ハニーポット観察日記(2019/02/04)
はじめに
こんにちは。cute_otterです。
今日もCowrieのログを一部取得できていなかったため、ログの簡易分析をお休みします。すみません。
WOWHoneypot
ハニーポット「WOWHoneypot」で2019/02/04 (月) 00:00~23:59 UTC(運用32日目)に取得したログの簡易分析です。
特徴
- WebShellの探査が約600件(普段の5倍ほど)あり、非常に多かったです。
- 2019/02/01以来、3日ぶりにZGrabによるスキャンを観測しました。
概況
- 集計期間 : 2019/02/04 (月) 00:00~23:59 UTC
- 総アクセス件数 : 905 件(前日比 +884 件)
- WebShellの探査 : 584 件
- phpMyAdminの探査 : 264 件
- トップページへのアクセス : 19 件
- Tomcatの管理ページに対するログイン試行 : 19 件
- Network Weathermapの探査 : 6 件
- Microsoft IIS 6.0の脆弱性(CVE-2017-7269)を利用した攻撃 : 3 件
- WebDAVの探査 : 3 件
- WordPressのコンフィグファイルの探査 : 3 件
- WordPress用のPortable phpMyAdminの脆弱性(CVE-2012-5469)を利用した攻撃 : 3 件
- 不明 : 1 件
- ユニークIPアドレス件数 : 25 件 (前日比 +5 件)
- アクセス元の国数 : 17 カ国 (前日比 +4 カ国)
国別のアクセス件数
国別のアクセス件数は以下の通りです。
順位 | 国名 | 件数 | 前日の順位 | 前日の件数 | 件数差 | 備考 |
---|---|---|---|---|---|---|
1. | China | 587 | - | 0 | +587 | - |
2. | Hong Kong | 298 | - | 0 | +298 | - |
3. | Brazil | 3 | 1. | 6 | -3 | - |
4. | Indonesia | 2 | - | 0 | +2 | - |
5. | India | 2 | - | 0 | +2 | - |
6. | Russia | 2 | - | 0 | +2 | - |
7. | Colombia | 1 | - | 0 | +1 | - |
8. | Poland | 1 | - | 0 | +1 | - |
9. | Argentina | 1 | - | 0 | +1 | - |
10. | Ukraine | 1 | - | 0 | +1 | - |
11. | Greece | 1 | - | 0 | +1 | - |
12. | United Kingdom | 1 | - | 0 | +1 | - |
13. | Pakistan | 1 | 13. | 1 | +-0 | - |
14. | Taiwan | 1 | 10. | 1 | +-0 | - |
15. | Mexico | 1 | 12. | 1 | +-0 | - |
16. | United States | 1 | 2. | 3 | -2 | - |
17. | Japan | 1 | 7. | 1 | +-0 | - |
- 中国と香港からのアクセス件数が増加しました。
- アクセスの目的はWebShellやphpMyAdminの探査が大半を占めていました。
- 中国からのアクセスは以下のISPに登録された4つのIPアドレスから行われていました。
- Tencent Cloud Computing (Beijing) Co. Ltd.(AS133478)
- China Mobile Communications Corporation(AS56046)
- China Unicom Zhejiang Province Network(AS4837)
- China Telecom Backbone(AS4134)
- 香港からのアクセスはHongKong Virtual internal server company Limited(AS134120)に登録された1つのIPアドレスから行われていました。
アクセス先
- WebShellの探査が合計で584件あり、そのうち324件がPOSTリクエストで、HTTPボディに
cmd=die(@md5(F3bru4ry));
などがセットされていました。 - 2019/02/01以来、3日ぶりにZGrabによるスキャンを観測しました。
- 件数は2件でした。
- User-Agentは
Mozilla/5.0 zgrab/0.x
でした。
- 2019/02/01~03にかけて観測したMASSCANによるスキャンは観測されませんでした。
アクセス先の一覧は以下の通りです。
順位 | 備考 | アクセス先 | 件数 | 前日の順位 | 前日の件数 | 件数差 |
---|---|---|---|---|---|---|
1. | Tomcatの管理ページに対するログイン試行 | GET /manager/html HTTP/1.1 | 19 | - | 0 | +19 |
2. | トップページへのアクセス | GET / HTTP/1.1 | 17 | 1. | 15 | +2 |
3. | WebShellの探査 | POST /qq.php HTTP/1.1 | 10 | - | 0 | +10 |
4. | WebShellの探査 | POST /1.php HTTP/1.1 | 9 | - | 0 | +9 |
5. | WebShellの探査 | POST /confg.php HTTP/1.1 | 8 | - | 0 | +8 |
6. | WebShellの探査 | POST /q.php HTTP/1.1 | 7 | - | 0 | +7 |
7. | WebShellの探査 | GET /cmd.php HTTP/1.1 | 6 | - | 0 | +6 |
8. | WebShellの探査 | POST /xx.php HTTP/1.1 | 6 | - | 0 | +6 |
9. | WebShellの探査 | POST /conflg.php HTTP/1.1 | 6 | - | 0 | +6 |
10. | WebShellの探査 | POST /test.php HTTP/1.1 | 6 | - | 0 | +6 |
11. | WebShellの探査 | POST /x.php HTTP/1.1 | 6 | - | 0 | +6 |
12. | phpMyAdminの探査 | GET /phpMyAdmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
13. | phpMyAdminの探査 | GET /PMA/index.php HTTP/1.1 | 6 | - | 0 | +6 |
14. | phpMyAdminの探査 | GET /web/phpMyAdmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
