ハニーポット(仮) 観測記録 2019/08/14分です。
特徴
Region:AP
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
Nmapでのスキャン行為
を確認しました。
Region:US
ThinkPHPの脆弱性を狙うアクセス
Nmapでのスキャン行為
を確認しました。
Region:EU
phpMyAdminに対するスキャン行為
を確認しました。
他
アクセス数推移
AP:総アクセス数:31 (前日比:-4)
US:総アクセス数:31 (前日比:-108)
EU:総アクセス数:17 (前日比:+8)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 2 | 111.206.59.134 | China |
| 2 | 111.206.59.142 | China |
| 4 | 13.52.74.177 | United States |
| 5 | 172.105.4.227 | Canada |
| 3 | 180.131.19.43 | South Korea |
| 2 | 192.186.4.210 | United States |
| 2 | 39.106.146.60 | China |
| 2 | 47.244.5.202 | China |
| 4 | 5.160.42.130 | Iran |
| 1 | 54.36.148.191 | France |
| 1 | 58.248.200.188 | China |
| 1 | 92.63.194.15 | Russia |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 7 | - |
| 2 | Go-http-client/1.1 |
| 2 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) |
| 5 | Mozilla 42 |
| 2 | Mozilla/5.0 |
| 1 | Mozilla/5.01682558 Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/537.36(KHTML, like Gecko) Chrome/40.0.2214.89 Safari/537.36 |
| 1 | Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/) |
| 4 | Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) |
| 6 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 1 | User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | GET | /evox/about | HTTP/1.1 |
| 1 | GET | /HNAP1 | HTTP/1.1 |
| 2 | GET | /?id='select | * |
| 1 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /nmaplowercheck1565695296 | HTTP/1.1 |
| 1 | GET | /?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 | HTTP/1.1 |
| 1 | GET | /?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 | HTTP/1.1 |
| 1 | GET | /phpmyadmin | HTTP/1.1 |
| 1 | GET | /phpmyadmin/ | HTTP/1.1 |
| 2 | GET | /robots.txt | HTTP/1.1 |
| 2 | GET | /TP/index.php | HTTP/1.1 |
| 2 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 2 | GET | /TP/public/index.php | HTTP/1.1 |
| 2 | GET | /webdav/ | HTTP/1.1 |
| 1 | HEAD | / | HTTP/1.1 |
| 1 | LFVG | / | HTTP/1.1 |
| 1 | OPTIONS | / | HTTP/1.1 |
| 1 | POST | /sdk | HTTP/1.1 |
| 2 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
| 2 | PROPFIND | / | HTTP/1.1 |
| 1 | \x03 | ||
| 2 | \x16\x03\x01 |
Region:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 10 | 123.207.220.146 | China |
| 2 | 132.145.141.191 | United States |
| 2 | 183.251.100.145 | China |
| 1 | 183.251.100.146 | China |
| 2 | 183.251.100.147 | China |
| 4 | 183.251.100.148 | China |
| 3 | 27.115.124.6 | China |
| 1 | 27.115.124.70 | China |
| 4 | 66.240.236.119 | United States |
| 1 | 66.249.69.164 | United States |
| 1 | 92.63.194.15 | Russia |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 4 | - |
| 2 | Go-http-client/1.1 |
| 1 | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| 4 | Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) |
| 19 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 1 | python-requests/2.10.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /evox/about | HTTP/1.1 |
| 1 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | /HNAP1 | HTTP/1.1 |
| 2 | GET | /html/public/index.php | HTTP/1.1 |
| 2 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 1 | GET | /nmaplowercheck1565709118 | HTTP/1.1 |
| 2 | GET | /public/index.php | HTTP/1.1 |
| 2 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /sitemap.xml | HTTP/1.1 |
| 2 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 2 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 3 | GET | /TP/index.php | HTTP/1.1 |
| 3 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /.well-known/security.txt | HTTP/1.1 |
| 2 | POST | /index.php?s=captcha | HTTP/1.1 |
| 1 | POST | /sdk | HTTP/1.1 |
| 1 | \x03 |
Region:EU
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 117.3.101.235 | Vietnam |
| 1 | 198.12.80.5 | United States |
| 2 | 205.209.176.199 | United States |
| 1 | 61.219.11.153 | Taiwan |
| 4 | 66.240.236.119 | United States |
| 1 | 77.247.110.165 | Netherlands |
| 1 | 92.63.194.15 | Russia |
| 6 | 95.110.227.199 | Italy |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 14 | - |
| 1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
| 1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36 |
| 1 | python-requests/2.10.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | http[:]//steamcommunity[.]com/ | HTTP/1.1 |
| 2 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /muieblackcat | HTTP/1.1 |
| 1 | GET | //myadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //MyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //phpMyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | //pma/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /shell?uname%20-a | HTTP/1.1 |
| 1 | GET | /sitemap.xml | HTTP/1.1 |
| 1 | GET | /.well-known/security.txt | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 1 | \x03 |
