ハニーポット(仮) 観測記録 2019/08/05分です。
APでは
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
Jorgeeでのスキャン行為
zgrabでのスキャン行為
ZmEuでのスキャン行為
を確認しました。
USでは
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
zgrabでのスキャン行為
ZmEuでのスキャン行為
を確認しました。
EUでは
zgrabでのスキャン行為
5[.]188[.]210[.]101に関する不正通信
を確認しました。
アクセス数推移
AP:総アクセス数:488 (前日比:+413)
US:総アクセス数:18 (前日比:-215)
EU:総アクセス数:13 (前日比:-4)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 2 | 103.252.100.206 | Indonesia |
| 2 | 103.252.189.53 | Indonesia |
| 9 | 103.44.2.248 | India |
| 2 | 104.248.112.165 | United States |
| 2 | 104.248.235.22 | United States |
| 2 | 104.248.53.106 | United States |
| 2 | 104.248.7.193 | United States |
| 9 | 1.136.104.76 | Australia |
| 9 | 118.163.36.234 | Taiwan |
| 1 | 118.89.149.71 | China |
| 9 | 120.79.200.111 | China |
| 9 | 121.160.106.93 | South Korea |
| 1 | 122.166.198.218 | India |
| 9 | 122.21.29.12 | Japan |
| 2 | 134.209.161.90 | United States |
| 2 | 13.48.6.12 | Sweden |
| 9 | 138.197.184.109 | Germany |
| 2 | 138.68.138.161 | United Kingdom |
| 2 | 138.68.66.69 | Germany |
| 2 | 142.93.156.118 | Canada |
| 2 | 153.199.202.249 | Japan |
| 2 | 157.230.136.228 | United States |
| 2 | 157.230.96.10 | Germany |
| 1 | 157.55.39.21 | United States |
| 2 | 159.203.101.185 | United States |
| 2 | 159.203.103.184 | United States |
| 1 | 159.203.42.143 | Canada |
| 2 | 159.89.115.127 | Canada |
| 2 | 159.89.127.129 | Canada |
| 2 | 159.89.145.40 | United States |
| 9 | 159.89.156.71 | United States |
| 2 | 160.16.127.253 | Japan |
| 2 | 162.243.144.94 | United States |
| 2 | 162.243.151.153 | United States |
| 2 | 165.22.101.92 | United States |
| 2 | 165.22.12.25 | United States |
| 9 | 165.22.137.39 | United States |
| 2 | 165.22.212.210 | United States |
| 2 | 165.22.53.187 | United States |
| 9 | 172.79.76.91 | United States |
| 2 | 178.128.178.73 | United States |
| 9 | 178.15.98.24 | Germany |
| 4 | 178.62.215.38 | Netherlands |
| 2 | 178.62.78.55 | United Kingdom |
| 2 | 185.181.164.22 | Russia |
| 9 | 185.204.215.28 | United Kingdom |
| 9 | 185.37.228.115 | Spain |
| 2 | 185.37.228.139 | Spain |
| 3 | 185.53.88.40 | Estonia |
| 5 | 187.188.24.123 | Mexico |
| 9 | 188.164.243.206 | Poland |
| 2 | 188.166.107.175 | Netherlands |
| 2 | 190.210.230.224 | Argentina |
| 2 | 192.169.233.147 | United States |
| 9 | 194.166.163.130 | Austria |
| 9 | 194.166.72.156 | Austria |
| 1 | 194.61.24.88 | Netherlands |
| 9 | 195.135.51.251 | Spain |
| 6 | 195.154.86.34 | France |
| 9 | 196.218.157.75 | Egypt |
| 9 | 198.199.76.179 | United States |
| 2 | 198.23.249.253 | United States |
| 4 | 201.108.235.116 | Mexico |
| 2 | 206.189.231.87 | United States |
| 9 | 210.183.71.249 | South Korea |
| 9 | 212.23.138.106 | Germany |
| 9 | 31.32.230.173 | France |
| 9 | 36.52.185.143 | Japan |
| 2 | 3.87.38.147 | United States |
| 9 | 39.110.213.227 | Japan |
| 2 | 49.212.119.249 | Japan |
| 2 | 51.15.52.96 | Netherlands |
| 2 | 51.83.33.54 | France |
| 2 | 54.37.159.235 | France |
| 9 | 60.224.142.10 | Australia |
| 9 | 67.172.212.21 | United States |
| 9 | 67.205.190.31 | United States |
| 2 | 67.207.90.73 | United States |
| 8 | 69.160.57.120 | United States |
| 9 | 77.241.11.194 | Italy |
| 9 | 79.61.33.46 | Italy |
| 9 | 80.128.146.175 | Germany |
| 9 | 82.74.177.197 | Netherlands |
| 9 | 83.135.175.196 | Germany |
| 9 | 85.219.218.249 | Poland |
| 9 | 87.191.178.131 | Germany |
| 7 | 88.26.249.115 | Spain |
| 9 | 89.207.106.236 | Italy |
| 9 | 90.88.29.224 | France |
