ハニーポット(仮) 観測記録 2019/10/04分です。
特徴
Region:AP
HiSilicon DVR Devicesの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
112[.]124[.]42[.]80に関する不正通信
を確認しました。
Region:US
HiSilicon DVR Devicesの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
ZmEuによるスキャン行為
5[.]188[.]210[.]101に関する不正通信
112[.]124[.]42[.]80に関する不正通信
を確認しました。
Region:EU
phpMyAdminに対するスキャン行為
を確認しました。
他
アクセス数推移
AP:総アクセス数:52 (前日比:+13)
US:総アクセス数:30 (前日比:+14)
EU:総アクセス数:7 (前日比:0)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 4 | 109.167.231.203 | Russia |
| 1 | 111.169.4.148 | Japan |
| 4 | 114.215.184.51 | China |
| 5 | 122.116.134.89 | Taiwan |
| 1 | 128.199.208.71 | Singapore |
| 1 | 148.70.68.20 | China |
| 1 | 162.243.123.199 | United States |
| 1 | 166.62.84.17 | United States |
| 1 | 189.146.101.209 | Mexico |
| 1 | 211.203.165.169 | South Korea |
| 4 | 222.186.130.20 | China |
| 1 | 34.253.231.151 | Ireland |
| 1 | 41.38.47.196 | Egypt |
| 1 | 45.136.108.25 | Germany |
| 1 | 47.185.37.87 | United States |
| 2 | 5.188.210.101 | Russia |
| 1 | 60.191.52.254 | China |
| 1 | 66.249.65.213 | United States |
| 1 | 67.207.94.61 | United States |
| 4 | 67.230.164.88 | United States |
| 1 | 78.97.94.67 | Romania |
| 10 | 93.174.93.178 | Netherlands |
| 1 | 93.54.88.248 | Italy |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 9 | - |
| 10 | ApiTool |
| 4 | Go-http-client/1.1 |
| 4 | Hi |
| 2 | Mozilla/5.0 |
| 1 | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML |
| 2 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML |
| 12 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 7 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | GET | /echo.php | HTTP/1.1 |
| 1 | GET | // | HTTP/1.1 |
| 5 | GET | ../../mnt/custom/ProductDefinition | HTTP |
| 1 | GET | //myadmin// | HTTP/1.1 |
| 4 | GET | /Pages/login.htm | HTTP/1.1 |
| 1 | GET | //phpadmin// | HTTP/1.1 |
| 1 | GET | //phpmyadmin// | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /shell?busybox | HTTP/1.1 |
| 4 | GET | /TP/index.php | HTTP/1.1 |
| 4 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 4 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /webdav/ | HTTP/1.1 |
| 3 | GET | /wp-login.php | HTTP/1.1 |
| 3 | HEAD | / | HTTP/1.1 |
| 1 | HEAD | http://112[.]124[.]42[.]80:63435/ | HTTP/1.1 |
| 10 | POST | /editBlackAndWhiteList | HTTP/1.1 |
| 4 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
| 1 | \x03 |
Region:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 105.159.205.184 | Morocco |
| 10 | 112.25.77.193 | China |
| 1 | 14.187.50.139 | Vietnam |
| 1 | 176.79.15.74 | Portugal |
| 1 | 185.146.1.107 | Kazakhstan |
| 1 | 193.42.110.183 | Russia |
| 1 | 197.45.5.148 | Egypt |
| 1 | 5.188.210.101 | Russia |
| 1 | 59.127.252.144 | Taiwan |
| 1 | 60.191.52.254 | China |
| 1 | 70.72.180.42 | Canada |
| 1 | 73.125.64.67 | United States |
| 2 | 78.128.113.46 | Bulgaria |
| 4 | 78.186.163.237 | Turkey |
| 1 | 83.29.200.102 | Poland |
| 1 | 93.113.43.52 | Romania |
| 1 | 93.174.93.178 | Netherlands |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 3 | - |
| 1 | ApiTool |
| 1 | Go-http-client/1.1 |
| 5 | Hi |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML |
| 1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML |
| 1 | Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 |
| 13 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 3 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 |
| 1 | ZmEu |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | GET | /downloader/ | HTTP/1.1 |
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 2 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | http://5[.]188[.]210[.]101/echo.php | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 1 | GET | ../../mnt/custom/ProductDefinition | HTTP |
| 1 | GET | //myadmin// | HTTP/1.1 |
| 5 | GET | /Pages/login.htm | HTTP/1.1 |
| 1 | GET | //phpadmin// | HTTP/1.1 |
| 1 | GET | //phpmyadmin// | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 2 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 2 | GET | /TP/index.php | HTTP/1.1 |
| 2 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
| 1 | HEAD | http://112[.]124[.]42[.]80:63435/ | HTTP/1.1 |
| 1 | POST | /editBlackAndWhiteList | HTTP/1.1 |
| 1 | POST | /index.php?s=captcha | HTTP/1.1 |
| 2 | \x03 |
Region:EU
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 185.52.2.165 | Netherlands |
| 1 | 193.42.110.183 | Russia |
| 1 | 194.42.111.204 | Poland |
| 1 | 49.143.95.121 | South Korea |
| 3 | 93.174.93.178 | Netherlands |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 3 | ApiTool |
| 1 | Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 |
| 3 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | GET | /downloader/ | HTTP/1.1 |
| 1 | GET | //phpadmin// | HTTP/1.1 |
| 1 | GET | //phpmyadmin// | HTTP/1.1 |
| 1 | GET | /wp-login.php | HTTP/1.1 |
| 3 | POST | /editBlackAndWhiteList | HTTP/1.1 |
