← Back to IP report

Log Explorer

Fact drill-down for 138.124.184.38

Risk 7 LOW Scope All time All-time facts 178 In-scope 178 Filtered 178 Seen 2025-02-11 → 2025-02-11

Freestyle query (contains)

Time (days, optional)

Page size 25 50 100 200

Apply Reset (all-time)

Active (none) Clear

Faceted filters (facts-based) exact core + snapshot + optional start/end

Annotation facets

Annotator (exact) (any) base — 69 ua — 50 cred — 38 method — 11 fwprobe — 5 scan_velocity — 4 cmdi — 1 Severity (exact) (any) (none) — 87 8 — 51 6 — 23 10 — 8 28 — 3 20 — 2 12 — 2 30 — 1 3 — 1 Label (exact) (any) observed — 69 ua — 50 cred — 38 method — 11 fwprobe — 5 scan_velocity — 4 cmdi — 1

HTTP facets

Method (exact, case-insensitive) (any) GET — 126 \x16\x03\x01\x02 — 19 POST — 18 CONNECT — 12 SSTP_DUPLEX_POST — 3 HTTP status (exact) (any) 404 — 70 400 — 34 301 — 26 (none) — 20 200 — 18 405 — 6 403 — 4

Snapshot facets

Subnet (exact) (any) 138.124.184.0/24 — 178 ASN (exact) (any) 209847 — 178 Country / Region / City (exact)

(any country) United States — 178 (any region) New Jersey — 178

(any city) Secaucus — 178

Org contains (ip_org or as_org_name)

Custom time window (optional override)

Provide start/end to scope time explicitly (overrides days). Leave blank for all-time.

Start

End

Tip: keep windows tight when you need speed, but the default is fact-complete.

Top annotators (facts, in-scope)

base 69 ua 50 cred 38 method 11 fwprobe 5 scan_velocity 4 cmdi 1

Top labels (facts, in-scope)

observed 69 ua 50 cred 38 method 11 fwprobe 5 scan_velocity 4 cmdi 1

Click a pill to apply it as a filter.

Annotated access events

Showing page 1 / 4 — total 178 rows

← Prev Next →

#1 2025-02-11 09:56:10 event 2888425 \X16\X03\X01\X02 400 bytes 157

ann ua 8 label ua

Request Very short User-Agent string

]I

referer

-

UA

-

Annotation facts

label

ua

rule

ua:very_short

conf

65.00

details

Short/generic UAs are common in basic scripts and commodity automation.

More (full fields + snapshot) expand

url

]I

referer

-

UA

-

summary

Very short User-Agent string

details

Short/generic UAs are common in basic scripts and commodity automation.

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#2 2025-02-11 09:56:10 event 2888425 \X16\X03\X01\X02 400 bytes 157

ann base label observed

Request event observed

]I

referer

-

UA

-

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

]I

referer

-

UA

-

summary

event observed

details

—

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#3 2025-02-11 09:56:10 event 2888425 \X16\X03\X01\X02 400 bytes 157

ann method 10 label method

Request Non-RFC HTTP method token

]I

referer

-

UA

-

Annotation facts

label

method

rule

method:non_rfc_token

conf

92.00

details

HTTP method contains characters not allowed by RFC 9110 token grammar (often request smuggling/probing artifacts).

More (full fields + snapshot) expand

url

]I

referer

-

UA

-

summary

Non-RFC HTTP method token

details

HTTP method contains characters not allowed by RFC 9110 token grammar (often request smuggling/probing artifacts).

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#4 2025-02-11 09:56:05 event 2888396 GET 404 bytes 8122

ann base label observed

Request event observed

/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#5 2025-02-11 09:55:55 event 2888395 GET 301 bytes 169

ann base label observed

Request event observed

/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#6 2025-02-11 09:55:37 event 2888394 GET 404 bytes 8121

ann base label observed

Request event observed

/owa/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/owa/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#7 2025-02-11 09:55:17 event 2888393 GET 404 bytes 8123

ann ua 8 label ua

Request Very short User-Agent string

/auth/login?redirect=/

referer

-

UA

-

Annotation facts

label

ua

rule

ua:very_short

conf

65.00

details

Short/generic UAs are common in basic scripts and commodity automation.

