出于个人学习的目的,我在 node js 中设置了一个小型 express 网络服务器,并将其向外界开放。它只包含一个静态页面,没有其他额外的端点。
有时,一些机器人会发出随机请求,显然是试图利用一些常见的漏洞。这些请求都被记录下来。
有一种请求让我感兴趣。我还无法了解它试图达到的目标。
以下是我收到的一些示例:
[10/Dec/2020:23:55:37 +0000] "POST http://kiedys.fun/2d17b63552b6cc403d7066358f302265b36b5a21669505db3cf95cce34e15a5a2532aa55a638229487ce0e37b4422bd55181b877e45517a893f1e74b819b43e105bd36b73aa1c2ae8508607a1aee868858476c5044269cc94ae93de48b1ac16a HTTP/1.1"
[11/Dec/2020:10:51:04 +0000] "POST http://pomidorowa.xyz/7f22fd5911841fb9cea80c0145b9371d29da1d1b69795298e1b5891ffc9847b848f357a9f46a5ff87e9c85da481d37a322c7edd30aa640679521a12e07d18d1a7438b0fc26638363136141661a4ff98e873c46a7b86982d6038dca5a6adc1c2c HTTP/1.1"
[16/Dec/2020:09:09:26 +0000] "POST http://seduced.xyz/80143c6a4e331dd4422b3b75cc961a86df0eeb0b5428b8133e6d81783dc2fb2269b72803d001a200f51583d8217541795d258baa087d18fc3d30cdd1bb19a6f27933e8085f1a85c83f2181586bf4a8b397b8c651ffc126cb8cdb0aef42097a75 HTTP/1.1"
[17/Dec/2020:11:07:21 +0000] "POST http://kaymcclurg.best/35a28a78179508d919df81fb6e000bf346b0df58c84abcccea5367fbd430b32a429551c8710650314b9aa78c9dfee6723e53a2057dd92911d5431bab101a04b504d11d24476930d9d1ff8544f1a8abe9562392901bd3e86d059d5d236cebc52d HTTP/1.1"
[18/Dec/2020:00:03:55 +0000] "POST http://verdlet.website/f006d2c96296e7ab0462b6927f98ec36800db9b8b05cdf5ef75be509830f46edb90c2b9c48d10b66763d32560761359261cc20b6684de0dba79f99e19657a5b85a5037b8f4818552e93f757fdb1a449149f81e4b39e6eccc6effbb59b7ae2231 HTTP/1.1"
[01/Jan/2021:22:33:47 +0000] "POST http://zwykle.xyz/bde81af2ba9fde1c1c50fb38316a9e5f74ecdac9ca614ff5bf9d2b11c08482e19ff2d074576d0d25f8ad25028830e8e1b82611935b9d88e5e611e0ed7670174a9f1240b08f13599f039d7e96ff5edfaa058dc8d867e11be95e16d076b7270991 HTTP/1.1"
它们似乎都包含一个任意域名,后跟一个看似随机的字符串。
我无法在网络搜索中找到这些描述。可能是因为请求虽然遵循某种模式,但每个都是唯一的
我有兴趣了解这些 POST 请求的功能。