[05/Oct/2022:02:59:15 +0200] 194.110.203.42 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /1.tar.gz HTTP/1.1" 385
[05/Oct/2022:03:11:59 +0200] 194.110.203.39 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /1.tar.gz HTTP/1.1" 394
[05/Oct/2022:03:13:17 +0200] 194.110.203.42 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /1.tar.gz HTTP/1.1" 402
[05/Oct/2022:03:21:37 +0200] 207.46.13.234 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 302
[05/Oct/2022:03:21:39 +0200] 207.46.13.234 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 302
[05/Oct/2022:03:21:41 +0200] 207.46.13.60 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 295
[05/Oct/2022:03:51:09 +0200] 194.110.203.39 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /1.tar.gz HTTP/1.1" 394
[05/Oct/2022:04:20:08 +0200] 183.136.225.35 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[05/Oct/2022:04:20:33 +0200] 183.136.225.35 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[05/Oct/2022:04:20:55 +0200] 183.136.225.35 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[05/Oct/2022:04:21:17 +0200] 183.136.225.35 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 308
[05/Oct/2022:04:24:39 +0200] 205.210.31.16 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 394
[05/Oct/2022:04:48:38 +0200] 109.248.6.82 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /favicon.ico HTTP/1.0" 399
[05/Oct/2022:04:53:22 +0200] 192.241.215.78 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[05/Oct/2022:06:15:23 +0200] 192.241.217.121 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[05/Oct/2022:06:21:28 +0200] 159.203.76.80 TLSv1.2 AES256-SHA "GET /ab2g HTTP/1.1" 304
[05/Oct/2022:06:28:20 +0200] 128.14.141.34 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[05/Oct/2022:06:49:19 +0200] 192.241.219.163 TLSv1.2 AES256-SHA "GET /ReportServer HTTP/1.1" 307
[05/Oct/2022:06:56:21 +0200] 193.106.29.122 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.0" 388
[05/Oct/2022:06:56:39 +0200] 152.89.196.23 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[05/Oct/2022:07:09:25 +0200] 192.241.214.25 TLSv1.2 AES256-SHA "GET /login HTTP/1.1" 305
[05/Oct/2022:07:18:57 +0200] 194.110.203.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /1.tgz HTTP/1.1" 399
[05/Oct/2022:07:35:56 +0200] 172.105.98.165 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[05/Oct/2022:07:35:58 +0200] 172.105.98.165 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[05/Oct/2022:08:50:43 +0200] 87.236.176.16 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 306
[05/Oct/2022:09:03:54 +0200] 83.12.50.6 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /1.tgz HTTP/1.1" 382
[05/Oct/2022:09:11:10 +0200] 167.71.192.158 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /favicon.ico HTTP/1.1" 394
[05/Oct/2022:09:16:46 +0200] 83.12.50.6 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /1.tgz HTTP/1.1" 391
[05/Oct/2022:09:17:44 +0200] 128.14.133.58 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[05/Oct/2022:09:24:15 +0200] 128.14.134.170 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[05/Oct/2022:09:53:27 +0200] 192.241.218.211 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[05/Oct/2022:12:11:14 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 331
[05/Oct/2022:12:53:39 +0200] 194.110.203.39 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup.bz2 HTTP/1.1" 404
[05/Oct/2022:12:53:41 +0200] 40.77.167.106 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 314
[05/Oct/2022:12:53:42 +0200] 40.77.167.106 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 314
[05/Oct/2022:12:53:52 +0200] 157.55.39.215 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[05/Oct/2022:13:10:04 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 331
[05/Oct/2022:13:36:16 +0200] 64.62.197.122 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[05/Oct/2022:13:42:36 +0200] 64.62.197.122 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[05/Oct/2022:13:45:25 +0200] 64.62.197.133 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[05/Oct/2022:13:49:07 +0200] 159.223.214.218 TLSv1.2 AES256-SHA "GET /ab2g HTTP/1.1" 304
[05/Oct/2022:13:49:08 +0200] 159.223.214.218 TLSv1.2 AES256-SHA "GET /ab2h HTTP/1.1" 304
