on my localhost. working on golang. I think some guy is doing a scan of my localhost and I don't ...

mikexie360PRO

4 days ago

On my localmachine, I have a golang server running on localhost.

How am I getting a bunch of random logs from someone trying to do a bunch of random get requests?

what is going on? am I compromised? Is there a golang library or module that has malicious code that I downloaded?
Someone is doing random get requests, but it doesn't make sense since this is my local machine.

the portnumber and ip address that my golang server is on
'http://127.0.0.1:8080/'

22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-bin/printenv | Cannot GET /cgi-bin/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-bin/printenv | Cannot GET /cgi-bin/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-bin/printenv | Cannot GET /cgi-bin/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-bin/printenv | Cannot GET /cgi-bin/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-bin/printenv | Cannot GET /cgi-bin/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
$10 Bounty

0 Replies

mikexie360PRO

4 days ago

n/a

loudbookHOBBY

4 days ago

No…

loudbookHOBBY

4 days ago

Probably just your browser…

mikexie360PRO

4 days ago

these guys also trying to do post request and upload a file, I think?

Any ideas what is going on?

1374218777821974500

loudbookHOBBY

4 days ago

You’re not exposing port 8080 lol

mikexie360PRO

4 days ago

sorry, would it be a browser extension?

loudbookHOBBY

4 days ago

It could be

mikexie360PRO

4 days ago

the ip address is not from local host
10.141.1.222
which is near Albany, New York.

idk how networking works. I think I should download wireshark to collect logs, the next time this happens.

1374222342368268300

passosPRO

4 days ago

definitely not a Railway issue but I'm intrigued

passosPRO

4 days ago

is your local network on the range of 10.141.1.*?

loudbookHOBBY

4 days ago

???

loudbookHOBBY

4 days ago

You’re binding to 127

loudbookHOBBY

4 days ago

Nobody can access that

mikexie360PRO

4 days ago

local range is 10.141.1.*

I think that is the public static IP address that my organization owns.

passosPRO

4 days ago

wait you're in an organization? not your local home network?

loudbookHOBBY

4 days ago

that is a private IP

mikexie360PRO

4 days ago

that is what I thought. But if a browser or my own application on my localmachine access mylocalhost, it should be 127.* and not 10.*

loudbookHOBBY

4 days ago

it's somebody within your org

loudbookHOBBY

4 days ago

that is a private IP

passosPRO

4 days ago

that's a local IP

on my localhost. working on golang. I think some guy is doing a scan of my localhost and I don't ... - Railway Help Station