[27/Feb/2023:02:23:38 +0100] 194.110.203.47 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_17072022.zip HTTP/1.1" 413
[27/Feb/2023:02:30:00 +0100] 40.113.130.203 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /webclient HTTP/1.1" 392
[27/Feb/2023:02:58:16 +0100] 194.110.203.47 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_17072022.zip HTTP/1.1" 405
[27/Feb/2023:02:58:49 +0100] 167.94.138.120 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[27/Feb/2023:02:58:50 +0100] 167.94.138.120 TLSv1.2 AES256-SHA "PRI * HTTP/2.0" 379
[27/Feb/2023:03:05:57 +0100] 192.241.193.94 TLSv1.2 AES256-SHA "GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1" 328
[27/Feb/2023:03:43:25 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[27/Feb/2023:03:43:25 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.env HTTP/1.1" 304
[27/Feb/2023:03:43:26 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/credentials HTTP/1.1" 311
[27/Feb/2023:03:43:26 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/credentials HTTP/1.1" 311
[27/Feb/2023:03:43:27 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/config HTTP/1.1" 310
[27/Feb/2023:03:43:27 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/config HTTP/1.1" 310
[27/Feb/2023:03:43:28 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /aws/credentials HTTP/1.1" 310
[27/Feb/2023:03:43:28 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /aws/credentials HTTP/1.1" 310
[27/Feb/2023:03:43:29 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /credentials HTTP/1.1" 308
[27/Feb/2023:03:43:30 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /credentials HTTP/1.1" 308
[27/Feb/2023:03:43:30 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /test.php HTTP/1.1" 306
[27/Feb/2023:03:43:31 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /test.php HTTP/1.1" 306
[27/Feb/2023:03:43:31 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /laravel/.env HTTP/1.1" 309
[27/Feb/2023:03:43:32 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /laravel/.env HTTP/1.1" 309
[27/Feb/2023:03:43:32 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /demo/.env HTTP/1.1" 307
[27/Feb/2023:03:43:33 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /demo/.env HTTP/1.1" 307
[27/Feb/2023:03:43:33 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /web/.env HTTP/1.1" 307
[27/Feb/2023:03:43:34 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /web/.env HTTP/1.1" 307
[27/Feb/2023:03:43:34 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /phpinfo HTTP/1.1" 307
[27/Feb/2023:03:43:35 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /phpinfo HTTP/1.1" 307
[27/Feb/2023:03:43:35 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /admin/.env HTTP/1.1" 308
[27/Feb/2023:03:43:36 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /admin/.env HTTP/1.1" 308
[27/Feb/2023:03:43:36 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backend/.env HTTP/1.1" 310
[27/Feb/2023:03:43:37 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /backend/.env HTTP/1.1" 310
[27/Feb/2023:03:43:37 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /app/.env HTTP/1.1" 307
[27/Feb/2023:03:43:38 +0100] 109.237.97.180 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /app/.env HTTP/1.1" 307
[27/Feb/2023:05:05:26 +0100] 194.110.203.39 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_15072022.zip HTTP/1.1" 413
[27/Feb/2023:05:06:27 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.env HTTP/1.1" 304
[27/Feb/2023:05:06:28 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.env HTTP/1.1" 304
[27/Feb/2023:05:06:28 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/credentials HTTP/1.1" 311
[27/Feb/2023:05:06:29 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/credentials HTTP/1.1" 311
[27/Feb/2023:05:06:30 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /.aws/config HTTP/1.1" 310
[27/Feb/2023:05:06:31 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /.aws/config HTTP/1.1" 310
[27/Feb/2023:05:06:31 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /aws/credentials HTTP/1.1" 310
[27/Feb/2023:05:06:32 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /aws/credentials HTTP/1.1" 310
[27/Feb/2023:05:06:33 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /credentials HTTP/1.1" 308
[27/Feb/2023:05:06:33 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /credentials HTTP/1.1" 308
[27/Feb/2023:05:06:34 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /test.php HTTP/1.1" 306
