ハニーポット(仮) 観測記録 2019/11/14分です。
特徴
Region:AP
クラウド環境のメタデータ情報を狙うアクセス
AWS Security Scannerによるスキャン行為
18[.]179[.]20[.]5に関する不正通信
5[.]188[.]210[.]101に関する不正通信
を確認しました。
Region:US
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
を確認しました。
Region:EU
JBossの脆弱性(CVE-2017-12149)を狙うアクセス
Gh0stRATのような動き
を確認しました。
他
アクセス数推移
AP:総アクセス数:58 (前日比:0)
US:総アクセス数:25 (前日比:-33)
EU:総アクセス数:9 (前日比:-902)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 104.155.59.78 | United States |
8 | 112.29.140.223 | China |
1 | 121.7.25.205 | Singapore |
1 | 177.125.43.25 | Brazil |
1 | 41.216.186.89 | South Africa |
34 | 44.225.84.206 | United States |
8 | 49.233.47.47 | China |
1 | 5.188.210.101 | Russia |
1 | 61.219.11.153 | Taiwan |
1 | 77.247.109.38 | Netherlands |
1 | 79.237.244.237 | Germany |
UserAgent一覧
件数 | UserAgent |
---|---|
27 | - |
14 | AWS Security Scanner |
1 | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
16 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
2 | - | ||
10 | CONNECT | 18[.]179[.]20[.]5:80 | HTTP/1.0 |
2 | GET | /elrekt.php | HTTP/1.1 |
2 | GET | /html/public/index.php | HTTP/1.1 |
2 | GET | http://169[.]254[.]169[.]254/ | HTTP/1.1 |
2 | GET | http://169[.]254[.]169[.]254/latest/dynamic/instance-identity/document | HTTP/1.1 |
1 | GET | http://5[.]188[.]210[.]101/echo.php | HTTP/1.1 |
2 | GET | http://example[.]com/ | HTTP/1.1 |
2 | GET | http://[::ffff:a9fe:a9fe]/ | HTTP/1.1 |
2 | GET | http://[::ffff:a9fe:a9fe]/latest/dynamic/instance-identity/document | HTTP/1.1 |
2 | GET | /index.php | HTTP/1.1 |
4 | GET | /latest/dynamic/instance-identity/document | HTTP/1.1 |
2 | GET | /public/index.php | HTTP/1.1 |
2 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
2 | GET | /TP/html/public/index.php | HTTP/1.1 |
2 | GET | /TP/index.php | HTTP/1.1 |
2 | GET | /TP/public/index.php | HTTP/1.1 |
2 | GET | /v1/agent/self | HTTP/1.1\n |
1 | HEAD | /robots.txt | HTTP/1.0 |
1 | OPTIONS | / | HTTP/1.0 |
1 | \x03 | ||
10 | \x16\x03\x01 |
Region:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
10 | 120.132.18.160 | China |
6 | 34.70.61.82 | United States |
1 | 35.225.212.198 | United States |
1 | 41.216.186.89 | South Africa |
2 | 61.219.11.153 | Taiwan |
4 | 71.6.167.142 | United States |
1 | 93.223.184.220 | Germany |
UserAgent一覧
件数 | UserAgent |
---|---|
14 | - |
1 | Go-http-client/1.1 |
9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
1 | python-requests/2.10.0 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
2 | - | ||
1 | GET | /elrekt.php | HTTP/1.1 |
1 | GET | /favicon.ico | HTTP/1.1 |
1 | GET | /html/public/index.php | HTTP/1.1 |
1 | GET | /index.php | HTTP/1.1 |
1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 | HTTP/1.1 |
1 | GET | /muieblackcat | HTTP/1.1 |
1 | GET | //myadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | //MyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | //phpmyadmin/scripts/setup.php | HTTP/1.1 |
1 | GET | //phpMyAdmin/scripts/setup.php | HTTP/1.1 |
1 | GET | //pma/scripts/setup.php | HTTP/1.1 |
1 | GET | /public/index.php | HTTP/1.1 |
1 | GET | /robots.txt | HTTP/1.1 |
1 | GET | /sitemap.xml | HTTP/1.1 |
1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/index.php | HTTP/1.1 |
1 | GET | /TP/public/index.php | HTTP/1.1 |
1 | GET | /v1/agent/self | HTTP/1.1 |
1 | GET | /.well-known/security.txt | HTTP/1.1 |
1 | OPTIONS | / | HTTP/1.0 |
1 | POST | /index.php?s=captcha | HTTP/1.1 |
1 | \x03 |
Region:EU
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 104.196.0.126 | United States |
2 | 132.145.49.115 | United States |
1 | 198.23.223.139 | United States |
1 | 41.216.186.89 | South Africa |
2 | 61.219.11.153 | Taiwan |
1 | 66.240.205.34 | United States |
1 | 77.247.109.38 | Netherlands |
UserAgent一覧
件数 | UserAgent |
---|---|
7 | - |
2 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
2 | - | ||
2 | GET | /index.php | HTTP/1.1 |
1 | Gh0st\xad | ||
1 | HEAD | /robots.txt | HTTP/1.0 |
1 | OPTIONS | / | HTTP/1.0 |
1 | POST | /invoker/readonly | HTTP/1.1 |
1 | \x03 |