[19/Oct/2022:02:00:48 +0200] 45.95.147.54 TLSv1.2 DHE-RSA-AES256-SHA "GET / HTTP/1.1" 383
[19/Oct/2022:02:08:36 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 327
[19/Oct/2022:02:11:22 +0200] 193.118.53.194 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:02:21:25 +0200] 198.235.24.140 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[19/Oct/2022:02:39:14 +0200] 23.90.160.114 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:02:41:12 +0200] 152.89.196.23 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[19/Oct/2022:03:04:33 +0200] 188.166.115.110 TLSv1.2 AES256-SHA "GET /ab2g HTTP/1.1" 304
[19/Oct/2022:03:04:33 +0200] 188.166.115.110 TLSv1.2 AES256-SHA "GET /ab2h HTTP/1.1" 304
[19/Oct/2022:03:04:34 +0200] 188.166.115.110 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:03:07:06 +0200] 194.110.203.44 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /klub_MySQL.sql HTTP/1.1" 400
[19/Oct/2022:03:29:19 +0200] 194.110.203.44 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /easyzumfuehrerschein_MySQL.sql HTTP/1.1" 424
[19/Oct/2022:03:30:43 +0200] 167.94.146.59 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[19/Oct/2022:03:30:43 +0200] 167.94.146.59 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:03:30:44 +0200] 167.94.146.59 TLSv1.2 AES256-SHA "PRI * HTTP/2.0" 379
[19/Oct/2022:04:05:34 +0200] 208.100.26.243 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 298
[19/Oct/2022:04:18:25 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /actuator/gateway/routes HTTP/1.1" 315
[19/Oct/2022:05:11:25 +0200] 185.180.143.72 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:05:16:20 +0200] 194.110.203.44 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /databases.sql HTTP/1.1" 407
[19/Oct/2022:05:26:03 +0200] 194.110.203.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /databases.sql HTTP/1.1" 390
[19/Oct/2022:05:42:43 +0200] 87.236.176.46 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:06:00:29 +0200] 109.248.6.93 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /favicon.ico HTTP/1.0" 399
[19/Oct/2022:06:43:54 +0200] 128.14.134.134 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:06:58:11 +0200] 198.235.24.9 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 394
[19/Oct/2022:07:03:37 +0200] 192.241.212.111 TLSv1.2 AES256-SHA "GET /ReportServer HTTP/1.1" 307
[19/Oct/2022:07:22:14 +0200] 193.106.29.122 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.0" 388
[19/Oct/2022:07:27:54 +0200] 35.213.234.99 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[19/Oct/2022:07:28:30 +0200] 192.241.214.124 TLSv1.2 AES256-SHA "GET /login HTTP/1.1" 305
[19/Oct/2022:07:30:23 +0200] 162.142.125.121 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:07:30:24 +0200] 162.142.125.121 TLSv1.2 AES256-SHA "PRI * HTTP/2.0" 379
[19/Oct/2022:07:30:30 +0200] 43.128.225.120 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:08:07:00 +0200] 194.110.203.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /databases.zip HTTP/1.1" 390
[19/Oct/2022:08:19:11 +0200] 54.218.214.92 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 306
[19/Oct/2022:08:33:03 +0200] 183.136.225.35 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[19/Oct/2022:08:59:02 +0200] 185.7.214.218 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[19/Oct/2022:09:22:01 +0200] 118.123.105.87 TLSv1.2 AES256-SHA "GET / HTTP/1.0" 388
[19/Oct/2022:09:22:02 +0200] 118.123.105.87 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:09:22:04 +0200] 118.123.105.87 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:09:22:05 +0200] 118.123.105.87 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[19/Oct/2022:09:22:06 +0200] 118.123.105.87 TLSv1.2 AES256-SHA "GET /favicon.ico/ HTTP/1.1" 309
[19/Oct/2022:09:22:09 +0200] 118.123.105.87 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 308
[19/Oct/2022:09:22:10 +0200] 118.123.105.87 TLSv1.2 AES256-SHA "GET /robots.txt/ HTTP/1.1" 309
