[03/Oct/2022:02:25:31 +0200] 151.236.33.190 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 297
[03/Oct/2022:02:27:11 +0200] 192.53.170.163 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[03/Oct/2022:02:29:20 +0200] 34.208.253.219 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 295
[03/Oct/2022:02:29:30 +0200] 34.215.242.244 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 302
[03/Oct/2022:02:29:35 +0200] 34.215.242.244 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 295
[03/Oct/2022:02:56:35 +0200] 54.89.141.175 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[03/Oct/2022:03:08:57 +0200] 159.65.179.51 TLSv1.2 AES256-SHA "GET /ab2h HTTP/1.1" 304
[03/Oct/2022:03:09:03 +0200] 159.65.179.51 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[03/Oct/2022:03:35:42 +0200] 87.236.176.216 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[03/Oct/2022:04:36:29 +0200] 88.214.43.118 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /phpinfi.php HTTP/1.1" 314
[03/Oct/2022:04:36:29 +0200] 88.214.43.118 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /phpinfi.php HTTP/1.1" 314
[03/Oct/2022:04:39:36 +0200] 192.241.220.236 TLSv1.2 AES256-SHA "GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1" 328
[03/Oct/2022:04:48:08 +0200] 192.241.215.172 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[03/Oct/2022:05:41:49 +0200] 213.32.122.82 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[03/Oct/2022:06:37:10 +0200] 154.89.5.208 TLSv1.2 AES256-SHA "GET / HTTP/1.0" 383
[03/Oct/2022:06:51:18 +0200] 64.62.197.137 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[03/Oct/2022:06:57:52 +0200] 64.62.197.137 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[03/Oct/2022:07:01:43 +0200] 64.62.197.146 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[03/Oct/2022:07:29:30 +0200] 88.214.43.215 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[03/Oct/2022:07:29:32 +0200] 88.214.43.215 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.env HTTP/1.1" 304
[03/Oct/2022:07:29:33 +0200] 88.214.43.215 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/credentials HTTP/1.1" 311
[03/Oct/2022:07:29:35 +0200] 88.214.43.215 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/credentials HTTP/1.1" 311
[03/Oct/2022:07:29:36 +0200] 88.214.43.215 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/config HTTP/1.1" 310
[03/Oct/2022:07:29:37 +0200] 88.214.43.215 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/config HTTP/1.1" 310
[03/Oct/2022:07:29:39 +0200] 88.214.43.215 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /aws/credentials HTTP/1.1" 310
[03/Oct/2022:07:29:39 +0200] 88.214.43.215 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /aws/credentials HTTP/1.1" 310
[03/Oct/2022:07:29:41 +0200] 88.214.43.215 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /credentials HTTP/1.1" 308
[03/Oct/2022:07:29:42 +0200] 88.214.43.215 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /credentials HTTP/1.1" 308
[03/Oct/2022:07:29:43 +0200] 88.214.43.215 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /test.php HTTP/1.1" 306
[03/Oct/2022:07:29:45 +0200] 88.214.43.215 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /test.php HTTP/1.1" 306
[03/Oct/2022:08:00:34 +0200] 193.106.29.122 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.0" 388
[03/Oct/2022:08:01:15 +0200] 35.84.199.62 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[03/Oct/2022:08:27:21 +0200] 71.6.232.2 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[03/Oct/2022:09:15:23 +0200] 194.110.203.44 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /harm.at.bak.sql HTTP/1.1" 392
[03/Oct/2022:09:52:53 +0200] 192.241.207.158 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[03/Oct/2022:10:08:02 +0200] 194.110.203.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /harm.at.bck.sql HTTP/1.1" 392
[03/Oct/2022:11:26:50 +0200] 192.241.213.57 TLSv1.2 AES256-SHA "GET /version HTTP/1.1" 305
[03/Oct/2022:11:36:00 +0200] 194.5.73.5 TLSv1.2 AES256-SHA "GET /rest/api/latest/repos HTTP/1.1" 313
[03/Oct/2022:11:36:00 +0200] 194.5.73.5 TLSv1.2 AES256-SHA "GET /rest/api/latest/projects/%7B%7Bkey%7D%7D/repos/%7B%7Bslug%7D%7D/archive?filename=cTVtS&at=cTVtS&path=cTVtS&prefix=ax%00--exec=%60divd_fake_command%60%00--remote=origin HTTP/1.1" 415
[03/Oct/2022:11:48:08 +0200] 194.110.203.39 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /klub.kornland.at.bck.sql HTTP/1.1" 410
[03/Oct/2022:12:15:27 +0200] 192.241.205.22 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx HTTP/1.1" 314
[03/Oct/2022:12:18:04 +0200] 192.241.219.120 TLSv1.2 AES256-SHA "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 348
[03/Oct/2022:12:20:23 +0200] 192.241.213.175 TLSv1.2 AES256-SHA "GET /owa/auth/x.js HTTP/1.1" 310
[03/Oct/2022:12:21:14 +0200] 152.89.196.23 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[03/Oct/2022:13:38:45 +0200] 205.210.31.55 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 393
[03/Oct/2022:14:32:18 +0200] 194.110.203.44 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /harm.bak.sql HTTP/1.1" 389
[03/Oct/2022:15:44:28 +0200] 43.131.66.209 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 500
[03/Oct/2022:15:45:28 +0200] 162.19.196.234 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[03/Oct/2022:15:45:29 +0200] 162.19.196.234 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[03/Oct/2022:18:19:33 +0200] 162.142.125.210 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[03/Oct/2022:18:19:34 +0200] 162.142.125.210 TLSv1.2 AES256-SHA "PRI * HTTP/2.0" 379
[03/Oct/2022:19:33:06 +0200] 104.248.196.61 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[03/Oct/2022:20:36:20 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 327
[03/Oct/2022:21:05:08 +0200] 154.209.125.71 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[03/Oct/2022:21:09:50 +0200] 20.101.57.24 TLSv1.2 AES256-SHA "POST /wp-plain.php HTTP/1.1" 389
[03/Oct/2022:21:09:51 +0200] 20.101.57.24 TLSv1.2 AES256-SHA "GET /lbrsilxj.php?Fox=d3wL7 HTTP/1.1" 399
[03/Oct/2022:21:17:30 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "POST /mifs/.;/services/LogService HTTP/1.1" 318
[03/Oct/2022:22:19:58 +0200] 51.158.108.77 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[03/Oct/2022:23:14:58 +0200] 43.153.208.98 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[03/Oct/2022:23:18:56 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "-" -
[03/Oct/2022:23:24:16 +0200] 194.110.203.42 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /klub.bck.sql HTTP/1.1" 398
[03/Oct/2022:23:38:23 +0200] 194.110.203.44 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /klub.bck.sql HTTP/1.1" 398
[04/Oct/2022:00:30:07 +0200] 194.110.203.46 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /harm.bck.sql HTTP/1.1" 389
[04/Oct/2022:01:10:46 +0200] 34.78.6.216 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[04/Oct/2022:01:21:41 +0200] 194.110.203.44 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /easyzumfuehrerschein.bck.sql HTTP/1.1" 422
[04/Oct/2022:01:35:35 +0200] 35.89.250.16 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 306
[04/Oct/2022:01:36:41 +0200] 34.220.178.95 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 306
[04/Oct/2022:01:39:22 +0200] 54.213.112.58 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 306