ハニーポット(仮) 観測記録 2020/07/02分です。
特徴
Location:JP
ThinkPHPの脆弱性を狙うアクセス
クラウド環境のメタデータ情報を狙うアクセス
AWS Security Scannerによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
18[.]179[.]20[.]5に関する不正通信
を確認しました。
Location:US
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
Apache Solrへのスキャン行為
phpMyAdminへのスキャン行為
を確認しました。
Location:UK
DrayTek製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
polaris botnetによるスキャン行為
XTCによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
を確認しました。
Location:SG
DrayTek製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
XTCによるスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
を確認しました。
他
アクセス数推移
JP:総アクセス数:91 (前日比:+27)
US:総アクセス数:177 (前日比:+115)
UK:総アクセス数:59 (前日比:+22)
SG:総アクセス数:38 (前日比:+14)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 34 | 44.225.84.206 | United States |
| 1 | 45.9.148.194 | Netherlands |
| 1 | 45.183.35.3 | Brazil |
| 1 | 47.75.214.153 | United States |
| 10 | 49.233.34.9 | China |
| 1 | 52.53.222.38 | United States |
| 1 | 80.82.68.116 | Netherlands |
| 1 | 83.212.113.127 | Greece |
| 1 | 103.13.244.210 | China |
| 1 | 103.127.187.33 | India |
| 1 | 109.123.155.88 | Russia |
| 1 | 114.33.191.174 | Taiwan |
| 1 | 115.96.158.200 | India |
| 1 | 124.253.84.229 | India |
| 1 | 129.144.3.79 | United States |
| 1 | 129.144.61.1 | United States |
| 1 | 129.144.186.118 | United States |
| 1 | 129.158.107.184 | United States |
| 1 | 130.61.9.207 | United States |
| 1 | 132.145.128.109 | United States |
| 1 | 140.86.12.202 | Sweden |
| 1 | 150.107.73.71 | Australia |
| 10 | 152.136.137.67 | China |
| 1 | 170.238.159.192 | Brazil |
| 1 | 171.67.71.93 | United States |
| 1 | 173.212.247.35 | Germany |
| 1 | 192.241.224.111 | United States |
| 1 | 194.8.150.130 | France |
| 9 | 195.54.160.135 | Russia |
| 1 | 202.83.55.92 | India |
| 1 | 213.203.141.215 | Italy |
| 1 | 217.127.105.21 | Spain |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 44 | - |
| 14 | AWS Security Scanner |
| 2 | Go-http-client/1.1 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15 |
| 9 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 18 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 1 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36 |
| 1 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | - | ||
| 27 | \x16\x03\x01 | ||
| 10 | CONNECT | 18[.]179[.]20[.]5:80 | HTTP/1.0 |
| 2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 2 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 2 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 2 | GET | /TP/index.php | HTTP/1.1 |
| 2 | GET | /TP/public/index.php | HTTP/1.1 |
| 6 | GET | /admin/login.asp | HTTP/1.1 |
| 1 | GET | /adminer/adminer.php | HTTP/1.1 |
| 2 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /favicon.ico | HTTP/1.1 |
| 2 | GET | /html/public/index.php | HTTP/1.1 |
| 2 | GET | /index.php | HTTP/1.1 |
| 2 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
| 2 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 4 | GET | /latest/dynamic/instance-identity/document | HTTP/1.1 |
| 1 | GET | /portal/redlion | HTTP/1.1 |
| 2 | GET | /public/index.php | HTTP/1.1 |
| 2 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 2 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 2 | GET | http://[::ffff:a9fe:a9fe]/ | HTTP/1.1 |
| 2 | GET | http://[::ffff:a9fe:a9fe]/latest/dynamic/instance-identity/document | HTTP/1.1 |
| 2 | GET | http[:]//169[.]254[.]169[.]254/ | HTTP/1.1 |
| 2 | GET | http[:]//169[.]254[.]169[.]254/latest/dynamic/instance-identity/document | HTTP/1.1 |
| 2 | GET | http[:]//example[.]com/ | HTTP/1.1 |
| 1 | OPTIONS | / | HTTP/1.1 |
| 1 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 2 | POST | /index.php?s=captcha | HTTP/1.1 |
Location:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 101 | 2.192.192.235 | Italy |
| 1 | 42.115.12.136 | Cambodia |
| 1 | 42.115.42.225 | Cambodia |
| 1 | 42.115.92.157 | Cambodia |
| 1 | 45.201.130.234 | Cambodia |
| 1 | 45.201.171.72 | Cambodia |
| 10 | 49.233.63.73 | China |
