[25/Aug/2022:03:00:27 +0200] 88.214.43.118 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /credentials.php HTTP/1.1" 304
[25/Aug/2022:03:00:28 +0200] 88.214.43.118 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /credentials.php HTTP/1.1" 304
[25/Aug/2022:03:02:27 +0200] 183.136.225.35 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[25/Aug/2022:03:04:24 +0200] 183.136.225.35 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 308
[25/Aug/2022:03:21:15 +0200] 143.198.10.38 TLSv1.2 AES256-SHA "GET /nginx-status HTTP/1.1" 311
[25/Aug/2022:03:21:16 +0200] 143.198.10.38 TLSv1.2 AES256-SHA "GET /nginx HTTP/1.1" 306
[25/Aug/2022:03:44:36 +0200] 92.53.65.52 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[25/Aug/2022:03:53:00 +0200] 162.62.191.231 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 500
[25/Aug/2022:03:53:35 +0200] 205.185.121.69 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 295
[25/Aug/2022:03:53:37 +0200] 209.141.34.187 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 302
[25/Aug/2022:03:53:38 +0200] 209.141.34.187 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[25/Aug/2022:03:53:41 +0200] 205.185.122.184 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[25/Aug/2022:05:00:06 +0200] 192.241.201.234 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[25/Aug/2022:05:45:57 +0200] 192.241.235.197 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[25/Aug/2022:06:44:04 +0200] 165.22.56.119 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[25/Aug/2022:06:44:07 +0200] 165.22.56.119 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[25/Aug/2022:06:51:54 +0200] 193.56.29.26 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[25/Aug/2022:06:51:55 +0200] 193.56.29.26 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[25/Aug/2022:07:04:27 +0200] 185.7.214.117 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[25/Aug/2022:07:25:36 +0200] 64.62.197.47 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[25/Aug/2022:07:28:57 +0200] 163.172.180.25 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 391
[25/Aug/2022:07:32:16 +0200] 64.62.197.47 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[25/Aug/2022:07:36:15 +0200] 64.62.197.57 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[25/Aug/2022:07:44:34 +0200] 185.7.214.117 TLSv1.2 AES256-SHA "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 331
[25/Aug/2022:07:59:15 +0200] 185.7.214.117 TLSv1.2 AES256-SHA "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 331
[25/Aug/2022:08:21:34 +0200] 185.7.214.117 TLSv1.2 AES256-SHA "GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1" 390
[25/Aug/2022:08:39:42 +0200] 92.53.65.52 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[25/Aug/2022:09:23:14 +0200] 185.7.214.117 TLSv1.2 AES256-SHA "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 327
[25/Aug/2022:09:57:08 +0200] 185.7.214.117 TLSv1.2 AES256-SHA "POST /mifs/.;/services/LogService HTTP/1.1" 318
[25/Aug/2022:10:21:50 +0200] 162.211.152.100 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 394
[25/Aug/2022:10:38:48 +0200] 128.1.248.26 TLSv1.2 DHE-RSA-AES256-SHA256 "GET / HTTP/1.1" 301
[25/Aug/2022:10:39:04 +0200] 128.1.248.26 TLSv1.2 DHE-RSA-AES256-SHA256 "GET /webfig/ HTTP/1.1" 307
[25/Aug/2022:11:06:14 +0200] 207.46.13.236 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 314
[25/Aug/2022:11:06:15 +0200] 207.46.13.236 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 314
