LORG Detection Results [lorg]

Summary: 2 incidents discovered from one client

45.155.205.108 | 2 incidents | impact ∑: 24

attacks only

Description: A targeted scan 22 hours ago. A total of 2 incidents where discovered by phpids detection modules.

Impact	Tags	Remote-City	Remote-Host	Remote-Logname	Remote-User	Date	Request	Final-Status	Bytes-Sent	Referer	User-Agent
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 08:09:02 +0100	POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1	404	5430	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 08:09:03 +0100	GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1	404	5430	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 08:09:07 +0100	GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1	302	5829	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 08:09:08 +0100	GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1	302	5829	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 08:09:12 +0100	GET /wp-content/plugins/wp-file-manager/readme.txt HTTP/1.1	404	5571	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 08:09:13 +0100	POST /mifs/.;/services/LogService HTTP/1.1	404	5571	https://91.223.222.18:443	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 08:09:14 +0100	GET /console/ HTTP/1.1	404	5571	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 08:09:16 +0100	POST /api/jsonws/invoke HTTP/1.1	404	5571	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 08:09:16 +0100	POST /Autodiscover/Autodiscover.xml HTTP/1.1	404	5571	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 08:09:18 +0100	GET /index.php?rt=Login/Index HTTP/1.1	200	7152	https://91.223.222.18:443/index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 08:09:20 +0100	GET /?rt=Login/Index HTTP/1.1	200	7152	https://91.223.222.18:443/?XDEBUG_SESSION_START=phpstorm	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 14:18:41 +0100	POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1	302	522	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 14:18:41 +0100	POST /api/jsonws/invoke HTTP/1.1	302	456	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 14:18:41 +0100	GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1	302	658	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 14:18:41 +0100	\x16\x03\x01	400	-	-	-
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 14:18:41 +0100	\x16\x03\x01	400	-	-	-
12	xss csrf id rfe lfi	-	45.155.205.108	-	-	Fri, 01 Jan 2021 14:18:41 +0100	GET /?a=fetch&content=die(@md5(HelloThinkCMF)) HTTP/1.1	302	542	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 14:18:42 +0100	\x16\x03\x01	400	-	-	-
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 14:18:42 +0100	GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1	302	482	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 14:18:42 +0100	\x16\x03\x01	400	-	-	-
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 14:18:43 +0100	\x16\x03\x01	400	-	-	-
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 14:18:43 +0100	GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1	302	522	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 14:18:43 +0100	\x16\x03\x01	400	-	-	-
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 14:18:43 +0100	GET /wp-content/plugins/wp-file-manager/readme.txt HTTP/1.1	302	512	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 14:18:43 +0100	\x16\x03\x01	400	-	-	-
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 14:18:43 +0100	GET /console/ HTTP/1.1	302	438	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 14:18:43 +0100	GET /solr/admin/info/system?wt=json HTTP/1.1	302	482	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 14:18:43 +0100	\x16\x03\x01	400	-	-	-
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 14:18:43 +0100	POST /Autodiscover/Autodiscover.xml HTTP/1.1	302	480	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 14:18:43 +0100	\x16\x03\x01	400	-	-	-
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 14:18:44 +0100	\x16\x03\x01	400	-	-	-
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 19:45:30 +0100	POST /api/jsonws/invoke HTTP/1.1	302	456	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 19:45:30 +0100	POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1	302	522	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 19:45:30 +0100	\x16\x03\x01	400	-	-	-
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 19:45:30 +0100	GET /solr/admin/info/system?wt=json HTTP/1.1	302	482	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 19:45:30 +0100	\x16\x03\x01	400	-	-	-
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 19:45:30 +0100	\x16\x03\x01	400	-	-	-
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 19:45:30 +0100	GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1	302	482	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
12	xss csrf id rfe lfi	-	45.155.205.108	-	-	Fri, 01 Jan 2021 19:45:31 +0100	GET /?a=fetch&content=die(@md5(HelloThinkCMF)) HTTP/1.1	302	542	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 19:45:31 +0100	\x16\x03\x01	400	-	-	-
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 19:45:31 +0100	GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1	302	522	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 19:45:31 +0100	POST /Autodiscover/Autodiscover.xml HTTP/1.1	302	480	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 19:45:31 +0100	\x16\x03\x01	400	-	-	-
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 19:45:31 +0100	GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1	302	658	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 19:45:31 +0100	\x16\x03\x01	400	-	-	-
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 19:45:32 +0100	GET /wp-content/plugins/wp-file-manager/readme.txt HTTP/1.1	302	512	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 19:45:32 +0100	\x16\x03\x01	400	-	-	-
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 19:45:32 +0100	GET /console/ HTTP/1.1	302	438	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 19:45:32 +0100	\x16\x03\x01	400	-	-	-
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 19:45:32 +0100	\x16\x03\x01	400	-	-	-
0	none	-	45.155.205.108	-	-	Fri, 01 Jan 2021 19:45:33 +0100	\x16\x03\x01	400	-	-	-