ハニーポット(仮) 観測記録 2022/12/14分です。
特徴
共通
GPONルータの脆弱性を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
Telerik UIの脆弱性(CVE-2019-18935)を狙うアクセス
zgrabによるスキャン行為
/.envへのスキャン行為
Apache Tomcatへのスキャン行為
Location:JP
D-link製品の脆弱性を狙うアクセス
CensysInspectによるスキャン行為
.jsへのスキャン行為
/.awsへのスキャン行為
/.gitへのスキャン行為
WordPressへのスキャン行為
を確認しました。
Location:US
CensysInspectによるスキャン行為
/.gitへのスキャン行為
を確認しました。
Location:UK
D-link製品の脆弱性を狙うアクセス
aiohttpによるスキャン行為
/.gitへのスキャン行為
phpMyAdminへのスキャン行為
を確認しました。
Location:SG
CensysInspectによるスキャン行為
/.gitへのスキャン行為
を確認しました。
他
アクセス数推移
JP:総アクセス数:100 (前日比:15)
US:総アクセス数:86 (前日比:-126)
UK:総アクセス数:104 (前日比:5)
SG:総アクセス数:76 (前日比:-136)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 10 | 3.239.100.229 | United States |
| 10 | 35.84.141.163 | United States |
| 4 | 45.79.172.21 | United States |
| 1 | 45.79.181.104 | United States |
| 1 | 45.79.181.223 | United States |
| 14 | 51.77.78.44 | France |
| 4 | 71.6.165.200 | United States |
| 1 | 84.21.172.128 | Bulgaria |
| 2 | 84.21.172.205 | Bulgaria |
| 7 | 95.214.235.205 | Ukraine |
| 1 | 101.32.209.199 | Singapore |
| 1 | 103.116.107.237 | Vietnam |
| 2 | 109.237.98.226 | Russia |
| 1 | 116.68.98.139 | India |
| 1 | 117.213.40.107 | India |
| 1 | 128.1.248.42 | United States |
| 16 | 135.125.244.48 | France |
| 1 | 143.198.181.245 | United States |
| 1 | 161.35.213.88 | United States |
| 1 | 167.248.133.119 | United States |
| 1 | 172.105.128.13 | United States |
| 2 | 178.128.82.227 | United States |
| 2 | 183.136.225.32 | China |
| 1 | 185.180.143.71 | Portugal |
| 7 | 185.254.196.115 | Ukraine |
| 1 | 192.241.194.38 | United States |
| 1 | 192.241.199.4 | United States |
| 1 | 192.241.205.211 | United States |
| 1 | 192.241.209.147 | United States |
| 1 | 198.199.96.229 | United States |
| 1 | 198.235.24.130 | United States |
| 1 | 198.235.24.135 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 20 | - |
| 9 | Mozilla/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0 |
| 5 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 |
| 14 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE |
| 36 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 3 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 1 | Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/) |
| 5 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | \x16\x03\x01\x01H\x01 |
||
| 14 | \x16\x03\x01 |
||
| 1 | GET | /.aws/credentials |
HTTP/1.1 |
| 1 | GET | /.env.bak |
HTTP/1.1 |
| 35 | GET | /.env |
HTTP/1.1 |
| 1 | GET | /.git/config |
HTTP/1.1 |
| 1 | GET | /.well-known/security.txt |
HTTP/1.1 |
| 1 | GET | /99vt |
HTTP/1.1 |
| 1 | GET | /99vu |
HTTP/1.1 |
| 1 | GET | /Telerik.Web.UI.WebResource.axd?type=rau |
HTTP/1.1 |
| 1 | GET | /_profiler/phpinfo |
HTTP/1.1 |
| 1 | GET | /aaaaaaaaaaaaaaaaaaaaaaaaaqr |
HTTP/1.1 |
| 1 | GET | /actuator/health |
HTTP/1.1 |
| 1 | GET | /admin/ |
HTTP/1.1 |
| 1 | GET | /aws.yml |
HTTP/1.1 |
| 1 | GET | /blog/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /boaform/admin/formLogin?username=ec8&psd=ec8 |
HTTP/1.0 |
| 1 | GET | /cms/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /config.js |
HTTP/1.1 |
| 1 | GET | /config/aws.yml |
HTTP/1.1 |
| 4 | GET | /favicon.ico |
HTTP/1.1 |
