[15/Nov/2021:01:07:58 +0100] 109.237.103.118 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[15/Nov/2021:01:08:00 +0100] 109.237.103.118 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.env HTTP/1.1" 304
[15/Nov/2021:01:42:54 +0100] 130.211.54.158 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[15/Nov/2021:02:05:44 +0100] 92.118.160.1 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 393
[15/Nov/2021:02:28:17 +0100] 45.146.164.160 TLSv1.2 AES256-SHA "POST /mgmt/tm/util/bash HTTP/1.1" 313
[15/Nov/2021:04:24:40 +0100] 64.62.197.32 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[15/Nov/2021:04:26:50 +0100] 139.162.145.250 TLSv1.2 AES256-SHA "GET /bag2 HTTP/1.1" 304
[15/Nov/2021:04:52:21 +0100] 131.220.6.152 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 295
[15/Nov/2021:05:22:58 +0100] 192.241.198.181 TLSv1.2 AES256-SHA "GET /actuator/health HTTP/1.1" 310
[15/Nov/2021:06:28:33 +0100] 162.142.125.194 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[15/Nov/2021:06:28:33 +0100] 162.142.125.194 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Nov/2021:06:30:41 +0100] 45.146.164.160 TLSv1.2 AES256-SHA "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd HTTP/1.1" 350
[15/Nov/2021:06:48:05 +0100] 193.106.29.210 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Nov/2021:07:12:57 +0100] 212.102.34.151 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[15/Nov/2021:07:17:00 +0100] 54.151.21.152 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[15/Nov/2021:07:32:24 +0100] 167.94.138.44 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[15/Nov/2021:07:32:25 +0100] 167.94.138.44 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Nov/2021:07:33:02 +0100] 45.146.164.110 TLSv1.2 AES256-SHA "-" -
[15/Nov/2021:07:55:00 +0100] 40.77.167.5 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 304
[15/Nov/2021:08:38:58 +0100] 45.146.164.110 TLSv1.2 AES256-SHA "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 331
[15/Nov/2021:08:41:56 +0100] 192.241.202.104 TLSv1.2 AES256-SHA "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 348
[15/Nov/2021:09:43:07 +0100] 45.146.164.110 TLSv1.2 AES256-SHA "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 331
[15/Nov/2021:10:15:21 +0100] 61.135.15.142 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 377
[15/Nov/2021:10:30:13 +0100] 192.241.196.50 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Nov/2021:11:53:32 +0100] 45.146.164.110 TLSv1.2 AES256-SHA "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 327
[15/Nov/2021:12:06:54 +0100] 66.249.64.64 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 308
[15/Nov/2021:12:06:55 +0100] 66.249.64.64 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Nov/2021:13:04:35 +0100] 45.146.164.110 TLSv1.2 AES256-SHA "POST /mifs/.;/services/LogService HTTP/1.1" 318
[15/Nov/2021:14:43:37 +0100] 192.241.208.5 TLSv1.2 AES256-SHA "GET /owa/auth/x.js HTTP/1.1" 310
[15/Nov/2021:14:45:11 +0100] 192.241.198.208 TLSv1.2 AES256-SHA "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 348
[15/Nov/2021:14:45:30 +0100] 192.241.200.61 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx HTTP/1.1" 314
[15/Nov/2021:16:14:50 +0100] 45.146.164.160 TLSv1.2 AES256-SHA "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/passwd HTTP/1.1" 350
[15/Nov/2021:16:16:19 +0100] 45.146.164.110 TLSv1.2 AES256-SHA "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 315
[15/Nov/2021:16:35:01 +0100] 91.121.78.141 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /users/sign_in HTTP/1.1" 396
[15/Nov/2021:17:16:20 +0100] 45.146.164.110 TLSv1.2 AES256-SHA "GET /_ignition/execute-solution HTTP/1.1" 319
[15/Nov/2021:17:29:56 +0100] 40.77.167.5 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 304
[15/Nov/2021:18:16:22 +0100] 45.146.164.110 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Nov/2021:18:33:27 +0100] 92.118.160.17 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 377
[15/Nov/2021:19:02:04 +0100] 45.146.164.160 TLSv1.2 AES256-SHA "GET /autodiscover/autodiscover.json?@evil.corp/ews/exchange.asmx?&Email=autodiscover/autodiscover.json%3F@evil.corp HTTP/1.1" 362
[15/Nov/2021:19:16:02 +0100] 45.146.164.110 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Nov/2021:19:24:08 +0100] 128.14.141.34 TLSv1.2 DHE-RSA-AES256-SHA256 "GET / HTTP/1.1" 301
[15/Nov/2021:20:00:13 +0100] 54.78.113.232 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 391
[15/Nov/2021:20:06:48 +0100] 167.94.146.59 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[15/Nov/2021:20:06:48 +0100] 167.94.146.59 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Nov/2021:20:14:01 +0100] 45.146.164.110 TLSv1.2 AES256-SHA "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 293
[15/Nov/2021:21:08:50 +0100] 45.146.164.110 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[15/Nov/2021:21:31:20 +0100] 139.162.207.84 TLSv1.2 DHE-RSA-AES256-SHA256 "GET / HTTP/1.1" 301
[15/Nov/2021:21:59:56 +0100] 54.74.13.66 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 377
[15/Nov/2021:22:11:26 +0100] 34.219.85.192 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[15/Nov/2021:22:13:17 +0100] 34.208.223.16 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[15/Nov/2021:22:18:39 +0100] 52.42.213.216 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[15/Nov/2021:22:22:10 +0100] 94.102.56.151 TLSv1.2 DHE-RSA-AES256-SHA "GET / HTTP/1.1" 383
[15/Nov/2021:23:25:49 +0100] 50.31.21.10 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.0" 388
[15/Nov/2021:23:27:39 +0100] 50.31.21.10 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /sdk HTTP/1.1" 386
[15/Nov/2021:23:27:41 +0100] 50.31.21.10 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /nmaplowercheck1637015258 HTTP/1.1" 407
[15/Nov/2021:23:27:42 +0100] 50.31.21.10 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /evox/about HTTP/1.1" 393
[15/Nov/2021:23:27:43 +0100] 50.31.21.10 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "HEAD / HTTP/1.1" -
[15/Nov/2021:23:27:43 +0100] 50.31.21.10 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /HNAP1 HTTP/1.1" 388
[15/Nov/2021:23:27:43 +0100] 50.31.21.10 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.0" 388
[15/Nov/2021:23:27:43 +0100] 50.31.21.10 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[15/Nov/2021:23:27:44 +0100] 50.31.21.10 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[15/Nov/2021:23:42:22 +0100] 34.96.130.29 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 393
[15/Nov/2021:23:53:49 +0100] 192.241.199.14 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[16/Nov/2021:00:36:01 +0100] 34.217.35.240 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 306
[16/Nov/2021:00:36:19 +0100] 34.216.77.77 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 313
[16/Nov/2021:00:36:22 +0100] 34.216.77.77 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 306