[20/Apr/2023:02:25:13 +0200] 83.136.32.58 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "HEAD / HTTP/1.0" -
[20/Apr/2023:02:25:19 +0200] 185.180.143.49 TLSv1.2 AES256-SHA "GET /sugar_version.json HTTP/1.1" 313
[20/Apr/2023:03:38:55 +0200] 54.39.49.180 TLSv1.2 AES256-SHA "GET /.env HTTP/1.1" 387
[20/Apr/2023:03:55:05 +0200] 137.175.51.108 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.ftpconfig HTTP/1.1" 387
[20/Apr/2023:04:47:48 +0200] 192.241.216.8 TLSv1.2 AES256-SHA "GET /ReportServer HTTP/1.1" 307
[20/Apr/2023:05:52:03 +0200] 107.170.231.10 TLSv1.2 AES256-SHA "GET /login HTTP/1.1" 305
[20/Apr/2023:06:13:18 +0200] 162.243.142.27 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Apr/2023:06:51:19 +0200] 152.89.196.54 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Apr/2023:06:57:38 +0200] 152.89.196.54 TLSv1.2 AES256-SHA "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 331
[20/Apr/2023:07:05:46 +0200] 152.89.196.54 TLSv1.2 AES256-SHA "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 331
[20/Apr/2023:07:16:28 +0200] 152.89.196.54 TLSv1.2 AES256-SHA "GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1" 390
[20/Apr/2023:08:21:27 +0200] 106.75.147.108 TLSv1.2 AES256-SHA "{\"method\":\"login\",\"params\":{\"login\":\"45JymPWP1DeQxxMZNJv9w2bTQ2WJDAmw18wUSryDQa3RPrympJPoUSVcFEDv3bhiMJGWaCD4a3KrFCorJHCMqXJUKApSKDV\",\"pass\":\"xxoo\",\"agent\":\"xmr-stak-cpu/1.3.0-1.5.0\"},\"id\":1}" 379
[20/Apr/2023:08:21:28 +0200] 106.75.147.108 TLSv1.2 AES256-SHA "{\"id\":1,\"method\":\"mining.subscribe\",\"params\":[]}" 379
[20/Apr/2023:08:21:30 +0200] 106.75.147.108 TLSv1.2 AES256-SHA "{\"params\": [\"miner1\", \"password\"], \"id\": 2, \"method\": \"mining.authorize\"}" 379
[20/Apr/2023:08:21:31 +0200] 106.75.147.108 TLSv1.2 AES256-SHA "{\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"blue1\",\"pass\":\"x\",\"agent\":\"Windows NT 6.1; Win64; x64\"}}" 379
[20/Apr/2023:08:21:32 +0200] 106.75.147.108 TLSv1.2 AES256-SHA "{\"params\": [\"miner1\", \"bf\", \"00000001\", \"504e86ed\", \"b2957c02\"], \"id\": 4, \"method\": \"mining.submit\"}" 379
[20/Apr/2023:08:21:33 +0200] 106.75.147.108 TLSv1.2 AES256-SHA "{\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"login\",\"params\":{\"login\":\"x\",\"pass\":\"null\",\"agent\":\"XMRig/5.13.1\",\"algo\":[\"cn/1\",\"cn/2\",\"cn/r\",\"cn/fast\",\"cn/half\",\"cn/xao\",\"cn/rto\",\"cn/rwz\",\"cn/zls\",\"cn/double\",\"rx/0\",\"rx/wow\",\"rx/loki\",\"rx/arq\",\"rx/sfx\",\"rx/keva\"]}}" 379
[20/Apr/2023:09:31:21 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 327
[20/Apr/2023:09:53:21 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "POST /mifs/.;/services/LogService HTTP/1.1" 318
[20/Apr/2023:09:59:59 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /console/ HTTP/1.1" 307
[20/Apr/2023:10:07:14 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 315
[20/Apr/2023:10:09:32 +0200] 4.184.57.28 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[20/Apr/2023:10:20:03 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /_ignition/execute-solution HTTP/1.1" 319
[20/Apr/2023:10:31:47 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Apr/2023:10:44:33 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Apr/2023:11:07:24 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Apr/2023:11:33:51 +0200] 104.249.27.146 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 307
[20/Apr/2023:11:46:05 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /actuator/gateway/routes HTTP/1.1" 315
[20/Apr/2023:11:54:37 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /geoserver HTTP/1.1" 305
[20/Apr/2023:12:42:34 +0200] 103.43.19.95 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Apr/2023:12:43:13 +0200] 45.130.153.170 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /_profiler/phpinfo HTTP/1.1" 313
[20/Apr/2023:12:43:13 +0200] 45.130.153.170 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /debug/default/view?panel=config HTTP/1.1" 325
[20/Apr/2023:13:20:54 +0200] 64.62.197.210 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Apr/2023:13:26:42 +0200] 64.62.197.198 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[20/Apr/2023:13:27:33 +0200] 20.100.168.244 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[20/Apr/2023:13:28:33 +0200] 64.62.197.201 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Apr/2023:13:29:25 +0200] 193.235.141.17 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 307
