[02/Aug/2022:02:01:14 +0200] 45.227.255.123 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[02/Aug/2022:02:21:14 +0200] 40.79.246.9 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.git/config HTTP/1.1" 310
[02/Aug/2022:02:26:11 +0200] 128.14.209.146 TLSv1.2 DHE-RSA-AES256-SHA256 "GET / HTTP/1.1" 295
[02/Aug/2022:02:30:02 +0200] 208.100.26.236 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 298
[02/Aug/2022:02:45:02 +0200] 205.210.31.147 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 380
[02/Aug/2022:04:16:57 +0200] 192.241.208.201 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[02/Aug/2022:04:30:04 +0200] 207.46.13.120 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 304
[02/Aug/2022:04:59:55 +0200] 192.241.221.145 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[02/Aug/2022:05:41:03 +0200] 34.77.127.183 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[02/Aug/2022:06:05:37 +0200] 162.142.125.10 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[02/Aug/2022:06:05:37 +0200] 162.142.125.10 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[02/Aug/2022:06:05:38 +0200] 162.142.125.10 TLSv1.2 AES256-SHA "PRI * HTTP/2.0" 379
[02/Aug/2022:07:54:59 +0200] 185.7.214.104 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[02/Aug/2022:09:15:47 +0200] 163.172.180.25 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 381
[02/Aug/2022:09:30:51 +0200] 142.54.177.164 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 295
[02/Aug/2022:09:31:21 +0200] 142.54.177.164 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /wp-json/wp/v2/users HTTP/1.1" 396
[02/Aug/2022:10:39:20 +0200] 54.91.110.5 TLSv1.2 AES256-SHA "GET /.git/config HTTP/1.1" 310
[02/Aug/2022:10:51:37 +0200] 23.250.19.242 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[02/Aug/2022:10:51:39 +0200] 23.250.19.242 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[02/Aug/2022:10:51:40 +0200] 23.250.19.242 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[02/Aug/2022:10:51:40 +0200] 23.250.19.242 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[02/Aug/2022:10:51:43 +0200] 23.250.19.242 TLSv1.2 AES256-SHA "quit" 379
[02/Aug/2022:10:51:44 +0200] 23.250.19.242 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /robots.txt HTTP/1.1" 393
[02/Aug/2022:10:51:44 +0200] 23.250.19.242 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /sitemap.xml HTTP/1.1" 394
[02/Aug/2022:10:51:45 +0200] 23.250.19.242 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.well-known/security.txt HTTP/1.1" 407
[02/Aug/2022:10:51:46 +0200] 23.250.19.242 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /favicon.ico HTTP/1.1" 309
[02/Aug/2022:10:51:46 +0200] 23.250.19.242 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[02/Aug/2022:11:21:36 +0200] 208.100.26.244 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 297
[02/Aug/2022:11:35:24 +0200] 192.241.236.175 TLSv1.2 AES256-SHA "GET /owa/auth/x.js HTTP/1.1" 310
[02/Aug/2022:11:37:37 +0200] 192.241.235.168 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx HTTP/1.1" 314
[02/Aug/2022:11:37:43 +0200] 192.241.237.70 TLSv1.2 AES256-SHA "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 348
[02/Aug/2022:11:57:09 +0200] 185.7.214.104 TLSv1.2 AES256-SHA "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 331
[02/Aug/2022:12:50:55 +0200] 185.189.182.234 TLSv1.2 AES256-SHA "GET /fFv: HTTP/1.1" 379
[02/Aug/2022:12:54:49 +0200] 54.242.172.95 TLSv1.2 AES256-SHA "GET /.git/config HTTP/1.1" 310
[02/Aug/2022:13:06:51 +0200] 167.94.145.57 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[02/Aug/2022:13:06:51 +0200] 167.94.145.57 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[02/Aug/2022:13:06:51 +0200] 167.94.145.57 TLSv1.2 AES256-SHA "PRI * HTTP/2.0" 379
