← Back to IP report

Log Explorer

Fact drill-down for 159.100.22.178

Risk 8 LOW Scope All time All-time facts 258 In-scope 258 Filtered 258 Seen 2023-09-25 → 2023-09-30

Freestyle query (contains)

Time (days, optional)

Page size 25 50 100 200

Apply Reset (all-time)

Active (none) Clear

Faceted filters (facts-based) exact core + snapshot + optional start/end

Annotation facets

Annotator (exact) (any) base — 223 trav — 17 sfp — 14 ua — 4 Severity (exact) (any) (none) — 223 34 — 13 28 — 4 26 — 4 30 — 4 16 — 3 22 — 3 8 — 2 6 — 2 Label (exact) (any) observed — 223 trav — 17 sensitive_file — 14 ua — 4

HTTP facets

Method (exact, case-insensitive) (any) GET — 256 POST — 2 HTTP status (exact) (any) 404 — 224 (none) — 14 400 — 14 200 — 6

Snapshot facets

Subnet (exact) (any) 159.100.22.0/24 — 258 ASN (exact) (any) 214036 — 258 Country / Region / City (exact)

(any country) Germany — 258 (any region) Hesse — 258

(any city) Frankfurt am Main — 258

Org contains (ip_org or as_org_name)

Custom time window (optional override)

Provide start/end to scope time explicitly (overrides days). Leave blank for all-time.

Start

End

Tip: keep windows tight when you need speed, but the default is fact-complete.

Top annotators (facts, in-scope)

base 223 trav 17 sfp 14 ua 4

Top labels (facts, in-scope)

observed 223 trav 17 sensitive_file 14 ua 4

Click a pill to apply it as a filter.

Annotated access events

Showing page 1 / 6 — total 258 rows

← Prev Next →

#1 2023-09-30 16:43:20 event 373951 GET 404 bytes 179

ann base label observed

Request event observed

/credentials/config.json

referer

-

UA

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/credentials/config.json

referer

-

UA

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#2 2023-09-30 16:43:16 event 373949 GET 404 bytes 179

ann base label observed

Request event observed

/config/config.json

referer

-

UA

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2762.73 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/config/config.json

referer

-

UA

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2762.73 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#3 2023-09-30 16:43:12 event 373948 GET 404 bytes 179

ann base label observed

Request event observed

/config.json

referer

-

UA

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/config.json

referer

-

UA

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#4 2023-09-30 16:43:08 event 373947 GET 404 bytes 179

ann base label observed

Request event observed

/config/default.json

referer

-

UA

Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/config/default.json

referer

-

UA

Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#5 2023-09-30 14:49:04 event 373782 GET 404 bytes 179

ann base label observed

Request event observed

/Guardfile

referer

-

UA

Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/Guardfile

referer

-

UA

Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#6 2023-09-30 14:05:48 event 373679 GET 404 bytes 179

ann base label observed

Request event observed

/anything_here

referer

-

UA

Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/anything_here

referer

-

UA

Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#7 2023-09-30 13:58:40 event 373668 GET 404 bytes 179

ann base label observed

Request event observed

/cgi-bin/printenv

referer

-

UA

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/printenv

referer

-

UA

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#8 2023-09-30 13:54:37 event 373618 GET 404 bytes 179

ann base label observed

Request event observed

/.htpasswd

referer

-

UA

Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/.htpasswd

referer

-

UA

Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#9 2023-09-30 13:45:36 event 373479 GET 200 bytes 9119

ann base label observed

Request event observed

/

referer

-

UA

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/

referer

-

UA

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#10 2023-09-30 13:38:56 event 373444 GET 404 bytes 179

ann base label observed

Request event observed

/xprober.php

referer

-

UA

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/xprober.php

referer

-

UA

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#11 2023-09-30 13:30:11 event 373360 GET 404 bytes 179

ann base label observed

Request event observed

/.rubocop.yml

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/.rubocop.yml

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#12 2023-09-30 08:47:27 event 372512 GET 404 bytes 179

