はじめに
こんにちは。cute_otterです。
今日もCowrieのログを一部取得できていなかったため、ログの簡易分析をお休みします。すみません。
WOWHoneypot
ハニーポット「WOWHoneypot」で2019/02/04 (月) 00:00~23:59 UTC(運用32日目)に取得したログの簡易分析です。
特徴
- WebShellの探査が約600件(普段の5倍ほど)あり、非常に多かったです。
- 2019/02/01以来、3日ぶりにZGrabによるスキャンを観測しました。
概況
- 集計期間 : 2019/02/04 (月) 00:00~23:59 UTC
- 総アクセス件数 : 905 件(前日比 +884 件)
- WebShellの探査 : 584 件
- phpMyAdminの探査 : 264 件
- トップページへのアクセス : 19 件
- Tomcatの管理ページに対するログイン試行 : 19 件
- Network Weathermapの探査 : 6 件
- Microsoft IIS 6.0の脆弱性(CVE-2017-7269)を利用した攻撃 : 3 件
- WebDAVの探査 : 3 件
- WordPressのコンフィグファイルの探査 : 3 件
- WordPress用のPortable phpMyAdminの脆弱性(CVE-2012-5469)を利用した攻撃 : 3 件
- 不明 : 1 件
- ユニークIPアドレス件数 : 25 件 (前日比 +5 件)
- アクセス元の国数 : 17 カ国 (前日比 +4 カ国)
国別のアクセス件数
国別のアクセス件数は以下の通りです。
| 順位 | 国名 | 件数 | 前日の順位 | 前日の件数 | 件数差 | 備考 |
|---|---|---|---|---|---|---|
| 1. | China | 587 | - | 0 | +587 | - |
| 2. | Hong Kong | 298 | - | 0 | +298 | - |
| 3. | Brazil | 3 | 1. | 6 | -3 | - |
| 4. | Indonesia | 2 | - | 0 | +2 | - |
| 5. | India | 2 | - | 0 | +2 | - |
| 6. | Russia | 2 | - | 0 | +2 | - |
| 7. | Colombia | 1 | - | 0 | +1 | - |
| 8. | Poland | 1 | - | 0 | +1 | - |
| 9. | Argentina | 1 | - | 0 | +1 | - |
| 10. | Ukraine | 1 | - | 0 | +1 | - |
| 11. | Greece | 1 | - | 0 | +1 | - |
| 12. | United Kingdom | 1 | - | 0 | +1 | - |
| 13. | Pakistan | 1 | 13. | 1 | +-0 | - |
| 14. | Taiwan | 1 | 10. | 1 | +-0 | - |
| 15. | Mexico | 1 | 12. | 1 | +-0 | - |
| 16. | United States | 1 | 2. | 3 | -2 | - |
| 17. | Japan | 1 | 7. | 1 | +-0 | - |
- 中国と香港からのアクセス件数が増加しました。
- アクセスの目的はWebShellやphpMyAdminの探査が大半を占めていました。
- 中国からのアクセスは以下のISPに登録された4つのIPアドレスから行われていました。
- Tencent Cloud Computing (Beijing) Co. Ltd.(AS133478)
- China Mobile Communications Corporation(AS56046)
- China Unicom Zhejiang Province Network(AS4837)
- China Telecom Backbone(AS4134)
- 香港からのアクセスはHongKong Virtual internal server company Limited(AS134120)に登録された1つのIPアドレスから行われていました。
アクセス先
- WebShellの探査が合計で584件あり、そのうち324件がPOSTリクエストで、HTTPボディに
cmd=die(@md5(F3bru4ry));などがセットされていました。 - 2019/02/01以来、3日ぶりにZGrabによるスキャンを観測しました。
- 件数は2件でした。
- User-Agentは
Mozilla/5.0 zgrab/0.xでした。
- 2019/02/01~03にかけて観測したMASSCANによるスキャンは観測されませんでした。
アクセス先の一覧は以下の通りです。
| 順位 | 備考 | アクセス先 | 件数 | 前日の順位 | 前日の件数 | 件数差 |
|---|---|---|---|---|---|---|
| 1. | Tomcatの管理ページに対するログイン試行 | GET /manager/html HTTP/1.1 | 19 | - | 0 | +19 |
| 2. | トップページへのアクセス | GET / HTTP/1.1 | 17 | 1. | 15 | +2 |
| 3. | WebShellの探査 | POST /qq.php HTTP/1.1 | 10 | - | 0 | +10 |
| 4. | WebShellの探査 | POST /1.php HTTP/1.1 | 9 | - | 0 | +9 |
| 5. | WebShellの探査 | POST /confg.php HTTP/1.1 | 8 | - | 0 | +8 |
| 6. | WebShellの探査 | POST /q.php HTTP/1.1 | 7 | - | 0 | +7 |
| 7. | WebShellの探査 | GET /cmd.php HTTP/1.1 | 6 | - | 0 | +6 |
| 8. | WebShellの探査 | POST /xx.php HTTP/1.1 | 6 | - | 0 | +6 |
| 9. | WebShellの探査 | POST /conflg.php HTTP/1.1 | 6 | - | 0 | +6 |
| 10. | WebShellの探査 | POST /test.php HTTP/1.1 | 6 | - | 0 | +6 |
| 11. | WebShellの探査 | POST /x.php HTTP/1.1 | 6 | - | 0 | +6 |
| 12. | phpMyAdminの探査 | GET /phpMyAdmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
| 13. | phpMyAdminの探査 | GET /PMA/index.php HTTP/1.1 | 6 | - | 0 | +6 |
| 14. | phpMyAdminの探査 | GET /web/phpMyAdmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
| 15. | phpMyAdminの探査 | GET /admin/pma/index.php HTTP/1.1 | 6 | - | 0 | +6 |
