我的服务器是不是被人盯上了? - V2EX
首页 注册 登录
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
请不要在回答技术问题时复制粘贴 AI 生成的内容
hhhhhh123
V2EX    程序员

我的服务器是不是被人盯上了?

  •   
  •   hhhhhh123 2022-08-11 15:13:42 +08:00 4484 次点击
    这是一个创建于 1156 天前的主题,其中的信息可能已经有所发展或是发生改变。

    我刚刚发现 nginx 日志里面 有个 ip 疯狂在访问,这是为啥, 其实平常也是有很多不同的 ip 会访问,但是没在意。 虽然不知为啥,,然后我的网站还没弄好 域名都还没申请。很好奇他们是在干嘛?都是国外的 ip 因为我的服务器是亚马逊的。 这是一部分 IP 

    18.139.219.224 - - [11/Aug/2022:03:33:09 +0000] "GET //info3.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:10 +0000] "GET //info4.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:12 +0000] "GET //phpinfo1.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:13 +0000] "GET //phpinfo2.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:14 +0000] "GET //phpinfo3.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:16 +0000] "GET //phpinfo4.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:17 +0000] "GET //o.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:19 +0000] "GET //dashboard/info.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:20 +0000] "GET //dashboard/test.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:21 +0000] "GET //dashboard/i.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:22 +0000] "GET //dashboard/infophp.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:23 +0000] "GET //dashboard/phpinfo.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:25 +0000] "GET //dashboard/phpinfo HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:26 +0000] "GET //p.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:28 +0000] "GET //ocp.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:29 +0000] "GET //phpsysinfo HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:31 +0000] "GET //phpsysinfo.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:32 +0000] "GET //phpsysinfo/info.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:34 +0000] "GET //phpsysinfo/phpinfo.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:35 +0000] "GET //phpsysinfo/phpsysinfo.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:36 +0000] "GET //deploy.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:38 +0000] "GET //dep.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:39 +0000] "GET //dev.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:41 +0000] "GET //tz.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:42 +0000] "GET //admin/phpinfo.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:44 +0000] "GET //admin/info.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:45 +0000] "GET //admin/infophp.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:46 +0000] "GET //admin/phpinfo HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:48 +0000] "GET //root/phpinfo HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:49 +0000] "GET //root/info.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:51 +0000] "GET //root/phpinfo.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:52 +0000] "GET //root/infophp HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:53 +0000] "GET //console/phpinfo HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:54 +0000] "GET //console/info.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:56 +0000] "GET //console/phpinfo.php HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:57 +0000] "GET //console/infophp HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:33:58 +0000] "GET //phpinfo.html HTTP/1.1" 404 134 "-" "python-requests/2.28.1" 18.139.219.224 - - [11/Aug/2022:03:34:00 +0000] "GET //root/phpinfo.html HTTP/1.1" 404 134 "-" "python-requests/2.28.1"
    第 1 条附言    2022-08-11 16:49:33 +08:00
    ```
    2022/08/11 03:34:30 [error] 3341766#3341766: *1627 open() "/usr/share/nginx/html/phpconfigure/phpinfo" failed (2: No such file or directory), client: 18.139.219.224, server: 54.248.101.249, request: "GET //phpconfigure/phpinfo HTTP/1.1", host: "54.248.101.249"
    2022/08/11 03:34:31 [error] 3341766#3341766: *1628 open() "/usr/share/nginx/html/phpconfigure/phpinfo.php" failed (2: No such file or directory), client: 18.139.219.224, server: 54.248.101.249, request: "GET //phpconfigure/phpinfo.php HTTP/1.1", host: "54.248.101.249"
    2022/08/11 03:34:32 [error] 3341766#3341766: *1629 open() "/usr/share/nginx/html/phpconfigure/index.php" failed (2: No such file or directory), client: 18.139.219.224, server: 54.248.101.249, request: "GET //phpconfigure/index.php HTTP/1.1", host: "54.248.101.249"
    2022/08/11 03:34:33 [error] 3341766#3341766: *1630 open() "/usr/share/nginx/html/scripts/info.php" failed (2: No such file or directory), client: 18.139.219.224, server: 54.248.101.249, request: "GET //scripts/info.php HTTP/1.1", host: "54.248.101.249"
    2022/08/11 03:34:34 [error] 3341766#3341766: *1631 open() "/usr/share/nginx/html/scripts/phpinfo" failed (2: No such file or directory), client: 18.139.219.224, server: 54.248.101.249, request: "GET //scripts/phpinfo HTTP/1.1", host: "54.248.101.249"
    2022/08/11 03:34:36 [error] 3341766#3341766: *1632 open() "/usr/share/nginx/html/scripts/phpinfo.php" failed (2: No such file or directory), client: 18.139.219.224, server: 54.248.101.249, request: "GET //scripts/phpinfo.php HTTP/1.1", host: "54.248.101.249"


