[20/Feb/2023:01:13:47 +0100] 60.217.75.70 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Feb/2023:01:17:40 +0100] 194.110.203.40 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /harm_16012022.zip HTTP/1.1" 394
[20/Feb/2023:02:48:14 +0100] 162.142.125.7 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[20/Feb/2023:02:48:15 +0100] 162.142.125.7 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Feb/2023:02:48:15 +0100] 162.142.125.7 TLSv1.2 AES256-SHA "PRI * HTTP/2.0" 379
[20/Feb/2023:02:58:20 +0100] 54.177.212.4 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[20/Feb/2023:03:23:03 +0100] 194.110.203.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /harm_15012022.zip HTTP/1.1" 394
[20/Feb/2023:03:58:50 +0100] 71.6.232.27 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Feb/2023:04:51:27 +0100] 152.89.196.211 TLSv1.2 AES256-SHA "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 327
[20/Feb/2023:05:01:23 +0100] 194.110.203.47 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /easyzumfuehrerschein_14012022.zip HTTP/1.1" 427
[20/Feb/2023:05:06:32 +0100] 87.236.176.6 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Feb/2023:05:55:00 +0100] 43.135.123.64 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Feb/2023:05:55:26 +0100] 43.135.123.64 - - "-" -
[20/Feb/2023:06:31:39 +0100] 194.110.203.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /harm_13012022.zip HTTP/1.1" 394
[20/Feb/2023:07:21:08 +0100] 152.89.196.211 TLSv1.2 AES256-SHA "GET /actuator/gateway/routes HTTP/1.1" 315
[20/Feb/2023:07:22:40 +0100] 183.136.225.9 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[20/Feb/2023:07:23:03 +0100] 183.136.225.9 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 308
[20/Feb/2023:07:34:13 +0100] 4.184.57.28 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[20/Feb/2023:07:47:34 +0100] 193.106.29.122 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.0" 388
[20/Feb/2023:08:39:47 +0100] 198.199.119.35 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Feb/2023:09:43:51 +0100] 216.218.206.67 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Feb/2023:09:56:01 +0100] 185.180.143.81 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Feb/2023:09:56:34 +0100] 185.180.143.81 TLSv1.2 AES256-SHA "GET /owa/ HTTP/1.1" 304
[20/Feb/2023:09:56:37 +0100] 185.180.143.81 TLSv1.2 AES256-SHA "GET /autodiscover/autodiscover.json?a..foo.var/owa/?&Email=autodiscover/autodiscover.json?a..foo.var&Protocol=XYZ&FooProtocol=%50owershell HTTP/1.1" 378
[20/Feb/2023:09:56:50 +0100] 216.218.206.67 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Feb/2023:09:57:20 +0100] 185.180.143.81 TLSv1.2 AES256-SHA "GET /admin/ HTTP/1.1" 305
[20/Feb/2023:09:57:21 +0100] 185.180.143.81 TLSv1.2 AES256-SHA "GET /solr/ HTTP/1.1" 304
[20/Feb/2023:09:57:50 +0100] 185.180.143.81 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Feb/2023:09:57:52 +0100] 185.180.143.81 TLSv1.2 AES256-SHA "GET /webfig/ HTTP/1.1" 307
[20/Feb/2023:09:58:10 +0100] 185.180.143.81 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Feb/2023:09:58:18 +0100] 216.218.206.67 TLSv1.2 AES256-SHA "GET /.git/config HTTP/1.1" 310
[20/Feb/2023:10:17:40 +0100] 192.241.223.39 TLSv1.2 AES256-SHA "GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1" 328
[20/Feb/2023:10:26:28 +0100] 193.118.53.194 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Feb/2023:11:30:41 +0100] 185.224.128.236 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[20/Feb/2023:13:56:17 +0100] 194.110.203.40 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /klub_09012022.zip HTTP/1.1" 403
[20/Feb/2023:14:55:46 +0100] 194.110.203.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /harm_09012022.zip HTTP/1.1" 394
[20/Feb/2023:15:05:10 +0100] 194.110.203.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /easyzumfuehrerschein_09012022.zip HTTP/1.1" 427
[20/Feb/2023:15:51:37 +0100] 198.199.119.88 TLSv1.2 AES256-SHA "GET /actuator/health HTTP/1.1" 310
[20/Feb/2023:15:58:08 +0100] 194.110.203.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /klub_08012022.zip HTTP/1.1" 403
[20/Feb/2023:16:35:30 +0100] 198.98.57.108 TLSv1.2 AES256-SHA "GET /.git/config HTTP/1.1" 310
[20/Feb/2023:16:35:30 +0100] 198.98.57.108 TLSv1.2 AES256-SHA "GET /sqlbuddy/login.php HTTP/1.1" 314
[20/Feb/2023:16:35:31 +0100] 198.98.57.108 TLSv1.2 AES256-SHA "GET /?a=fetch&content=<php>die(md5(cvbytigdfgfdg))</php> HTTP/1.1" 347
[20/Feb/2023:16:35:31 +0100] 198.98.57.108 TLSv1.2 AES256-SHA "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 329
[20/Feb/2023:18:13:49 +0100] 194.110.203.46 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /harm_07012022.zip HTTP/1.1" 394
[20/Feb/2023:19:23:39 +0100] 149.18.63.54 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[20/Feb/2023:19:23:40 +0100] 149.18.63.54 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 307
[20/Feb/2023:19:23:45 +0100] 149.18.63.54 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 295
[20/Feb/2023:19:23:48 +0100] 149.18.63.54 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 297
[20/Feb/2023:19:51:18 +0100] 198.199.95.35 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[20/Feb/2023:20:49:49 +0100] 51.158.108.77 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 389
[20/Feb/2023:21:11:19 +0100] 20.213.60.216 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 298
[20/Feb/2023:21:11:24 +0100] 20.213.60.216 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 295
[20/Feb/2023:21:20:07 +0100] 149.18.63.54 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[20/Feb/2023:21:20:09 +0100] 149.18.63.54 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 310
[20/Feb/2023:21:20:15 +0100] 149.18.63.54 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 298
[20/Feb/2023:21:20:20 +0100] 149.18.63.54 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 300
[20/Feb/2023:21:26:17 +0100] 51.81.245.2 TLSv1.2 AES256-SHA "POST /rpc HTTP/1.1" 303
[20/Feb/2023:22:08:29 +0100] 147.182.154.58 TLSv1.2 AES256-SHA "GET /aaa9 HTTP/1.1" 304
[20/Feb/2023:22:08:32 +0100] 147.182.154.58 TLSv1.2 AES256-SHA "GET /aab8 HTTP/1.1" 304
[20/Feb/2023:22:26:05 +0100] 185.180.143.138 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Feb/2023:23:42:50 +0100] 194.110.203.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /easyzumfuehrerschein_04012022.zip HTTP/1.1" 427
[20/Feb/2023:23:50:39 +0100] 194.110.203.42 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /harm_04012022.zip HTTP/1.1" 394
[21/Feb/2023:00:36:59 +0100] 194.110.203.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /klub_03012022.zip HTTP/1.1" 403
[21/Feb/2023:00:41:53 +0100] 34.219.65.38 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 306
[21/Feb/2023:00:42:16 +0100] 54.185.156.34 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 313
[21/Feb/2023:00:42:20 +0100] 54.185.156.34 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 306