Ken’s Study Journey Strives to Maintain Internet Security
Say “No” to Massive Website Scanning
Ken’s Study Journey rigorously (strictly) checks massive website scanning attempts, maintaining a safe environment for the Ken’s Study Journey website/platform and user study plans.
The Automated Reminder System for Threatening Website Security (Massive Scanning Website Hidden Modules) is a self-developed technology from Ken's Study Journey.
My server's Web-Application Firewall (WAF) and Automated Reminder System will automatically remind scanners.
Any continuous scans after reminders/warnings (i.e. repeated offenders) may be shown publicly on this reminder board. The display time of each scan is 7 days.
Any sensitive information (e.g. IP addresses) will be masked to enhance its security.
Any direct IP access (including unauthorised domain names) will be dropped (instead of displaying a Server default page) since 18 Nov. 2023 to prevent global massive vulnerability scanning via IPv4 addresses.
For Credential Stuffing Attack: Only the general information (e.g. IP addresses and scan types) will be shown. Private user names and passwords will be hidden.
Note: Some scanning attempts (of hidden modules) also violated the rules listed in the website's "/robots.txt" file.
New:
- Any stopped scanning attempts several seconds after automated reminders may not be displayed.
- All records will be displayed together due to multiple violation types of a scanner.
- (Update) Repeated offenders (after display on this page for many days) are shown in red/orange backgrounds.
Scan Types include:
- Open-source Website Framework Modules
(including but not limited to, WordPress modules) - Website Backend Modules
(including but not limited to, "php", "jsp", "asp", "aspx" and "sql") - Website Admin Entrance
- Non-existent APIs and APP Ports
- Website Code Backup Zip Files
- Website Login Pages (User Names and Passwords)
- Credential Stuffing Attack
- SQL injection
- XSS attack
Updated: 13 May 2024 08:45 (GMT+8, CST)
Total: 21 Records
Swipe/Scroll left and right to view the entire table.
Date/Time (GMT+8) | IP Address | Scans | Device Type | Scan Types & Sample URLs |
---|---|---|---|---|
2024-05-12 03:32 |
185.**.**.64 | 33 times | Internet Explorer, Windows | Website Code Backup Zip Files: https://www.kenstudyjourney.cn/web.tar.gz https://www.kenstudyjourney.cn/wwwroot.tar.gz https://www.kenstudyjourney.cn/webroot.tar.gz https://www.kenstudyjourney.cn/website.tar.gz https://www.kenstudyjourney.cn/m.tar.gz https://www.kenstudyjourney.cn/kenstudyjourney.cn.zip https://www.kenstudyjourney.cn/www.kenstudyjourney.cn.rar |
2024-05-12 00:44, 00:50-00:52, 04:19, 04:21, 04:24, 06:14, 13:46, 15:28, 16:22, 22:56, 23:15, 23:25, 23:45 |
Same ISP / Hosting Provider with Many IPs: 111.**.**.18 103.**.**.146 139.**.**.26 116.**.**.186 111.**.**.162 103.**.**.122 119.**.**.2 119.**.**.178 |
18 times | Firefox, Windows | Admin Entrance (WordPress): https://www.kenstudyjourney.cn/wp-login.php Backend Modules (PHP, ASP): https://www.kenstudyjourney.cn/e/DoInfo/AddInfo.php https://www.kenstudyjourney.cn/ThinkPHP/ThinkPHP.php https://www.kenstudyjourney.cn/123.aspx https://www.kenstudyjourney.cn/1234.php https://www.kenstudyjourney.cn/124.php https://www.kenstudyjourney.cn/huchen.php https://www.kenstudyjourney.cn/dd.php https://www.kenstudyjourney.cn/e/admin/dd.php https://www.kenstudyjourney.cn/888.php https://www.kenstudyjourney.cn/admincms/ueditor/net/controller.ashx?action=catchimage |
