ハニーポット(仮) 観測記録 2019/10/20分です。
特徴
Region:AP
ThinkPHPの脆弱性を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
ZmEuによるスキャン行為
を確認しました。
Region:US
HiSilicon DVR Devicesの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
ZmEuによるスキャン行為
Gh0stRATのような動き
を確認しました。
Region:EU
Gh0stRATのような動き
を確認しました。
他
アクセス数推移
AP:総アクセス数:36 (前日比:+5)
US:総アクセス数:39 (前日比:+35)
EU:総アクセス数:17 (前日比:+1)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 148.70.68.20 | China |
12 | 165.227.192.182 | United States |
1 | 185.222.211.18 | United Kingdom |
1 | 189.180.226.27 | Mexico |
1 | 207.180.218.63 | Germany |
3 | 211.38.144.230 | South Korea |
1 | 218.108.29.194 | China |
4 | 39.105.124.108 | China |
2 | 5.39.219.80 | Netherlands |
1 | 61.219.11.153 | Taiwan |
4 | 71.6.167.142 | United States |
4 | 80.82.77.139 | Netherlands |
1 | 91.52.53.133 | Germany |
UserAgent一覧
件数 | UserAgent |
---|---|
10 | - |
1 | ApiTool |
1 | Go-http-client/1.1 |
1 | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;SV1) |
1 | Mozilla/5.0 |
3 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
1 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
3 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
1 | python-requests/2.10.0 |
1 | python-requests/2.13.0 |
1 | User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705 |
12 | ZmEu |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
2 | GET | /favicon.ico | HTTP/1.1 |
1 | GET | /LoginPage.do | HTTP/1.1 |
4 | GET | /manager/html | HTTP/1.1 |
1 | GET | /myadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /MyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /mysql/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin-2.10.0.0/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin-2.10.0.1/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin-2.10.0.2/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpmyadmin/ | HTTP/1.1 |
2 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /pma/scripts/setup.php | HTTP/1.1 |
2 | GET | /robots.txt | HTTP/1.1 |
2 | GET | /sitemap.xml | HTTP/1.1 |
1 | GET | /SQL/scripts/setup.php | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
1 | GET | /webdav/ | HTTP/1.1 |
2 | GET | /.well-known/security.txt | HTTP/1.1 |
1 | POST | /editBlackAndWhiteList | HTTP/1.1 |
1 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
3 | \x03 |
Region:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 14.187.59.1 | Vietnam |
5 | 142.93.135.210 | United States |
1 | 159.65.121.162 | United States |
3 | 167.206.74.130 | United States |
1 | 185.209.0.12 | Latvia |
1 | 208.168.238.23 | Cayman Islands |
1 | 218.244.146.115 | China |
10 | 220.197.219.238 | China |
1 | 221.215.162.2 | China |
1 | 45.136.108.22 | Germany |
1 | 5.39.219.80 | Netherlands |
2 | 61.219.11.153 | Taiwan |
11 | 78.55.240.68 | Germany |
UserAgent一覧
件数 | UserAgent |
---|---|
15 | - |
1 | ApiTool |
1 | Go-http-client/1.1 |
1 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) |
11 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 |
9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
1 | User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
3 | - | ||
1 | GET | /elrekt.php | HTTP/1.1 |
1 | GET | /html/public/index.php | HTTP/1.1 |
2 | GET | /index.php | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /manager/html | HTTP/1.1 |
1 | GET | ../../mnt/custom/ProductDefinition | HTTP |
1 | GET | /mysql/admin/index.php?lang=en | HTTP/1.1 |
1 | GET | /mysql/dbadmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /mysql/mysqlmanager/index.php?lang=en | HTTP/1.1 |
1 | GET | /mysql/sqlmanager/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpmyadmin1/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpmyadmin2/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpmyadmin3/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpmyadmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpmyAdmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpMyadmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpMyAdmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /public/index.php | HTTP/1.1 |
1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | Gh0st\xad | ||
1 | HEAD | / | HTTP/1.1 |
1 | HELP | ||
1 | POST | /editBlackAndWhiteList | HTTP/1.1 |
1 | POST | /index.php?s=captcha | HTTP/1.1 |
3 | \x03 | ||
3 | \x16\x03\x01 | ||
1 | \x1b\x84\xd5\xb0]\xf4\xc4\x93\xc50\xc2X\x8c\xda\xb1\xd7\xac\xafn\x1d\xe1\x1e\x1a3*\x85\xb7\x1d'\xb1\xc9k\xbf\xf0\xbc | ||
1 | \xbd\xff\x9e\xffE\xff\x9e\xff\xbd\xff\x9e\xff\xa4\xff\x86\xff\xc4\xff\xbe\xff\xc7\xff\xdb\xff\xee\xffx\d9\xff\xed\xff\xa4\xff\x9d\xff\xcf\xff\xd8\xff\xe5\xff\x04\xff\x12\xff0\xff\xb1\xff\xbd\xff\xe7\xff\xe2\xff\xdd\xff\xdc\xff\xde\xff\xc8\xff\xcc\xff\xbe\xff\xf8\xff&\xff\x01\xff\x0f\xff\xf5\xff\x06\xff\xff\xff\xf7\xff!\xff\xde\xff\x02\xff&\xff\x0c\xff\x01\xff\xf5\xff |
Region:EU
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
5 | 139.162.244.237 | United States |
1 | 185.209.0.12 | Latvia |
1 | 185.222.211.18 | United Kingdom |
3 | 210.255.82.235 | Japan |
1 | 5.39.219.80 | Netherlands |
1 | 61.219.11.153 | Taiwan |
5 | 97.107.133.187 | United States |
UserAgent一覧
件数 | UserAgent |
---|---|
16 | - |
1 | User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
1 | GET | /manager/html | HTTP/1.1 |
2 | Gh0st\xad | ||
2 | HELP | ||
3 | \x03 | ||
4 | \x16\x03\x01 | ||
2 | \x1b\x84\xd5\xb0]\xf4\xc4\x93\xc50\xc2X\x8c\xda\xb1\xd7\xac\xafn\x1d\xe1\x1e\x1a3*\x85\xb7\x1d'\xb1\xc9k\xbf\xf0\xbc\n | ||
2 | \xbd\xff\x9e\xffE\xff\x9e\xff\xbd\xff\x9e\xff\xa4\xff\x86\xff\xc4\xff\xbe\xff\xc7\xff\xdb\xff\xee\xffx\d9\xff\xed\xff\xa4\xff\x9d\xff\xcf\xff\xd8\xff\xe5\xff\x04\xff\x12\xff0\xff\xb1\xff\xbd\xff\xe7\xff\xe2\xff\xdd\xff\xdc\xff\xde\xff\xc8\xff\xcc\xff\xbe\xff\xf8\xff&\xff\x01\xff\x0f\xff\xf5\xff\x06\xff\xff\xff\xf7\xff!\xff\xde\xff\x02\xff&\xff\x0c\xff\x01\xff\xf5\xff\n |