[15/Feb/2023:01:06:35 +0100] 34.78.6.216 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[15/Feb/2023:01:34:51 +0100] 64.62.197.42 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Feb/2023:01:42:40 +0100] 64.62.197.45 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[15/Feb/2023:01:46:14 +0100] 64.62.197.37 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Feb/2023:01:47:29 +0100] 64.62.197.46 TLSv1.2 AES256-SHA "GET /.git/config HTTP/1.1" 310
[15/Feb/2023:02:03:35 +0100] 103.149.192.172 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Feb/2023:04:15:42 +0100] 194.110.203.42 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /klub_18032022.zip HTTP/1.1" 403
[15/Feb/2023:05:31:49 +0100] 198.235.24.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[15/Feb/2023:05:37:41 +0100] 198.199.76.233 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[15/Feb/2023:06:14:46 +0100] 107.170.246.28 TLSv1.2 AES256-SHA "GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1" 328
[15/Feb/2023:07:30:45 +0100] 152.89.196.211 TLSv1.2 AES256-SHA "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 331
[15/Feb/2023:07:49:40 +0100] 194.110.203.46 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /klub_17032022.zip HTTP/1.1" 403
[15/Feb/2023:07:59:31 +0100] 192.241.210.43 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Feb/2023:08:06:49 +0100] 193.106.29.122 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.0" 388
[15/Feb/2023:08:16:02 +0100] 13.81.117.122 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[15/Feb/2023:08:53:58 +0100] 104.131.128.26 TLSv1.2 AES256-SHA "GET /ReportServer HTTP/1.1" 307
[15/Feb/2023:09:00:08 +0100] 167.94.138.62 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[15/Feb/2023:09:00:08 +0100] 167.94.138.62 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Feb/2023:09:00:09 +0100] 167.94.138.62 TLSv1.2 AES256-SHA "PRI * HTTP/2.0" 379
[15/Feb/2023:09:12:36 +0100] 162.243.136.26 TLSv1.2 AES256-SHA "GET /login HTTP/1.1" 305
[15/Feb/2023:09:39:33 +0100] 45.83.65.250 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 293
[15/Feb/2023:09:39:33 +0100] 45.83.66.207 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /favicon.ico HTTP/1.1" 293
[15/Feb/2023:09:41:31 +0100] 192.53.170.78 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Feb/2023:09:42:00 +0100] 194.110.203.46 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /easyzumfuehrerschein_17032022.zip HTTP/1.1" 427
[15/Feb/2023:09:54:51 +0100] 106.75.133.83 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[15/Feb/2023:09:57:42 +0100] 4.184.57.28 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[15/Feb/2023:10:14:51 +0100] 152.89.196.211 TLSv1.2 AES256-SHA "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 327
[15/Feb/2023:10:43:56 +0100] 134.122.135.178 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /zEjNyczNxQDO3kTMyETL1xSMxMzN2MDN5IjN3YTMsETL0xyLt92YuQ2dzl2Zuc3d39yL6MHc0RHasAjM6ATM6AjMgcDMtIDMtMjMwITLkxiNx0id HTTP/1.1" 502
[15/Feb/2023:10:52:49 +0100] 152.89.196.211 TLSv1.2 AES256-SHA "POST /mifs/.;/services/LogService HTTP/1.1" 318
[15/Feb/2023:11:07:30 +0100] 194.110.203.40 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /harm_17032022.zip HTTP/1.1" 394
[15/Feb/2023:11:35:24 +0100] 152.89.196.211 TLSv1.2 AES256-SHA "GET /console/ HTTP/1.1" 307
[15/Feb/2023:12:48:09 +0100] 165.22.186.143 TLSv1.2 AES256-SHA "GET /ab2g HTTP/1.1" 304
[15/Feb/2023:12:48:10 +0100] 165.22.186.143 TLSv1.2 AES256-SHA "GET /ab2h HTTP/1.1" 304
[15/Feb/2023:12:48:13 +0100] 165.22.186.143 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Feb/2023:12:48:14 +0100] 165.22.186.143 TLSv1.2 AES256-SHA "GET /t4 HTTP/1.1" 302
[15/Feb/2023:12:53:32 +0100] 152.89.196.211 TLSv1.2 AES256-SHA "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 315
