ハニーポット(仮) 観測記録 2019/08/01分です。
APでは
ThinkPHPの脆弱性を狙うアクセス
GPONホームルータの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
Polycomのデフォルトのマスタ設定ファイルに対するスキャン行為
を確認しました。
UserAgent部分がNakumaの通信がいました。
USでは
ThinkPHPの脆弱性を狙うアクセス
Jira(CVE-2019–11581)の脆弱性を狙うアクセス
Polycomのデフォルトのマスタ設定ファイルに対するスキャン行為
110[.]249[.]212[.]46に関する不正通信
を確認しました。
EUでは
ThinkPHPの脆弱性を狙うアクセス
Jira(CVE-2019–11581)の脆弱性を狙うアクセス
110[.]249[.]212[.]46に関する不正通信
を確認しました。
アクセス数推移
AP:総アクセス数:60 (前日比:-7)
US:総アクセス数:52 (前日比:+41)
EU:総アクセス数:29 (前日比:-87)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 4 | 106.13.18.213 | China |
| 5 | 109.8.183.222 | France |
| 3 | 112.50.200.122 | China |
| 1 | 121.40.229.42 | China |
| 1 | 128.14.209.154 | United States |
| 1 | 128.14.209.178 | United States |
| 1 | 169.197.108.22 | Netherlands |
| 1 | 171.108.146.30 | China |
| 3 | 185.53.88.40 | Estonia |
| 26 | 185.53.91.50 | Iceland |
| 4 | 211.149.241.18 | China |
| 2 | 221.1.222.114 | China |
| 2 | 77.247.110.201 | Netherlands |
| 6 | 94.102.50.96 | Netherlands |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 5 | - |
| 2 | curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2 |
| 3 | Go-http-client/1.1 |
| 3 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
| 5 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36 |
| 26 | Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 |
| 9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 1 | Nakuma |
| 6 | python-requests/2.9.1 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | GET | /0000000000000.cfg | HTTP/1.1 |
| 2 | GET | /admin/config.php | HTTP/1.1 |
| 2 | GET | /cfg/0000000000000.cfg | HTTP/1.1 |
| 2 | GET | /conf/0000000000000.cfg | HTTP/1.1 |
| 2 | GET | /config/0000000000000.cfg | HTTP/1.1 |
| 2 | GET | /configs/0000000000000.cfg | HTTP/1.1 |
| 1 | GET | /myadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /MyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /mysql/admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/dbadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/mysqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/sqlmanager/index.php?lang=en | HTTP/1.1 |
| 2 | GET | /p/0000000000000.cfg | HTTP/1.1 |
| 2 | GET | /phone/0000000000000.cfg | HTTP/1.1 |
| 2 | GET | /phones/0000000000000.cfg | HTTP/1.1 |
| 1 | GET | /phpmyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /pma/scripts/setup.php | HTTP/1.1 |
| 2 | GET | /polycom/0000000000000.cfg | HTTP/1.1 |
| 2 | GET | /prov/0000000000000.cfg | HTTP/1.1 |
| 2 | GET | /provision/0000000000000.cfg | HTTP/1.1 |
| 2 | GET | /provisioning/0000000000000.cfg | HTTP/1.1 |
| 2 | GET | /pv/0000000000000.cfg | HTTP/1.1 |
| 1 | GET | /scripts/setup.php | HTTP/1.1 |
| 3 | GET | /secure/ContactAdministrators!default.jspa | HTTP/1.1 |
| 3 | GET | /TP/index.php | HTTP/1.1 |
| 2 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 4 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 2 | HEAD | /robots.txt | HTTP/1.1 |
| 1 | POST | /GponForm/diag_Form?images/ | HTTP/1.1 |
| 3 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
| 1 | \x16\x03\x01\x02 | ||
| 1 | \x80\xf1\x01\x03\x03 |
Region:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 110.249.212.46 | China |
| 10 | 112.50.200.122 | China |
| 1 | 128.14.209.226 | United States |
| 1 | 162.243.69.215 | United States |
| 10 | 180.76.134.167 | China |
| 1 | 185.53.88.40 | Estonia |
| 13 | 185.53.91.50 | Iceland |
| 1 | 211.38.144.230 | South Korea |
