LORG Detection Results [lorg]

Summary: one incident discovered from one client

192.168.21.127 | 1 incident | impact ∑: 13

attacks only

Description: A targeted scan and random scan yesterday. A total of one incident was discovered by phpids detection modules.

Impact	Tags	Remote-City	Remote-Host	Remote-Logname	Remote-User	Date	Request	Final-Status	Bytes-Sent	Referer	User-Agent
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 00:27:57 +0100	GET / HTTP/1.1	200	111500	-	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 00:29:30 +0100	GET / HTTP/1.1	200	5758	-	Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 00:33:35 +0100	GET /2020_01_28_vipex_access.log.1.html HTTP/1.1	200	52622	-	Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 01:25:56 +0100	GET /2020_08_31_vipex_access.log.1.html HTTP/1.1	304	145	-	Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 02:15:26 +0100	GET / HTTP/1.1	200	111494	-	Hello World
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 02:50:50 +0100	GET / HTTP/1.0	200	111349	-	-
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 03:03:52 +0100	GET / HTTP/1.1	200	5758	-	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_5_0 rv:6.0; en-US) AppleWebKit/532.32.7 (KHTML, like Gecko) Version/5.0 Safari/532.32.7
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 03:25:59 +0100	GET /2021_01_03_vipex_access.log.1.html HTTP/1.1	200	31702	-	Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 03:47:59 +0100	GET /ab2g HTTP/1.1	404	456	-	Mozilla/5.0 zgrab/0.x
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 03:48:00 +0100	GET / HTTP/1.1	200	5758	-	Mozilla/5.0 zgrab/0.x
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 03:51:40 +0100	POST / HTTP/1.1	404	462	-	Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 03:51:42 +0100	POST / HTTP/1.1	404	462	-	Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 04:43:31 +0100	GET / HTTP/1.1	200	5758	-	Mozilla/5.0 (X11; CrOS i686 4319.74.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.57 Safari/537.36
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 05:26:35 +0100	GET /2022_01_05_report_access.log.1.html HTTP/1.1	200	32913	-	Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 05:48:23 +0100	GET / HTTP/1.1	200	5758	-	Mozilla/5.0 (X11; Linux x86_64; rv:73.0) Gecko/20100101 Firefox/73.0
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 05:54:52 +0100	GET /.env HTTP/1.1	404	456	-	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 06:11:35 +0100	GET /2020_12_04_vipex_access.log.1.html HTTP/1.1	200	39378	-	Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 06:32:07 +0100	GET / HTTP/1.1	200	5780	-	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.13) Gecko/20080325 Fedora/2.0.0.13-1.fc8 Firefox/2.0.0.13
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 07:15:38 +0100	GET / HTTP/1.1	200	111994	-	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 07:38:53 +0100	GET /owa/auth/logon.aspx?url=https://1/ecp/ HTTP/1.1	404	456	-	Mozilla/5.0 zgrab/0.x
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 07:56:42 +0100	GET / HTTP/1.1	200	5780	-	Mozilla/5.0 zgrab/0.x
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 08:58:10 +0100	GET / HTTP/1.1	200	111994	-	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 10:40:46 +0100	GET / HTTP/1.1	200	111994	-	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 11:01:28 +0100	GET /favicon.ico HTTP/1.1	404	456	-	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:104.0) Gecko/20100101 Firefox/104.0
13	dt id lfi xss csrf	-	192.168.21.127	-	-	Sun, 20 Nov 2022 11:31:38 +0100	GET ///remote/fgt_lang?lang=/../../../..//////////dev/ HTTP/1.1	404	456	-	python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-1160.el7.x86_64
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 13:14:42 +0100	GET /wp-content/themes/seotheme/db.php?u HTTP/1.1	404	462	www.google.com	Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 13:17:31 +0100	GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1	404	456	-	Mozilla/5.0 zgrab/0.x
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 13:53:59 +0100	GET / HTTP/1.1	200	111989	-	-
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 13:54:02 +0100	GET /favicon.ico HTTP/1.1	404	456	-	Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 14:06:21 +0100	GET / HTTP/1.1	200	111988	-	-
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 14:15:25 +0100	GET / HTTP/1.1	200	5780	-	Mozilla/5.0 zgrab/0.x
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 14:58:12 +0100	GET / HTTP/1.1	200	111988	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 15:59:21 +0100	POST / HTTP/1.1	404	456	-	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 15:59:23 +0100	POST / HTTP/1.1	404	456	-	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 16:17:07 +0100	GET / HTTP/1.1	200	5780	-	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.6.1 Safari/605.1.15
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 16:32:19 +0100	GET / HTTP/1.1	200	111989	-	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:47.0) Gecko/20100101 Firefox/47.0
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 16:34:11 +0100	GET /favicon.ico HTTP/1.1	404	457	-	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 QIHU 360SE
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 16:35:50 +0100	GET /.git/config HTTP/1.1	404	456	-	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:104.0) Gecko/20100101 Firefox/104.0
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 17:15:45 +0100	GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1	200	5780	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 17:50:44 +0100	GET / HTTP/1.1	200	111989	-	-
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 17:50:45 +0100	GET /favicon.ico HTTP/1.1	404	456	-	Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 18:26:56 +0100	GET /actuator/gateway/routes HTTP/1.1	404	456	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 19:09:06 +0100	GET / HTTP/1.1	200	111994	-	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.63 Safari/537.36
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 19:33:45 +0100	GET / HTTP/1.1	200	5780	-	Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 20:07:54 +0100	GET /wp-login.php HTTP/1.1	503	575	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:96.0) Gecko/20100101 Firefox/96
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 20:50:56 +0100	GET /robots.txt HTTP/1.1	404	462	-	Mozilla/5.0 (compatible;PetalBot;+https://webmaster.petalsearch.com/site/petalbot)
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 21:12:20 +0100	GET / HTTP/1.1	200	5780	-	Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2919.83 Safari/537.36
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 22:15:57 +0100	GET / HTTP/1.1	200	5780	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 22:45:33 +0100	GET /.env HTTP/1.1	404	456	-	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 22:59:40 +0100	HEAD http://112.124.42.80:63435/ HTTP/1.1	200	146	-	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 23:14:56 +0100	GET / HTTP/1.1	200	5780	-	Mozilla/5.0
0	none	-	192.168.21.127	-	-	Sun, 20 Nov 2022 23:51:01 +0100	GET /version HTTP/1.1	404	456	-	Mozilla/5.0 zgrab/0.x