| 16. | phpMyAdminの探査 | GET /admin/PMA/index.php HTTP/1.1 | 6 | - | 0 | +6 |
| 17. | phpMyAdminの探査 | GET /admin/phpmyadmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
| 18. | phpMyAdminの探査 | GET /admin/phpMyAdmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
| 19. | phpMyAdminの探査 | GET /xampp/phpmyadmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
| 20. | phpMyAdminの探査 | GET /www/phpMyAdmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
| 21. | phpMyAdminの探査 | GET /tools/phpMyAdmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
| 22. | phpMyAdminの探査 | GET /claroline/phpMyAdmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
| 23. | phpMyAdminの探査 | GET /typo3/phpmyadmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
| 24. | phpMyAdminの探査 | GET /phpmyadmin/phpmyadmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
| 25. | phpMyAdminの探査 | GET /phpMyAdmin/phpMyAdmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
| 26. | phpMyAdminの探査 | GET /MyAdmin/index.php HTTP/1.1 | 6 | - | 0 | +6 |
| 27. | WebShellの探査 | GET /shell.php HTTP/1.1 | 5 | - | 0 | +5 |
| 28. | WebShellの探査 | POST /s.php HTTP/1.1 | 5 | - | 0 | +5 |
| 29. | phpMyAdminの探査 | GET /pma/index.php HTTP/1.1 | 5 | - | 0 | +5 |
| 30. | WebShellの探査 | POST /2.php HTTP/1.1 | 4 | - | 0 | +4 |
| 31. | WebShellの探査 | POST /z.php HTTP/1.1 | 4 | - | 0 | +4 |
| 32. | WebShellの探査 | POST /hello.php HTTP/1.1 | 4 | - | 0 | +4 |
| 33. | phpMyAdminの探査 | GET /phpmyadmin/index.php HTTP/1.1 | 4 | - | 0 | +4 |
| 34. | Microsoft IIS 6.0の脆弱性(CVE-2017-7269)を利用した攻撃 | PROPFIND / HTTP/1.1 | 3 | - | 0 | +3 |
| 35. | WebDAVの探査 | GET /webdav/ HTTP/1.1 | 3 | - | 0 | +3 |
| 36. | WebShellの探査 | GET /help.php HTTP/1.1 | 3 | - | 0 | +3 |
| 37. | WebShellの探査 | GET /java.php HTTP/1.1 | 3 | - | 0 | +3 |
| 38. | WebShellの探査 | GET /_query.php HTTP/1.1 | 3 | - | 0 | +3 |
| 39. | WebShellの探査 | GET /test.php HTTP/1.1 | 3 | - | 0 | +3 |
| 40. | WebShellの探査 | GET /db_cts.php HTTP/1.1 | 3 | - | 0 | +3 |
| 41. | WebShellの探査 | GET /log.php HTTP/1.1 | 3 | - | 0 | +3 |
| 42. | WebShellの探査 | GET /hell.php HTTP/1.1 | 3 | - | 0 | +3 |
| 43. | WebShellの探査 | GET /pmd_online.php HTTP/1.1 | 3 | - | 0 | +3 |
| 44. | WebShellの探査 | GET /x.php HTTP/1.1 | 3 | - | 0 | +3 |
| 45. | WebShellの探査 | GET /htdocs.php HTTP/1.1 | 3 | - | 0 | +3 |
| 46. | WebShellの探査 | GET /z.php HTTP/1.1 | 3 | - | 0 | +3 |
| 47. | WebShellの探査 | GET /lala.php HTTP/1.1 | 3 | - | 0 | +3 |
| 48. | WebShellの探査 | GET /lala-dpr.php HTTP/1.1 | 3 | - | 0 | +3 |
| 49. | WebShellの探査 | GET /wpc.php HTTP/1.1 | 3 | - | 0 | +3 |
| 50. | WebShellの探査 | GET /wpo.php HTTP/1.1 | 3 | - | 0 | +3 |
| 51. | WebShellの探査 | GET /text.php HTTP/1.1 | 3 | - | 0 | +3 |
| 52. | WordPressのコンフィグファイルの探査 | GET /wp-config.php HTTP/1.1 | 3 | - | 0 | +3 |
| 53. | WebShellの探査 | GET /muhstik2.php HTTP/1.1 | 3 | - | 0 | +3 |
| 54. | WebShellの探査 | GET /muhstiks.php HTTP/1.1 | 3 | - | 0 | +3 |
| 55. | WebShellの探査 | GET /muhstik-dpr.php HTTP/1.1 | 3 | - | 0 | +3 |
| 56. | WebShellの探査 | GET /lol.php HTTP/1.1 | 3 | - | 0 | +3 |
| 57. | WebShellの探査 | GET /uploader.php HTTP/1.1 | 3 | - | 0 | +3 |
| 58. | WebShellの探査 | GET /cmv.php HTTP/1.1 | 3 | - | 0 | +3 |
| 59. | WebShellの探査 | GET /knal.php HTTP/1.1 | 3 | - | 0 | +3 |