    ```
  • 18.139.219.224
  • Aug
  • 2.28.1
  • 22:03:33
    29 条回复    2022-08-12 17:05:55 +08:00
    lichao
        1
    lichao  
       2022-08-11 15:16:15 +08:00
    正常现象,99.99% 的服务器都会被扫描
    misaka19000
        2
    misaka19000  
       2022-08-11 15:21:50 +08:00
    月经贴。。。公网别人会扫你的,可以换 ssh 端口不要用 22 ,或者只允许密钥访问,启动 fail2ban
    ViriF
        3
    ViriF  
       2022-08-11 15:24:10 +08:00
    很正常+1 ,天天都被扫几千 /万次,整个读日志自动 ban ip 的服务呗
    zzzmh
        4
    zzzmh  
       2022-08-11 15:26:51 +08:00
    是第一次当站长吗?这是最初级的扫描,基本对服务器没啥影响,可以忽略不计,我是干脆一上来就匹配.php .asp .jsp 结尾的请求全部干掉,节约资源。等站长做久了还会遇到各种各样搞事的,已经麻了。
    fanchenio
        5
    fanchenio  
       2022-08-11 15:46:34 +08:00
    我的网站一天要被扫 N 次,各种奇怪的请求。
    nothingistrue
        6
    nothingistrue  
       2022-08-11 16:09:18 +08:00
    广撒网方式低级漏洞扫描,扫到就顺着漏洞控制服务器。只要你服务器能被公网访问,就会被这样扫。这个不是 DDOS 攻击,只要你没有低级安全问题比如说 root 密码简单、redis/mysql 开放公网访问还不设密码,就不用管。
    libook
        7
    libook  
       2022-08-11 16:17:11 +08:00
    自动化的漏洞扫描机器人,扫到漏洞之后会自动入侵进行勒索、挖矿、劫持为肉鸡,你需要一个 Web 应用防火墙。

