[06/Jan/2023:01:00:04 +0100] 117.187.173.2 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[06/Jan/2023:01:33:14 +0100] 194.110.203.40 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /database/backuplocalhost.sql.gz HTTP/1.1" 417
[06/Jan/2023:02:23:48 +0100] 89.248.165.52 - - "-" -
[06/Jan/2023:03:03:00 +0100] 194.110.203.40 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /database/backup-localhost.sql.gz HTTP/1.1" 418
[06/Jan/2023:03:19:13 +0100] 194.110.203.42 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /database/backup-localhost.sql.gz HTTP/1.1" 426
[06/Jan/2023:03:56:34 +0100] 139.162.215.70 TLSv1.2 AES256-SHA "GET /owa/ HTTP/1.1" 304
[06/Jan/2023:03:56:51 +0100] 139.162.215.70 TLSv1.2 AES256-SHA "GET /autodiscover/autodiscover.json?a..foo.var/owa/?&Email=autodiscover/autodiscover.json?a..foo.var&Protocol=XYZ&FooProtocol=%50owershell HTTP/1.1" 378
[06/Jan/2023:05:01:40 +0100] 192.99.32.74 TLSv1.2 AES256-SHA "GET /.DS_Store HTTP/1.1" 301
[06/Jan/2023:05:01:40 +0100] 185.220.102.250 TLSv1.2 AES256-SHA "GET /.git/config HTTP/1.1" 304
[06/Jan/2023:05:01:43 +0100] 185.56.83.83 TLSv1.2 AES256-SHA "GET /.DS_Store HTTP/1.1" 301
[06/Jan/2023:05:15:17 +0100] 194.110.203.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /database/backup_localhost.sql.gz HTTP/1.1" 409
[06/Jan/2023:05:30:49 +0100] 64.62.197.126 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[06/Jan/2023:05:40:04 +0100] 64.62.197.136 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[06/Jan/2023:05:43:02 +0100] 64.62.197.129 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[06/Jan/2023:05:44:13 +0100] 64.62.197.128 TLSv1.2 AES256-SHA "GET /.git/config HTTP/1.1" 310
[06/Jan/2023:06:00:21 +0100] 194.110.203.40 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /database/backup_localhost.sql.gz HTTP/1.1" 418
[06/Jan/2023:06:18:08 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[06/Jan/2023:06:18:08 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.env HTTP/1.1" 304
[06/Jan/2023:06:18:09 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/credentials HTTP/1.1" 311
[06/Jan/2023:06:18:09 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/credentials HTTP/1.1" 311
[06/Jan/2023:06:18:10 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/config HTTP/1.1" 310
[06/Jan/2023:06:18:10 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/config HTTP/1.1" 310
[06/Jan/2023:06:18:11 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /aws/credentials HTTP/1.1" 310
[06/Jan/2023:06:18:11 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /aws/credentials HTTP/1.1" 310
[06/Jan/2023:06:18:12 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /credentials HTTP/1.1" 308
[06/Jan/2023:06:18:12 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /credentials HTTP/1.1" 308
[06/Jan/2023:06:18:13 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /test.php HTTP/1.1" 306
[06/Jan/2023:06:18:13 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /test.php HTTP/1.1" 306
[06/Jan/2023:06:18:14 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /laravel/.env HTTP/1.1" 309
[06/Jan/2023:06:18:14 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /laravel/.env HTTP/1.1" 309
[06/Jan/2023:06:18:15 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /demo/.env HTTP/1.1" 307
[06/Jan/2023:06:18:15 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /demo/.env HTTP/1.1" 307
[06/Jan/2023:06:18:16 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /web/.env HTTP/1.1" 307
[06/Jan/2023:06:18:16 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /web/.env HTTP/1.1" 307
[06/Jan/2023:06:18:17 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /phpinfo HTTP/1.1" 307
[06/Jan/2023:06:18:17 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /phpinfo HTTP/1.1" 307
[06/Jan/2023:06:25:06 +0100] 193.106.29.122 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.0" 388
[06/Jan/2023:06:29:12 +0100] 154.89.5.75 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[06/Jan/2023:06:35:09 +0100] 45.142.182.42 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /laravel/.env HTTP/1.1" 395
