cute_otter’s blog

ハニーポットの観察日記を付けています

トップ > ハニーポット観察日記 > ハニーポット観察日記(2019/02/04)

ハニーポット観察日記(2019/02/04)

ハニーポット観察日記

はじめに

こんにちは。cute_otterです。
今日もCowrieのログを一部取得できていなかったため、ログの簡易分析をお休みします。すみません。

WOWHoneypot

ハニーポット「WOWHoneypot」で2019/02/04 (月) 00:00~23:59 UTC(運用32日目)に取得したログの簡易分析です。

特徴

  • WebShellの探査が約600件(普段の5倍ほど)あり、非常に多かったです。
  • 2019/02/01以来、3日ぶりにZGrabによるスキャンを観測しました。

概況

  • 集計期間 : 2019/02/04 (月) 00:00~23:59 UTC
  • 総アクセス件数 : 905 件(前日比 +884 件)
  • ユニークIPアドレス件数 : 25 件 (前日比 +5 件)
  • アクセス元の国数 : 17 カ国 (前日比 +4 カ国)

国別のアクセス件数

国別のアクセス件数は以下の通りです。

順位 国名 件数 前日の順位 前日の件数 件数差 備考
1. China 587 - 0 +587 -
2. Hong Kong 298 - 0 +298 -
3. Brazil 3 1. 6 -3 -
4. Indonesia 2 - 0 +2 -
5. India 2 - 0 +2 -
6. Russia 2 - 0 +2 -
7. Colombia 1 - 0 +1 -
8. Poland 1 - 0 +1 -
9. Argentina 1 - 0 +1 -
10. Ukraine 1 - 0 +1 -
11. Greece 1 - 0 +1 -
12. United Kingdom 1 - 0 +1 -
13. Pakistan 1 13. 1 +-0 -
14. Taiwan 1 10. 1 +-0 -
15. Mexico 1 12. 1 +-0 -
16. United States 1 2. 3 -2 -
17. Japan 1 7. 1 +-0 -
  • 中国と香港からのアクセス件数が増加しました。
    • アクセスの目的はWebShellやphpMyAdminの探査が大半を占めていました。
    • 中国からのアクセスは以下のISPに登録された4つのIPアドレスから行われていました。
      • Tencent Cloud Computing (Beijing) Co. Ltd.(AS133478)
      • China Mobile Communications Corporation(AS56046)
      • China Unicom Zhejiang Province Network(AS4837)
      • China Telecom Backbone(AS4134)
    • 香港からのアクセスはHongKong Virtual internal server company Limited(AS134120)に登録された1つのIPアドレスから行われていました。

アクセス先

  • WebShellの探査が合計で584件あり、そのうち324件がPOSTリクエストで、HTTPボディにcmd=die(@md5(F3bru4ry));などがセットされていました。
  • 2019/02/01以来、3日ぶりにZGrabによるスキャンを観測しました。
    • 件数は2件でした。
    • User-AgentはMozilla/5.0 zgrab/0.xでした。
  • 2019/02/01~03にかけて観測したMASSCANによるスキャンは観測されませんでした。

