ハニーポット(仮) 観測記録 2019/07/24分です。

APでは
ThinkPHPの脆弱性を狙うアクセス
wallet.dat関連のファイルに対するスキャン行為
5[.]188[.]210[.]101に関する不正通信
を確認しました。

USでは
.jsp .action .do関連のファイルに対するスキャン行為
を確認しました。

EUでは
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
を確認しました。

アクセス数推移

AP：総アクセス数：25 (前日比：-12)
US：総アクセス数：28 (前日比：+16)
EU：総アクセス数：8 (前日比：+4)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Region：AP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	119.188.248.233	China
4	129.213.160.170	United States
3	185.53.88.40	Estonia
256	185.53.91.50	Iceland
1	193.188.22.159	Russia
24	194.187.249.180	France
3	47.75.216.183	China
1	5.188.210.101	Russia
2	77.247.110.219	Netherlands

UserAgent一覧

件数	UserAgent
9	-
1	Go-http-client/1.1
1	Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
24	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36
1	Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
256	Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
3	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)

リクエスト内容一覧

件数	Method	Request	Protocol
2	GET	/aastra/	HTTP/1.1
2	GET	/Aastra/	HTTP/1.1
2	GET	/admin/index.php/dms/Cisco-SPA-122/	HTTP/1.1
2	GET	/alcatel/	HTTP/1.1
2	GET	/Alcatel/	HTTP/1.1
2	GET	/algo/	HTTP/1.1
2	GET	/Algo/	HTTP/1.1
2	GET	/app/provision/	HTTP/1.1
2	GET	/asterisk/phoneprov/	HTTP/1.1
2	GET	/astrocom/	HTTP/1.1
2	GET	/Astrocom/	HTTP/1.1
2	GET	/ata/	HTTP/1.1
2	GET	/Ata/	HTTP/1.1
2	GET	/audiocodes/	HTTP/1.1
2	GET	/Audiocodes/	HTTP/1.1
2	GET	/avaya/	HTTP/1.1
2	GET	/backup/bitcoin/	HTTP/1.1
2	GET	/backup/bitcoin/wallet.dat	HTTP/1.1
2	GET	/backup/wallet.dat	HTTP/1.1
2	GET	/bitcoin/backup/wallet.dat	HTTP/1.1
2	GET	/bitcoin/	HTTP/1.1
2	GET	/.bitcoin/wallet.dat	HTTP/1.1
2	GET	/bitcoin/wallet.dat	HTTP/1.1
2	GET	/BizTouch/	HTTP/1.1
2	GET	/broadsoft/	HTTP/1.1
2	GET	/Broadsoft/	HTTP/1.1
2	GET	/cfg/	HTTP/1.1
2	GET	/cisco/	HTTP/1.1
2	GET	/Cisco/	HTTP/1.1
2	GET	/config/	HTTP/1.1
2	GET	/config_server/	HTTP/1.1
2	GET	/configServlet/	HTTP/1.1
2	GET	/configs/	HTTP/1.1
2	GET	/dekstop/phone/	HTTP/1.1
2	GET	/denwa/	HTTP/1.1
2	GET	/Denwa/	HTTP/1.1
2	GET	/deskphone/aastra/	HTTP/1.1
2	GET	/deskphone/	HTTP/1.1
2	GET	/desktopphone/	HTTP/1.1
2	GET	/devicecfg/	HTTP/1.1
2	GET	/device/	HTTP/1.1
2	GET	/digium/	HTTP/1.1
2	GET	/Digium/	HTTP/1.1
2	GET	/dms/	HTTP/1.1
2	GET	/drayTek/	HTTP/1.1
2	GET	/DrayTek/	HTTP/1.1
2	GET	/fpbx/	HTTP/1.1
2	GET	/FreeSwitch/	HTTP/1.1
2	GET	/ftp/	HTTP/1.1
2	GET	/getconf/	HTTP/1.1
2	GET	/gigaset/	HTTP/1.1
2	GET	/Gigaset/	HTTP/1.1
2	GET	/grandstream/	HTTP/1.1