ann base label observed

Request event observed

/Gruntfile.coffee

referer

-

UA

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/Gruntfile.coffee

referer

-

UA

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#13 2023-09-30 08:47:22 event 372510 GET 404 bytes 179

ann base label observed

Request event observed

/Gruntfile.js

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/4E423F

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/Gruntfile.js

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/4E423F

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#14 2023-09-30 08:24:47 event 372460 GET 404 bytes 179

ann base label observed

Request event observed

/app/config/security.yml

referer

-

UA

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/app/config/security.yml

referer

-

UA

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#15 2023-09-30 08:24:43 event 372458 GET 404 bytes 179

ann base label observed

Request event observed

/config/packages/security.yaml

referer

-

UA

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2762.73 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/config/packages/security.yaml

referer

-

UA

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2762.73 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#16 2023-09-30 08:05:26 event 372415 GET 400 bytes 157

ann base label observed

Request event observed

/../../web.config

referer

-

UA

-

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/../../web.config

referer

-

UA

-

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#17 2023-09-30 08:05:26 event 372413 GET http —

ann base label observed

Request event observed

/../../web.config

referer

—

UA

—

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/../../web.config

referer

—

UA

—

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#18 2023-09-30 08:05:26 event 372415 GET 400 bytes 157

ann ua 8 label ua

Request Very short User-Agent string

/../../web.config

referer

-

UA

-

Annotation facts

label

ua

rule

ua:very_short

conf

65.00

details

Short/generic UAs are common in basic scripts and commodity automation.

More (full fields + snapshot) expand

url

/../../web.config

referer

-

UA

-

summary

Very short User-Agent string

details

Short/generic UAs are common in basic scripts and commodity automation.

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#19 2023-09-30 08:05:26 event 372413 GET http —

ann ua 6 label ua

Request Missing User-Agent header

/../../web.config

referer

—

UA

—

Annotation facts

label

ua

rule

ua:missing

conf

60.00

details

Request had no User-Agent value (missing/empty field).

More (full fields + snapshot) expand

url

/../../web.config

referer

—

UA

—

summary

Missing User-Agent header

details

Request had no User-Agent value (missing/empty field).

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#20 2023-09-30 08:05:26 event 372415 GET 400 bytes 157

ann trav 26 label trav

Request Path traversal / LFI indicator detected

/../../web.config

referer

-

UA

-

Annotation facts

label

trav

rule

trav:mixed_separators

conf

90.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/../../web.config

referer

-

UA

-

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#21 2023-09-30 08:05:26 event 372415 GET 400 bytes 157

ann trav 28 label trav

Request Path traversal / LFI indicator detected

/../../web.config

referer

-

UA

-

Annotation facts

label

trav

rule

trav:dotdot_slash

conf

92.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/../../web.config

referer

-

UA

-

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#22 2023-09-30 08:05:26 event 372415 GET 400 bytes 157

ann trav 34 label trav

Request Path traversal / LFI indicator detected

/../../web.config

referer

-

UA

-

Annotation facts

label

trav

rule

trav:sensitive_target

conf

95.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/../../web.config

referer

-

UA

-

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#23 2023-09-30 08:05:26 event 372413 GET http —

ann trav 26 label trav

Request Path traversal / LFI indicator detected

/../../web.config

referer

—

UA

—

Annotation facts

label

trav

rule

trav:mixed_separators

conf

90.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/../../web.config

referer

—

UA

—

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#24 2023-09-30 08:05:26 event 372413 GET http —

ann trav 28 label trav

Request Path traversal / LFI indicator detected

/../../web.config

referer

—

UA

—

Annotation facts

label

trav

rule

trav:dotdot_slash

conf

92.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/../../web.config

referer

—

UA

—

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#25 2023-09-30 08:05:26 event 372413 GET http —

ann trav 34 label trav

Request Path traversal / LFI indicator detected

/../../web.config

referer

—

UA

—

Annotation facts

label

trav

rule

trav:sensitive_target

conf

95.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/../../web.config

referer

—

UA

—

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#26 2023-09-30 08:05:26 event 372415 GET 400 bytes 157

ann sfp 30 label sensitive_file

Request Probe for web/app configuration

/../../web.config

referer

-

UA

-

Annotation facts

label

sensitive_file

rule

sfp:file:web_config

conf

85.00

details

Request targeted common web/app configuration filenames. Snippet='/../../web.config'

