[22/Feb/2023:01:13:02 +0100] 34.76.158.233 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[22/Feb/2023:01:13:44 +0100] 163.172.180.25 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 392
[22/Feb/2023:01:24:37 +0100] 194.110.203.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_27092022.zip HTTP/1.1" 396
[22/Feb/2023:01:25:49 +0100] 194.110.203.42 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_27092022.zip HTTP/1.1" 405
[22/Feb/2023:01:27:44 +0100] 167.94.138.119 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[22/Feb/2023:01:27:45 +0100] 167.94.138.119 TLSv1.2 AES256-SHA "PRI * HTTP/2.0" 379
[22/Feb/2023:01:43:42 +0100] 27.124.12.16 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /haiwaiju/zwnyr/ HTTP/1.1" 398
[22/Feb/2023:01:52:57 +0100] 92.118.39.108 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.git/config HTTP/1.1" 310
[22/Feb/2023:02:00:13 +0100] 64.227.190.2 TLSv1.2 AES256-SHA "GET /ab2g HTTP/1.1" 304
[22/Feb/2023:02:00:15 +0100] 64.227.190.2 TLSv1.2 AES256-SHA "GET /ab2h HTTP/1.1" 304
[22/Feb/2023:02:00:22 +0100] 64.227.190.2 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[22/Feb/2023:02:00:24 +0100] 64.227.190.2 TLSv1.2 AES256-SHA "GET /t4 HTTP/1.1" 302
[22/Feb/2023:02:31:17 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[22/Feb/2023:02:31:18 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.env HTTP/1.1" 304
[22/Feb/2023:02:31:18 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/credentials HTTP/1.1" 311
[22/Feb/2023:02:31:19 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/credentials HTTP/1.1" 311
[22/Feb/2023:02:31:19 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/config HTTP/1.1" 310
[22/Feb/2023:02:31:19 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/config HTTP/1.1" 310
[22/Feb/2023:02:31:20 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /aws/credentials HTTP/1.1" 310
[22/Feb/2023:02:31:20 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /aws/credentials HTTP/1.1" 310
[22/Feb/2023:02:31:21 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /credentials HTTP/1.1" 308
[22/Feb/2023:02:31:21 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /credentials HTTP/1.1" 308
[22/Feb/2023:02:31:22 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /test.php HTTP/1.1" 306
[22/Feb/2023:02:31:22 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /test.php HTTP/1.1" 306
[22/Feb/2023:02:31:23 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /laravel/.env HTTP/1.1" 309
[22/Feb/2023:02:31:23 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /laravel/.env HTTP/1.1" 309
[22/Feb/2023:02:31:24 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /demo/.env HTTP/1.1" 307
[22/Feb/2023:02:31:24 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /demo/.env HTTP/1.1" 307
[22/Feb/2023:02:31:24 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /web/.env HTTP/1.1" 307
[22/Feb/2023:02:31:25 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /web/.env HTTP/1.1" 307
[22/Feb/2023:02:31:25 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /phpinfo HTTP/1.1" 307
[22/Feb/2023:02:31:26 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /phpinfo HTTP/1.1" 307
[22/Feb/2023:02:47:43 +0100] 51.15.205.3 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 385
[22/Feb/2023:02:48:01 +0100] 198.235.24.163 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 383
[22/Feb/2023:03:19:48 +0100] 216.218.206.69 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[22/Feb/2023:03:25:52 +0100] 194.110.203.39 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_26092022.zip HTTP/1.1" 396
[22/Feb/2023:03:29:10 +0100] 216.218.206.69 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[22/Feb/2023:03:35:34 +0100] 216.218.206.69 TLSv1.2 AES256-SHA "GET /.git/config HTTP/1.1" 310
[22/Feb/2023:03:50:47 +0100] 198.98.57.108 TLSv1.2 AES256-SHA "GET /?\"<?=print(9347655345-4954366)?>\" HTTP/1.1" 337
[22/Feb/2023:03:50:49 +0100] 198.98.57.108 TLSv1.2 AES256-SHA "GET /?'<?=print(9347655345-4954366)?>' HTTP/1.1" 335
[22/Feb/2023:03:50:51 +0100] 198.98.57.108 TLSv1.2 AES256-SHA "GET /?'{${print(9347655345-4954366)}}' HTTP/1.1" 335
[22/Feb/2023:03:50:54 +0100] 198.98.57.108 TLSv1.2 AES256-SHA "GET /?\"{${print(9347655345-4954366)}}\" HTTP/1.1" 337
[22/Feb/2023:03:50:55 +0100] 198.98.57.108 TLSv1.2 AES256-SHA "GET /?'+print(9347655345-4954366)+' HTTP/1.1" 327