| 1 | GET | /hudson |
HTTP/1.1 |
| 1 | GET | /info.php |
HTTP/1.1 |
| 1 | GET | /manager/html |
HTTP/1.1 |
| 1 | GET | /manager/text/list |
HTTP/1.1 |
| 1 | GET | /news/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /phpinfo.php |
HTTP/1.1 |
| 1 | GET | /phpinfo |
HTTP/1.1 |
| 1 | GET | /portal/redlion |
HTTP/1.1 |
| 4 | GET | /robots.txt |
HTTP/1.1 |
| 1 | GET | /site/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /sitemap.xml |
HTTP/1.1 |
| 1 | GET | /sito/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /test/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /web/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /website/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /wordpress/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /wp/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /wp1/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /wp2/wp-includes/wlwmanifest.xml |
HTTP/1.1 |
| 1 | GET | /xmlrpc.php?rsd |
HTTP/1.1 |
| 1 | HEAD | /Core/Skin/Login.aspx |
HTTP/1.1 |
| 1 | POST | /HNAP1/ |
HTTP/1.0 |
| 3 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
Location:US
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 20.211.82.24 | United States |
| 2 | 45.33.80.243 | United States |
| 1 | 45.79.172.21 | United States |
| 2 | 45.79.181.104 | United States |
| 2 | 45.79.181.223 | United States |
| 24 | 54.37.79.75 | France |
| 1 | 63.250.60.249 | Israel |
| 1 | 64.62.197.42 | United States |
| 1 | 84.21.172.128 | Bulgaria |
| 2 | 84.21.172.205 | Bulgaria |
| 1 | 103.89.89.46 | Vietnam |
| 2 | 109.237.97.180 | Russia |
| 2 | 109.237.98.226 | Russia |
| 1 | 152.89.196.211 | Russia |
| 2 | 159.223.230.96 | United States |
| 2 | 162.142.125.8 | United States |
| 2 | 162.142.125.219 | United States |
| 2 | 167.94.138.44 | United States |
| 2 | 167.248.133.60 | United States |
| 1 | 172.104.11.4 | United States |
| 1 | 172.104.11.34 | United States |
| 1 | 172.104.11.51 | United States |
| 1 | 172.104.242.173 | United States |
| 2 | 172.105.128.12 | United States |
| 4 | 179.43.177.154 | Panama |
| 2 | 183.136.225.32 | China |
| 1 | 185.180.143.71 | Portugal |
| 9 | 185.254.196.223 | Ukraine |
| 1 | 192.155.90.118 | United States |
| 1 | 192.241.192.229 | United States |
| 1 | 192.241.196.109 | United States |
| 1 | 192.241.212.115 | United States |
| 1 | 193.118.53.194 | United States |
| 2 | 194.55.186.216 | Bulgaria |
| 1 | 195.133.20.253 | Czechia |
| 1 | 198.199.93.210 | United States |
| 1 | 198.199.95.88 | United States |
| 1 | 205.210.31.12 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 26 | - |
| 1 | Mozilla/5.0 (Linux; Android 12; Pixel 5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.61 Mobile Safari/537.36 |
| 1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 |
| 1 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE |
| 37 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 1 | Mozilla/5.0 (X11; NetBSD x86; en-us) AppleWebKit/666.6+ (KHTML, like Gecko) Chromium/20.0.0000.00 Chrome/20.0.0000.00 Safari/666.6+ |
| 5 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 4 | Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/) |
