ハニーポット(仮) 観測記録 2019/08/20分です。
特徴
Region:AP
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
ZmEuによるスキャン行為
110[.]249[.]212[.]46に関する不正通信
を確認しました。
Region:US
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
Jira(CVE-2019–11581)の脆弱性を狙うアクセス
5[.]188[.]210[.]101に関する不正通信
を確認しました。
Region:EU
5[.]188[.]210[.]101に関する不正通信
123[.]125[.]114[.]144に関する不正通信
を確認しました。
他
アクセス数推移
AP:総アクセス数:49 (前日比:+10)
US:総アクセス数:125 (前日比:+110)
EU:総アクセス数:26 (前日比:+15)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 4 | 103.248.21.93 | Australia |
| 4 | 110.249.212.46 | China |
| 1 | 168.212.140.13 | United States |
| 3 | 198.167.223.52 | St Kitts and Nevis |
| 4 | 213.227.141.152 | Netherlands |
| 1 | 24.73.75.234 | United States |
| 1 | 36.5.183.54 | China |
| 5 | 51.159.7.51 | France |
| 1 | 5.188.210.101 | Russia |
| 1 | 5.26.65.119 | Turkey |
| 1 | 5.26.65.120 | Turkey |
| 1 | 61.219.11.153 | Taiwan |
| 2 | 63.143.37.50 | United States |
| 1 | 70.25.189.40 | Canada |
| 1 | 91.83.149.233 | Hungary |
| 18 | 95.110.227.199 | Italy |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 26 | - |
| 4 | Go-http-client/1.1 |
| 1 | Mozilla/5.01682558 Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/537.36(KHTML, like Gecko) Chrome/40.0.2214.89 Safari/537.36 |
| 4 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0 |
| 1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
| 3 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Chrome/23.0.1271.64 Safari/537.11 |
| 3 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 5 | ZmEu |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 3 | GET | /acadmin.php | HTTP/1.1 |
| 3 | GET | /auth/login | HTTP/1.1 |
| 1 | GET | /echo.php | HTTP/1.1 |
| 4 | GET | http://110[.]249[.]212[.]46/testget?q=23333&port=80 | HTTP/1.1 |
| 1 | GET | /index.php?s=/module/aciton/param1/${@phpinfo()} | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 3 | GET | /muieblackcat | HTTP/1.1 |
| 3 | GET | //myadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /myadmin/scripts/setup.php | HTTP/1.1 |
| 3 | GET | //MyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /mysql/scripts/setup.php | HTTP/1.1 |
| 4 | GET | /phpmyadmin/ | HTTP/1.1 |
| 3 | GET | //phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 3 | GET | //phpMyAdmin/scripts/setup.php | HTTP/1.1 |
| 3 | GET | //pma/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /pma/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
| 1 | HEAD | / | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 1 | HEAD | /robots.txt | HTTP/1.1 |
| 1 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
| 1 | \x16\x03\x01 |
Region:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 108 | 121.75.125.57 | New Zealand |
| 1 | 128.14.134.134 | United States |
| 1 | 185.209.0.12 | Latvia |
| 1 | 198.167.223.52 | St Kitts and Nevis |
| 1 | 213.227.141.152 | Netherlands |
| 1 | 5.188.210.101 | Russia |
| 10 | 58.217.107.82 | China |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 77.247.110.69 | Netherlands |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 3 | - |
| 2 | Go-http-client/1.1 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
| 108 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 |
| 9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | GET | /2phpmyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /acadmin.php | HTTP/1.1 |
| 1 | GET | /admin/db/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /administrator/admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /administrator/db/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /administrator/phpmyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /administrator/phpMyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /administrator/pma/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /administrator/PMA/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /administrator/web/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /admin/phpmyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /admin/phpMyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /admin/pMA/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /admin/sqladmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /admin/sysadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /admin/web/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /auth/login | HTTP/1.1 |
| 1 | GET | /database/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /dbadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/db-admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/dbadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/dbweb/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/myadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/phpmyadmin3/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/phpMyAdmin-3/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/phpMyAdmin3/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/phpmyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/phpMyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/webadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/webdb/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/websql/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | http://5[.]188[.]210[.]101/echo.php | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /index.php?lang=en | HTTP/1.1 |