    云厂商的 IP 段是比较固定的,攻击机器人会不定期地把这些段的 IP 扫一遍。
    LnTrx
        8
    LnTrx  
       2022-08-11 16:19:11 +08:00
    公网 IPv4 就是会这样
    yulgang
        9
    yulgang  
       2022-08-11 16:28:49 +08:00
    批量扫 正常
    hhhhhh123
        10
    hhhhhh123  
    OP
       2022-08-11 16:36:20 +08:00
    soga , 确实是第一次做站长。。嘿嘿
    hhhhhh123
        11
    hhhhhh123  
    OP
       2022-08-11 16:49:08 +08:00
    ```
    2022/08/11 03:34:30 [error] 3341766#3341766: *1627 open() "/usr/share/nginx/html/phpconfigure/phpinfo" failed (2: No such file or directory), client: 18.139.219.224, server: 54.248.101.249, request: "GET //phpconfigure/phpinfo HTTP/1.1", host: "54.248.101.249"
    2022/08/11 03:34:31 [error] 3341766#3341766: *1628 open() "/usr/share/nginx/html/phpconfigure/phpinfo.php" failed (2: No such file or directory), client: 18.139.219.224, server: 54.248.101.249, request: "GET //phpconfigure/phpinfo.php HTTP/1.1", host: "54.248.101.249"
    2022/08/11 03:34:32 [error] 3341766#3341766: *1629 open() "/usr/share/nginx/html/phpconfigure/index.php" failed (2: No such file or directory), client: 18.139.219.224, server: 54.248.101.249, request: "GET //phpconfigure/index.php HTTP/1.1", host: "54.248.101.249"
    2022/08/11 03:34:33 [error] 3341766#3341766: *1630 open() "/usr/share/nginx/html/scripts/info.php" failed (2: No such file or directory), client: 18.139.219.224, server: 54.248.101.249, request: "GET //scripts/info.php HTTP/1.1", host: "54.248.101.249"
    2022/08/11 03:34:34 [error] 3341766#3341766: *1631 open() "/usr/share/nginx/html/scripts/phpinfo" failed (2: No such file or directory), client: 18.139.219.224, server: 54.248.101.249, request: "GET //scripts/phpinfo HTTP/1.1", host: "54.248.101.249"
    2022/08/11 03:34:36 [error] 3341766#3341766: *1632 open() "/usr/share/nginx/html/scripts/phpinfo.php" failed (2: No such file or directory), client: 18.139.219.224, server: 54.248.101.249, request: "GET //scripts/phpinfo.php HTTP/1.1", host: "54.248.101.249"
    2022/08/11 03:34:37 [error] 3341766#3341766: *1633 open() "/usr/share/nginx/html/scripts/index.php" failed (2: No such file or directory), client: 18.139.219.224, server: 54.248.101.249, request: "GET //scripts/index.php HTTP/1.1", host: "54.248.101.249"
    2022/08/11 03:34:38 [error] 3341766#3341766: *1634 open() "/usr/share/nginx/html/forum/info.php" failed (2: No such file or directory), client: 18.139.219.224, server: 54.248.101.249, request: "GET //forum/info.php HTTP/1.1", host: "54.248.101.249"
    2022/08/11 03:34:39 [error] 3341766#3341766: *1635 open() "/usr/share/nginx/html/forum/phpinfo" failed (2: No such file or directory), client: 18.139.219.224, server: 54.248.101.249, request: "GET //forum/phpinfo HTTP/1.1", host: "54.248.101.249"
    2022/08/11 03:34:40 [error] 3341766#3341766: *1636 open() "/usr/share/nginx/html/forum/phpinfo.php" failed (2: No such file or directory), client: 18.139.219.224, server: 54.248.101.249, request: "GET //forum/phpinfo.php HTTP/1.1", host: "54.248.101.249"
    2022/08/11 03:34:41 [error] 3341766#3341766: *1637 open() "/usr/share/nginx/html/forum/index.php" failed (2: No such file or directory), client: 18.139.219.224, server: 54.248.101.249, request: "GET //forum/index.php HTTP/1.1", host: "54.248.101.249"
    2022/08/11 03:34:42 [error] 3341766#3341766: *1638 open() "/usr/share/nginx/html/foo.php" failed (2: No such file or directory), client: 18.139.219.224, server: 54.248.101.249, request: "GET //foo.php HTTP/1.1", host: "54.248.101.249"
    2022/08/11 03:41:21 [error] 3341766#3341766: *1639 open() "/usr/share/nginx/html/.env" failed (2: No such file or directory), client: 93.182.108.25, server: 54.248.101.249, request: "GET /.env HTTP/1.1", host: "54.248.101.249"
    2022/08/11 03:58:26 [error] 3341766#3341766: *1645 open() "/usr/share/nginx/html/update2/version.manifest" failed (2: No such file or directory), client: 183.157.11.162, server: 54.248.101.249, request: "GET /update2/version.manifest HTTP/1.1", host: "54.248.101.249"
    2022/08/11 03:58:26 [error] 3341766#3341766: *1646 open() "/usr/share/nginx/html/update2/project.manifest" failed (2: No such file or directory), client: 183.157.11.162, server: 54.248.101.249, request: "GET /update2/project.manifest HTTP/1.1", host: "54.248.101.249"
    2022/08/11 04:23:57 [error] 3341766#3341766: *1647 open() "/usr/share/nginx/html/.env" failed (2: No such file or directory), client: 185.254.196.115, server: 54.248.101.249, request: "GET /.env HTTP/1.1", host: "54.248.101.249"
    2022/08/11 05:22:27 [error] 3341766#3341766: *1650 open() "/usr/share/nginx/html/.env" failed (2: No such file or directory), client: 109.237.103.123, server: 54.248.101.249, request: "GET /.env HTTP/1.1", host: "54.248.101.249"
    2022/08/11 05:48:43 [error] 3341766#3341766: *1652 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 184.105.247.243, server: 54.248.101.249, request: "GET /favicon.ico HTTP/1.1", host: "54.248.101.249"
    2022/08/11 05:52:14 [error] 3341766#3341766: *1653 open() "/usr/share/nginx/html/.env" failed (2: No such file or directory), client: 185.254.196.115, server: 54.248.101.249, request: "GET /.env HTTP/1.1", host: "54.248.101.249"

