[03/Jul/2022:03:59:29 +0200] 192.241.220.227 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[03/Jul/2022:04:36:27 +0200] 192.241.221.168 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[03/Jul/2022:04:57:18 +0200] 157.55.39.97 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 304
[03/Jul/2022:05:36:47 +0200] 37.1.217.149 TLSv1.2 AES256-SHA "POST /_ignition/execute-solution HTTP/1.1" 319
[03/Jul/2022:05:36:47 +0200] 37.1.217.149 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[03/Jul/2022:05:36:47 +0200] 37.1.217.149 TLSv1.2 AES256-SHA "GET /script HTTP/1.1" 305
[03/Jul/2022:05:36:47 +0200] 37.1.217.149 TLSv1.2 AES256-SHA "GET /login HTTP/1.1" 305
[03/Jul/2022:05:36:48 +0200] 37.1.217.149 TLSv1.2 AES256-SHA "GET /jenkins/login HTTP/1.1" 312
[03/Jul/2022:05:36:48 +0200] 37.1.217.149 TLSv1.2 AES256-SHA "GET /manager/html HTTP/1.1" 308
[03/Jul/2022:05:36:48 +0200] 37.1.217.149 TLSv1.2 AES256-SHA "GET /?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=0toah7q6 HTTP/1.1" 383
[03/Jul/2022:05:47:29 +0200] 130.211.54.158 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[03/Jul/2022:07:57:53 +0200] 162.221.192.26 TLSv1.2 DHE-RSA-AES256-SHA256 "GET /admin/ HTTP/1.1" 305
[03/Jul/2022:08:30:02 +0200] 216.83.53.34 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 305
[03/Jul/2022:10:51:45 +0200] 92.255.85.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[03/Jul/2022:11:35:07 +0200] 78.129.132.73 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[03/Jul/2022:11:37:28 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[03/Jul/2022:11:37:29 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.env HTTP/1.1" 304
[03/Jul/2022:11:37:29 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/credentials HTTP/1.1" 311
[03/Jul/2022:11:37:30 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/credentials HTTP/1.1" 311
[03/Jul/2022:11:37:30 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/config HTTP/1.1" 310
[03/Jul/2022:11:37:31 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/config HTTP/1.1" 310
[03/Jul/2022:11:37:31 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /aws/credentials HTTP/1.1" 310
[03/Jul/2022:11:37:32 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /aws/credentials HTTP/1.1" 310
[03/Jul/2022:11:37:32 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /credentials HTTP/1.1" 308
[03/Jul/2022:11:37:33 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /credentials HTTP/1.1" 308
[03/Jul/2022:11:37:33 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws HTTP/1.1" 304
[03/Jul/2022:11:37:34 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws HTTP/1.1" 304
[03/Jul/2022:11:37:34 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /public/.env HTTP/1.1" 309
[03/Jul/2022:11:37:35 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /public/.env HTTP/1.1" 309
[03/Jul/2022:11:37:35 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /public/.aws/credentials HTTP/1.1" 316
[03/Jul/2022:11:37:36 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /public/.aws/credentials HTTP/1.1" 316
[03/Jul/2022:11:37:36 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/config HTTP/1.1" 310
[03/Jul/2022:11:37:37 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/config HTTP/1.1" 310
[03/Jul/2022:11:37:38 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /public/aws/credentials HTTP/1.1" 316
[03/Jul/2022:11:37:39 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /public/aws/credentials HTTP/1.1" 316
[03/Jul/2022:11:37:39 +0200] 185.7.214.104 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[03/Jul/2022:11:37:39 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /public/.aws HTTP/1.1" 309
[03/Jul/2022:11:37:40 +0200] 109.237.103.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /public/.aws HTTP/1.1" 309
[03/Jul/2022:12:33:08 +0200] 185.7.214.104 TLSv1.2 AES256-SHA "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 331
[03/Jul/2022:12:44:39 +0200] 64.62.197.197 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[03/Jul/2022:13:22:20 +0200] 92.255.85.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[03/Jul/2022:13:43:59 +0200] 185.7.214.104 TLSv1.2 AES256-SHA "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 331
[03/Jul/2022:13:58:52 +0200] 198.199.114.159 TLSv1.2 AES256-SHA "GET /owa/auth/x.js HTTP/1.1" 310
[03/Jul/2022:13:59:52 +0200] 192.241.219.237 TLSv1.2 AES256-SHA "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 348
[03/Jul/2022:14:01:35 +0200] 192.241.221.14 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx HTTP/1.1" 314
[03/Jul/2022:14:59:50 +0200] 185.7.214.104 TLSv1.2 AES256-SHA "GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1" 390
[03/Jul/2022:15:46:59 +0200] 35.206.153.39 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[03/Jul/2022:16:12:53 +0200] 157.55.39.61 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 304
[03/Jul/2022:16:15:48 +0200] 185.7.214.104 TLSv1.2 AES256-SHA "POST /mifs/.;/services/LogService HTTP/1.1" 318
[03/Jul/2022:16:36:09 +0200] 185.220.100.244 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[03/Jul/2022:18:29:00 +0200] 162.221.192.26 TLSv1.2 DHE-RSA-AES256-SHA256 "GET / HTTP/1.1" 301
[03/Jul/2022:21:23:05 +0200] 20.121.22.220 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[03/Jul/2022:21:23:05 +0200] 20.121.22.220 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 292
[03/Jul/2022:21:23:06 +0200] 20.121.22.220 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 292
[03/Jul/2022:21:23:06 +0200] 20.121.22.220 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 292
[03/Jul/2022:21:23:07 +0200] 20.121.22.220 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 292
[03/Jul/2022:21:23:07 +0200] 20.121.22.220 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 292
[03/Jul/2022:21:23:08 +0200] 20.121.22.220 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /HNAP1/ HTTP/1.1" 292
[03/Jul/2022:21:23:08 +0200] 20.121.22.220 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /HNAP1/ HTTP/1.1" 292
[03/Jul/2022:21:23:09 +0200] 20.121.22.220 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /HNAP1/ HTTP/1.1" 292
[04/Jul/2022:01:07:08 +0200] 104.223.55.58 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[04/Jul/2022:01:07:08 +0200] 104.223.55.58 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 754
[04/Jul/2022:01:07:11 +0200] 104.223.55.58 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /HNAP1/ HTTP/1.1" 754
[04/Jul/2022:01:53:20 +0200] 3.144.206.255 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[04/Jul/2022:01:53:21 +0200] 3.144.206.255 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301