[18/Nov/2022:01:00:29 +0100] 205.210.31.5 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[18/Nov/2022:01:13:50 +0100] 164.92.231.143 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[18/Nov/2022:01:15:54 +0100] 2.57.170.31 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /webclient/ HTTP/1.1" 393
[18/Nov/2022:01:18:08 +0100] 194.110.203.47 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_harm.zip HTTP/1.1" 392
[18/Nov/2022:01:18:37 +0100] 20.25.161.86 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[18/Nov/2022:01:18:38 +0100] 20.25.161.86 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[18/Nov/2022:01:28:04 +0100] 54.218.91.6 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 295
[18/Nov/2022:01:28:30 +0100] 52.26.57.9 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 295
[18/Nov/2022:02:36:11 +0100] 152.89.196.211 TLSv1.2 AES256-SHA "GET /_ignition/execute-solution HTTP/1.1" 319
[18/Nov/2022:02:44:27 +0100] 94.102.61.8 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[18/Nov/2022:04:15:53 +0100] 194.110.203.41 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /dump.tar.gz HTTP/1.1" 397
[18/Nov/2022:04:16:50 +0100] 194.110.203.41 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /dump.tar.gz HTTP/1.1" 388
[18/Nov/2022:04:32:41 +0100] 128.14.134.134 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[18/Nov/2022:04:54:16 +0100] 192.241.207.134 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[18/Nov/2022:04:57:31 +0100] 109.237.98.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 298
[18/Nov/2022:04:57:32 +0100] 109.237.98.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.env HTTP/1.1" 298
[18/Nov/2022:04:57:33 +0100] 109.237.98.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/credentials HTTP/1.1" 304
[18/Nov/2022:04:57:33 +0100] 109.237.98.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/credentials HTTP/1.1" 304
[18/Nov/2022:04:57:34 +0100] 109.237.98.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/config HTTP/1.1" 303
[18/Nov/2022:04:57:34 +0100] 109.237.98.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/config HTTP/1.1" 303
[18/Nov/2022:04:57:35 +0100] 109.237.98.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /aws/credentials HTTP/1.1" 304
[18/Nov/2022:04:57:36 +0100] 109.237.98.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /aws/credentials HTTP/1.1" 304
[18/Nov/2022:04:57:36 +0100] 109.237.98.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /credentials HTTP/1.1" 302
[18/Nov/2022:04:57:37 +0100] 109.237.98.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /credentials HTTP/1.1" 302
[18/Nov/2022:04:57:38 +0100] 109.237.98.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /test.php HTTP/1.1" 300
[18/Nov/2022:04:57:38 +0100] 109.237.98.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /test.php HTTP/1.1" 300
[18/Nov/2022:04:57:39 +0100] 109.237.98.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /laravel/.env HTTP/1.1" 303
[18/Nov/2022:04:57:39 +0100] 109.237.98.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /laravel/.env HTTP/1.1" 303
[18/Nov/2022:04:57:40 +0100] 109.237.98.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /demo/.env HTTP/1.1" 301
[18/Nov/2022:04:57:40 +0100] 109.237.98.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /demo/.env HTTP/1.1" 301
[18/Nov/2022:04:57:41 +0100] 109.237.98.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /web/.env HTTP/1.1" 300
[18/Nov/2022:04:57:42 +0100] 109.237.98.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /web/.env HTTP/1.1" 300
[18/Nov/2022:04:57:42 +0100] 109.237.98.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /phpinfo HTTP/1.1" 300
[18/Nov/2022:04:57:43 +0100] 109.237.98.53 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /phpinfo HTTP/1.1" 300
[18/Nov/2022:05:09:38 +0100] 193.106.29.122 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.0" 388
[18/Nov/2022:05:53:42 +0100] 194.110.203.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /dbdump.tar.gz HTTP/1.1" 407
[18/Nov/2022:06:51:46 +0100] 109.206.243.162 TLSv1.2 AES256-SHA "GET /explore HTTP/1.1" 306
[18/Nov/2022:07:05:09 +0100] 194.110.203.46 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /dbdump.tar.gz HTTP/1.1" 399
