[28/Sep/2022:02:18:55 +0200] 128.14.141.34 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2022:03:03:15 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /console/ HTTP/1.1" 307
[28/Sep/2022:03:22:26 +0200] 92.204.144.160 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET ///ext-js/app/common/zyFunction.js?v=220104164712 HTTP/1.1" 338
[28/Sep/2022:03:57:40 +0200] 134.209.254.148 TLSv1.2 AES256-SHA "GET /ab2g HTTP/1.1" 304
[28/Sep/2022:03:57:40 +0200] 134.209.254.148 TLSv1.2 AES256-SHA "GET /ab2h HTTP/1.1" 304
[28/Sep/2022:03:57:42 +0200] 134.209.254.148 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2022:04:15:12 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 315
[28/Sep/2022:05:07:53 +0200] 208.100.26.249 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 297
[28/Sep/2022:05:32:17 +0200] 152.89.196.23 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[28/Sep/2022:05:51:42 +0200] 217.146.82.141 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[28/Sep/2022:06:02:25 +0200] 192.241.209.76 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[28/Sep/2022:06:03:58 +0200] 154.209.125.70 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[28/Sep/2022:06:36:56 +0200] 198.235.24.55 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[28/Sep/2022:06:45:54 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /_ignition/execute-solution HTTP/1.1" 319
[28/Sep/2022:06:53:43 +0200] 192.241.220.59 TLSv1.2 AES256-SHA "GET /ReportServer HTTP/1.1" 307
[28/Sep/2022:07:00:38 +0200] 134.209.254.148 TLSv1.2 AES256-SHA "GET /ab2g HTTP/1.1" 304
[28/Sep/2022:07:00:38 +0200] 134.209.254.148 TLSv1.2 AES256-SHA "GET /ab2h HTTP/1.1" 304
[28/Sep/2022:07:00:41 +0200] 134.209.254.148 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2022:07:13:33 +0200] 192.241.206.177 TLSv1.2 AES256-SHA "GET /login HTTP/1.1" 305
[28/Sep/2022:07:15:52 +0200] 45.83.65.252 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 293
[28/Sep/2022:07:15:52 +0200] 45.83.65.188 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /favicon.ico HTTP/1.1" 293
[28/Sep/2022:07:43:07 +0200] 162.221.192.26 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2022:08:06:30 +0200] 51.159.99.253 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /favicon.ico HTTP/1.1" 394
[28/Sep/2022:08:06:31 +0200] 51.159.99.253 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[28/Sep/2022:08:50:36 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2022:09:08:12 +0200] 193.106.29.122 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.0" 388
[28/Sep/2022:09:26:33 +0200] 128.1.248.26 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2022:09:53:32 +0200] 192.241.220.218 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2022:10:19:32 +0200] 134.209.254.148 TLSv1.2 AES256-SHA "GET /ab2g HTTP/1.1" 304
[28/Sep/2022:10:19:33 +0200] 134.209.254.148 TLSv1.2 AES256-SHA "GET /ab2h HTTP/1.1" 304
[28/Sep/2022:10:19:34 +0200] 134.209.254.148 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2022:10:37:09 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2022:11:02:57 +0200] 91.240.118.222 - - "-" -
[28/Sep/2022:11:29:12 +0200] 106.75.50.30 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2022:11:37:08 +0200] 45.61.185.76 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /ztp/cgi-bin/handler HTTP/1.1" 315
[28/Sep/2022:11:37:54 +0200] 137.184.238.33 TLSv1.2 AES256-SHA "GET /ab2g HTTP/1.1" 304
[28/Sep/2022:11:37:57 +0200] 137.184.238.33 TLSv1.2 AES256-SHA "GET /ab2h HTTP/1.1" 304
[28/Sep/2022:11:39:44 +0200] 45.61.185.76 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /ztp/cgi-bin/handler HTTP/1.1" 315
[28/Sep/2022:11:58:56 +0200] 134.209.254.148 TLSv1.2 AES256-SHA "GET /ab2g HTTP/1.1" 304
[28/Sep/2022:11:58:57 +0200] 134.209.254.148 TLSv1.2 AES256-SHA "GET /ab2h HTTP/1.1" 304
[28/Sep/2022:11:58:58 +0200] 134.209.254.148 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2022:12:52:05 +0200] 154.209.125.70 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[28/Sep/2022:12:53:45 +0200] 109.248.6.3 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /favicon.ico HTTP/1.0" 399
[28/Sep/2022:14:06:57 +0200] 137.184.238.33 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2022:14:24:16 +0200] 94.102.61.8 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[28/Sep/2022:15:48:29 +0200] 91.240.118.222 - - "-" -
[28/Sep/2022:16:02:06 +0200] 65.49.20.66 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[28/Sep/2022:16:08:45 +0200] 65.49.20.66 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[28/Sep/2022:16:11:39 +0200] 65.49.20.122 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2022:17:25:09 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2022:17:45:14 +0200] 183.136.225.35 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[28/Sep/2022:18:16:03 +0200] 183.136.225.35 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2022:18:16:25 +0200] 183.136.225.35 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[28/Sep/2022:18:16:50 +0200] 183.136.225.35 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 308
[28/Sep/2022:18:18:10 +0200] 52.187.112.47 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[28/Sep/2022:18:18:59 +0200] 128.14.133.58 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2022:18:19:04 +0200] 128.14.133.58 TLSv1.2 AES256-SHA "GET /showLogin.cc HTTP/1.1" 311
[28/Sep/2022:18:20:04 +0200] 193.46.255.199 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /Electron/download/windows/\\Windows\\win.ini HTTP/1.0" 423
