ハニーポット(仮) 観測記録 2019/11/27分です。
特徴
Region:AP
クラウド環境のメタデータ情報を狙うアクセス
AWS Security Scannerによるスキャン行為
ZmEuによるスキャン行為
phpMyAdminに対するスキャン行為
18[.]179[.]20[.]5に関する不正通信
を確認しました。
Region:US
Shenzhen TVT製品の脆弱性を狙うアクセス
を確認しました。
Region:EU
Shenzhen TVT製品の脆弱性を狙うアクセス
を確認しました。
他
アクセス数推移
AP:総アクセス数:169 (前日比:+79)
US:総アクセス数:3 (前日比:-118)
EU:総アクセス数:4 (前日比:-15)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Region:AP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 8 | 106.12.89.121 | China |
| 5 | 106.13.190.144 | China |
| 9 | 107.173.35.203 | United States |
| 9 | 114.116.112.169 | China |
| 9 | 118.24.157.162 | China |
| 9 | 129.213.129.5 | United States |
| 9 | 130.61.61.147 | United States |
| 9 | 130.61.73.237 | United States |
| 9 | 132.145.27.239 | United States |
| 9 | 168.243.91.19 | El Salvador |
| 1 | 189.205.185.22 | Mexico |
| 9 | 198.12.101.64 | United States |
| 1 | 211.38.144.230 | South Korea |
| 6 | 223.112.190.70 | China |
| 9 | 23.96.19.87 | United States |
| 17 | 44.224.22.196 | United States |
| 17 | 44.225.84.206 | United States |
| 1 | 47.94.12.231 | China |
| 9 | 59.45.237.18 | China |
| 9 | 60.191.32.71 | China |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 73.107.186.124 | United States |
| 1 | 83.97.20.196 | Romania |
| 2 | 94.102.49.193 | Netherlands |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 23 | - |
| 2 | ApiTool |
| 14 | AWS Security Scanner |
| 1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
| 1 | 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.2 Safari/605.1.15' |
| 122 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0 |
| 6 | ZmEu |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 10 | CONNECT | 18[.]179[.]20[.]5:80 | HTTP/1.0 |
| 2 | GET | http://169[.]254[.]169[.]254/ | HTTP/1.1 |
| 2 | GET | http://169[.]254[.]169[.]254/latest/dynamic/instance-identity/document | HTTP/1.1 |
| 2 | GET | http://example[.]com/ | HTTP/1.1 |
| 2 | GET | http://[::ffff:a9fe:a9fe]/ | HTTP/1.1 |
| 2 | GET | http://[::ffff:a9fe:a9fe]/latest/dynamic/instance-identity/document | HTTP/1.1 |
| 1 | GET | /imgs/ms_check_license | HTTP/1.1 |
| 12 | GET | /imp/test.php | HTTP/1.1 |
| 4 | GET | /latest/dynamic/instance-identity/document | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 14 | GET | /myadmin/scripts/setup.php | HTTP/1.1 |
| 15 | GET | /MyAdmin/scripts/setup.php | HTTP/1.1 |
| 14 | GET | /mysql/scripts/setup.php | HTTP/1.1 |
| 13 | GET | /_phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 14 | GET | /phpmyadmin/scripts/_setup.php | HTTP/1.1 |
| 1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
| 13 | GET | /phpmyadmin/setup.php | HTTP/1.1 |
| 15 | GET | /pma/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 15 | GET | /scripts/setup.php | HTTP/1.1 |
| 1 | GET | /sitemap.xml | HTTP/1.1 |
| 1 | GET | /w00tw00t.at.blackhats.romanian.anti-sec:) | HTTP/1.1 |
| 2 | POST | /editBlackAndWhiteList | HTTP/1.1 |
| 10 | \x16\x03\x01 |
Region:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 45.143.220.48 | Netherlands |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 96.92.21.97 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 1 | - |
| 1 | ApiTool |
| 1 | Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | GET | /HNAP1/ | HTTP/1.1 |
| 1 | POST | /editBlackAndWhiteList | HTTP/1.1 |
Region:EU
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 122.254.38.185 | Taiwan |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 66.175.220.225 | United States |
| 1 | 66.240.205.34 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 2 | - |
| 1 | ApiTool |
| 1 | curl/7.29.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | Gh0st\xad | ||
| 1 | HEAD | / | HTTP/1.1 |
| 1 | POST | /editBlackAndWhiteList | HTTP/1.1 |
