← Back to IP report

Log Explorer

Fact drill-down for 107.174.121.148

Risk 12 LOW Scope All time All-time facts 164 In-scope 164 Filtered 164 Seen 2025-03-07 → 2025-03-24

Freestyle query (contains)

Time (days, optional)

Page size 25 50 100 200

Apply Reset (all-time)

Active (none) Clear

Faceted filters (facts-based) exact core + snapshot + optional start/end

Annotation facets

Annotator (exact) (any) base — 116 scan_velocity — 18 trav — 15 sfp — 11 cmdi — 2 ref — 1 ua — 1 Severity (exact) (any) (none) — 121 34 — 10 26 — 7 44 — 6 30 — 4 22 — 4 28 — 3 24 — 3 8 — 2 36 — 2 9 — 1 32 — 1 Label (exact) (any) observed — 116 scan_velocity — 18 trav — 15 sensitive_file — 11 cmdi — 2 ref — 1 ua — 1

HTTP facets

Method (exact, case-insensitive) (any) GET — 154 POST — 10 HTTP status (exact) (any) 404 — 145 301 — 9 400 — 7 200 — 3

Snapshot facets

Subnet (exact) (any) 107.174.121.0/24 — 164 ASN (exact) (any) 36352 — 164 Country / Region / City (exact)

(any country) United States — 164 (any region) Texas — 164

(any city) Dallas — 164

Org contains (ip_org or as_org_name)

Custom time window (optional override)

Provide start/end to scope time explicitly (overrides days). Leave blank for all-time.

Start

End

Tip: keep windows tight when you need speed, but the default is fact-complete.

Top annotators (facts, in-scope)

base 116 scan_velocity 18 trav 15 sfp 11 cmdi 2 ref 1 ua 1

Top labels (facts, in-scope)

observed 116 scan_velocity 18 trav 15 sensitive_file 11 cmdi 2 ref 1 ua 1

Click a pill to apply it as a filter.

Annotated access events

Showing page 1 / 4 — total 164 rows

← Prev Next →

#1 2025-03-24 02:09:19 event 3342542 POST 301 bytes 169

ann scan_velocity 26 label scan_velocity

Request Scan-velocity indicator: scanv:rpm

/wp-admin/admin-ajax.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:rpm

conf

90.00

details

rpm_equiv=62.0; score=13; window=90s; total=93; rpm_equiv=62.0; upm_nonstatic_equiv=22.0; 404=89/93(0.96); ext_hits=70; ua_sig=0; methods=['GET', 'POST']

More (full fields + snapshot) expand

url

/wp-admin/admin-ajax.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Scan-velocity indicator: scanv:rpm

details

rpm_equiv=62.0; score=13; window=90s; total=93; rpm_equiv=62.0; upm_nonstatic_equiv=22.0; 404=89/93(0.96); ext_hits=70; ua_sig=0; methods=['GET', 'POST']

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#2 2025-03-24 02:09:19 event 3342542 POST 301 bytes 169

ann scan_velocity 26 label scan_velocity

Request Scan-velocity indicator: scanv:ext_enum

/wp-admin/admin-ajax.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:ext_enum

conf

90.00

details

ext_hits=70; score=13; window=90s; total=93; rpm_equiv=62.0; upm_nonstatic_equiv=22.0; 404=89/93(0.96); ext_hits=70; ua_sig=0; methods=['GET', 'POST']

More (full fields + snapshot) expand

url

/wp-admin/admin-ajax.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Scan-velocity indicator: scanv:ext_enum

details

ext_hits=70; score=13; window=90s; total=93; rpm_equiv=62.0; upm_nonstatic_equiv=22.0; 404=89/93(0.96); ext_hits=70; ua_sig=0; methods=['GET', 'POST']

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#3 2025-03-24 02:09:19 event 3342542 POST 301 bytes 169

ann scan_velocity 26 label scan_velocity

Request Scan-velocity indicator: scanv:404_ratio

/wp-admin/admin-ajax.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:404_ratio

conf

90.00

details

404=89/93(0.96); score=13; window=90s; total=93; rpm_equiv=62.0; upm_nonstatic_equiv=22.0; 404=89/93(0.96); ext_hits=70; ua_sig=0; methods=['GET', 'POST']

More (full fields + snapshot) expand

url

/wp-admin/admin-ajax.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Scan-velocity indicator: scanv:404_ratio

details

404=89/93(0.96); score=13; window=90s; total=93; rpm_equiv=62.0; upm_nonstatic_equiv=22.0; 404=89/93(0.96); ext_hits=70; ua_sig=0; methods=['GET', 'POST']

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#4 2025-03-24 02:09:19 event 3342542 POST 301 bytes 169

ann scan_velocity label scan_velocity

Request Scan-velocity window summary

/wp-admin/admin-ajax.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:window

conf

—

details

window=90s; total=93; rpm_equiv=62.0; upm_nonstatic_equiv=22.0; 404=89/93(0.96); ext_hits=70; ua_sig=0; methods=['GET', 'POST']