アクセス先の一覧は以下の通りです。

順位 備考 アクセス先 件数 前日の順位 前日の件数 件数差
1. Tomcatの管理ページに対するログイン試行 GET /manager/html HTTP/1.1 19 - 0 +19
2. トップページへのアクセス GET / HTTP/1.1 17 1. 15 +2
3. WebShellの探査 POST /qq.php HTTP/1.1 10 - 0 +10
4. WebShellの探査 POST /1.php HTTP/1.1 9 - 0 +9
5. WebShellの探査 POST /confg.php HTTP/1.1 8 - 0 +8
6. WebShellの探査 POST /q.php HTTP/1.1 7 - 0 +7
7. WebShellの探査 GET /cmd.php HTTP/1.1 6 - 0 +6
8. WebShellの探査 POST /xx.php HTTP/1.1 6 - 0 +6
9. WebShellの探査 POST /conflg.php HTTP/1.1 6 - 0 +6
10. WebShellの探査 POST /test.php HTTP/1.1 6 - 0 +6
11. WebShellの探査 POST /x.php HTTP/1.1 6 - 0 +6
12. phpMyAdminの探査 GET /phpMyAdmin/index.php HTTP/1.1 6 - 0 +6
13. phpMyAdminの探査 GET /PMA/index.php HTTP/1.1 6 - 0 +6
14. phpMyAdminの探査 GET /web/phpMyAdmin/index.php HTTP/1.1 6 - 0 +6
15. phpMyAdminの探査 GET /admin/pma/index.php HTTP/1.1 6 - 0 +6
16. phpMyAdminの探査 GET /admin/PMA/index.php HTTP/1.1 6 - 0 +6
17. phpMyAdminの探査 GET /admin/phpmyadmin/index.php HTTP/1.1 6 - 0 +6
18. phpMyAdminの探査 GET /admin/phpMyAdmin/index.php HTTP/1.1 6 - 0 +6
19. phpMyAdminの探査 GET /xampp/phpmyadmin/index.php HTTP/1.1 6 - 0 +6
20. phpMyAdminの探査 GET /www/phpMyAdmin/index.php HTTP/1.1 6 - 0 +6
21. phpMyAdminの探査 GET /tools/phpMyAdmin/index.php HTTP/1.1 6 - 0 +6
22. phpMyAdminの探査 GET /claroline/phpMyAdmin/index.php HTTP/1.1 6 - 0 +6
23. phpMyAdminの探査 GET /typo3/phpmyadmin/index.php HTTP/1.1 6 - 0 +6
24. phpMyAdminの探査 GET /phpmyadmin/phpmyadmin/index.php HTTP/1.1 6 - 0 +6
25. phpMyAdminの探査 GET /phpMyAdmin/phpMyAdmin/index.php HTTP/1.1 6 - 0 +6
26. phpMyAdminの探査 GET /MyAdmin/index.php HTTP/1.1 6 - 0 +6
27. WebShellの探査 GET /shell.php HTTP/1.1 5 - 0 +5
28. WebShellの探査 POST /s.php HTTP/1.1 5 - 0 +5
29. phpMyAdminの探査 GET /pma/index.php HTTP/1.1 5 - 0 +5
30. WebShellの探査 POST /2.php HTTP/1.1 4 - 0 +4
31. WebShellの探査 POST /z.php HTTP/1.1 4 - 0 +4
32. WebShellの探査 POST /hello.php HTTP/1.1 4 - 0 +4
33. phpMyAdminの探査 GET /phpmyadmin/index.php HTTP/1.1 4 - 0 +4
34. Microsoft IIS 6.0の脆弱性(CVE-2017-7269)を利用した攻撃 PROPFIND / HTTP/1.1 3 - 0 +3
35. WebDAVの探査 GET /webdav/ HTTP/1.1 3 - 0 +3
36. WebShellの探査 GET /help.php HTTP/1.1 3 - 0 +3
37. WebShellの探査 GET /java.php HTTP/1.1 3 - 0 +3
38. WebShellの探査 GET /_query.php HTTP/1.1 3 - 0 +3
39. WebShellの探査 GET /test.php HTTP/1.1 3 - 0 +3
40. WebShellの探査 GET /db_cts.php HTTP/1.1 3 - 0 +3
41. WebShellの探査 GET /log.php HTTP/1.1 3 - 0 +3
42. WebShellの探査 GET /hell.php HTTP/1.1 3 - 0 +3
43. WebShellの探査 GET /pmd_online.php HTTP/1.1 3 - 0 +3
44. WebShellの探査 GET /x.php HTTP/1.1 3 - 0 +3
45. WebShellの探査 GET /htdocs.php HTTP/1.1 3 - 0 +3