[06/Jan/2023:06:38:06 +0100] 162.243.130.8 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[06/Jan/2023:06:44:24 +0100] 157.55.39.65 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 304
[06/Jan/2023:08:34:49 +0100] 183.136.225.32 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[06/Jan/2023:09:26:14 +0100] 194.110.203.47 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /database/harm.at_db.sql.gz HTTP/1.1" 403
[06/Jan/2023:09:27:59 +0100] 194.110.203.47 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /database/easyzumfuehrerschein.com_db.sql.gz HTTP/1.1" 437
[06/Jan/2023:09:52:41 +0100] 107.170.232.16 TLSv1.2 AES256-SHA "GET /actuator/health HTTP/1.1" 310
[06/Jan/2023:10:58:07 +0100] 205.210.31.141 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 377
[06/Jan/2023:11:38:27 +0100] 103.99.3.216 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[06/Jan/2023:11:38:29 +0100] 103.99.3.216 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 292
[06/Jan/2023:11:38:30 +0100] 103.99.3.216 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 292
[06/Jan/2023:11:38:33 +0100] 103.99.3.216 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 292
[06/Jan/2023:11:38:35 +0100] 103.99.3.216 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 292
[06/Jan/2023:11:38:38 +0100] 103.99.3.216 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 292
[06/Jan/2023:11:38:40 +0100] 103.99.3.216 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /HNAP1/ HTTP/1.1" 292
[06/Jan/2023:11:38:41 +0100] 103.99.3.216 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /HNAP1/ HTTP/1.1" 292
[06/Jan/2023:11:38:42 +0100] 103.99.3.216 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /HNAP1/ HTTP/1.1" 292
[06/Jan/2023:11:58:08 +0100] 180.149.125.159 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[06/Jan/2023:12:20:15 +0100] 185.180.143.138 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[06/Jan/2023:12:20:20 +0100] 185.180.143.138 TLSv1.2 AES256-SHA "GET /api/jsonws/ HTTP/1.1" 309
[06/Jan/2023:12:27:24 +0100] 167.94.146.57 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[06/Jan/2023:12:27:24 +0100] 167.94.146.57 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[06/Jan/2023:12:27:24 +0100] 167.94.146.57 TLSv1.2 AES256-SHA "PRI * HTTP/2.0" 379
[06/Jan/2023:12:35:08 +0100] 138.246.253.24 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 403
[06/Jan/2023:12:42:46 +0100] 4.184.57.28 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[06/Jan/2023:12:59:11 +0100] 80.66.77.81 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 387
[06/Jan/2023:13:53:04 +0100] 194.110.203.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /database/klub.kornland.at_database.sql.gz HTTP/1.1" 427
[06/Jan/2023:14:14:21 +0100] 194.110.203.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /database/easyzumfuehrerschein.com_database.sql.gz HTTP/1.1" 443
[06/Jan/2023:15:28:54 +0100] 164.92.178.156 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[06/Jan/2023:16:11:24 +0100] 181.214.218.69 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "-" -
[06/Jan/2023:16:19:25 +0100] 194.110.203.47 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /database/easyzumfuehrerschein.com-database.sql.gz HTTP/1.1" 443
[06/Jan/2023:16:37:41 +0100] 157.55.39.65 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 304
[06/Jan/2023:16:44:57 +0100] 178.79.147.165 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[06/Jan/2023:17:49:18 +0100] 157.230.239.219 TLSv1.2 AES256-SHA "GET /ab2g HTTP/1.1" 304
[06/Jan/2023:17:49:20 +0100] 157.230.239.219 TLSv1.2 AES256-SHA "GET /ab2h HTTP/1.1" 304
[06/Jan/2023:17:49:23 +0100] 157.230.239.219 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[06/Jan/2023:18:52:09 +0100] 205.210.31.15 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 393
[06/Jan/2023:19:09:34 +0100] 162.243.135.5 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[06/Jan/2023:20:16:48 +0100] 101.68.211.2 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 394
