[15/Oct/2022:02:09:53 +0200] 192.241.207.189 TLSv1.2 AES256-SHA "GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1" 328
[15/Oct/2022:02:18:20 +0200] 194.110.203.46 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /www.bck HTTP/1.1" 384
[15/Oct/2022:06:31:20 +0200] 20.121.203.115 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[15/Oct/2022:06:31:21 +0200] 20.121.203.115 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[15/Oct/2022:06:40:40 +0200] 192.241.212.171 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[15/Oct/2022:06:54:09 +0200] 138.246.253.24 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 387
[15/Oct/2022:07:08:24 +0200] 194.110.203.46 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /www.harm.at.rar HTTP/1.1" 392
[15/Oct/2022:08:17:11 +0200] 128.1.248.42 TLSv1.2 AES256-SHA "GET /admin/ HTTP/1.1" 305
[15/Oct/2022:08:28:14 +0200] 194.110.203.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /www.harm.at.sql HTTP/1.1" 392
[15/Oct/2022:08:29:53 +0200] 194.110.203.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /www.easyzumfuehrerschein.com.sql HTTP/1.1" 426
[15/Oct/2022:08:50:44 +0200] 46.161.27.17 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[15/Oct/2022:09:14:15 +0200] 198.235.24.28 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 377
[15/Oct/2022:09:58:20 +0200] 198.235.24.150 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[15/Oct/2022:10:10:32 +0200] 81.214.131.2 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 307
[15/Oct/2022:10:15:56 +0200] 192.241.220.156 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Oct/2022:10:57:14 +0200] 51.222.253.1 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /robots.txt HTTP/1.1" 304
[15/Oct/2022:10:57:16 +0200] 54.36.149.96 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 297
[15/Oct/2022:11:05:38 +0200] 185.110.190.225 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[15/Oct/2022:11:10:30 +0200] 45.83.123.170 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.git/HEAD HTTP/1.1" 386
[15/Oct/2022:11:30:42 +0200] 192.241.209.221 TLSv1.2 AES256-SHA "GET /version HTTP/1.1" 305
[15/Oct/2022:11:32:09 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 298
[15/Oct/2022:11:32:10 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.env HTTP/1.1" 298
[15/Oct/2022:11:32:11 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/credentials HTTP/1.1" 304
[15/Oct/2022:11:32:13 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/credentials HTTP/1.1" 304
[15/Oct/2022:11:32:15 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/config HTTP/1.1" 303
[15/Oct/2022:11:32:17 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/config HTTP/1.1" 303
[15/Oct/2022:11:32:18 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /aws/credentials HTTP/1.1" 304
[15/Oct/2022:11:32:19 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /aws/credentials HTTP/1.1" 304
[15/Oct/2022:11:32:21 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /credentials HTTP/1.1" 302
[15/Oct/2022:11:32:23 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /credentials HTTP/1.1" 302
[15/Oct/2022:11:32:25 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /test.php HTTP/1.1" 300
[15/Oct/2022:11:32:27 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /test.php HTTP/1.1" 300
[15/Oct/2022:11:32:29 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /laravel/.env HTTP/1.1" 303
[15/Oct/2022:11:32:31 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /laravel/.env HTTP/1.1" 303
[15/Oct/2022:11:32:32 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /demo/.env HTTP/1.1" 301
[15/Oct/2022:11:32:33 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /demo/.env HTTP/1.1" 301
[15/Oct/2022:11:32:35 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /web/.env HTTP/1.1" 300
[15/Oct/2022:11:32:36 +0200] 185.83.146.154 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /web/.env HTTP/1.1" 300
[15/Oct/2022:11:44:11 +0200] 152.89.196.23 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[15/Oct/2022:11:54:05 +0200] 54.36.148.234 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /robots.txt HTTP/1.1" 302
[15/Oct/2022:11:54:06 +0200] 54.36.148.207 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 295
[15/Oct/2022:12:28:41 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1" 390
[15/Oct/2022:12:47:13 +0200] 109.248.6.57 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.0" 388