15. | phpMyAdminの探査 | GET /admin/pma/index.php HTTP/1.1 | 6 | - | 0 | +6 |
16. | phpMyAdminの探査 | GET /admin/PMA/index.php HTTP/1.1 | 6 | - | 0 | +6 |
17. | phpMyAdminの探査 | GET /admin/phpmyadmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
18. | phpMyAdminの探査 | GET /admin/phpMyAdmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
19. | phpMyAdminの探査 | GET /xampp/phpmyadmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
20. | phpMyAdminの探査 | GET /www/phpMyAdmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
21. | phpMyAdminの探査 | GET /tools/phpMyAdmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
22. | phpMyAdminの探査 | GET /claroline/phpMyAdmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
23. | phpMyAdminの探査 | GET /typo3/phpmyadmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
24. | phpMyAdminの探査 | GET /phpmyadmin/phpmyadmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
25. | phpMyAdminの探査 | GET /phpMyAdmin/phpMyAdmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
26. | phpMyAdminの探査 | GET /MyAdmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
27. | WebShellの探査 | GET /shell.php HTTP/1.1 | 5 | - | 0 | +5 |
28. | WebShellの探査 | POST /s.php HTTP/1.1 | 5 | - | 0 | +5 |
29. | phpMyAdminの探査 | GET /pma/index.php HTTP/1.1 | 5 | - | 0 | +5 |
30. | WebShellの探査 | POST /2.php HTTP/1.1 | 4 | - | 0 | +4 |
31. | WebShellの探査 | POST /z.php HTTP/1.1 | 4 | - | 0 | +4 |
32. | WebShellの探査 | POST /hello.php HTTP/1.1 | 4 | - | 0 | +4 |
33. | phpMyAdminの探査 | GET /phpmyadmin/index.php HTTP/1.1 | 4 | - | 0 | +4 |
34. | Microsoft IIS 6.0の脆弱性(CVE-2017-7269)を利用した攻撃 | PROPFIND / HTTP/1.1 | 3 | - | 0 | +3 |
35. | WebDAVの探査 | GET /webdav/ HTTP/1.1 | 3 | - | 0 | +3 |
36. | WebShellの探査 | GET /help.php HTTP/1.1 | 3 | - | 0 | +3 |
37. | WebShellの探査 | GET /java.php HTTP/1.1 | 3 | - | 0 | +3 |
38. | WebShellの探査 | GET /_query.php HTTP/1.1 | 3 | - | 0 | +3 |
39. | WebShellの探査 | GET /test.php HTTP/1.1 | 3 | - | 0 | +3 |
40. | WebShellの探査 | GET /db_cts.php HTTP/1.1 | 3 | - | 0 | +3 |
41. | WebShellの探査 | GET /log.php HTTP/1.1 | 3 | - | 0 | +3 |
42. | WebShellの探査 | GET /hell.php HTTP/1.1 | 3 | - | 0 | +3 |
43. | WebShellの探査 | GET /pmd_online.php HTTP/1.1 | 3 | - | 0 | +3 |
44. | WebShellの探査 | GET /x.php HTTP/1.1 | 3 | - | 0 | +3 |
45. | WebShellの探査 | GET /htdocs.php HTTP/1.1 | 3 | - | 0 | +3 |
46. | WebShellの探査 | GET /z.php HTTP/1.1 | 3 | - | 0 | +3 |
47. | WebShellの探査 | GET /lala.php HTTP/1.1 | 3 | - | 0 | +3 |
48. | WebShellの探査 | GET /lala-dpr.php HTTP/1.1 | 3 | - | 0 | +3 |
49. | WebShellの探査 | GET /wpc.php HTTP/1.1 | 3 | - | 0 | +3 |
50. | WebShellの探査 | GET /wpo.php HTTP/1.1 | 3 | - | 0 | +3 |
51. | WebShellの探査 | GET /text.php HTTP/1.1 | 3 | - | 0 | +3 |
52. | WordPressのコンフィグファイルの探査 | GET /wp-config.php HTTP/1.1 | 3 | - | 0 | +3 |
53. | WebShellの探査 | GET /muhstik2.php HTTP/1.1 | 3 | - | 0 | +3 |
54. | WebShellの探査 | GET /muhstiks.php HTTP/1.1 | 3 | - | 0 | +3 |
55. | WebShellの探査 | GET /muhstik-dpr.php HTTP/1.1 | 3 | - | 0 | +3 |
56. | WebShellの探査 | GET /lol.php HTTP/1.1 | 3 | - | 0 | +3 |