[06/Jan/2023:20:40:54 +0100] 106.75.139.49 TLSv1.2 AES256-SHA "{\"method\":\"login\",\"params\":{\"login\":\"45JymPWP1DeQxxMZNJv9w2bTQ2WJDAmw18wUSryDQa3RPrympJPoUSVcFEDv3bhiMJGWaCD4a3KrFCorJHCMqXJUKApSKDV\",\"pass\":\"xxoo\",\"agent\":\"xmr-stak-cpu/1.3.0-1.5.0\"},\"id\":1}" 379
[06/Jan/2023:20:52:54 +0100] 183.136.225.32 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[06/Jan/2023:20:57:45 +0100] 194.110.203.40 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /database/klub.kornland.at-dump.sql.gz HTTP/1.1" 423
[06/Jan/2023:20:59:12 +0100] 183.136.225.32 - - "-" -
[06/Jan/2023:20:59:19 +0100] 183.136.225.32 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[06/Jan/2023:20:59:43 +0100] 183.136.225.32 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 308
[06/Jan/2023:21:06:16 +0100] 194.110.203.47 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /database/easyzumfuehrerschein.com-dump.sql.gz HTTP/1.1" 439
[06/Jan/2023:21:29:48 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[06/Jan/2023:21:29:48 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.env HTTP/1.1" 304
[06/Jan/2023:21:29:49 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/credentials HTTP/1.1" 311
[06/Jan/2023:21:29:49 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/credentials HTTP/1.1" 311
[06/Jan/2023:21:29:50 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/config HTTP/1.1" 310
[06/Jan/2023:21:29:50 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/config HTTP/1.1" 310
[06/Jan/2023:21:29:51 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /aws/credentials HTTP/1.1" 310
[06/Jan/2023:21:29:51 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /aws/credentials HTTP/1.1" 310
[06/Jan/2023:21:29:52 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /credentials HTTP/1.1" 308
[06/Jan/2023:21:29:52 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /credentials HTTP/1.1" 308
[06/Jan/2023:21:29:52 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /test.php HTTP/1.1" 306
[06/Jan/2023:21:29:53 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /test.php HTTP/1.1" 306
[06/Jan/2023:21:29:53 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /laravel/.env HTTP/1.1" 309
[06/Jan/2023:21:29:54 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /laravel/.env HTTP/1.1" 309
[06/Jan/2023:21:29:54 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /demo/.env HTTP/1.1" 307
[06/Jan/2023:21:29:55 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /demo/.env HTTP/1.1" 307
[06/Jan/2023:21:29:55 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /web/.env HTTP/1.1" 307
[06/Jan/2023:21:29:55 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /web/.env HTTP/1.1" 307
[06/Jan/2023:21:29:56 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /phpinfo HTTP/1.1" 307
[06/Jan/2023:21:29:56 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /phpinfo HTTP/1.1" 307
[06/Jan/2023:21:49:37 +0100] 205.210.31.48 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 381
[06/Jan/2023:22:28:35 +0100] 60.217.75.70 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[06/Jan/2023:22:35:12 +0100] 167.248.133.117 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[06/Jan/2023:22:35:13 +0100] 167.248.133.117 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[06/Jan/2023:22:35:13 +0100] 167.248.133.117 TLSv1.2 AES256-SHA "PRI * HTTP/2.0" 379
[06/Jan/2023:22:43:21 +0100] 162.221.192.26 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[06/Jan/2023:23:38:19 +0100] 139.162.215.70 TLSv1.2 AES256-SHA "GET /owa/ HTTP/1.1" 304
[06/Jan/2023:23:38:28 +0100] 139.162.215.70 TLSv1.2 AES256-SHA "GET /autodiscover/autodiscover.json?a..foo.var/owa/?&Email=autodiscover/autodiscover.json?a..foo.var&Protocol=XYZ&FooProtocol=%50owershell HTTP/1.1" 378
[07/Jan/2023:00:10:48 +0100] 192.241.192.13 TLSv1.2 AES256-SHA "GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1" 328
[07/Jan/2023:00:16:20 +0100] 128.14.209.162 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[07/Jan/2023:00:34:54 +0100] 34.76.158.233 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[07/Jan/2023:00:59:54 +0100] 198.235.24.41 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 394