| 60. | WebShellの探査 | GET /appserv.php HTTP/1.1 | 3 | - | 0 | +3 |
| 61. | phpMyAdminの探査 | GET /scripts/setup.php HTTP/1.1 | 3 | - | 0 | +3 |
| 62. | phpMyAdminの探査 | GET /phpmyadmin/scripts/setup.php HTTP/1.1 | 3 | - | 0 | +3 |
| 63. | phpMyAdminの探査 | GET /phpMyAdmin/scripts/setup.php HTTP/1.1 | 3 | - | 0 | +3 |
| 64. | phpMyAdminの探査 | GET /phpmyadmin/scripts/db___.init.php HTTP/1.1 | 3 | - | 0 | +3 |
| 65. | phpMyAdminの探査 | GET /phpMyAdmin/scripts/db___.init.php HTTP/1.1 | 3 | - | 0 | +3 |
| 66. | Network Weathermapの探査 | GET /plugins/weathermap/editor.php HTTP/1.1 | 3 | - | 0 | +3 |
| 67. | Network Weathermapの探査 | GET /cacti/plugins/weathermap/editor.php HTTP/1.1 | 3 | - | 0 | +3 |
| 68. | WebShellの探査 | POST /wuwu11.php HTTP/1.1 | 3 | - | 0 | +3 |
| 69. | WebShellの探査 | POST /xw.php HTTP/1.1 | 3 | - | 0 | +3 |
| 70. | WebShellの探査 | POST /9678.php HTTP/1.1 | 3 | - | 0 | +3 |
| 71. | WebShellの探査 | POST /wc.php HTTP/1.1 | 3 | - | 0 | +3 |
| 72. | WebShellの探査 | POST /w.php HTTP/1.1 | 3 | - | 0 | +3 |
| 73. | WebShellの探査 | POST /sheep.php HTTP/1.1 | 3 | - | 0 | +3 |
| 74. | WebShellの探査 | POST /qaq.php HTTP/1.1 | 3 | - | 0 | +3 |
| 75. | WebShellの探査 | POST /db.init.php HTTP/1.1 | 3 | - | 0 | +3 |
| 76. | WebShellの探査 | POST /db_session.init.php HTTP/1.1 | 3 | - | 0 | +3 |
| 77. | WebShellの探査 | POST /db__.init.php HTTP/1.1 | 3 | - | 0 | +3 |
| 78. | WebShellの探査 | POST /wp-admins.php HTTP/1.1 | 3 | - | 0 | +3 |
| 79. | WebShellの探査 | POST /db_dataml.php HTTP/1.1 | 3 | - | 0 | +3 |
| 80. | WebShellの探査 | POST /mx.php HTTP/1.1 | 3 | - | 0 | +3 |
| 81. | WebShellの探査 | POST /wshell.php HTTP/1.1 | 3 | - | 0 | +3 |
| 82. | WebShellの探査 | POST /xshell.php HTTP/1.1 | 3 | - | 0 | +3 |
| 83. | WebShellの探査 | POST /lindex.php HTTP/1.1 | 3 | - | 0 | +3 |
| 84. | WebShellの探査 | POST /phpstudy.php HTTP/1.1 | 3 | - | 0 | +3 |
| 85. | WebShellの探査 | POST /phpStudy.php HTTP/1.1 | 3 | - | 0 | +3 |
| 86. | WebShellの探査 | POST /weixiao.php HTTP/1.1 | 3 | - | 0 | +3 |
| 87. | WebShellの探査 | POST /feixiang.php HTTP/1.1 | 3 | - | 0 | +3 |
| 88. | WebShellの探査 | POST /ak47.php HTTP/1.1 | 3 | - | 0 | +3 |
| 89. | WebShellの探査 | POST /ak48.php HTTP/1.1 | 3 | - | 0 | +3 |
| 90. | WebShellの探査 | POST /xiao.php HTTP/1.1 | 3 | - | 0 | +3 |
| 91. | WebShellの探査 | POST /defect.php HTTP/1.1 | 3 | - | 0 | +3 |
| 92. | WebShellの探査 | POST /webslee.php HTTP/1.1 | 3 | - | 0 | +3 |
| 93. | WebShellの探査 | POST /pe.php HTTP/1.1 | 3 | - | 0 | +3 |
| 94. | WebShellの探査 | POST /hm.php HTTP/1.1 | 3 | - | 0 | +3 |
| 95. | WebShellの探査 | POST /cainiao.php HTTP/1.1 | 3 | - | 0 | +3 |
| 96. | WebShellの探査 | POST /zuoshou.php HTTP/1.1 | 3 | - | 0 | +3 |
| 97. | WebShellの探査 | POST /zuo.php HTTP/1.1 | 3 | - | 0 | +3 |
| 98. | WebShellの探査 | POST /aotu.php HTTP/1.1 | 3 | - | 0 | +3 |
| 99. | WebShellの探査 | POST /aotu7.php HTTP/1.1 | 3 | - | 0 | +3 |
| 100. | WebShellの探査 | POST /cmd.php HTTP/1.1 | 3 | - | 0 | +3 |
| 101. | WebShellの探査 | POST /system.php HTTP/1.1 | 3 | - | 0 | +3 |
| 102. | WebShellの探査 | POST /l6.php HTTP/1.1 | 3 | - | 0 | +3 |
| 103. | WebShellの探査 | POST /l7.php HTTP/1.1 | 3 | - | 0 | +3 |
| 104. | WebShellの探査 | POST /l8.php HTTP/1.1 | 3 | - | 0 | +3 |
| 105. | WebShellの探査 | POST /56.php HTTP/1.1 | 3 | - | 0 | +3 |