[28/Sep/2022:18:24:44 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 327
[28/Sep/2022:18:32:31 +0200] 152.89.196.23 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[28/Sep/2022:18:47:22 +0200] 134.209.254.148 TLSv1.2 AES256-SHA "GET /ab2g HTTP/1.1" 304
[28/Sep/2022:19:33:02 +0200] 192.53.170.243 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2022:19:35:52 +0200] 45.33.51.183 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.git/config HTTP/1.1" 316
[28/Sep/2022:19:36:01 +0200] 137.226.113.44 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 308
[28/Sep/2022:20:12:19 +0200] 41.92.125.186 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[28/Sep/2022:20:12:21 +0200] 41.92.55.103 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[28/Sep/2022:20:28:22 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 293
[28/Sep/2022:21:29:18 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2022:21:38:38 +0200] 83.136.32.58 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "HEAD / HTTP/1.0" -
[28/Sep/2022:21:55:30 +0200] 154.209.125.70 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[28/Sep/2022:22:05:49 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /actuator/gateway/routes HTTP/1.1" 315
[28/Sep/2022:22:10:15 +0200] 134.209.254.148 TLSv1.2 AES256-SHA "GET /ab2g HTTP/1.1" 304
[28/Sep/2022:22:10:15 +0200] 134.209.254.148 TLSv1.2 AES256-SHA "GET /ab2h HTTP/1.1" 304
[28/Sep/2022:22:10:17 +0200] 134.209.254.148 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2022:22:23:51 +0200] 192.241.218.245 TLSv1.2 AES256-SHA "GET /actuator/health HTTP/1.1" 310
[28/Sep/2022:23:05:35 +0200] 103.149.192.249 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2022:23:12:33 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 298
[28/Sep/2022:23:12:35 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.env HTTP/1.1" 298
[28/Sep/2022:23:12:36 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/credentials HTTP/1.1" 304
[28/Sep/2022:23:12:37 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/credentials HTTP/1.1" 304
[28/Sep/2022:23:12:39 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/config HTTP/1.1" 303
[28/Sep/2022:23:12:40 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/config HTTP/1.1" 303
[28/Sep/2022:23:12:42 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /aws/credentials HTTP/1.1" 304
[28/Sep/2022:23:12:44 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /aws/credentials HTTP/1.1" 304
[28/Sep/2022:23:12:46 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /credentials HTTP/1.1" 302
[28/Sep/2022:23:12:48 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /credentials HTTP/1.1" 302
[28/Sep/2022:23:12:50 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /test.php HTTP/1.1" 300
[28/Sep/2022:23:12:51 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /test.php HTTP/1.1" 300
[28/Sep/2022:23:12:52 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /laravel/.env HTTP/1.1" 303
[28/Sep/2022:23:12:53 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /laravel/.env HTTP/1.1" 303
[28/Sep/2022:23:12:56 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /demo/.env HTTP/1.1" 301
[28/Sep/2022:23:12:57 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /demo/.env HTTP/1.1" 301
[28/Sep/2022:23:12:59 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /web/.env HTTP/1.1" 300
[28/Sep/2022:23:13:00 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /web/.env HTTP/1.1" 300
[28/Sep/2022:23:43:18 +0200] 106.75.178.244 TLSv1.2 AES256-SHA "{\"method\":\"login\",\"params\":{\"login\":\"45JymPWP1DeQxxMZNJv9w2bTQ2WJDAmw18wUSryDQa3RPrympJPoUSVcFEDv3bhiMJGWaCD4a3KrFCorJHCMqXJUKApSKDV\",\"pass\":\"xxoo\",\"agent\":\"xmr-stak-cpu/1.3.0-1.5.0\"},\"id\":1}" 379
[28/Sep/2022:23:43:19 +0200] 106.75.178.244 TLSv1.2 AES256-SHA "{\"id\":1,\"method\":\"mining.subscribe\",\"params\":[]}" 379
[28/Sep/2022:23:43:20 +0200] 106.75.178.244 TLSv1.2 AES256-SHA "{\"params\": [\"miner1\", \"password\"], \"id\": 2, \"method\": \"mining.authorize\"}" 379
[28/Sep/2022:23:43:22 +0200] 106.75.178.244 TLSv1.2 AES256-SHA "{\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"blue1\",\"pass\":\"x\",\"agent\":\"Windows NT 6.1; Win64; x64\"}}" 379
[28/Sep/2022:23:43:23 +0200] 106.75.178.244 TLSv1.2 AES256-SHA "{\"params\": [\"miner1\", \"bf\", \"00000001\", \"504e86ed\", \"b2957c02\"], \"id\": 4, \"method\": \"mining.submit\"}" 379
[28/Sep/2022:23:43:24 +0200] 106.75.178.244 TLSv1.2 AES256-SHA "{\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"x\",\"pass\":\"null\",\"agent\":\"XMRig/5.13.1\",\"algo\":[\"cn/1\",\"cn/2\",\"cn/r\",\"cn/fast\",\"cn/half\",\"cn/xao\",\"cn/rto\",\"cn/rwz\",\"cn/zls\",\"cn/double\",\"rx/0\",\"rx/wow\",\"rx/loki\",\"rx/arq\",\"rx/sfx\",\"rx/keva\"]}}" 379
[29/Sep/2022:00:23:01 +0200] 128.14.133.58 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[29/Sep/2022:01:02:09 +0200] 34.140.248.32 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[29/Sep/2022:01:22:48 +0200] 106.75.21.224 TLSv1.2 AES256-SHA "GET / HTTP/1.0" 383
[29/Sep/2022:01:27:47 +0200] 35.90.89.157 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[29/Sep/2022:01:28:18 +0200] 52.11.231.80 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 314
[29/Sep/2022:01:58:23 +0200] 163.123.143.186 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[29/Sep/2022:01:58:23 +0200] 163.123.143.186 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301