More (full fields + snapshot) expand

url

/auth/login?redirect=/

referer

-

UA

-

summary

Very short User-Agent string

details

Short/generic UAs are common in basic scripts and commodity automation.

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#8 2025-02-11 09:55:17 event 2888392 GET 404 bytes 8123

ann ua 8 label ua

Request Very short User-Agent string

/sgms/auth

referer

-

UA

-

Annotation facts

label

ua

rule

ua:very_short

conf

65.00

details

Short/generic UAs are common in basic scripts and commodity automation.

More (full fields + snapshot) expand

url

/sgms/auth

referer

-

UA

-

summary

Very short User-Agent string

details

Short/generic UAs are common in basic scripts and commodity automation.

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#9 2025-02-11 09:55:17 event 2888393 GET 404 bytes 8123

ann base label observed

Request event observed

/auth/login?redirect=/

referer

-

UA

-

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/auth/login?redirect=/

referer

-

UA

-

summary

event observed

details

—

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#10 2025-02-11 09:55:17 event 2888392 GET 404 bytes 8123

ann base label observed

Request event observed

/sgms/auth

referer

-

UA

-

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/sgms/auth

referer

-

UA

-

summary

event observed

details

—

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#11 2025-02-11 09:55:17 event 2888393 GET 404 bytes 8123

ann cred 6 label cred

Request Auth request used an empty/very short user agent

/auth/login?redirect=/

referer

-

UA

-

Annotation facts

label

cred

rule

cred:suspicious_user_agent_short

conf

60.00

details

Short/empty UAs are common in commodity automation; treat as a weak signal.

More (full fields + snapshot) expand

url

/auth/login?redirect=/

referer

-

UA

-

summary

Auth request used an empty/very short user agent

details

Short/empty UAs are common in commodity automation; treat as a weak signal.

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#12 2025-02-11 09:55:17 event 2888393 GET 404 bytes 8123

ann cred label cred

Request Auth endpoint request observed

/auth/login?redirect=/

referer

-

UA

-

Annotation facts

label

cred

rule

cred:auth_hit:login

conf

55.00

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

More (full fields + snapshot) expand

url

/auth/login?redirect=/

referer

-

UA

-

summary

Auth endpoint request observed

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#13 2025-02-11 09:55:17 event 2888392 GET 404 bytes 8123

ann cred 6 label cred

Request Auth request used an empty/very short user agent

/sgms/auth

referer

-

UA

-

Annotation facts

label

cred

rule

cred:suspicious_user_agent_short

conf

60.00

details

Short/empty UAs are common in commodity automation; treat as a weak signal.

More (full fields + snapshot) expand

url

/sgms/auth

referer

-

UA

-

summary

Auth request used an empty/very short user agent

details

Short/empty UAs are common in commodity automation; treat as a weak signal.

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#14 2025-02-11 09:55:17 event 2888392 GET 404 bytes 8123

ann cred label cred

Request Auth endpoint request observed

/sgms/auth

referer

-

UA

-

Annotation facts

label

cred

rule

cred:auth_hit:auth_other

conf

55.00

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

More (full fields + snapshot) expand

url

/sgms/auth

referer

-

UA

-

summary

Auth endpoint request observed

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#15 2025-02-11 09:54:55 event 2888362 GET 301 bytes 169

ann base label observed

Request event observed

/owa/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/owa/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#16 2025-02-11 09:54:36 event 2888361 \X16\X03\X01\X02 400 bytes 157

ann ua 8 label ua

Request Very short User-Agent string

k\x1A\xC0\xC6\x9DK\xDF~\x83\x9D\x17\x84uYw\x9F\xDC\x90\x02t\x95\xA7\x9A\x13bO\xFF\xBD&t\x99

referer

-

UA

-

Annotation facts

label

ua

rule

ua:very_short

conf

65.00

details

Short/generic UAs are common in basic scripts and commodity automation.

More (full fields + snapshot) expand

url

k\x1A\xC0\xC6\x9DK\xDF~\x83\x9D\x17\x84uYw\x9F\xDC\x90\x02t\x95\xA7\x9A\x13bO\xFF\xBD&t\x99

referer

-

UA

-

summary

Very short User-Agent string

details

Short/generic UAs are common in basic scripts and commodity automation.