[18/Nov/2022:07:13:43 +0100] 87.236.176.131 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[18/Nov/2022:07:31:03 +0100] 194.110.203.46 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /database.tar.gz HTTP/1.1" 392
[18/Nov/2022:07:31:28 +0100] 128.14.141.34 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[18/Nov/2022:07:31:37 +0100] 128.14.141.34 TLSv1.2 AES256-SHA "GET /showLogin.cc HTTP/1.1" 311
[18/Nov/2022:07:35:16 +0100] 192.241.204.39 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[18/Nov/2022:07:42:39 +0100] 185.7.214.218 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[18/Nov/2022:07:46:27 +0100] 194.110.203.39 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /database.tar.gz HTTP/1.1" 401
[18/Nov/2022:08:04:10 +0100] 152.89.196.211 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[18/Nov/2022:09:18:15 +0100] 194.110.203.39 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /localhost.tar.gz HTTP/1.1" 393
[18/Nov/2022:10:38:33 +0100] 192.241.195.189 TLSv1.2 AES256-SHA "GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1" 328
[18/Nov/2022:11:13:28 +0100] 205.210.31.186 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 389
[18/Nov/2022:11:33:18 +0100] 164.90.129.48 - - "-" -
[18/Nov/2022:11:40:54 +0100] 65.49.20.101 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[18/Nov/2022:11:43:22 +0100] 154.89.5.99 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[18/Nov/2022:11:54:34 +0100] 65.49.20.121 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[18/Nov/2022:12:01:23 +0100] 65.49.20.125 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[18/Nov/2022:12:02:35 +0100] 65.49.20.93 TLSv1.2 AES256-SHA "GET /.git/config HTTP/1.1" 310
[18/Nov/2022:12:21:07 +0100] 194.180.48.125 TLSv1.2 AES256-SHA "GET /docker-compose.yml HTTP/1.1" 312
[18/Nov/2022:12:21:38 +0100] 194.110.203.42 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /localhost_db.tar.gz HTTP/1.1" 413
[18/Nov/2022:12:52:32 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[18/Nov/2022:12:52:33 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.env HTTP/1.1" 304
[18/Nov/2022:12:52:33 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/credentials HTTP/1.1" 311
[18/Nov/2022:12:52:34 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/credentials HTTP/1.1" 311
[18/Nov/2022:12:52:34 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/config HTTP/1.1" 310
[18/Nov/2022:12:52:34 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/config HTTP/1.1" 310
[18/Nov/2022:12:52:35 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /aws/credentials HTTP/1.1" 310
[18/Nov/2022:12:52:35 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /aws/credentials HTTP/1.1" 310
[18/Nov/2022:12:52:36 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /credentials HTTP/1.1" 308
[18/Nov/2022:12:52:36 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /credentials HTTP/1.1" 308
[18/Nov/2022:12:52:37 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /test.php HTTP/1.1" 306
[18/Nov/2022:12:52:37 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /test.php HTTP/1.1" 306
[18/Nov/2022:12:52:38 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /laravel/.env HTTP/1.1" 309
[18/Nov/2022:12:52:39 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /laravel/.env HTTP/1.1" 309
[18/Nov/2022:12:52:39 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /demo/.env HTTP/1.1" 307
[18/Nov/2022:12:52:40 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /demo/.env HTTP/1.1" 307
[18/Nov/2022:12:52:40 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /web/.env HTTP/1.1" 307
[18/Nov/2022:12:52:41 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /web/.env HTTP/1.1" 307
[18/Nov/2022:12:52:41 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /phpinfo HTTP/1.1" 307
[18/Nov/2022:12:52:42 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /phpinfo HTTP/1.1" 307
[18/Nov/2022:13:13:55 +0100] 164.90.129.48 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[18/Nov/2022:13:13:56 +0100] 164.90.129.48 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 754
[18/Nov/2022:13:13:58 +0100] 164.90.129.48 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /favicon.ico HTTP/1.1" 1150
