ハニーポット(仮) 観測記録 2019/09/14分です。
特徴
Region:AP
HiSilicon DVR Devicesの脆弱性を狙うアクセス
zgrabによるスキャン行為
を確認しました。
Region:US
HiSilicon DVR Devicesの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Gh0stRATのような動き
を確認しました。
Region:EU
ThinkPHPの脆弱性を狙うアクセス
Gh0stRATのような動き
を確認しました。
他
アクセス数推移
AP:総アクセス数:9 (前日比:-74)
US:総アクセス数:21 (前日比:+12)
EU:総アクセス数:13 (前日比:-4)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 14.177.137.62 | Vietnam |
| 1 | 159.89.20.170 | United States |
| 1 | 167.99.143.169 | United States |
| 2 | 200.187.180.106 | Brazil |
| 2 | 210.60.110.4 | Taiwan |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 66.249.79.37 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 4 | - |
| 1 | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| 2 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
| 2 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 2 | GET | /manager/html | HTTP/1.1 |
| 3 | GET | ../../mnt/custom/ProductDefinition | HTTP |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /TEMPORARY_LISTEN_ADDRESSES/WSMAN | HTTP/1.1 |
| 1 | GET | /WSMAN | HTTP/1.1 |
Region:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 10 | 106.13.171.45 | China |
| 1 | 123.21.151.16 | Vietnam |
| 1 | 172.104.242.173 | United States |
| 1 | 203.167.92.2 | Philippines |
| 3 | 220.202.12.71 | China |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 66.240.205.34 | United States |
| 1 | 79.115.252.139 | Romania |
| 1 | 86.122.243.179 | Romania |
| 1 | 88.247.237.12 | Turkey |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 7 | - |
| 1 | Go-http-client/1.1 |
| 1 | Mozilla/5.0 |
| 12 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | - | ||
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 3 | GET | ../../mnt/custom/ProductDefinition | HTTP |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /shell?busybox | HTTP/1.1 |
| 2 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 2 | GET | /TP/index.php | HTTP/1.1 |
| 2 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | Gh0st\xad | ||
| 1 | HEAD | / | HTTP/1.1 |
| 1 | POST | /index.php?s=captcha | HTTP/1.1 |
Region:EU
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 10 | 120.92.123.150 | China |
| 1 | 167.71.73.37 | United States |
| 1 | 172.104.242.173 | United States |
| 1 | 66.240.205.34 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 2 | - |
| 1 | Go-http-client/1.1 |
| 1 | Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 |
| 9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /HNAP1/ | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | Gh0st\xad | ||
| 1 | POST | /index.php?s=captcha | HTTP/1.1 |