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#17 2025-02-11 09:54:36 event 2888360 \X16\X03\X01\X02 400 bytes 157

ann ua 8 label ua

Request Very short User-Agent string

9yO

referer

-

UA

-

Annotation facts

label

ua

rule

ua:very_short

conf

65.00

details

Short/generic UAs are common in basic scripts and commodity automation.

More (full fields + snapshot) expand

url

9yO

referer

-

UA

-

summary

Very short User-Agent string

details

Short/generic UAs are common in basic scripts and commodity automation.

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#18 2025-02-11 09:54:36 event 2888361 \X16\X03\X01\X02 400 bytes 157

ann base label observed

Request event observed

k\x1A\xC0\xC6\x9DK\xDF~\x83\x9D\x17\x84uYw\x9F\xDC\x90\x02t\x95\xA7\x9A\x13bO\xFF\xBD&t\x99

referer

-

UA

-

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

k\x1A\xC0\xC6\x9DK\xDF~\x83\x9D\x17\x84uYw\x9F\xDC\x90\x02t\x95\xA7\x9A\x13bO\xFF\xBD&t\x99

referer

-

UA

-

summary

event observed

details

—

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#19 2025-02-11 09:54:36 event 2888360 \X16\X03\X01\X02 400 bytes 157

ann base label observed

Request event observed

9yO

referer

-

UA

-

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

9yO

referer

-

UA

-

summary

event observed

details

—

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#20 2025-02-11 09:54:36 event 2888361 \X16\X03\X01\X02 400 bytes 157

ann method 10 label method

Request Non-RFC HTTP method token

k\x1A\xC0\xC6\x9DK\xDF~\x83\x9D\x17\x84uYw\x9F\xDC\x90\x02t\x95\xA7\x9A\x13bO\xFF\xBD&t\x99

referer

-

UA

-

Annotation facts

label

method

rule

method:non_rfc_token

conf

92.00

details

HTTP method contains characters not allowed by RFC 9110 token grammar (often request smuggling/probing artifacts).

More (full fields + snapshot) expand

url

k\x1A\xC0\xC6\x9DK\xDF~\x83\x9D\x17\x84uYw\x9F\xDC\x90\x02t\x95\xA7\x9A\x13bO\xFF\xBD&t\x99

referer

-

UA

-

summary

Non-RFC HTTP method token

details

HTTP method contains characters not allowed by RFC 9110 token grammar (often request smuggling/probing artifacts).

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#21 2025-02-11 09:54:36 event 2888360 \X16\X03\X01\X02 400 bytes 157

ann method 10 label method

Request Non-RFC HTTP method token

9yO

referer

-

UA

-

Annotation facts

label

method

rule

method:non_rfc_token

conf

92.00

details

HTTP method contains characters not allowed by RFC 9110 token grammar (often request smuggling/probing artifacts).

More (full fields + snapshot) expand

url

9yO

referer

-

UA

-

summary

Non-RFC HTTP method token

details

HTTP method contains characters not allowed by RFC 9110 token grammar (often request smuggling/probing artifacts).

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#22 2025-02-11 09:54:35 event 2888359 GET 301 bytes 169

ann ua 8 label ua

Request Very short User-Agent string

/sgms/auth

referer

-

UA

-

Annotation facts

label

ua

rule

ua:very_short

conf

65.00

details

Short/generic UAs are common in basic scripts and commodity automation.

More (full fields + snapshot) expand

url

/sgms/auth

referer

-

UA

-

summary

Very short User-Agent string

details

Short/generic UAs are common in basic scripts and commodity automation.

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#23 2025-02-11 09:54:35 event 2888357 GET 301 bytes 169

ann ua 8 label ua

Request Very short User-Agent string

/auth/login?redirect=/

referer

-

UA

-

Annotation facts

label

ua

rule

ua:very_short

conf

65.00

details

Short/generic UAs are common in basic scripts and commodity automation.

More (full fields + snapshot) expand

url

/auth/login?redirect=/

referer

-

UA

-

summary

Very short User-Agent string

details

Short/generic UAs are common in basic scripts and commodity automation.

