HEX
Server: Apache
System: Linux p3plmcpnl496558.prod.phx3.secureserver.net 4.18.0-553.54.1.lve.el8.x86_64 #1 SMP Wed Jun 4 13:01:13 UTC 2025 x86_64
User: saiaz (3347702)
PHP: 8.0.30
Disabled: NONE
$ pwd: /home/saiaz/access-logs/
Upload Files
File: /home/saiaz/access-logs/backoffice.ecoterium.com-ssl_log
43.135.145.117 - - [16/Mar/2026:05:52:07 -0700] "GET / HTTP/1.0" 500 - "-" "-" 6 **0/6277**
45.142.193.197 - - [16/Mar/2026:06:19:03 -0700] "GET /remote/login HTTP/1.1" 500 718 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203" 8 **0/8295**
45.142.193.197 - - [16/Mar/2026:06:19:03 -0700] "GET /login HTTP/1.1" 500 718 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203" 23 **0/23008**
71.6.232.22 - - [16/Mar/2026:06:33:53 -0700] "GET / HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36" 9 **0/9874**
194.187.179.168 - - [16/Mar/2026:07:14:15 -0700] "GET / HTTP/1.0" 500 - "-" "-" 5 **0/5575**
194.187.179.25 - - [16/Mar/2026:07:14:15 -0700] "GET / HTTP/1.0" 500 - "-" "-" 4 **0/4881**
172.202.117.213 - - [16/Mar/2026:07:18:09 -0700] "GET /owa/auth/logon.aspx HTTP/1.1" 500 718 "-" "Mozilla/5.0 zgrab/0.x" 7 **0/7143**
150.158.107.162 - - [16/Mar/2026:08:02:59 -0700] "-" 408 - "-" "-" 0 **0/201**
16.58.56.214 - - [16/Mar/2026:08:18:59 -0700] "GET / HTTP/1.0" 500 - "-" "-" 5 **0/5575**
16.58.56.214 - - [16/Mar/2026:08:21:27 -0700] "GET / HTTP/1.0" 500 - "-" "-" 7 **0/7193**
16.58.56.214 - - [16/Mar/2026:08:24:45 -0700] "GET / HTTP/1.1" 500 - "-" "visionheight.com/scan Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Chrome/126.0.0.0 Safari/537.36" 11 **0/11880**
194.164.107.5 - - [16/Mar/2026:08:54:37 -0700] "GET / HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" 12 **0/12440**
20.65.195.59 - - [16/Mar/2026:08:57:50 -0700] "GET / HTTP/1.1" 500 - "-" "Mozilla/5.0 zgrab/0.x" 12 **0/12244**
45.205.1.8 - - [16/Mar/2026:09:00:19 -0700] "GET / HTTP/1.1" 500 - "-" "Mozilla/5.0" 13 **0/13742**
195.178.110.162 - - [16/Mar/2026:09:27:24 -0700] "GET /.git/config HTTP/1.1" 500 718 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/33.0.1750.152 Chrome/33.0.1750.152 Safari/537.36" 13 **0/13444**
147.45.96.88 - - [16/Mar/2026:10:08:54 -0700] "GET / HTTP/1.1" 500 - "-" "Go-http-client/1.1" 13 **0/13896**
158.173.25.109 - - [16/Mar/2026:10:09:01 -0700] "GET /sslvpn_logon.shtml HTTP/1.1" 500 718 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36 Edg/115.0.1901.203" 11 **0/11468**
20.163.60.90 - - [16/Mar/2026:10:26:28 -0700] "GET /actuator/health HTTP/1.1" 500 718 "-" "Mozilla/5.0 zgrab/0.x" 7 **0/7018**
94.136.186.249 - - [16/Mar/2026:10:28:24 -0700] "GET / HTTP/1.1" 500 - "-" "Go-http-client/1.1" 10 **0/10969**
103.196.153.79 - - [16/Mar/2026:10:30:42 -0700] "GET / HTTP/1.1" 500 - "-" "Go-http-client/1.1" 13 **0/13856**
185.12.59.118 - - [16/Mar/2026:10:53:43 -0700] "GET / HTTP/2.0" 500 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0" 14 **0/14669**
34.52.173.82 - - [16/Mar/2026:12:04:27 -0700] "GET / HTTP/1.1" 500 - "-" "python-requests/2.32.5" 13 **0/13020**
172.202.104.71 - - [16/Mar/2026:12:36:50 -0700] "GET /developmentserver/metadatauploader HTTP/1.1" 500 718 "-" "Mozilla/5.0 zgrab/0.x" 10 **0/10451**
216.120.201.109 - - [16/Mar/2026:13:03:43 -0700] "GET / HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:129.0) Gecko/20100101 Firefox/129.0" 16 **0/16801**
167.94.146.51 - - [16/Mar/2026:13:17:55 -0700] "GET / HTTP/1.1" 500 - "-" "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)" 14 **0/14215**
167.94.146.51 - - [16/Mar/2026:13:18:06 -0700] "GET /.well-known/security.txt HTTP/1.1" 500 718 "-" "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)" 19 **0/19987**
51.159.67.167 - - [16/Mar/2026:13:55:30 -0700] "GET / HTTP/1.1" 500 - "-" "Go-http-client/1.1" 12 **0/12257**