More (full fields + snapshot) expand

url

/../../web.config

referer

-

UA

-

summary

Probe for web/app configuration

details

Request targeted common web/app configuration filenames. Snippet='/../../web.config'

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#27 2023-09-30 08:05:26 event 372415 GET 400 bytes 157

ann sfp 34 label sensitive_file

Request Directory traversal indicator

/../../web.config

referer

-

UA

-

Annotation facts

label

sensitive_file

rule

sfp:traversal

conf

86.00

details

Traversal sequences were present (raw or encoded). Snippet='/../../web.config'

More (full fields + snapshot) expand

url

/../../web.config

referer

-

UA

-

summary

Directory traversal indicator

details

Traversal sequences were present (raw or encoded). Snippet='/../../web.config'

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#28 2023-09-30 08:05:26 event 372413 GET http —

ann sfp 30 label sensitive_file

Request Probe for web/app configuration

/../../web.config

referer

—

UA

—

Annotation facts

label

sensitive_file

rule

sfp:file:web_config

conf

85.00

details

Request targeted common web/app configuration filenames. Snippet='/../../web.config'

More (full fields + snapshot) expand

url

/../../web.config

referer

—

UA

—

summary

Probe for web/app configuration

details

Request targeted common web/app configuration filenames. Snippet='/../../web.config'

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#29 2023-09-30 08:05:26 event 372413 GET http —

ann sfp 34 label sensitive_file

Request Directory traversal indicator

/../../web.config

referer

—

UA

—

Annotation facts

label

sensitive_file

rule

sfp:traversal

conf

86.00

details

Traversal sequences were present (raw or encoded). Snippet='/../../web.config'

More (full fields + snapshot) expand

url

/../../web.config

referer

—

UA

—

summary

Directory traversal indicator

details

Traversal sequences were present (raw or encoded). Snippet='/../../web.config'

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#30 2023-09-30 08:05:22 event 372411 GET 404 bytes 179

ann base label observed

Request event observed

/web.config

referer

-

UA

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/web.config

referer

-

UA

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#31 2023-09-30 08:05:22 event 372411 GET 404 bytes 179

ann trav 34 label trav

Request Path traversal / LFI indicator detected

/web.config

referer

-

UA

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36

Annotation facts

label

trav

rule

trav:sensitive_target

conf

95.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/web.config

referer

-

UA

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#32 2023-09-30 08:02:36 event 372402 GET 404 bytes 179

ann base label observed

Request event observed

/sapi/debug/default/view

referer

-

UA

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/sapi/debug/default/view

referer

-

UA

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#33 2023-09-30 08:02:32 event 372400 GET 404 bytes 179

ann base label observed

Request event observed

/web/debug/default/view

referer

-

UA

Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/web/debug/default/view

referer

-

UA

Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#34 2023-09-30 08:02:28 event 372397 GET 404 bytes 179

ann base label observed

Request event observed

/frontend/web/debug/default/view

referer

-

UA

Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/frontend/web/debug/default/view

referer

-

UA

Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#35 2023-09-30 08:02:24 event 372394 GET 404 bytes 179

ann base label observed

Request event observed

/debug/default/view

referer

-

UA

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/debug/default/view

referer

-

UA

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#36 2023-09-30 08:02:20 event 372392 GET 404 bytes 179

ann base label observed

Request event observed

/debug/default/view.html

referer

-

UA

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2762.73 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/debug/default/view.html

referer

-

UA

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2762.73 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#37 2023-09-30 07:59:13 event 372386 GET 404 bytes 179

