ハニーポット(仮) 観測記録 2019/11/06分です。
特徴
Region:AP
Shenzhen TVT製品の脆弱性を狙うアクセス
クラウド環境のメタデータ情報を狙うアクセス
AWS Security Scannerによるスキャン行為
18[.]179[.]20[.]5に関する不正通信
61[.]161[.]113[.]145に関する不正通信
238[.]193[.]171[.]236に関する不正通信
を確認しました。
Region:US
ThinkPHPの脆弱性を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
を確認しました。
Region:EU
Shenzhen TVT製品の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
を確認しました。
他
アクセス数推移
AP:総アクセス数:241 (前日比:+146)
US:総アクセス数:23 (前日比:+10)
EU:総アクセス数:7 (前日比:-1832)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 120.26.199.108 | China |
| 1 | 165.22.51.44 | United States |
| 1 | 172.98.67.107 | Canada |
| 1 | 172.98.67.38 | Canada |
| 1 | 173.244.36.4 | United States |
| 1 | 178.128.194.144 | Germany |
| 1 | 183.111.122.206 | South Korea |
| 1 | 185.216.34.228 | Austria |
| 2 | 185.220.70.152 | Germany |
| 1 | 185.230.124.50 | Spain |
| 1 | 193.188.22.187 | Russia |
| 1 | 194.99.106.147 | France |
| 2 | 196.52.10.11 | South Africa |
| 1 | 196.55.2.6 | South Africa |
| 62 | 23.92.127.18 | Sweden |
| 1 | 37.120.208.82 | Singapore |
| 1 | 41.216.186.89 | South Africa |
| 34 | 44.224.22.196 | United States |
| 1 | 45.12.220.196 | Sweden |
| 1 | 46.33.113.35 | Czechia |
| 1 | 47.111.5.207 | China |
| 2 | 51.38.185.245 | France |
| 1 | 66.102.6.110 | United States |
| 1 | 77.247.110.54 | Netherlands |
| 8 | 80.172.216.168 | Portugal |
| 1 | 82.102.20.170 | Denmark |
| 24 | 82.102.21.215 | Italy |
| 2 | 82.102.27.126 | Norway |
| 1 | 82.102.27.56 | Norway |
| 1 | 82.77.91.36 | Romania |
| 74 | 89.238.150.18 | United Kingdom |
| 9 | 89.238.154.119 | United Kingdom |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 23 | - |
| 2 | ApiTool |
| 14 | AWS Security Scanner |
| 2 | curl/7.47.0 |
| 1 | Mozilla/4.0 (compatible; MSIE 11.0; DSNF_3724=NT6.1.76016.1.7601-FC64BED2.ENU.2DC02FDF-D69E0F-9258DD-10191022=) |
| 1 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) |
| 1 | Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36 |
| 164 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:35.0) Gecko/20100101 Firefox/35.0 |
| 10 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 1 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 Google Favicon |
| 1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 |
| 19 | python-requests/2.18.4 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 10 | CONNECT | 18[.]179[.]20[.]5:80 | HTTP/1.0 |
| 1 | GET | /0511us3/3514KLD.1F6266993EBAC6A7D2E474CEED82854F/5/spk/61[.]161[.]113[.]145/ | HTTP/1.1 |
| 1 | GET | /0511us3/NCB399S.E0007BA9629F5B63EB6703E189EBE072/5/cert/238[.]193[.]171[.]236/ | HTTP/1.1 |
| 2 | GET | /admin/flags/ | HTTP/1.1 |
| 1 | GET | /admin | HTTP/1.1 |
| 2 | GET | /admin/images/ | HTTP/1.1 |
| 4 | GET | /admin.php | HTTP/1.1 |
| 1 | GET | /admin.php?login=true | HTTP/1.1 |