2	GET	/Grandstream/	HTTP/1.1
2	GET	/gs/	HTTP/1.1
2	GET	/GS/	HTTP/1.1
2	GET	/gxp_1165/	HTTP/1.1
2	GET	/gxp/	HTTP/1.1
2	GET	/GXP/	HTTP/1.1
2	GET	/gxv/	HTTP/1.1
2	GET	/GXV/	HTTP/1.1
2	GET	/htek/	HTTP/1.1
2	GET	/Htek/	HTTP/1.1
1	GET	http://5[.]188[.]210[.]101/echo.php	HTTP/1.1
2	GET	/huawei/	HTTP/1.1
2	GET	/Huawei/	HTTP/1.1
2	GET	/inetpub/	HTTP/1.1
2	GET	/kamailio/	HTTP/1.1
2	GET	/Kamailio/	HTTP/1.1
2	GET	/lancom/	HTTP/1.1
2	GET	/Lancom/	HTTP/1.1
2	GET	/linksys/	HTTP/1.1
2	GET	/Linksys/	HTTP/1.1
2	GET	/management/	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
2	GET	/mitel/	HTTP/1.1
2	GET	/Mitel/	HTTP/1.1
2	GET	/obihai/	HTTP/1.1
2	GET	/Obihai/	HTTP/1.1
2	GET	/overrides/	HTTP/1.1
2	GET	/panasonic/	HTTP/1.1
2	GET	/Panasonic/	HTTP/1.1
2	GET	/pap2/	HTTP/1.1
2	GET	/pbx/	HTTP/1.1
2	GET	/phone/	HTTP/1.1
2	GET	/phoneprov/	HTTP/1.1
2	GET	/phones/	HTTP/1.1
2	GET	/phprov/	HTTP/1.1
2	GET	/polycom/	HTTP/1.1
2	GET	/Polycom/	HTTP/1.1
2	GET	/polycom-vvx/	HTTP/1.1
2	GET	/prov/	HTTP/1.1
2	GET	/provision/	HTTP/1.1
2	GET	/provisioning/	HTTP/1.1
2	GET	/provisioning/p.php/	HTTP/1.1
2	GET	/sangoma/	HTTP/1.1
2	GET	/Sangoma/	HTTP/1.1
2	GET	/scottch/	HTTP/1.1
2	GET	/siemens/	HTTP/1.1
2	GET	/Siemens/	HTTP/1.1
2	GET	/simpla/	HTTP/1.1
2	GET	/sip/	HTTP/1.1
2	GET	/Sip/	HTTP/1.1
2	GET	/SIP/	HTTP/1.1
2	GET	/sipura/	HTTP/1.1
2	GET	/Sipura/	HTTP/1.1
2	GET	/snom/	HTTP/1.1
2	GET	/Snom/	HTTP/1.1
2	GET	/spa/	HTTP/1.1
2	GET	/Spa/	HTTP/1.1
2	GET	/SPA/	HTTP/1.1
2	GET	/swissvoice/	HTTP/1.1
2	GET	/Swissvoice/	HTTP/1.1
2	GET	/sys/	HTTP/1.1
2	GET	/t32/	HTTP/1.1
2	GET	/temp/bitcoin/wallet.dat	HTTP/1.1
2	GET	/temp/wallet.dat	HTTP/1.1
2	GET	/tftpboot/	HTTP/1.1
2	GET	/tftp/	HTTP/1.1
2	GET	/tftpphone/	HTTP/1.1
2	GET	/tftproot/	HTTP/1.1
2	GET	/tiptel/	HTTP/1.1
2	GET	/Tiptel/	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
1	GET	/TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
2	GET	/trixbox/	HTTP/1.1
2	GET	/txt/	HTTP/1.1
2	GET	/ucs/	HTTP/1.1
2	GET	/unauthenticated/provisioning/	HTTP/1.1
2	GET	/unify/	HTTP/1.1
2	GET	/Unify/	HTTP/1.1
2	GET	/voip/	HTTP/1.1
2	GET	/voip_provisioning/	HTTP/1.1
2	GET	/vtech/	HTTP/1.1
2	GET	/VTech/	HTTP/1.1
2	GET	/wallet.dat	HTTP/1.1
2	GET	/wallet/	HTTP/1.1
2	GET	/wallet/wallet.dat	HTTP/1.1
2	GET	/xml/	HTTP/1.1
2	GET	/xmlservices/	HTTP/1.1
2	GET	/yealink/	HTTP/1.1
2	GET	/Yealink/	HTTP/1.1
2	GET	/zyxel/	HTTP/1.1
2	GET	/Zyxel/	HTTP/1.1
3	HEAD	/	HTTP/1.1
2	HEAD	/robots.txt	HTTP/1.0
3	HEAD	/robots.txt	HTTP/1.1
1	POST	/TP/index.php?s=captcha	HTTP/1.1
1	\x03