[15/Oct/2022:13:09:20 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 327
[15/Oct/2022:13:14:36 +0200] 40.77.167.97 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 314
[15/Oct/2022:13:14:37 +0200] 40.77.167.97 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 314
[15/Oct/2022:13:14:48 +0200] 157.55.39.215 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[15/Oct/2022:13:20:11 +0200] 194.110.203.44 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /www.easyzumfuehrerschein.com.tar HTTP/1.1" 426
[15/Oct/2022:13:24:21 +0200] 65.49.20.103 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Oct/2022:13:37:59 +0200] 65.49.20.67 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[15/Oct/2022:13:43:05 +0200] 65.49.20.87 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Oct/2022:13:45:12 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "POST /mifs/.;/services/LogService HTTP/1.1" 318
[15/Oct/2022:14:17:02 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /console/ HTTP/1.1" 307
[15/Oct/2022:14:25:13 +0200] 66.240.236.119 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 380
[15/Oct/2022:14:25:36 +0200] 66.240.236.119 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[15/Oct/2022:14:25:40 +0200] 66.240.236.119 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[15/Oct/2022:14:25:41 +0200] 66.240.236.119 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[15/Oct/2022:14:25:45 +0200] 66.240.236.119 TLSv1.2 AES256-SHA "quit" 379
[15/Oct/2022:14:25:51 +0200] 66.240.236.119 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 390
[15/Oct/2022:14:25:57 +0200] 66.240.236.119 TLSv1.2 AES256-SHA "GET /sitemap.xml HTTP/1.1" 391
[15/Oct/2022:14:26:01 +0200] 66.240.236.119 TLSv1.2 AES256-SHA "GET /.well-known/security.txt HTTP/1.1" 404
[15/Oct/2022:14:26:06 +0200] 66.240.236.119 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /favicon.ico HTTP/1.1" 305
[15/Oct/2022:14:26:09 +0200] 66.240.236.119 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[15/Oct/2022:14:59:36 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 315
[15/Oct/2022:15:21:42 +0200] 194.110.203.40 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /www.harm.at.tar.gz HTTP/1.1" 395
[15/Oct/2022:15:25:33 +0200] 94.102.61.8 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Oct/2022:15:29:46 +0200] 192.241.221.72 TLSv1.2 AES256-SHA "GET /actuator/health HTTP/1.1" 310
[15/Oct/2022:15:34:39 +0200] 194.110.203.40 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /www.klub.kornland.at.tar.gz HTTP/1.1" 413
[15/Oct/2022:15:45:00 +0200] 207.46.13.234 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 302
[15/Oct/2022:15:45:01 +0200] 207.46.13.234 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 302
[15/Oct/2022:15:45:07 +0200] 207.46.13.60 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 295
[15/Oct/2022:17:20:45 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Oct/2022:17:22:55 +0200] 194.110.203.40 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /www.klub.kornland.at.tgz HTTP/1.1" 410
[15/Oct/2022:17:40:04 +0200] 162.142.125.121 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Oct/2022:17:40:05 +0200] 162.142.125.121 TLSv1.2 AES256-SHA "PRI * HTTP/2.0" 379
[15/Oct/2022:18:01:44 +0200] 198.235.24.55 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 377
[15/Oct/2022:18:58:48 +0200] 194.110.203.42 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /www.harm.at.zip HTTP/1.1" 392
[15/Oct/2022:19:14:26 +0200] 35.216.188.92 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Oct/2022:19:35:41 +0200] 209.141.41.193 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 297
[15/Oct/2022:19:35:43 +0200] 205.185.116.89 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 305
[15/Oct/2022:19:36:22 +0200] 205.185.116.89 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[15/Oct/2022:19:36:24 +0200] 205.185.116.89 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 314
[15/Oct/2022:19:37:14 +0200] 209.141.51.222 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 295
[15/Oct/2022:19:37:17 +0200] 209.141.35.128 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 302
[15/Oct/2022:19:38:36 +0200] 36.40.65.211 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Oct/2022:19:40:08 +0200] 36.46.132.66 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Oct/2022:19:46:57 +0200] 128.14.134.134 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Oct/2022:20:19:16 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Oct/2022:20:44:49 +0200] 194.110.203.40 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /www.klub.kornland.at.zip HTTP/1.1" 410