[22/Feb/2023:04:00:17 +0100] 52.90.160.206 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[22/Feb/2023:04:13:19 +0100] 162.221.192.90 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[22/Feb/2023:05:05:51 +0100] 212.193.30.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 298
[22/Feb/2023:05:05:52 +0100] 212.193.30.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 295
[22/Feb/2023:05:37:30 +0100] 159.223.12.224 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[22/Feb/2023:05:54:04 +0100] 194.110.203.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_24092022.zip HTTP/1.1" 413
[22/Feb/2023:06:57:30 +0100] 192.241.217.15 TLSv1.2 AES256-SHA "GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1" 328
[22/Feb/2023:07:00:12 +0100] 103.149.192.216 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[22/Feb/2023:07:16:26 +0100] 185.180.143.81 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[22/Feb/2023:07:17:22 +0100] 194.110.203.40 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_23092022.zip HTTP/1.1" 413
[22/Feb/2023:07:53:15 +0100] 194.110.203.47 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_23092022.zip HTTP/1.1" 405
[22/Feb/2023:08:07:54 +0100] 193.106.29.122 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.0" 388
[22/Feb/2023:08:20:01 +0100] 4.184.57.28 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301
[22/Feb/2023:09:04:00 +0100] 162.243.133.21 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[22/Feb/2023:09:40:17 +0100] 194.110.203.47 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_22092022.zip HTTP/1.1" 396
[22/Feb/2023:09:41:52 +0100] 103.203.59.1 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[22/Feb/2023:09:43:22 +0100] 139.144.41.61 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[22/Feb/2023:09:50:13 +0100] 107.170.252.9 TLSv1.2 AES256-SHA "GET /ReportServer HTTP/1.1" 307
[22/Feb/2023:09:51:32 +0100] 195.144.21.56 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 383
[22/Feb/2023:09:51:33 +0100] 195.144.21.56 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[22/Feb/2023:09:51:33 +0100] 195.144.21.56 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[22/Feb/2023:09:51:34 +0100] 195.144.21.56 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[22/Feb/2023:09:51:37 +0100] 195.144.21.56 TLSv1.2 AES256-SHA "quit" 379
[22/Feb/2023:09:51:40 +0100] 195.144.21.56 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 393
[22/Feb/2023:09:51:40 +0100] 195.144.21.56 TLSv1.2 AES256-SHA "GET /sitemap.xml HTTP/1.1" 394
[22/Feb/2023:09:51:40 +0100] 195.144.21.56 TLSv1.2 AES256-SHA "GET /.well-known/security.txt HTTP/1.1" 407
[22/Feb/2023:09:51:44 +0100] 195.144.21.56 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /favicon.ico HTTP/1.1" 309
[22/Feb/2023:09:51:45 +0100] 195.144.21.56 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "" 379
[22/Feb/2023:10:01:19 +0100] 47.254.74.59 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[22/Feb/2023:10:01:24 +0100] 47.254.85.182 TLSv1.2 AES256-SHA "GET /Public/home/js/check.js HTTP/1.1" 316
[22/Feb/2023:10:01:27 +0100] 47.254.74.59 TLSv1.2 AES256-SHA "GET /static/admin/javascript/hetong.js HTTP/1.1" 325
[22/Feb/2023:10:06:08 +0100] 162.243.133.18 TLSv1.2 AES256-SHA "GET /login HTTP/1.1" 305
[22/Feb/2023:10:17:05 +0100] 128.14.133.58 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[22/Feb/2023:10:58:28 +0100] 194.110.203.42 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_21092022.zip HTTP/1.1" 396
[22/Feb/2023:10:59:39 +0100] 157.230.248.195 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /api/v1 HTTP/1.1" 305
[22/Feb/2023:11:00:13 +0100] 139.177.197.81 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.0" 388
[22/Feb/2023:11:32:36 +0100] 104.248.229.49 TLSv1.2 AES256-SHA "GET /aaa9 HTTP/1.1" 304
[22/Feb/2023:11:32:38 +0100] 104.248.229.49 TLSv1.2 AES256-SHA "GET /aab8 HTTP/1.1" 304
[22/Feb/2023:13:05:20 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[22/Feb/2023:13:05:20 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.env HTTP/1.1" 304
[22/Feb/2023:13:05:21 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/credentials HTTP/1.1" 311
[22/Feb/2023:13:05:21 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/credentials HTTP/1.1" 311
[22/Feb/2023:13:05:21 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/config HTTP/1.1" 310
[22/Feb/2023:13:05:22 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/config HTTP/1.1" 310
[22/Feb/2023:13:05:22 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /aws/credentials HTTP/1.1" 310