More (full fields + snapshot) expand

url

/wp-admin/admin-ajax.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Scan-velocity window summary

details

window=90s; total=93; rpm_equiv=62.0; upm_nonstatic_equiv=22.0; 404=89/93(0.96); ext_hits=70; ua_sig=0; methods=['GET', 'POST']

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#5 2025-03-24 02:09:19 event 3342542 POST 301 bytes 169

ann base label observed

Request event observed

/wp-admin/admin-ajax.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/wp-admin/admin-ajax.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#6 2025-03-24 02:09:18 event 3342541 GET 404 bytes 28426

ann sfp 8 label sensitive_file

Request File/path-style parameter observed (weak hint)

/__screenshot-error?file=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:param:file_path_hint

conf

60.00

details

A file/path/download-style parameter was present; treated as a weak correlating hint. Snippet='file/path/download param present'

More (full fields + snapshot) expand

url

/__screenshot-error?file=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

File/path-style parameter observed (weak hint)

details

A file/path/download-style parameter was present; treated as a weak correlating hint. Snippet='file/path/download param present'

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#7 2025-03-24 02:09:18 event 3342541 GET 404 bytes 28426

ann sfp 44 label sensitive_file

Request Probe for OS credential/secret file

/__screenshot-error?file=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:os_secrets

conf

94.00

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/__screenshot-error?file=/etc/passwd'

More (full fields + snapshot) expand

url

/__screenshot-error?file=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Probe for OS credential/secret file

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/__screenshot-error?file=/etc/passwd'

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#8 2025-03-24 02:09:18 event 3342541 GET 404 bytes 28426

ann base label observed

Request event observed

/__screenshot-error?file=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/__screenshot-error?file=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#9 2025-03-24 02:09:17 event 3342540 GET 400 bytes 157

ann ua 8 label ua

Request Very short User-Agent string

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

Annotation facts

label

ua

rule

ua:very_short

conf

65.00

details

Short/generic UAs are common in basic scripts and commodity automation.

More (full fields + snapshot) expand

url

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

summary

Very short User-Agent string

details

Short/generic UAs are common in basic scripts and commodity automation.

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#10 2025-03-24 02:09:17 event 3342540 GET 400 bytes 157

ann trav 28 label trav

Request Path traversal / LFI indicator detected

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

Annotation facts

label

trav

rule

trav:dotdot_slash

conf

92.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#11 2025-03-24 02:09:17 event 3342540 GET 400 bytes 157

ann trav 30 label trav

Request Path traversal / LFI indicator detected

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

Annotation facts

label

trav

rule

trav:encoded_dotdot

conf

93.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#12 2025-03-24 02:09:17 event 3342540 GET 400 bytes 157

ann trav 34 label trav

Request Path traversal / LFI indicator detected

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

Annotation facts

label

trav

rule

trav:sensitive_target

conf

95.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#13 2025-03-24 02:09:17 event 3342540 GET 400 bytes 157

ann sfp 34 label sensitive_file

Request Directory traversal indicator

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

Annotation facts

label

sensitive_file

rule

sfp:traversal

conf

86.00

details

Traversal sequences were present (raw or encoded). Snippet='/%2e%2e/%2e%2e/etc/passwd'

More (full fields + snapshot) expand

url

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

summary

Directory traversal indicator

details

Traversal sequences were present (raw or encoded). Snippet='/%2e%2e/%2e%2e/etc/passwd'

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#14 2025-03-24 02:09:17 event 3342540 GET 400 bytes 157

ann sfp 44 label sensitive_file

Request Probe for OS credential/secret file

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

Annotation facts

label

sensitive_file

rule

sfp:file:os_secrets

conf

94.00

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/%2e%2e/%2e%2e/etc/passwd'

More (full fields + snapshot) expand

url

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

summary

Probe for OS credential/secret file

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/%2e%2e/%2e%2e/etc/passwd'

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#15 2025-03-24 02:09:17 event 3342540 GET 400 bytes 157

ann base label observed

Request event observed

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#16 2025-03-24 02:09:16 event 3342539 GET 404 bytes 28426

ann trav 32 label trav

Request Path traversal / LFI indicator detected

/file=c:%5Cwindows%5Cwin.ini

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

trav

rule

trav:windows_sensitive_target

conf

94.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/file=c:%5Cwindows%5Cwin.ini

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#17 2025-03-24 02:09:16 event 3342539 GET 404 bytes 28426

ann base label observed

Request event observed

/file=c:%5Cwindows%5Cwin.ini

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/file=c:%5Cwindows%5Cwin.ini

