ハニーポット(仮) 観測記録 2019/08/27分です。
特徴
Region:AP
Polycomのデフォルトのマスタ設定ファイルに対するスキャン行為
phpMyAdminに対するスキャン行為
ZmEuによるスキャン行為
を確認しました。
Region:US
ThinkPHPの脆弱性を狙うアクセス
Polycomのデフォルトのマスタ設定ファイルに対するスキャン行為
112[.]124[.]42[.]80に関する不正通信
を確認しました。
Region:EU
Polycomのデフォルトのマスタ設定ファイルに対するスキャン行為
phpMyAdminに対するスキャン行為
を確認しました。
他
アクセス数推移
AP:総アクセス数:41 (前日比:+2)
US:総アクセス数:32 (前日比:+2)
EU:総アクセス数:19 (前日比:-14)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
3 | 120.76.44.116 | China |
1 | 145.239.165.148 | France |
3 | 151.106.38.40 | France |
1 | 164.132.153.130 | France |
1 | 172.104.242.173 | United States |
14 | 185.53.88.54 | Estonia |
1 | 47.93.112.231 | China |
1 | 52.77.222.25 | United States |
2 | 54.37.230.33 | France |
5 | 58.210.85.22 | China |
1 | 59.23.227.164 | South Korea |
1 | 60.191.52.254 | China |
1 | 89.248.174.219 | Seychelles |
6 | 93.174.93.127 | Seychelles |
UserAgent一覧
件数 | UserAgent |
---|---|
11 | - |
1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36 |
4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
6 | Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 |
10 | python-requests/2.22.0 |
7 | ZmEu |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
3 | - | ||
1 | GET | /000000000000.cfg | HTTP/1.1 |
1 | GET | /02bc478276f5aa136158d1a9470a405c.php | HTTP/1.1 |
1 | GET | /720abf5fe7890346dfabbd2c683206f1.php | HTTP/1.1 |
3 | GET | /a2billing/customer/templates/default/footer.tpl | HTTP/1.1 |
1 | GET | /about.php | HTTP/1.1 |
1 | GET | /manager/html | HTTP/1.1 |
1 | GET | /myadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /MyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin-2.10.0.2/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin-2.9.0/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpmyadmin/ | HTTP/1.1 |
1 | GET | /phpmyadmin/index.php | HTTP/1.1 |
1 | GET | /phpMyAdmin/index.php | HTTP/1.1 |
1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /pma/scripts/setup.php | HTTP/1.1 |
1 | GET | /polycom/000000000000.cfg | HTTP/1.1 |
1 | GET | /pv/000000000000.cfg | HTTP/1.1 |
1 | GET | /pv/y000000000000.cfg | HTTP/1.1 |
3 | GET | /recordings/ | HTTP/1.1 |
3 | GET | /vtigercrm/vtigerservice.php | HTTP/1.1 |
1 | GET | /y000000000000.cfg | HTTP/1.1 |
1 | GET | /yealink/y000000000000.cfg | HTTP/1.1 |
1 | HEAD | / | HTTP/1.1 |
1 | HEAD | /robots.txt | HTTP/1.0 |
2 | HEAD | /robots.txt | HTTP/1.1 |
1 | POST | /script | HTTP/1.1 |
4 | \x16\x03\x01 |
Region:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 139.162.213.208 | United States |
10 | 139.199.86.246 | China |
1 | 151.106.38.40 | France |
1 | 172.104.242.173 | United States |
7 | 185.53.88.54 | Estonia |
1 | 185.7.63.40 | Norway |
8 | 207.180.251.152 | Germany |
1 | 213.128.88.99 | Turkey |
1 | 52.77.222.25 | United States |
1 | 60.191.52.254 | China |
UserAgent一覧
件数 | UserAgent |
---|---|
6 | - |
1 | Go-http-client/1.1 |
8 | libwww-perl/5.833 |
2 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 |
1 | Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9) Gecko/2008052906 Firefox/3.0 |
9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
3 | python-requests/2.22.0 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
1 | GET | /000000000000.cfg | HTTP/1.1 |
1 | GET | /aastra.cfg | HTTP/1.1 |
1 | GET | /about.php | HTTP/1.1 |
1 | GET | /admin/config.php | HTTP/1.1 |
1 | GET | /dana-na/nc/nc_gina_ver.txt | HTTP/1.1 |
1 | GET | /elrekt.php | HTTP/1.1 |
1 | GET | /html/public/index.php | HTTP/1.1 |
1 | GET | /index.php | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 | HTTP/1.1 |
2 | GET | /manager/html | HTTP/1.1 |
1 | GET | /public/index.php | HTTP/1.1 |
1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /user/register/ | HTTP/1.1 |
1 | GET | /vtigercrm/vtigerservice.php | HTTP/1.1 |
1 | GET | /y000000000000.cfg | HTTP/1.1 |
1 | GET | /y000000000005.cfg | HTTP/1.1 |
1 | GET | /y000000000007.cfg | HTTP/1.1 |
1 | GET | /y000000000025.cfg | HTTP/1.1 |
1 | GET | /y000000000028.cfg | HTTP/1.1 |
1 | GET | /y000000000031.cfg | HTTP/1.1 |
1 | HEAD | http://112[.]124[.]42[.]80:63435/ | HTTP/1.1 |
1 | HEAD | /robots.txt | HTTP/1.0 |
1 | POST | /index.php?s=captcha | HTTP/1.1 |
4 | \x16\x03\x01 |
Region:EU
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 149.202.10.237 | France |
1 | 151.106.38.40 | France |
1 | 164.132.153.130 | France |
1 | 172.104.242.173 | United States |
1 | 77.247.110.69 | Estonia |
2 | 89.248.174.219 | Seychelles |
6 | 89.248.174.39 | Seychelles |
6 | 95.110.227.199 | Italy |
UserAgent一覧
件数 | UserAgent |
---|---|
13 | - |
6 | Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
2 | - | ||
1 | CONNECT | i.instagram.com:443 | HTTP/1.1 |
1 | GET | /000000000000.cfg | HTTP/1.1 |
1 | GET | /muieblackcat | HTTP/1.1 |
1 | GET | //myadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | //MyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | //phpmyadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | //phpMyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | //pma/scripts/setup.php | HTTP/1.1 |
1 | GET | /polycom/000000000000.cfg | HTTP/1.1 |
1 | GET | /pv/000000000000.cfg | HTTP/1.1 |
1 | GET | /pv/y000000000000.cfg | HTTP/1.1 |
1 | GET | /y000000000000.cfg | HTTP/1.1 |
1 | GET | /yealink/y000000000000.cfg | HTTP/1.1 |
2 | HEAD | /robots.txt | HTTP/1.0 |
2 | POST | /script | HTTP/1.1 |