Region:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	119.188.248.233	China
4	185.142.236.35	Netherlands
1	185.53.88.40	Estonia
128	185.53.91.50	Iceland
6	194.36.173.3	United States
1	35.198.80.125	United States
23	47.90.92.121	Hong Kong
1	77.247.110.219	Netherlands

UserAgent一覧

件数	UserAgent
12	-
1	Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
12	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36
128	Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
11	python-requests/2.12.4
1	python-requests/2.20.0

リクエスト内容一覧

件数	Method	Request	Protocol
1	GET	/aastra/	HTTP/1.1
1	GET	/Aastra/	HTTP/1.1
1	GET	/admin/index.php/dms/Cisco-SPA-122/	HTTP/1.1
1	GET	/alcatel/	HTTP/1.1
1	GET	/Alcatel/	HTTP/1.1
1	GET	/algo/	HTTP/1.1
1	GET	/Algo/	HTTP/1.1
1	GET	/app/provision/	HTTP/1.1
1	GET	/asterisk/phoneprov/	HTTP/1.1
1	GET	/astrocom/	HTTP/1.1
1	GET	/Astrocom/	HTTP/1.1
1	GET	/ata/	HTTP/1.1
1	GET	/Ata/	HTTP/1.1
1	GET	/audiocodes/	HTTP/1.1
1	GET	/Audiocodes/	HTTP/1.1
1	GET	/avaya/	HTTP/1.1
1	GET	/BizTouch/	HTTP/1.1
1	GET	/broadsoft/	HTTP/1.1
1	GET	/Broadsoft/	HTTP/1.1
1	GET	/cfg/	HTTP/1.1
1	GET	/cisco/	HTTP/1.1
1	GET	/Cisco/	HTTP/1.1
1	GET	/config/	HTTP/1.1
1	GET	/config_server/	HTTP/1.1
1	GET	/configServlet/	HTTP/1.1
1	GET	/configs/	HTTP/1.1
1	GET	/default.jsp	HTTP/1.1
1	GET	/dekstop/phone/	HTTP/1.1
1	GET	/denwa/	HTTP/1.1
1	GET	/Denwa/	HTTP/1.1
1	GET	/deskphone/aastra/	HTTP/1.1
1	GET	/deskphone/	HTTP/1.1
1	GET	/desktopphone/	HTTP/1.1
1	GET	/devicecfg/	HTTP/1.1
1	GET	/device/	HTTP/1.1
1	GET	/digium/	HTTP/1.1
1	GET	/Digium/	HTTP/1.1
1	GET	/dms/	HTTP/1.1
1	GET	/drayTek/	HTTP/1.1
1	GET	/DrayTek/	HTTP/1.1
1	GET	/favicon.ico	HTTP/1.1
1	GET	/fpbx/	HTTP/1.1
1	GET	/FreeSwitch/	HTTP/1.1
1	GET	/ftp/	HTTP/1.1
1	GET	/getconf/	HTTP/1.1
1	GET	/gigaset/	HTTP/1.1
1	GET	/Gigaset/	HTTP/1.1
1	GET	/grandstream/	HTTP/1.1
1	GET	/Grandstream/	HTTP/1.1
1	GET	/gs/	HTTP/1.1
1	GET	/GS/	HTTP/1.1
1	GET	/gxp_1165/	HTTP/1.1
1	GET	/gxp/	HTTP/1.1
1	GET	/GXP/	HTTP/1.1
1	GET	/gxv/	HTTP/1.1
1	GET	/GXV/	HTTP/1.1
1	GET	/htek/	HTTP/1.1
1	GET	/Htek/	HTTP/1.1
1	GET	/huawei/	HTTP/1.1
1	GET	/Huawei/	HTTP/1.1
1	GET	/indexAction.action	HTTP/1.1
1	GET	/index.action	HTTP/1.1
1	GET	/index.do	HTTP/1.1
1	GET	/index.jsp	HTTP/1.1
1	GET	/inetpub/	HTTP/1.1
1	GET	/kamailio/	HTTP/1.1
1	GET	/Kamailio/	HTTP/1.1
1	GET	/lancom/	HTTP/1.1
1	GET	/Lancom/	HTTP/1.1
1	GET	/linksys/	HTTP/1.1
1	GET	/Linksys/	HTTP/1.1
1	GET	/login.action	HTTP/1.1
1	GET	/login.do	HTTP/1.1
1	GET	/login/indexAction.action	HTTP/1.1
