on my localhost. working on golang. I think some guy is doing a scan of my localhost and I don't ...
mikexie360
PROOP

a year ago

On my localmachine, I have a golang server running on localhost.

How am I getting a bunch of random logs from someone trying to do a bunch of random get requests?

what is going on? am I compromised? Is there a golang library or module that has malicious code that I downloaded?

Someone is doing random get requests, but it doesn't make sense since this is my local machine.

the portnumber and ip address that my golang server is on

'http://127.0.0.1:8080/'

22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-bin/printenv | Cannot GET /cgi-bin/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-bin/printenv | Cannot GET /cgi-bin/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-bin/printenv | Cannot GET /cgi-bin/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-bin/printenv | Cannot GET /cgi-bin/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-bin/printenv | Cannot GET /cgi-bin/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:38 | 404 |            0s | 10.141.1.222 | GET | /cgi-sys/printenv | Cannot GET /cgi-sys/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgi-local/printenv | Cannot GET /cgi-local/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
22:47:39 | 404 |            0s | 10.141.1.222 | GET | /cgibin/printenv | Cannot GET /cgibin/printenv
$10 Bounty

22 Replies

mikexie360
PROOP

a year ago

n/a

samgordon
PRO

a year ago

No…

samgordon
PRO

a year ago

Probably just your browser…

mikexie360
PROOP

a year ago

these guys also trying to do post request and upload a file, I think?

Any ideas what is going on?

1374218777821974568

samgordon
PRO

a year ago

You’re not exposing port 8080 lol

mikexie360
PROOP

a year ago

sorry, would it be a browser extension?

samgordon
PRO

a year ago

It could be

mikexie360
PROOP

a year ago

the ip address is not from local host

10.141.1.222

which is near Albany, New York.

idk how networking works. I think I should download wireshark to collect logs, the next time this happens.

1374222342368268288

passos
MODERATOR

a year ago

definitely not a Railway issue but I'm intrigued

passos
MODERATOR

a year ago

is your local network on the range of 10.141.1.*?

samgordon
PRO

a year ago

???

samgordon
PRO

a year ago

You’re binding to 127

samgordon
PRO

a year ago

Nobody can access that

mikexie360
PROOP

a year ago

local range is 10.141.1.*

I think that is the public static IP address that my organization owns.

passos
MODERATOR

a year ago

wait you're in an organization? not your local home network?

samgordon
PRO

a year ago

that is a private IP

mikexie360
PROOP

a year ago

that is what I thought. But if a browser or my own application on my localmachine access mylocalhost, it should be 127.* and not 10.*

samgordon
PRO

a year ago

it's somebody within your org

samgordon
PRO

a year ago

that is a private IP

passos
MODERATOR

a year ago

that's a local IP

Welcome!

Sign in to your Railway account to join the conversation.

Login
Loading...