LORG Detection Results [lorg]

Summary: one incident discovered from one client

192.168.21.127 | 1 incident | impact ∑: 12

attacks only

Description: A targeted scan 22 hours ago. A total of one incident was discovered by phpids detection modules.

Impact	Tags	Remote-City	Remote-Host	Remote-Logname	Remote-User	Date	Request	Final-Status	Bytes-Sent	Referer	User-Agent
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 08:08:07 +0100	GET / HTTP/1.1	200	78364	-	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 08:27:33 +0100	POST /HNAP1/ HTTP/1.1	404	456	-	Mozila/5.0
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 08:31:21 +0100	POST /HNAP1/ HTTP/1.1	404	456	-	Mozila/5.0
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 08:56:49 +0100	GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1	404	209	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 09:04:59 +0100	GET / HTTP/1.1	200	4332	-	Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 09:08:19 +0100	GET /.env HTTP/1.1	404	456	-	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 09:35:10 +0100	GET / HTTP/1.0	200	78256	-	masscan-ng/1.3 (https://github.com/bi-zone/masscan-ng)
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 09:44:51 +0100	GET / HTTP/1.1	200	4332	-	Mozilla/5.0 zgrab/0.x
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 09:57:12 +0100	POST / HTTP/1.1	404	456	-	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 10:30:46 +0100	POST /mifs/.;/services/LogService HTTP/1.1	404	457	https://91.223.222.117:443	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 10:47:55 +0100	GET / HTTP/1.1	200	4332	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 11:24:24 +0100	GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1	404	456	-	Mozilla/5.0 zgrab/0.x
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 11:50:43 +0100	GET /.env HTTP/1.1	404	456	-	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 11:57:35 +0100	GET / HTTP/1.1	200	78364	-	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 11:58:03 +0100	GET /sitemap.xml HTTP/1.1	404	456	-	-
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 11:58:06 +0100	GET /favicon.ico HTTP/1.1	404	456	-	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 12:03:50 +0100	GET /.env HTTP/1.1	404	456	-	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 12:22:34 +0100	GET /ReportServer HTTP/1.1	404	456	-	Mozilla/5.0 zgrab/0.x
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 13:09:17 +0100	GET / HTTP/1.1	200	4332	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 13:55:21 +0100	GET /_ignition/execute-solution HTTP/1.1	404	457	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 14:18:25 +0100	GET / HTTP/1.1	200	4333	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 14:20:45 +0100	GET /favicon.ico HTTP/1.1	404	456	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 14:49:44 +0100	GET / HTTP/1.1	200	78364	-	-
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 15:16:02 +0100	GET / HTTP/1.1	200	4333	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 15:58:35 +0100	POST /HNAP1/ HTTP/1.1	404	456	-	Mozila/5.0
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 16:05:54 +0100	POST /HNAP1/ HTTP/1.1	404	456	-	Mozila/5.0
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 16:37:38 +0100	GET / HTTP/1.1	200	78364	-	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 16:46:21 +0100	POST /cgi-bin/../../../../bin/sh HTTP/1.1	400	489	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 16:53:08 +0100	GET / HTTP/1.1	200	4333	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 17:26:43 +0100	GET / HTTP/1.1	200	78364	-	-
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 18:43:12 +0100	GET / HTTP/1.1	200	4332	-	Mozilla/5.0 (BlackBerry; U; BlackBerry 9800; en) AppleWebKit/534.1 (KHTML, Like Gecko) Version/6.0.0.141 Mobile Safari/534.1
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 19:05:25 +0100	GET http://www.example.com HTTP/1.1	400	-	-	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36A
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 20:02:21 +0100	GET / HTTP/1.1	200	78364	-	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 20:20:53 +0100	GET / HTTP/1.1	200	4332	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 20:47:14 +0100	GET / HTTP/1.1	200	78364	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 20:57:49 +0100	GET / HTTP/1.1	200	4332	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 21:15:57 +0100	GET / HTTP/1.1	200	78364	-	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 21:28:50 +0100	GET / HTTP/1.1	200	78364	-	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 21:28:54 +0100	GET /favicon.ico HTTP/1.1	404	456	-	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 21:31:51 +0100	GET / HTTP/1.1	200	4332	-	Mozilla/5.0 (Windows NT 5.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 21:55:25 +0100	GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1	404	209	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
12	xss csrf id rfe lfi	-	192.168.21.127	-	-	Fri, 14 Jan 2022 22:34:18 +0100	GET /?a=fetch&content=die(@md5(HelloThinkCMF)) HTTP/1.1	200	4332	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 23:29:35 +0100	GET /console/ HTTP/1.1	404	456	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	192.168.21.127	-	-	Fri, 14 Jan 2022 23:55:31 +0100	POST /Autodiscover/Autodiscover.xml HTTP/1.1	404	456	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36