[15/Oct/2022:21:06:48 +0200] 185.141.110.139 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /api/v2/cmdb/system/admin HTTP/1.1" 404
[15/Oct/2022:21:08:34 +0200] 194.110.203.40 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /www.harm.at.7z HTTP/1.1" 391
[15/Oct/2022:21:22:09 +0200] 146.255.98.206 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 300
[15/Oct/2022:21:22:09 +0200] 146.255.98.206 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 297
[15/Oct/2022:21:22:10 +0200] 146.255.98.206 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /core/.env HTTP/1.1" 303
[15/Oct/2022:21:22:10 +0200] 146.255.98.206 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /core/.env HTTP/1.1" 303
[15/Oct/2022:21:22:10 +0200] 146.255.98.206 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 297
[15/Oct/2022:21:22:11 +0200] 146.255.98.206 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /core/.env HTTP/1.1" 303
[15/Oct/2022:21:28:05 +0200] 109.206.241.254 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[15/Oct/2022:21:28:05 +0200] 109.206.241.254 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[15/Oct/2022:21:28:52 +0200] 152.89.196.84 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.git/HEAD HTTP/1.1" 403
[15/Oct/2022:22:05:43 +0200] 192.241.212.107 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx HTTP/1.1" 314
[15/Oct/2022:22:08:20 +0200] 192.241.219.55 TLSv1.2 AES256-SHA "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 348
[15/Oct/2022:22:09:28 +0200] 192.241.219.128 TLSv1.2 AES256-SHA "GET /owa/auth/x.js HTTP/1.1" 310
[15/Oct/2022:22:11:07 +0200] 124.156.222.254 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Oct/2022:22:44:38 +0200] 91.240.118.149 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.git/HEAD HTTP/1.1" 386
[15/Oct/2022:23:19:36 +0200] 43.131.66.209 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 500
[16/Oct/2022:00:04:27 +0200] 50.31.21.7 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.0" 388
[16/Oct/2022:00:06:15 +0200] 50.31.21.7 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /sdk HTTP/1.1" 386
[16/Oct/2022:00:06:17 +0200] 50.31.21.7 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /nmaplowercheck1665871574 HTTP/1.1" 407
[16/Oct/2022:00:06:17 +0200] 50.31.21.7 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "HEAD / HTTP/1.1" -
[16/Oct/2022:00:06:18 +0200] 50.31.21.7 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /HNAP1 HTTP/1.1" 388
[16/Oct/2022:00:06:18 +0200] 50.31.21.7 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[16/Oct/2022:00:06:18 +0200] 50.31.21.7 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.0" 388
[16/Oct/2022:00:06:19 +0200] 50.31.21.7 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[16/Oct/2022:00:06:19 +0200] 50.31.21.7 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /evox/about HTTP/1.1" 393
[16/Oct/2022:00:28:38 +0200] 63.251.232.75 TLSv1.2 AES256-SHA "GET /Electron/download/windows/%5CProgram%20Files%5C3CX%20Phone%20System%5CData%5CDB%5Cbase%5C16384%5C16393 HTTP/1.1" 369
[16/Oct/2022:00:55:53 +0200] 35.233.62.116 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[16/Oct/2022:01:13:38 +0200] 152.89.196.23 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[16/Oct/2022:01:17:32 +0200] 194.110.203.39 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /www.easyzumfuehrerschein.gz HTTP/1.1" 421
[16/Oct/2022:01:34:31 +0200] 194.110.203.40 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /www.klub.gz HTTP/1.1" 397
[16/Oct/2022:01:38:29 +0200] 54.191.24.87 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 306
[16/Oct/2022:01:39:18 +0200] 94.102.61.8 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[16/Oct/2022:01:39:36 +0200] 34.209.215.191 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 306
[16/Oct/2022:01:39:51 +0200] 194.110.203.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /www.harm.gz HTTP/1.1" 388
[16/Oct/2022:01:41:42 +0200] 35.87.133.101 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 306
[16/Oct/2022:01:42:17 +0200] 54.213.10.133 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 306
[16/Oct/2022:01:57:22 +0200] 93.159.230.87 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301