[25/Dec/2022:01:12:34 +0100] 198.12.252.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /db/klub_db.tar HTTP/1.1" 400
[25/Dec/2022:01:25:19 +0100] 54.201.207.152 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 295
[25/Dec/2022:02:09:43 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[25/Dec/2022:02:09:43 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.env HTTP/1.1" 304
[25/Dec/2022:02:09:44 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/credentials HTTP/1.1" 311
[25/Dec/2022:02:09:44 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/credentials HTTP/1.1" 311
[25/Dec/2022:02:09:45 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/config HTTP/1.1" 310
[25/Dec/2022:02:09:45 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/config HTTP/1.1" 310
[25/Dec/2022:02:09:45 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /aws/credentials HTTP/1.1" 310
[25/Dec/2022:02:09:46 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /aws/credentials HTTP/1.1" 310
[25/Dec/2022:02:09:46 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /credentials HTTP/1.1" 308
[25/Dec/2022:02:09:47 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /credentials HTTP/1.1" 308
[25/Dec/2022:02:09:47 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /test.php HTTP/1.1" 306
[25/Dec/2022:02:09:48 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /test.php HTTP/1.1" 306
[25/Dec/2022:02:09:48 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /laravel/.env HTTP/1.1" 309
[25/Dec/2022:02:09:49 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /laravel/.env HTTP/1.1" 309
[25/Dec/2022:02:09:49 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /demo/.env HTTP/1.1" 307
[25/Dec/2022:02:09:50 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /demo/.env HTTP/1.1" 307
[25/Dec/2022:02:09:50 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /web/.env HTTP/1.1" 307
[25/Dec/2022:02:09:51 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /web/.env HTTP/1.1" 307
[25/Dec/2022:02:09:51 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /phpinfo HTTP/1.1" 307
[25/Dec/2022:02:09:52 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /phpinfo HTTP/1.1" 307
[25/Dec/2022:02:39:49 +0100] 194.110.203.40 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /db/harm-db.tar HTTP/1.1" 391
[25/Dec/2022:02:51:40 +0100] 194.110.203.47 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /db/klub-db.tar HTTP/1.1" 400
[25/Dec/2022:02:59:26 +0100] 165.22.227.82 TLSv1.2 AES256-SHA "GET /ab2g HTTP/1.1" 304
[25/Dec/2022:02:59:32 +0100] 165.22.227.82 TLSv1.2 AES256-SHA "GET /ab2h HTTP/1.1" 304
[25/Dec/2022:03:40:04 +0100] 41.197.31.178 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /users/sign_in HTTP/1.1" 398
[25/Dec/2022:05:36:18 +0100] 64.62.197.16 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[25/Dec/2022:05:50:06 +0100] 64.62.197.9 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[25/Dec/2022:05:59:32 +0100] 64.62.197.3 TLSv1.2 AES256-SHA "GET /.git/config HTTP/1.1" 310
[25/Dec/2022:06:08:11 +0100] 107.170.224.22 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[25/Dec/2022:06:23:19 +0100] 128.14.134.134 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[25/Dec/2022:06:23:32 +0100] 128.14.134.134 TLSv1.2 AES256-SHA "HEAD /icons/sphere1.png HTTP/1.1" -
[25/Dec/2022:06:41:59 +0100] 128.14.209.162 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[25/Dec/2022:06:58:48 +0100] 185.7.214.218 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[25/Dec/2022:07:01:34 +0100] 162.243.128.13 TLSv1.2 AES256-SHA "GET /actuator/health HTTP/1.1" 310
[25/Dec/2022:07:39:21 +0100] 194.110.203.42 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /db/db.7z HTTP/1.1" 402
