ハニーポット(仮) 観測記録 2019/10/08分です。
特徴
Region:AP
Shenzhen TVT製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
UPnPを利用した探索行為
ZmEuによるスキャン行為
zgrabによるスキャン行為
を確認しました。
Region:US
HiSilicon DVR Devicesの脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
UPnPを利用した探索行為
ZmEuによるスキャン行為
を確認しました。
Region:EU
UPnPを利用した探索行為
zgrabによるスキャン行為
を確認しました。
他
アクセス数推移
AP:総アクセス数:42 (前日比:-245)
US:総アクセス数:17 (前日比:+2)
EU:総アクセス数:4 (前日比:-19)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 4 | 106.12.130.171 | China |
| 4 | 106.12.98.205 | China |
| 1 | 106.51.44.69 | India |
| 4 | 106.52.22.85 | China |
| 4 | 123.206.176.235 | China |
| 1 | 159.203.201.72 | United States |
| 1 | 186.1.32.216 | Nicaragua |
| 1 | 192.72.22.26 | Taiwan |
| 1 | 218.161.34.125 | Taiwan |
| 1 | 31.184.218.5 | Russia |
| 3 | 35.240.231.240 | United States |
| 1 | 39.135.34.212 | China |
| 1 | 47.35.213.252 | United States |
| 6 | 51.159.1.170 | France |
| 1 | 5.26.127.74 | Turkey |
| 1 | 54.36.148.223 | France |
| 1 | 60.54.97.84 | Malaysia |
| 1 | 61.219.11.153 | Taiwan |
| 3 | 66.179.123.113 | United States |
| 1 | 78.83.242.229 | Bulgaria |
| 1 | 93.242.117.4 | Germany |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 4 | - |
| 3 | ApiTool |
| 4 | Go-http-client/1.1 |
| 1 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) |
| 1 | Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/) |
| 2 | Mozilla/5.0 (iPhone; CPU iPhone OS 13_1_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 |
| 4 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 |
| 1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36 |
| 13 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 1 | Mozilla/5.0 zgrab/0.x |
| 1 | User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705 |
| 6 | ZmEu |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | GET | /?_=1562616eab236 | HTTP/1.1 |
| 1 | GET | /adminer.php | HTTP/1.1 |
| 1 | GET | /HNAP1/ | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /myadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /MyAdmin/scripts/setup.php | HTTP/1.1 |
| 4 | GET | /phpmyadmin/ | HTTP/1.1 |
| 1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /pma/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 4 | GET | /TP/index.php | HTTP/1.1 |
| 4 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 | HTTP/1.1 |
| 5 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /UPnP/IGD.xml | HTTP/1.1 |
| 1 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
| 2 | POST | /activate-flash-plan | HTTP/1.1 |
| 1 | POST | /activate-flash-plan | HTTP/1.1\n |
| 3 | POST | /editBlackAndWhiteList | HTTP/1.1 |
| 4 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
| 2 | \x16\x03\x01 |
Region:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 123.21.162.122 | Vietnam |
| 1 | 159.203.197.175 | United States |
| 1 | 185.156.177.235 | Russia |
| 1 | 212.237.23.173 | Italy |
| 6 | 51.159.1.170 | France |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 66.96.235.17 | Indonesia |
| 4 | 71.6.199.23 | United States |
| 1 | 89.159.74.93 | France |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 7 | - |
| 1 | Mozilla/5.0 |
| 1 | Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36 |
| 1 | Mozilla/5.0 zgrab/0.x |
| 1 | python-requests/2.19.1 |
| 6 | ZmEu |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | GET | /favicon.ico | HTTP/1.1 |
| 2 | GET | ../../mnt/custom/ProductDefinition | HTTP |
| 1 | GET | /myadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /MyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /phpinfo.php | HTTP/1.1 |
| 1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /pma/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=busybox&curpath=/¤tsetting.htm=1 | HTTP/1.1 |
| 1 | GET | /sitemap.xml | HTTP/1.1 |
| 1 | GET | /UPnP/IGD.xml | HTTP/1.1 |
| 1 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
| 1 | GET | /.well-known/security.txt | HTTP/1.1 |
| 1 | \x03 |
Region:EU
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 159.203.201.108 | United States |
| 1 | 178.54.86.119 | Ukraine |
| 1 | 185.156.177.235 | Russia |
| 1 | 35.240.231.240 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 2 | - |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.109 Safari/537.36 |
| 1 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | GET | /auth1.html | HTTP/1.1 |
| 1 | GET | /UPnP/IGD.xml | HTTP/1.1 |
| 1 | POST | /activate-flash-plan | HTTP/1.1\n |
| 1 | \x03 |
