I have found lots of single requests in my access logs, but not exactly “XYZ”. More like “POST” followed by “/” then a question mark (“?”) followed by a few random characters equals another random characters..
For example:
ps485115.dreamhost.com – – [31/Dec/2018:09:53:28 -0600] “POST /?fgko=vkma HTTP/1.1” 403 308 “http://example.com/?fgko=vkma” “Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36”
Sometimes that’s the only request to the server that I can see from the access ip address (probably because just like in the example above the visitor was already banned).
If someone could shed some light I’d appreciate.