| 106. | WebShellの探査 | POST /mz.php HTTP/1.1 | 3 | - | 0 | +3 |
| 107. | WebShellの探査 | POST /yumo.php HTTP/1.1 | 3 | - | 0 | +3 |
| 108. | WebShellの探査 | POST /min.php HTTP/1.1 | 3 | - | 0 | +3 |
| 109. | WebShellの探査 | POST /wan.php HTTP/1.1 | 3 | - | 0 | +3 |
| 110. | WebShellの探査 | POST /wanan.php HTTP/1.1 | 3 | - | 0 | +3 |
| 111. | WebShellの探査 | POST /ssaa.php HTTP/1.1 | 3 | - | 0 | +3 |
| 112. | WebShellの探査 | POST /aw.php HTTP/1.1 | 3 | - | 0 | +3 |
| 113. | WebShellの探査 | POST /12.php HTTP/1.1 | 3 | - | 0 | +3 |
| 114. | WebShellの探査 | POST /hh.php HTTP/1.1 | 3 | - | 0 | +3 |
| 115. | WebShellの探査 | POST /ak.php HTTP/1.1 | 3 | - | 0 | +3 |
| 116. | WebShellの探査 | POST /ip.php HTTP/1.1 | 3 | - | 0 | +3 |
| 117. | WebShellの探査 | POST /infoo.php HTTP/1.1 | 3 | - | 0 | +3 |
| 118. | WebShellの探査 | POST /qwe.php HTTP/1.1 | 3 | - | 0 | +3 |
| 119. | WebShellの探査 | POST /1213.php HTTP/1.1 | 3 | - | 0 | +3 |
| 120. | WebShellの探査 | POST /post.php HTTP/1.1 | 3 | - | 0 | +3 |
| 121. | WebShellの探査 | POST /h1.php HTTP/1.1 | 3 | - | 0 | +3 |
| 122. | WebShellの探査 | POST /3.php HTTP/1.1 | 3 | - | 0 | +3 |
| 123. | WebShellの探査 | POST /phpinfi.php HTTP/1.1 | 3 | - | 0 | +3 |
| 124. | WebShellの探査 | POST /9510.php HTTP/1.1 | 3 | - | 0 | +3 |
| 125. | WebShellの探査 | POST /default.php HTTP/1.1 | 3 | - | 0 | +3 |
| 126. | WebShellの探査 | POST /sean.php HTTP/1.1 | 3 | - | 0 | +3 |
| 127. | WebShellの探査 | POST /app.php HTTP/1.1 | 3 | - | 0 | +3 |
| 128. | WebShellの探査 | POST /tiandi.php HTTP/1.1 | 3 | - | 0 | +3 |
| 129. | WebShellの探査 | POST /xz.php HTTP/1.1 | 3 | - | 0 | +3 |
| 130. | WebShellの探査 | POST /zshmindex.php HTTP/1.1 | 3 | - | 0 | +3 |
| 131. | WebShellの探査 | POST /tomcat.php HTTP/1.1 | 3 | - | 0 | +3 |
| 132. | WebShellの探査 | POST /ou2.php HTTP/1.1 | 3 | - | 0 | +3 |
| 133. | WebShellの探査 | POST /zuos.php HTTP/1.1 | 3 | - | 0 | +3 |
| 134. | WebShellの探査 | POST /zuoss.php HTTP/1.1 | 3 | - | 0 | +3 |
| 135. | WebShellの探査 | POST /zuoshss.php HTTP/1.1 | 3 | - | 0 | +3 |
| 136. | WebShellの探査 | POST /boots.php HTTP/1.1 | 3 | - | 0 | +3 |
| 137. | WebShellの探査 | POST /she.php HTTP/1.1 | 3 | - | 0 | +3 |
| 138. | WebShellの探査 | POST /api.php HTTP/1.1 | 3 | - | 0 | +3 |
| 139. | WebShellの探査 | POST /lucky.php HTTP/1.1 | 3 | - | 0 | +3 |
| 140. | phpMyAdminの探査 | GET /index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 141. | phpMyAdminの探査 | GET /pmamy/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 142. | phpMyAdminの探査 | GET /pmamy2/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 143. | phpMyAdminの探査 | GET /mysql/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 144. | phpMyAdminの探査 | GET /admin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 145. | phpMyAdminの探査 | GET /db/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 146. | phpMyAdminの探査 | GET /admin/mysql/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 147. | phpMyAdminの探査 | GET /admin/mysql2/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 148. | phpMyAdminの探査 | GET /admin/phpmyadmin2/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 149. | phpMyAdminの探査 | GET /mysqladmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 150. | phpMyAdminの探査 | GET /mysql-admin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 