1	GET	/login.jsp	HTTP/1.1
1	GET	/login/login.jsp	HTTP/1.1
1	GET	/main.jsp	HTTP/1.1
1	GET	/management/	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
1	GET	/mitel/	HTTP/1.1
1	GET	/Mitel/	HTTP/1.1
1	GET	/muieblackcat	HTTP/1.1
1	GET	//myadmin/scripts/setup.php	HTTP/1.1
1	GET	//MyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/obihai/	HTTP/1.1
1	GET	/Obihai/	HTTP/1.1
1	GET	/overrides/	HTTP/1.1
1	GET	/panasonic/	HTTP/1.1
1	GET	/Panasonic/	HTTP/1.1
1	GET	/pap2/	HTTP/1.1
1	GET	/pbx/	HTTP/1.1
1	GET	/phone/	HTTP/1.1
1	GET	/phoneprov/	HTTP/1.1
1	GET	/phones/	HTTP/1.1
1	GET	//phpmyadmin/scripts/setup.php	HTTP/1.1
1	GET	//phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/phprov/	HTTP/1.1
1	GET	//pma/scripts/setup.php	HTTP/1.1
1	GET	/polycom/	HTTP/1.1
1	GET	/Polycom/	HTTP/1.1
1	GET	/polycom-vvx/	HTTP/1.1
1	GET	/prov/	HTTP/1.1
1	GET	/provision/	HTTP/1.1
1	GET	/provisioning/	HTTP/1.1
1	GET	/provisioning/p.php/	HTTP/1.1
1	GET	/register.jsp	HTTP/1.1
1	GET	/robots.txt	HTTP/1.1
1	GET	/sangoma/	HTTP/1.1
1	GET	/Sangoma/	HTTP/1.1
1	GET	/scottch/	HTTP/1.1
1	GET	/siemens/	HTTP/1.1
1	GET	/Siemens/	HTTP/1.1
1	GET	/simpla/	HTTP/1.1
1	GET	/sip/	HTTP/1.1
1	GET	/Sip/	HTTP/1.1
1	GET	/SIP/	HTTP/1.1
1	GET	/sipura/	HTTP/1.1
1	GET	/Sipura/	HTTP/1.1
1	GET	/sitemap.xml	HTTP/1.1
1	GET	/snom/	HTTP/1.1
1	GET	/Snom/	HTTP/1.1
1	GET	/spa/	HTTP/1.1
1	GET	/Spa/	HTTP/1.1
1	GET	/SPA/	HTTP/1.1
1	GET	/swissvoice/	HTTP/1.1
1	GET	/Swissvoice/	HTTP/1.1
1	GET	/sys/	HTTP/1.1
1	GET	/t32/	HTTP/1.1
1	GET	/tftpboot/	HTTP/1.1
1	GET	/tftp/	HTTP/1.1
1	GET	/tftpphone/	HTTP/1.1
1	GET	/tftproot/	HTTP/1.1
1	GET	/tiptel/	HTTP/1.1
1	GET	/Tiptel/	HTTP/1.1
1	GET	/trixbox/	HTTP/1.1
1	GET	/txt/	HTTP/1.1
1	GET	/ucs/	HTTP/1.1
1	GET	/unauthenticated/provisioning/	HTTP/1.1
1	GET	/unify/	HTTP/1.1
1	GET	/Unify/	HTTP/1.1
1	GET	/voip/	HTTP/1.1
1	GET	/voip_provisioning/	HTTP/1.1
1	GET	/vtech/	HTTP/1.1
1	GET	/VTech/	HTTP/1.1
1	GET	/.well-known/security.txt	HTTP/1.1
1	GET	/xml/	HTTP/1.1
1	GET	/xmlservices/	HTTP/1.1
1	GET	/yealink/	HTTP/1.1
1	GET	/Yealink/	HTTP/1.1
1	GET	/zyxel/	HTTP/1.1
1	GET	/Zyxel/	HTTP/1.1
2	HEAD	/robots.txt	HTTP/1.0
1	OPTIONS	/	HTTP/1.1
1	POST	/default.jsp	HTTP/1.1
1	POST	/index.action	HTTP/1.1
1	POST	/index.do	HTTP/1.1
1	POST	/index.jsp	HTTP/1.1
1	POST	/login.action	HTTP/1.1
1	POST	/login.do	HTTP/1.1
1	POST	/login/indexAction.action	HTTP/1.1
1	POST	/login.jsp	HTTP/1.1
1	POST	/login/login.jsp	HTTP/1.1
1	POST	/main.jsp	HTTP/1.1
1	POST	/register.jsp	HTTP/1.1