2024-05-11 21:58-22:04 |
140.**.**.168 | 14 times | Chrome, Android | Backend Modules (PHP, WordPress): https://www.kenstudyjourney.cn/ws.php https://www.kenstudyjourney.cn/wp-head.php https://www.kenstudyjourney.cn/fm1.php https://www.kenstudyjourney.cn/alfadheat.php https://www.kenstudyjourney.cn/wp-admin/images/admin.php https://www.kenstudyjourney.cn/.well-known/wso112233.php |
2024-05-11 04:29, 04:48, 04:50, 04:58, 07:19, 07:25, 08:22, 08:48, 08:51, 09:03, 11:38, 23:00, 23:03 |
Same ISP / Hosting Provider with Many IPs: 119.**.**.2 111.**.**.18 111.**.**.162 116.**.**.186 139.**.**.26 |
17 times | Firefox, Windows | Backend Modules (PHP, ASP): https://www.kenstudyjourney.cn/yzmphp/yzmphp.php https://www.kenstudyjourney.cn/124.php https://www.kenstudyjourney.cn/e/admin/dd.php https://www.kenstudyjourney.cn/huchen.php https://www.kenstudyjourney.cn/dd.php https://www.kenstudyjourney.cn/ThinkPHP/ThinkPHP.php https://www.kenstudyjourney.cn/123.aspx Admin Entrance (WordPress): https://www.kenstudyjourney.cn/wp-login.php |
2024-05-10 21:50-22:12 |
91.**.**.2 | 59 times | Python Requests, Unknown OS | Backend Modules (WordPress): https://www.kenstudyjourney.cn/wp-includes/ https://www.kenstudyjourney.cn/wp-admin/maint/ https://www.kenstudyjourney.cn/wp-includes/Text/ https://www.kenstudyjourney.cn/wp-includes/blocks/ https://www.kenstudyjourney.cn/wp-includes/sodium_compat/src/ |
2024-05-10 21:20 |
27.**.**.146 | 57 times | Internet Explorer, Windows | Website Code Backup Zip Files: https://www.kenstudyjourney.cn/www.kenstudyjourney.cn.tar.gz https://www.kenstudyjourney.cn/wwwkenstudyjourneycn1.rar https://www.kenstudyjourney.cn/kenstudyjourneywww.zip https://www.kenstudyjourney.cn/kenstudyjourneywwwroot.tar.gz https://www.kenstudyjourney.cn/bf.rar https://www.kenstudyjourney.cn/beifen.tar.gz https://www.kenstudyjourney.cn/dz.tar.gz |
2024-05-10 18:47, 18:58, 20:48-20:49 |
38.**.**.6 | 10 times | Chrome, Android | Backend Modules (WordPress): https://www.kenstudyjourney.cn/wp-admin/setup-config.php?step=1 https://www.kenstudyjourney.cn/wp-admin/install.php?step=1 |
2024-05-10 16:28-16:34 |
140.**.**.168 | 35 times | Chrome, Android | Backend Modules (PHP, WordPress): https://www.kenstudyjourney.cn/ws.php https://www.kenstudyjourney.cn/wp-head.php https://www.kenstudyjourney.cn/fm1.php https://www.kenstudyjourney.cn/alfadheat.php https://www.kenstudyjourney.cn/wp-admin/images/admin.php https://www.kenstudyjourney.cn/wp-content/shell20211028.php https://www.kenstudyjourney.cn/autoload_classmap.php |
2024-05-10 06:01, 06:07-06:08, 06:16, 09:15, 12:26, 14:51 |
Same ISP / Hosting Provider with Many IPs: 111.**.**.162 111.**.**.18 139.**.**.26 119.**.**.178 103.**.**.122 |
8 times | Firefox, Windows Chrome, Windows |
Backend Modules (PHP, ASP): https://www.kenstudyjourney.cn/e/admin/dd.php https://www.kenstudyjourney.cn/1234.php https://www.kenstudyjourney.cn/124.php https://www.kenstudyjourney.cn/huchen.php https://www.kenstudyjourney.cn/dd.php https://www.kenstudyjourney.cn/admin/ewebeditor/ueditor/net/controller.ashx?action=catchimage https://www.kenstudyjourney.cn/a.php |
2024-05-09 18:51 |
103.**.**.35 | 24 times | Vivo Browser, Android OKHTTP, Unknown OS |