[25/Aug/2022:11:06:22 +0200] 207.46.13.51 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[25/Aug/2022:11:33:46 +0200] 192.241.222.73 TLSv1.2 AES256-SHA "GET /actuator/health HTTP/1.1" 310
[25/Aug/2022:11:36:42 +0200] 185.7.214.117 TLSv1.2 AES256-SHA "GET /_ignition/execute-solution HTTP/1.1" 319
[25/Aug/2022:11:49:09 +0200] 192.241.237.109 TLSv1.2 AES256-SHA "GET /owa/auth/x.js HTTP/1.1" 310
[25/Aug/2022:11:50:48 +0200] 159.65.187.147 - - "-" -
[25/Aug/2022:11:51:26 +0200] 192.241.207.209 TLSv1.2 AES256-SHA "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 348
[25/Aug/2022:11:51:28 +0200] 192.241.237.125 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx HTTP/1.1" 314
[25/Aug/2022:12:18:08 +0200] 159.65.187.147 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[25/Aug/2022:12:18:10 +0200] 159.65.187.147 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 754
[25/Aug/2022:12:18:12 +0200] 159.65.187.147 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /favicon.ico HTTP/1.1" 1150
[25/Aug/2022:12:29:00 +0200] 92.53.65.52 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[25/Aug/2022:12:33:17 +0200] 45.134.144.140 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET ///remote/fgt_lang?lang=/../../../..//////////dev/ HTTP/1.1" 325
[25/Aug/2022:12:57:32 +0200] 185.7.214.117 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[25/Aug/2022:13:21:59 +0200] 106.75.176.113 TLSv1.2 AES256-SHA "{\"method\":\"login\",\"params\":{\"login\":\"45JymPWP1DeQxxMZNJv9w2bTQ2WJDAmw18wUSryDQa3RPrympJPoUSVcFEDv3bhiMJGWaCD4a3KrFCorJHCMqXJUKApSKDV\",\"pass\":\"xxoo\",\"agent\":\"xmr-stak-cpu/1.3.0-1.5.0\"},\"id\":1}" 379
[25/Aug/2022:13:22:00 +0200] 106.75.176.113 TLSv1.2 AES256-SHA "{\"id\":1,\"method\":\"mining.subscribe\",\"params\":[]}" 379
[25/Aug/2022:13:22:01 +0200] 106.75.176.113 TLSv1.2 AES256-SHA "{\"params\": [\"miner1\", \"password\"], \"id\": 2, \"method\": \"mining.authorize\"}" 379
[25/Aug/2022:13:22:02 +0200] 106.75.176.113 TLSv1.2 AES256-SHA "{\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"blue1\",\"pass\":\"x\",\"agent\":\"Windows NT 6.1; Win64; x64\"}}" 379
[25/Aug/2022:13:22:03 +0200] 106.75.176.113 TLSv1.2 AES256-SHA "{\"params\": [\"miner1\", \"bf\", \"00000001\", \"504e86ed\", \"b2957c02\"], \"id\": 4, \"method\": \"mining.submit\"}" 379
[25/Aug/2022:13:22:05 +0200] 106.75.176.113 TLSv1.2 AES256-SHA "{\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"x\",\"pass\":\"null\",\"agent\":\"XMRig/5.13.1\",\"algo\":[\"cn/1\",\"cn/2\",\"cn/r\",\"cn/fast\",\"cn/half\",\"cn/xao\",\"cn/rto\",\"cn/rwz\",\"cn/zls\",\"cn/double\",\"rx/0\",\"rx/wow\",\"rx/loki\",\"rx/arq\",\"rx/sfx\",\"rx/keva\"]}}" 379
[25/Aug/2022:13:48:08 +0200] 51.158.98.24 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 384
[25/Aug/2022:13:57:37 +0200] 185.7.214.117 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[25/Aug/2022:14:21:22 +0200] 147.182.207.163 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[25/Aug/2022:14:23:32 +0200] 106.75.173.138 TLSv1.2 AES256-SHA "{\"method\":\"login\",\"params\":{\"login\":\"45JymPWP1DeQxxMZNJv9w2bTQ2WJDAmw18wUSryDQa3RPrympJPoUSVcFEDv3bhiMJGWaCD4a3KrFCorJHCMqXJUKApSKDV\",\"pass\":\"xxoo\",\"agent\":\"xmr-stak-cpu/1.3.0-1.5.0\"},\"id\":1}" 379
[25/Aug/2022:14:23:34 +0200] 106.75.173.138 TLSv1.2 AES256-SHA "{\"id\":1,\"method\":\"mining.subscribe\",\"params\":[]}" 379
[25/Aug/2022:14:23:35 +0200] 106.75.173.138 TLSv1.2 AES256-SHA "{\"params\": [\"miner1\", \"password\"], \"id\": 2, \"method\": \"mining.authorize\"}" 379