Region:EU

送信元IPアドレス一覧

件数	送信元IPアドレス	国
10	180.101.253.161	China
1	185.53.88.40	Estonia
6	194.36.173.3	United States
1	3.211.236.37	United States
1	41.216.186.87	South Africa
1	77.247.110.219	Netherlands

UserAgent一覧

件数	UserAgent
9	-
1	Go-http-client/1.1
10	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)

リクエスト内容一覧

件数	Method	Request	Protocol
1	GET	/elrekt.php	HTTP/1.1
1	GET	/html/public/index.php	HTTP/1.1
1	GET	/index.php	HTTP/1.1
1	GET	/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/muieblackcat	HTTP/1.1
1	GET	//myadmin/scripts/setup.php	HTTP/1.1
1	GET	//MyAdmin/scripts/setup.php	HTTP/1.1
1	GET	//phpmyadmin/scripts/setup.php	HTTP/1.1
1	GET	//phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	//pma/scripts/setup.php	HTTP/1.1
1	GET	/public/index.php	HTTP/1.1
1	GET	/thinkphp/html/public/index.php	HTTP/1.1
1	GET	/TP/html/public/index.php	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
2	GET	/TP/public/index.php	HTTP/1.1
2	HEAD	/robots.txt	HTTP/1.0
1	POST	/index.php?s=captcha	HTTP/1.1
1	\x03