ann base label observed

Request event observed

/.s3cfg

referer

-

UA

Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/.s3cfg

referer

-

UA

Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#38 2023-09-30 07:52:26 event 372332 GET 404 bytes 179

ann base label observed

Request event observed

/Pipfile

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/Pipfile

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#39 2023-09-30 07:50:53 event 372325 GET 404 bytes 179

ann base label observed

Request event observed

/ui_config.properties

referer

-

UA

Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/ui_config.properties

referer

-

UA

Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#40 2023-09-30 07:50:49 event 372322 GET 404 bytes 179

ann base label observed

Request event observed

/config.properties.bak

referer

-

UA

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/config.properties.bak

referer

-

UA

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#41 2023-09-30 07:50:49 event 372322 GET 404 bytes 179

ann sfp 16 label sensitive_file

Request Probe for backup/editor artifact

/config.properties.bak

referer

-

UA

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:backup_artifact

conf

70.00

details

Request path contains a common backup/editor artifact extension/suffix. Snippet='/config.properties.bak'

More (full fields + snapshot) expand

url

/config.properties.bak

referer

-

UA

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36

summary

Probe for backup/editor artifact

details

Request path contains a common backup/editor artifact extension/suffix. Snippet='/config.properties.bak'

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#42 2023-09-30 07:50:47 event 372320 GET 404 bytes 179

ann base label observed

Request event observed

/assets/config.rb

referer

-

UA

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/assets/config.rb

referer

-

UA

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#43 2023-09-30 07:50:45 event 372318 GET 404 bytes 179

ann base label observed

Request event observed

/config.properties

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/4E423F

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/config.properties

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.137 Safari/4E423F

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#44 2023-09-30 07:50:43 event 372316 GET 404 bytes 179

ann base label observed

Request event observed

/.chef/config.rb

referer

-

UA

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/.chef/config.rb

referer

-

UA

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#45 2023-09-30 07:50:39 event 372314 GET 404 bytes 179

ann base label observed

Request event observed

/config.rb

referer

-

UA

Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/config.rb

referer

-

UA

Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#46 2023-09-30 07:46:53 event 372304 GET 404 bytes 179

ann base label observed

Request event observed

/mailsms/s?func=ADMIN:appState&dumpConfig=/

referer

-

UA

Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/mailsms/s?func=ADMIN:appState&dumpConfig=/

referer

-

UA

Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#47 2023-09-30 07:37:47 event 372270 GET 404 bytes 179

ann base label observed

Request event observed

/client_secrets.json

referer

-

UA

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/client_secrets.json

referer

-

UA

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#48 2023-09-30 07:29:24 event 372223 GET 404 bytes 179

ann base label observed

Request event observed

/.git-credentials

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/.git-credentials

referer

-

UA

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#49 2023-09-30 07:28:27 event 372221 GET 404 bytes 179

ann base label observed

Request event observed

/.ssh/known_hosts.old

referer

-

UA

Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2820.59 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/.ssh/known_hosts.old

referer

-

UA

Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2820.59 Safari/537.36

summary

event observed

details

—

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

#50 2023-09-30 07:28:27 event 372221 GET 404 bytes 179

ann sfp 16 label sensitive_file

Request Probe for backup/editor artifact

/.ssh/known_hosts.old

referer

-

UA

Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2820.59 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:backup_artifact

conf

70.00

details

Request path contains a common backup/editor artifact extension/suffix. Snippet='/.ssh/known_hosts.old'

More (full fields + snapshot) expand

url

/.ssh/known_hosts.old

referer

-

UA

Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2820.59 Safari/537.36

summary

Probe for backup/editor artifact

details

Request path contains a common backup/editor artifact extension/suffix. Snippet='/.ssh/known_hosts.old'

subnet

159.100.22.0/24

asn

214036 — Ultahost, Inc.

geo

Germany, Hesse, Frankfurt am Main

org

UltaHost Inc

Page 1 of 6

← Prev Next →