[24/Oct/2022:02:13:54 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[24/Oct/2022:02:18:41 +0200] 205.210.31.175 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 393
[24/Oct/2022:03:15:55 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[24/Oct/2022:04:02:15 +0200] 194.180.48.125 TLSv1.2 AES256-SHA "GET /explore HTTP/1.1" 306
[24/Oct/2022:04:25:11 +0200] 194.110.203.40 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /includes/connect.bck HTTP/1.1" 414
[24/Oct/2022:04:27:19 +0200] 134.122.112.12 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 379
[24/Oct/2022:04:27:22 +0200] 134.122.112.12 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[24/Oct/2022:04:28:26 +0200] 134.122.112.12 TLSv1.2 AES256-SHA "PUT /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 331
[24/Oct/2022:04:28:27 +0200] 134.122.112.12 TLSv1.2 AES256-SHA "HEAD /cgi-bin/blockpage.cgi HTTP/1.1" -
[24/Oct/2022:04:28:28 +0200] 134.122.112.12 TLSv1.2 AES256-SHA "GET /cgi-bin/.%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/etc/hosts HTTP/1.1" 293
[24/Oct/2022:04:28:29 +0200] 134.122.112.12 TLSv1.2 AES256-SHA "GET /.DS_Store HTTP/1.1" 307
[24/Oct/2022:04:49:27 +0200] 192.241.215.65 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[24/Oct/2022:05:04:31 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 293
[24/Oct/2022:05:17:33 +0200] 194.110.203.47 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /includes/connect.bck HTTP/1.1" 406
[24/Oct/2022:06:47:30 +0200] 193.106.29.122 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.0" 388
[24/Oct/2022:06:58:42 +0200] 179.43.175.204 TLSv1.2 AES256-SHA "GET /.esmtprc HTTP/1.1" 306
[24/Oct/2022:07:03:02 +0200] 179.43.175.204 TLSv1.2 AES256-SHA "GET /api/settings/values HTTP/1.1" 313
[24/Oct/2022:07:37:37 +0200] 128.14.133.58 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[24/Oct/2022:07:37:47 +0200] 128.14.133.58 TLSv1.2 AES256-SHA "GET /showLogin.cc HTTP/1.1" 311
[24/Oct/2022:07:47:56 +0200] 183.136.225.35 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[24/Oct/2022:07:48:44 +0200] 183.136.225.35 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[24/Oct/2022:08:04:25 +0200] 81.209.177.16 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /robots.txt HTTP/1.1" 391
[24/Oct/2022:08:04:25 +0200] 81.209.177.16 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 381
[24/Oct/2022:08:07:12 +0200] 194.180.48.125 TLSv1.2 AES256-SHA "GET /docker-compose.yml HTTP/1.1" 312
[24/Oct/2022:08:43:04 +0200] 194.110.203.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /includes/connect.php.bck HTTP/1.1" 401
[24/Oct/2022:09:14:54 +0200] 41.92.120.24 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[24/Oct/2022:09:14:55 +0200] 41.92.120.24 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[24/Oct/2022:09:30:05 +0200] 194.110.203.60 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[24/Oct/2022:09:34:00 +0200] 20.55.43.28 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.git/config HTTP/1.1" 310
[24/Oct/2022:10:01:06 +0200] 128.1.248.42 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[24/Oct/2022:10:08:11 +0200] 20.199.46.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /wp-content/plugins/ioptimization/IOptimize.php?rchk HTTP/1.1" 329
[24/Oct/2022:10:08:38 +0200] 20.199.46.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /wp-content/plugins/ioptimization/xdzmuvauoo.php?x=ooo HTTP/1.1" 334
[24/Oct/2022:10:09:34 +0200] 142.93.44.79 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /api/v1 HTTP/1.1" 305
[24/Oct/2022:10:29:29 +0200] 223.71.167.165 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[24/Oct/2022:11:34:20 +0200] 128.1.248.34 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[24/Oct/2022:11:43:49 +0200] 152.89.196.23 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[24/Oct/2022:12:19:12 +0200] 194.110.203.42 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /includes/config.php.bak HTTP/1.1" 417
