Look at the timing, IPs, and paths in the above list of web requests to this site (domain changed for privacy).
Answer: it’s a bot using 🇨🇳 Chinese proxy servers, probing for compressed, manually backed-up copies of the site that are kept on the server.
Backups that might have API keys, ENV files, or other high-value targets.
We discovered this with Wafris, as the site doesn’t have an API, so the User-Agent was unusual.
Top comments (0)