公開しているwebサーバのログから通常のアクセスではない通信について分析しました。
多かったリクエスト
PHPUnitの脆弱性
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
Microsoft Exchange Online Exchange 管理センターの通信
サービスを利用しているかの調査通信のようです。 誤差かもしれませんが先月から少しずつ増えてきているのが気になります。
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
不審な通信の一覧
uri | count | percent |
---|---|---|
* | 322 | 6.227035 |
/sellers.json | 118 | 2.281957 |
/wp-login.php | 84 | 1.624444 |
/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 80 | 1.547090 |
/post/wp-login.php | 80 | 1.547090 |
//css/style.css | 77 | 1.489074 |
/index.xml | 57 | 1.102301 |
/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application | 55 | 1.063624 |
/index.php?s=/Index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 | 39 | 0.754206 |
//vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | 39 | 0.754206 |
/console/ | 38 | 0.734868 |
/wp-content/plugins/wp-file-manager/readme.txt | 37 | 0.715529 |
/mifs/.;/services/LogService | 37 | 0.715529 |
/api/jsonws/invoke | 37 | 0.715529 |
/Autodiscover/Autodiscover.xml | 37 | 0.715529 |
/owa/auth/logon.aspx | 36 | 0.696190 |
/_ignition/execute-solution | 36 | 0.696190 |
/post/20210307 | 34 | 0.657513 |
/config/getuser?index=0 | 33 | 0.638174 |
//css/custom.css | 33 | 0.638174 |
/categories/%E6%98%A0%E7%94%BB | 32 | 0.618836 |
/ads.txt | 32 | 0.618836 |
http://passport.baidu.com/ | 30 | 0.580159 |
/owa/auth/x.js | 30 | 0.580159 |
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f | 29 | 0.560820 |
mstshash=Administr | 28 | 0.541481 |
/actuator/health | 27 | 0.522143 |
/categories/%E6%97%A5%E8%A8%98 | 26 | 0.502804 |
/tags/%E3%82%B9%E3%82%AD%E3%83%A3%E3%83%B3%E3%83%84%E3%83%BC%E3%83%AB | 25 | 0.483465 |
/categories/%E6%8A%80%E8%A1%93%E7%B3%BB | 25 | 0.483465 |
/post/20201116 | 24 | 0.464127 |
/post/20200910 | 24 | 0.464127 |
/post/20200217_hugo_theme/site_icons/icon-192x192.png | 24 | 0.464127 |
/.env | 23 | 0.444788 |
/tags/hugo | 22 | 0.425450 |
/GponForm/diag_Form?style/ | 22 | 0.425450 |
/tags/%E3%83%AD%E3%82%B0%E3%81%AE%E5%88%86%E6%9E%90 | 20 | 0.386772 |
/contact | 20 | 0.386772 |
/dns-query?dns=KhUBAAABAAAAAAAAA3d3dwZnb29nbGUDY29tAAABAAE | 14 | 0.270741 |
/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ | 9 | 0.174048 |
/system_api.php | 8 | 0.154709 |
/streaming/clients_live.php | 8 | 0.154709 |
/stream/live.php | 8 | 0.154709 |
/stalker_portal/c/version.js | 8 | 0.154709 |
/flu/403.html | 8 | 0.154709 |
/c/version.js | 8 | 0.154709 |
/archives | 8 | 0.154709 |
//a2billing/customer/templates/default/footer.tpl | 7 | 0.135370 |
http://fuwu.sogou.com/404/index.html | 6 | 0.116032 |
/manager/html | 6 | 0.116032 |
/.git/config | 6 | 0.116032 |
/recordings/theme/main.css | 5 | 0.096693 |
/autodiscover/autodiscover.json?@foo.com/mapi/emsmdb/?&Email=autodiscover/autodiscover.json%3f@foo.com | 5 | 0.096693 |
/.well-known/security.txt | 5 | 0.096693 |
\xB9\xDB\x0CEN#5h[\xE4\xC5\x16\xF7wBr=\xB1 | 4 | 0.077354 |
/sdk | 4 | 0.077354 |
/manager/text/list | 4 | 0.077354 |
/login | 4 | 0.077354 |
/index.php?xml_sitemap=params= | 4 | 0.077354 |
/ReportServer | 4 | 0.077354 |
/HNAP1 | 4 | 0.077354 |
\x00\x00\x00\x0E2O\xAAC\xE92g\xC2W’\x17+\x1D\xD9\xC1\xF3,kN\x17\x14 | 3 | 0.058016 |
85.206.160.115:80 | 3 | 0.058016 |
7 | 3 | 0.058016 |
/web_shell_cmd.gch | 3 | 0.058016 |
/status%3E%3Cscript%3Ealert(31337)%3C%2Fscript%3E | 3 | 0.058016 |
/status | 3 | 0.058016 |
/owa/auth.owa | 3 | 0.058016 |
/nginx.conf | 3 | 0.058016 |
/config.js | 3 | 0.058016 |
/c99.php | 3 | 0.058016 |
/autodiscover/autodiscover.json?@evil.corp/ews/exchange.asmx?&Email=autodiscover/autodiscover.json%3F@evil.corp | 3 | 0.058016 |
/apple-touch-icon.png | 3 | 0.058016 |
/apple-touch-icon-precomposed.png | 3 | 0.058016 |
/3000D00E0000FFFF3F0031313744373731343634304537353046007A7A7A7A7A7A7A7A7A7A7A7A7A7A7A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000008047A7A7A7A7A7A7A7A7A0000000000000000000000000000000000000000000000000000000000000000 | 3 | 0.058016 |
/.DS_Store | 3 | 0.058016 |
*G_\x9F\xC8\x16\x80\x04jt\x90\xD9\xAB(\x8D\xF7\xAF\xD7\xD7\xE4Mw\x00l\xC76(\xA2b\xCA\xF9 | O]\xF2\x22\x04\x00\xF8#\xA3f\x09f\xDBQ6\xD5z\xD3\xBC\xDA\x1A+w\xEA\xE7\xA4\x0B\xE7\xD7\x802\xD4A\xEA\xD0\xD2\xB45\xE7\x8F\x92\xD5\xB5N\xD8\xCC\xAF\xFDL:K\xB8\x00\x0B0\xED\x9D\xB8\xE8\x9D\x13\x97\xB4\xE9 | 3 |
http://5.188.210.227/echo.php | 2 | 0.038677 |
hotmail-com.olc.protection.outlook.com:25 | 2 | 0.038677 |
/zdrtyhmcfghn | 2 | 0.038677 |
/wp-json/trx_addons/v2/get/sc_layout?sc=print_r | 2 | 0.038677 |
/wp-content/uploads/upload_index.php?auth=f02pz3831W0DTtLgq26L | 2 | 0.038677 |
/wp-admin/admin-ajax.php?action=duplicator_download&file=../wp-config.php | 2 | 0.038677 |
/vendor/.env | 2 | 0.038677 |