[19/Oct/2022:09:22:11 +0200] 118.123.105.87 TLSv1.2 AES256-SHA "GET /.well-known/security.txt HTTP/1.1" 319
[19/Oct/2022:09:22:13 +0200] 118.123.105.87 TLSv1.2 AES256-SHA "GET /.well-known/security.txt/ HTTP/1.1" 319
[19/Oct/2022:09:33:41 +0200] 194.110.203.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /databases.tar HTTP/1.1" 399
[19/Oct/2022:10:23:36 +0200] 194.110.203.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /databases.tar HTTP/1.1" 407
[19/Oct/2022:10:32:25 +0200] 60.217.75.70 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:11:32:56 +0200] 94.102.61.8 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:11:58:06 +0200] 43.131.66.209 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 500
[19/Oct/2022:13:00:58 +0200] 192.241.214.25 TLSv1.2 AES256-SHA "GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1" 328
[19/Oct/2022:13:09:29 +0200] 103.43.19.20 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:13:29:35 +0200] 193.118.53.194 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:13:38:45 +0200] 152.89.196.23 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[19/Oct/2022:14:01:09 +0200] 184.105.139.99 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:14:10:14 +0200] 184.105.139.99 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[19/Oct/2022:15:05:48 +0200] 159.65.114.24 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:15:16:43 +0200] 167.248.133.44 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[19/Oct/2022:15:16:44 +0200] 167.248.133.44 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:15:16:45 +0200] 167.248.133.44 TLSv1.2 AES256-SHA "PRI * HTTP/2.0" 379
[19/Oct/2022:15:36:16 +0200] 207.46.13.60 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 295
[19/Oct/2022:16:43:55 +0200] 162.142.125.220 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[19/Oct/2022:16:43:56 +0200] 162.142.125.220 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:16:43:57 +0200] 162.142.125.220 TLSv1.2 AES256-SHA "PRI * HTTP/2.0" 379
[19/Oct/2022:17:13:59 +0200] 208.100.26.237 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 297
[19/Oct/2022:17:16:50 +0200] 83.136.32.58 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "HEAD / HTTP/1.0" -
[19/Oct/2022:17:56:46 +0200] 167.248.133.46 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[19/Oct/2022:17:56:47 +0200] 167.248.133.46 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:17:56:47 +0200] 167.248.133.46 TLSv1.2 AES256-SHA "PRI * HTTP/2.0" 379
[19/Oct/2022:18:22:52 +0200] 63.251.232.75 TLSv1.2 AES256-SHA "GET /Electron/download/windows/%5CProgram%20Files%5C3CX%20Phone%20System%5CData%5CDB%5Cbase%5C16384%5C16393 HTTP/1.1" 369
[19/Oct/2022:18:48:15 +0200] 128.14.134.170 TLSv1.2 AES256-SHA "GET /cgi-bin/config.exp HTTP/1.1" 315
[19/Oct/2022:18:55:55 +0200] 137.226.113.44 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 308
[19/Oct/2022:18:56:01 +0200] 154.89.5.98 TLSv1.2 AES256-SHA "GET / HTTP/1.0" 383
[19/Oct/2022:19:56:38 +0200] 194.110.203.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /databases.tgz HTTP/1.1" 399
[19/Oct/2022:19:58:46 +0200] 94.102.61.8 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[19/Oct/2022:20:01:26 +0200] 94.102.61.8 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[19/Oct/2022:20:05:32 +0200] 94.102.61.8 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[19/Oct/2022:20:09:13 +0200] 192.241.213.175 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx HTTP/1.1" 314
[19/Oct/2022:20:12:40 +0200] 192.241.219.55 TLSv1.2 AES256-SHA "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 348
[19/Oct/2022:20:15:24 +0200] 192.241.215.109 TLSv1.2 AES256-SHA "GET /owa/auth/x.js HTTP/1.1" 310
[19/Oct/2022:20:55:42 +0200] 194.110.203.41 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /databases.bck HTTP/1.1" 399
[19/Oct/2022:21:00:40 +0200] 45.148.120.127 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "{\"id\": 1, \"method\": \"mining.subscribe\", \"params\": [\"cpuminer/2.5.1\"]}" 379
