ハニーポット(仮) 観測記録 2019/10/18分です。
特徴
Region:AP
ThinkPHPの脆弱性を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
5[.]188[.]210[.]101に関する不正通信
を確認しました。
Region:US
ThinkPHPの脆弱性を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
masscanによるスキャン行為
Morfeus Fucking Scannerによるスキャン行為
5[.]188[.]210[.]101に関する不正通信
83[.]143[.]86[.]62に関する不正通信
を確認しました。
Region:EU
ThinkPHPの脆弱性を狙うアクセス
Morfeus Fucking Scannerによるスキャン行為
を確認しました。
他
アクセス数推移
AP:総アクセス数:26 (前日比:-60)
US:総アクセス数:28 (前日比:-50)
EU:総アクセス数:12 (前日比:-18)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 119.29.132.198 | China |
| 1 | 122.224.88.26 | China |
| 4 | 139.155.89.172 | China |
| 1 | 189.180.63.165 | Mexico |
| 1 | 195.123.124.154 | Ukraine |
| 1 | 220.133.187.251 | Taiwan |
| 4 | 220.180.238.9 | China |
| 1 | 42.188.125.70 | Malaysia |
| 3 | 5.188.210.101 | Russia |
| 1 | 61.219.11.153 | Taiwan |
| 4 | 66.240.236.119 | United States |
| 2 | 66.249.71.123 | United States |
| 1 | 70.124.117.158 | United States |
| 1 | 73.205.51.38 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 4 | - |
| 6 | ApiTool |
| 2 | Go-http-client/1.1 |
| 1 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1) |
| 2 | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
| 3 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36 |
| 6 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 1 | python-requests/2.10.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 2 | GET | /echo.php | HTTP/1.1 |
| 1 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | http://5[.]188[.]210[.]101/echo.php | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /LoginPage.do | HTTP/1.1 |
| 3 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /sitemap.xml | HTTP/1.1 |
| 2 | GET | /TP/index.php | HTTP/1.1 |
| 2 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 2 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /.well-known/security.txt | HTTP/1.1 |
| 6 | POST | /editBlackAndWhiteList | HTTP/1.1 |
| 2 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
Region:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 104.200.134.161 | United States |
| 1 | 120.77.73.115 | China |
| 1 | 157.7.222.138 | Japan |
| 10 | 177.189.219.219 | Brazil |
| 1 | 185.101.33.138 | Norway |
| 1 | 201.114.142.81 | Mexico |
| 10 | 222.186.175.107 | China |
| 1 | 5.188.210.101 | Russia |
| 2 | 89.248.169.17 | Netherlands |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 2 | - |
| 1 | ApiTool |
| 2 | Go-http-client/1.1 |
| 1 | masscan/1.0 (https://github.com/robertdavidgraham/masscan) |
| 1 | Morfeus Fucking Scanner |
| 1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
| 20 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | |||
| 2 | GET | /elrekt.php | HTTP/1.1 |
| 2 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | http://5[.]188[.]210[.]101/echo.php | HTTP/1.1 |
| 1 | GET | http://83[.]143[.]86[.]62:4500/ | HTTP/1.1 |
| 2 | GET | /index.php | HTTP/1.1 |
| 2 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 2 | GET | /public/index.php | HTTP/1.1 |
| 2 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 2 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 2 | GET | /TP/index.php | HTTP/1.1 |
| 4 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /user/soapCaller.bs | HTTP/1.1 |
| 1 | POST | /editBlackAndWhiteList | HTTP/1.1 |
| 2 | POST | /index.php?s=captcha | HTTP/1.1 |
Region:EU
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 104.200.134.161 | United States |
| 10 | 124.207.119.81 | China |
| 1 | 159.65.121.162 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 1 | - |
| 1 | Go-http-client/1.1 |
| 1 | Morfeus Fucking Scanner |
| 9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /user/soapCaller.bs | HTTP/1.1 |
| 1 | POST | /index.php?s=captcha | HTTP/1.1 |
| 1 | %\xe9\xd7v\x03\xc2>\xba\x92\x8b\x9ejI\x1c\xb7b\xaa_r!\x8a{0!0\xf7\xf1\x8a\x86{0!\x8b\x7fr!\x8a{3)\x8a{0!\x8a{0! | {0!\x8a{\x1b\n |