| 5 | Mozilla/5.0 zgrab/0.x |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | SSH-2.0-libssh2_1.10.0 |
||
| 2 | \x16\x03\x01\x01H\x01 |
||
| 18 | \x16\x03\x01 |
||
| 1 | \xba\xabd\xa1EZC\xdbM\x87\xee^\xfd\xbf\x159 |
X\xd4>\x12\x98\xc4<\xe0\x13\xcf | |
| 36 | GET | /.env |
HTTP/1.1 |
| 1 | GET | /.git/config |
HTTP/1.1 |
| 1 | GET | /ReportServer |
HTTP/1.1 |
| 1 | GET | /Telerik.Web.UI.WebResource.axd?type=rau |
HTTP/1.1 |
| 1 | GET | /_profiler/phpinfo |
HTTP/1.1 |
| 1 | GET | /actuator/health |
HTTP/1.1 |
| 1 | GET | /admin/ |
HTTP/1.1 |
| 1 | GET | /console/ |
HTTP/1.1 |
| 6 | GET | /favicon.ico |
HTTP/1.1 |
| 1 | GET | /hudson |
HTTP/1.1 |
| 1 | GET | /manager/html |
HTTP/1.1 |
| 1 | GET | /portal/redlion |
HTTP/1.1 |
| 1 | GET | /robots.txt |
HTTP/1.1 |
| 2 | GET | /wp-content/.git/config |
HTTP/1.1 |
| 5 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
| 4 | PRI | * |
HTTP/2.0 |
Location:UK
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 34.222.183.38 | United States |
| 1 | 35.87.66.237 | United States |
| 2 | 45.33.80.243 | United States |
| 1 | 45.79.128.205 | United States |
| 1 | 45.79.181.94 | United States |
| 1 | 45.79.181.251 | United States |
| 24 | 54.37.79.75 | France |
| 1 | 64.62.197.28 | United States |
| 4 | 66.175.213.4 | United States |
| 1 | 66.240.192.82 | United States |
| 2 | 84.21.172.128 | Bulgaria |
| 1 | 84.21.172.205 | Bulgaria |
| 4 | 90.151.171.106 | Russia |
| 6 | 90.151.171.108 | Russia |
| 1 | 92.255.85.173 | Hong Kong |
| 2 | 101.68.211.3 | China |
| 2 | 109.237.98.226 | Russia |
| 1 | 121.228.91.253 | China |
| 1 | 128.14.134.134 | United States |
| 2 | 152.89.196.211 | Russia |
| 1 | 172.104.11.34 | United States |
| 1 | 172.104.242.173 | United States |
| 1 | 172.105.128.11 | United States |
| 23 | 177.75.221.184 | Brazil |
| 2 | 183.136.225.32 | China |
| 1 | 185.180.143.6 | Portugal |
| 1 | 185.220.100.245 | Germany |
| 8 | 185.254.196.223 | Ukraine |
| 1 | 192.155.90.220 | United States |
| 1 | 192.241.196.221 | United States |
| 1 | 192.241.199.201 | United States |
| 1 | 192.241.209.91 | United States |
| 1 | 192.241.211.84 | United States |
| 1 | 194.55.186.216 | Bulgaria |
| 1 | 198.199.103.251 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 16 | - |
| 23 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; rv:104.0) Gecko/20100101 Firefox/104.0 |
| 1 | Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 |
| 4 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE |
| 10 | Mozilla/5.0 (Windows NT 6.1; rv:16.0) Gecko/20100101 Firefox/16.0 (+https[:]//best-proxies.ru/faq/#from) |
| 33 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 4 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 5 | Mozilla/5.0 zgrab/0.x |
| 1 | Python/3.11 aiohttp/3.8.3 |
| 2 | python-requests/2.25.1 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 1 | \x03 |
||
| 1 | \x16\x03\x01\x01H\x01 |
||
| 13 | \x16\x03\x01 |
||
| 1 | \xba\xabd\xa1EZC\xdbM\x87\xee^\xfd\xbf\x159 |
X\xd4>\x12\x98\xc4<\xe0\x13\xcf | |
| 1 | CONNECT | checkip[.]amazonaws[.]com:443 |
HTTP/1.1 |
| 4 | CONNECT | fingerprints[.]bablosoft[.]com:443 |
HTTP/1.1 |
| 33 | GET | /.env |
HTTP/1.1 |
| 2 | GET | /.git/config |
HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