151. | phpMyAdminの探査 | GET /mysql_admin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 152. | phpMyAdminの探査 | GET /phpadmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 153. | phpMyAdminの探査 | GET /phpAdmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 154. | phpMyAdminの探査 | GET /phpmyadmin0/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 155. | phpMyAdminの探査 | GET /phpmyadmin1/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 156. | phpMyAdminの探査 | GET /phpmyadmin2/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 157. | phpMyAdminの探査 | GET /phpMyAdmin-4.4.0/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 158. | phpMyAdminの探査 | GET /myadmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 159. | phpMyAdminの探査 | GET /myadmin2/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 160. | phpMyAdminの探査 | GET /phpmyadmin-old/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 161. | phpMyAdminの探査 | GET /phpMyAdmin.old/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 162. | phpMyAdminの探査 | GET /phpma/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 163. | phpMyAdminの探査 | GET /phpMyAbmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 164. | phpMyAdminの探査 | GET /phpMyAdmin__/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 165. | phpMyAdminの探査 | GET /phpMyAdmin+++---/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 166. | phpMyAdminの探査 | GET /v/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 167. | phpMyAdminの探査 | GET /phpMyAdm1n/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 168. | phpMyAdminの探査 | GET /shaAdmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 169. | phpMyAdminの探査 | GET /phpMyadmi/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 170. | phpMyAdminの探査 | GET /phpMyAdmion/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 171. | phpMyAdminの探査 | GET /phpMyAdmin1/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 172. | phpMyAdminの探査 | GET /pwd/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 173. | phpMyAdminの探査 | GET /phpMyAdmina/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 174. | phpMyAdminの探査 | GET /phpMydmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 175. | phpMyAdminの探査 | GET /phpMyAdmins/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 176. | phpMyAdminの探査 | GET /program/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 177. | phpMyAdminの探査 | GET /shopdb/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 178. | phpMyAdminの探査 | GET /phppma/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 179. | phpMyAdminの探査 | GET /phpmy/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 180. | phpMyAdminの探査 | GET /mysql/admin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 181. | phpMyAdminの探査 | GET /mysql/dbadmin/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 182. | phpMyAdminの探査 | GET /mysql/mysqlmanager/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 183. | WordPress用のPortable phpMyAdminの脆弱性(CVE-2012-5469)を利用した攻撃 | GET /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php HTTP/1.1 | 3 | - | 0 | +3 |
| 184. | phpMyAdminの探査 | GET /db_pma.php HTTP/1.1 | 2 | - | 0 | +2 |
| 185. | WebShellの探査 | GET /logon.php HTTP/1.1 | 2 | - | 0 | +2 |