46. WebShellの探査 GET /z.php HTTP/1.1 3 - 0 +3
47. WebShellの探査 GET /lala.php HTTP/1.1 3 - 0 +3
48. WebShellの探査 GET /lala-dpr.php HTTP/1.1 3 - 0 +3
49. WebShellの探査 GET /wpc.php HTTP/1.1 3 - 0 +3
50. WebShellの探査 GET /wpo.php HTTP/1.1 3 - 0 +3
51. WebShellの探査 GET /text.php HTTP/1.1 3 - 0 +3
52. WordPressのコンフィグファイルの探査 GET /wp-config.php HTTP/1.1 3 - 0 +3
53. WebShellの探査 GET /muhstik2.php HTTP/1.1 3 - 0 +3
54. WebShellの探査 GET /muhstiks.php HTTP/1.1 3 - 0 +3
55. WebShellの探査 GET /muhstik-dpr.php HTTP/1.1 3 - 0 +3
56. WebShellの探査 GET /lol.php HTTP/1.1 3 - 0 +3
57. WebShellの探査 GET /uploader.php HTTP/1.1 3 - 0 +3
58. WebShellの探査 GET /cmv.php HTTP/1.1 3 - 0 +3
59. WebShellの探査 GET /knal.php HTTP/1.1 3 - 0 +3
60. WebShellの探査 GET /appserv.php HTTP/1.1 3 - 0 +3
61. phpMyAdminの探査 GET /scripts/setup.php HTTP/1.1 3 - 0 +3
62. phpMyAdminの探査 GET /phpmyadmin/scripts/setup.php HTTP/1.1 3 - 0 +3
63. phpMyAdminの探査 GET /phpMyAdmin/scripts/setup.php HTTP/1.1 3 - 0 +3
64. phpMyAdminの探査 GET /phpmyadmin/scripts/db___.init.php HTTP/1.1 3 - 0 +3
65. phpMyAdminの探査 GET /phpMyAdmin/scripts/db___.init.php HTTP/1.1 3 - 0 +3
66. Network Weathermapの探査 GET /plugins/weathermap/editor.php HTTP/1.1 3 - 0 +3
67. Network Weathermapの探査 GET /cacti/plugins/weathermap/editor.php HTTP/1.1 3 - 0 +3
68. WebShellの探査 POST /wuwu11.php HTTP/1.1 3 - 0 +3
69. WebShellの探査 POST /xw.php HTTP/1.1 3 - 0 +3
70. WebShellの探査 POST /9678.php HTTP/1.1 3 - 0 +3
71. WebShellの探査 POST /wc.php HTTP/1.1 3 - 0 +3
72. WebShellの探査 POST /w.php HTTP/1.1 3 - 0 +3
73. WebShellの探査 POST /sheep.php HTTP/1.1 3 - 0 +3
74. WebShellの探査 POST /qaq.php HTTP/1.1 3 - 0 +3
75. WebShellの探査 POST /db.init.php HTTP/1.1 3 - 0 +3
76. WebShellの探査 POST /db_session.init.php HTTP/1.1 3 - 0 +3
77. WebShellの探査 POST /db__.init.php HTTP/1.1 3 - 0 +3
78. WebShellの探査 POST /wp-admins.php HTTP/1.1 3 - 0 +3
79. WebShellの探査 POST /db_dataml.php HTTP/1.1 3 - 0 +3
80. WebShellの探査 POST /mx.php HTTP/1.1 3 - 0 +3
81. WebShellの探査 POST /wshell.php HTTP/1.1 3 - 0 +3
82. WebShellの探査 POST /xshell.php HTTP/1.1 3 - 0 +3
83. WebShellの探査 POST /lindex.php HTTP/1.1 3 - 0 +3
84. WebShellの探査 POST /phpstudy.php HTTP/1.1 3 - 0 +3
85. WebShellの探査 POST /phpStudy.php HTTP/1.1 3 - 0 +3
86. WebShellの探査 POST /weixiao.php HTTP/1.1 3 - 0 +3
87. WebShellの探査 POST /feixiang.php HTTP/1.1 3 - 0 +3
88. WebShellの探査 POST /ak47.php HTTP/1.1 3 - 0 +3
89. WebShellの探査 POST /ak48.php HTTP/1.1 3 - 0 +3
90. WebShellの探査 POST /xiao.php HTTP/1.1 3 - 0 +3
91. WebShellの探査 POST /defect.php HTTP/1.1 3 - 0 +3
92. WebShellの探査 POST /webslee.php HTTP/1.1 3 - 0 +3