57. | WebShellの探査 | GET /uploader.php HTTP/1.1 | 3 | - | 0 | +3 |
58. | WebShellの探査 | GET /cmv.php HTTP/1.1 | 3 | - | 0 | +3 |
59. | WebShellの探査 | GET /knal.php HTTP/1.1 | 3 | - | 0 | +3 |
60. | WebShellの探査 | GET /appserv.php HTTP/1.1 | 3 | - | 0 | +3 |
61. | phpMyAdminの探査 | GET /scripts/setup.php HTTP/1.1 | 3 | - | 0 | +3 |
62. | phpMyAdminの探査 | GET /phpmyadmin/scripts/setup.php HTTP/1.1 | 3 | - | 0 | +3 |
63. | phpMyAdminの探査 | GET /phpMyAdmin/scripts/setup.php HTTP/1.1 | 3 | - | 0 | +3 |
64. | phpMyAdminの探査 | GET /phpmyadmin/scripts/db___.init.php HTTP/1.1 | 3 | - | 0 | +3 |
65. | phpMyAdminの探査 | GET /phpMyAdmin/scripts/db___.init.php HTTP/1.1 | 3 | - | 0 | +3 |
66. | Network Weathermapの探査 | GET /plugins/weathermap/editor.php HTTP/1.1 | 3 | - | 0 | +3 |
67. | Network Weathermapの探査 | GET /cacti/plugins/weathermap/editor.php HTTP/1.1 | 3 | - | 0 | +3 |
68. | WebShellの探査 | POST /wuwu11.php HTTP/1.1 | 3 | - | 0 | +3 |
69. | WebShellの探査 | POST /xw.php HTTP/1.1 | 3 | - | 0 | +3 |
70. | WebShellの探査 | POST /9678.php HTTP/1.1 | 3 | - | 0 | +3 |
71. | WebShellの探査 | POST /wc.php HTTP/1.1 | 3 | - | 0 | +3 |
72. | WebShellの探査 | POST /w.php HTTP/1.1 | 3 | - | 0 | +3 |
73. | WebShellの探査 | POST /sheep.php HTTP/1.1 | 3 | - | 0 | +3 |
74. | WebShellの探査 | POST /qaq.php HTTP/1.1 | 3 | - | 0 | +3 |
75. | WebShellの探査 | POST /db.init.php HTTP/1.1 | 3 | - | 0 | +3 |
76. | WebShellの探査 | POST /db_session.init.php HTTP/1.1 | 3 | - | 0 | +3 |
77. | WebShellの探査 | POST /db__.init.php HTTP/1.1 | 3 | - | 0 | +3 |
78. | WebShellの探査 | POST /wp-admins.php HTTP/1.1 | 3 | - | 0 | +3 |
79. | WebShellの探査 | POST /db_dataml.php HTTP/1.1 | 3 | - | 0 | +3 |
80. | WebShellの探査 | POST /mx.php HTTP/1.1 | 3 | - | 0 | +3 |
81. | WebShellの探査 | POST /wshell.php HTTP/1.1 | 3 | - | 0 | +3 |
82. | WebShellの探査 | POST /xshell.php HTTP/1.1 | 3 | - | 0 | +3 |
83. | WebShellの探査 | POST /lindex.php HTTP/1.1 | 3 | - | 0 | +3 |
84. | WebShellの探査 | POST /phpstudy.php HTTP/1.1 | 3 | - | 0 | +3 |
85. | WebShellの探査 | POST /phpStudy.php HTTP/1.1 | 3 | - | 0 | +3 |
86. | WebShellの探査 | POST /weixiao.php HTTP/1.1 | 3 | - | 0 | +3 |
87. | WebShellの探査 | POST /feixiang.php HTTP/1.1 | 3 | - | 0 | +3 |
88. | WebShellの探査 | POST /ak47.php HTTP/1.1 | 3 | - | 0 | +3 |
89. | WebShellの探査 | POST /ak48.php HTTP/1.1 | 3 | - | 0 | +3 |
90. | WebShellの探査 | POST /xiao.php HTTP/1.1 | 3 | - | 0 | +3 |
91. | WebShellの探査 | POST /defect.php HTTP/1.1 | 3 | - | 0 | +3 |
92. | WebShellの探査 | POST /webslee.php HTTP/1.1 | 3 | - | 0 | +3 |
93. | WebShellの探査 | POST /pe.php HTTP/1.1 | 3 | - | 0 | +3 |
94. | WebShellの探査 | POST /hm.php HTTP/1.1 | 3 | - | 0 | +3 |
95. | WebShellの探査 | POST /cainiao.php HTTP/1.1 | 3 | - | 0 | +3 |
96. | WebShellの探査 | POST /zuoshou.php HTTP/1.1 | 3 | - | 0 | +3 |
97. | WebShellの探査 | POST /zuo.php HTTP/1.1 | 3 | - | 0 | +3 |
98. | WebShellの探査 | POST /aotu.php HTTP/1.1 | 3 | - | 0 | +3 |
99. | WebShellの探査 | POST /aotu7.php HTTP/1.1 | 3 | - | 0 | +3 |
100. | WebShellの探査 | POST /cmd.php HTTP/1.1 | 3 | - | 0 | +3 |
101. | WebShellの探査 | POST /system.php HTTP/1.1 | 3 | - | 0 | +3 |
102. | WebShellの探査 | POST /l6.php HTTP/1.1 | 3 | - | 0 | +3 |