[15/Feb/2023:13:16:40 +0100] 194.110.203.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /harm_16032022.zip HTTP/1.1" 394
[15/Feb/2023:13:32:23 +0100] 152.89.196.211 TLSv1.2 AES256-SHA "GET /_ignition/execute-solution HTTP/1.1" 319
[15/Feb/2023:13:41:05 +0100] 183.136.225.32 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[15/Feb/2023:13:41:40 +0100] 183.136.225.32 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Feb/2023:13:42:02 +0100] 183.136.225.32 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[15/Feb/2023:13:56:16 +0100] 194.110.203.46 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /easyzumfuehrerschein_16032022.zip HTTP/1.1" 427
[15/Feb/2023:14:19:59 +0100] 152.89.196.211 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Feb/2023:14:22:55 +0100] 192.241.192.34 TLSv1.2 AES256-SHA "GET /actuator/health HTTP/1.1" 310
[15/Feb/2023:14:59:11 +0100] 80.66.88.40 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Feb/2023:15:12:43 +0100] 152.89.196.211 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Feb/2023:15:21:30 +0100] 138.68.224.69 TLSv1.2 AES256-SHA "GET /manager/html HTTP/1.1" 308
[15/Feb/2023:15:40:47 +0100] 194.110.203.46 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /klub_15032022.zip HTTP/1.1" 403
[15/Feb/2023:16:05:42 +0100] 180.149.125.169 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Feb/2023:16:07:45 +0100] 194.78.165.176 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /owa/auth.owa HTTP/1.1" 308
[15/Feb/2023:16:10:12 +0100] 152.89.196.211 TLSv1.2 AES256-SHA "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 293
[15/Feb/2023:17:03:17 +0100] 152.89.196.211 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Feb/2023:17:19:31 +0100] 138.246.253.24 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 393
[15/Feb/2023:17:47:55 +0100] 194.110.203.40 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /easyzumfuehrerschein_15032022.zip HTTP/1.1" 427
[15/Feb/2023:19:21:34 +0100] 83.136.32.58 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "HEAD / HTTP/1.0" -
[15/Feb/2023:19:26:25 +0100] 167.94.145.60 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[15/Feb/2023:19:26:25 +0100] 167.94.145.60 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Feb/2023:19:26:25 +0100] 167.94.145.60 TLSv1.2 AES256-SHA "PRI * HTTP/2.0" 379
[15/Feb/2023:19:38:24 +0100] 192.241.218.14 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[15/Feb/2023:20:43:42 +0100] 185.180.143.79 TLSv1.2 AES256-SHA "GET /cgi-bin/authLogin.cgi HTTP/1.1" 315
[15/Feb/2023:21:35:08 +0100] 45.14.226.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "{\"id\": 1, \"method\": \"mining.subscribe\", \"params\": [\"cpuminer/2.5.1\"]}" 379
[15/Feb/2023:21:35:12 +0100] 45.14.226.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "{\"id\": 1, \"method\": \"mining.subscribe\", \"params\": [\"MinerName/1.0.0\", \"EthereumStratum/1.0.0\"]}" 379
[15/Feb/2023:21:35:16 +0100] 45.14.226.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "{\"id\":1,\"method\":\"eth_submitLogin\",\"worker\":\"eth1.0\",\"params\":[\"0x1965dea0b7a70b074f8868d7e8fee853925bc301\",\"x\"],\"jsonrpc\":\"2.0\"}" 379
[15/Feb/2023:21:35:30 +0100] 45.14.226.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "{\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"44b7r4cQn9eWADDmCTXvcoT13pHEzvtJwT2sSvFR9mmgKNFZncny7NFC93a7iLUVnELjoqNgutDLJBdN7D6YYaqC9rToirU\",\"pass\":\"x\",\"agent\":\"XMRig/6.15.3 (Windows NT 10.0; Win64; x64) libuv/1.42.0 msvc/2019\",\"algo\":[\"cn/1\",\"cn/2\",\"cn/r\",\"cn/fast\",\"cn/half\",\"cn/xao\",\"cn/rto\",\"cn/rwz\",\"cn/zls\",\"cn/double\",\"cn/ccx\",\"cn-lite/1\",\"cn-heavy/0\",\"cn-heavy/tube\",\"cn-heavy/xhv\",\"cn-pico\",\"cn-pico/tlo\",\"cn/upx2\",\"rx/0\",\"rx/wow\",\"rx/arq\",\"rx/graft\",\"rx/sfx\",\"rx/keva\",\"argon2/chukwa\",\"argon2/chukwav2\",\"argon2/ninja\",\"astrobwt\"]}}" 379