Non-existent API/APP Ports: https://www.kenstudyjourney.cn/api/Config/getShowConfig/ https://www.kenstudyjourney.cn/api/uploads/apimap/ https://www.kenstudyjourney.cn/api/currency/quotation_new/ https://www.kenstudyjourney.cn/api/system/systemConfigs/getCustomerServiceLink/ https://www.kenstudyjourney.cn/api/v/index/queryOfficePage?officeCode=customHomeLink |
2024-05-09 14:08-14:10 |
2a01:4f8:***:0:2 | 48 times | Chrome, Windows Chrome, macOS Safari, macOS Firefox, Windows (frequently changing) |
Backend Modules (PHP, WordPress): https://www.kenstudyjourney.cn/wp-json/ https://www.kenstudyjourney.cn/wp-content/pluginss/wordpres-yaooo/admin.php https://www.kenstudyjourney.cn/wp-content/plugins/wordpres-googlepagespeed/admin.php https://www.kenstudyjourney.cn/wp-content/plugins/wordpres-woosc/admin.php https://www.kenstudyjourney.cn/wp-admin/admin-ajax/admin.php?s1=s1 |
2024-05-09 01:15, 01:18, 04:44, 05:00, 05:06, 19:34, 21:53 |
Same ISP / Hosting Provider with Many IPs: 116.**.**.186 111.**.**.162 139.**.**.26 103.**.**.122 |
7 times | Firefox, Windows | Backend Modules (PHP, ASP): https://www.kenstudyjourney.cn/e/DoInfo/AddInfo.php https://www.kenstudyjourney.cn/123.aspx https://www.kenstudyjourney.cn/1234.php Admin Entrance (WordPress): https://www.kenstudyjourney.cn/wp-login.php |
2024-05-08 11:39, 15:36 |
Same Device Type with Many IPs: 202.**.**.76 216.**.**.221 |
22 times | Firefox, Windows | Backend Modules (PHP): https://www.kenstudyjourney.cn/router.php https://www.kenstudyjourney.cn/lunxun.php https://www.kenstudyjourney.cn/allsty.php https://www.kenstudyjourney.cn/secure.php |
2024-05-08 01:52 |
27.**.**.146 | 57 times | Internet Explorer, Windows | Website Code Backup Zip Files: https://www.kenstudyjourney.cn/www.kenstudyjourney.cn.tar.gz https://www.kenstudyjourney.cn/wwwkenstudyjourneycn1.rar https://www.kenstudyjourney.cn/kenstudyjourneywww.zip https://www.kenstudyjourney.cn/kenstudyjourneywwwroot.tar.gz https://www.kenstudyjourney.cn/bf.rar https://www.kenstudyjourney.cn/beifen.tar.gz https://www.kenstudyjourney.cn/dz.tar.gz |
2024-05-08 00:35, 00:46, 00:52, 00:55, 01:32, 01:47, 01:51, 02:36-02:41, 02:54, 03:56, 04:03-04:06, 04:40, 04:59, 05:24-05:25, 06:22, 13:38, 16:11 |
Same ISP / Hosting Provider with Many IPs: 139.**.**.26 111.**.**.162 119.**.**.178 123.**.**.106 103.**.**.146 111.**.**.18 119.**.**.2 |
30 times | Firefox, Windows | Backend Modules (PHP, ASP): https://www.kenstudyjourney.cn/e/DoInfo/AddInfo.php https://www.kenstudyjourney.cn/123.aspx https://www.kenstudyjourney.cn/member/reg.asp https://www.kenstudyjourney.cn/ThinkPHP/ThinkPHP.php https://www.kenstudyjourney.cn/1234.php https://www.kenstudyjourney.cn/dd.php https://www.kenstudyjourney.cn/huchen.php https://www.kenstudyjourney.cn/yzmphp/yzmphp.php https://www.kenstudyjourney.cn/124.php Admin Entrance (WordPress): https://www.kenstudyjourney.cn/wp-login.php |
2024-05-07 23:21-23:23 |
149.**.**.235 | 3 times | Chrome, Android | Backend Modules (PHP, WordPress): (malicious code) https://www.kenstudyjourney.cn/wp-admin/style.php?p=J938PnuGv1QZCrNF6%2B2Zh81Kh1Lk ... (malicious code) https://www.kenstudyjourney.cn/wp-content/style.php?p=J938PnuGv1QZCrNF6%2B2Zh81Kh1Lk ... (malicious code) https://www.kenstudyjourney.cn/wp-includes/style.php?p=J938PnuGv1QZCrNF6%2B2Zh81Kh1Lk ... |
2024-05-07 21:18-21:49, 23:00-23:51 |