103. | WebShellの探査 | POST /l7.php HTTP/1.1 | 3 | - | 0 | +3 |
104. | WebShellの探査 | POST /l8.php HTTP/1.1 | 3 | - | 0 | +3 |
105. | WebShellの探査 | POST /56.php HTTP/1.1 | 3 | - | 0 | +3 |
106. | WebShellの探査 | POST /mz.php HTTP/1.1 | 3 | - | 0 | +3 |
107. | WebShellの探査 | POST /yumo.php HTTP/1.1 | 3 | - | 0 | +3 |
108. | WebShellの探査 | POST /min.php HTTP/1.1 | 3 | - | 0 | +3 |
109. | WebShellの探査 | POST /wan.php HTTP/1.1 | 3 | - | 0 | +3 |
110. | WebShellの探査 | POST /wanan.php HTTP/1.1 | 3 | - | 0 | +3 |
111. | WebShellの探査 | POST /ssaa.php HTTP/1.1 | 3 | - | 0 | +3 |
112. | WebShellの探査 | POST /aw.php HTTP/1.1 | 3 | - | 0 | +3 |
113. | WebShellの探査 | POST /12.php HTTP/1.1 | 3 | - | 0 | +3 |
114. | WebShellの探査 | POST /hh.php HTTP/1.1 | 3 | - | 0 | +3 |
115. | WebShellの探査 | POST /ak.php HTTP/1.1 | 3 | - | 0 | +3 |
116. | WebShellの探査 | POST /ip.php HTTP/1.1 | 3 | - | 0 | +3 |
117. | WebShellの探査 | POST /infoo.php HTTP/1.1 | 3 | - | 0 | +3 |
118. | WebShellの探査 | POST /qwe.php HTTP/1.1 | 3 | - | 0 | +3 |
119. | WebShellの探査 | POST /1213.php HTTP/1.1 | 3 | - | 0 | +3 |
120. | WebShellの探査 | POST /post.php HTTP/1.1 | 3 | - | 0 | +3 |
121. | WebShellの探査 | POST /h1.php HTTP/1.1 | 3 | - | 0 | +3 |
122. | WebShellの探査 | POST /3.php HTTP/1.1 | 3 | - | 0 | +3 |
123. | WebShellの探査 | POST /phpinfi.php HTTP/1.1 | 3 | - | 0 | +3 |
124. | WebShellの探査 | POST /9510.php HTTP/1.1 | 3 | - | 0 | +3 |
125. | WebShellの探査 | POST /default.php HTTP/1.1 | 3 | - | 0 | +3 |
126. | WebShellの探査 | POST /sean.php HTTP/1.1 | 3 | - | 0 | +3 |
127. | WebShellの探査 | POST /app.php HTTP/1.1 | 3 | - | 0 | +3 |
128. | WebShellの探査 | POST /tiandi.php HTTP/1.1 | 3 | - | 0 | +3 |
129. | WebShellの探査 | POST /xz.php HTTP/1.1 | 3 | - | 0 | +3 |
130. | WebShellの探査 | POST /zshmindex.php HTTP/1.1 | 3 | - | 0 | +3 |
131. | WebShellの探査 | POST /tomcat.php HTTP/1.1 | 3 | - | 0 | +3 |
132. | WebShellの探査 | POST /ou2.php HTTP/1.1 | 3 | - | 0 | +3 |
133. | WebShellの探査 | POST /zuos.php HTTP/1.1 | 3 | - | 0 | +3 |
134. | WebShellの探査 | POST /zuoss.php HTTP/1.1 | 3 | - | 0 | +3 |
135. | WebShellの探査 | POST /zuoshss.php HTTP/1.1 | 3 | - | 0 | +3 |
136. | WebShellの探査 | POST /boots.php HTTP/1.1 | 3 | - | 0 | +3 |
137. | WebShellの探査 | POST /she.php HTTP/1.1 | 3 | - | 0 | +3 |
138. | WebShellの探査 | POST /api.php HTTP/1.1 | 3 | - | 0 | +3 |
139. | WebShellの探査 | POST /lucky.php HTTP/1.1 | 3 | - | 0 | +3 |
140. | phpMyAdminの探査 | GET /index.php HTTP/1.1 | 3 | - | 0 | +3 |
141. | phpMyAdminの探査 | GET /pmamy/index.php HTTP/1.1 | 3 | - | 0 | +3 |
142. | phpMyAdminの探査 | GET /pmamy2/index.php HTTP/1.1 | 3 | - | 0 | +3 |
143. | phpMyAdminの探査 | GET /mysql/index.php HTTP/1.1 | 3 | - | 0 | +3 |
144. | phpMyAdminの探査 | GET /admin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
145. | phpMyAdminの探査 | GET /db/index.php HTTP/1.1 | 3 | - | 0 | +3 |
146. | phpMyAdminの探査 | GET /admin/mysql/index.php HTTP/1.1 | 3 | - | 0 | +3 |
147. | phpMyAdminの探査 | GET /admin/mysql2/index.php HTTP/1.1 | 3 | - | 0 | +3 |
148. | phpMyAdminの探査 | GET /admin/phpmyadmin2/index.php HTTP/1.1 | 3 | - | 0 | +3 |
149. | phpMyAdminの探査 | GET /mysqladmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