[19/Oct/2022:21:00:40 +0200] 45.148.120.127 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "{\"id\": 1, \"method\": \"mining.subscribe\", \"params\": [\"MinerName/1.0.0\", \"EthereumStratum/1.0.0\"]}" 379
[19/Oct/2022:21:00:41 +0200] 45.148.120.127 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "{\"id\":1,\"method\":\"eth_submitLogin\",\"worker\":\"eth1.0\",\"params\":[\"0xe36bb084e5549ce000305d160d7a5fd50753915e\",\"x\"],\"jsonrpc\":\"2.0\"}" 379
[19/Oct/2022:21:00:42 +0200] 45.148.120.127 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "{\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"43eXasaUXJ76gE7kgBoFhub8xnB6MJt8F3ZXPZNTwK1Z51yKSPQKMm9ZNAsk5sKtSzVxjCJ2TryqpUMQjis4qTTFG9vPtNP\",\"pass\":\"x\",\"agent\":\"XMRig/6.15.3 (Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019\",\"algo\":[\"cn/1\",\"cn/2\",\"cn/r\",\"cn/fast\",\"cn/half\",\"cn/xao\",\"cn/rto\",\"cn/rwz\",\"cn/zls\",\"cn/double\",\"cn/ccx\",\"cn-lite/1\",\"cn-heavy/0\",\"cn-heavy/tube\",\"cn-heavy/xhv\",\"cn-pico\",\"cn-pico/tlo\",\"cn/upx2\",\"rx/0\",\"rx/wow\",\"rx/arq\",\"rx/graft\",\"rx/sfx\",\"rx/keva\",\"argon2/chukwa\",\"argon2/chukwav2\",\"argon2/ninja\",\"astrobwt\"]}}" 379
[19/Oct/2022:21:00:43 +0200] 45.148.120.127 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[19/Oct/2022:21:05:03 +0200] 45.148.120.127 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[19/Oct/2022:21:09:32 +0200] 45.148.120.127 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[19/Oct/2022:21:09:33 +0200] 45.148.120.127 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /WuEL HTTP/1.1" 387
[19/Oct/2022:21:09:34 +0200] 45.148.120.127 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /a HTTP/1.1" 302
[19/Oct/2022:21:13:51 +0200] 45.148.120.127 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /download/file.ext HTTP/1.1" 313
[19/Oct/2022:21:18:17 +0200] 45.148.120.127 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /SiteLoader HTTP/1.1" 307
[19/Oct/2022:21:22:48 +0200] 45.148.120.127 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /mPlayer HTTP/1.1" 306
[19/Oct/2022:21:24:34 +0200] 183.136.225.35 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[19/Oct/2022:21:24:57 +0200] 183.136.225.35 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:21:25:43 +0200] 183.136.225.35 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 308
[19/Oct/2022:21:38:22 +0200] 162.221.192.26 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:21:40:59 +0200] 194.110.203.40 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /config.php~ HTTP/1.1" 397
[19/Oct/2022:23:04:19 +0200] 23.88.2.223 TLSv1.2 AES256-SHA "GET /.git/config HTTP/1.1" 304
[19/Oct/2022:23:05:48 +0200] 128.1.248.26 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[19/Oct/2022:23:08:47 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 327
[19/Oct/2022:23:12:19 +0200] 34.217.85.31 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[19/Oct/2022:23:12:40 +0200] 35.88.182.92 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[19/Oct/2022:23:12:44 +0200] 35.90.106.50 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 314
[19/Oct/2022:23:13:14 +0200] 194.110.203.44 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /config.php.bck HTTP/1.1" 400
[19/Oct/2022:23:22:16 +0200] 194.110.203.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /config.php.bak HTTP/1.1" 408
[19/Oct/2022:23:23:08 +0200] 72.251.235.152 - - "-" -
[20/Oct/2022:00:01:21 +0200] 194.110.203.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /config.bak HTTP/1.1" 396
[20/Oct/2022:00:32:45 +0200] 192.241.214.247 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[20/Oct/2022:00:33:52 +0200] 20.79.254.126 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[20/Oct/2022:00:50:09 +0200] 130.211.54.158 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[20/Oct/2022:00:51:30 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /actuator/gateway/routes HTTP/1.1" 315
[20/Oct/2022:01:08:51 +0200] 194.110.203.40 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /config.php~ HTTP/1.1" 388