Just came across this in my raw logs (IP says it’s Cloudflare’s)
Does CF ever try to find vulnerabilities without letting us know first?
108.162.241.147 - - [26/Apr/2018:04:26:44 +0200] "GET /silverstripe HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21"
108.162.241.147 - - [26/Apr/2018:04:26:44 +0200] "GET /assets//%5c../%5c../%5c../%5c../%5c../%5c../%5c../etc/passwd HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21"
108.162.241.147 - - [26/Apr/2018:04:26:44 +0200] "GET /tikiwiki HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21"
108.162.241.147 - - [26/Apr/2018:04:26:45 +0200] "GET /assets/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cetc/passwd HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21"
108.162.241.147 - - [26/Apr/2018:04:26:45 +0200] "GET /mediawiki HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21"
108.162.241.147 - - [26/Apr/2018:04:26:45 +0200] "GET /assets/..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cwindows/win.ini HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21"
108.162.241.147 - - [26/Apr/2018:04:26:45 +0200] "GET /dokuwiki HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.21 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.21"