[28/Sep/2021:02:06:39 +0200] 183.136.225.9 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[28/Sep/2021:02:07:16 +0200] 183.136.225.9 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2021:02:22:44 +0200] 18.237.188.168 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 295
[28/Sep/2021:02:25:21 +0200] 34.217.117.90 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 302
[28/Sep/2021:02:25:24 +0200] 34.217.117.90 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 295
[28/Sep/2021:03:14:38 +0200] 92.118.160.33 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 374
[28/Sep/2021:04:21:30 +0200] 165.22.25.69 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2021:04:25:04 +0200] 192.241.208.195 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx HTTP/1.1" 314
[28/Sep/2021:04:26:34 +0200] 192.241.198.125 TLSv1.2 AES256-SHA "GET /owa/auth/x.js HTTP/1.1" 310
[28/Sep/2021:04:28:18 +0200] 192.241.205.9 TLSv1.2 AES256-SHA "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 348
[28/Sep/2021:04:52:43 +0200] 131.220.6.152 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 295
[28/Sep/2021:05:07:24 +0200] 85.215.223.140 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[28/Sep/2021:05:07:25 +0200] 85.215.223.140 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[28/Sep/2021:05:34:09 +0200] 192.53.170.243 TLSv1.2 DHE-RSA-AES256-SHA256 "GET / HTTP/1.1" 301
[28/Sep/2021:05:36:23 +0200] 162.221.192.26 TLSv1.2 DHE-RSA-AES256-SHA256 "GET / HTTP/1.1" 301
[28/Sep/2021:06:34:25 +0200] 85.215.223.140 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[28/Sep/2021:06:34:26 +0200] 85.215.223.140 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[28/Sep/2021:06:43:37 +0200] 23.129.64.250 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2021:06:43:42 +0200] 185.220.100.241 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[28/Sep/2021:06:47:05 +0200] 157.55.39.187 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 304
[28/Sep/2021:07:30:38 +0200] 192.241.198.16 TLSv1.2 AES256-SHA "GET /actuator/health HTTP/1.1" 310
[28/Sep/2021:07:35:48 +0200] 184.105.247.252 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[28/Sep/2021:07:42:00 +0200] 71.6.232.7 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2021:08:04:40 +0200] 45.155.204.227 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /autodiscover/autodiscover.json?@evil.corp/ews/exchange.asmx?&Email=autodiscover/autodiscover.json%3F@evil.corp HTTP/1.1" 362
[28/Sep/2021:08:16:32 +0200] 103.203.57.29 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2021:10:34:07 +0200] 192.241.197.61 TLSv1.2 AES256-SHA "GET /saml/login/ HTTP/1.1" 309
[28/Sep/2021:11:25:24 +0200] 128.1.248.26 TLSv1.2 DHE-RSA-AES256-SHA256 "GET / HTTP/1.1" 301
[28/Sep/2021:11:30:17 +0200] 192.241.209.25 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2021:11:39:29 +0200] 162.142.125.196 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[28/Sep/2021:11:39:30 +0200] 162.142.125.196 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[28/Sep/2021:12:17:39 +0200] 185.254.31.134 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[28/Sep/2021:12:17:40 +0200] 185.254.31.134 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.env HTTP/1.1" 304
[28/Sep/2021:12:26:43 +0200] 92.118.160.37 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 377
[28/Sep/2021:12:30:44 +0200] 45.146.164.110 TLSv1.2 AES256-SHA "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 331
[28/Sep/2021:12:30:45 +0200] 45.146.164.110 TLSv1.2 AES256-SHA "POST /api/jsonws/invoke HTTP/1.1" 314
[28/Sep/2021:12:30:48 +0200] 45.146.164.110 TLSv1.2 AES256-SHA "GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1" 390
[28/Sep/2021:12:30:50 +0200] 45.146.164.110 TLSv1.2 AES256-SHA "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 327
[28/Sep/2021:12:30:53 +0200] 45.146.164.110 TLSv1.2 AES256-SHA "POST /mifs/.;/services/LogService HTTP/1.1" 318
[28/Sep/2021:12:30:55 +0200] 45.146.164.110 TLSv1.2 AES256-SHA "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 331
[28/Sep/2021:12:30:58 +0200] 45.146.164.110 TLSv1.2 AES256-SHA "GET /wp-content/plugins/wp-file-manager/readme.txt HTTP/1.1" 332
[28/Sep/2021:12:43:19 +0200] 162.221.192.26 TLSv1.2 DHE-RSA-AES256-SHA256 "GET / HTTP/1.1" 301
[28/Sep/2021:12:43:55 +0200] 45.61.146.242 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[28/Sep/2021:14:38:01 +0200] 192.241.197.189 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[28/Sep/2021:15:54:22 +0200] 83.136.32.58 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "HEAD / HTTP/1.0" -
[28/Sep/2021:16:10:45 +0200] 103.203.59.1 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[28/Sep/2021:16:53:13 +0200] 157.55.39.187 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 304
[28/Sep/2021:19:24:21 +0200] 61.147.15.67 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[28/Sep/2021:19:24:50 +0200] 61.147.15.67 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[28/Sep/2021:19:38:18 +0200] 185.180.143.72 TLSv1.2 DHE-RSA-AES256-SHA256 "GET / HTTP/1.1" 301
[28/Sep/2021:20:00:42 +0200] 34.86.35.0 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 377
[28/Sep/2021:20:13:45 +0200] 80.82.78.39 TLSv1.2 AES256-SHA "GET /lancher/adm/adm.php HTTP/1.1" 312
[28/Sep/2021:20:19:31 +0200] 77.74.177.113 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 302
[28/Sep/2021:21:29:20 +0200] 162.62.117.51 TLSv1.2 AES256-SHA "GET / HTTP/1.0" 383
[28/Sep/2021:22:43:47 +0200] 156.96.119.19 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[28/Sep/2021:22:43:49 +0200] 156.96.119.19 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[28/Sep/2021:23:07:52 +0200] 35.237.106.15 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[28/Sep/2021:23:28:17 +0200] 54.185.178.30 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[28/Sep/2021:23:28:48 +0200] 54.187.192.68 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 314
[28/Sep/2021:23:28:51 +0200] 54.187.192.68 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[28/Sep/2021:23:31:48 +0200] 54.188.146.56 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[28/Sep/2021:23:39:54 +0200] 23.251.102.74 TLSv1.2 DHE-RSA-AES256-SHA256 "GET / HTTP/1.1" 301
[29/Sep/2021:00:44:03 +0200] 192.241.208.101 TLSv1.2 AES256-SHA "GET /ReportServer HTTP/1.1" 307
[29/Sep/2021:01:02:01 +0200] 192.241.202.219 TLSv1.2 AES256-SHA "GET /login HTTP/1.1" 305
[29/Sep/2021:01:58:40 +0200] 192.241.204.240 TLSv1.2 AES256-SHA "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 348