ハニーポット(仮) 観測記録 2019/10/20分です。

特徴

Region：AP

ThinkPHPの脆弱性を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
ZmEuによるスキャン行為
を確認しました。

Region：US

HiSilicon DVR Devicesの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
ZmEuによるスキャン行為
Gh0stRATのような動き
を確認しました。

Region：EU

Gh0stRATのような動き
を確認しました。

他

アクセス数推移

AP：総アクセス数：36 (前日比：+5)
US：総アクセス数：39 (前日比：+35)
EU：総アクセス数：17 (前日比：+1)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Region：AP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	148.70.68.20	China
12	165.227.192.182	United States
1	185.222.211.18	United Kingdom
1	189.180.226.27	Mexico
1	207.180.218.63	Germany
3	211.38.144.230	South Korea
1	218.108.29.194	China
4	39.105.124.108	China
2	5.39.219.80	Netherlands
1	61.219.11.153	Taiwan
4	71.6.167.142	United States
4	80.82.77.139	Netherlands
1	91.52.53.133	Germany

UserAgent一覧

件数	UserAgent
10	-
1	ApiTool
1	Go-http-client/1.1
1	Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1)
1	Mozilla/5.0
3	Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
1	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
3	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
1	python-requests/2.10.0
1	python-requests/2.13.0
1	User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705
12	ZmEu

リクエスト内容一覧

件数	Method	Request	Protocol
1	-
2	GET	/favicon.ico	HTTP/1.1
1	GET	/LoginPage.do	HTTP/1.1
4	GET	/manager/html	HTTP/1.1
1	GET	/myadmin/scripts/setup.php	HTTP/1.1
1	GET	/MyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/mysql/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin-2.10.0.0/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin-2.10.0.1/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin-2.10.0.2/scripts/setup.php	HTTP/1.1
1	GET	/phpmyadmin/	HTTP/1.1
2	GET	/phpmyadmin/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/pma/scripts/setup.php	HTTP/1.1
2	GET	/robots.txt	HTTP/1.1
2	GET	/sitemap.xml	HTTP/1.1
1	GET	/SQL/scripts/setup.php	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
1	GET	/TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
1	GET	/w00tw00t.at.blackhats.romanian.anti-sec:)	HTTP/1.1
1	GET	/webdav/	HTTP/1.1
2	GET	/.well-known/security.txt	HTTP/1.1
1	POST	/editBlackAndWhiteList	HTTP/1.1
1	POST	/TP/index.php?s=captcha	HTTP/1.1
3		\x03

Region:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	14.187.59.1	Vietnam
5	142.93.135.210	United States
1	159.65.121.162	United States
3	167.206.74.130	United States
1	185.209.0.12	Latvia
1	208.168.238.23	Cayman Islands
1	218.244.146.115	China
10	220.197.219.238	China
1	221.215.162.2	China
1	45.136.108.22	Germany
1	5.39.219.80	Netherlands
2	61.219.11.153	Taiwan
11	78.55.240.68	Germany

UserAgent一覧

件数	UserAgent
15	-
1	ApiTool
1	Go-http-client/1.1
1	Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36
9	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
1	User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705

リクエスト内容一覧

件数	Method	Request	Protocol
3	-
1	GET	/elrekt.php	HTTP/1.1
1	GET	/html/public/index.php	HTTP/1.1
2	GET	/index.php	HTTP/1.1
1	GET	/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/manager/html	HTTP/1.1
1	GET	../../mnt/custom/ProductDefinition	HTTP
1	GET	/mysql/admin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/mysqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/mysql/sqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin1/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin2/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin3/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpmyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/phpMyadmin/index.php?lang=en	HTTP/1.1
1	GET	/phpMyAdmin/index.php?lang=en	HTTP/1.1
1	GET	/public/index.php	HTTP/1.1
1	GET	/thinkphp/html/public/index.php	HTTP/1.1
1	GET	/TP/html/public/index.php	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
1	Gh0st\xad
1	HEAD	/	HTTP/1.1
1	HELP
1	POST	/editBlackAndWhiteList	HTTP/1.1
1	POST	/index.php?s=captcha	HTTP/1.1
3		\x03
3		\x16\x03\x01
1		\x1b\x84\xd5\xb0]\xf4\xc4\x93\xc50\xc2X\x8c\xda\xb1\xd7\xac\xafn\x1d\xe1\x1e\x1a3*\x85\xb7\x1d'\xb1\xc9k\xbf\xf0\xbc
1		\xbd\xff\x9e\xffE\xff\x9e\xff\xbd\xff\x9e\xff\xa4\xff\x86\xff\xc4\xff\xbe\xff\xc7\xff\xdb\xff\xee\xffx\d9\xff\xed\xff\xa4\xff\x9d\xff\xcf\xff\xd8\xff\xe5\xff\x04\xff\x12\xff0\xff\xb1\xff\xbd\xff\xe7\xff\xe2\xff\xdd\xff\xdc\xff\xde\xff\xc8\xff\xcc\xff\xbe\xff\xf8\xff&\xff\x01\xff\x0f\xff\xf5\xff\x06\xff\xff\xff\xf7\xff!\xff\xde\xff\x02\xff&\xff\x0c\xff\x01\xff\xf5\xff

Region:EU

送信元IPアドレス一覧

件数	送信元IPアドレス	国
5	139.162.244.237	United States
1	185.209.0.12	Latvia
1	185.222.211.18	United Kingdom
3	210.255.82.235	Japan
1	5.39.219.80	Netherlands
1	61.219.11.153	Taiwan
5	97.107.133.187	United States

UserAgent一覧

件数	UserAgent
16	-
1	User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705

リクエスト内容一覧

件数	Method	Request	Protocol
1	-
1	GET	/manager/html	HTTP/1.1
2	Gh0st\xad
2	HELP
3		\x03
4		\x16\x03\x01
2		\x1b\x84\xd5\xb0]\xf4\xc4\x93\xc50\xc2X\x8c\xda\xb1\xd7\xac\xafn\x1d\xe1\x1e\x1a3*\x85\xb7\x1d'\xb1\xc9k\xbf\xf0\xbc\n
2		\xbd\xff\x9e\xffE\xff\x9e\xff\xbd\xff\x9e\xff\xa4\xff\x86\xff\xc4\xff\xbe\xff\xc7\xff\xdb\xff\xee\xffx\d9\xff\xed\xff\xa4\xff\x9d\xff\xcf\xff\xd8\xff\xe5\xff\x04\xff\x12\xff0\xff\xb1\xff\xbd\xff\xe7\xff\xe2\xff\xdd\xff\xdc\xff\xde\xff\xc8\xff\xcc\xff\xbe\xff\xf8\xff&\xff\x01\xff\x0f\xff\xf5\xff\x06\xff\xff\xff\xf7\xff!\xff\xde\xff\x02\xff&\xff\x0c\xff\x01\xff\xf5\xff\n