2019/08/03 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2019/08/03分です。

APでは
ThinkPHPの脆弱性を狙うアクセス
Jira(CVE-2019–11581)の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
ZmEuでのスキャン行為
172[.]247[.]32[.]25に関する不正通信
を確認しました。

USでは
Jira(CVE-2019–11581)の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
masscanでのスキャン行為
ZmEuでのスキャン行為
172[.]247[.]32[.]25に関する不正通信
を確認しました。

EUでは
Jira(CVE-2019–11581)の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
ZmEuでのスキャン行為
172[.]247[.]32[.]25に関する不正通信
を確認しました。

アクセス数推移

AP：総アクセス数：50 (前日比：-39)
US：総アクセス数：13 (前日比：-179)
EU：総アクセス数：36 (前日比：-190)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Region：AP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	111.206.52.81	China
1	112.125.92.74	China
1	128.14.209.234	United States
1	128.14.209.242	United States
1	128.14.209.250	United States
4	183.131.18.171	China
3	185.53.88.40	Estonia
1	194.61.24.88	Netherlands
1	27.115.124.6	China
1	27.115.124.70	China
2	31.35.41.253	France
1	54.36.148.12	France
1	54.36.148.152	France
1	61.219.11.153	Taiwan
1	66.240.205.34	United States
21	80.82.78.57	Netherlands
5	89.242.4.72	United Kingdom
1	91.195.99.114	Romania
2	92.118.37.91	Greece

UserAgent一覧

件数	UserAgent
9	-
1	Go-http-client/1.1
2	Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)
3	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
7	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36
3	Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0
3	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
1	ProxyChecker/1.0
21	ZmEu

リクエスト内容一覧

件数	Method	Request	Protocol
1	-
1	GET	/db/scripts/setup.php	HTTP/1.1
1	GET	http://172[.]247[.]32[.]25/ddd.html	HTTP/1.1
1	GET	/jira/secure/ContactAdministrators!default.jspa	HTTP/1.1
2	GET	/Login/Login.aspx	HTTP/1.1
1	GET	/myadmin/scripts/setup.php	HTTP/1.1
1	GET	/MyAdmin/scripts/setup.php	HTTP/1.1
2	GET	/mysql/admin/index.php?lang=en	HTTP/1.1
2	GET	/mysql/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/mysqlmanager/index.php?lang=en	HTTP/1.1
2	GET	/mysql/scripts/setup.php	HTTP/1.1
1	GET	/mysql/sqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin-2.10.0.0/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin-2.11.11.3/scripts/setup.php	HTTP/1.1
1	GET	/phpmyadmin2/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin-2/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin-3.0.0.0-all-languages/scripts/setup.php	HTTP/1.1
1	GET	/phpmyadmin3/scripts/setup.php	HTTP/1.1
1	GET	/phpmyadmin4/scripts/setup.php	HTTP/1.1
1	GET	/phpmyadmin7/scripts/setup.php	HTTP/1.1
1	GET	/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/pma2012/scripts/setup.php	HTTP/1.1
1	GET	/pma2015/scripts/setup.php	HTTP/1.1
1	GET	/PMA2015/scripts/setup.php	HTTP/1.1
1	GET	/pma2016/scripts/setup.php	HTTP/1.1
1	GET	/PMA2016/scripts/setup.php	HTTP/1.1
1	GET	/pma/scripts/setup.php	HTTP/1.1
2	GET	/robots.txt	HTTP/1.1
1	GET	/scripts/setup.php	HTTP/1.1
2	GET	/secure/ContactAdministrators!default.jspa	HTTP/1.1
3	GET	/server-status	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
1	GET	/TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
1	GET	/w00tw00t.at.blackhats.romanian.anti-sec:)	HTTP/1.1
1	Gh0st\xad
1	HEAD	/	HTTP/1.1
1	HEAD	/robots.txt	HTTP/1.0
2	HEAD	/robots.txt	HTTP/1.1
1	POST	/TP/index.php?s=captcha	HTTP/1.1
1	\x03

Region:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	128.14.209.226	United States
2	27.115.124.6	China
1	27.115.124.70	China
7	59.106.217.47	Japan
1	91.121.209.213	France
1	91.195.99.114	Romania

UserAgent一覧

件数	UserAgent
1	-
1	masscan/1.0 (https://github.com/robertdavidgraham/masscan)
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
3	Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0
1	ProxyChecker/1.0
6	ZmEu

リクエスト内容一覧

件数	Method	Request	Protocol
1	GET	/.env	HTTP/1.0
1	GET	HTTP/1.1
1	GET	http://172[.]247[.]32[.]25/ddd.html	HTTP/1.1
1	GET	/myadmin/scripts/setup.php	HTTP/1.1
1	GET	/MyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/phpmyadmin/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/pma/scripts/setup.php	HTTP/1.1
1	GET	/secure/ContactAdministrators!default.jspa	HTTP/1.1
3	GET	/server-status	HTTP/1.1
1	GET	/w00tw00t.at.blackhats.romanian.anti-sec:)	HTTP/1.1

Region:EU

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	128.14.209.234	United States
1	128.14.209.242	United States
2	140.143.132.60	China
1	185.53.88.40	Estonia
1	194.61.24.88	Netherlands
2	198.44.228.10	United States
16	80.82.78.57	Netherlands
1	89.139.112.97	Israel
1	91.195.99.114	Romania

UserAgent一覧

件数	UserAgent
5	-
2	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
2	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
1	ProxyChecker/1.0
16	ZmEu

リクエスト内容一覧

件数	Method	Request	Protocol
1	GET	/db/scripts/setup.php	HTTP/1.1
1	GET	http://172[.]247[.]32[.]25/ddd.html	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
1	GET	/myadmin/scripts/setup.php	HTTP/1.1
1	GET	/mysqladmin/scripts/setup.php	HTTP/1.1
1	GET	/mysql/scripts/setup.php	HTTP/1.1
1	GET	/nice%20ports%2C/Tri%6Eity.txt%2ebak	HTTP/1.0
1	GET	/phpMyAdmin-2.10.0.0/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin-2.11.11.3/scripts/setup.php	HTTP/1.1
1	GET	/phpmyadmin7/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/pma2011/scripts/setup.php	HTTP/1.1
1	GET	/pma2012/scripts/setup.php	HTTP/1.1
1	GET	/PMA2013/scripts/setup.php	HTTP/1.1
1	GET	/pma2014/scripts/setup.php	HTTP/1.1
1	GET	/PMA2014/scripts/setup.php	HTTP/1.1
1	GET	/pma2015/scripts/setup.php	HTTP/1.1
1	GET	/PMA2015/scripts/setup.php	HTTP/1.1
1	GET	/pma/scripts/setup.php	HTTP/1.1
2	GET	/secure/ContactAdministrators!default.jspa	HTTP/1.1
1	GET	/shell?uname%20-a	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
1	HEAD	/robots.txt	HTTP/1.0
10	OPTIONS	*	HTTP/1.0
1	\x03