ハニーポット(仮) 観測記録 2019/08/08分です。

特徴

Region：AP

ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
awsのcredential情報に対するスキャン行為
Jorgeeでのスキャン行為
ZmEuでのスキャン行為
110[.]249[.]212[.]46に関する不正通信
を確認しました。

Region：US

ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
zgrabでのスキャン行為
ZmEuでのスキャン行為
110[.]249[.]212[.]46に関する不正通信
を確認しました。

Region：EU

awsのcredential情報に対するスキャン行為
masscanでのスキャン行為
110[.]249[.]212[.]46に関する不正通信
を確認しました。

他

AWS環境へのスキャンが実施されている可能性があります。

アクセス数推移

AP：総アクセス数：49 (前日比：-94)
US：総アクセス数：60 (前日比：+32)
EU：総アクセス数：12 (前日比：-28)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Region：AP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
4	106.75.244.158	China
3	110.249.212.46	China
9	116.72.138.76	India
4	132.145.202.165	United States
1	149.202.10.237	France
2	168.63.210.138	Hong Kong
1	183.16.208.49	China
3	195.154.86.34	France
1	34.201.32.121	United States
1	3.83.87.21	United States
9	50.195.140.117	United States
6	5.254.81.178	United States
1	54.36.149.43	France
1	82.199.136.98	United States
3	91.121.209.213	France

UserAgent一覧

件数	UserAgent
4	-
2	Go-http-client/1.1
3	masscan/1.0 (https://github.com/robertdavidgraham/masscan)
1	Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)
1	Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
20	Mozilla/5.0 Jorgee
2	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0
3	Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
1	Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.8.1.8) Gecko/20071008 Firefox/2.0.0.8
6	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
2	python-requests/2.20.1
3	ZmEu

リクエスト内容一覧

件数	Method	Request	Protocol
1	CONNECT	i.instagram.com:443	HTTP/1.1
1	GET	/.aws/credentials	HTTP/1.0
2	GET	/.aws/credentials	HTTP/1.1
2	GET	/db/	HTTP/1.1
3	GET	http://110[.]249[.]212[.]46/testget?q=23333&port=80	HTTP/1.1
1	GET	/images/defau1t.php	HTTP/1.1
5	GET	/images/	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
3	GET	/phpmyadmin/	HTTP/1.1
1	GET	/phpmyadmin/scripts/setup.php	HTTP/1.1
2	GET	/pma/	HTTP/1.1
2	GET	/PMA/	HTTP/1.1
1	GET	/pma/scripts/setup.php	HTTP/1.1
1	GET	/robots.txt	HTTP/1.1
2	GET	/TP/index.php	HTTP/1.1
2	GET	/TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
2	GET	/TP/public/index.php	HTTP/1.1
1	GET	/w00tw00t.at.blackhats.romanian.anti-sec:)	HTTP/1.1
2	HEAD	/dbadmin/	HTTP/1.1
2	HEAD	/db/	HTTP/1.1
2	HEAD	/	HTTP/1.1
1	HEAD	/images/	HTTP/1.1
3	HEAD	/phpmyadmin/	HTTP/1.1
2	HEAD	/pma/	HTTP/1.1
2	HEAD	/PMA/	HTTP/1.1
2	POST	/TP/index.php?s=captcha	HTTP/1.1

Region:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	110.249.212.46	China
10	112.50.200.122	China
1	141.105.69.244	Russia
1	144.76.81.230	Germany
1	172.104.242.173	United States
41	46.101.119.15	Germany
2	5.254.81.178	United States
3	90.28.145.179	France

UserAgent一覧

件数	UserAgent
2	-
1	Go-http-client/1.1
3	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0
1	Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
1	Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
9	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
1	zgrab1.0.28
41	ZmEu

