ハニーポット(仮) 観測記録 2019/08/03分です。
APでは
ThinkPHPの脆弱性を狙うアクセス
Jira(CVE-2019–11581)の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
ZmEuでのスキャン行為
172[.]247[.]32[.]25に関する不正通信
を確認しました。
USでは
Jira(CVE-2019–11581)の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
masscanでのスキャン行為
ZmEuでのスキャン行為
172[.]247[.]32[.]25に関する不正通信
を確認しました。
EUでは
Jira(CVE-2019–11581)の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
ZmEuでのスキャン行為
172[.]247[.]32[.]25に関する不正通信
を確認しました。
アクセス数推移
AP:総アクセス数:50 (前日比:-39)
US:総アクセス数:13 (前日比:-179)
EU:総アクセス数:36 (前日比:-190)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 111.206.52.81 | China |
1 | 112.125.92.74 | China |
1 | 128.14.209.234 | United States |
1 | 128.14.209.242 | United States |
1 | 128.14.209.250 | United States |
4 | 183.131.18.171 | China |
3 | 185.53.88.40 | Estonia |
1 | 194.61.24.88 | Netherlands |
1 | 27.115.124.6 | China |
1 | 27.115.124.70 | China |
2 | 31.35.41.253 | France |
1 | 54.36.148.12 | France |
1 | 54.36.148.152 | France |
1 | 61.219.11.153 | Taiwan |
1 | 66.240.205.34 | United States |
21 | 80.82.78.57 | Netherlands |
5 | 89.242.4.72 | United Kingdom |
1 | 91.195.99.114 | Romania |
2 | 92.118.37.91 | Greece |
UserAgent一覧
件数 | UserAgent |
---|---|
9 | - |
1 | Go-http-client/1.1 |
2 | Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/) |
3 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
7 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36 |
3 | Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0 |
3 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
1 | ProxyChecker/1.0 |
21 | ZmEu |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
1 | GET | /db/scripts/setup.php | HTTP/1.1 |
1 | GET | http://172[.]247[.]32[.]25/ddd.html | HTTP/1.1 |
1 | GET | /jira/secure/ContactAdministrators!default.jspa | HTTP/1.1 |
2 | GET | /Login/Login.aspx | HTTP/1.1 |
1 | GET | /myadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /MyAdmin/scripts/setup.php | HTTP/1.1 |
2 | GET | /mysql/admin/index.php?lang=en | HTTP/1.1 |
2 | GET | /mysql/dbadmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /mysql/mysqlmanager/index.php?lang=en | HTTP/1.1 |
2 | GET | /mysql/scripts/setup.php | HTTP/1.1 |
1 | GET | /mysql/sqlmanager/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpMyAdmin-2.10.0.0/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin-2.11.11.3/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpmyadmin2/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin-2/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin-3.0.0.0-all-languages/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpmyadmin3/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpmyadmin4/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpmyadmin7/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpmyadmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /pma2012/scripts/setup.php | HTTP/1.1 |
1 | GET | /pma2015/scripts/setup.php | HTTP/1.1 |
1 | GET | /PMA2015/scripts/setup.php | HTTP/1.1 |
1 | GET | /pma2016/scripts/setup.php | HTTP/1.1 |
1 | GET | /PMA2016/scripts/setup.php | HTTP/1.1 |
1 | GET | /pma/scripts/setup.php | HTTP/1.1 |
2 | GET | /robots.txt | HTTP/1.1 |
1 | GET | /scripts/setup.php | HTTP/1.1 |
2 | GET | /secure/ContactAdministrators!default.jspa | HTTP/1.1 |
3 | GET | /server-status | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
1 | Gh0st\xad | ||
1 | HEAD | / | HTTP/1.1 |
1 | HEAD | /robots.txt | HTTP/1.0 |
2 | HEAD | /robots.txt | HTTP/1.1 |
1 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
1 | \x03 |
Region:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 128.14.209.226 | United States |
2 | 27.115.124.6 | China |
1 | 27.115.124.70 | China |
7 | 59.106.217.47 | Japan |
1 | 91.121.209.213 | France |
1 | 91.195.99.114 | Romania |
UserAgent一覧
件数 | UserAgent |
---|---|
1 | - |
1 | masscan/1.0 (https://github.com/robertdavidgraham/masscan) |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
3 | Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0 |
1 | ProxyChecker/1.0 |
6 | ZmEu |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | GET | /.env | HTTP/1.0 |
1 | GET | HTTP/1.1 | |
1 | GET | http://172[.]247[.]32[.]25/ddd.html | HTTP/1.1 |
1 | GET | /myadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /MyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /pma/scripts/setup.php | HTTP/1.1 |
1 | GET | /secure/ContactAdministrators!default.jspa | HTTP/1.1 |
3 | GET | /server-status | HTTP/1.1 |
1 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
Region:EU
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 128.14.209.234 | United States |
1 | 128.14.209.242 | United States |
2 | 140.143.132.60 | China |
1 | 185.53.88.40 | Estonia |
1 | 194.61.24.88 | Netherlands |
2 | 198.44.228.10 | United States |
16 | 80.82.78.57 | Netherlands |
1 | 89.139.112.97 | Israel |
1 | 91.195.99.114 | Romania |
UserAgent一覧
件数 | UserAgent |
---|---|
5 | - |
2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
2 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
1 | ProxyChecker/1.0 |
16 | ZmEu |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | GET | /db/scripts/setup.php | HTTP/1.1 |
1 | GET | http://172[.]247[.]32[.]25/ddd.html | HTTP/1.1 |
1 | GET | /manager/html | HTTP/1.1 |
1 | GET | /myadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /mysqladmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /mysql/scripts/setup.php | HTTP/1.1 |
1 | GET | /nice%20ports%2C/Tri%6Eity.txt%2ebak | HTTP/1.0 |
1 | GET | /phpMyAdmin-2.10.0.0/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin-2.11.11.3/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpmyadmin7/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /pma2011/scripts/setup.php | HTTP/1.1 |
1 | GET | /pma2012/scripts/setup.php | HTTP/1.1 |
1 | GET | /PMA2013/scripts/setup.php | HTTP/1.1 |
1 | GET | /pma2014/scripts/setup.php | HTTP/1.1 |
1 | GET | /PMA2014/scripts/setup.php | HTTP/1.1 |
1 | GET | /pma2015/scripts/setup.php | HTTP/1.1 |
1 | GET | /PMA2015/scripts/setup.php | HTTP/1.1 |
1 | GET | /pma/scripts/setup.php | HTTP/1.1 |
2 | GET | /secure/ContactAdministrators!default.jspa | HTTP/1.1 |
1 | GET | /shell?uname%20-a | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | HEAD | /robots.txt | HTTP/1.0 |
10 | OPTIONS | * | HTTP/1.0 |
1 | \x03 |