150. | phpMyAdminの探査 | GET /mysql-admin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
151. | phpMyAdminの探査 | GET /mysql_admin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
152. | phpMyAdminの探査 | GET /phpadmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
153. | phpMyAdminの探査 | GET /phpAdmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
154. | phpMyAdminの探査 | GET /phpmyadmin0/index.php HTTP/1.1 | 3 | - | 0 | +3 |
155. | phpMyAdminの探査 | GET /phpmyadmin1/index.php HTTP/1.1 | 3 | - | 0 | +3 |
156. | phpMyAdminの探査 | GET /phpmyadmin2/index.php HTTP/1.1 | 3 | - | 0 | +3 |
157. | phpMyAdminの探査 | GET /phpMyAdmin-4.4.0/index.php HTTP/1.1 | 3 | - | 0 | +3 |
158. | phpMyAdminの探査 | GET /myadmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
159. | phpMyAdminの探査 | GET /myadmin2/index.php HTTP/1.1 | 3 | - | 0 | +3 |
160. | phpMyAdminの探査 | GET /phpmyadmin-old/index.php HTTP/1.1 | 3 | - | 0 | +3 |
161. | phpMyAdminの探査 | GET /phpMyAdmin.old/index.php HTTP/1.1 | 3 | - | 0 | +3 |
162. | phpMyAdminの探査 | GET /phpma/index.php HTTP/1.1 | 3 | - | 0 | +3 |
163. | phpMyAdminの探査 | GET /phpMyAbmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
164. | phpMyAdminの探査 | GET /phpMyAdmin__/index.php HTTP/1.1 | 3 | - | 0 | +3 |
165. | phpMyAdminの探査 | GET /phpMyAdmin+++---/index.php HTTP/1.1 | 3 | - | 0 | +3 |
166. | phpMyAdminの探査 | GET /v/index.php HTTP/1.1 | 3 | - | 0 | +3 |
167. | phpMyAdminの探査 | GET /phpMyAdm1n/index.php HTTP/1.1 | 3 | - | 0 | +3 |
168. | phpMyAdminの探査 | GET /shaAdmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
169. | phpMyAdminの探査 | GET /phpMyadmi/index.php HTTP/1.1 | 3 | - | 0 | +3 |
170. | phpMyAdminの探査 | GET /phpMyAdmion/index.php HTTP/1.1 | 3 | - | 0 | +3 |
171. | phpMyAdminの探査 | GET /phpMyAdmin1/index.php HTTP/1.1 | 3 | - | 0 | +3 |
172. | phpMyAdminの探査 | GET /pwd/index.php HTTP/1.1 | 3 | - | 0 | +3 |
173. | phpMyAdminの探査 | GET /phpMyAdmina/index.php HTTP/1.1 | 3 | - | 0 | +3 |
174. | phpMyAdminの探査 | GET /phpMydmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
175. | phpMyAdminの探査 | GET /phpMyAdmins/index.php HTTP/1.1 | 3 | - | 0 | +3 |
176. | phpMyAdminの探査 | GET /program/index.php HTTP/1.1 | 3 | - | 0 | +3 |
177. | phpMyAdminの探査 | GET /shopdb/index.php HTTP/1.1 | 3 | - | 0 | +3 |
178. | phpMyAdminの探査 | GET /phppma/index.php HTTP/1.1 | 3 | - | 0 | +3 |
179. | phpMyAdminの探査 | GET /phpmy/index.php HTTP/1.1 | 3 | - | 0 | +3 |
180. | phpMyAdminの探査 | GET /mysql/admin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
181. | phpMyAdminの探査 | GET /mysql/dbadmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
182. | phpMyAdminの探査 | GET /mysql/mysqlmanager/index.php HTTP/1.1 | 3 | - | 0 | +3 |
183. | WordPress用のPortable phpMyAdminの脆弱性(CVE-2012-5469)を利用した攻撃 | GET /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php HTTP/1.1 | 3 | - | 0 | +3 |
184. | phpMyAdminの探査 | GET /db_pma.php HTTP/1.1 | 2 | - | 0 | +2 |
185. | WebShellの探査 | GET /logon.php HTTP/1.1 | 2 | - | 0 | +2 |
186. | WebShellの探査 | GET /license.php HTTP/1.1 | 2 | - | 0 | +2 |
187. | WebShellの探査 | POST /xw1.php HTTP/1.1 | 2 | - | 0 | +2 |
