ハニーポット(仮) 観測記録 2019/07/17分です。
APでは
ThinkPHPの脆弱性を狙うアクセス
Nmapと思われる不正通信
を確認しました。
USでは
110[.]249[.]212[.]46に関する不正通信
を確認しました。
EUでは
ThinkPHPの脆弱性を狙うアクセス
Nmapと思われる不正通信
110[.]249[.]212[.]4646に関する不正通信
を確認しました。
アクセス数推移
AP:総アクセス数:43 (前日比:+25)
US:総アクセス数:10 (前日比:-2)
EU:総アクセス数:23 (前日比:+4)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 112.125.92.74 | China |
| 1 | 115.236.33.146 | China |
| 4 | 129.204.78.134 | China |
| 4 | 180.101.253.161 | China |
| 5 | 185.100.87.246 | Romania |
| 1 | 185.53.88.40 | Estonia |
| 1 | 193.188.22.56 | Russia |
| 5 | 208.100.26.229 | United States |
| 5 | 208.100.26.230 | United States |
| 1 | 34.65.230.176 | United States |
| 1 | 34.87.45.153 | United States |
| 1 | 34.94.195.211 | United States |
| 1 | 35.199.68.82 | United States |
| 1 | 35.234.88.21 | United States |
| 1 | 51.77.242.176 | Spain |
| 3 | 5.8.10.202 | Russia |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 62.173.140.192 | Russia |
| 3 | 77.247.110.219 | Netherlands |
| 1 | 79.137.46.233 | Ireland |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 13 | - |
| 5 | Go-http-client/1.1 |
| 15 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 |
| 1 | Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko |
| 6 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | CONNECT | www.baidu.com:443 | HTTP/1.0 |
| 3 | GET | /adm/adm.php | HTTP/1.1 |
| 3 | GET | /evox/about | HTTP/1.1 |
| 3 | GET | /HNAP1 | HTTP/1.1 |
| 1 | GET | /nmaplowercheck1563215403 | HTTP/1.1 |
| 1 | GET | /nmaplowercheck1563269275 | HTTP/1.1 |
| 1 | GET | /nmaplowercheck1563298922 | HTTP/1.1 |
| 2 | GET | /TP/index.php | HTTP/1.1 |
| 2 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 2 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | //wordpress/wp-login.php | HTTP/1.1 |
| 1 | GET | /wp-login.php | HTTP/1.1 |
| 1 | GET | /xml | HTTP/1.1 |
| 4 | HEAD | / | HTTP/1.1 |
| 2 | HEAD | /robots.txt | HTTP/1.0 |
| 2 | HEAD | /robots.txt | HTTP/1.1 |
| 6 | OPTIONS | / | HTTP/1.1 |
| 3 | POST | /sdk | HTTP/1.1 |
| 2 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
| 1 | \x03 |
Region:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 2 | 110.249.212.46 | China |
| 1 | 193.188.22.56 | Russia |
| 1 | 31.178.2.150 | Poland |
| 1 | 34.67.89.236 | United States |
| 1 | 34.76.126.33 | United States |
| 1 | 54.38.226.197 | France |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 77.247.110.219 | Netherlands |
| 1 | 80.13.208.251 | France |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 7 | - |
| 2 | Mozilla/5.0 |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 2 | GET | http://110[.]249[.]212[.]46/testget?q=23333&port=80 | HTTP/1.1 |
| 1 | GET | /shell?busybox | HTTP/1.1 |
| 1 | GET | /webadmin/script?command=busybox | HTTP/1.1 |
| 1 | GET | /wp-login.php | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 2 | OPTIONS | / | HTTP/1.1 |
| 1 | \x03 |
Region:EU
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 4 | 110.249.212.46 | China |
| 2 | 222.127.22.62 | Philippines |
| 1 | 34.65.124.98 | United States |
| 1 | 34.97.86.187 | United States |
| 1 | 41.216.186.87 | South Africa |
| 10 | 47.104.233.87 | China |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 77.247.110.219 | Netherlands |
| 2 | 80.85.86.175 | United Kingdom |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 9 | - |
| 1 | Go-http-client/1.1 |
| 2 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) |
| 2 | Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) |
| 9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /evox/about | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 4 | GET | http://110[.]249[.]212[.]46/testget?q=23333&port=80 | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 1 | GET | /nmaplowercheck1563253018 | HTTP/1.1 |
| 1 | GET | //phpmyadmin | HTTP/1.1 |
| 1 | GET | /phpmyadmin/ | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 2 | OPTIONS | / | HTTP/1.1 |
| 1 | POST | /index.php?s=captcha | HTTP/1.1 |
| 1 | \x03 |