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#24 2025-02-11 09:54:35 event 2888359 GET 301 bytes 169

ann base label observed

Request event observed

/sgms/auth

referer

-

UA

-

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/sgms/auth

referer

-

UA

-

summary

event observed

details

—

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#25 2025-02-11 09:54:35 event 2888358 GET 301 bytes 169

ann base label observed

Request event observed

/owa/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/owa/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#26 2025-02-11 09:54:35 event 2888357 GET 301 bytes 169

ann base label observed

Request event observed

/auth/login?redirect=/

referer

-

UA

-

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/auth/login?redirect=/

referer

-

UA

-

summary

event observed

details

—

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#27 2025-02-11 09:54:35 event 2888359 GET 301 bytes 169

ann cred 8 label cred

Request Auth redirect (301) on auth endpoint

/sgms/auth

referer

-

UA

-

Annotation facts

label

cred

rule

cred:auth_redirect

conf

65.00

details

Redirect outcomes can participate in 'success-after-fails' patterns during aggregation.

More (full fields + snapshot) expand

url

/sgms/auth

referer

-

UA

-

summary

Auth redirect (301) on auth endpoint

details

Redirect outcomes can participate in 'success-after-fails' patterns during aggregation.

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#28 2025-02-11 09:54:35 event 2888359 GET 301 bytes 169

ann cred 6 label cred

Request Auth request used an empty/very short user agent

/sgms/auth

referer

-

UA

-

Annotation facts

label

cred

rule

cred:suspicious_user_agent_short

conf

60.00

details

Short/empty UAs are common in commodity automation; treat as a weak signal.

More (full fields + snapshot) expand

url

/sgms/auth

referer

-

UA

-

summary

Auth request used an empty/very short user agent

details

Short/empty UAs are common in commodity automation; treat as a weak signal.

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#29 2025-02-11 09:54:35 event 2888359 GET 301 bytes 169

ann cred label cred

Request Auth endpoint request observed

/sgms/auth

referer

-

UA

-

Annotation facts

label

cred

rule

cred:auth_hit:auth_other

conf

55.00

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

More (full fields + snapshot) expand

url

/sgms/auth

referer

-

UA

-

summary

Auth endpoint request observed

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#30 2025-02-11 09:54:35 event 2888357 GET 301 bytes 169

ann cred 8 label cred

Request Auth redirect (301) on auth endpoint

/auth/login?redirect=/

referer

-

UA

-

Annotation facts

label

cred

rule

cred:auth_redirect

conf

65.00

details

Redirect outcomes can participate in 'success-after-fails' patterns during aggregation.

More (full fields + snapshot) expand

url

/auth/login?redirect=/

referer

-

UA

-

summary

Auth redirect (301) on auth endpoint

details

Redirect outcomes can participate in 'success-after-fails' patterns during aggregation.

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#31 2025-02-11 09:54:35 event 2888357 GET 301 bytes 169

ann cred 6 label cred

Request Auth request used an empty/very short user agent

/auth/login?redirect=/

referer

-

UA

-

Annotation facts

label

cred

rule

cred:suspicious_user_agent_short

conf

60.00

details

Short/empty UAs are common in commodity automation; treat as a weak signal.

More (full fields + snapshot) expand

url

/auth/login?redirect=/

referer

-

UA

-

summary

Auth request used an empty/very short user agent

details

Short/empty UAs are common in commodity automation; treat as a weak signal.

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#32 2025-02-11 09:54:35 event 2888357 GET 301 bytes 169

ann cred label cred

Request Auth endpoint request observed

/auth/login?redirect=/

referer

-

UA

-

Annotation facts

label

cred

rule

cred:auth_hit:login

conf

55.00

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

More (full fields + snapshot) expand

url

/auth/login?redirect=/

referer

-

UA

-

summary

Auth endpoint request observed

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#33 2025-02-11 09:45:07 event 2888205 GET 404 bytes 8120

ann base label observed

Request event observed

/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#34 2025-02-11 09:45:00 event 2888203 GET 404 bytes 8119

ann scan_velocity 10 label scan_velocity

Request Scan-velocity indicator: scanv:method_enum

/owa/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:method_enum

conf

70.00

details

non_safe_methods=['CONNECT', 'POST', 'SSTP_DUPLEX_POST']; score=4; window=90s; total=38; rpm_equiv=25.3; upm_nonstatic_equiv=14.0; 404=19/38(0.50); ext_hits=2; ua_sig=0; methods=['CONNECT', 'GET', 'POST', 'SSTP_DUPLEX_POST']