| 1 | GET | /HNAP1/ |
HTTP/1.1 |
| 1 | GET | /ReportServer |
HTTP/1.1 |
| 1 | GET | /Telerik.Web.UI.WebResource.axd?type=rau |
HTTP/1.1 |
| 1 | GET | /actuator/health |
HTTP/1.1 |
| 1 | GET | /admin/ |
HTTP/1.1 |
| 1 | GET | /console/ |
HTTP/1.1 |
| 3 | GET | /favicon.ico |
HTTP/1.1 |
| 1 | GET | /manager/html |
HTTP/1.1 |
| 1 | GET | /manager/text/list |
HTTP/1.1 |
| 23 | GET | /phpmyadmin/ |
HTTP/1.1 |
| 1 | GET | /portal/redlion |
HTTP/1.1 |
| 2 | GET | /robots.txt |
HTTP/1.1 |
| 1 | GET | http[:]//checkip[.]amazonaws[.]com?Z72612114222Q1 |
HTTP/1.1 |
| 4 | GET | http[:]//fingerprints[.]bablosoft[.]com/ip?Z72612114222Q1 |
HTTP/1.1 |
| 1 | HEAD | /cdn-cgi/trace |
HTTP/1.1 |
| 4 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
Location:SG
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 3.249.106.62 | United States |
| 10 | 18.232.184.73 | United States |
| 1 | 20.55.53.144 | United States |
| 1 | 34.244.52.233 | United States |
| 1 | 45.79.172.21 | United States |
| 1 | 45.79.181.94 | United States |
| 1 | 45.79.181.223 | United States |
| 1 | 45.79.181.251 | United States |
| 25 | 51.79.29.48 | Canada |
| 1 | 54.170.225.64 | United States |
| 1 | 64.62.197.63 | United States |
| 1 | 66.175.213.4 | United States |
| 1 | 66.240.192.82 | United States |
| 2 | 84.21.172.128 | Bulgaria |
| 1 | 84.21.172.205 | Bulgaria |
| 1 | 128.14.141.34 | United States |
| 2 | 139.59.15.64 | Singapore |
| 2 | 152.89.196.211 | Russia |
| 2 | 157.230.125.162 | United States |
| 2 | 162.142.125.222 | United States |
| 2 | 170.64.145.25 | United States |
| 1 | 172.104.11.4 | United States |
| 1 | 172.104.11.34 | United States |
| 1 | 172.104.11.51 | United States |
| 3 | 172.105.128.13 | United States |
| 1 | 192.155.90.118 | United States |
| 1 | 192.241.201.18 | United States |
| 1 | 192.241.206.232 | United States |
| 4 | 194.55.186.216 | Bulgaria |
| 1 | 198.199.94.151 | United States |
| 1 | 205.210.31.46 | United States |
| 1 | 209.201.15.190 | United States |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 26 | - |
| 5 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36 |
| 1 | Mozilla/5.0 (Windows NT 10.0; rv:103.0) Gecko/20100101 Firefox/103.0 |
| 26 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
| 7 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
| 1 | Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/) |
| 3 | Mozilla/5.0 zgrab/0.x |
| 3 | python-requests/2.25.1 |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 25 | \x16\x03\x01 |
||
| 26 | GET | /.env |
HTTP/1.1 |
| 3 | GET | /.git/config |
HTTP/1.1 |
| 1 | GET | /99vt |
HTTP/1.1 |
| 1 | GET | /99vu |
HTTP/1.1 |
| 1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
| 1 | GET | /Telerik.Web.UI.WebResource.axd?type=rau |
HTTP/1.1 |
| 1 | GET | /ZUyVHjLYz2PFBMKxtm5WOIknadP |
HTTP/1.1 |
| 1 | GET | /aaaaaaaaaaaaaaaaaaaaaaaaaqr |
HTTP/1.1 |
| 1 | GET | /actuator/health |
HTTP/1.1 |
| 1 | GET | /console/ |
HTTP/1.1 |
| 2 | GET | /favicon.ico |
HTTP/1.1 |
| 1 | GET | /hudson |
HTTP/1.1 |
| 1 | GET | /manager/html |
HTTP/1.1 |
| 2 | GET | /robots.txt |
HTTP/1.1 |
| 7 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
| 1 | PRI | * |
HTTP/2.0 |