| 2 | GET | /admin/resources/css/ | HTTP/1.1 |
| 2 | GET | /admin/resources/images/ | HTTP/1.1 |
| 1 | GET | /android/admin.php | HTTP/1.1 |
| 1 | GET | /anti_vidar/login.php | HTTP/1.1 |
| 1 | GET | /api.php | HTTP/1.1 |
| 1 | GET | /app | HTTP/1.1 |
| 1 | GET | /app/ | HTTP/1.1 |
| 1 | GET | /asdfddsas.php | HTTP/1.1 |
| 1 | GET | /asfdsfafggdf.php | HTTP/1.1 |
| 1 | GET | /assets/css/style.css | HTTP/1.1 |
| 1 | GET | /assets/img/bg.png | HTTP/1.1 |
| 1 | GET | /assets/img/button-bgs/bots-btn.png | HTTP/1.1 |
| 1 | GET | /assets/img/button-bgs/clips-btn.png | HTTP/1.1 |
| 1 | GET | /assets/img/button-bgs/exit-btn.png | HTTP/1.1 |
| 1 | GET | /assets/img/button-bgs/home-btn.png | HTTP/1.1 |
| 1 | GET | /assets/img/button-bgs/settings-btn.png | HTTP/1.1 |
| 1 | GET | /assets/img/favicon.ico | HTTP/1.1 |
| 1 | GET | /assets/img/install-bg.png | HTTP/1.1 |
| 1 | GET | /assets/img/login-bg.png | HTTP/1.1 |
| 1 | GET | /assets/js/bots.js | HTTP/1.1 |
| 1 | GET | /assets/js/clips.js | HTTP/1.1 |
| 1 | GET | /auth | HTTP/1.1 |
| 1 | GET | /auth.php | HTTP/1.1 |
| 1 | GET | /back.css | HTTP/1.1 |
| 1 | GET | /bins.php | HTTP/1.1 |
| 1 | GET | /bots | HTTP/1.1 |
| 1 | GET | /ca.php?m=4F5441744D6B49744D7A51744D7A55744D7A59744F44553D&h=437 | HTTP/1.1 |
| 1 | GET | /cfg.txt | HTTP/1.1 |
| 1 | GET | /config.json | HTTP/1.1 |
| 2 | GET | /config.php | HTTP/1.1 |
| 1 | GET | /connect_meta.php | HTTP/1.1 |
| 1 | GET | /cp.php | HTTP/1.1 |
| 1 | GET | /cron.php | HTTP/1.1 |
| 1 | GET | /css | HTTP/1.1 |
| 1 | GET | /css/ | HTTP/1.1 |
| 1 | GET | /css/menu.css | HTTP/1.1 |
| 1 | GET | /css/style.css | HTTP/1.1 |
| 1 | GET | /css/table_view.css | HTTP/1.1 |
| 1 | GET | /data/login.css | HTTP/1.1 |
| 1 | GET | /dl/phpinfos.php | HTTP/1.1 |
| 1 | GET | /drops | HTTP/1.1 |
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /.env.backup | HTTP/1.1 |
| 1 | GET | /.env | HTTP/1.1 |
| 1 | GET | /e.php | HTTP/1.1 |
| 1 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | /fre.php | HTTP/1.1 |
| 1 | GET | /functions.php | HTTP/1.1 |
| 1 | GET | /gate.php | HTTP/1.1 |
| 1 | GET | /gate.php/ | HTTP/1.1 |
| 1 | GET | /gateway.php | HTTP/1.1 |
| 1 | GET | /graphics/banner.png | HTTP/1.1 |
| 1 | GET | /home.php | HTTP/1.1 |
| 1 | GET | /html/cookiesconverter.html | HTTP/1.1 |
| 1 | GET | /html/login.html | HTTP/1.1 |
| 1 | GET | /html/menu.html | HTTP/1.1 |
| 1 | GET | /html/passwords.html | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | /html/reports.html | HTTP/1.1 |
| 2 | GET | http://169[.]254[.]169[.]254/ | HTTP/1.1 |
| 2 | GET | http://169[.]254[.]169[.]254/latest/dynamic/instance-identity/document | HTTP/1.1 |
| 2 | GET | http://example[.]com/ | HTTP/1.1 |
| 2 | GET | http://[::ffff:a9fe:a9fe]/ | HTTP/1.1 |
| 2 | GET | http://[::ffff:a9fe:a9fe]/latest/dynamic/instance-identity/document | HTTP/1.1 |
