ハニーポット(仮) 観測記録 2019/08/08分です。
特徴
Region:AP
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
awsのcredential情報に対するスキャン行為
Jorgeeでのスキャン行為
ZmEuでのスキャン行為
110[.]249[.]212[.]46に関する不正通信
を確認しました。
Region:US
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
zgrabでのスキャン行為
ZmEuでのスキャン行為
110[.]249[.]212[.]46に関する不正通信
を確認しました。
Region:EU
awsのcredential情報に対するスキャン行為
masscanでのスキャン行為
110[.]249[.]212[.]46に関する不正通信
を確認しました。
他
AWS環境へのスキャンが実施されている可能性があります。
アクセス数推移
AP:総アクセス数:49 (前日比:-94)
US:総アクセス数:60 (前日比:+32)
EU:総アクセス数:12 (前日比:-28)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
4 | 106.75.244.158 | China |
3 | 110.249.212.46 | China |
9 | 116.72.138.76 | India |
4 | 132.145.202.165 | United States |
1 | 149.202.10.237 | France |
2 | 168.63.210.138 | Hong Kong |
1 | 183.16.208.49 | China |
3 | 195.154.86.34 | France |
1 | 34.201.32.121 | United States |
1 | 3.83.87.21 | United States |
9 | 50.195.140.117 | United States |
6 | 5.254.81.178 | United States |
1 | 54.36.149.43 | France |
1 | 82.199.136.98 | United States |
3 | 91.121.209.213 | France |
UserAgent一覧
件数 | UserAgent |
---|---|
4 | - |
2 | Go-http-client/1.1 |
3 | masscan/1.0 (https://github.com/robertdavidgraham/masscan) |
1 | Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/) |
1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
20 | Mozilla/5.0 Jorgee |
2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0 |
3 | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0 |
1 | Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.8.1.8) Gecko/20071008 Firefox/2.0.0.8 |
6 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
2 | python-requests/2.20.1 |
3 | ZmEu |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | CONNECT | i.instagram.com:443 | HTTP/1.1 |
1 | GET | /.aws/credentials | HTTP/1.0 |
2 | GET | /.aws/credentials | HTTP/1.1 |
2 | GET | /db/ | HTTP/1.1 |
3 | GET | http://110[.]249[.]212[.]46/testget?q=23333&port=80 | HTTP/1.1 |
1 | GET | /images/defau1t.php | HTTP/1.1 |
5 | GET | /images/ | HTTP/1.1 |
1 | GET | /manager/html | HTTP/1.1 |
3 | GET | /phpmyadmin/ | HTTP/1.1 |
1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
2 | GET | /pma/ | HTTP/1.1 |
2 | GET | /PMA/ | HTTP/1.1 |
1 | GET | /pma/scripts/setup.php | HTTP/1.1 |
1 | GET | /robots.txt | HTTP/1.1 |
2 | GET | /TP/index.php | HTTP/1.1 |
2 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
2 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
2 | HEAD | /dbadmin/ | HTTP/1.1 |
2 | HEAD | /db/ | HTTP/1.1 |
2 | HEAD | / | HTTP/1.1 |
1 | HEAD | /images/ | HTTP/1.1 |
3 | HEAD | /phpmyadmin/ | HTTP/1.1 |
2 | HEAD | /pma/ | HTTP/1.1 |
2 | HEAD | /PMA/ | HTTP/1.1 |
2 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
Region:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 110.249.212.46 | China |
10 | 112.50.200.122 | China |
1 | 141.105.69.244 | Russia |
1 | 144.76.81.230 | Germany |
1 | 172.104.242.173 | United States |
41 | 46.101.119.15 | Germany |
2 | 5.254.81.178 | United States |
3 | 90.28.145.179 | France |
UserAgent一覧
件数 | UserAgent |
---|---|
2 | - |
1 | Go-http-client/1.1 |
3 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0 |
1 | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0 |
1 | Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 |
9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
1 | zgrab1.0.28 |
41 | ZmEu |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
1 | GET | /admincooptel/phpMyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /admin/phpmyadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /admin/scripts/setup.php | HTTP/1.1 |
1 | GET | /alt/sqladmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /configuracion/phpmyadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /db/scripts/setup.php | HTTP/1.1 |
1 | GET | /elrekt.php | HTTP/1.1 |
1 | GET | /HNAP1/ | HTTP/1.1 |
1 | GET | /html/public/index.php | HTTP/1.1 |
1 | GET | http://110[.]249[.]212[.]46/testget?q=23333&port=80 | HTTP/1.1 |
1 | GET | /images/ | HTTP/1.0 |
1 | GET | /images/ | HTTP/1.1 |
1 | GET | /index.php | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /myadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /MyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /mysql/admin/index.php?lang=en | HTTP/1.1 |
1 | GET | /mysqladmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /mysql/dbadmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /mysql/scripts/setup.php | HTTP/1.1 |
1 | GET | /MySQL/scripts/setup.php | HTTP/1.1 |
1 | GET | /mysql/sqlmanager/index.php?lang=en | HTTP/1.1 |
1 | GET | /php-admin/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin-2.5.6/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin-2.5.7/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin-2.6.3/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin-2.6.4/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin-2.7.0/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin-2.8.0.4/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin-2.8.0/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin-2.8.1/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin-2.8.2/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin2/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpmyadmin.box25/scripts/setup.php | HTTP/1.1 |
1 | GET | /php-my-admin/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpmy-admin/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /_phpMyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /pHpMyAdMiN/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpmyadmin/scripts/setup.php/index.php | HTTP/1.1 |
1 | GET | /phpmy/scripts/setup.php | HTTP/1.1 |
1 | GET | /php/phpMyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /php/scripts/setup.php | HTTP/1.1 |
1 | GET | /pma/scripts/setup.php | HTTP/1.1 |
1 | GET | /PMA/scripts/setup.php | HTTP/1.1 |
1 | GET | /public/index.php | HTTP/1.1 |
1 | GET | /pyaniste/mysqladmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /scripts/setup.php | HTTP/1.1 |
1 | GET | /sqladmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /tree? | HTTP/1.0 |
1 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
1 | GET | /web/phpMyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /websql/scripts/setup.php | HTTP/1.1 |
1 | POST | /index.php?s=captcha | HTTP/1.1 |
Region:EU
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
2 | 110.249.212.46 | China |
1 | 149.202.10.237 | France |
4 | 183.131.18.173 | China |
1 | 193.188.22.159 | Russia |
2 | 5.254.81.178 | United States |
1 | 77.234.46.144 | United States |
1 | 91.121.209.213 | France |
UserAgent一覧
件数 | UserAgent |
---|---|
4 | - |
1 | masscan/1.0 (https://github.com/robertdavidgraham/masscan) |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0 |
1 | Mozilla/5.0 (Windows NT 10.0; WOW64; rv:42.0) Gecko/20100101 Firefox/42.0 |
1 | Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 |
4 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | CONNECT | i.instagram.com:443 | HTTP/1.1 |
1 | GET | /.aws/credentials | HTTP/1.0 |
1 | GET | /HNAP1/ | HTTP/1.1 |
1 | GET | /html/public/index.php | HTTP/1.1 |
2 | GET | http://110[.]249[.]212[.]46/testget?q=23333&port=80 | HTTP/1.1 |
1 | GET | /images/ | HTTP/1.0 |
1 | GET | /images/ | HTTP/1.1 |
1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | \x03 |