[22/Feb/2023:13:05:23 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /aws/credentials HTTP/1.1" 310
[22/Feb/2023:13:05:23 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /credentials HTTP/1.1" 308
[22/Feb/2023:13:05:24 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /credentials HTTP/1.1" 308
[22/Feb/2023:13:05:24 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /test.php HTTP/1.1" 306
[22/Feb/2023:13:05:25 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /test.php HTTP/1.1" 306
[22/Feb/2023:13:05:25 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /laravel/.env HTTP/1.1" 309
[22/Feb/2023:13:05:25 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /laravel/.env HTTP/1.1" 309
[22/Feb/2023:13:05:26 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /demo/.env HTTP/1.1" 307
[22/Feb/2023:13:05:26 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /demo/.env HTTP/1.1" 307
[22/Feb/2023:13:05:27 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /web/.env HTTP/1.1" 307
[22/Feb/2023:13:05:27 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /web/.env HTTP/1.1" 307
[22/Feb/2023:13:05:28 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /phpinfo HTTP/1.1" 307
[22/Feb/2023:13:05:28 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /phpinfo HTTP/1.1" 307
[22/Feb/2023:13:31:44 +0100] 194.110.203.39 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_19092022.zip HTTP/1.1" 413
[22/Feb/2023:13:44:40 +0100] 163.172.180.25 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 385
[22/Feb/2023:15:29:16 +0100] 194.110.203.44 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_18092022.zip HTTP/1.1" 413
[22/Feb/2023:15:36:34 +0100] 193.56.29.26 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[22/Feb/2023:15:36:34 +0100] 193.56.29.26 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301
[22/Feb/2023:16:12:23 +0100] 132.148.166.136 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_18092022.zip HTTP/1.1" 405
[22/Feb/2023:16:14:51 +0100] 192.241.211.4 TLSv1.2 AES256-SHA "GET /actuator/health HTTP/1.1" 310
[22/Feb/2023:17:02:07 +0100] 128.14.134.134 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[22/Feb/2023:18:44:10 +0100] 94.102.61.7 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[22/Feb/2023:19:26:30 +0100] 152.89.196.211 TLSv1.2 AES256-SHA "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 331
[22/Feb/2023:19:47:02 +0100] 83.136.32.58 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "HEAD / HTTP/1.0" -
[22/Feb/2023:19:47:50 +0100] 87.236.176.110 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[22/Feb/2023:19:58:32 +0100] 194.110.203.41 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_16092022.zip HTTP/1.1" 413
[22/Feb/2023:20:01:35 +0100] 194.110.203.38 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_16092022.zip HTTP/1.1" 405
[22/Feb/2023:20:19:26 +0100] 162.243.131.17 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[22/Feb/2023:20:41:06 +0100] 162.243.136.22 TLSv1.2 AES256-SHA "GET /version HTTP/1.1" 305
[22/Feb/2023:22:10:59 +0100] 194.110.203.42 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_15092022.zip HTTP/1.1" 396
[22/Feb/2023:22:29:31 +0100] 60.217.75.70 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[22/Feb/2023:22:37:54 +0100] 23.90.160.122 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[22/Feb/2023:22:38:30 +0100] 23.90.160.122 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[22/Feb/2023:22:38:33 +0100] 23.90.160.122 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[22/Feb/2023:22:38:34 +0100] 23.90.160.122 TLSv1.2 AES256-SHA "GET /solr/ HTTP/1.1" 304
[22/Feb/2023:22:38:55 +0100] 23.90.160.122 TLSv1.2 AES256-SHA "GET /webfig/ HTTP/1.1" 307
[22/Feb/2023:22:39:04 +0100] 23.90.160.122 TLSv1.2 AES256-SHA "GET /owa/ HTTP/1.1" 304
[22/Feb/2023:22:39:05 +0100] 23.90.160.122 TLSv1.2 AES256-SHA "GET /autodiscover/autodiscover.json?a..foo.var/owa/?&Email=autodiscover/autodiscover.json?a..foo.var&Protocol=XYZ&FooProtocol=%50owershell HTTP/1.1" 378
[22/Feb/2023:22:39:09 +0100] 23.90.160.122 TLSv1.2 AES256-SHA "GET /admin/ HTTP/1.1" 305
[22/Feb/2023:22:48:29 +0100] 60.217.75.70 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[22/Feb/2023:23:10:45 +0100] 194.110.203.47 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_14092022.zip HTTP/1.1" 405
[23/Feb/2023:00:23:54 +0100] 212.87.204.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[23/Feb/2023:00:23:54 +0100] 212.87.204.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST / HTTP/1.1" 301