| 186. | WebShellの探査 | GET /license.php HTTP/1.1 | 2 | - | 0 | +2 |
| 187. | WebShellの探査 | POST /xw1.php HTTP/1.1 | 2 | - | 0 | +2 |
| 188. | WebShellの探査 | POST /m.php?pbid=open HTTP/1.1 | 2 | - | 0 | +2 |
| 189. | WebShellの探査 | POST /db_desql.php HTTP/1.1 | 2 | - | 0 | +2 |
| 190. | WebShellの探査 | POST /yao.php HTTP/1.1 | 2 | - | 0 | +2 |
| 191. | WebShellの探査 | POST /bak.php HTTP/1.1 | 2 | - | 0 | +2 |
| 192. | WebShellの探査 | POST /aaaa.php HTTP/1.1 | 2 | - | 0 | +2 |
| 193. | WebShellの探査 | POST /python.php HTTP/1.1 | 2 | - | 0 | +2 |
| 194. | WebShellの探査 | POST /ceshi.php HTTP/1.1 | 2 | - | 0 | +2 |
| 195. | WebShellの探査 | POST /qw.php HTTP/1.1 | 2 | - | 0 | +2 |
| 196. | WebShellの探査 | POST /caonma.php HTTP/1.1 | 2 | - | 0 | +2 |
| 197. | WebShellの探査 | POST /ss.php HTTP/1.1 | 2 | - | 0 | +2 |
| 198. | WebShellの探査 | POST /wcp.php HTTP/1.1 | 2 | - | 0 | +2 |
| 199. | WebShellの探査 | POST /u.php HTTP/1.1 | 2 | - | 0 | +2 |
| 200. | WebShellの探査 | POST /uuu.php HTTP/1.1 | 2 | - | 0 | +2 |
| 201. | WebShellの探査 | POST /sss.php HTTP/1.1 | 2 | - | 0 | +2 |
| 202. | WebShellの探査 | POST /core.php HTTP/1.1 | 2 | - | 0 | +2 |
| 203. | WebShellの探査 | POST /qaz.php HTTP/1.1 | 2 | - | 0 | +2 |
| 204. | WebShellの探査 | POST /sha.php HTTP/1.1 | 2 | - | 0 | +2 |
| 205. | WebShellの探査 | POST /ppx.php HTTP/1.1 | 2 | - | 0 | +2 |
| 206. | WebShellの探査 | POST /conf1g.php HTTP/1.1 | 2 | - | 0 | +2 |
| 207. | WebShellの探査 | POST /ver.php HTTP/1.1 | 2 | - | 0 | +2 |
| 208. | WebShellの探査 | POST /hack.php HTTP/1.1 | 2 | - | 0 | +2 |
| 209. | WebShellの探査 | POST /qa.php HTTP/1.1 | 2 | - | 0 | +2 |
| 210. | WebShellの探査 | POST /Ss.php HTTP/1.1 | 2 | - | 0 | +2 |
| 211. | WebShellの探査 | POST /xxx.php HTTP/1.1 | 2 | - | 0 | +2 |
| 212. | WebShellの探査 | POST /92.php HTTP/1.1 | 2 | - | 0 | +2 |
| 213. | WebShellの探査 | POST /dexgp.php HTTP/1.1 | 2 | - | 0 | +2 |
| 214. | WebShellの探査 | POST /nuoxi.php HTTP/1.1 | 2 | - | 0 | +2 |
| 215. | WebShellの探査 | POST /godkey.php HTTP/1.1 | 2 | - | 0 | +2 |
| 216. | WebShellの探査 | POST /okokok.php HTTP/1.1 | 2 | - | 0 | +2 |
| 217. | WebShellの探査 | POST /erwa.php HTTP/1.1 | 2 | - | 0 | +2 |
| 218. | WebShellの探査 | POST /pma.php HTTP/1.1 | 2 | - | 0 | +2 |
| 219. | WebShellの探査 | POST /ruyi.php HTTP/1.1 | 2 | - | 0 | +2 |
| 220. | WebShellの探査 | POST /51314.php HTTP/1.1 | 2 | - | 0 | +2 |
| 221. | WebShellの探査 | POST /5201314.php HTTP/1.1 | 2 | - | 0 | +2 |
| 222. | WebShellの探査 | POST /fusheng.php HTTP/1.1 | 2 | - | 0 | +2 |
| 223. | WebShellの探査 | POST /general.php HTTP/1.1 | 2 | - | 0 | +2 |
| 224. | WebShellの探査 | POST /repeat.php HTTP/1.1 | 2 | - | 0 | +2 |
| 225. | WebShellの探査 | POST /ldw.php HTTP/1.1 | 2 | - | 0 | +2 |
| 226. | WebShellの探査 | POST /s1.php HTTP/1.1 | 2 | - | 0 | +2 |
| 227. | WebShellの探査 | POST /xiaodai.php HTTP/1.1 | 2 | - | 0 | +2 |
| 228. | WebShellの探査 | POST /admn.php HTTP/1.1 | 2 | - | 0 | +2 |
| 229. | WebShellの探査 | POST /hell.php HTTP/1.1 | 2 | - | 0 | +2 |
| 230. | WebShellの探査 | POST /xp.php HTTP/1.1 | 2 | - | 0 | +2 |
| 231. | WebShellの探査 | POST /p.php HTTP/1.1 | 2 | - | 0 | +2 |
| 232. | WebShellの探査 | POST /a.php HTTP/1.1 | 2 | - | 0 | +2 |
| 233. | WebShellの探査 | POST /m.php HTTP/1.1 | 2 | - | 0 | +2 |
| 234. | WebShellの探査 | POST /conf.php HTTP/1.1 | 2 | - | 0 | +2 |
