ハニーポット(仮) 観測記録 2019/09/16分です。
特徴
Region:AP
HiSilicon DVR Devicesの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Oracle WebLogicの脆弱性(CVE-2017-3506,CVE-2017-10271,CVE-2019-2729)を狙うアクセス
zgrabによるスキャン行為
を確認しました。
Region:US
HiSilicon DVR Devicesの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
を確認しました。
Region:EU
zgrabによるスキャン行為
5[.]188[.]210[.]101に関する不正通信
を確認しました。
他
アクセス数推移
AP:総アクセス数:31 (前日比:+11)
US:総アクセス数:130 (前日比:+109)
EU:総アクセス数:8 (前日比:-27)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 4 | 112.29.140.228 | China |
| 4 | 113.125.87.0 | China |
| 2 | 115.159.186.223 | China |
| 1 | 123.20.17.46 | Vietnam |
| 1 | 13.56.33.144 | United States |
| 1 | 14.231.177.83 | Vietnam |
| 1 | 159.203.193.54 | United States |
| 1 | 159.203.201.93 | United States |
| 7 | 185.234.218.50 | Ireland |
| 1 | 194.93.59.44 | Germany |
| 1 | 39.135.1.163 | China |
| 4 | 49.234.49.50 | China |
| 1 | 66.249.69.12 | United States |
| 1 | 66.249.69.16 | United States |
| 1 | 89.248.167.131 | Seychelles |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 5 | - |
| 3 | Go-http-client/1.1 |
| 2 | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| 1 | Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0 |
| 7 | Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 |
| 10 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 |
| 2 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | GET | /database/print.css | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /manager/text/list | HTTP/1.1 |
| 2 | GET | ../../mnt/custom/ProductDefinition | HTTP |
| 1 | GET | /myadmin/print.css | HTTP/1.1 |
| 2 | GET | /mysql/print.css | HTTP/1.1 |
| 1 | GET | /phpmyadmin/print.css | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/print.css | HTTP/1.1 |
| 1 | GET | /pma/print.css | HTTP/1.1 |
| 3 | GET | /robots.txt | HTTP/1.1 |
| 3 | GET | /TP/index.php | HTTP/1.1 |
| 3 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 4 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /wp-login.php | HTTP/1.1 |
| 3 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
| 1 | POST | /wls-wsat/CoordinatorPortType | HTTP/1.1 |
| 1 | PROPFIND | / | HTTP/1.1 |
| 1 | \x03 |
Region:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 10 | 112.29.140.220 | China |
| 1 | 14.231.70.89 | Vietnam |
| 1 | 159.203.193.38 | United States |
| 1 | 159.203.197.148 | United States |
| 101 | 163.172.143.247 | France |
| 1 | 172.104.242.173 | United States |
| 1 | 185.7.63.40 | Norway |
| 1 | 194.93.59.44 | Germany |
| 11 | 39.135.1.162 | China |
| 1 | 42.2.88.86 | Hong Kong |
| 1 | 94.20.65.17 | Azerbaijan |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 4 | - |
| 2 | Go-http-client/1.1 |
| 1 | Mozilla/5.0 |
| 101 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9) Gecko/2008052906 Firefox/3.0 |
| 19 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 2 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 2 | GET | /elrekt.php | HTTP/1.1 |
| 2 | GET | /html/public/index.php | HTTP/1.1 |
| 2 | GET | /index.php | HTTP/1.1 |
| 2 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /manager/text/list | HTTP/1.1 |
| 2 | GET | ../../mnt/custom/ProductDefinition | HTTP |
| 101 | GET | /phpmyadmin/ | HTTP/1.1 |
| 2 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /shell?busybox | HTTP/1.1 |
| 2 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 2 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 2 | GET | /TP/index.php | HTTP/1.1 |
| 3 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /user/register/ | HTTP/1.1 |
| 2 | POST | /index.php?s=captcha | HTTP/1.1 |
| 1 | \x03 |
Region:EU
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 2 | 106.12.28.134 | China |
| 1 | 159.203.197.27 | United States |
| 1 | 159.203.197.3 | United States |
| 1 | 172.104.242.173 | United States |
| 1 | 194.93.59.44 | Germany |
| 1 | 210.60.110.4 | Taiwan |
| 1 | 5.188.210.101 | Russia |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 2 | - |
| 1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
| 1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 2 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | GET | http://5[.]188[.]210[.]101/echo.php | HTTP/1.1 |
| 2 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /manager/text/list | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | \x03 |