More (full fields + snapshot) expand

url

/owa/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

summary

Scan-velocity indicator: scanv:method_enum

details

non_safe_methods=['CONNECT', 'POST', 'SSTP_DUPLEX_POST']; score=4; window=90s; total=38; rpm_equiv=25.3; upm_nonstatic_equiv=14.0; 404=19/38(0.50); ext_hits=2; ua_sig=0; methods=['CONNECT', 'GET', 'POST', 'SSTP_DUPLEX_POST']

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#35 2025-02-11 09:45:00 event 2888203 GET 404 bytes 8119

ann scan_velocity label scan_velocity

Request Scan-velocity window summary

/owa/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:window

conf

—

details

window=90s; total=38; rpm_equiv=25.3; upm_nonstatic_equiv=14.0; 404=19/38(0.50); ext_hits=2; ua_sig=0; methods=['CONNECT', 'GET', 'POST', 'SSTP_DUPLEX_POST']

More (full fields + snapshot) expand

url

/owa/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

summary

Scan-velocity window summary

details

window=90s; total=38; rpm_equiv=25.3; upm_nonstatic_equiv=14.0; 404=19/38(0.50); ext_hits=2; ua_sig=0; methods=['CONNECT', 'GET', 'POST', 'SSTP_DUPLEX_POST']

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#36 2025-02-11 09:45:00 event 2888203 GET 404 bytes 8119

ann base label observed

Request event observed

/owa/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/owa/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#37 2025-02-11 09:44:53 event 2888202 GET 404 bytes 8119

ann base label observed

Request event observed

/owa/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/owa/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#38 2025-02-11 09:44:42 event 2888201 GET 200 bytes 7199

ann ua 8 label ua

Request Very short User-Agent string

/

referer

-

UA

-

Annotation facts

label

ua

rule

ua:very_short

conf

65.00

details

Short/generic UAs are common in basic scripts and commodity automation.

More (full fields + snapshot) expand

url

/

referer

-

UA

-

summary

Very short User-Agent string

details

Short/generic UAs are common in basic scripts and commodity automation.

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#39 2025-02-11 09:44:42 event 2888201 GET 200 bytes 7199

ann base label observed

Request event observed

/

referer

-

UA

-

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/

referer

-

UA

-

summary

event observed

details

—

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#40 2025-02-11 09:44:24 event 2888197 CONNECT http —

ann ua 6 label ua

Request Missing User-Agent header

/CSCOSSLC/tunnel

referer

—

UA

—

Annotation facts

label

ua

rule

ua:missing

conf

60.00

details

Request had no User-Agent value (missing/empty field).

More (full fields + snapshot) expand

url

/CSCOSSLC/tunnel

referer

—

UA

—

summary

Missing User-Agent header

details

Request had no User-Agent value (missing/empty field).

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#41 2025-02-11 09:44:24 event 2888196 CONNECT 405 bytes 157

ann ua 8 label ua

Request Very short User-Agent string

/CSCOSSLC/tunnel

referer

-

UA

-

Annotation facts

label

ua

rule

ua:very_short

conf

65.00

details

Short/generic UAs are common in basic scripts and commodity automation.

More (full fields + snapshot) expand

url

/CSCOSSLC/tunnel

referer

-

UA

-

summary

Very short User-Agent string

details

Short/generic UAs are common in basic scripts and commodity automation.