    ```
    LinsVert
        12
    LinsVert  
       2022-08-11 16:51:11 +08:00
    习惯就好
    hhhhhh123
        13
    hhhhhh123  
    OP
       2022-08-11 16:51:20 +08:00
    @lichao @misaka19000 @ViriF @zzzmh @fanchenio @nothingistrue @all 各位这是我 nginx error.log 里面的。。我想知道, 为什么会执行这个 open file 打开文件的指令?
    hhhhhh123
        14
    hhhhhh123  
    OP
       2022-08-11 16:52:45 +08:00
    假设我 存在这个文件 会怎么样?
    misaka19000
        15
    misaka19000  
       2022-08-11 17:04:06 +08:00
    @hhhhhh123 #13 因为有的 PHP 站点可能会存在这个漏洞,所以它会根据常见漏洞来进行扫描,不代表你的服务就一定存在这个漏洞
    hhhhhh123
        16
    hhhhhh123  
    OP
       2022-08-11 17:06:39 +08:00
    @misaka19000 那假设我有这个文件的话, 它是不是就是可以破解我的服务器了?
    onice
        17
    onice  
       2022-08-11 17:10:53 +08:00
    从扫描的路径来看,应该是后门(webshell)扫描。目测是云厂商的安全组件在扫描,如果扫描到漏洞存在,会给你报警。
    hhhhhh123
        18
    hhhhhh123  
    OP
       2022-08-11 17:12:01 +08:00
    @onice 请问一下, 这个怎么去区分,是服务商 还是 恶意扫描
    misaka19000
        19
    misaka19000  
       2022-08-11 17:12:06 +08:00
    @hhhhhh123 #16 不一定,要看是不是有这个漏洞
    eason1874
        20
    eason1874  
       2022-08-11 17:18:16 +08:00
    不用区分扫描是恶意还是善意,直接匹配这些用不到的路径返回 404 就行了
    onice
        21
    onice  
       2022-08-11 17:18:31 +08:00
    @hhhhhh123 你仔细看路径,都是扫描的 php 文件,发 get ,判断文件是否存在。phpinfo.php 是攻击者经常使用的探针,攻击者利用网站漏洞,写入 phpinfo 文件,通过访问这个文件可以看到服务器的 php 配置信息。

    你要自己测试的话,可以搭建一个 php 环境,写一个 phpinfo.php ,内容为<?php phpinfo(); ?>,访问该文件,就能看到服务器的详细配置了。

    攻击者通过访问该探针,获取服务器的更多信息,找到有漏洞的组件进行进一步的攻击。

    当然,对于网站后门,攻击者也喜欢写成 phpinfo.php 。

    日志中,只是单纯的判断这些后门文件是否存在,所以可以初步断定为是云运营商安全组件的扫描。

    如果是攻击者的扫描行为,路径中会包含攻击代码。比如 SQL 注入会有 and 1=1 或者是 and 1=2 之类的关键字,XSS 攻击会有<script>或者是</script>关键字。
    hhhhhh123
        22
    hhhhhh123  
    OP
       2022-08-11 17:20:42 +08:00
    @onice Soga
    @eason1874 已经在学习 nginx 语法了, 准备屏蔽了
    hhhhhh123
        23
    hhhhhh123  
    OP
       2022-08-11 17:31:28 +08:00
    @onice 很好奇,都说要防止 sql 注入, 我在想 这种 sql 入侵都是什么情况下会发生? 想不到场景
    onice
        24
    onice  
       2022-08-11 17:44:33 +08:00
    @hhhhhh123 SQL 注入发生在用户的输入和数据库有交互的地方。比如查询商品信息。url 可能如下: https://xx.com/goods?id=1 ,id 参数是商品编号。用户传入不同的编号,页面上可以显示不同的商品信息。