[24/Oct/2022:12:51:46 +0200] 192.241.209.126 TLSv1.2 AES256-SHA "GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1" 328
[24/Oct/2022:12:54:19 +0200] 92.255.85.207 - - "-" -
[24/Oct/2022:12:57:58 +0200] 157.230.25.234 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[24/Oct/2022:13:10:07 +0200] 194.110.203.41 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /includes/config.php.bck HTTP/1.1" 409
[24/Oct/2022:13:49:00 +0200] 198.235.24.9 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 380
[24/Oct/2022:14:02:38 +0200] 181.214.218.60 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[24/Oct/2022:14:16:51 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1" 390
[24/Oct/2022:14:35:06 +0200] 20.82.129.117 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[24/Oct/2022:14:35:07 +0200] 20.82.129.117 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[24/Oct/2022:15:06:18 +0200] 141.136.47.204 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 295
[24/Oct/2022:15:07:10 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 327
[24/Oct/2022:16:17:16 +0200] 216.218.206.90 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[24/Oct/2022:16:27:53 +0200] 216.218.206.118 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[24/Oct/2022:16:32:46 +0200] 207.46.13.234 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 302
[24/Oct/2022:16:32:47 +0200] 207.46.13.234 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 302
[24/Oct/2022:16:32:51 +0200] 40.77.167.53 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 295
[24/Oct/2022:17:02:45 +0200] 194.110.203.42 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /includes/config.php~ HTTP/1.1" 397
[24/Oct/2022:17:31:28 +0200] 152.89.196.211 TLSv1.2 AES256-SHA "GET /actuator/gateway/routes HTTP/1.1" 315
[24/Oct/2022:18:17:44 +0200] 128.14.133.58 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[24/Oct/2022:19:28:25 +0200] 194.110.203.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /includes/config.bck HTTP/1.1" 405
[24/Oct/2022:20:25:11 +0200] 194.180.48.125 TLSv1.2 AES256-SHA "GET /explore HTTP/1.1" 306
[24/Oct/2022:20:55:29 +0200] 198.199.93.172 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[24/Oct/2022:21:04:23 +0200] 174.138.26.120 TLSv1.2 AES256-SHA "GET /ab2g HTTP/1.1" 304
[24/Oct/2022:21:04:26 +0200] 174.138.26.120 TLSv1.2 AES256-SHA "GET /ab2h HTTP/1.1" 304
[24/Oct/2022:21:04:53 +0200] 174.138.26.120 - - "-" -
[24/Oct/2022:21:26:16 +0200] 192.241.214.56 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx HTTP/1.1" 314
[24/Oct/2022:21:29:25 +0200] 192.241.219.128 TLSv1.2 AES256-SHA "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 348
[24/Oct/2022:21:32:01 +0200] 192.241.219.55 TLSv1.2 AES256-SHA "GET /owa/auth/x.js HTTP/1.1" 310
[24/Oct/2022:22:25:10 +0200] 77.74.177.119 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 302
[24/Oct/2022:22:31:12 +0200] 192.241.217.136 TLSv1.2 AES256-SHA "GET /version HTTP/1.1" 305
[24/Oct/2022:23:06:32 +0200] 87.236.176.98 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[24/Oct/2022:23:29:09 +0200] 194.110.203.39 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /include/connect.php.bak HTTP/1.1" 409
[24/Oct/2022:23:32:38 +0200] 93.159.230.89 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 302
[25/Oct/2022:00:53:26 +0200] 93.159.230.89 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 302
[25/Oct/2022:01:07:57 +0200] 128.1.248.26 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[25/Oct/2022:01:17:30 +0200] 152.89.196.23 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[25/Oct/2022:01:30:13 +0200] 35.90.197.8 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[25/Oct/2022:01:30:36 +0200] 35.87.38.19 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 314
[25/Oct/2022:01:41:31 +0200] 34.76.158.233 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301