[20/Apr/2023:13:29:49 +0200] 64.62.197.203 TLSv1.2 AES256-SHA "GET /geoserver/web/ HTTP/1.1" 309
[20/Apr/2023:13:30:02 +0200] 64.62.197.205 TLSv1.2 AES256-SHA "GET /.git/config HTTP/1.1" 310
[20/Apr/2023:14:57:28 +0200] 20.231.70.220 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[20/Apr/2023:14:57:28 +0200] 20.231.70.220 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[20/Apr/2023:15:52:49 +0200] 87.236.176.87 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Apr/2023:17:41:06 +0200] 20.231.70.220 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[20/Apr/2023:17:41:07 +0200] 20.231.70.220 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[20/Apr/2023:17:45:08 +0200] 193.118.53.210 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Apr/2023:18:03:10 +0200] 138.246.253.24 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 404
[20/Apr/2023:19:56:20 +0200] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[20/Apr/2023:19:56:21 +0200] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.env HTTP/1.1" 304
[20/Apr/2023:19:56:21 +0200] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/credentials HTTP/1.1" 311
[20/Apr/2023:19:56:22 +0200] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/credentials HTTP/1.1" 311
[20/Apr/2023:19:56:22 +0200] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/config HTTP/1.1" 310
[20/Apr/2023:19:56:23 +0200] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/config HTTP/1.1" 310
[20/Apr/2023:19:56:23 +0200] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /aws/credentials HTTP/1.1" 310
[20/Apr/2023:19:56:24 +0200] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /aws/credentials HTTP/1.1" 310
[20/Apr/2023:19:56:24 +0200] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /credentials HTTP/1.1" 308
[20/Apr/2023:19:56:24 +0200] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /credentials HTTP/1.1" 308
[20/Apr/2023:19:58:45 +0200] 113.31.104.11 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[20/Apr/2023:20:20:46 +0200] 167.94.146.59 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[20/Apr/2023:20:20:46 +0200] 167.94.146.59 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Apr/2023:20:20:46 +0200] 167.94.146.59 TLSv1.2 AES256-SHA "PRI * HTTP/2.0" 379
[20/Apr/2023:20:25:54 +0200] 185.224.128.112 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[20/Apr/2023:21:28:49 +0200] 193.118.53.194 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Apr/2023:22:37:35 +0200] 193.235.141.134 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 306
[20/Apr/2023:22:49:54 +0200] 198.199.92.121 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx HTTP/1.1" 314
[20/Apr/2023:22:52:38 +0200] 138.246.253.24 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 387
[20/Apr/2023:22:54:57 +0200] 172.104.11.34 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Apr/2023:22:58:37 +0200] 198.199.111.75 TLSv1.2 AES256-SHA "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 348
[20/Apr/2023:23:01:29 +0200] 107.170.192.15 TLSv1.2 AES256-SHA "GET /owa/auth/x.js HTTP/1.1" 310
[20/Apr/2023:23:06:52 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[20/Apr/2023:23:13:38 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 331
[20/Apr/2023:23:20:35 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 331
[20/Apr/2023:23:32:23 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1" 390
[21/Apr/2023:00:04:58 +0200] 107.170.241.13 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[21/Apr/2023:00:18:37 +0200] 60.217.75.70 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[21/Apr/2023:00:58:10 +0200] 192.241.210.25 TLSv1.2 AES256-SHA "GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1" 328
[21/Apr/2023:01:02:36 +0200] 35.187.98.121 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[21/Apr/2023:01:07:16 +0200] 162.221.192.26 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[21/Apr/2023:01:16:09 +0200] 34.221.5.62 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 306
[21/Apr/2023:01:20:40 +0200] 60.217.75.70 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301