| 1 | GET | /images/favicon.ico | HTTP/1.1 |
| 1 | GET | /images/favicon.png | HTTP/1.1 |
| 1 | GET | /images/ | HTTP/1.1 |
| 1 | GET | /images/logo.gif | HTTP/1.1 |
| 2 | GET | /img/banners | HTTP/1.1 |
| 1 | GET | /img/cfg.png | HTTP/1.1 |
| 1 | GET | /img/filter_minus.png | HTTP/1.1 |
| 1 | GET | /img/filter_plus.png | HTTP/1.1 |
| 1 | GET | /img/flags/catalonia.png | HTTP/1.1 |
| 1 | GET | /img/flags/europeanunion.png | HTTP/1.1 |
| 1 | GET | /img/header_logo.png | HTTP/1.1 |
| 3 | GET | /img | HTTP/1.1 |
| 1 | GET | /img/ | HTTP/1.1 |
| 4 | GET | /img/logo.png | HTTP/1.1 |
| 1 | GET | /img/softs/GoogleChrome.png | HTTP/1.1 |
| 1 | GET | /img/st.png | HTTP/1.1 |
| 1 | GET | /img/win/10.0.png | HTTP/1.1 |
| 1 | GET | /includes/commands.php | HTTP/1.1 |
| 1 | GET | /includes/commands.php/ | HTTP/1.1 |
| 1 | GET | /includes/database.php | HTTP/1.1 |
| 1 | GET | /includes/database.php/ | HTTP/1.1 |
| 1 | GET | /includes/design/images/favicon.ico | HTTP/1.1 |
| 1 | GET | /includes | HTTP/1.1 |
| 1 | GET | /includes/ | HTTP/1.1 |
| 2 | GET | /index.html | HTTP/1.1 |
| 1 | GET | /index.php?99=1 | HTTP/1.1 |
| 7 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /index.php?module=statistics | HTTP/1.1 |
| 2 | GET | /indexu.php | HTTP/1.1 |
| 1 | GET | /info/dump.sql | HTTP/1.1 |
| 1 | GET | /js/base64.js | HTTP/1.1 |
| 1 | GET | /js/snippets.js | HTTP/1.1 |
| 1 | GET | /k.php | HTTP/1.1 |
| 4 | GET | /latest/dynamic/instance-identity/document | HTTP/1.1 |
| 1 | GET | /lib | HTTP/1.1 |
| 1 | GET | /lib/ | HTTP/1.1 |
| 2 | GET | /login | HTTP/1.1 |
| 1 | GET | /../login.php | HTTP/1.1 |
| 16 | GET | /login.php | HTTP/1.1 |
| 1 | GET | /login.php?op=login | HTTP/1.1 |
| 1 | GET | /logout.php | HTTP/1.1 |
| 1 | GET | /modules/bin/bin.bin | HTTP/1.1 |
| 1 | GET | /modules/sxgeo/SxGeo.dat | HTTP/1.1 |
| 1 | GET | /modules/tabgeo_country_v4/tabgeo_country_v4.dat | HTTP/1.1 |
| 1 | GET | /msvcp140.dll | HTTP/1.1 |
| 1 | GET | /o1o/a10.php | HTTP/1.1 |
| 1 | GET | /pages/passwords.php | HTTP/1.1 |
| 1 | GET | /pages/webcams.php | HTTP/1.1 |
| 1 | GET | /panel/login.php | HTTP/1.1 |
| 1 | GET | /path/index.php | HTTP/1.1 |
| 1 | GET | /ping | HTTP/1.1 |
| 1 | GET | /post/echo | HTTP/1.1 |
| 1 | GET | /post.php | HTTP/1.1 |
| 1 | GET | /project.php | HTTP/1.1 |
| 1 | GET | /public | HTTP/1.1 |
| 1 | GET | /public/ | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /rbody320 | HTTP/1.1 |
| 1 | GET | /resources/images/ifpigscouldfly.ym | HTTP/1.1 |
| 1 | GET | /resources/scripts/DD_belatedPNG_0.0.7a.js | HTTP/1.1 |
| 1 | GET | /run.php | HTTP/1.1 |
| 1 | GET | /settings | HTTP/1.1 |
| 1 | GET | /s.php | HTTP/1.1 |
| 1 | GET | /statistics.php | HTTP/1.1 |
| 1 | GET | /statistics.php/ | HTTP/1.1 |
| 1 | GET | /stats.php | HTTP/1.1 |
| 1 | GET | /style.css | HTTP/1.1 |