[25/Dec/2022:07:43:23 +0100] 157.55.39.65 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 304
[25/Dec/2022:07:45:20 +0100] 194.110.203.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /db/db.7z HTTP/1.1" 385
[25/Dec/2022:08:10:07 +0100] 152.89.196.211 TLSv1.2 AES256-SHA "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 327
[25/Dec/2022:08:48:17 +0100] 4.184.57.28 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[25/Dec/2022:09:35:31 +0100] 194.110.203.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /db/dbdump.7z HTTP/1.1" 406
[25/Dec/2022:09:46:18 +0100] 194.110.203.42 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /db/dbdump.7z HTTP/1.1" 398
[25/Dec/2022:10:18:42 +0100] 194.110.203.47 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /db/dbdump.7z HTTP/1.1" 389
[25/Dec/2022:11:17:21 +0100] 152.89.196.211 TLSv1.2 AES256-SHA "GET /actuator/gateway/routes HTTP/1.1" 315
[25/Dec/2022:12:25:59 +0100] 164.52.25.251 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[25/Dec/2022:12:26:37 +0100] 164.52.25.251 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /favicon.ico HTTP/1.1" 394
[25/Dec/2022:12:41:51 +0100] 162.243.136.18 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx HTTP/1.1" 314
[25/Dec/2022:12:41:56 +0100] 194.110.203.39 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /db/localhostdb.7z HTTP/1.1" 411
[25/Dec/2022:12:45:35 +0100] 107.170.242.13 TLSv1.2 AES256-SHA "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 348
[25/Dec/2022:12:49:09 +0100] 107.170.242.13 TLSv1.2 AES256-SHA "GET /owa/auth/x.js HTTP/1.1" 310
[25/Dec/2022:13:59:41 +0100] 162.221.192.26 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[25/Dec/2022:15:01:57 +0100] 81.17.22.106 TLSv1.2 AES256-SHA "GET /.env.development HTTP/1.1" 399
[25/Dec/2022:15:01:57 +0100] 81.17.22.106 TLSv1.2 AES256-SHA "GET /.env.test HTTP/1.1" 392
[25/Dec/2022:15:01:57 +0100] 81.17.22.106 TLSv1.2 AES256-SHA "GET /.env.production HTTP/1.1" 398
[25/Dec/2022:16:06:39 +0100] 194.110.203.47 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /db/localhost-db.7z HTTP/1.1" 404
[25/Dec/2022:16:25:42 +0100] 185.7.214.218 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[25/Dec/2022:17:36:21 +0100] 157.55.39.65 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 304
[25/Dec/2022:18:03:52 +0100] 107.170.241.6 TLSv1.2 AES256-SHA "GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1" 328
[25/Dec/2022:18:26:33 +0100] 167.94.138.45 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[25/Dec/2022:18:26:34 +0100] 167.94.138.45 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[25/Dec/2022:18:26:35 +0100] 167.94.138.45 TLSv1.2 AES256-SHA "PRI * HTTP/2.0" 379
[25/Dec/2022:18:33:23 +0100] 183.136.225.32 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[25/Dec/2022:18:37:41 +0100] 192.241.239.23 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[25/Dec/2022:18:40:00 +0100] 183.136.225.32 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[25/Dec/2022:18:40:23 +0100] 183.136.225.32 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 308
[25/Dec/2022:19:33:34 +0100] 194.110.203.46 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /db/localhost-database.7z HTTP/1.1" 418
[25/Dec/2022:19:39:28 +0100] 198.12.252.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /db/localhost-database.7z HTTP/1.1" 401
[25/Dec/2022:20:28:40 +0100] 128.14.134.170 TLSv1.2 AES256-SHA "GET /cgi-bin/config.exp HTTP/1.1" 315
[25/Dec/2022:20:33:12 +0100] 124.223.197.157 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[25/Dec/2022:20:52:57 +0100] 23.251.102.74 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[25/Dec/2022:20:58:59 +0100] 194.110.203.47 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /db/harmdb.7z HTTP/1.1" 389