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#42 2025-02-11 09:44:24 event 2888197 CONNECT http —

ann base label observed

Request event observed

/CSCOSSLC/tunnel

referer

—

UA

—

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/CSCOSSLC/tunnel

referer

—

UA

—

summary

event observed

details

—

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#43 2025-02-11 09:44:24 event 2888196 CONNECT 405 bytes 157

ann base label observed

Request event observed

/CSCOSSLC/tunnel

referer

-

UA

-

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/CSCOSSLC/tunnel

referer

-

UA

-

summary

event observed

details

—

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#44 2025-02-11 09:44:24 event 2888197 CONNECT http —

ann method 8 label method

Request Disallowed method: CONNECT

/CSCOSSLC/tunnel

referer

—

UA

—

Annotation facts

label

method

rule

method:trace_or_connect

conf

85.00

details

TRACE/CONNECT are often disabled on public web apps; presence may indicate probing or misuse.

More (full fields + snapshot) expand

url

/CSCOSSLC/tunnel

referer

—

UA

—

summary

Disallowed method: CONNECT

details

TRACE/CONNECT are often disabled on public web apps; presence may indicate probing or misuse.

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#45 2025-02-11 09:44:24 event 2888196 CONNECT 405 bytes 157

ann method 8 label method

Request Disallowed method: CONNECT

/CSCOSSLC/tunnel

referer

-

UA

-

Annotation facts

label

method

rule

method:trace_or_connect

conf

85.00

details

TRACE/CONNECT are often disabled on public web apps; presence may indicate probing or misuse.

More (full fields + snapshot) expand

url

/CSCOSSLC/tunnel

referer

-

UA

-

summary

Disallowed method: CONNECT

details

TRACE/CONNECT are often disabled on public web apps; presence may indicate probing or misuse.

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#46 2025-02-11 09:44:22 event 2888195 GET http —

ann ua 6 label ua

Request Missing User-Agent header

/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application/

referer

—

UA

—

Annotation facts

label

ua

rule

ua:missing

conf

60.00

details

Request had no User-Agent value (missing/empty field).

More (full fields + snapshot) expand

url

/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application/

referer

—

UA

—

summary

Missing User-Agent header

details

Request had no User-Agent value (missing/empty field).

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#47 2025-02-11 09:44:22 event 2888194 GET 400 bytes 657

ann scan_velocity 10 label scan_velocity

Request Scan-velocity indicator: scanv:method_enum

/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:method_enum

conf

70.00

details

non_safe_methods=['CONNECT', 'POST', 'SSTP_DUPLEX_POST']; score=4; window=90s; total=38; rpm_equiv=25.3; upm_nonstatic_equiv=14.0; 404=17/38(0.45); ext_hits=2; ua_sig=0; methods=['CONNECT', 'GET', 'POST', 'SSTP_DUPLEX_POST']

More (full fields + snapshot) expand

url

/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

summary

Scan-velocity indicator: scanv:method_enum

details

non_safe_methods=['CONNECT', 'POST', 'SSTP_DUPLEX_POST']; score=4; window=90s; total=38; rpm_equiv=25.3; upm_nonstatic_equiv=14.0; 404=17/38(0.45); ext_hits=2; ua_sig=0; methods=['CONNECT', 'GET', 'POST', 'SSTP_DUPLEX_POST']

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#48 2025-02-11 09:44:22 event 2888194 GET 400 bytes 657

ann scan_velocity label scan_velocity

Request Scan-velocity window summary

/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:window

conf

—

details

window=90s; total=38; rpm_equiv=25.3; upm_nonstatic_equiv=14.0; 404=17/38(0.45); ext_hits=2; ua_sig=0; methods=['CONNECT', 'GET', 'POST', 'SSTP_DUPLEX_POST']

More (full fields + snapshot) expand

url

/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

summary

Scan-velocity window summary

details

window=90s; total=38; rpm_equiv=25.3; upm_nonstatic_equiv=14.0; 404=17/38(0.45); ext_hits=2; ua_sig=0; methods=['CONNECT', 'GET', 'POST', 'SSTP_DUPLEX_POST']

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#49 2025-02-11 09:44:22 event 2888195 GET http —

ann base label observed

Request event observed

/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application/

referer

—

UA

—

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application/

referer

—

UA

—

summary

event observed

details

—

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

#50 2025-02-11 09:44:22 event 2888194 GET 400 bytes 657

ann base label observed

Request event observed

/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application/

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

138.124.184.0/24

asn

209847 — WorkTitans B.V.

geo

United States, New Jersey, Secaucus

org

WorkTitans B.V

Page 1 of 4

← Prev Next →