ハニーポット(仮) 観測記録 2019/11/20分です。
特徴
Region:AP
Shenzhen TVT製品の脆弱性を狙うアクセス
クラウド環境のメタデータ情報を狙うアクセス
phpMyAdminに対するスキャン行為
AWS Security Scannerによるスキャン行為
Nmap Scripting Engineによるスキャン行為
18[.]179[.]20[.]5に関する不正通信
を確認しました。
Region:US
Shenzhen TVT製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
を確認しました。
Region:EU
Shenzhen TVT製品の脆弱性を狙うアクセス
ThinkPHPに対するアクセス
を確認しました。
他
アクセス数推移
AP:総アクセス数:121 (前日比:+64)
US:総アクセス数:68 (前日比:-172)
EU:総アクセス数:15 (前日比:-1)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 7 | 112.126.96.97 | China |
| 1 | 118.99.179.188 | Taiwan |
| 5 | 124.109.28.123 | Thailand |
| 5 | 129.213.147.137 | United States |
| 5 | 129.213.95.149 | United States |
| 2 | 130.211.254.102 | United States |
| 5 | 130.35.242.181 | United States |
| 5 | 130.61.51.26 | United States |
| 5 | 132.145.193.203 | United States |
| 1 | 185.222.211.18 | United Kingdom |
| 5 | 188.40.33.78 | Germany |
| 5 | 200.29.0.33 | Chile |
| 5 | 203.211.143.85 | Singapore |
| 5 | 218.44.49.245 | Japan |
| 1 | 220.135.85.244 | Taiwan |
| 1 | 23.94.43.107 | United States |
| 6 | 27.115.124.6 | China |
| 6 | 27.115.124.70 | China |
| 5 | 41.193.5.44 | South Africa |
| 5 | 43.225.34.254 | Australia |
| 34 | 44.224.22.196 | United States |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 85.14.245.149 | Germany |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 32 | - |
| 2 | ApiTool |
| 14 | AWS Security Scanner |
| 4 | Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html) |
| 60 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0 |
| 7 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 2 | python-requests/2.22.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 10 | CONNECT | 18[.]179[.]20[.]5:80 | HTTP/1.0 |
| 1 | GET | /axis2-admin | HTTP/1.1 |
| 1 | GET | /axis2/axis2-admin | HTTP/1.1 |
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /evox/about | HTTP/1.1 |
| 1 | GET | /HNAP1 | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 2 | GET | http://169[.]254[.]169[.]254/ | HTTP/1.1 |
| 2 | GET | http://169[.]254[.]169[.]254/latest/dynamic/instance-identity/document | HTTP/1.1 |
| 2 | GET | http://example[.]com/ | HTTP/1.1 |
| 2 | GET | http://[::ffff:a9fe:a9fe]/ | HTTP/1.1 |
| 2 | GET | http://[::ffff:a9fe:a9fe]/latest/dynamic/instance-identity/document | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 4 | GET | /latest/dynamic/instance-identity/document | HTTP/1.1 |
| 12 | GET | /login.action | HTTP/1.1 |
| 12 | GET | /login?from=%2F | HTTP/1.1 |
| 1 | GET | /nmaplowercheck1574186223 | HTTP/1.1 |
| 12 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 12 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 12 | GET | /sadad24 | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 2 | POST | /editBlackAndWhiteList | HTTP/1.1 |
| 1 | POST | /sdk | HTTP/1.1 |
| 2 | \x03 | ||
| 10 | \x16\x03\x01 | ||
| 8 | \x16\x03\x01\x02 |
Region:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 118.163.166.84 | Taiwan |
| 5 | 130.61.231.93 | United States |
| 5 | 130.61.32.66 | United States |
| 10 | 130.61.56.210 | United States |
| 5 | 132.145.34.57 | United States |
| 1 | 180.252.180.254 | Indonesia |
| 1 | 185.172.110.221 | Netherlands |
| 5 | 196.32.226.77 | Kenya |
| 5 | 210.72.89.13 | China |
| 1 | 23.94.43.107 | United States |
| 5 | 3.130.4.179 | United States |
| 5 | 3.86.228.213 | United States |
| 5 | 41.193.5.44 | South Africa |
| 2 | 49.51.161.183 | China |
| 10 | 51.83.234.53 | France |
| 2 | 61.219.11.153 | Taiwan |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 6 | - |
| 1 | ApiTool |
| 2 | Go-http-client/1.1 |
| 1 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) |
| 40 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0 |
| 18 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | |||
| 2 | - | ||
| 2 | GET | /elrekt.php | HTTP/1.1 |
| 2 | GET | /html/public/index.php | HTTP/1.1 |
| 4 | GET | /index.php | HTTP/1.1 |
| 2 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 | HTTP/1.1 |
| 8 | GET | /login.action | HTTP/1.1 |
| 8 | GET | /login?from=%2F | HTTP/1.1 |
| 8 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 8 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
| 2 | GET | /public/index.php | HTTP/1.1 |
| 8 | GET | /sadad24 | HTTP/1.1 |
| 2 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 2 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 2 | GET | /TP/index.php | HTTP/1.1 |
| 2 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | POST | /editBlackAndWhiteList | HTTP/1.1 |
| 2 | POST | /index.php?s=captcha | HTTP/1.1 |
| 2 | \x16\x03\x01 |
Region:EU
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 8 | 106.12.241.158 | China |
| 3 | 132.145.49.115 | United States |
| 1 | 185.172.110.221 | Netherlands |
| 1 | 216.10.217.44 | Jamaica |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 71.183.32.186 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 2 | - |
| 2 | ApiTool |
| 3 | Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) |
| 8 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | |||
| 1 | - | ||
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 4 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 2 | POST | /editBlackAndWhiteList | HTTP/1.1 |