[25/Dec/2022:21:04:37 +0100] 63.251.232.70 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 377
[25/Dec/2022:21:16:38 +0100] 45.134.144.119 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET ///remote/fgt_lang?lang=/../../../..//////////dev/ HTTP/1.1" 325
[25/Dec/2022:22:39:15 +0100] 34.220.166.230 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[25/Dec/2022:22:40:00 +0100] 52.42.230.6 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 314
[25/Dec/2022:23:02:00 +0100] 51.77.247.119 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.env HTTP/1.1" 387
[25/Dec/2022:23:06:12 +0100] 20.100.176.223 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[25/Dec/2022:23:06:12 +0100] 20.100.176.223 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[25/Dec/2022:23:16:56 +0100] 87.236.176.98 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[25/Dec/2022:23:39:28 +0100] 60.217.75.70 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[25/Dec/2022:23:39:46 +0100] 185.213.175.12 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "{\"id\": 1, \"method\": \"mining.subscribe\", \"params\": [\"cpuminer/2.5.1\"]}" 379
[25/Dec/2022:23:39:55 +0100] 185.213.175.12 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "{\"id\": 1, \"method\": \"mining.subscribe\", \"params\": [\"MinerName/1.0.0\", \"EthereumStratum/1.0.0\"]}" 379
[25/Dec/2022:23:40:03 +0100] 185.213.175.12 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "{\"id\":1,\"method\":\"eth_submitLogin\",\"worker\":\"eth1.0\",\"params\":[\"0xb0c5df4630fd3347e465def60045f8ea43198210\",\"x\"],\"jsonrpc\":\"2.0\"}" 379
[25/Dec/2022:23:40:11 +0100] 185.213.175.12 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "{\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"45tTCinrA76hDcWw9j4cqJHaWUvAQ76D2DNBkzZdHrhgWWncwXNvzKsKurtRZu7wAHACn11szjM8xGc4J9ZKs8WJJMYtYKM\",\"pass\":\"x\",\"agent\":\"XMRig/6.15.3 (Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019\",\"algo\":[\"cn/1\",\"cn/2\",\"cn/r\",\"cn/fast\",\"cn/half\",\"cn/xao\",\"cn/rto\",\"cn/rwz\",\"cn/zls\",\"cn/double\",\"cn/ccx\",\"cn-lite/1\",\"cn-heavy/0\",\"cn-heavy/tube\",\"cn-heavy/xhv\",\"cn-pico\",\"cn-pico/tlo\",\"cn/upx2\",\"rx/0\",\"rx/wow\",\"rx/arq\",\"rx/graft\",\"rx/sfx\",\"rx/keva\",\"argon2/chukwa\",\"argon2/chukwav2\",\"argon2/ninja\",\"astrobwt\"]}}" 379
[25/Dec/2022:23:40:18 +0100] 185.213.175.12 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[25/Dec/2022:23:40:22 +0100] 185.213.175.12 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[25/Dec/2022:23:40:28 +0100] 185.213.175.12 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[25/Dec/2022:23:40:34 +0100] 185.213.175.12 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /WuEL HTTP/1.1" 387
[25/Dec/2022:23:40:39 +0100] 185.213.175.12 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET stager64 HTTP/1.1" 293
[25/Dec/2022:23:40:43 +0100] 185.213.175.12 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /a HTTP/1.1" 302
[25/Dec/2022:23:40:47 +0100] 185.213.175.12 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /download/file.ext HTTP/1.1" 313
[25/Dec/2022:23:40:49 +0100] 185.213.175.12 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /SiteLoader HTTP/1.1" 307
[25/Dec/2022:23:40:53 +0100] 185.213.175.12 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /mPlayer HTTP/1.1" 306
[26/Dec/2022:00:31:05 +0100] 45.134.144.119 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET ///remote/fgt_lang?lang=/../../../..//////////dev/ HTTP/1.1" 325
[26/Dec/2022:00:45:56 +0100] 188.166.255.15 TLSv1.2 AES256-SHA "GET /ab2g HTTP/1.1" 304
[26/Dec/2022:00:45:59 +0100] 188.166.255.15 TLSv1.2 AES256-SHA "GET /ab2h HTTP/1.1" 304
[26/Dec/2022:00:46:09 +0100] 188.166.255.15 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301