[18/Nov/2022:14:16:52 +0100] 183.136.225.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 385
[18/Nov/2022:14:17:29 +0100] 183.136.225.45 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[18/Nov/2022:14:17:31 +0100] 183.136.225.45 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 308
[18/Nov/2022:14:17:35 +0100] 183.136.225.45 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 308
[18/Nov/2022:14:55:41 +0100] 167.71.79.130 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 298
[18/Nov/2022:14:55:42 +0100] 167.71.79.130 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 295
[18/Nov/2022:15:28:27 +0100] 152.89.196.211 TLSv1.2 AES256-SHA "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 331
[18/Nov/2022:15:38:26 +0100] 194.110.203.42 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /localhost_database.tar.gz HTTP/1.1" 419
[18/Nov/2022:16:04:23 +0100] 152.89.196.211 TLSv1.2 AES256-SHA "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 331
[18/Nov/2022:16:32:11 +0100] 152.89.196.211 TLSv1.2 AES256-SHA "GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1" 390
[18/Nov/2022:16:36:44 +0100] 192.241.198.39 TLSv1.2 AES256-SHA "GET /actuator/health HTTP/1.1" 310
[18/Nov/2022:17:21:37 +0100] 194.110.203.44 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /localhost-database.tar.gz HTTP/1.1" 402
[18/Nov/2022:17:53:07 +0100] 152.89.196.211 TLSv1.2 AES256-SHA "POST /mifs/.;/services/LogService HTTP/1.1" 318
[18/Nov/2022:18:06:50 +0100] 194.110.203.42 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /localhost-database.tar.gz HTTP/1.1" 419
[18/Nov/2022:18:46:08 +0100] 193.118.53.210 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[18/Nov/2022:18:52:34 +0100] 161.35.67.243 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[18/Nov/2022:19:21:02 +0100] 23.229.104.2 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[18/Nov/2022:19:21:04 +0100] 23.229.104.2 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 308
[18/Nov/2022:19:21:06 +0100] 23.229.104.2 TLSv1.2 AES256-SHA "GET /ads.txt HTTP/1.1" 306
[18/Nov/2022:19:46:58 +0100] 194.110.203.46 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /localhost_dump.tar.gz HTTP/1.1" 415
[18/Nov/2022:20:34:03 +0100] 198.235.24.54 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 377
[18/Nov/2022:20:44:17 +0100] 118.193.40.46 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[18/Nov/2022:20:52:25 +0100] 185.7.214.218 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1" 452
[18/Nov/2022:20:53:58 +0100] 194.110.203.41 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /localhost-dump.tar.gz HTTP/1.1" 415
[18/Nov/2022:21:02:27 +0100] 163.172.180.25 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 386
[18/Nov/2022:21:09:38 +0100] 52.215.44.248 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /robots.txt HTTP/1.1" 101
[18/Nov/2022:21:14:02 +0100] 194.110.203.40 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /localhost-dump.tar.gz HTTP/1.1" 398
[18/Nov/2022:21:42:34 +0100] 167.94.138.47 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[18/Nov/2022:21:42:35 +0100] 167.94.138.47 TLSv1.2 AES256-SHA "PRI * HTTP/2.0" 379
[18/Nov/2022:22:32:50 +0100] 167.248.133.46 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[18/Nov/2022:22:32:51 +0100] 167.248.133.46 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[18/Nov/2022:22:32:51 +0100] 167.248.133.46 TLSv1.2 AES256-SHA "PRI * HTTP/2.0" 379
[18/Nov/2022:22:45:19 +0100] 194.110.203.44 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /localhostbackup.tar.gz HTTP/1.1" 416
[18/Nov/2022:23:05:26 +0100] 192.241.212.122 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx HTTP/1.1" 314
[18/Nov/2022:23:13:28 +0100] 192.241.198.9 TLSv1.2 AES256-SHA "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 348
[18/Nov/2022:23:14:43 +0100] 192.241.210.196 TLSv1.2 AES256-SHA "GET /owa/auth/x.js HTTP/1.1" 310
[19/Nov/2022:00:15:28 +0100] 194.110.203.46 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /localhost_backup.tar.gz HTTP/1.1" 400
[19/Nov/2022:00:20:24 +0100] 35.195.93.98 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[19/Nov/2022:00:46:43 +0100] 179.43.177.154 TLSv1.2 AES256-SHA "GET /wp-content/.git/config HTTP/1.1" 315