91.98.47.34 - - [16/Mar/2026:14:14:21 -0700] "GET / HTTP/1.1" 500 - "-" "Go-http-client/1.1" 13 **0/13403**
20.65.195.60 - - [16/Mar/2026:14:42:37 -0700] "GET /version HTTP/1.1" 500 718 "-" "Mozilla/5.0 zgrab/0.x" 10 **0/10568**
192.227.196.186 - - [16/Mar/2026:14:42:44 -0700] "GET / HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0" 14 **0/14558**
84.32.70.215 - - [16/Mar/2026:14:57:55 -0700] "GET / HTTP/1.1" 500 - "-" "Python-urllib/3.12" 13 **0/13180**
85.11.183.19 - - [16/Mar/2026:15:50:21 -0700] "GET / HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36" 15 **0/15395**
85.11.183.19 - - [16/Mar/2026:15:50:21 -0700] "GET / HTTP/1.0" 500 - "-" "-" 6 **0/6119**
85.11.183.27 - - [16/Mar/2026:16:01:38 -0700] "GET / HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.0.0 Safari/537.36" 14 **0/14020**
85.11.183.27 - - [16/Mar/2026:16:01:39 -0700] "GET / HTTP/1.0" 500 - "-" "-" 6 **0/6549**
147.185.132.150 - - [16/Mar/2026:16:38:57 -0700] "GET / HTTP/1.1" 500 - "-" "Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity" 11 **0/11010**
15.185.149.31 - - [16/Mar/2026:17:02:21 -0700] "GET / HTTP/1.1" 500 - "-" "Go-http-client/1.1" 13 **0/13013**
43.153.102.138 - - [16/Mar/2026:18:27:09 -0700] "GET / HTTP/1.0" 500 - "-" "-" 8 **0/8199**
44.236.133.56 - - [16/Mar/2026:18:36:24 -0700] "GET / HTTP/1.1" 500 - "-" "Go-http-client/1.1" 11 **0/11954**
120.27.226.211 - - [16/Mar/2026:18:46:46 -0700] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 500 - "-" "libredtail-http" 7 **0/7816**
38.110.228.58 - - [16/Mar/2026:19:53:46 -0700] "GET /.env HTTP/1.1" 500 - "-" "Mozilla/5.0 (Linux; Android 7.0; YS900) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.136 Iron Safari/537.36" 6 **0/6039**
38.110.228.58 - - [16/Mar/2026:19:54:01 -0700] "GET /.env HTTP/1.1" 500 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 YaBrowser/19.7.0.1990 Yowser/2.5 Safari/537.36" 7 **0/7145**
38.110.228.58 - - [16/Mar/2026:19:54:02 -0700] "GET /.env HTTP/1.1" 500 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3844.0 Safari/537.36" 7 **0/7179**
38.110.228.58 - - [16/Mar/2026:19:54:09 -0700] "GET /.env HTTP/1.1" 500 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36" 5 **0/5652**
85.217.149.53 - - [16/Mar/2026:20:30:59 -0700] "GET / HTTP/1.1" 500 - "-" "Mozilla/5.0 (compatible; ModatScanner/1.2; +https://modat.io/)" 9 **0/9230**
52.90.193.228 - - [16/Mar/2026:21:02:21 -0700] "-" 408 - "-" "-" 0 **0/155**
45.156.129.70 - - [16/Mar/2026:22:17:07 -0700] "GET / HTTP/1.1" 500 - "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.36 BitSightBot/1.0" 11 **0/11869**
45.156.129.70 - - [16/Mar/2026:22:17:13 -0700] "POST /mcp HTTP/2.0" 500 718 "-" "python-httpx/0.28.1" 13 **0/13997**
45.156.129.70 - - [16/Mar/2026:22:17:13 -0700] "GET /sse HTTP/2.0" 500 718 "-" "python-httpx/0.28.1" 10 **0/10218**
45.156.129.72 - - [16/Mar/2026:22:17:13 -0700] "GET /favicon.ico HTTP/1.1" 500 718 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.6312.86 Safari/537.36 BitSightBot/1.0" 8 **0/8091**
8.222.225.103 - - [16/Mar/2026:22:22:51 -0700] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 500 - "-" "Custom-AsyncHttpClient" 5 **0/5249**
8.222.225.103 - - [16/Mar/2026:22:22:53 -0700] "POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh HTTP/1.1" 500 - "-" "Custom-AsyncHttpClient" 7 **0/7555**
8.222.225.103 - - [16/Mar/2026:22:22:55 -0700] "POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 500 718 "-" "Custom-AsyncHttpClient" 8 **0/8817**
8.222.225.103 - - [16/Mar/2026:22:22:57 -0700] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 500 718 "-" "Custom-AsyncHttpClient" 7 **0/7117**
135.119.112.115 - - [16/Mar/2026:22:30:44 -0700] "GET /ReportServer HTTP/1.1" 500 718 "-" "Mozilla/5.0 zgrab/0.x" 12 **0/12006**
