コンニチハレバレトシタアオゾラ

つれづれなるままに、日暮らし、ぶろぐにむかひて、心にうつりゆくよしなしごとを、そこはかとなく書きつくれば、

2019/07/25 ハニーポット(仮) 観測記録

honeypot

ハニーポット(仮) 観測記録 2019/07/25分です。

APでは
PHPUnit脆弱性を狙うアクセス
/wp-includes/関連のファイルに対するスキャン行為
を確認しました。

USでは
Netgearの脆弱性を狙うアクセス
Gh0st RATと思われるアクセス
vtigerCRMへのスキャン行為
を確認しました。

EUでは
Gh0st RATと思われるアクセス
を確認しました。

アクセス数推移

AP:総アクセス数:33 (前日比:-262)
US:総アクセス数:10 (前日比:-155)
EU:総アクセス数:11 (前日比:-9)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Region:AP

送信元IPアドレス一覧

件数 送信元IPアドレス
1 14.187.151.211 Vietnam
1 171.6.232.188 Thailand
1 172.104.242.173 United States
1 176.196.53.250 Russia
1 34.74.250.161 United States
1 58.220.51.149 China
1 61.219.11.153 Taiwan
4 71.6.158.166 United States
20 91.121.222.157 France
2 93.113.206.188 France

UserAgent一覧

件数 UserAgent
6 -
1 Liquor 1.0
1 Mozilla/5.0
20 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
2 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0
1 python-requests/2.10.0
2 python-requests/2.21.0

リクエスト内容一覧

件数 Method Request Protocol
2 -
1 GET /2015/wp-includes/wlwmanifest.xml HTTP/1.1
1 GET /2016/wp-includes/wlwmanifest.xml HTTP/1.1
1 GET /2017/wp-includes/wlwmanifest.xml HTTP/1.1
1 GET /2018/wp-includes/wlwmanifest.xml HTTP/1.1
1 GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1
1 GET /cms/wp-includes/wlwmanifest.xml HTTP/1.1
1 GET /error_page.htm HTTP/1.1
1 GET /favicon.ico HTTP/1.1
1 GET /media/wp-includes/wlwmanifest.xml HTTP/1.1
1 GET /news/wp-includes/wlwmanifest.xml HTTP/1.1
1 GET /phpmyadmin/ HTTP/1.1
1 GET /pma/ HTTP/1.1
1 GET /robots.txt HTTP/1.1
1 GET /shell?busybox HTTP/1.1
1 GET /shop/wp-includes/wlwmanifest.xml HTTP/1.1
1 GET /sitemap.xml HTTP/1.1
1 GET /site/wp-includes/wlwmanifest.xml HTTP/1.1
1 GET /sito/wp-includes/wlwmanifest.xml HTTP/1.1
1 GET /test/wp-includes/wlwmanifest.xml HTTP/1.1
2 GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
1 GET /website/wp-includes/wlwmanifest.xml HTTP/1.1
1 GET /web/wp-includes/wlwmanifest.xml HTTP/1.1
1 GET /.well-known/security.txt HTTP/1.1
1 GET /wordpress/wp-includes/wlwmanifest.xml HTTP/1.1
1 GET /wp1/wp-includes/wlwmanifest.xml HTTP/1.1
1 GET /wp2/wp-includes/wlwmanifest.xml HTTP/1.1
1 GET /wp-includes/wlwmanifest.xml HTTP/1.1
1 GET /wp/wp-includes/wlwmanifest.xml HTTP/1.1
1 GET /xmlrpc.php?rsd HTTP/1.1
1 OPTIONS / HTTP/1.1
Region:US

送信元IPアドレス一覧

件数 送信元IPアドレス
1 106.15.125.110 China
1 112.125.92.74 China
1 172.104.242.173 United States
2 209.159.151.134 United States
1 223.17.141.157 Hong Kong
1 34.97.20.136 United States
1 39.106.220.230 China
1 61.219.11.153 Taiwan
1 66.240.205.34 United States

UserAgent一覧

件数 UserAgent
6 -
2 Mozilla/5.0
1 Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
1 python-requests/2.22.0

リクエスト内容一覧

件数 Method Request Protocol
2 -
1 GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=busybox&curpath=/&currentsetting.htm=1 HTTP/1.1
1 GET /TP/public/index.php HTTP/1.1
1 GET /vtigercrm/vtigerservice.php HTTP/1.1
1 GET /webdav/ HTTP/1.1
1 Gh0st\xad
1 HEAD / HTTP/1.1
1 OPTIONS / HTTP/1.1
1 \x16\x03\x01
Region:EU

送信元IPアドレス一覧

件数 送信元IPアドレス
1 119.188.248.233 China
1 172.104.242.173 United States
1 185.53.88.40 Estonia
1 41.216.186.87 South Africa
1 61.219.11.153 Taiwan
1 66.240.205.34 United States

UserAgent一覧

件数 UserAgent
5 -
1 Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)

リクエスト内容一覧

件数 Method Request Protocol
2 -
1 GET /manager/html HTTP/1.1
1 Gh0st\xad
1 HEAD /robots.txt HTTP/1.0
1 \x03