188. | WebShellの探査 | POST /m.php?pbid=open HTTP/1.1 | 2 | - | 0 | +2 |
189. | WebShellの探査 | POST /db_desql.php HTTP/1.1 | 2 | - | 0 | +2 |
190. | WebShellの探査 | POST /yao.php HTTP/1.1 | 2 | - | 0 | +2 |
191. | WebShellの探査 | POST /bak.php HTTP/1.1 | 2 | - | 0 | +2 |
192. | WebShellの探査 | POST /aaaa.php HTTP/1.1 | 2 | - | 0 | +2 |
193. | WebShellの探査 | POST /python.php HTTP/1.1 | 2 | - | 0 | +2 |
194. | WebShellの探査 | POST /ceshi.php HTTP/1.1 | 2 | - | 0 | +2 |
195. | WebShellの探査 | POST /qw.php HTTP/1.1 | 2 | - | 0 | +2 |
196. | WebShellの探査 | POST /caonma.php HTTP/1.1 | 2 | - | 0 | +2 |
197. | WebShellの探査 | POST /ss.php HTTP/1.1 | 2 | - | 0 | +2 |
198. | WebShellの探査 | POST /wcp.php HTTP/1.1 | 2 | - | 0 | +2 |
199. | WebShellの探査 | POST /u.php HTTP/1.1 | 2 | - | 0 | +2 |
200. | WebShellの探査 | POST /uuu.php HTTP/1.1 | 2 | - | 0 | +2 |
201. | WebShellの探査 | POST /sss.php HTTP/1.1 | 2 | - | 0 | +2 |
202. | WebShellの探査 | POST /core.php HTTP/1.1 | 2 | - | 0 | +2 |
203. | WebShellの探査 | POST /qaz.php HTTP/1.1 | 2 | - | 0 | +2 |
204. | WebShellの探査 | POST /sha.php HTTP/1.1 | 2 | - | 0 | +2 |
205. | WebShellの探査 | POST /ppx.php HTTP/1.1 | 2 | - | 0 | +2 |
206. | WebShellの探査 | POST /conf1g.php HTTP/1.1 | 2 | - | 0 | +2 |
207. | WebShellの探査 | POST /ver.php HTTP/1.1 | 2 | - | 0 | +2 |
208. | WebShellの探査 | POST /hack.php HTTP/1.1 | 2 | - | 0 | +2 |
209. | WebShellの探査 | POST /qa.php HTTP/1.1 | 2 | - | 0 | +2 |
210. | WebShellの探査 | POST /Ss.php HTTP/1.1 | 2 | - | 0 | +2 |
211. | WebShellの探査 | POST /xxx.php HTTP/1.1 | 2 | - | 0 | +2 |
212. | WebShellの探査 | POST /92.php HTTP/1.1 | 2 | - | 0 | +2 |
213. | WebShellの探査 | POST /dexgp.php HTTP/1.1 | 2 | - | 0 | +2 |
214. | WebShellの探査 | POST /nuoxi.php HTTP/1.1 | 2 | - | 0 | +2 |
215. | WebShellの探査 | POST /godkey.php HTTP/1.1 | 2 | - | 0 | +2 |
216. | WebShellの探査 | POST /okokok.php HTTP/1.1 | 2 | - | 0 | +2 |
217. | WebShellの探査 | POST /erwa.php HTTP/1.1 | 2 | - | 0 | +2 |
218. | WebShellの探査 | POST /pma.php HTTP/1.1 | 2 | - | 0 | +2 |
219. | WebShellの探査 | POST /ruyi.php HTTP/1.1 | 2 | - | 0 | +2 |
220. | WebShellの探査 | POST /51314.php HTTP/1.1 | 2 | - | 0 | +2 |
221. | WebShellの探査 | POST /5201314.php HTTP/1.1 | 2 | - | 0 | +2 |
222. | WebShellの探査 | POST /fusheng.php HTTP/1.1 | 2 | - | 0 | +2 |
223. | WebShellの探査 | POST /general.php HTTP/1.1 | 2 | - | 0 | +2 |
224. | WebShellの探査 | POST /repeat.php HTTP/1.1 | 2 | - | 0 | +2 |
225. | WebShellの探査 | POST /ldw.php HTTP/1.1 | 2 | - | 0 | +2 |
226. | WebShellの探査 | POST /s1.php HTTP/1.1 | 2 | - | 0 | +2 |
227. | WebShellの探査 | POST /xiaodai.php HTTP/1.1 | 2 | - | 0 | +2 |
228. | WebShellの探査 | POST /admn.php HTTP/1.1 | 2 | - | 0 | +2 |
229. | WebShellの探査 | POST /hell.php HTTP/1.1 | 2 | - | 0 | +2 |
230. | WebShellの探査 | POST /xp.php HTTP/1.1 | 2 | - | 0 | +2 |
231. | WebShellの探査 | POST /p.php HTTP/1.1 | 2 | - | 0 | +2 |
232. | WebShellの探査 | POST /a.php HTTP/1.1 | 2 | - | 0 | +2 |
233. | WebShellの探査 | POST /m.php HTTP/1.1 | 2 | - | 0 | +2 |
234. | WebShellの探査 | POST /conf.php HTTP/1.1 | 2 | - | 0 | +2 |
235. | WebShellの探査 | POST /123.php HTTP/1.1 | 2 | - | 0 | +2 |