93. WebShellの探査 POST /pe.php HTTP/1.1 3 - 0 +3
94. WebShellの探査 POST /hm.php HTTP/1.1 3 - 0 +3
95. WebShellの探査 POST /cainiao.php HTTP/1.1 3 - 0 +3
96. WebShellの探査 POST /zuoshou.php HTTP/1.1 3 - 0 +3
97. WebShellの探査 POST /zuo.php HTTP/1.1 3 - 0 +3
98. WebShellの探査 POST /aotu.php HTTP/1.1 3 - 0 +3
99. WebShellの探査 POST /aotu7.php HTTP/1.1 3 - 0 +3
100. WebShellの探査 POST /cmd.php HTTP/1.1 3 - 0 +3
101. WebShellの探査 POST /system.php HTTP/1.1 3 - 0 +3
102. WebShellの探査 POST /l6.php HTTP/1.1 3 - 0 +3
103. WebShellの探査 POST /l7.php HTTP/1.1 3 - 0 +3
104. WebShellの探査 POST /l8.php HTTP/1.1 3 - 0 +3
105. WebShellの探査 POST /56.php HTTP/1.1 3 - 0 +3
106. WebShellの探査 POST /mz.php HTTP/1.1 3 - 0 +3
107. WebShellの探査 POST /yumo.php HTTP/1.1 3 - 0 +3
108. WebShellの探査 POST /min.php HTTP/1.1 3 - 0 +3
109. WebShellの探査 POST /wan.php HTTP/1.1 3 - 0 +3
110. WebShellの探査 POST /wanan.php HTTP/1.1 3 - 0 +3
111. WebShellの探査 POST /ssaa.php HTTP/1.1 3 - 0 +3
112. WebShellの探査 POST /aw.php HTTP/1.1 3 - 0 +3
113. WebShellの探査 POST /12.php HTTP/1.1 3 - 0 +3
114. WebShellの探査 POST /hh.php HTTP/1.1 3 - 0 +3
115. WebShellの探査 POST /ak.php HTTP/1.1 3 - 0 +3
116. WebShellの探査 POST /ip.php HTTP/1.1 3 - 0 +3
117. WebShellの探査 POST /infoo.php HTTP/1.1 3 - 0 +3
118. WebShellの探査 POST /qwe.php HTTP/1.1 3 - 0 +3
119. WebShellの探査 POST /1213.php HTTP/1.1 3 - 0 +3
120. WebShellの探査 POST /post.php HTTP/1.1 3 - 0 +3
121. WebShellの探査 POST /h1.php HTTP/1.1 3 - 0 +3
122. WebShellの探査 POST /3.php HTTP/1.1 3 - 0 +3
123. WebShellの探査 POST /phpinfi.php HTTP/1.1 3 - 0 +3
124. WebShellの探査 POST /9510.php HTTP/1.1 3 - 0 +3
125. WebShellの探査 POST /default.php HTTP/1.1 3 - 0 +3
126. WebShellの探査 POST /sean.php HTTP/1.1 3 - 0 +3
127. WebShellの探査 POST /app.php HTTP/1.1 3 - 0 +3
128. WebShellの探査 POST /tiandi.php HTTP/1.1 3 - 0 +3
129. WebShellの探査 POST /xz.php HTTP/1.1 3 - 0 +3
130. WebShellの探査 POST /zshmindex.php HTTP/1.1 3 - 0 +3
131. WebShellの探査 POST /tomcat.php HTTP/1.1 3 - 0 +3
132. WebShellの探査 POST /ou2.php HTTP/1.1 3 - 0 +3
133. WebShellの探査 POST /zuos.php HTTP/1.1 3 - 0 +3
134. WebShellの探査 POST /zuoss.php HTTP/1.1 3 - 0 +3
135. WebShellの探査 POST /zuoshss.php HTTP/1.1 3 - 0 +3
136. WebShellの探査 POST /boots.php HTTP/1.1 3 - 0 +3
137. WebShellの探査 POST /she.php HTTP/1.1 3 - 0 +3
138. WebShellの探査 POST /api.php HTTP/1.1 3 - 0 +3
139. WebShellの探査 POST /lucky.php HTTP/1.1 3 - 0 +3
140. phpMyAdminの探査 GET /index.php HTTP/1.1 3 - 0 +3
141. phpMyAdminの探査 GET /pmamy/index.php HTTP/1.1 3 - 0 +3
142. phpMyAdminの探査 GET /pmamy2/index.php HTTP/1.1 3 - 0 +3
