【Honeypot】2019年6月9日 ~6月15日 BW-pot観察結果【ハニーポット】

f:id:NickShadows:20190616212710j:plain

総評

wordpressの週だったと言えるでしょう。
スキャナーがあるのは知っているので、新しいIPアドレスにしこたまやってるんじゃないですかね。




その後の攻撃アクセスもなかったので、自動化されているのかな?
特筆すべきことは特にありませんでした。




ドメインも登録したので、育ってくれると嬉しいです。




トップ画面

f:id:NickShadows:20190616212507p:plain:w600


直近1ヶ月折れ線グラフ

f:id:NickShadows:20190616212528p:plain:w600


GETリクエスト(top 100)

no uri Co
1 / 385
2 /wp-login.php 326
3 /manager/html 250
4 /?google=bot&page_id=1 11
5 /?google=bot 11
6 /robots.txt 9
7 /wp-json/wp/v2/users/ 6
8 /phpMyAdmin/scripts/setup.php 5
9 /phpmyadmin/scripts/setup.php 5
10 /w00tw00t.at.blackhats.romanian.anti-sec:) 5
11 /pma/scripts/setup.php 5
12 /favicon.ico 4
13 /phpmy/scripts/setup.php 4
14 /wp-admin/ 4
15 /sitemap.xml 3
16 /?author=1 3
17 /myadmin/scripts/setup.php 3
18 *1 3
19 ///?author=1 3
20 /wp-admin/theme-editor.php 3
21 /wp-admin/theme-editor.php?file=footer.php&theme=twentynineteen 3
22 /TP/public/index.php 3
23 /wp-includes/wlwmanifest.xml 3
24 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=backup 3
25 /MyAdmin/scripts/setup.php 3
26 /wp-json/oembed/1.0/embed?url=http[:]//onlinedocumentsite.com 3
27 ///wp-json/wp/v2/users/ 3
28 /.well-known/security.txt 3
29 /wp-admin/theme-editor.php?file=404.php 2
30 /alt/sqladmin/scripts/setup.php 2
31 /phpmyadmin/index.php?lang=en&pma_username=admin&pma_password=admin 2
32 /index.php?lang=en 2
33 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=xampp 2
34 /phpmyadmin/index.php?lang=en&pma_username=http&pma_password=http 2
35 /web/phpMyAdmin/scripts/setup.php 2
36 /pyaniste/mysqladmin/scripts/setup.php 2
37 /phpMyAdmin-2.8.0.4/scripts/setup.php 2
38 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=2017 2
39 /phpmyadmin.box25/scripts/setup.php 2
40 /phpmyadmin/index.php?lang=en&pma_username=popa3d&pma_password=popa3d 2
41 /php-my-admin/scripts/setup.php 2
42 /phpmyadmin/index.php?lang=en 2
43 /HNAP1 2
44 /admin/ 2
45 /scripts/setup.php 2
46 /PMA/scripts/setup.php 2
47 /admin/scripts/setup.php 2
48 /mysql/scripts/setup.php 2
49 /mysqladmin/scripts/setup.php 2
50 /pHpMyAdMiN/scripts/setup.php 2
51 /phpMyAdmin2/scripts/setup.php 2
52 /php/phpMyAdmin/scripts/setup.php 2
53 /admin/phpmyadmin/scripts/setup.php 2
54 /_phpMyAdmin/scripts/setup.php 2
55 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=2020 2
56 /db/ 2
57 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=password 2
58 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=databases 2
59 /phpmyadmin/index.php?lang=en&pma_username=ueer&pma_password=pass 2
60 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=password321 2
61 /mysql/mysqlmanager/index.php?lang=en 2
62 /mysql/sqlmanager/index.php?lang=en 2
63 /mysql/admin/index.php?lang=en 2
64 /mysql/dbadmin/index.php?lang=en 2
65 /api/v1 2
66 /fastenv 2
67 /index_main.php 2
68 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=solo 2
69 /echo.php 2
70 /admincooptel/phpMyAdmin/scripts/setup.php 2
71 /configuracion/phpmyadmin/scripts/setup.php 2
72 /pma/ 2
73 /db/scripts/setup.php 2
74 /php/scripts/setup.php 2
75 /MySQL/scripts/setup.php 2
76 /phpmy/scripts/setup.php\ 2
77 /~riba/pma/scripts/setup.php 2
78 /evox/about 2
79 /phpMyAdmin-www072510/scripts/setup.php 2
80 /phpmyadmin/scripts/setup.php/index.php 2
81 /sqladmin/scripts/setup.php 2
82 /websql/scripts/setup.php 2
83 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=qazwsx 1
84 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=ROOT 1
85 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=charlie 1
86 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=2013 1
87 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=passwords 1
88 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=123456 1
89 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=princess 1
90 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=root 1
91 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=database 1
92 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=password1 1
93 /Nmap/folder/check1560081276 1
94 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=master 1
95 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=dragon 1
96 /wordpress/ 1
97 /xmlrpc.php 1
98 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=usa 1
99 /index.php 1
100 /phpmyadmin/index.php?lang=en&pma_username=root&pma_password=user 1

