LORG Detection Results [lorg]

Summary: one incident discovered from one client

192.168.21.127 | 1 incident | impact ∑: 13

attacks only

Description: A random scan and targeted scan yesterday. A total of one incident was discovered by phpids detection modules.

Impact	Tags	Remote-City	Remote-Host	Remote-Logname	Remote-User	Date	Request	Final-Status	Bytes-Sent	Referer	User-Agent
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 00:43:35 +0100	GET /showLogin.cc HTTP/1.1	404	456	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 01:50:26 +0100	GET / HTTP/1.0	200	124692	-	-
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 02:24:35 +0100	GET / HTTP/1.0	200	124687	-	-
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 02:26:09 +0100	GET /favicon.ico HTTP/1.1	404	456	-	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/582.42 (KHTML, like Gecko) Chrome/68.0.18 Safari/537.36
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 02:26:10 +0100	GET /robots.txt HTTP/1.1	404	456	-	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/568.54 (KHTML, like Gecko) Chrome/51.0.806 Safari/537.36
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 02:26:17 +0100	GET /axis2/ HTTP/1.1	404	456	-	Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 03:09:24 +0100	GET / HTTP/1.1	200	6345	-	Mozilla/5.0 (Windows NT 10.0; rv:104.0) Gecko/20100101 Firefox/104.0
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 03:14:29 +0100	GET /favicon.ico HTTP/1.1	404	456	-	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 03:14:29 +0100	GET / HTTP/1.1	200	6346	-	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 03:14:29 +0100	GET /favicon.ico HTTP/1.1	404	456	-	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 03:14:29 +0100	GET /favicon.ico HTTP/1.1	404	462	-	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 03:23:42 +0100	GET /.git/config HTTP/1.1	404	456	-	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 03:51:26 +0100	GET /favicon.ico HTTP/1.1	404	456	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 04:30:16 +0100	GET / HTTP/1.1	200	124848	-	-
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 04:58:10 +0100	POST / HTTP/1.1	404	456	-	python-httpx/0.23.1
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 05:26:10 +0100	GET / HTTP/1.1	200	6345	-	Mozilla/5.0 zgrab/0.x
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 05:33:31 +0100	GET / HTTP/1.1	200	6345	-	Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 05:59:16 +0100	GET / HTTP/1.1	200	6345	-	Mozilla/5.0 zgrab/0.x
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 06:04:28 +0100	GET /robots.txt HTTP/1.1	404	456	-	-
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 06:04:28 +0100	GET /.well-known/security.txt HTTP/1.1	404	456	-	-
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 06:24:19 +0100	GET / HTTP/1.1	200	6345	-	'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0'
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 06:56:42 +0100	GET / HTTP/1.1	200	6369	-	python-requests/2.25.1
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 07:21:37 +0100	POST / HTTP/1.1	404	456	-	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 08:28:58 +0100	GET /owa/auth/logon.aspx?url=https://1/ecp/ HTTP/1.1	404	456	-	Mozilla/5.0 zgrab/0.x
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 09:25:22 +0100	GET /actuator/health HTTP/1.1	404	456	-	Mozilla/5.0 zgrab/0.x
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 09:34:35 +0100	GET / HTTP/1.0	200	125186	-	-
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 09:34:37 +0100	GET /nice ports,/Trinity.txt.bak HTTP/1.0	404	461	-	-
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 10:17:00 +0100	GET / HTTP/1.1	200	6369	-	Mozilla/5.0 (Linux; Android 4.4.4; en-us; Nexus 5 Build/JOP40D) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2307.2 Mobile Safari/537.36
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 11:16:33 +0100	GET / HTTP/1.1	200	6369	-	Linux Gnu (cow)
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 12:43:38 +0100	POST /boaform/admin/formLogin HTTP/1.1	404	456	http://91.223.222.117:80/admin/login.asp	Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 12:55:34 +0100	GET /actuator/gateway/routes HTTP/1.1	404	456	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 13:35:39 +0100	GET /.env HTTP/1.1	404	456	-	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 13:38:22 +0100	GET / HTTP/1.1	200	6369	-	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 14:03:51 +0100	POST /GponForm/diag_Form?images/ HTTP/1.1	404	451	-	Hello, World
