2019/08/22 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2019/08/22分です。

特徴

Region：AP

ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
zgrabに対するスキャン行為
を確認しました。

Region：US

phpMyAdminに対するスキャン行為
zgrabに対するスキャン行為
を確認しました。

Region：EU

zgrabに対するスキャン行為
123[.]125[.]114[.]144に関する不正通信
を確認しました。

他

アクセス数推移

AP：総アクセス数：70 (前日比：+54)
US：総アクセス数：125 (前日比：+119)
EU：総アクセス数：27 (前日比：-6)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Region：AP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
4	101.89.216.3	China
10	107.193.136.64	United States
2	149.129.71.124	China
1	171.120.156.21	China
1	172.104.242.173	United States
1	182.245.173.211	China
1	185.234.218.9	Ireland
1	193.169.254.11	Poland
1	199.195.253.85	United States
2	211.38.144.230	South Korea
4	212.64.28.5	China
8	223.252.222.228	China
3	24.153.209.187	United States
1	34.77.178.170	United States
1	35.195.6.101	United States
1	35.205.107.120	United States
2	46.101.204.153	Germany
1	50.206.204.146	United States
1	54.36.149.98	France
1	61.219.11.153	Taiwan
3	77.247.110.69	Estonia
3	93.174.93.127	Seychelles
12	95.110.227.199	Italy
5	98.29.130.14	United States

UserAgent一覧

件数	UserAgent
19	-
1	Dalvik/2.1.0 (Linux; U; Android 8.1.0; Mi Note 3 MIUI/V10.3.1.0.OCHCNXM)
4	Go-http-client/1.1
1	Mozilla/5.01715179 Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 OPR/55.0.2994.44
1	Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)
2	Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
2	Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; fr; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
15	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36
2	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
1	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
4	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Chrome/23.0.1271.64 Safari/537.11
12	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
3	Mozilla/5.0 zgrab/0.x
3	python-requests/2.7.0 CPython/2.7.14 Windows/2012ServerR2

リクエスト内容一覧

件数	Method	Request	Protocol
3	-
1	GET	/App/?content=%3C%3Fphp%20phpinfo%28%29%3B%3F%3E	HTTP/1.1
3	GET	/cm/	HTTP/1.1
1	GET	/crontab.php	HTTP/1.1
1	GET	/crontab.php	HTTP/1.1\n
1	GET	/index.php/module/aciton/param1/${@phpinfo()}	HTTP/1.1
1	GET	/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=1	HTTP/1.1
1	GET	/index.php?s=/module/aciton/param1/${@phpinfo()}	HTTP/1.1
2	GET	/manager/html	HTTP/1.1
2	GET	/muieblackcat	HTTP/1.1
2	GET	//myadmin/scripts/setup.php	HTTP/1.1
2	GET	//MyAdmin/scripts/setup.php	HTTP/1.1
3	GET	/mysql/admin/index.php?lang=en	HTTP/1.1
3	GET	/mysql/dbadmin/index.php?lang=en	HTTP/1.1
3	GET	/mysql/mysqlmanager/index.php?lang=en	HTTP/1.1
3	GET	/mysql/sqlmanager/index.php?lang=en	HTTP/1.1
3	GET	/phpmyadmin/index.php?lang=en	HTTP/1.1
2	GET	//phpmyadmin/scripts/setup.php	HTTP/1.1
1	GET	/phpmyadmin/scripts/setup.php	HTTP/1.1
2	GET	//phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin/scripts/setup.php	HTTP/1.1
2	GET	//pma/scripts/setup.php	HTTP/1.1
1	GET	/robots.txt	HTTP/1.1
4	GET	/TP/index.php	HTTP/1.1
4	GET	/TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
4	GET	/TP/public/index.php	HTTP/1.1
5	HEAD	/	HTTP/1.1
1	HEAD	/robots.txt	HTTP/1.0
2	HEAD	/robots.txt	HTTP/1.1
1	POST	/blog/xmlrpc.php	HTTP/1.1
4	POST	/TP/index.php?s=captcha	HTTP/1.1
1	POST	/xmlrpc.php	HTTP/1.1

Region:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	149.129.71.124	China
1	172.104.242.173	United States
108	177.21.25.42	Brazil
1	185.234.218.9	Ireland
4	198.20.87.98	United States
1	199.195.253.85	United States
5	220.157.220.248	Japan
1	35.240.64.29	United States
1	61.219.11.153	Taiwan
2	89.248.174.219	Seychelles