| 1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 1 | GET | /myadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /MyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql-admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysqladmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/dbadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/db/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/mysqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/pma/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/pMA/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/sqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/web/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2011/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2012/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2013/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2014/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2015/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2016/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2017/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2018/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2019/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyAdmin2/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin3/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyAdmin-3/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyAdmin3/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin4/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyAdmin4/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /php-my-admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /php-myadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmy-admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmy/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phppma/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /pma2011/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /PMA2011/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /pma2012/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /PMA2012/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /pma2013/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /PMA2013/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /pma2014/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /PMA2014/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /pma2015/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /PMA2015/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /pma2016/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /PMA2016/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /pma2017/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /PMA2017/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /pma2018/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /PMA2018/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /pma2019/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /pma/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /PMA/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /program/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /projects/secure/ContactAdministrators!default.jspa | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /shopdb/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/myadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/phpmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/phpmyadmin2/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/phpMyAdmin2/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/php-myadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/phpmy-admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/phpMyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/sql-admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/sqladmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/sql/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/sqlweb/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/webadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/webdb/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /sql/websql/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 1 | POST | /index.php?s=captcha | HTTP/1.1 |
| 1 | \x03 |
Region:EU
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 2 | 104.238.111.193 | United States |
| 1 | 112.66.100.136 | China |
| 2 | 113.96.223.207 | China |
| 1 | 132.145.46.75 | United States |
| 1 | 171.36.142.5 | China |
| 1 | 172.104.242.173 | United States |
| 1 | 182.242.104.189 | China |
| 1 | 182.88.77.92 | China |
| 1 | 198.167.223.52 | St Kitts and Nevis |
| 1 | 213.227.141.152 | Netherlands |
| 1 | 219.143.174.35 | China |
| 1 | 220.175.70.46 | China |
| 1 | 221.213.75.30 | China |
| 1 | 221.213.75.74 | China |
| 1 | 222.221.154.97 | China |
| 1 | 222.79.48.60 | China |
| 2 | 46.171.68.78 | Poland |
| 1 | 5.188.210.101 | Russia |
| 1 | 58.19.92.107 | China |
| 2 | 61.219.11.153 | Taiwan |
| 1 | 77.247.110.69 | Netherlands |
| 1 | 77.247.110.70 | Netherlands |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 7 | - |
| 1 | Mozilla/5.01688858 Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.75 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36 |
| 7 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 |
| 1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36 |
| 3 | PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3 |
| 2 | python-requests/2.22.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 3 | - | ||
| 1 | CONNECT | cn[.]bing[.]com:443 | HTTP/1.1 |
| 1 | CONNECT | www[.]baidu[.]com:443 | HTTP/1.1 |
| 1 | CONNECT | www[.]voanews[.]com:443 | HTTP/1.1 |
| 1 | CONNECT | xui[.]ptlogin2[.]qq[.]com:443 | HTTP/1.1 |
| 1 | GET | /acadmin.php | HTTP/1.1 |
| 2 | GET | /HNAP1/ | HTTP/1.1 |
| 1 | GET | http://5[.]188[.]210[.]101/echo.php | HTTP/1.1 |
| 1 | GET | http://boxun[.]com/ | HTTP/1.1 |
| 1 | GET | http://www[.]123cha[.]com/ | HTTP/1.1 |
| 1 | GET | http://www[.]epochtimes[.]com/ | HTTP/1.1 |
| 1 | GET | http://www[.]ip[.]cn/ | HTTP/1.1 |
| 1 | GET | http://www[.]minghui[.]org/ | HTTP/1.1 |
| 1 | GET | http://www[.]rfa[.]org/english/ | HTTP/1.1 |
| 1 | GET | http://www[.]wujieliulan[.]com/ | HTTP/1.1 |
| 1 | GET | /index.action | HTTP/1.1 |
| 1 | GET | /login.action | HTTP/1.1 |
| 1 | GET | /mysql/admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/dbadmin/index.php?lang=en | HTTP/1.1 |
| 1 | HEAD | http://123[.]125[.]114[.]144/ | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 1 | OPTION | / | HTTP/1.1 |
| 1 | \x16\x03\x01 |