143. phpMyAdminの探査 GET /mysql/index.php HTTP/1.1 3 - 0 +3
144. phpMyAdminの探査 GET /admin/index.php HTTP/1.1 3 - 0 +3
145. phpMyAdminの探査 GET /db/index.php HTTP/1.1 3 - 0 +3
146. phpMyAdminの探査 GET /admin/mysql/index.php HTTP/1.1 3 - 0 +3
147. phpMyAdminの探査 GET /admin/mysql2/index.php HTTP/1.1 3 - 0 +3
148. phpMyAdminの探査 GET /admin/phpmyadmin2/index.php HTTP/1.1 3 - 0 +3
149. phpMyAdminの探査 GET /mysqladmin/index.php HTTP/1.1 3 - 0 +3
150. phpMyAdminの探査 GET /mysql-admin/index.php HTTP/1.1 3 - 0 +3
151. phpMyAdminの探査 GET /mysql_admin/index.php HTTP/1.1 3 - 0 +3
152. phpMyAdminの探査 GET /phpadmin/index.php HTTP/1.1 3 - 0 +3
153. phpMyAdminの探査 GET /phpAdmin/index.php HTTP/1.1 3 - 0 +3
154. phpMyAdminの探査 GET /phpmyadmin0/index.php HTTP/1.1 3 - 0 +3
155. phpMyAdminの探査 GET /phpmyadmin1/index.php HTTP/1.1 3 - 0 +3
156. phpMyAdminの探査 GET /phpmyadmin2/index.php HTTP/1.1 3 - 0 +3
157. phpMyAdminの探査 GET /phpMyAdmin-4.4.0/index.php HTTP/1.1 3 - 0 +3
158. phpMyAdminの探査 GET /myadmin/index.php HTTP/1.1 3 - 0 +3
159. phpMyAdminの探査 GET /myadmin2/index.php HTTP/1.1 3 - 0 +3
160. phpMyAdminの探査 GET /phpmyadmin-old/index.php HTTP/1.1 3 - 0 +3
161. phpMyAdminの探査 GET /phpMyAdmin.old/index.php HTTP/1.1 3 - 0 +3
162. phpMyAdminの探査 GET /phpma/index.php HTTP/1.1 3 - 0 +3
163. phpMyAdminの探査 GET /phpMyAbmin/index.php HTTP/1.1 3 - 0 +3
164. phpMyAdminの探査 GET /phpMyAdmin__/index.php HTTP/1.1 3 - 0 +3
165. phpMyAdminの探査 GET /phpMyAdmin+++---/index.php HTTP/1.1 3 - 0 +3
166. phpMyAdminの探査 GET /v/index.php HTTP/1.1 3 - 0 +3
167. phpMyAdminの探査 GET /phpMyAdm1n/index.php HTTP/1.1 3 - 0 +3
168. phpMyAdminの探査 GET /shaAdmin/index.php HTTP/1.1 3 - 0 +3
169. phpMyAdminの探査 GET /phpMyadmi/index.php HTTP/1.1 3 - 0 +3
170. phpMyAdminの探査 GET /phpMyAdmion/index.php HTTP/1.1 3 - 0 +3
171. phpMyAdminの探査 GET /phpMyAdmin1/index.php HTTP/1.1 3 - 0 +3
172. phpMyAdminの探査 GET /pwd/index.php HTTP/1.1 3 - 0 +3
173. phpMyAdminの探査 GET /phpMyAdmina/index.php HTTP/1.1 3 - 0 +3
174. phpMyAdminの探査 GET /phpMydmin/index.php HTTP/1.1 3 - 0 +3
175. phpMyAdminの探査 GET /phpMyAdmins/index.php HTTP/1.1 3 - 0 +3
176. phpMyAdminの探査 GET /program/index.php HTTP/1.1 3 - 0 +3
177. phpMyAdminの探査 GET /shopdb/index.php HTTP/1.1 3 - 0 +3
178. phpMyAdminの探査 GET /phppma/index.php HTTP/1.1 3 - 0 +3
179. phpMyAdminの探査 GET /phpmy/index.php HTTP/1.1 3 - 0 +3
180. phpMyAdminの探査 GET /mysql/admin/index.php HTTP/1.1 3 - 0 +3
181. phpMyAdminの探査 GET /mysql/dbadmin/index.php HTTP/1.1 3 - 0 +3
182. phpMyAdminの探査 GET /mysql/mysqlmanager/index.php HTTP/1.1 3 - 0 +3