| 1 | GET | /tasks.php | HTTP/1.1 |
| 2 | GET | /theme/header.html | HTTP/1.1 |
| 1 | GET | /theme/images/back-all.jpg | HTTP/1.1 |
| 1 | GET | /theme/menu.html | HTTP/1.1 |
| 1 | GET | /theme/popupmenu.js | HTTP/1.1 |
| 1 | GET | /theme/stat.js | HTTP/1.1 |
| 2 | GET | /theme/style.css | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /tmp | HTTP/1.1 |
| 1 | GET | /tmp/ | HTTP/1.1 |
| 1 | GET | /tmp/logs | HTTP/1.1 |
| 1 | GET | /tmp/logs/ | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 3 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /ufr.php | HTTP/1.1 |
| 1 | GET | /uploads | HTTP/1.1 |
| 1 | GET | /uploads/ | HTTP/1.1 |
| 1 | GET | /vendor | HTTP/1.1 |
| 1 | GET | /vendor/ | HTTP/1.1 |
| 1 | GET | /wp-login.php | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 2 | POST | /editBlackAndWhiteList | HTTP/1.1 |
| 1 | POST | /gate.php | HTTP/1.1 |
| 2 | POST | /index.php | HTTP/1.1 |
| 1 | POST | /index.php?m=vod-search | HTTP/1.1 |
| 1 | POST | /main.php | HTTP/1.1 |
| 1 | POST | /submit.php | HTTP/1.1 |
| 1 | POST | /tasks.php | HTTP/1.1 |
| 2 | \x03 | ||
| 10 | \x16\x03\x01 |
Region:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 10 | 112.29.140.222 | China |
| 5 | 173.212.247.228 | Germany |
| 2 | 198.108.67.80 | United States |
| 1 | 41.216.186.89 | South Africa |
| 1 | 45.33.5.240 | United States |
| 1 | 47.111.5.207 | China |
| 1 | 73.166.254.108 | United States |
| 1 | 77.247.110.54 | Netherlands |
| 1 | 92.53.65.22 | Russia |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 6 | - |
| 1 | ApiTool |
| 1 | Go-http-client/1.1 |
| 5 | libwww-perl/6.39 |
| 10 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | |||
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /grandstream | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 | HTTP/1.1 |
| 1 | GET | /p | HTTP/1.1 |
| 1 | GET | /Polycom | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 2 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /yealink | HTTP/1.1 |
| 1 | GET | /y | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 1 | POST | /editBlackAndWhiteList | HTTP/1.1 |
| 1 | POST | /index.php?s=captcha | HTTP/1.1 |
| 2 | \x03 | ||
| 2 | \x16\x03\x01 |
Region:EU
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 198.108.67.80 | United States |
| 1 | 209.236.50.12 | Jamaica |
| 1 | 41.216.186.89 | South Africa |
| 1 | 45.33.5.240 | United States |
| 1 | 77.247.110.63 | Netherlands |
| 1 | 92.53.65.22 | Russia |
| 1 | 93.148.232.149 | Italy |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 5 | - |
| 1 | ApiTool |
| 1 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | |||
| 1 | GET | /phpmyadmin/ | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 1 | POST | /editBlackAndWhiteList | HTTP/1.1 |
| 2 | \x03 | ||
| 1 | \x16\x03\x01 |