| 9 | 91.211.146.146 | Russia |
| 2 | 91.92.70.152 | Bulgaria |
| 9 | 93.222.144.245 | Germany |
| 9 | 93.227.159.24 | Germany |
| 2 | 95.154.194.61 | United Kingdom |
| 9 | 96.91.160.109 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 4 | - |
| 2 | Go-http-client/1.1 |
| 1 | Mozilla/5.0 |
| 1 | Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) |
| 462 | Mozilla/5.0 Jorgee |
| 1 | Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0 |
| 1 | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 |
| 6 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 4 | Mozilla/5.0 zgrab/0.x |
| 6 | ZmEu |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 41 | GET | /db/ | HTTP/1.1 |
| 4 | GET | /manager/html | HTTP/1.1 |
| 2 | GET | /manager/text/list | HTTP/1.1 |
| 85 | GET | /phpmyadmin/ | HTTP/1.1 |
| 2 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 42 | GET | /pma/ | HTTP/1.1 |
| 42 | GET | /PMA/ | HTTP/1.1 |
| 2 | GET | /pma/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 2 | GET | /TP/index.php | HTTP/1.1 |
| 2 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 2 | GET | /TP/public/index.php | HTTP/1.1 |
| 2 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
| 1 | GET | /webdav/ | HTTP/1.1 |
| 42 | HEAD | /dbadmin/ | HTTP/1.1 |
| 41 | HEAD | /db/ | HTTP/1.1 |
| 85 | HEAD | /phpmyadmin/ | HTTP/1.1 |
| 42 | HEAD | /pma/ | HTTP/1.1 |
| 42 | HEAD | /PMA/ | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 2 | HEAD | /robots.txt | HTTP/1.1 |
| 2 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
| 1 | \x03 |
Region:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 107.170.199.53 | United States |
| 10 | 111.230.245.235 | China |
| 1 | 185.53.88.40 | Estonia |
| 1 | 194.61.24.88 | Netherlands |
| 3 | 195.154.86.34 | France |
| 1 | 211.38.144.230 | South Korea |
| 1 | 45.227.255.100 | Panama |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 3 | - |
| 1 | Go-http-client/1.1 |
| 1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
| 9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 1 | Mozilla/5.0 zgrab/0.x |
| 3 | ZmEu |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 2 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /pma/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 1 | POST | /index.php?s=captcha | HTTP/1.1 |
| 2 | \x03 |
Region:EU
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 107.170.239.108 | United States |
| 1 | 185.53.88.40 | Estonia |
| 1 | 194.61.24.88 | Netherlands |
| 4 | 198.20.99.130 | Netherlands |
| 1 | 211.38.144.230 | South Korea |
| 2 | 216.245.218.250 | United States |
| 1 | 38.21.240.170 | United States |
| 1 | 5.188.210.101 | Russia |
| 1 | 5.254.81.170 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 5 | - |
| 1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
| 1 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0 |
| 2 | Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 |
| 1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
| 1 | Mozilla/5.0 zgrab/0.x |
| 1 | python-requests/2.10.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | http://5[.]188[.]210[.]101/echo.php | HTTP/1.1 |
| 1 | GET | http://www[.]965011[.]com/index.html | HTTP/1.1 |
| 2 | GET | http://www[.]msftncsi[.]com/ncsi.txt | HTTP/1.1 |
| 2 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /sitemap.xml | HTTP/1.1 |
| 1 | GET | /.well-known/security.txt | HTTP/1.1 |
| 1 | HEAD | /images/ | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 1 | \x03 |
