Path exploration after DNS CNAME

Hi there,

I’m trying to create a custom subdomain to use with ngrok.
Pretty simple: it’s just a CNAME to a ngrok subdomain and it should work.

What surprised me is the amount of requests I got right after the setup was done.

There are around 200 requests in an interval of 4 min.
They are clearly looking for known vulnerabilities.

Just wondering if this is a CF feature.

ngrok probably issued you a certificate for the subdomain, which goes into Certificate Transparency (CT) Logs, which are public. There are a fair number of bots that listen to CT Logs, and then instantly probe the site, as you can see. On Pro or above Cloudflare also has Web Application Firewall Rulesets like OWASP ModSecurity Core that can catch and block some of these (assuming the subdomain is proxied). Nothing to worry about too much though, just make sure your software/server is all updated, and that you’re not exposing anything private through it.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.