[05/Oct/2022:13:49:10 +0200] 159.223.214.218 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[05/Oct/2022:14:04:24 +0200] 192.241.216.159 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[05/Oct/2022:14:21:55 +0200] 23.251.102.74 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[05/Oct/2022:14:23:32 +0200] 81.209.177.16 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /robots.txt HTTP/1.1" 394
[05/Oct/2022:14:23:32 +0200] 81.209.177.16 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 384
[05/Oct/2022:14:27:12 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1" 390
[05/Oct/2022:14:31:46 +0200] 81.209.147.7 - - "-" -
[05/Oct/2022:14:31:57 +0200] 81.209.147.7 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[05/Oct/2022:14:32:02 +0200] 81.209.147.7 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.0" 388
[05/Oct/2022:14:57:23 +0200] 198.235.24.151 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 377
[05/Oct/2022:15:07:45 +0200] 192.241.215.172 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[05/Oct/2022:15:19:07 +0200] 205.210.31.136 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 393
[05/Oct/2022:15:45:47 +0200] 43.131.66.209 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 500
[05/Oct/2022:16:36:25 +0200] 193.118.53.210 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[05/Oct/2022:17:46:00 +0200] 94.102.61.8 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[05/Oct/2022:18:44:51 +0200] 157.230.23.189 TLSv1.2 AES256-SHA "GET /ab2g HTTP/1.1" 304
[05/Oct/2022:18:54:41 +0200] 137.226.113.44 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 308
[05/Oct/2022:19:15:55 +0200] 172.105.244.99 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[05/Oct/2022:19:21:02 +0200] 172.105.244.99 TLSv1.2 AES256-SHA "GET /autodiscover/autodiscover.json?@cyberobservatorytest.com/owa/&Email=autodiscover/autodiscover.json%3f@cyberobservatorytest.com HTTP/1.1" 358
[05/Oct/2022:19:44:01 +0200] 45.79.47.75 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[05/Oct/2022:20:05:50 +0200] 170.187.185.219 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[05/Oct/2022:20:11:30 +0200] 170.187.185.219 TLSv1.2 AES256-SHA "GET /autodiscover/autodiscover.json@Powershell.cyberobservatorytest.com/owa/ HTTP/1.1" 344
[05/Oct/2022:20:45:48 +0200] 192.241.213.175 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx HTTP/1.1" 314
[05/Oct/2022:20:47:42 +0200] 192.241.219.128 TLSv1.2 AES256-SHA "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 348
[05/Oct/2022:20:49:04 +0200] 192.241.213.175 TLSv1.2 AES256-SHA "GET /owa/auth/x.js HTTP/1.1" 310
[05/Oct/2022:20:57:01 +0200] 66.249.65.116 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 308
[05/Oct/2022:20:57:02 +0200] 66.249.65.112 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[05/Oct/2022:20:58:56 +0200] 152.89.196.23 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[05/Oct/2022:21:30:20 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "-" -
[05/Oct/2022:21:37:17 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[05/Oct/2022:21:51:45 +0200] 83.136.32.58 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "HEAD / HTTP/1.0" -
[05/Oct/2022:23:30:31 +0200] 60.217.75.70 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[05/Oct/2022:23:44:29 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /console/ HTTP/1.1" 307
[05/Oct/2022:23:49:00 +0200] 192.241.214.227 TLSv1.2 AES256-SHA "GET /actuator/health HTTP/1.1" 310
[06/Oct/2022:00:09:23 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[06/Oct/2022:00:12:52 +0200] 194.110.203.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup.rar HTTP/1.1" 387
[06/Oct/2022:00:18:07 +0200] 194.110.203.40 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup.rar HTTP/1.1" 404
[06/Oct/2022:00:33:02 +0200] 128.14.134.134 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[06/Oct/2022:00:42:13 +0200] 185.7.214.218 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[06/Oct/2022:01:05:35 +0200] 34.78.6.216 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[06/Oct/2022:01:24:16 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1" 390
[06/Oct/2022:01:41:59 +0200] 167.99.39.223 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[06/Oct/2022:01:58:12 +0200] 94.102.61.8 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301