CODEWITHSUNDEEP
webnginx
Mr.ChenWithCapsule
Mr.ChenWithCapsule

Reputation: 3

What do these requests intend to do?

A strange ip sent the requests shown in the nginx log below, but what did it intend to do?

I recently set up a webserver using nginx, then, I got these requests.

Thanks in advance for useful information.

185.234.217.41 - - [30/Jun/2019:19:35:11 -0700] "GET /wallet.dat HTTP/1.1" 404 5483 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0" "-"
185.234.217.41 - - [30/Jun/2019:19:35:12 -0700] "GET /node/wallet.dat HTTP/1.1" 404 5483 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0" "-"
185.234.217.41 - - [30/Jun/2019:19:35:12 -0700] "GET /hidden/wallet.dat HTTP/1.1" 404 5483 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0" "-"
185.234.217.41 - - [30/Jun/2019:19:35:13 -0700] "GET /wallet/wallet.dat HTTP/1.1" 404 5483 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0" "-"
185.234.217.41 - - [30/Jun/2019:19:35:14 -0700] "GET /btc/wallet.dat HTTP/1.1" 404 5483 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0" "-"
185.234.217.41 - - [30/Jun/2019:19:35:14 -0700] "GET /bitcoin/wallet.dat HTTP/1.1" 404 5483 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0" "-"
185.234.217.41 - - [30/Jun/2019:19:35:15 -0700] "GET /.bitcoin/wallet/wallet.dat HTTP/1.1" 404 5483 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0" "-"
185.234.217.41 - - [30/Jun/2019:19:35:15 -0700] "GET /.bitcoin/wallet.dat HTTP/1.1" 404 5483 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0" "-"
185.234.217.41 - - [30/Jun/2019:19:35:16 -0700] "GET /core/wallet.dat HTTP/1.1" 404 5483 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0" "-"
185.234.217.41 - - [30/Jun/2019:19:35:17 -0700] "GET /coin/wallet.dat HTTP/1.1" 404 5483 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0" "-"
185.234.217.41 - - [30/Jun/2019:19:35:17 -0700] "GET /backup/wallet.dat HTTP/1.1" 404 5483 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0" "-"
185.234.217.41 - - [30/Jun/2019:19:35:18 -0700] "GET /bitcoin/wallet/wallet.dat HTTP/1.1" 404 5483 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0" "-"
185.234.217.41 - - [30/Jun/2019:19:35:19 -0700] "GET /crypto/wallet.dat HTTP/1.1" 404 5483 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0" "-"

Upvotes: 0

Views: 167

Answers (1)

Agis
Agis

Reputation: 33626

They're trying to steal your bitcoins (if any).

Long answer: People set up bots all the time to scan the internet for any misconfigured/insecure web servers that might serve files they shouldn't.

wallet.dat is such one file. It is the default filename that the official Bitcoin client is using to store the private keys. Those private keys provide access to your funds, so if anyone successfully manages to steal that file (assuming you have one), they will have access to your bitcoins.

That said, there's nothing to worry about if your server doesn't serve these files.

Upvotes: 1

Related Questions