*1

/TP/public/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1


POSTリクエスト

uri Co
/wp-login.php 321
/xmlrpc.php 183
/wp-admin/theme-editor.php 4
/TP/public/index.php?s=captcha 3
/phpmyadmin/index.php 2
/sdk 2
/manager/html/upload;JSESSIONID=7BE58285C9160F250CE61A0BF5AB7270?org.apache.catalina.filters.CSRF_NONCE=70B08085B8CD50CD6507F75CA2B8F5AC 1
/ServiceControl/app 1
/users?page=&size=5 1
/wp-admin/update.php?action=upload-plugin 1


pypmyadminユーザー

user Co
root 81
admin 4
ueer 2
http 2
popa3d 2
wordpress 2
wp 1
nas 1
shop 1
pma 1
project 1
shopdb 1


pypmyadminパスワード

pwd Co
backup 3
password 3
root 3
pass 3
2020 2
2017 2
solo 2
admin 2
http 2
xampp 2
123 2
shop 2
databases 2
popa3d 2
password321 2
2015 1
null 1
654321 1
a123456 1
qazwsx 1
webs 1
root123 1
p455w0rd 1
backupdb 1
password2018 1
pass123 1
music 1
test123 1
crypto 1
NAS 1
bitcoin 1
mysql 1
master 1
database 1
host 1
password2019 1
queen 1
ROOT 1
webmaster 1
blogs 1
nas 1
charlie 1
login 1
pma 1
toor 1
wordpres 1
princess 1
password123 1
rock 1
dollars 1
passwords 1
2013 1
unix 1
123qweasdzxc 1
user 1
admin123 1
password1 1
server 1
wp 1
qnap 1
passw0rd 1
test 1
Password 1
usa 1
2011 1
administrator 1
senha 1
123456 1
r00t 1
project 1
1234567890 1
dragon 1
webadmin 1
freedom 1
123456789 1
toor123 1
michael 1
shopdb 1
backups 1
pass1234 1


wordpressユーザー

user Co
188
admin 63
onlinedocumentsite 57
[login] 8


wordpressパスワード

pwd Co
admin 14
8
password 8
admin123 6
onlinedocumentsite 6
admin@123 5
123 5
1234 5
Admin 4
12345678 4
123456789 4
admim 4
12345 4
1q2w3e4r 3
qwerty 3
123456 3
123321 3
[Login] 3
@123 3
1234567890 3
112233 3
123123 3
admin1234 3
1234567 3
1qaz2wsx 3
iloveyou 2
ufdibyjd 2
qazwsxedc 2
Bersercer 2
123qwe 2
987654321 2
pppoe36176 2
qwert12345 2
999999 2
admin@1234 2
159753 2
159357 2
555555 2
1q2w3e4r5t 2
666666 2
olga 2
genius 2
nikita 2
1q2w3e 2
7777777 2
1111111 2
12345qwert 2
zxcvbnm 2
121212 2
qazwsx 2
222222 2
pass 2
hello 2
aspirine 2
[login]123 2
admin1 2
111111 2
@1234 2
adminadmin 2
Admin123 2
12344321 2
zxcvbn 2
zxcasdqwe 2
14321432 2
Qwerty12345 1
oleg 1
131313 1
admin1993 1
333333 1
88888888 1
qwertyuiop 1
admin@2005 1
admin@2004 1
admin2010 1
admin2008 1
admin2006 1
admin@2009 1
admin@2008 1
admin01 1
mars 1
4815162342 1
777777 1
789456 1
qweasdzxc 1
admin1998 1
123654 1
admin12345 1
qwerty123 1
q1w2e3r4 1
pass1234 1
test1234 1
admin888 1
P@ssw0rd 1
temporal 1
admin2007 1
admin@2001 1
admin2000 1
admin1999 1
admin@1998 1
admin@1997 1
admin@2013 1
admin@2015 1
admin@2014 1
ghbdtn 1
admin4 1
admin3 1
admin6 1
admin@1995 1
admin2017 1
admin2019 1
admin@2003 1
admin1997 1
admin@2012 1
admin1996 1
admin1995 1
admin2012 1
admin2013 1
admin2014 1
admin2011 1
[login] 1
[Login]123 1
admin2001 1
admin2004 1
admin2003 1
admin@2016 1
admin@2018 1
11111111 1
admin@1999 1
[login]@123 1
admin8 1
[login]1234 1
[login]1 1
1 1
admin5 1
admin2 1
admin0 1
admin2015 1
admin2016 1
admin2018 1
admin@1996 1
vfhbyf 1
novikov 1
admin2002 1
nurik 1
654321 1
qwerty123456 1
admin@2007 1
admin@2006 1
admin2009 1
0 1
xmagico 1
test1 1
qwe123 1
xxx 1
blah 1
1111 1
Admin@123 1
root 1
pass123 1
abc123 1
joomla 1
guest 1
demo 1
test 1
a 1
opencart 1
admin7 1
admin@2002 1
admin@2000 1
admin1994 1
admin1992 1
admin1991 1
onlinedocumentsite.com 1
zxx321654xxz 1
test123 1
ricsky789.. 1
zx321654xz 1
gimboroot 1
password1 1
admin!@# 1
changeme 1
logitech 1
p@ssw0rd 1
password123 1
admin2005 1
admin@2019 1
admin@2017 1
admin@2010 1
admin@2011 1


tomcatユーザー

user Co
tomcat 84
admin 62
root 60
123456 39
3


tomcatパスワード

pwd Co
tomcat 9
admin 9
root 8
test 8
pass 8
123456 8
123456789 8
12345678 8
admin123 8
p@ssw0rd 8
1234567 8
12345 8
123 8
1234 8
password 8
passwOed 4
1 4
1qaz2wsx 4
666666 4
123123 4
admin@12345678 4
12 4
admin@1234567 4
admin12345678 4
admin1234567 4
admin12345 4
passw0rd 4
autoset 4
7654321 4
111111 4
admin@123456 4
user 4
5201314 4
qwe!@# 4
P@ssword 4
Pa$$w0rd 4
admin@12 4
123321 4
p@$$w0rd 4
admin1234 4
passwd123 4
admin@1234 4
admin123456 4
admin@12345 4
admin@123456789 4
s3cret 3
3