リクエスト内容一覧

件数	Method	Request	Protocol
1	-
1	GET	/admincooptel/phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/admin/phpmyadmin/scripts/setup.php	HTTP/1.1
1	GET	/admin/scripts/setup.php	HTTP/1.1
1	GET	/alt/sqladmin/scripts/setup.php	HTTP/1.1
1	GET	/configuracion/phpmyadmin/scripts/setup.php	HTTP/1.1
1	GET	/db/scripts/setup.php	HTTP/1.1
1	GET	/elrekt.php	HTTP/1.1
1	GET	/HNAP1/	HTTP/1.1
1	GET	/html/public/index.php	HTTP/1.1
1	GET	http://110[.]249[.]212[.]46/testget?q=23333&port=80	HTTP/1.1
1	GET	/images/	HTTP/1.0
1	GET	/images/	HTTP/1.1
1	GET	/index.php	HTTP/1.1
1	GET	/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/myadmin/scripts/setup.php	HTTP/1.1
1	GET	/MyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/mysql/admin/index.php?lang=en	HTTP/1.1
1	GET	/mysqladmin/scripts/setup.php	HTTP/1.1
1	GET	/mysql/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/scripts/setup.php	HTTP/1.1
1	GET	/MySQL/scripts/setup.php	HTTP/1.1
1	GET	/mysql/sqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/php-admin/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin-2.5.6/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin-2.5.7/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin-2.6.3/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin-2.6.4/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin-2.7.0/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin-2.8.0.4/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin-2.8.0/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin-2.8.1/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin-2.8.2/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin2/scripts/setup.php	HTTP/1.1
1	GET	/phpmyadmin.box25/scripts/setup.php	HTTP/1.1
1	GET	/php-my-admin/scripts/setup.php	HTTP/1.1
1	GET	/phpmy-admin/scripts/setup.php	HTTP/1.1
1	GET	/phpmyadmin/scripts/setup.php	HTTP/1.1
1	GET	/_phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/pHpMyAdMiN/scripts/setup.php	HTTP/1.1
1	GET	/phpmyadmin/scripts/setup.php/index.php	HTTP/1.1
1	GET	/phpmy/scripts/setup.php	HTTP/1.1
1	GET	/php/phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/php/scripts/setup.php	HTTP/1.1
1	GET	/pma/scripts/setup.php	HTTP/1.1
1	GET	/PMA/scripts/setup.php	HTTP/1.1
1	GET	/public/index.php	HTTP/1.1
1	GET	/pyaniste/mysqladmin/scripts/setup.php	HTTP/1.1
1	GET	/scripts/setup.php	HTTP/1.1
1	GET	/sqladmin/scripts/setup.php	HTTP/1.1
1	GET	/thinkphp/html/public/index.php	HTTP/1.1
1	GET	/TP/html/public/index.php	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
1	GET	/tree?	HTTP/1.0
1	GET	/w00tw00t.at.blackhats.romanian.anti-sec:)	HTTP/1.1
1	GET	/web/phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/websql/scripts/setup.php	HTTP/1.1
1	POST	/index.php?s=captcha	HTTP/1.1

Region:EU

送信元IPアドレス一覧

件数	送信元IPアドレス	国
2	110.249.212.46	China
1	149.202.10.237	France
4	183.131.18.173	China
1	193.188.22.159	Russia
2	5.254.81.178	United States
1	77.234.46.144	United States
1	91.121.209.213	France

UserAgent一覧

件数	UserAgent
4	-
1	masscan/1.0 (https://github.com/robertdavidgraham/masscan)
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0
1	Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0
1	Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
4	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)

リクエスト内容一覧

件数	Method	Request	Protocol
1	CONNECT	i.instagram.com:443	HTTP/1.1
1	GET	/.aws/credentials	HTTP/1.0
1	GET	/HNAP1/	HTTP/1.1
1	GET	/html/public/index.php	HTTP/1.1
2	GET	http://110[.]249[.]212[.]46/testget?q=23333&port=80	HTTP/1.1
1	GET	/images/	HTTP/1.0
1	GET	/images/	HTTP/1.1
1	GET	/thinkphp/html/public/index.php	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
1	\x03