UserAgent一覧

件数	UserAgent
9	-
113	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
1	Mozilla/5.0 zgrab/0.x
1	python-requests/2.10.0

リクエスト内容一覧

件数	Method	Request	Protocol
5	-
1	GET	/2phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/db/index.php?lang=en	HTTP/1.1
1	GET	/admin/index.php?lang=en	HTTP/1.1
1	GET	/administrator/admin/index.php?lang=en	HTTP/1.1
1	GET	/administrator/db/index.php?lang=en	HTTP/1.1
1	GET	/administrator/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/administrator/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/administrator/pma/index.php?lang=en	HTTP/1.1
1	GET	/administrator/PMA/index.php?lang=en	HTTP/1.1
1	GET	/administrator/web/index.php?lang=en	HTTP/1.1
1	GET	/admin/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/pMA/index.php?lang=en	HTTP/1.1
1	GET	/admin/sqladmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/sysadmin/index.php?lang=en	HTTP/1.1
1	GET	/admin/web/index.php?lang=en	HTTP/1.1
1	GET	/cm/	HTTP/1.1
1	GET	/crontab.php	HTTP/1.1
1	GET	/database/index.php?lang=en	HTTP/1.1
1	GET	/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/db-admin/index.php?lang=en	HTTP/1.1
1	GET	/db/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/dbweb/index.php?lang=en	HTTP/1.1
1	GET	/db/index.php?lang=en	HTTP/1.1
1	GET	/db/myadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/phpmyadmin3/index.php?lang=en	HTTP/1.1
1	GET	/db/phpMyAdmin-3/index.php?lang=en	HTTP/1.1
1	GET	/db/phpMyAdmin3/index.php?lang=en	HTTP/1.1
1	GET	/db/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/db/webadmin/index.php?lang=en	HTTP/1.1
1	GET	/db/webdb/index.php?lang=en	HTTP/1.1
1	GET	/db/websql/index.php?lang=en	HTTP/1.1
1	GET	/favicon.ico	HTTP/1.1
1	GET	/index.php?lang=en	HTTP/1.1
1	GET	/myadmin/index.php?lang=en	HTTP/1.1
1	GET	/MyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/mysql-admin/index.php?lang=en	HTTP/1.1
2	GET	/mysql/admin/index.php?lang=en	HTTP/1.1
1	GET	/mysqladmin/index.php?lang=en	HTTP/1.1
2	GET	/mysql/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/db/index.php?lang=en	HTTP/1.1
1	GET	/mysql/index.php?lang=en	HTTP/1.1
1	GET	/mysqlmanager/index.php?lang=en	HTTP/1.1
2	GET	/mysql/mysqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/mysql/pma/index.php?lang=en	HTTP/1.1
1	GET	/mysql/pMA/index.php?lang=en	HTTP/1.1
2	GET	/mysql/sqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/mysql/web/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2011/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2012/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2013/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2014/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2015/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2016/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2017/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2018/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2019/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin2/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin3/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin-3/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin3/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin4/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin4/index.php?lang=en	HTTP/1.1
1	GET	/php-my-admin/index.php?lang=en	HTTP/1.1
1	GET	/php-myadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpmy-admin/index.php?lang=en	HTTP/1.1
2	GET	/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpmyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/phpMyadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/phpmy/index.php?lang=en	HTTP/1.1
1	GET	/phppma/index.php?lang=en	HTTP/1.1
1	GET	/pma2011/index.php?lang=en	HTTP/1.1
1	GET	/PMA2011/index.php?lang=en	HTTP/1.1
1	GET	/pma2012/index.php?lang=en	HTTP/1.1
1	GET	/PMA2012/index.php?lang=en	HTTP/1.1
1	GET	/pma2013/index.php?lang=en	HTTP/1.1
1	GET	/PMA2013/index.php?lang=en	HTTP/1.1
1	GET	/pma2014/index.php?lang=en	HTTP/1.1
1	GET	/PMA2014/index.php?lang=en	HTTP/1.1
1	GET	/pma2015/index.php?lang=en	HTTP/1.1
1	GET	/PMA2015/index.php?lang=en	HTTP/1.1
1	GET	/pma2016/index.php?lang=en	HTTP/1.1
1	GET	/PMA2016/index.php?lang=en	HTTP/1.1
1	GET	/pma2017/index.php?lang=en	HTTP/1.1
1	GET	/PMA2017/index.php?lang=en	HTTP/1.1
1	GET	/pma2018/index.php?lang=en	HTTP/1.1
1	GET	/PMA2018/index.php?lang=en	HTTP/1.1
1	GET	/pma2019/index.php?lang=en	HTTP/1.1
1	GET	/pma/index.php?lang=en	HTTP/1.1
1	GET	/PMA/index.php?lang=en	HTTP/1.1
1	GET	/program/index.php?lang=en	HTTP/1.1
1	GET	/robots.txt	HTTP/1.1
1	GET	/shopdb/index.php?lang=en	HTTP/1.1
1	GET	/sitemap.xml	HTTP/1.1
1	GET	/sqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/sql/myadmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpmanager/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpmyadmin2/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpMyAdmin2/index.php?lang=en	HTTP/1.1
1	GET	/sql/php-myadmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpmy-admin/index.php?lang=en	HTTP/1.1
1	GET	/sql/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/sql-admin/index.php?lang=en	HTTP/1.1
1	GET	/sql/sqladmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/sql/index.php?lang=en	HTTP/1.1
1	GET	/sql/sqlweb/index.php?lang=en	HTTP/1.1
1	GET	/sql/webadmin/index.php?lang=en	HTTP/1.1
1	GET	/sql/webdb/index.php?lang=en	HTTP/1.1
1	GET	/sql/websql/index.php?lang=en	HTTP/1.1
1	GET	/.well-known/security.txt	HTTP/1.1
1	GET	/wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en	HTTP/1.1