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#18 2025-03-24 02:09:15 event 3342538 GET 404 bytes 28426

ann sfp 44 label sensitive_file

Request Probe for OS credential/secret file

/file=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:os_secrets

conf

94.00

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/file=/etc/passwd'

More (full fields + snapshot) expand

url

/file=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Probe for OS credential/secret file

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/file=/etc/passwd'

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#19 2025-03-24 02:09:15 event 3342538 GET 404 bytes 28426

ann base label observed

Request event observed

/file=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/file=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#20 2025-03-24 02:09:14 event 3342537 GET 404 bytes 28426

ann sfp 36 label sensitive_file

Request Command-style parameter observed

/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:param:cmd

conf

86.00

details

A command-execution style query parameter was present (cmd/exec/command/shell). Snippet='/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27'

More (full fields + snapshot) expand

url

/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Command-style parameter observed

details

A command-execution style query parameter was present (cmd/exec/command/shell). Snippet='/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27'

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#21 2025-03-24 02:09:14 event 3342537 GET 404 bytes 28426

ann cmdi 28 label cmdi

Request Command/file-injection indicator: cmdi:op_plus_cmd

/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:op_plus_cmd

conf

88.00

details

Command separator/operator combined with a recognized command token. Snippet='GET /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=';id;' -'

More (full fields + snapshot) expand

url

/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Command/file-injection indicator: cmdi:op_plus_cmd

details

Command separator/operator combined with a recognized command token. Snippet='GET /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=';id;' -'

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#22 2025-03-24 02:09:14 event 3342537 GET 404 bytes 28426

ann cmdi 30 label cmdi

Request Command/file-injection indicator: cmdi:param_plus_cmd

/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:param_plus_cmd

conf

90.00

details

Suspicious command parameter combined with a recognized command token. Snippet='GET /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=';id;' -'

More (full fields + snapshot) expand

url

/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Command/file-injection indicator: cmdi:param_plus_cmd

details

Suspicious command parameter combined with a recognized command token. Snippet='GET /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=';id;' -'

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#23 2025-03-24 02:09:14 event 3342537 GET 404 bytes 28426

ann base label observed

Request event observed

/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#24 2025-03-24 02:09:13 event 3342536 GET 404 bytes 28426

ann sfp 36 label sensitive_file

Request Command-style parameter observed

/cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:param:cmd

conf

86.00

details

A command-execution style query parameter was present (cmd/exec/command/shell). Snippet='/cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig'

More (full fields + snapshot) expand

url

/cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Command-style parameter observed

details

A command-execution style query parameter was present (cmd/exec/command/shell). Snippet='/cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig'

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#25 2025-03-24 02:09:13 event 3342536 GET 404 bytes 28426

ann base label observed

Request event observed

/cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#26 2025-03-24 02:09:13 event 3342535 POST 404 bytes 28426

ann base label observed

Request event observed

/classes/common/busiFacade.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/classes/common/busiFacade.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#27 2025-03-24 02:09:11 event 3342534 GET 404 bytes 28426

ann base label observed

Request event observed

/php/ztp_gate.php/.js.map

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/php/ztp_gate.php/.js.map

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#28 2025-03-24 02:09:10 event 3342533 GET 404 bytes 28426

ann sfp 44 label sensitive_file

Request Probe for OS credential/secret file

/interview?i=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:os_secrets

conf

94.00

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/interview?i=/etc/passwd'

More (full fields + snapshot) expand

url

/interview?i=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Probe for OS credential/secret file

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/interview?i=/etc/passwd'

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#29 2025-03-24 02:09:10 event 3342533 GET 404 bytes 28426

ann base label observed

Request event observed

/interview?i=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/interview?i=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#30 2025-03-24 02:09:09 event 3342532 GET 404 bytes 28426

ann base label observed

Request event observed

/device/config

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/device/config

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#31 2025-03-24 02:09:08 event 3342531 GET 404 bytes 28426

ann base label observed

Request event observed

/system/config_menu.htm

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/system/config_menu.htm

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#32 2025-03-24 02:09:07 event 3342530 GET 200 bytes 27744

ann trav 30 label trav

Request Path traversal / LFI indicator detected

/?p=3232&wp_automatic=download&link=file:///etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

trav

rule

trav:wrapper

conf

94.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/?p=3232&wp_automatic=download&link=file:///etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#33 2025-03-24 02:09:07 event 3342530 GET 200 bytes 27744

ann sfp 44 label sensitive_file

Request Probe for OS credential/secret file

/?p=3232&wp_automatic=download&link=file:///etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:os_secrets

conf

94.00

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/?p=3232&wp_automatic=download&link=file:///etc/passwd'

More (full fields + snapshot) expand

url

/?p=3232&wp_automatic=download&link=file:///etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Probe for OS credential/secret file

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/?p=3232&wp_automatic=download&link=file:///etc/passwd'

