LORG Detection Results [lorg]

Summary: 2 incidents discovered from one client

5.101.0.209 | 2 incidents | impact ∑: 24

attacks only

Description: A human attacker and random scan and targeted scan from Russian Federation, Saint Petersburg 16 hours ago. A total of 2 incidents where discovered by phpids detection modules.

Impact	Tags	Remote-City	Remote-Host	Remote-Logname	Remote-User	Date	Request	Final-Status	Bytes-Sent	Referer	User-Agent
0	none	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 14:13:37 +0100	GET /solr/admin/info/system?wt=json HTTP/1.1	302	488	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 14:13:38 +0100	GET /solr/admin/info/system?wt=json HTTP/1.1	404	5729	http://91.223.222.18:80/solr/admin/info/system?wt=json	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
12	xss csrf id rfe lfi	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 14:17:39 +0100	GET /?a=fetch&content=die(@md5(HelloThinkCMF)) HTTP/1.1	302	548	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 14:17:39 +0100	GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1	302	488	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
12	xss csrf id rfe lfi	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 14:17:39 +0100	GET /?a=fetch&content=die(@md5(HelloThinkCMF)) HTTP/1.1	302	5999	http://91.223.222.18:80/?a=fetch&content=die(@md5(HelloThinkCMF))	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 14:17:40 +0100	GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1	302	5999	http://91.223.222.18:80/?XDEBUG_SESSION_START=phpstorm	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 14:17:40 +0100	GET /?rt=Login/Index HTTP/1.1	200	7057	https://services.opennet.hu/?a=fetch&content=die(@md5(HelloThinkCMF))	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 14:17:40 +0100	GET /?rt=Login/Index HTTP/1.1	200	7057	https://services.opennet.hu/?XDEBUG_SESSION_START=phpstorm	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 14:22:56 +0100	GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP HTTP/1.1	302	660	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 14:22:56 +0100	GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP HTTP/1.1	302	5999	http://91.223.222.18:80/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 14:22:57 +0100	GET /index.php?rt=Login/Index HTTP/1.1	200	7057	https://services.opennet.hu/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 16:39:50 +0100	POST /pandora_console/index.php?login=1 HTTP/1.1	302	494	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 19:33:51 +0100	GET / HTTP/1.1	302	428	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 19:33:51 +0100	GET / HTTP/1.1	302	5999	http://91.223.222.18:80/	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 19:33:51 +0100	GET /?rt=Login/Index HTTP/1.1	200	7057	https://services.opennet.hu/	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 20:51:56 +0100	GET / HTTP/1.1	302	5779	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 20:51:57 +0100	GET // HTTP/1.1	302	5999	https://91.223.222.18:443/	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 20:51:59 +0100	GET //?rt=Login/Index HTTP/1.1	302	5999	https://services.opennet.hu//	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 20:52:01 +0100	GET //?rt=Login/Index HTTP/1.1	302	5999	https://services.opennet.hu//?rt=Login/Index	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 20:52:03 +0100	GET //?rt=Login/Index HTTP/1.1	302	5999	https://services.opennet.hu//?rt=Login/Index	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 20:52:05 +0100	GET //?rt=Login/Index HTTP/1.1	302	5999	https://services.opennet.hu//?rt=Login/Index	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 20:52:07 +0100	GET //?rt=Login/Index HTTP/1.1	302	5999	https://services.opennet.hu//?rt=Login/Index	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	Russian Federation, Saint Petersburg	5.101.0.209	-	-	Fri, 10 Jan 2020 20:52:08 +0100	GET //?rt=Login/Index HTTP/1.1	302	5999	https://services.opennet.hu//?rt=Login/Index	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36