare.com/