[15/Feb/2023:21:35:51 +0100] 45.14.226.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[15/Feb/2023:21:36:12 +0100] 45.14.226.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[15/Feb/2023:21:36:24 +0100] 45.14.226.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[15/Feb/2023:21:36:51 +0100] 45.14.226.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /WuEL HTTP/1.1" 387
[15/Feb/2023:21:37:00 +0100] 45.14.226.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET stager64 HTTP/1.1" 293
[15/Feb/2023:21:37:04 +0100] 45.14.226.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /a HTTP/1.1" 302
[15/Feb/2023:21:37:10 +0100] 45.14.226.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /download/file.ext HTTP/1.1" 313
[15/Feb/2023:21:37:24 +0100] 45.14.226.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /SiteLoader HTTP/1.1" 307
[15/Feb/2023:21:37:31 +0100] 45.14.226.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /mPlayer HTTP/1.1" 306
[15/Feb/2023:21:48:25 +0100] 137.226.113.44 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 308
[15/Feb/2023:22:00:24 +0100] 194.110.203.46 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /easyzumfuehrerschein_13032022.zip HTTP/1.1" 427
[15/Feb/2023:22:12:45 +0100] 194.110.203.46 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /klub_12032022.zip HTTP/1.1" 403
[15/Feb/2023:22:28:47 +0100] 60.217.75.70 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Feb/2023:22:42:11 +0100] 139.59.138.104 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[15/Feb/2023:22:42:12 +0100] 139.59.138.104 TLSv1.2 AES256-SHA "GET /?rest_route=/wp/v2/users/ HTTP/1.1" 317
[15/Feb/2023:22:42:12 +0100] 139.59.138.104 TLSv1.2 AES256-SHA "GET /server-status HTTP/1.1" 308
[15/Feb/2023:22:42:12 +0100] 139.59.138.104 TLSv1.2 AES256-SHA "GET /s/230313e2331313e29353e26383/_/;/META-INF/maven/com.atlassian.jira/jira-webapp-dist/pom.properties HTTP/1.1" 366
[15/Feb/2023:22:42:12 +0100] 139.59.138.104 TLSv1.2 AES256-SHA "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 348
[15/Feb/2023:22:42:12 +0100] 139.59.138.104 TLSv1.2 AES256-SHA "GET /.DS_Store HTTP/1.1" 307
[15/Feb/2023:22:42:12 +0100] 139.59.138.104 TLSv1.2 AES256-SHA "GET /.env HTTP/1.1" 304
[15/Feb/2023:22:42:12 +0100] 139.59.138.104 TLSv1.2 AES256-SHA "GET /info.php HTTP/1.1" 307
[15/Feb/2023:22:42:12 +0100] 139.59.138.104 TLSv1.2 AES256-SHA "GET /.git/config HTTP/1.1" 310
[15/Feb/2023:22:42:12 +0100] 139.59.138.104 TLSv1.2 AES256-SHA "GET /telescope/requests HTTP/1.1" 311
[15/Feb/2023:22:42:12 +0100] 139.59.138.104 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[15/Feb/2023:22:42:12 +0100] 139.59.138.104 TLSv1.2 AES256-SHA "GET /debug/default/view?panel=config HTTP/1.1" 325
[15/Feb/2023:22:42:12 +0100] 139.59.138.104 TLSv1.2 AES256-SHA "GET /.vscode/sftp.json HTTP/1.1" 313
[15/Feb/2023:22:42:12 +0100] 139.59.138.104 TLSv1.2 AES256-SHA "GET /v2/_catalog HTTP/1.1" 310
[15/Feb/2023:22:42:12 +0100] 139.59.138.104 TLSv1.2 AES256-SHA "GET /about HTTP/1.1" 305
[15/Feb/2023:22:42:12 +0100] 139.59.138.104 TLSv1.2 AES256-SHA "GET /login.action HTTP/1.1" 311
[15/Feb/2023:22:42:12 +0100] 139.59.138.104 TLSv1.2 AES256-SHA "GET /config.json HTTP/1.1" 311
[15/Feb/2023:22:42:12 +0100] 139.59.138.104 TLSv1.2 AES256-SHA "GET /api/search?folderIds=0 HTTP/1.1" 316
[15/Feb/2023:22:47:24 +0100] 51.222.253.19 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /robots.txt HTTP/1.1" 302
[15/Feb/2023:23:37:29 +0100] 194.110.203.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /easyzumfuehrerschein_12032022.zip HTTP/1.1" 427
[16/Feb/2023:00:07:14 +0100] 34.219.245.93 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 306
[16/Feb/2023:00:09:15 +0100] 35.93.160.136 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 306
[16/Feb/2023:00:23:30 +0100] 83.136.32.58 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "HEAD / HTTP/1.0" -