| 235. | WebShellの探査 | POST /123.php HTTP/1.1 | 2 | - | 0 | +2 |
| 236. | WebShellの探査 | POST /HX.php HTTP/1.1 | 2 | - | 0 | +2 |
| 237. | WebShellの探査 | POST /diy.php HTTP/1.1 | 2 | - | 0 | +2 |
| 238. | WebShellの探査 | POST /666.php HTTP/1.1 | 2 | - | 0 | +2 |
| 239. | WebShellの探査 | POST /777.php HTTP/1.1 | 2 | - | 0 | +2 |
| 240. | WebShellの探査 | POST /qwqw.php HTTP/1.1 | 2 | - | 0 | +2 |
| 241. | WebShellの探査 | POST /.php HTTP/1.1 | 2 | - | 0 | +2 |
| 242. | WebShellの探査 | POST /infos.php HTTP/1.1 | 2 | - | 0 | +2 |
| 243. | WebShellの探査 | POST /htfr.php HTTP/1.1 | 2 | - | 0 | +2 |
| 244. | WebShellの探査 | POST /zzk.php HTTP/1.1 | 2 | - | 0 | +2 |
| 245. | WebShellの探査 | POST /toor.php HTTP/1.1 | 2 | - | 0 | +2 |
| 246. | WebShellの探査 | POST /aa.php HTTP/1.1 | 2 | - | 0 | +2 |
| 247. | WebShellの探査 | POST /wb.php HTTP/1.1 | 2 | - | 0 | +2 |
| 248. | WebShellの探査 | POST /xiaoma.php HTTP/1.1 | 2 | - | 0 | +2 |
| 249. | WebShellの探査 | POST /xiaomar.php HTTP/1.1 | 2 | - | 0 | +2 |
| 250. | phpMyAdminの探査 | GET /phpMyadmin_bak/index.php HTTP/1.1 | 2 | - | 0 | +2 |
| 251. | phpMyAdminの探査 | GET /pma-old/index.php HTTP/1.1 | 2 | - | 0 | +2 |
| 252. | phpMyAdminの探査 | GET /phpmyadm1n/index.php HTTP/1.1 | 2 | - | 0 | +2 |
| 253. | phpMyAdminの探査 | GET /s/index.php HTTP/1.1 | 2 | - | 0 | +2 |
| 254. | phpMyAdminの探査 | GET /phpMyAdmin123/index.php HTTP/1.1 | 2 | - | 0 | +2 |
| 255. | phpMyAdminの探査 | GET /mysql/sqlmanager/index.php HTTP/1.1 | 2 | - | 0 | +2 |
| 256. | WebShellの探査 | GET /help-e.php HTTP/1.1 | 2 | - | 0 | +2 |
| 257. | WebShellの探査 | GET /desktop.ini.php HTTP/1.1 | 2 | - | 0 | +2 |
| 258. | WebShellの探査 | GET /muhstik.php HTTP/1.1 | 2 | - | 0 | +2 |
| 259. | WebShellの探査 | GET /cmdd.php HTTP/1.1 | 2 | - | 0 | +2 |
| 260. | WebShellの探査 | POST /help.php HTTP/1.1 | 2 | - | 0 | +2 |
| 261. | WebShellの探査 | POST /miao.php HTTP/1.1 | 2 | - | 0 | +2 |
| 262. | WebShellの探査 | POST /linuxse.php HTTP/1.1 | 2 | - | 0 | +2 |
| 263. | WebShellの探査 | POST /1hou.php HTTP/1.1 | 2 | - | 0 | +2 |
| 264. | WebShellの探査 | POST /MCLi.php HTTP/1.1 | 2 | - | 0 | +2 |
| 265. | WebShellの探査 | POST /zxc1.php HTTP/1.1 | 2 | - | 0 | +2 |
| 266. | WebShellの探査 | POST /test123.php HTTP/1.1 | 2 | - | 0 | +2 |
| 267. | WebShellの探査 | POST /paylog.php HTTP/1.1 | 2 | - | 0 | +2 |
| 268. | phpMyAdminの探査 | GET /pmd/index.php HTTP/1.1 | 2 | - | 0 | +2 |
| 269. | phpMyAdminの探査 | GET /PMA2/index.php HTTP/1.1 | 2 | - | 0 | +2 |
| 270. | phpMyAdminの探査 | GET /phpMyAdminold/index.php HTTP/1.1 | 2 | - | 0 | +2 |
| 271. | トップページへのアクセス | GET / HTTP/1.0 | 2 | 2. | 3 | -1 |
| 272. | WebShellの探査 | POST /qwq.php HTTP/1.1 | 1 | - | 0 | +1 |
| 273. | WebShellの探査 | POST /zuoindex.php HTTP/1.1 | 1 | - | 0 | +1 |
| 274. | WebShellの探査 | POST /uu.php HTTP/1.1 | 1 | - | 0 | +1 |
| 275. | WebShellの探査 | POST /yj.php HTTP/1.1 | 1 | - | 0 | +1 |
| 276. | WebShellの探査 | POST /7.php HTTP/1.1 | 1 | - | 0 | +1 |
| 277. | WebShellの探査 | POST /xiaomae.php HTTP/1.1 | 1 | - | 0 | +1 |
| 278. | WebShellの探査 | POST /data.php HTTP/1.1 | 1 | - | 0 | +1 |
| 279. | WebShellの探査 | POST /log.php HTTP/1.1 | 1 | - | 0 | +1 |
| 280. | WebShellの探査 | POST /fack.php HTTP/1.1 | 1 | - | 0 | +1 |
| 281. | WebShellの探査 | POST /angge.php HTTP/1.1 | 1 | - | 0 | +1 |