Region:EU

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	113.128.105.68	China
1	113.206.177.74	China
1	115.205.1.239	China
1	122.96.29.43	China
1	123.158.60.102	China
1	124.88.112.252	China
1	125.119.9.102	China
1	1.31.115.96	China
1	154.8.215.106	China
1	172.104.242.173	United States
1	175.184.164.219	China
1	199.195.253.85	United States
2	219.142.131.78	China
1	220.200.157.19	China
1	35.184.207.166	United States
1	35.205.162.230	United States
1	37.187.170.46	France
1	58.248.200.162	China
2	59.36.132.222	China
1	61.219.11.153	Taiwan
4	71.6.135.131	United States
1	89.248.174.39	Seychelles

UserAgent一覧

件数	UserAgent
8	-
1	curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0zlib/1.2.3 libidn/1.18 libssh2/1.2.2
1	Mozilla/5.01682558 Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/537.36(KHTML, like Gecko) Chrome/40.0.2214.89 Safari/537.36
7	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36, Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.133 Safari/534.16
1	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36, Mozilla/5.0 (X11; U; Linux x86_64; zh-CN; rv:1.9.2.10) Gecko/20100922 Ubuntu/10.10 (maverick) Firefox/3.6.10
1	Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
1	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
1	Mozilla/5.0 zgrab/0.x
3	PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
1	python-requests/2.19.1
1	python-requests/2.7.0 CPython/2.7.14 Windows/2012ServerR2

リクエスト内容一覧

件数	Method	Request	Protocol
4	-
1	CONNECT	cn[.]bing[.]com:443	HTTP/1.1
2	CONNECT	www[.]baidu[.]com:443	HTTP/1.1
1	CONNECT	www[.]voanews[.]com:443	HTTP/1.1
1	GET	/cm/	HTTP/1.1
1	GET	/favicon.ico	HTTP/1.1
1	GET	/HNAP1/	HTTP/1.1
1	GET	http://boxun[.]com/	HTTP/1.1
1	GET	http://www[.]123cha[.]com/	HTTP/1.1
1	GET	http://www[.]baidu[.]com/	HTTP/1.1
1	GET	http://www[.]epochtimes[.]com/	HTTP/1.1
1	GET	http://www[.]ip[.]cn/	HTTP/1.1
1	GET	http://www[.]minghui[.]org/	HTTP/1.1
1	GET	http://www[.]rfa[.]org/english/	HTTP/1.1
1	GET	http://www[.]wujieliulan[.]com/	HTTP/1.1
1	GET	/robots.txt	HTTP/1.1
1	GET	/sitemap.xml	HTTP/1.1
1	GET	/staff	HTTP/1.1
1	GET	/tos	HTTP/1.1
1	GET	/.well-known/security.txt	HTTP/1.1
1	HEAD	/	HTTP/1.1
1	HEAD	http://123[.]125[.]114[.]144/	HTTP/1.1
1	HEAD	/robots.txt	HTTP/1.0