[02/Aug/2022:13:13:08 +0200] 185.7.214.104 TLSv1.2 AES256-SHA "GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1" 390
[02/Aug/2022:13:19:49 +0200] 163.172.148.199 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 389
[02/Aug/2022:13:49:33 +0200] 205.210.31.17 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 393
[02/Aug/2022:14:12:42 +0200] 35.194.37.64 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 295
[02/Aug/2022:15:34:40 +0200] 93.159.230.88 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[02/Aug/2022:17:09:07 +0200] 51.158.109.3 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 380
[02/Aug/2022:17:55:31 +0200] 106.75.179.120 TLSv1.2 AES256-SHA "{\"method\":\"login\",\"params\":{\"login\":\"45JymPWP1DeQxxMZNJv9w2bTQ2WJDAmw18wUSryDQa3RPrympJPoUSVcFEDv3bhiMJGWaCD4a3KrFCorJHCMqXJUKApSKDV\",\"pass\":\"xxoo\",\"agent\":\"xmr-stak-cpu/1.3.0-1.5.0\"},\"id\":1}" 379
[02/Aug/2022:17:55:35 +0200] 106.75.179.120 TLSv1.2 AES256-SHA "{\"id\":1,\"method\":\"mining.subscribe\",\"params\":[]}" 379
[02/Aug/2022:17:55:37 +0200] 106.75.179.120 TLSv1.2 AES256-SHA "{\"params\": [\"miner1\", \"password\"], \"id\": 2, \"method\": \"mining.authorize\"}" 379
[02/Aug/2022:17:55:41 +0200] 106.75.179.120 TLSv1.2 AES256-SHA "{\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"blue1\",\"pass\":\"x\",\"agent\":\"Windows NT 6.1; Win64; x64\"}}" 379
[02/Aug/2022:17:55:44 +0200] 106.75.179.120 TLSv1.2 AES256-SHA "{\"params\": [\"miner1\", \"bf\", \"00000001\", \"504e86ed\", \"b2957c02\"], \"id\": 4, \"method\": \"mining.submit\"}" 379
[02/Aug/2022:17:55:46 +0200] 106.75.179.120 TLSv1.2 AES256-SHA "{\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"x\",\"pass\":\"null\",\"agent\":\"XMRig/5.13.1\",\"algo\":[\"cn/1\",\"cn/2\",\"cn/r\",\"cn/fast\",\"cn/half\",\"cn/xao\",\"cn/rto\",\"cn/rwz\",\"cn/zls\",\"cn/double\",\"rx/0\",\"rx/wow\",\"rx/loki\",\"rx/arq\",\"rx/sfx\",\"rx/keva\"]}}" 379
[02/Aug/2022:18:28:34 +0200] 207.46.13.120 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 304
[02/Aug/2022:18:34:45 +0200] 66.240.236.116 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[02/Aug/2022:19:23:45 +0200] 89.248.165.52 - - "-" -
[02/Aug/2022:20:13:04 +0200] 180.149.125.167 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[02/Aug/2022:21:47:21 +0200] 83.136.32.58 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "HEAD / HTTP/1.0" -
[02/Aug/2022:22:05:14 +0200] 198.235.24.18 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 394
[02/Aug/2022:22:11:03 +0200] 213.32.122.82 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[02/Aug/2022:22:39:56 +0200] 89.248.165.52 - - "-" -
[02/Aug/2022:22:45:02 +0200] 92.118.161.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[02/Aug/2022:23:36:41 +0200] 20.204.74.136 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[03/Aug/2022:00:21:13 +0200] 51.158.66.83 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 391
[03/Aug/2022:00:29:44 +0200] 172.105.189.111 TLSv1.2 DHE-RSA-AES256-SHA256 "GET / HTTP/1.1" 301
[03/Aug/2022:00:36:54 +0200] 104.248.34.89 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[03/Aug/2022:00:56:40 +0200] 94.102.61.8 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[03/Aug/2022:01:35:21 +0200] 34.221.1.29 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 306
[03/Aug/2022:01:35:58 +0200] 54.187.2.100 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 313
[03/Aug/2022:01:36:02 +0200] 54.187.2.100 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 306