ハニーポット(仮) 観測記録 2019/09/29分です。
特徴
Region:AP
HiSilicon DVR Devicesの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
ZmEuによるスキャン行為
を確認しました。
Region:US
NetGear製品の脆弱性を狙うアクセス
Oracle WebLogic(CVE-2019-2725,CVE-2019-2729)の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
を確認しました。
Region:EU
ThinkPHPの脆弱性を狙うアクセス
3[.]9[.]135[.]182に関する不正通信
を確認しました。
他
アクセス数推移
AP:総アクセス数:37 (前日比:+8)
US:総アクセス数:29 (前日比:-97)
EU:総アクセス数:16 (前日比:+3)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 106.15.229.173 | China |
| 1 | 122.193.47.210 | China |
| 3 | 124.251.44.162 | China |
| 3 | 129.158.122.65 | United States |
| 1 | 13.56.33.144 | United States |
| 1 | 157.55.39.25 | United States |
| 1 | 173.176.245.208 | Canada |
| 4 | 183.235.222.44 | China |
| 1 | 193.188.22.56 | Russia |
| 1 | 200.161.218.120 | Brazil |
| 6 | 23.96.127.81 | United States |
| 4 | 34.68.73.207 | United States |
| 1 | 54.36.111.3 | Germany |
| 3 | 58.221.24.178 | China |
| 1 | 66.249.71.121 | United States |
| 1 | 66.249.71.123 | United States |
| 4 | 92.118.37.91 | Greece |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 7 | - |
| 1 | Go-http-client/1.1 |
| 1 | Mozilla/5.0 |
| 1 | Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) |
| 2 | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| 4 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 |
| 13 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 |
| 1 | python-requests/2.22.0 |
| 6 | ZmEu |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | GET | /09898BA5F19DB36A1A90FC2119C35385.php | HTTP/1.1 |
| 1 | GET | /720abf5fe7890346dfabbd2c683206f1.php | HTTP/1.1 |
| 1 | GET | /html | HTTP/1.1 |
| 4 | GET | /login.php | HTTP/1.1 |
| 1 | GET | ../../mnt/custom/ProductDefinition | HTTP |
| 1 | GET | /myadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /MyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /phpmyadmin/index.php | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/index.php | HTTP/1.1 |
| 1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /pma/scripts/setup.php | HTTP/1.1 |
| 3 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /shell?busybox | HTTP/1.1 |
| 4 | GET | /TP/index.php | HTTP/1.1 |
| 4 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 5 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
| 1 | GET | /wp-login.php | HTTP/1.1 |
| 1 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
| 1 | \x03 |
Region:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 104.211.216.163 | India |
| 1 | 183.97.4.232 | South Korea |
| 1 | 193.188.22.56 | Russia |
| 1 | 222.244.146.58 | China |
| 25 | 92.237.188.183 | United Kingdom |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 1 | - |
| 2 | Mozilla/5.0 |
| 25 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36 |
| 1 | python-requests/2.22.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | GET | /2phpmyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /dbadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /db/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /myadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /MyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/admin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/dbadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/mysqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /mysql/sqlmanager/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin2/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin3/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin4/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyadmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phpmy/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /phppma/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /pma/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /PMA/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /program/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=busybox&curpath=/¤tsetting.htm=1 | HTTP/1.1 |
| 1 | GET | /shell?busybox | HTTP/1.1 |
| 1 | GET | /shopdb/index.php?lang=en | HTTP/1.1 |
| 1 | GET | /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en | HTTP/1.1 |
| 1 | POST | /_async/AsyncResponseService | HTTP/1.1 |
| 1 | \x03 |
Region:EU
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 113.96.223.207 | China |
| 10 | 148.70.215.117 | China |
| 1 | 185.209.0.12 | Latvia |
| 1 | 193.188.22.56 | Russia |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 79.198.108.217 | Germany |
| 1 | 92.118.37.91 | Greece |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 6 | - |
| 1 | Go-http-client/1.1 |
| 9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | http://3[.]9[.]135[.]182/ | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 1 | GET | /login.php | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /v1/agent/self | HTTP/1.1\n |
| 1 | POST | /index.php?s=captcha | HTTP/1.1 |
| 2 | \x03 |