| 1 | 54.70.147.160 | United States |
| 1 | 54.219.252.241 | United States |
| 2 | 59.127.180.207 | Taiwan |
| 4 | 80.82.77.33 | Netherlands |
| 1 | 85.14.55.72 | Bulgaria |
| 1 | 87.121.109.102 | Bulgaria |
| 1 | 101.53.142.43 | India |
| 1 | 103.78.15.174 | India |
| 1 | 103.115.130.107 | India |
| 1 | 103.126.62.42 | India |
| 1 | 103.245.116.62 | India |
| 1 | 104.236.247.64 | United States |
| 1 | 117.194.242.90 | India |
| 1 | 117.207.34.229 | India |
| 1 | 117.207.243.187 | India |
| 5 | 122.51.105.2 | China |
| 1 | 124.70.155.61 | China |
| 1 | 129.146.52.7 | United States |
| 1 | 129.150.85.147 | United States |
| 1 | 129.150.97.201 | United States |
| 1 | 129.158.107.182 | United States |
| 1 | 129.191.18.17 | United States |
| 1 | 130.61.218.121 | United States |
| 10 | 139.205.177.87 | China |
| 1 | 160.34.6.55 | United States |
| 1 | 162.243.133.69 | United States |
| 1 | 171.67.71.93 | United States |
| 1 | 187.120.147.19 | Brazil |
| 1 | 188.165.194.136 | France |
| 12 | 195.54.160.135 | Russia |
| 1 | 197.254.119.94 | Kenya |
| 1 | 199.66.90.177 | Canada |
| 1 | 221.226.62.146 | China |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 36 | - |
| 1 | Go-http-client/1.1 |
| 10 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; KB974488) |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 |
| 101 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
| 12 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 14 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 1 | Mozilla/5.0 zgrab/0.x |
| 1 | python-requests/2.23.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | - | ||
| 16 | \x16\x03\x01 | ||
| 1 | GET | /.well-known/security.txt | HTTP/1.1 |
| 2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 2 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /EIMSII/assets/bundle/commons.js | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 2 | GET | /TP/index.php | HTTP/1.1 |
| 2 | GET | /TP/public/index.php | HTTP/1.1 |
| 15 | GET | /admin/login.asp | HTTP/1.1 |
| 1 | GET | /app/lan/BeforeLoginCn.js | HTTP/1.1 |
| 1 | GET | /chs/js/lang_zh_tw.js | HTTP/1.1 |
| 1 | GET | /cn.gzjs | HTTP/1.1 |
| 1 | GET | /eims3/assets/bundle/commons.js | HTTP/1.1 |
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /erm/help/how_to_getstarted.html | HTTP/1.1 |
| 1 | GET | /etms/assets/bundle/commons.js | HTTP/1.1 |
| 1 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | /goip/cron.htm | HTTP/1.1 |
| 2 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | /index.html?findcli=-1 | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 2 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
| 1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 101 | GET | /phpmyadmin/ | HTTP/1.1 |
| 1 | GET | /portal/redlion | HTTP/1.1 |
| 2 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /sitemap.xml | HTTP/1.1 |
| 1 | GET | /smb_scheduler/cdr.htm | HTTP/1.1 |
| 2 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 2 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 2 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | OPTIONS | / | HTTP/1.1 |
| 1 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 1 | POST | /index.php?s=captcha | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
Location:UK
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 42.115.68.25 | Cambodia |
| 1 | 45.125.46.231 | China |
| 1 | 45.201.130.155 | Cambodia |
| 1 | 45.201.171.78 | Cambodia |
| 1 | 47.99.131.175 | China |
| 1 | 47.244.0.10 | United States |
| 1 | 51.141.35.106 | United Kingdom |
| 1 | 54.187.93.172 | United States |
| 4 | 71.6.146.185 | United States |
| 1 | 74.102.39.43 | United States |
| 1 | 89.144.47.17 | Germany |
| 1 | 89.234.228.187 | Poland |
| 1 | 94.102.56.151 | Netherlands |
| 1 | 103.66.14.49 | India |
| 1 | 103.78.46.248 | India |
| 1 | 103.80.34.14 | India |
| 1 | 103.83.154.140 | India |
| 1 | 103.84.129.94 | India |
| 1 | 103.149.194.12 | India |
| 10 | 106.13.77.137 | China |
| 1 | 115.96.108.226 | India |
