Este informe identifica hosts que tienen el Protocolo de transferencia de hipertexto (HTTP) ejecutándose en algún puerto y son accesibles en Internet. HTTP no cifra el contenido, todo lo que se envía queda expuesto a que posibles ciberdelincuentes con los conocimientos necesarios puedan interceptarlo, afectando la privacidad y laseguridad.
Este reporte no indica indicios de compromiso o ataques desde las IPs en cuestión, sino sólo representa la presencia de un equipo o servicio potencialmente vulnerable y/o expuesto.
Nombre(s) de archivo: scan_http, scan6_http
CAMPOS
| timestamp | Hora en que se sondeó la IP en UTC+0 |
| ip | La dirección IP del dispositivo en cuestión. |
| protocol | Protocolo en el que se produjo la respuesta HTTP (siempre TCP) |
| port | Puerto del que provino la respuesta HTTP (8080/TCP) |
| hostname | Nombre DNS inverso del dispositivo en cuestión |
| tag | Esto siempre será http |
| asn | ASN de donde reside el dispositivo en cuestión |
| geo | País donde reside el dispositivo en cuestión |
| region | Estado/Provincia/Región administrativa donde reside el dispositivo en cuestión |
| city | Ciudad en la que reside el dispositivo en cuestión |
| naics | Código del sistema de clasificación de la industria de América del Norte |
| sic | Código del sistema de clasificación industrial estándar |
| http | Versión del protocolo de transferencia de hipertexto |
| http_code | Código de respuesta HTTP: por ejemplo, 200, 401, 404 |
| http_reason | El motivo del texto para ir con el código HTTP |
| content_type | El tipo MIME del cuerpo de la solicitud (usado con solicitudes POST y PUT) |
| connection | Opciones de control para la conexión actual y lista de campos de solicitud salto por salto |
| www_authenticate | Indica el esquema de autenticación que se debe utilizar para acceder a la entidad solicitada |
| set_cookie | La cookie HTTP que se establecerá |
| server | Tipo de servidor HTTP |
| content_length | La longitud del cuerpo de respuesta en octetos |
| transfer_encoding | La forma de codificación utilizada para transferir de forma segura la entidad al usuario. |
| http_date | La fecha y hora en que se envió el mensaje. |
EJEMPLO
"timestamp","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","sic","http","http_code","http_reason","content_type","conenction","www_authenticate","set_cookie","server","content_length","transfer_encoding","http_date"
"2018-04-19 00:02:26","75.74.78.113","tcp",8080,"c-75-74-78-113.hsd1.fl.comcast.net","http",7922,"US","FLORIDA","MIAMI",518111,737401,"HTTP/1.1",200,"OK","text/html",,,,"lighttpd",,"chunked","Thu, 19 Apr 2018 00:02:28 GMT"
"2018-04-19 00:02:26","88.162.174.130","tcp",8080,"sto95-3-88-162-174-130.fbx.proxad.net","http",12322,"FR",,"SAINT-OUEN-L'AUMONE",518210,737415,"HTTP/1.1",200,"OK","text/html",,,,,17729,,"Thu, 19 Apr 2018 02:02:28 GMT"
"2018-04-19 00:02:26","190.140.181.34","tcp",8080,"cpe-00265aae9f73.cpe.cableonda.net","http",18809,"PA","PANAMA","PANAMA CITY",0,0,"HTTP/1.1",200,"OK","text/html",,,,,3085,,
"2018-04-19 00:02:26","216.49.230.15","tcp",8080,"216.49.230-ip-15.ckt.net","http",16717,"US","KANSAS","GIRARD",517310,481304,"HTTP/1.1",200,"OK","text/html",,,,"micro_httpd",,,"Thu, 19 Apr 2018 00:02:28 GMT"
"2018-04-19 00:02:26","189.244.105.68","tcp",8080,"dsl-189-244-105-68-dyn.prod-infinitum.com.mx","http",8151,"MX","CHIHUAHUA","CHIHUAHUA",0,0,"HTTP/1.1",200,"OK","text/html",,,,,,"chunked",
"2018-04-19 00:02:26","173.17.102.136","tcp",8080,"173-17-102-136.client.mchsi.com","http",30036,"US","IOWA","WATERLOO",518210,737415,"HTTP/1.1",200,"OK","text/html",,,,"lighttpd",6474,,"Wed, 18 Apr 2018 19:02:15 GMT"
"2018-04-19 00:02:26","172.79.24.152","tcp",8080,,"http",5650,"US","TENNESSEE","CROSSVILLE",0,0,"HTTP/1.1",303,"See Other",,,,,"SiemensGigaset-Server/1.0",0,,
"2018-04-19 00:02:26","187.156.37.195","tcp",8080,"dsl-187-156-37-195-dyn.prod-infinitum.com.mx","http",8151,"MX","COAHUILA","SALTILLO",0,0,"HTTP/1.1",200,"OK","text/html",,,,,,"chunked",
"2018-04-19 00:02:26","201.110.149.83","tcp",8080,"dsl-201-110-149-83-dyn.prod-infinitum.com.mx","http",8151,"MX","MEXICO","METEPEC",0,0,"HTTP/1.1",200,"OK","text/html",,,,,,,
"2018-04-19 00:02:26","98.113.235.195","tcp",8080,"pool-98-113-235-195.nycmny.fios.verizon.net","http",701,"US","NEW YORK","FLUSHING",518111,737415,"HTTP/1.0",401,"Authorization Required","text/html",,"Basic realm=""DCS-932LB1_35""",,"alphapd",103,,"Wed Apr 18 20:02:26 2018"
"2018-04-19 00:02:26","47.150.171.4","tcp",8080,,"http",5650,"US","CALIFORNIA","VICTORVILLE",0,0,"HTTP/1.0",401,"Authorization Required",,,"Basic realm=""47.150.171.4:8080""",,,,,
"2018-04-19 00:02:26","73.204.33.98","tcp",8080,"c-73-204-33-98.hsd1.fl.comcast.net","http",7922,"US","FLORIDA","POMPANO BEACH",518111,737401,"HTTP/1.1",200,"OK","text/html",,,,"dcs-lig-httpd",7851,,"Thu, 19 Apr 2018 00:02:26 GMT"
"2018-04-19 00:02:26","67.193.73.96","tcp",8080,"d67-193-73-96.home3.cgocable.net","http",7992,"CA","ONTARIO","BROCKVILLE",518210,737415,"HTTP/1.1",302,"Found","text/html",,,,"lighttpd",0,,"Wed, 18 Apr 2018 19:02:24 GMT"
"2018-04-19 00:02:26","107.191.167.44","tcp",8080,,"http",18897,"US","MONTANA","LIBBY",0,0,"HTTP/1.1",200,"OK","text/html",,,,,1408,,
"2018-04-19 00:02:26","206.74.50.42","tcp",8080,,"http",395437,"US","TENNESSEE","ROBBINS",0,0,"HTTP/1.1",200,"OK","text/html",,,,"micro_httpd",,,"Thu, 19 Apr 2018 00:02:29 GMT"
"2018-04-19 00:02:26","216.158.194.220","tcp",8080,,"http",18978,"CY","CYPRUS","?",518210,737409,"HTTP/1.0",400,"Bad Request","text/html",,,,"squid/3.1.9",3125,,"Thu, 19 Apr 2018 04:49:29 GMT"Fuente: https://www.shadowserver.org/what-we-do/network-reporting/accessible-http-report/