81.29.142.100 - - [16/Mar/2026:23:48:44 -0700] "GET / HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.41 YaBrowser/21.5.0.582 Yowser/2.5 Safari/537.36" 14 **0/14342**
81.29.142.100 - - [16/Mar/2026:23:48:46 -0700] "GET /.well-known/security.txt HTTP/1.1" 500 718 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.41 YaBrowser/21.5.0.582 Yowser/2.5 Safari/537.36" 7 **0/7068**
81.29.142.100 - - [16/Mar/2026:23:48:47 -0700] "GET /security.txt HTTP/1.1" 500 718 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.41 YaBrowser/21.5.0.582 Yowser/2.5 Safari/537.36" 8 **0/8928**
94.231.206.104 - - [16/Mar/2026:23:50:12 -0700] "GET / HTTP/1.1" 500 - "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0" 14 **0/14607**
94.231.206.15 - - [16/Mar/2026:23:52:37 -0700] "GET /favicon.ico HTTP/1.1" 500 718 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0" 8 **0/8036**
79.124.49.102 - - [17/Mar/2026:00:02:33 -0700] "GET /sslvpn_logon.shtml HTTP/1.1" 500 718 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 7 **0/7204**
185.91.69.5 - - [17/Mar/2026:00:11:18 -0700] "{\"id\": 1, \"method\": \"mining.subscribe\", \"params\": [\"cpuminer/2.5.1\"]}\n" 500 - "-" "-" 4 **0/4342**
185.91.69.5 - - [17/Mar/2026:00:11:22 -0700] "{\"id\": 1, \"method\": \"mining.subscribe\", \"params\": [\"MinerName/1.0.0\", \"EthereumStratum/1.0.0\"]}\n" 500 - "-" "-" 4 **0/4660**
185.91.69.5 - - [17/Mar/2026:00:11:36 -0700] "{\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"41wcxzrDHwvQXAL5wMbNcYbXRaeLvhE3gNEkGzrJ3WMV98WK7Q95EWQeDjR9qd7tqi1QHtjdtSEPEXM5cpygkoEe8oVwg6m\",\"pass\":\"x\",\"agent\":\"XMRig/6.15.3 (Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019\",\"algo\":[\"cn/1\",\"cn/2\",\"cn/r\",\"cn/fast\",\"cn/half\",\"cn/xao\",\"cn/rto\",\"cn/rwz\",\"cn/zls\",\"cn/double\",\"cn/ccx\",\"cn-lite/1\",\"cn-heavy/0\",\"cn-heavy/tube\",\"cn-heavy/xhv\",\"cn-pico\",\"cn-pico/tlo\",\"cn/upx2\",\"rx/0\",\"rx/wow\",\"rx/arq\",\"rx/graft\",\"rx/sfx\",\"rx/keva\",\"argon2/chukwa\",\"argon2/chukwav2\",\"argon2/ninja\",\"astrobwt\"]}}\n" 500 - "-" "-" 4 **0/4427**
185.91.69.5 - - [17/Mar/2026:00:11:40 -0700] "GET / HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36" 11 **0/11423**
185.91.69.5 - - [17/Mar/2026:00:11:44 -0700] "POST / HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36" 9 **0/9191**
185.91.69.5 - - [17/Mar/2026:00:11:51 -0700] "POST / HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36" 8 **0/8747**
185.91.69.5 - - [17/Mar/2026:00:12:15 -0700] "GET /a HTTP/1.1" 500 718 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36" 7 **0/7162**
185.91.69.5 - - [17/Mar/2026:00:12:16 -0700] "GET /download/file.ext HTTP/1.1" 500 718 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36" 7 **0/7841**
185.91.69.5 - - [17/Mar/2026:00:12:21 -0700] "GET /SiteLoader HTTP/1.1" 500 718 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36" 6 **0/6724**
185.91.69.5 - - [17/Mar/2026:00:12:40 -0700] "POST / HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36" 10389 **10/10389297**
185.91.69.5 - - [17/Mar/2026:00:12:54 -0700] "GET / HTTP/1.1" 500 - "-" "-" 6 **0/6637**
43.133.91.48 - - [17/Mar/2026:00:23:58 -0700] "GET / HTTP/1.0" 500 - "-" "-" 5 **0/5486**
185.12.59.118 - - [17/Mar/2026:00:32:58 -0700] "GET / HTTP/1.0" 500 - "-" "-" 4 **0/4414**
35.203.210.53 - - [17/Mar/2026:01:00:39 -0700] "GET / HTTP/1.1" 500 - "-" "Hello from Palo Alto Networks, find out more about our scans in https://docs-cortex.paloaltonetworks.com/r/1/Cortex-Xpanse/Scanning-activity" 11 **0/11543**
185.247.137.148 - - [17/Mar/2026:02:14:28 -0700] "GET / HTTP/1.1" 500 - "-" "Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)" 11 **0/11847**
177.190.67.44 - - [17/Mar/2026:02:38:11 -0700] "GET /admin/config.php HTTP/1.0" 500 718 "-" "nvdorz" 7 **0/7043**
@ Telegram