| 282. | WebShellの探査 | POST /cxfm666.php HTTP/1.1 | 1 | - | 0 | +1 |
| 283. | WebShellの探査 | POST /db.php HTTP/1.1 | 1 | - | 0 | +1 |
| 284. | WebShellの探査 | POST /hacly.php HTTP/1.1 | 1 | - | 0 | +1 |
| 285. | WebShellの探査 | POST /xiaomo.php HTTP/1.1 | 1 | - | 0 | +1 |
| 286. | WebShellの探査 | POST /xiaoyu.php HTTP/1.1 | 1 | - | 0 | +1 |
| 287. | WebShellの探査 | POST /xiaohei.php HTTP/1.1 | 1 | - | 0 | +1 |
| 288. | WebShellの探査 | POST /j.php HTTP/1.1 | 1 | - | 0 | +1 |
| 289. | WebShellの探査 | POST /qq5262.php HTTP/1.1 | 1 | - | 0 | +1 |
| 290. | WebShellの探査 | POST /lost.php HTTP/1.1 | 1 | - | 0 | +1 |
| 291. | WebShellの探査 | POST /php.php HTTP/1.1 | 1 | - | 0 | +1 |
| 292. | WebShellの探査 | POST /win.php HTTP/1.1 | 1 | - | 0 | +1 |
| 293. | WebShellの探査 | POST /win1.php HTTP/1.1 | 1 | - | 0 | +1 |
| 294. | WebShellの探査 | POST /linux.php HTTP/1.1 | 1 | - | 0 | +1 |
| 295. | WebShellの探査 | POST /linux1.php HTTP/1.1 | 1 | - | 0 | +1 |
| 296. | WebShellの探査 | POST /cc.php HTTP/1.1 | 1 | - | 0 | +1 |
| 297. | WebShellの探査 | POST /lanke.php HTTP/1.1 | 1 | - | 0 | +1 |
| 298. | WebShellの探査 | POST /neko.php HTTP/1.1 | 1 | - | 0 | +1 |
| 299. | WebShellの探査 | POST /super.php HTTP/1.1 | 1 | - | 0 | +1 |
| 300. | WebShellの探査 | POST /cere.php HTTP/1.1 | 1 | - | 0 | +1 |
| 301. | WebShellの探査 | POST /aaa.php HTTP/1.1 | 1 | - | 0 | +1 |
| 302. | WebShellの探査 | POST /Administrator.php HTTP/1.1 | 1 | - | 0 | +1 |
| 303. | WebShellの探査 | POST /liangchen.php HTTP/1.1 | 1 | - | 0 | +1 |
| 304. | WebShellの探査 | POST /meng.php HTTP/1.1 | 1 | - | 0 | +1 |
| 305. | WebShellの探査 | POST /no.php HTTP/1.1 | 1 | - | 0 | +1 |
| 306. | WebShellの探査 | POST /mysql.php HTTP/1.1 | 1 | - | 0 | +1 |
| 307. | WebShellの探査 | POST /Updata.php HTTP/1.1 | 1 | - | 0 | +1 |
| 308. | WebShellの探査 | POST /xxxx.php HTTP/1.1 | 1 | - | 0 | +1 |
| 309. | WebShellの探査 | POST /coon.php HTTP/1.1 | 1 | - | 0 | +1 |
| 310. | WebShellの探査 | POST /zxc0.php HTTP/1.1 | 1 | - | 0 | +1 |
| 311. | WebShellの探査 | POST /zxc2.php HTTP/1.1 | 1 | - | 0 | +1 |
| 312. | WebShellの探査 | POST /indexa.php HTTP/1.1 | 1 | - | 0 | +1 |
| 313. | WebShellの探査 | POST /lx.php HTTP/1.1 | 1 | - | 0 | +1 |
| 314. | WebShellの探査 | POST /cn.php HTTP/1.1 | 1 | - | 0 | +1 |
| 315. | WebShellの探査 | POST /index1.php HTTP/1.1 | 1 | - | 0 | +1 |
| 316. | WebShellの探査 | POST /info.php HTTP/1.1 | 1 | - | 0 | +1 |
| 317. | WebShellの探査 | POST /info1.php HTTP/1.1 | 1 | - | 0 | +1 |
| 318. | WebShellの探査 | POST /aaaaaa1.php HTTP/1.1 | 1 | - | 0 | +1 |
| 319. | WebShellの探査 | POST /up.php HTTP/1.1 | 1 | - | 0 | +1 |
| 320. | WebShellの探査 | POST /fb.php HTTP/1.1 | 1 | - | 0 | +1 |
| 321. | WebShellの探査 | POST /cnm.php HTTP/1.1 | 1 | - | 0 | +1 |
| 322. | WebShellの探査 | POST /51.php HTTP/1.1 | 1 | - | 0 | +1 |
| 323. | WebShellの探査 | POST /cadre.php HTTP/1.1 | 1 | - | 0 | +1 |
| 324. | WebShellの探査 | POST /mm.php HTTP/1.1 | 1 | - | 0 | +1 |
| 325. | WebShellの探査 | POST /1q.php HTTP/1.1 | 1 | - | 0 | +1 |
| 326. | WebShellの探査 | POST /1111.php HTTP/1.1 | 1 | - | 0 | +1 |
| 327. | WebShellの探査 | POST /errors.php HTTP/1.1 | 1 | - | 0 | +1 |
| 328. | phpMyAdminの探査 | GET /dbadmin/index.php HTTP/1.1 | 1 | - | 0 | +1 |
| 329. | 不明 | GET hxxp://5[.]188[.]210[.]12/echo[.]php HTTP/1.1 | 1 | - | 0 | +1 |
WOWHoneypotで取得したログの簡易分析は以上です。