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#34 2025-03-24 02:09:07 event 3342530 GET 200 bytes 27744

ann base label observed

Request event observed

/?p=3232&wp_automatic=download&link=file:///etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/?p=3232&wp_automatic=download&link=file:///etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#35 2025-03-24 02:09:06 event 3342529 GET 404 bytes 28426

ann base label observed

Request event observed

/Admin/Admin.aspx

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/Admin/Admin.aspx

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#36 2025-03-24 02:09:06 event 3342528 POST 404 bytes 7899

ann base label observed

Request event observed

/clients/MyCRL

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/clients/MyCRL

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#37 2025-03-24 02:09:05 event 3342527 GET 404 bytes 28426

ann base label observed

Request event observed

/classes/common/busiFacade.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/classes/common/busiFacade.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#38 2025-03-24 02:09:04 event 3342526 GET 404 bytes 28426

ann base label observed

Request event observed

/render/info.html

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/render/info.html

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#39 2025-03-24 02:09:03 event 3342525 GET 404 bytes 28426

ann base label observed

Request event observed

/cslu/v1/var/logs/customer-cslu-lib-log.log

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cslu/v1/var/logs/customer-cslu-lib-log.log

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#40 2025-03-24 02:09:02 event 3342524 GET 404 bytes 28426

ann base label observed

Request event observed

/access/set?param=enableapi&value=1

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/access/set?param=enableapi&value=1

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#41 2025-03-24 02:09:01 event 3342523 GET 404 bytes 28426

ann base label observed

Request event observed

/cslu/v1/scheduler/jobs

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cslu/v1/scheduler/jobs

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#42 2025-03-24 02:09:00 event 3342522 POST 404 bytes 28426

ann base label observed

Request event observed

/task/submit/

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/task/submit/

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#43 2025-03-24 02:08:59 event 3342521 GET 404 bytes 28426

ann ref 9 label ref

Request Open-redirect style parameter points to an external URL

/filex/read-raw?url=http://oast.me&cut=1

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

ref

rule

ref:open_redirect_param

conf

85.00

details

A redirect-capable query parameter contains an absolute (external) URL. This is commonly used in phishing chains and open-redirect probing.

More (full fields + snapshot) expand

url

/filex/read-raw?url=http://oast.me&cut=1

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Open-redirect style parameter points to an external URL

details

A redirect-capable query parameter contains an absolute (external) URL. This is commonly used in phishing chains and open-redirect probing.

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#44 2025-03-24 02:08:59 event 3342521 GET 404 bytes 28426

ann base label observed

Request event observed

/filex/read-raw?url=http://oast.me&cut=1

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/filex/read-raw?url=http://oast.me&cut=1

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#45 2025-03-24 02:08:58 event 3342520 GET 404 bytes 28426

ann base label observed

Request event observed

/file=http://oast.pro

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/file=http://oast.pro

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#46 2025-03-24 02:08:57 event 3342519 GET 404 bytes 28426

ann base label observed

Request event observed

/goanywhere/images/..;/wizard/InitialAccountSetup.xhtml

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/goanywhere/images/..;/wizard/InitialAccountSetup.xhtml

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#47 2025-03-24 02:08:56 event 3342518 POST 301 bytes 169

ann base label observed

Request event observed

/wp-admin/admin-ajax.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/wp-admin/admin-ajax.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#48 2025-03-24 02:08:55 event 3342517 POST 404 bytes 28426

ann base label observed

Request event observed

/index.php/display/status_zigbee

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/index.php/display/status_zigbee

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#49 2025-03-24 02:08:54 event 3342516 GET 404 bytes 28426

ann base label observed

Request event observed

/api/v1/markdown/link:metadata?link=http://localhost:13042

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/api/v1/markdown/link:metadata?link=http://localhost:13042

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

#50 2025-03-24 02:08:53 event 3342515 GET 404 bytes 28426

ann trav 34 label trav

Request Path traversal / LFI indicator detected

/bin/get/Main/SolrSearch?media=rss&text=%7d%7d%7d%7b%7basync%20async%3dfalse%7d%7d%7b%7bgroovy%7d%7dprintln(%22cat%20/etc/passwd%22.execute().text)%7b%7b%2fgroovy%7d%7d%7b%7b%2fas…

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

trav

rule

trav:sensitive_target

conf

95.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/bin/get/Main/SolrSearch?media=rss&text=%7d%7d%7d%7b%7basync%20async%3dfalse%7d%7d%7b%7bgroovy%7d%7dprintln(%22cat%20/etc/passwd%22.execute().text)%7b%7b%2fgroovy%7d%7d%7b%7b%2fasync%7d%7d%20

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

107.174.121.0/24

asn

36352 — HostPapa

geo

United States, Texas, Dallas

org

RackNerd LLC

Page 1 of 4

← Prev Next →