ハニーポット(仮) 観測記録 2019/08/27分です。

特徴

Region：AP

Polycomのデフォルトのマスタ設定ファイルに対するスキャン行為
phpMyAdminに対するスキャン行為
ZmEuによるスキャン行為
を確認しました。

Region：US

ThinkPHPの脆弱性を狙うアクセス
Polycomのデフォルトのマスタ設定ファイルに対するスキャン行為
112[.]124[.]42[.]80に関する不正通信
を確認しました。

Region：EU

Polycomのデフォルトのマスタ設定ファイルに対するスキャン行為
phpMyAdminに対するスキャン行為
を確認しました。

他

アクセス数推移

AP：総アクセス数：41 (前日比：+2)
US：総アクセス数：32 (前日比：+2)
EU：総アクセス数：19 (前日比：-14)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Region：AP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
3	120.76.44.116	China
1	145.239.165.148	France
3	151.106.38.40	France
1	164.132.153.130	France
1	172.104.242.173	United States
14	185.53.88.54	Estonia
1	47.93.112.231	China
1	52.77.222.25	United States
2	54.37.230.33	France
5	58.210.85.22	China
1	59.23.227.164	South Korea
1	60.191.52.254	China
1	89.248.174.219	Seychelles
6	93.174.93.127	Seychelles

UserAgent一覧

件数	UserAgent
11	-
1	Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
4	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
6	Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0
10	python-requests/2.22.0
7	ZmEu

リクエスト内容一覧

件数	Method	Request	Protocol
3	-
1	GET	/000000000000.cfg	HTTP/1.1
1	GET	/02bc478276f5aa136158d1a9470a405c.php	HTTP/1.1
1	GET	/720abf5fe7890346dfabbd2c683206f1.php	HTTP/1.1
3	GET	/a2billing/customer/templates/default/footer.tpl	HTTP/1.1
1	GET	/about.php	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
1	GET	/myadmin/scripts/setup.php	HTTP/1.1
1	GET	/MyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin-2.10.0.2/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin-2.9.0/scripts/setup.php	HTTP/1.1
1	GET	/phpmyadmin/	HTTP/1.1
1	GET	/phpmyadmin/index.php	HTTP/1.1
1	GET	/phpMyAdmin/index.php	HTTP/1.1
1	GET	/phpmyadmin/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/pma/scripts/setup.php	HTTP/1.1
1	GET	/polycom/000000000000.cfg	HTTP/1.1
1	GET	/pv/000000000000.cfg	HTTP/1.1
1	GET	/pv/y000000000000.cfg	HTTP/1.1
3	GET	/recordings/	HTTP/1.1
3	GET	/vtigercrm/vtigerservice.php	HTTP/1.1
1	GET	/y000000000000.cfg	HTTP/1.1
1	GET	/yealink/y000000000000.cfg	HTTP/1.1
1	HEAD	/	HTTP/1.1
1	HEAD	/robots.txt	HTTP/1.0
2	HEAD	/robots.txt	HTTP/1.1
1	POST	/script	HTTP/1.1
4	\x16\x03\x01

Region:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	139.162.213.208	United States
10	139.199.86.246	China
1	151.106.38.40	France
1	172.104.242.173	United States
7	185.53.88.54	Estonia
1	185.7.63.40	Norway
8	207.180.251.152	Germany
1	213.128.88.99	Turkey
1	52.77.222.25	United States
1	60.191.52.254	China

UserAgent一覧

件数	UserAgent
6	-
1	Go-http-client/1.1
8	libwww-perl/5.833
2	Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
1	Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9) Gecko/2008052906 Firefox/3.0
9	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
3	python-requests/2.22.0

リクエスト内容一覧

件数	Method	Request	Protocol
1	-
1	GET	/000000000000.cfg	HTTP/1.1
1	GET	/aastra.cfg	HTTP/1.1
1	GET	/about.php	HTTP/1.1
1	GET	/admin/config.php	HTTP/1.1
1	GET	/dana-na/nc/nc_gina_ver.txt	HTTP/1.1
1	GET	/elrekt.php	HTTP/1.1
1	GET	/html/public/index.php	HTTP/1.1
1	GET	/index.php	HTTP/1.1
1	GET	/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1	HTTP/1.1
2	GET	/manager/html	HTTP/1.1
1	GET	/public/index.php	HTTP/1.1
1	GET	/thinkphp/html/public/index.php	HTTP/1.1
1	GET	/TP/html/public/index.php	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
1	GET	/user/register/	HTTP/1.1
1	GET	/vtigercrm/vtigerservice.php	HTTP/1.1
1	GET	/y000000000000.cfg	HTTP/1.1
1	GET	/y000000000005.cfg	HTTP/1.1
1	GET	/y000000000007.cfg	HTTP/1.1
1	GET	/y000000000025.cfg	HTTP/1.1
1	GET	/y000000000028.cfg	HTTP/1.1
1	GET	/y000000000031.cfg	HTTP/1.1
1	HEAD	http://112[.]124[.]42[.]80:63435/	HTTP/1.1
1	HEAD	/robots.txt	HTTP/1.0
1	POST	/index.php?s=captcha	HTTP/1.1
4	\x16\x03\x01

Region:EU

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	149.202.10.237	France
1	151.106.38.40	France
1	164.132.153.130	France
1	172.104.242.173	United States
1	77.247.110.69	Estonia
2	89.248.174.219	Seychelles
6	89.248.174.39	Seychelles
6	95.110.227.199	Italy

UserAgent一覧

件数	UserAgent
13	-
6	Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0

リクエスト内容一覧

件数	Method	Request	Protocol
2	-
1	CONNECT	i.instagram.com:443	HTTP/1.1
1	GET	/000000000000.cfg	HTTP/1.1
1	GET	/muieblackcat	HTTP/1.1
1	GET	//myadmin/scripts/setup.php	HTTP/1.1
1	GET	//MyAdmin/scripts/setup.php	HTTP/1.1
1	GET	//phpmyadmin/scripts/setup.php	HTTP/1.1
1	GET	//phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	//pma/scripts/setup.php	HTTP/1.1
1	GET	/polycom/000000000000.cfg	HTTP/1.1
1	GET	/pv/000000000000.cfg	HTTP/1.1
1	GET	/pv/y000000000000.cfg	HTTP/1.1
1	GET	/y000000000000.cfg	HTTP/1.1
1	GET	/yealink/y000000000000.cfg	HTTP/1.1
2	HEAD	/robots.txt	HTTP/1.0
2	POST	/script	HTTP/1.1