| 1 | 117.247.89.249 | India |
| 1 | 123.206.24.182 | China |
| 1 | 129.146.52.7 | United States |
| 1 | 129.150.72.6 | United States |
| 1 | 129.158.107.182 | United States |
| 1 | 129.191.25.40 | United States |
| 1 | 137.116.64.137 | United States |
| 1 | 150.107.73.71 | Australia |
| 1 | 151.80.145.175 | Italy |
| 1 | 171.67.71.93 | United States |
| 1 | 177.67.9.93 | Brazil |
| 1 | 177.67.9.247 | Brazil |
| 1 | 191.243.210.38 | Brazil |
| 1 | 192.241.225.55 | United States |
| 10 | 195.54.160.135 | Russia |
| 1 | 206.248.172.128 | Canada |
| 1 | 211.38.144.230 | South Korea |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 33 | - |
| 1 | Go-http-client/1.1 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 |
| 10 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 9 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 1 | Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0) |
| 1 | Mozilla/5.0 zgrab/0.x |
| 1 | XTC |
| 1 | polaris botnet |
| 1 | python-requests/2.23.0 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | \x03 | ||
| 14 | \x16\x03\x01 | ||
| 1 | GET | /.well-known/security.txt | HTTP/1.1 |
| 2 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 2 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 15 | GET | /admin/login.asp | HTTP/1.1 |
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /favicon.ico | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | /hudson | HTTP/1.1 |
| 1 | GET | /index.php | HTTP/1.1 |
| 2 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP | HTTP/1.1 |
| 1 | GET | /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 | HTTP/1.1 |
| 1 | GET | /manager/html | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /sitemap.xml | HTTP/1.1 |
| 2 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | OPTIONS | / | HTTP/1.1 |
| 2 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 1 | POST | /boaform/admin/formPing | HTTP/1.1 |
| 1 | POST | /cgi-bin/mainfunction.cgi | HTTP/1.1 |
| 1 | POST | /index.php?s=captcha | HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 34.244.88.94 | United States |
| 1 | 35.192.102.210 | United States |
| 1 | 42.115.62.136 | Cambodia |
| 1 | 42.115.113.219 | Cambodia |
| 1 | 42.115.115.233 | Cambodia |
| 1 | 47.190.3.185 | United States |
| 1 | 52.36.165.25 | United States |
| 1 | 61.76.166.94 | South Korea |
| 1 | 61.160.236.86 | China |
| 1 | 87.121.109.190 | Bulgaria |
| 1 | 92.222.64.195 | France |
| 1 | 103.242.236.222 | India |
| 1 | 109.123.155.88 | Russia |
| 1 | 117.194.242.89 | India |
| 1 | 129.144.51.59 | United States |
| 1 | 129.144.62.179 | United States |
| 1 | 129.144.162.23 | United States |
| 1 | 129.149.194.105 | United States |
| 1 | 138.204.70.247 | Brazil |
| 1 | 144.21.64.72 | Sweden |
| 1 | 144.22.95.234 | Brazil |
| 1 | 158.101.174.249 | United States |
| 1 | 160.34.8.163 | United States |
| 1 | 162.243.131.10 | United States |
| 1 | 171.67.71.93 | United States |
| 1 | 194.190.49.175 | Russia |
| 7 | 195.54.160.135 | Russia |
| 1 | 202.43.114.124 | Indonesia |
| 1 | 203.110.164.153 | China |
| 2 | 203.115.12.30 | Sri Lanka |
| 1 | 221.229.162.48 | China |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 28 | - |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 |
| 7 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 zgrab/0.x |
| 1 | XTC |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 21 | \x16\x03\x01 | ||
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm | HTTP/1.1 |
| 1 | GET | /?a=fetch&content= |
HTTP/1.1 |
| 7 | GET | /admin/login.asp | HTTP/1.1 |
| 1 | GET | /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP | HTTP/1.1 |
| 1 | GET | /portal/redlion | HTTP/1.1 |
| 1 | GET | /solr/admin/info/system?wt=json | HTTP/1.1 |
| 1 | GET | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
| 1 | OPTIONS | / | HTTP/1.1 |
| 1 | POST | /api/jsonws/invoke | HTTP/1.1 |
| 1 | POST | /cgi-bin/mainfunction.cgi | HTTP/1.1 |
| 1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php | HTTP/1.1 |