| 1 | 37.37.234.109 | Kuwait |
| 1 | 5.104.36.12 | Ukraine |
| 1 | 61.219.11.153 | Taiwan |
| 10 | 69.160.57.120 | United States |
| 1 | 82.163.41.77 | Netherlands |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 3 | - |
| 3 | Go-http-client/1.1 |
| 3 | Mozilla/5.0 |
| 1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML|like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
| 13 | Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 |
| 1 | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 |
| 27 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | GET | /0000000000000.cfg | HTTP/1.1 |
| 1 | GET | /cfg/0000000000000.cfg | HTTP/1.1 |
| 1 | GET | /conf/0000000000000.cfg | HTTP/1.1 |
| 1 | GET | /config/0000000000000.cfg | HTTP/1.1 |
| 1 | GET | /configs/0000000000000.cfg | HTTP/1.1 |
| 3 | GET | /elrekt.php | HTTP/1.1 |
| 3 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | http://110[.]249[.]212[.]46/testget?q=23333&port=80 | HTTP/1.1 |
| 3 | GET | /index.php | HTTP/1.1 |
| 3 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /p/0000000000000.cfg | HTTP/1.1 |
| 1 | GET | /phone/0000000000000.cfg | HTTP/1.1 |
| 1 | GET | /phones/0000000000000.cfg | HTTP/1.1 |
| 1 | GET | /polycom/0000000000000.cfg | HTTP/1.1 |
| 1 | GET | /prov/0000000000000.cfg | HTTP/1.1 |
| 1 | GET | /provision/0000000000000.cfg | HTTP/1.1 |
| 1 | GET | /provisioning/0000000000000.cfg | HTTP/1.1 |
| 3 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /pv/0000000000000.cfg | HTTP/1.1 |
| 1 | GET | /secure/ContactAdministrators!default.jspa | HTTP/1.1 |
| 2 | GET | /shell?busybox | HTTP/1.1 |
| 3 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 3 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 3 | GET | /TP/index.php | HTTP/1.1 |
| 3 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /webadmin/script?command= | busybox|HTTP/1.1 |
| 1 | GET | /webadmin/script | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 3 | POST | /index.php?s=captcha | HTTP/1.1 |
Region:EU
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 3 | 110.249.212.46 | China |
| 10 | 112.50.200.122 | China |
| 1 | 128.14.209.154 | United States |
| 10 | 171.244.129.180 | Vietnam |
| 1 | 185.53.88.40 | Estonia |
| 2 | 59.36.132.222 | China |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 87.173.69.140 | Germany |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 6 | - |
| 1 | curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0zlib/1.2.3 libidn/1.18 libssh2/1.2.2 |
| 2 | Go-http-client/1.1 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 |
| 18 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | CONNECT | www.baidu.com:443 | HTTP/1.1 |
| 2 | GET | /elrekt.php | HTTP/1.1 |
| 2 | GET | /html/public/index.php | HTTP/1.1 |
| 3 | GET | http://110[.]249[.]212[.]46/testget?q=23333&port=80 | HTTP/1.1 |
| 1 | GET | http://www.baidu.com/ | HTTP/1.1 |
| 2 | GET | /index.php | HTTP/1.1 |
| 2 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 | HTTP/1.1 |
| 2 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /secure/ContactAdministrators!default.jspa | HTTP/1.1 |
| 2 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 2 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 2 | GET | /TP/index.php | HTTP/1.1 |
| 2 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /ui | HTTP/1.1\n |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 2 | POST | /index.php?s=captcha | HTTP/1.1 |