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 14:10:55 +0100	GET //vendor/phpunit/phpunit/src/Util/Log/log.php HTTP/1.1	404	462	-	Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.7.5) Gecko/20041108 Firefox/0.0
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 14:10:55 +0100	GET //.env HTTP/1.1	404	462	-	Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.7.5) Gecko/20041108 Firefox/0.0
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 14:10:58 +0100	GET //vendor/phpunit/phpunit/src/Util/Log/log.php HTTP/1.1	404	456	-	Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.7.5) Gecko/20041108 Firefox/0.0
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 14:10:58 +0100	GET //.env HTTP/1.1	404	456	-	Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.7.5) Gecko/20041108 Firefox/0.0
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 14:11:02 +0100	GET //vendor/phpunit/phpunit/src/Util/Log/log.php HTTP/1.1	404	462	-	Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.7.5) Gecko/20041108 Firefox/0.0
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 14:11:02 +0100	GET //.env HTTP/1.1	404	462	-	Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.7.5) Gecko/20041108 Firefox/0.0
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 14:11:16 +0100	GET //vendor/phpunit/phpunit/src/Util/Log/log.php HTTP/1.1	404	456	-	Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.7.5) Gecko/20041108 Firefox/0.0
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 14:11:17 +0100	GET //.env HTTP/1.1	404	456	-	Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.7.5) Gecko/20041108 Firefox/0.0
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 14:11:32 +0100	GET //vendor/phpunit/phpunit/src/Util/Log/log.php HTTP/1.1	404	462	-	Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.7.5) Gecko/20041108 Firefox/0.0
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 14:11:32 +0100	GET //.env HTTP/1.1	404	462	-	Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.7.5) Gecko/20041108 Firefox/0.0
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 15:06:09 +0100	GET / HTTP/1.1	200	6369	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 15:24:36 +0100	GET /favicon.ico HTTP/1.1	404	456	-	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 16:07:47 +0100	GET /.env HTTP/1.1	404	456	-	axios/1.2.1
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 17:04:18 +0100	GET / HTTP/1.1	200	6369	-	python-requests/2.28.1
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 17:56:13 +0100	GET /showLogin.cc HTTP/1.1	404	456	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
13	dt id lfi xss csrf	-	192.168.21.127	-	-	Sat, 17 Dec 2022 18:04:18 +0100	GET /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession HTTP/1.1	404	457	-	Python-urllib/3.8
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 18:42:48 +0100	GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1	200	6371	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 18:52:44 +0100	GET / HTTP/1.1	200	6369	-	Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 19:19:58 +0100	GET / HTTP/1.1	200	125342	-	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 20:14:55 +0100	GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1	404	456	-	Mozilla/5.0 zgrab/0.x
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 20:19:40 +0100	GET / HTTP/1.1	200	125343	-	-
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 20:19:43 +0100	GET /favicon.ico HTTP/1.1	404	456	-	Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 21:07:29 +0100	GET / HTTP/1.1	200	125342	-	Hello World
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 21:17:58 +0100	GET / HTTP/1.1	200	6369	-	python-requests/2.28.1
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 22:18:35 +0100	GET /laravel/.env HTTP/1.1	404	456	-	axios/1.2.1
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 22:22:33 +0100	GET / HTTP/1.1	200	125342	-	-
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 23:12:59 +0100	GET / HTTP/1.1	200	125342	-	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 23:13:23 +0100	GET /sitemap.xml HTTP/1.1	404	456	-	-
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 23:13:25 +0100	GET /favicon.ico HTTP/1.1	404	456	-	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:80.0) Gecko/20100101 Firefox/80.0
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 23:29:12 +0100	GET / HTTP/1.1	200	6369	-	Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 23:33:03 +0100	GET / HTTP/1.1	200	6369	-	Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)
0	none	-	192.168.21.127	-	-	Sat, 17 Dec 2022 23:50:01 +0100	GET /tftpboot/ HTTP/1.1	404	456	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36