183. WordPress用のPortable phpMyAdmin脆弱性(CVE-2012-5469)を利用した攻撃 GET /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php HTTP/1.1 3 - 0 +3
184. phpMyAdminの探査 GET /db_pma.php HTTP/1.1 2 - 0 +2
185. WebShellの探査 GET /logon.php HTTP/1.1 2 - 0 +2
186. WebShellの探査 GET /license.php HTTP/1.1 2 - 0 +2
187. WebShellの探査 POST /xw1.php HTTP/1.1 2 - 0 +2
188. WebShellの探査 POST /m.php?pbid=open HTTP/1.1 2 - 0 +2
189. WebShellの探査 POST /db_desql.php HTTP/1.1 2 - 0 +2
190. WebShellの探査 POST /yao.php HTTP/1.1 2 - 0 +2
191. WebShellの探査 POST /bak.php HTTP/1.1 2 - 0 +2
192. WebShellの探査 POST /aaaa.php HTTP/1.1 2 - 0 +2
193. WebShellの探査 POST /python.php HTTP/1.1 2 - 0 +2
194. WebShellの探査 POST /ceshi.php HTTP/1.1 2 - 0 +2
195. WebShellの探査 POST /qw.php HTTP/1.1 2 - 0 +2
196. WebShellの探査 POST /caonma.php HTTP/1.1 2 - 0 +2
197. WebShellの探査 POST /ss.php HTTP/1.1 2 - 0 +2
198. WebShellの探査 POST /wcp.php HTTP/1.1 2 - 0 +2
199. WebShellの探査 POST /u.php HTTP/1.1 2 - 0 +2
200. WebShellの探査 POST /uuu.php HTTP/1.1 2 - 0 +2
201. WebShellの探査 POST /sss.php HTTP/1.1 2 - 0 +2
202. WebShellの探査 POST /core.php HTTP/1.1 2 - 0 +2
203. WebShellの探査 POST /qaz.php HTTP/1.1 2 - 0 +2
204. WebShellの探査 POST /sha.php HTTP/1.1 2 - 0 +2
205. WebShellの探査 POST /ppx.php HTTP/1.1 2 - 0 +2
206. WebShellの探査 POST /conf1g.php HTTP/1.1 2 - 0 +2
207. WebShellの探査 POST /ver.php HTTP/1.1 2 - 0 +2
208. WebShellの探査 POST /hack.php HTTP/1.1 2 - 0 +2
209. WebShellの探査 POST /qa.php HTTP/1.1 2 - 0 +2
210. WebShellの探査 POST /Ss.php HTTP/1.1 2 - 0 +2
211. WebShellの探査 POST /xxx.php HTTP/1.1 2 - 0 +2
212. WebShellの探査 POST /92.php HTTP/1.1 2 - 0 +2
213. WebShellの探査 POST /dexgp.php HTTP/1.1 2 - 0 +2
214. WebShellの探査 POST /nuoxi.php HTTP/1.1 2 - 0 +2
215. WebShellの探査 POST /godkey.php HTTP/1.1 2 - 0 +2
216. WebShellの探査 POST /okokok.php HTTP/1.1 2 - 0 +2
217. WebShellの探査 POST /erwa.php HTTP/1.1 2 - 0 +2
218. WebShellの探査 POST /pma.php HTTP/1.1 2 - 0 +2
219. WebShellの探査 POST /ruyi.php HTTP/1.1 2 - 0 +2
220. WebShellの探査 POST /51314.php HTTP/1.1 2 - 0 +2
221. WebShellの探査 POST /5201314.php HTTP/1.1 2 - 0 +2
222. WebShellの探査 POST /fusheng.php HTTP/1.1 2 - 0 +2
223. WebShellの探査 POST /general.php HTTP/1.1 2 - 0 +2
224. WebShellの探査 POST /repeat.php HTTP/1.1 2 - 0 +2
225. WebShellの探査 POST /ldw.php HTTP/1.1 2 - 0 +2
226. WebShellの探査 POST /s1.php HTTP/1.1 2 - 0 +2
227. WebShellの探査 POST /xiaodai.php HTTP/1.1 2 - 0 +2
228. WebShellの探査 POST /admn.php HTTP/1.1 2 - 0 +2
229. WebShellの探査 POST /hell.php HTTP/1.1 2 - 0 +2
230. WebShellの探査 POST /xp.php HTTP/1.1 2 - 0 +2
231. WebShellの探査 POST /p.php HTTP/1.1 2 - 0 +2
