Reputation: 11
What are these POST-requests containing random URLs to my node server
For personal learning purposes i set up a small express webserver in node js and opened it up to the outside world. It only contains a single static page and no other additional end-point.
Occasionally some bots make random requests, apparently attempting to exploit some common vulnerabilities. These requests are all logged.
There is a type of request that interests me. I was yet unable to learn what it is trying to achieve.
here are a few examples I have received over time:
[10/Dec/2020:23:55:37 +0000] "POST http://kiedys.fun/2d17b63552b6cc403d7066358f302265b36b5a21669505db3cf95cce34e15a5a2532aa55a638229487ce0e37b4422bd55181b877e45517a893f1e74b819b43e105bd36b73aa1c2ae8508607a1aee868858476c5044269cc94ae93de48b1ac16a HTTP/1.1"
[11/Dec/2020:10:51:04 +0000] "POST http://pomidorowa.xyz/7f22fd5911841fb9cea80c0145b9371d29da1d1b69795298e1b5891ffc9847b848f357a9f46a5ff87e9c85da481d37a322c7edd30aa640679521a12e07d18d1a7438b0fc26638363136141661a4ff98e873c46a7b86982d6038dca5a6adc1c2c HTTP/1.1"
[16/Dec/2020:09:09:26 +0000] "POST http://seduced.xyz/80143c6a4e331dd4422b3b75cc961a86df0eeb0b5428b8133e6d81783dc2fb2269b72803d001a200f51583d8217541795d258baa087d18fc3d30cdd1bb19a6f27933e8085f1a85c83f2181586bf4a8b397b8c651ffc126cb8cdb0aef42097a75 HTTP/1.1"
[17/Dec/2020:11:07:21 +0000] "POST http://kaymcclurg.best/35a28a78179508d919df81fb6e000bf346b0df58c84abcccea5367fbd430b32a429551c8710650314b9aa78c9dfee6723e53a2057dd92911d5431bab101a04b504d11d24476930d9d1ff8544f1a8abe9562392901bd3e86d059d5d236cebc52d HTTP/1.1"
[18/Dec/2020:00:03:55 +0000] "POST http://verdlet.website/f006d2c96296e7ab0462b6927f98ec36800db9b8b05cdf5ef75be509830f46edb90c2b9c48d10b66763d32560761359261cc20b6684de0dba79f99e19657a5b85a5037b8f4818552e93f757fdb1a449149f81e4b39e6eccc6effbb59b7ae2231 HTTP/1.1"
[01/Jan/2021:22:33:47 +0000] "POST http://zwykle.xyz/bde81af2ba9fde1c1c50fb38316a9e5f74ecdac9ca614ff5bf9d2b11c08482e19ff2d074576d0d25f8ad25028830e8e1b82611935b9d88e5e611e0ed7670174a9f1240b08f13599f039d7e96ff5edfaa058dc8d867e11be95e16d076b7270991 HTTP/1.1"
They all appear to contain an arbitrary domain name, followed by a seemingly random string.
I was unable to find a description of these in a web search. Possibly because the requests, while following a pattern, are each unique
I would be interested to learn what function these POST-requests serve.
Upvotes: 1
Views: 321
Answers (1)
Related Questions
- Express.js server strange calls
- why nodejs server receive a lot of unknown php/wordpress requests?
- can you confirm me this strange post request is a kind of cyber attack?
- I have an nodejs app, is this post a hacker attack?
- Started my own node.js web server project - what are these GET requests?
- What are `/t.php` GET requests coming to production server?
- Where are these requests come from?
- HTTP GET requests being made to my website for unknown .php files. Why and how to prevent this
- Unknown requests made to apache
- Weird http request found in the Node.js Express log file