Same ISP / Hosting Provider with Many IPs: 139.**.**.26 111.**.**.162 123.**.**.106 103.**.**.146 119.**.**.178 |
18 times | Firefox, Windows | Backend Modules (PHP, ASP): https://www.kenstudyjourney.cn/e/DoInfo/AddInfo.php https://www.kenstudyjourney.cn/123.aspx https://www.kenstudyjourney.cn/member/reg.asp https://www.kenstudyjourney.cn/ThinkPHP/ThinkPHP.php Admin Entrance (WordPress): https://www.kenstudyjourney.cn/wp-login.php |
2024-05-07 08:18-09:29 |
Same ISP / Hosting Provider with Many IPs: 121.**.**.46 121.**.**.141 |
872 times | Chrome, Windows | Backend Modules (PHP, SQL, JSP, phpMyAdmin): https://www.kenstudyjourney.cn/admin/ https://www.kenstudyjourney.cn/cacti.sql https://www.kenstudyjourney.cn/admin.php?mod=do&act=login https://www.kenstudyjourney.cn/install/sql.sql https://www.kenstudyjourney.cn/smartbi/vision/index.jsp https://www.kenstudyjourney.cn/was5/web/index.jsp https://www.kenstudyjourney.cn/phpcms/modules/comment/install/module.sql https://www.kenstudyjourney.cn/phpMyAdmin/ https://www.kenstudyjourney.cn/phpMyAdmin/404.html https://www.kenstudyjourney.cn/phpMyAdmin/500.html https://www.kenstudyjourney.cn/phpMyAdmin/?c=4e5e5d7364f443e28fbf0d3ae744a59a Non-existent API/APP Ports: https://www.kenstudyjourney.cn/api/v1/query?query=prometheus_build_info |
2024-05-06 22:19-23:24 |
Same ISP / Hosting Provider with Many IPs: 121.**.**.155 112.**.**.104 |
1024 times | Chrome, Windows | Backend Modules (PHP, SQL, JSP, phpMyAdmin): https://status.kenstudyjourney.cn/admin/ https://status.kenstudyjourney.cn/cacti.sql https://status.kenstudyjourney.cn/admin.php?mod=do&act=login https://status.kenstudyjourney.cn/install/sql.sql https://status.kenstudyjourney.cn/smartbi/vision/index.jsp https://status.kenstudyjourney.cn/was5/web/index.jsp https://status.kenstudyjourney.cn/phpcms/modules/comment/install/module.sql https://status.kenstudyjourney.cn/phpMyAdmin/ https://status.kenstudyjourney.cn/phpMyAdmin/404.html https://status.kenstudyjourney.cn/phpMyAdmin/500.html https://status.kenstudyjourney.cn/phpMyAdmin/?c=4e5e5d7364f443e28fbf0d3ae744a59a Non-existent API/APP Ports: https://status.kenstudyjourney.cn/api/v1/query?query=prometheus_build_info |
2024-05-06 09:52-09:55, 11:09-11:11 |
2001:41d0:***:0:0 2400:6180:***:9a4:9001 |
12 times | Chrome, Windows | Backend Modules (PHP): https://www.kenstudyjourney.cn/wp-content/plugins/contact-form-7/admin/css/styles-rtl.php (malicious code) https://www.kenstudyjourney.cn/wp-admin/css/colors/blue/clean.php?msfacai=die(md5(24334)); |
2024-05-06 00:11-00:37, 03:20, 04:02, 04:16-04:17, 04:27-04:33, 05:00-05:01, 05:10-05:12, 06:22, 06:55, 07:55, 08:51, 15:34 |
Same ISP / Hosting Provider with Many IPs: 111.**.**.162 119.**.**.2 139.**.**.26 111.**.**.18 |
32 times | Firefox, Windows | Admin Entrance (WordPress): https://www.kenstudyjourney.cn/wp-login.php Backend Modules (PHP, ASP): https://www.kenstudyjourney.cn/123.aspx https://www.kenstudyjourney.cn/e/DoInfo/AddInfo.php https://www.kenstudyjourney.cn/1234.php https://www.kenstudyjourney.cn/124.php https://www.kenstudyjourney.cn/yzmphp/yzmphp.php https://www.kenstudyjourney.cn/huchen.php https://www.kenstudyjourney.cn/ddd.php |
Your comment has been posted successfully, but it needs to be audited by myself artificially to prevent spam and negative comments.
Please wait for a few days. You will receive an email once your comment has been replied.