232. WebShellの探査 POST /a.php HTTP/1.1 2 - 0 +2
233. WebShellの探査 POST /m.php HTTP/1.1 2 - 0 +2
234. WebShellの探査 POST /conf.php HTTP/1.1 2 - 0 +2
235. WebShellの探査 POST /123.php HTTP/1.1 2 - 0 +2
236. WebShellの探査 POST /HX.php HTTP/1.1 2 - 0 +2
237. WebShellの探査 POST /diy.php HTTP/1.1 2 - 0 +2
238. WebShellの探査 POST /666.php HTTP/1.1 2 - 0 +2
239. WebShellの探査 POST /777.php HTTP/1.1 2 - 0 +2
240. WebShellの探査 POST /qwqw.php HTTP/1.1 2 - 0 +2
241. WebShellの探査 POST /.php HTTP/1.1 2 - 0 +2
242. WebShellの探査 POST /infos.php HTTP/1.1 2 - 0 +2
243. WebShellの探査 POST /htfr.php HTTP/1.1 2 - 0 +2
244. WebShellの探査 POST /zzk.php HTTP/1.1 2 - 0 +2
245. WebShellの探査 POST /toor.php HTTP/1.1 2 - 0 +2
246. WebShellの探査 POST /aa.php HTTP/1.1 2 - 0 +2
247. WebShellの探査 POST /wb.php HTTP/1.1 2 - 0 +2
248. WebShellの探査 POST /xiaoma.php HTTP/1.1 2 - 0 +2
249. WebShellの探査 POST /xiaomar.php HTTP/1.1 2 - 0 +2
250. phpMyAdminの探査 GET /phpMyadmin_bak/index.php HTTP/1.1 2 - 0 +2
251. phpMyAdminの探査 GET /pma-old/index.php HTTP/1.1 2 - 0 +2
252. phpMyAdminの探査 GET /phpmyadm1n/index.php HTTP/1.1 2 - 0 +2
253. phpMyAdminの探査 GET /s/index.php HTTP/1.1 2 - 0 +2
254. phpMyAdminの探査 GET /phpMyAdmin123/index.php HTTP/1.1 2 - 0 +2
255. phpMyAdminの探査 GET /mysql/sqlmanager/index.php HTTP/1.1 2 - 0 +2
256. WebShellの探査 GET /help-e.php HTTP/1.1 2 - 0 +2
257. WebShellの探査 GET /desktop.ini.php HTTP/1.1 2 - 0 +2
258. WebShellの探査 GET /muhstik.php HTTP/1.1 2 - 0 +2
259. WebShellの探査 GET /cmdd.php HTTP/1.1 2 - 0 +2
260. WebShellの探査 POST /help.php HTTP/1.1 2 - 0 +2
261. WebShellの探査 POST /miao.php HTTP/1.1 2 - 0 +2
262. WebShellの探査 POST /linuxse.php HTTP/1.1 2 - 0 +2
263. WebShellの探査 POST /1hou.php HTTP/1.1 2 - 0 +2
264. WebShellの探査 POST /MCLi.php HTTP/1.1 2 - 0 +2
265. WebShellの探査 POST /zxc1.php HTTP/1.1 2 - 0 +2
266. WebShellの探査 POST /test123.php HTTP/1.1 2 - 0 +2
267. WebShellの探査 POST /paylog.php HTTP/1.1 2 - 0 +2
268. phpMyAdminの探査 GET /pmd/index.php HTTP/1.1 2 - 0 +2
269. phpMyAdminの探査 GET /PMA2/index.php HTTP/1.1 2 - 0 +2
270. phpMyAdminの探査 GET /phpMyAdminold/index.php HTTP/1.1 2 - 0 +2
271. トップページへのアクセス GET / HTTP/1.0 2 2. 3 -1
272. WebShellの探査 POST /qwq.php HTTP/1.1 1 - 0 +1
273. WebShellの探査 POST /zuoindex.php HTTP/1.1 1 - 0 +1
274. WebShellの探査 POST /uu.php HTTP/1.1 1 - 0 +1
275. WebShellの探査 POST /yj.php HTTP/1.1 1 - 0 +1
276. WebShellの探査 POST /7.php HTTP/1.1 1 - 0 +1
277. WebShellの探査 POST /xiaomae.php HTTP/1.1 1 - 0 +1
278. WebShellの探査 POST /data.php HTTP/1.1 1 - 0 +1
279. WebShellの探査 POST /log.php HTTP/1.1 1 - 0 +1
280. WebShellの探査 POST /fack.php HTTP/1.1 1 - 0 +1