236. | WebShellの探査 | POST /HX.php HTTP/1.1 | 2 | - | 0 | +2 |
237. | WebShellの探査 | POST /diy.php HTTP/1.1 | 2 | - | 0 | +2 |
238. | WebShellの探査 | POST /666.php HTTP/1.1 | 2 | - | 0 | +2 |
239. | WebShellの探査 | POST /777.php HTTP/1.1 | 2 | - | 0 | +2 |
240. | WebShellの探査 | POST /qwqw.php HTTP/1.1 | 2 | - | 0 | +2 |
241. | WebShellの探査 | POST /.php HTTP/1.1 | 2 | - | 0 | +2 |
242. | WebShellの探査 | POST /infos.php HTTP/1.1 | 2 | - | 0 | +2 |
243. | WebShellの探査 | POST /htfr.php HTTP/1.1 | 2 | - | 0 | +2 |
244. | WebShellの探査 | POST /zzk.php HTTP/1.1 | 2 | - | 0 | +2 |
245. | WebShellの探査 | POST /toor.php HTTP/1.1 | 2 | - | 0 | +2 |
246. | WebShellの探査 | POST /aa.php HTTP/1.1 | 2 | - | 0 | +2 |
247. | WebShellの探査 | POST /wb.php HTTP/1.1 | 2 | - | 0 | +2 |
248. | WebShellの探査 | POST /xiaoma.php HTTP/1.1 | 2 | - | 0 | +2 |
249. | WebShellの探査 | POST /xiaomar.php HTTP/1.1 | 2 | - | 0 | +2 |
250. | phpMyAdminの探査 | GET /phpMyadmin_bak/index.php HTTP/1.1 | 2 | - | 0 | +2 |
251. | phpMyAdminの探査 | GET /pma-old/index.php HTTP/1.1 | 2 | - | 0 | +2 |
252. | phpMyAdminの探査 | GET /phpmyadm1n/index.php HTTP/1.1 | 2 | - | 0 | +2 |
253. | phpMyAdminの探査 | GET /s/index.php HTTP/1.1 | 2 | - | 0 | +2 |
254. | phpMyAdminの探査 | GET /phpMyAdmin123/index.php HTTP/1.1 | 2 | - | 0 | +2 |
255. | phpMyAdminの探査 | GET /mysql/sqlmanager/index.php HTTP/1.1 | 2 | - | 0 | +2 |
256. | WebShellの探査 | GET /help-e.php HTTP/1.1 | 2 | - | 0 | +2 |
257. | WebShellの探査 | GET /desktop.ini.php HTTP/1.1 | 2 | - | 0 | +2 |
258. | WebShellの探査 | GET /muhstik.php HTTP/1.1 | 2 | - | 0 | +2 |
259. | WebShellの探査 | GET /cmdd.php HTTP/1.1 | 2 | - | 0 | +2 |
260. | WebShellの探査 | POST /help.php HTTP/1.1 | 2 | - | 0 | +2 |
261. | WebShellの探査 | POST /miao.php HTTP/1.1 | 2 | - | 0 | +2 |
262. | WebShellの探査 | POST /linuxse.php HTTP/1.1 | 2 | - | 0 | +2 |
263. | WebShellの探査 | POST /1hou.php HTTP/1.1 | 2 | - | 0 | +2 |
264. | WebShellの探査 | POST /MCLi.php HTTP/1.1 | 2 | - | 0 | +2 |
265. | WebShellの探査 | POST /zxc1.php HTTP/1.1 | 2 | - | 0 | +2 |
266. | WebShellの探査 | POST /test123.php HTTP/1.1 | 2 | - | 0 | +2 |
267. | WebShellの探査 | POST /paylog.php HTTP/1.1 | 2 | - | 0 | +2 |
268. | phpMyAdminの探査 | GET /pmd/index.php HTTP/1.1 | 2 | - | 0 | +2 |
269. | phpMyAdminの探査 | GET /PMA2/index.php HTTP/1.1 | 2 | - | 0 | +2 |
270. | phpMyAdminの探査 | GET /phpMyAdminold/index.php HTTP/1.1 | 2 | - | 0 | +2 |
271. | トップページへのアクセス | GET / HTTP/1.0 | 2 | 2. | 3 | -1 |
272. | WebShellの探査 | POST /qwq.php HTTP/1.1 | 1 | - | 0 | +1 |
273. | WebShellの探査 | POST /zuoindex.php HTTP/1.1 | 1 | - | 0 | +1 |
274. | WebShellの探査 | POST /uu.php HTTP/1.1 | 1 | - | 0 | +1 |
275. | WebShellの探査 | POST /yj.php HTTP/1.1 | 1 | - | 0 | +1 |
276. | WebShellの探査 | POST /7.php HTTP/1.1 | 1 | - | 0 | +1 |
277. | WebShellの探査 | POST /xiaomae.php HTTP/1.1 | 1 | - | 0 | +1 |
278. | WebShellの探査 | POST /data.php HTTP/1.1 | 1 | - | 0 | +1 |
279. | WebShellの探査 | POST /log.php HTTP/1.1 | 1 | - | 0 | +1 |
280. | WebShellの探査 | POST /fack.php HTTP/1.1 | 1 | - | 0 | +1 |
281. | WebShellの探査 | POST /angge.php HTTP/1.1 | 1 | - | 0 | +1 |
282. | WebShellの探査 | POST /cxfm666.php HTTP/1.1 | 1 | - | 0 | +1 |