[27/Feb/2023:05:06:35 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /test.php HTTP/1.1" 306
[27/Feb/2023:05:06:35 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /laravel/.env HTTP/1.1" 309
[27/Feb/2023:05:06:36 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /laravel/.env HTTP/1.1" 309
[27/Feb/2023:05:06:37 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /demo/.env HTTP/1.1" 307
[27/Feb/2023:05:06:38 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /demo/.env HTTP/1.1" 307
[27/Feb/2023:05:06:39 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /web/.env HTTP/1.1" 307
[27/Feb/2023:05:06:40 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /web/.env HTTP/1.1" 307
[27/Feb/2023:05:06:41 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /phpinfo HTTP/1.1" 307
[27/Feb/2023:05:06:42 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /phpinfo HTTP/1.1" 307
[27/Feb/2023:05:06:43 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /admin/.env HTTP/1.1" 308
[27/Feb/2023:05:06:44 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /admin/.env HTTP/1.1" 308
[27/Feb/2023:05:06:45 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backend/.env HTTP/1.1" 310
[27/Feb/2023:05:06:46 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /backend/.env HTTP/1.1" 310
[27/Feb/2023:05:06:46 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /app/.env HTTP/1.1" 307
[27/Feb/2023:05:06:47 +0100] 109.237.98.226 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "POST /app/.env HTTP/1.1" 307
[27/Feb/2023:05:38:03 +0100] 194.110.203.46 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_15072022.zip HTTP/1.1" 396
[27/Feb/2023:06:31:27 +0100] 193.235.141.145 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 295
[27/Feb/2023:07:16:04 +0100] 183.136.225.46 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 385
[27/Feb/2023:07:40:00 +0100] 192.241.199.4 TLSv1.2 AES256-SHA "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 335
[27/Feb/2023:08:00:56 +0100] 193.106.29.122 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.0" 388
[27/Feb/2023:08:22:42 +0100] 35.247.31.10 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "OPTIONS / HTTP/1.0" 383
[27/Feb/2023:08:28:40 +0100] 194.110.203.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_13072022.zip HTTP/1.1" 405
[27/Feb/2023:09:09:12 +0100] 192.241.196.4 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[27/Feb/2023:13:32:30 +0100] 162.243.139.21 TLSv1.2 AES256-SHA "GET /actuator/health HTTP/1.1" 310
[27/Feb/2023:14:07:18 +0100] 64.62.197.101 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[27/Feb/2023:14:14:43 +0100] 64.62.197.98 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 309
[27/Feb/2023:14:17:29 +0100] 64.62.197.105 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[27/Feb/2023:14:18:50 +0100] 64.62.197.97 TLSv1.2 AES256-SHA "GET /.git/config HTTP/1.1" 310
[27/Feb/2023:14:29:53 +0100] 132.148.166.136 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_09072022.zip HTTP/1.1" 413
[27/Feb/2023:16:03:01 +0100] 207.46.13.229 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 302
[27/Feb/2023:16:03:03 +0100] 207.46.13.229 TLSv1.2 AES256-SHA "GET /robots.txt HTTP/1.1" 302
[27/Feb/2023:16:03:09 +0100] 52.167.144.84 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 295
[27/Feb/2023:19:54:11 +0100] 194.110.203.41 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_06072022.zip HTTP/1.1" 396
[27/Feb/2023:20:32:59 +0100] 205.210.31.3 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 394
[27/Feb/2023:21:20:21 +0100] 185.180.143.71 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 301
[27/Feb/2023:22:07:11 +0100] 34.212.32.200 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[27/Feb/2023:22:07:54 +0100] 52.27.14.187 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[27/Feb/2023:22:20:00 +0100] 194.110.203.45 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_04072022.zip HTTP/1.1" 413
[27/Feb/2023:22:30:11 +0100] 34.220.209.208 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[27/Feb/2023:22:30:52 +0100] 54.244.132.209 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 307
[28/Feb/2023:00:11:46 +0100] 194.110.203.39 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET /backup_03072022.zip HTTP/1.1" 413
[28/Feb/2023:00:45:35 +0100] 34.222.240.133 TLSv1.2 AES256-SHA "GET / HTTP/1.1" 306
[28/Feb/2023:00:46:02 +0100] 54.187.74.74 TLSv1.2 AES256-SHA "GET /favicon.ico HTTP/1.1" 313
[28/Feb/2023:00:56:07 +0100] 35.195.93.98 TLSv1.2 DHE-RSA-AES256-GCM-SHA384 "GET / HTTP/1.1" 301