281. WebShellの探査 POST /angge.php HTTP/1.1 1 - 0 +1
282. WebShellの探査 POST /cxfm666.php HTTP/1.1 1 - 0 +1
283. WebShellの探査 POST /db.php HTTP/1.1 1 - 0 +1
284. WebShellの探査 POST /hacly.php HTTP/1.1 1 - 0 +1
285. WebShellの探査 POST /xiaomo.php HTTP/1.1 1 - 0 +1
286. WebShellの探査 POST /xiaoyu.php HTTP/1.1 1 - 0 +1
287. WebShellの探査 POST /xiaohei.php HTTP/1.1 1 - 0 +1
288. WebShellの探査 POST /j.php HTTP/1.1 1 - 0 +1
289. WebShellの探査 POST /qq5262.php HTTP/1.1 1 - 0 +1
290. WebShellの探査 POST /lost.php HTTP/1.1 1 - 0 +1
291. WebShellの探査 POST /php.php HTTP/1.1 1 - 0 +1
292. WebShellの探査 POST /win.php HTTP/1.1 1 - 0 +1
293. WebShellの探査 POST /win1.php HTTP/1.1 1 - 0 +1
294. WebShellの探査 POST /linux.php HTTP/1.1 1 - 0 +1
295. WebShellの探査 POST /linux1.php HTTP/1.1 1 - 0 +1
296. WebShellの探査 POST /cc.php HTTP/1.1 1 - 0 +1
297. WebShellの探査 POST /lanke.php HTTP/1.1 1 - 0 +1
298. WebShellの探査 POST /neko.php HTTP/1.1 1 - 0 +1
299. WebShellの探査 POST /super.php HTTP/1.1 1 - 0 +1
300. WebShellの探査 POST /cere.php HTTP/1.1 1 - 0 +1
301. WebShellの探査 POST /aaa.php HTTP/1.1 1 - 0 +1
302. WebShellの探査 POST /Administrator.php HTTP/1.1 1 - 0 +1
303. WebShellの探査 POST /liangchen.php HTTP/1.1 1 - 0 +1
304. WebShellの探査 POST /meng.php HTTP/1.1 1 - 0 +1
305. WebShellの探査 POST /no.php HTTP/1.1 1 - 0 +1
306. WebShellの探査 POST /mysql.php HTTP/1.1 1 - 0 +1
307. WebShellの探査 POST /Updata.php HTTP/1.1 1 - 0 +1
308. WebShellの探査 POST /xxxx.php HTTP/1.1 1 - 0 +1
309. WebShellの探査 POST /coon.php HTTP/1.1 1 - 0 +1
310. WebShellの探査 POST /zxc0.php HTTP/1.1 1 - 0 +1
311. WebShellの探査 POST /zxc2.php HTTP/1.1 1 - 0 +1
312. WebShellの探査 POST /indexa.php HTTP/1.1 1 - 0 +1
313. WebShellの探査 POST /lx.php HTTP/1.1 1 - 0 +1
314. WebShellの探査 POST /cn.php HTTP/1.1 1 - 0 +1
315. WebShellの探査 POST /index1.php HTTP/1.1 1 - 0 +1
316. WebShellの探査 POST /info.php HTTP/1.1 1 - 0 +1
317. WebShellの探査 POST /info1.php HTTP/1.1 1 - 0 +1
318. WebShellの探査 POST /aaaaaa1.php HTTP/1.1 1 - 0 +1
319. WebShellの探査 POST /up.php HTTP/1.1 1 - 0 +1
320. WebShellの探査 POST /fb.php HTTP/1.1 1 - 0 +1
321. WebShellの探査 POST /cnm.php HTTP/1.1 1 - 0 +1
322. WebShellの探査 POST /51.php HTTP/1.1 1 - 0 +1
323. WebShellの探査 POST /cadre.php HTTP/1.1 1 - 0 +1
324. WebShellの探査 POST /mm.php HTTP/1.1 1 - 0 +1
325. WebShellの探査 POST /1q.php HTTP/1.1 1 - 0 +1
326. WebShellの探査 POST /1111.php HTTP/1.1 1 - 0 +1
327. WebShellの探査 POST /errors.php HTTP/1.1 1 - 0 +1
328. phpMyAdminの探査 GET /dbadmin/index.php HTTP/1.1 1 - 0 +1
329. 不明 GET hxxp://5[.]188[.]210[.]12/echo[.]php HTTP/1.1 1 - 0 +1

WOWHoneypotで取得したログの簡易分析は以上です。