    对于不怀好意的用户(攻击者),他们不会老老实实的只传编号,而是尝试传入攻击语句。由于编号会作为查询条件带入 sql 交予数据库去执行,所以把编号换成攻击语句,数据库也会执行攻击语句。这样就达到攻击的效果了。

    只要是用户输入的东西,和数据库有交互的功能,而开发者也没有对用户传入的参数进行过滤和处理,都可能存在 SQL 注入漏洞。

    SQL 注入漏洞的核心是通过用户的输入,控制原有的 sql 语句,达到攻击的效果。所以 sql 能做的事情,sql 注入都能做。这就是 SQL 注入的危害。

    轻则泄露管理员用户和密码,直接进后台。重则通过 sql 直接写入后门文件直接控制网站。
    hhhhhh123
        25
    hhhhhh123  
    OP
       2022-08-11 17:48:23 +08:00
    @onice soga
    vhus
        26
    vhus  
       2022-08-11 18:27:02 +08:00
    设置禁止 ip 直接访问。
    chainsR
        27
    chainsR  
       2022-08-12 09:06:06 +08:00 via iPhone
    nginx 装个 waf ,过几天你去看防护日志,会发现更多牛鬼蛇神
    AS4694lAS4808
        28
    AS4694lAS4808  
       2022-08-12 10:16:46 +08:00
    复杂服务在端口前加个 aws waf 。简单服务的话直接 fail2ban 读日志,禁用高频访问
    xiaopigfly
        29
    xiaopigfly  
       2022-08-12 17:05:55 +08:00
    冷知识,放到公网上总会被人扫描。不管就是了
    关于     帮助文档     自助推广系统     博客     API     FAQ     Solana     3519 人在线   最高记录 6679       Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 36ms UTC 10:28 PVG 18:28 LAX 03:28 JFK 06:28
    Do have faith in what you're doing.
    ubao snddm index pchome yahoo rakuten mypaper meadowduck bidyahoo youbao zxmzxm asda bnvcg cvbfg dfscv mmhjk xxddc yybgb zznbn ccubao uaitu acv GXCV ET GDG YH FG BCVB FJFH CBRE CBC GDG ET54 WRWR RWER WREW WRWER RWER SDG EW SF DSFSF fbbs ubao fhd dfg ewr dg df ewwr ewwr et ruyut utut dfg fgd gdfgt etg dfgt dfgd ert4 gd fgg wr 235 wer3 we vsdf sdf gdf ert xcv sdf rwer hfd dfg cvb rwf afb dfh jgh bmn lgh rty gfds cxv xcv xcs vdas fdf fgd cv sdf tert sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf sdf shasha9178 shasha9178 shasha9178 shasha9178 shasha9178 liflif2 liflif2 liflif2 liflif2 liflif2 liblib3 liblib3 liblib3 liblib3 liblib3 zhazha444 zhazha444 zhazha444 zhazha444 zhazha444 dende5 dende denden denden2 denden21 fenfen9 fenf619 fen619 fenfe9 fe619 sdf sdf sdf sdf sdf zhazh90 zhazh0 zhaa50 zha90 zh590 zho zhoz zhozh zhozho zhozho2 lislis lls95 lili95 lils5 liss9 sdf0ty987 sdft876 sdft9876 sdf09876 sd0t9876 sdf0ty98 sdf0976 sdf0ty986 sdf0ty96 sdf0t76 sdf0876 df0ty98 sf0t876 sd0ty76 sdy76 sdf76 sdf0t76 sdf0ty9 sdf0ty98 sdf0ty987 sdf0ty98 sdf6676 sdf876 sd876 sd876 sdf6 sdf6 sdf9876 sdf0t sdf06 sdf0ty9776 sdf0ty9776 sdf0ty76 sdf8876 sdf0t sd6 sdf06 s688876 sd688 sdf86