283. | WebShellの探査 | POST /db.php HTTP/1.1 | 1 | - | 0 | +1 |
284. | WebShellの探査 | POST /hacly.php HTTP/1.1 | 1 | - | 0 | +1 |
285. | WebShellの探査 | POST /xiaomo.php HTTP/1.1 | 1 | - | 0 | +1 |
286. | WebShellの探査 | POST /xiaoyu.php HTTP/1.1 | 1 | - | 0 | +1 |
287. | WebShellの探査 | POST /xiaohei.php HTTP/1.1 | 1 | - | 0 | +1 |
288. | WebShellの探査 | POST /j.php HTTP/1.1 | 1 | - | 0 | +1 |
289. | WebShellの探査 | POST /qq5262.php HTTP/1.1 | 1 | - | 0 | +1 |
290. | WebShellの探査 | POST /lost.php HTTP/1.1 | 1 | - | 0 | +1 |
291. | WebShellの探査 | POST /php.php HTTP/1.1 | 1 | - | 0 | +1 |
292. | WebShellの探査 | POST /win.php HTTP/1.1 | 1 | - | 0 | +1 |
293. | WebShellの探査 | POST /win1.php HTTP/1.1 | 1 | - | 0 | +1 |
294. | WebShellの探査 | POST /linux.php HTTP/1.1 | 1 | - | 0 | +1 |
295. | WebShellの探査 | POST /linux1.php HTTP/1.1 | 1 | - | 0 | +1 |
296. | WebShellの探査 | POST /cc.php HTTP/1.1 | 1 | - | 0 | +1 |
297. | WebShellの探査 | POST /lanke.php HTTP/1.1 | 1 | - | 0 | +1 |
298. | WebShellの探査 | POST /neko.php HTTP/1.1 | 1 | - | 0 | +1 |
299. | WebShellの探査 | POST /super.php HTTP/1.1 | 1 | - | 0 | +1 |
300. | WebShellの探査 | POST /cere.php HTTP/1.1 | 1 | - | 0 | +1 |
301. | WebShellの探査 | POST /aaa.php HTTP/1.1 | 1 | - | 0 | +1 |
302. | WebShellの探査 | POST /Administrator.php HTTP/1.1 | 1 | - | 0 | +1 |
303. | WebShellの探査 | POST /liangchen.php HTTP/1.1 | 1 | - | 0 | +1 |
304. | WebShellの探査 | POST /meng.php HTTP/1.1 | 1 | - | 0 | +1 |
305. | WebShellの探査 | POST /no.php HTTP/1.1 | 1 | - | 0 | +1 |
306. | WebShellの探査 | POST /mysql.php HTTP/1.1 | 1 | - | 0 | +1 |
307. | WebShellの探査 | POST /Updata.php HTTP/1.1 | 1 | - | 0 | +1 |
308. | WebShellの探査 | POST /xxxx.php HTTP/1.1 | 1 | - | 0 | +1 |
309. | WebShellの探査 | POST /coon.php HTTP/1.1 | 1 | - | 0 | +1 |
310. | WebShellの探査 | POST /zxc0.php HTTP/1.1 | 1 | - | 0 | +1 |
311. | WebShellの探査 | POST /zxc2.php HTTP/1.1 | 1 | - | 0 | +1 |
312. | WebShellの探査 | POST /indexa.php HTTP/1.1 | 1 | - | 0 | +1 |
313. | WebShellの探査 | POST /lx.php HTTP/1.1 | 1 | - | 0 | +1 |
314. | WebShellの探査 | POST /cn.php HTTP/1.1 | 1 | - | 0 | +1 |
315. | WebShellの探査 | POST /index1.php HTTP/1.1 | 1 | - | 0 | +1 |
316. | WebShellの探査 | POST /info.php HTTP/1.1 | 1 | - | 0 | +1 |
317. | WebShellの探査 | POST /info1.php HTTP/1.1 | 1 | - | 0 | +1 |
318. | WebShellの探査 | POST /aaaaaa1.php HTTP/1.1 | 1 | - | 0 | +1 |
319. | WebShellの探査 | POST /up.php HTTP/1.1 | 1 | - | 0 | +1 |
320. | WebShellの探査 | POST /fb.php HTTP/1.1 | 1 | - | 0 | +1 |
321. | WebShellの探査 | POST /cnm.php HTTP/1.1 | 1 | - | 0 | +1 |
322. | WebShellの探査 | POST /51.php HTTP/1.1 | 1 | - | 0 | +1 |
323. | WebShellの探査 | POST /cadre.php HTTP/1.1 | 1 | - | 0 | +1 |
324. | WebShellの探査 | POST /mm.php HTTP/1.1 | 1 | - | 0 | +1 |
325. | WebShellの探査 | POST /1q.php HTTP/1.1 | 1 | - | 0 | +1 |
326. | WebShellの探査 | POST /1111.php HTTP/1.1 | 1 | - | 0 | +1 |
327. | WebShellの探査 | POST /errors.php HTTP/1.1 | 1 | - | 0 | +1 |
328. | phpMyAdminの探査 | GET /dbadmin/index.php HTTP/1.1 | 1 | - | 0 | +1 |
329. | 不明 | GET hxxp://5[.]188[.]210[.]12/echo[.]php HTTP/1.1 | 1 | - | 0 | +1 |
WOWHoneypotで取得したログの簡易分析は以上です。