好的,我现在需要帮用户总结一篇文章,控制在100字以内。用户的要求很明确,不需要以“文章内容总结”之类的开头,直接写描述。 首先,我得通读一下文章内容。文章讲的是一个IP地址进行了扫描,看起来是在寻找Anthropic API节点。这个IP是一个Tor出口节点。请求很简单,带有API密钥和版本信息。作者不确定扫描是否成功,因为密钥可能是文档中常用的示例密钥。 同时,还有另一个IP地址增加了对“/v1/messages”端点的请求。这个端点可能与Anthropic相关,但也有其他API使用。这个IP的地理位置和路由有点复杂。 接下来,我需要提取关键点:两个IP地址的扫描行为、Tor出口节点、API请求细节、密钥情况以及另一个端点的活动。 然后,我得把这些信息浓缩成一句话,不超过100字。要确保涵盖主要事件和相关细节。 最后,检查一下是否符合用户的所有要求:中文、简洁、直接描述内容。 </think> 一个IP地址(Tor出口节点)扫描了多个传感器以寻找Anthropic API节点,并发送了简单的GET请求尝试访问本地模型。同时,另一个IP地址增加了对"/v1/messages"端点的请求。 2026-2-2 15:14:47 Author: isc.sans.edu(查看原文) 阅读量:0 收藏
Yesterday, a single IP address (204.76.203.210) scanned a number of our sensors for what looks like an anthropic API node. The IP address is known to be a Tor exit node.
The requests are pretty simple:
GET /anthropic/v1/models
Host: 67.171.182.193:8000
X-Api-Key: password
Anthropic-Version: 2023-06-01
It looks like this is scanning for locally hosted Anthropic models, but it is not clear to me if this would be successful. If anyone has any insights, please let me know. The API Key is a commonly used key in documentation, and not a key that anybody would expect to work.
At the same time, we are also seeing a small increase in requests for "/v1/messages". These requests have been more common in the past, but the URL may be associated with Anthropic (it is, however, somewhat generic, and it is likely other APIs use the same endpoint. These requests originate from 154.83.103.179, an IP address with a bit a complex geolocation and routing footprint.
--
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|
如有侵权请联系:admin#unsafe.sh