[25/Aug/2022:14:23:36 +0200] 106.75.173.138 TLSv1.2 AES256-SHA "{\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"blue1\",\"pass\":\"x\",\"agent\":\"Windows NT 6.1; Win64; x64\"}}" 379
[25/Aug/2022:14:23:38 +0200] 106.75.173.138 TLSv1.2 AES256-SHA "{\"params\": [\"miner1\", \"bf\", \"00000001\", \"504e86ed\", \"b2957c02\"], \"id\": 4, \"method\": \"mining.submit\"}" 379
[25/Aug/2022:14:23:39 +0200] 106.75.173.138 TLSv1.2 AES256-SHA "{\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"x\",\"pass\":\"null\",\"agent\":\"XMRig/5.13.1\",\"algo\":[\"cn/1\",\"cn/2\",\"cn/r\",\"cn/fast\",\"cn/half\",\"cn/xao\",\"cn/rto\",\"cn/rwz\",\"cn/zls\",\"cn/double\",\"rx/0\",\"rx/wow\",\"rx/loki\",\"rx/arq\",\"rx/sfx\",\"rx/keva\"]}}" 379
[25/Aug/2022:14:50:53 +0200] 128.14.134.170 TLSv1.2 DHE-RSA-AES256-SHA256 "GET / HTTP/1.1" 301
[25/Aug/2022:15:36:58 +0200] 176.58.124.134 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[25/Aug/2022:15:41:17 +0200] 208.100.26.247 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 297
[25/Aug/2022:15:49:23 +0200] 192.241.235.156 TLSv1.2 AES256-SHA "GET /version HTTP/1.1" 305
[25/Aug/2022:15:50:14 +0200] 165.22.56.119 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[25/Aug/2022:15:50:16 +0200] 165.22.56.119 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[25/Aug/2022:16:41:55 +0200] 172.245.10.252 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /ckeditor/plugins/imageuploader/styles.css HTTP/1.1" 324
[25/Aug/2022:16:49:11 +0200] 92.53.65.52 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[25/Aug/2022:17:40:33 +0200] 167.94.146.59 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[25/Aug/2022:17:40:33 +0200] 167.94.146.59 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[25/Aug/2022:17:40:33 +0200] 167.94.146.59 TLSv1.2 AES256-SHA "PRI * HTTP/2.0" 379
[25/Aug/2022:18:34:41 +0200] 185.7.214.117 TLSv1.2 AES256-SHA "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 293
[25/Aug/2022:19:52:54 +0200] 162.221.192.26 TLSv1.2 DHE-RSA-AES256-SHA256 "GET /solr/ HTTP/1.1" 304
[25/Aug/2022:20:11:00 +0200] 92.53.65.52 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[25/Aug/2022:22:12:57 +0200] 138.246.253.24 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 403
[25/Aug/2022:23:12:13 +0200] 3.81.221.61 TLSv1.2 AES256-SHA "GET /.git/config HTTP/1.1" 310
[25/Aug/2022:23:14:46 +0200] 35.91.116.113 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[25/Aug/2022:23:15:10 +0200] 35.91.116.113 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[25/Aug/2022:23:15:27 +0200] 34.220.111.45 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 314
[25/Aug/2022:23:15:30 +0200] 34.220.111.45 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[25/Aug/2022:23:22:48 +0200] 193.118.53.210 TLSv1.2 DHE-RSA-AES256-SHA256 "GET / HTTP/1.1" 301
[25/Aug/2022:23:53:36 +0200] 143.92.32.39 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 297
[26/Aug/2022:00:03:27 +0200] 38.70.11.110 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[26/Aug/2022:00:03:28 +0200] 38.70.11.110 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[26/Aug/2022:00:07:14 +0200] 128.14.209.234 TLSv1.2 DHE-RSA-AES256-SHA256 "GET / HTTP/1.1" 301
[26/Aug/2022:00:12:56 +0200] 92.53.65.52 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[26/Aug/2022:01:02:41 +0200] 35.233.62.116 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301