← Back to IP report
Log Explorer
Fact drill-down for
91.92.254.204
Risk
4
LOW
Scope
All time
All-time facts
91
In-scope
91
Filtered
91
Seen
2024-05-07
→
2024-05-07
Freestyle query (contains)
Time (days, optional)
Page size
25
50
100
200
Apply
Reset (all-time)
Active
(none)
Clear
Faceted filters (facts-based)
exact core + snapshot + optional start/end
Annotation facets
Annotator (exact)
(any)
base — 54
cred — 21
scan_velocity — 16
Severity (exact)
(any)
(none) — 67
10 — 9
8 — 7
20 — 4
18 — 2
14 — 2
Label (exact)
(any)
observed — 54
cred — 21
scan_velocity — 16
HTTP facets
Method (exact, case-insensitive)
(any)
GET — 90
HEAD — 1
HTTP status (exact)
(any)
404 — 55
200 — 29
302 — 7
Snapshot facets
Subnet (exact)
(any)
91.92.254.0/24 — 91
ASN (exact)
(any)
(none) — 91
Country / Region / City (exact)
(any country)
Bulgaria — 91
(any region)
Sofia-Capital — 91
(any city)
Sofia — 91
Org contains (ip_org or as_org_name)
Custom time window (optional override)
Provide start/end to scope time explicitly (overrides days). Leave blank for all-time.
Start
End
Tip: keep windows tight when you need speed, but the default is fact-complete.
Top annotators (facts, in-scope)
base
54
cred
21
scan_velocity
16
Top labels (facts, in-scope)
observed
54
cred
21
scan_velocity
16
Click a pill to apply it as a filter.
Annotated access events
Showing page
1
/
2
— total
91
rows
← Prev
Next →
#
1
2024-05-07 14:31:40
event
1184759
GET
200
bytes
916
ann
base
label
observed
Request
event observed
/admin/login/?next=/admin/assetmanager/i_upload_object_FSO.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/admin/login/?next=/admin/assetmanager/i_upload_object_FSO.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
2
2024-05-07 14:31:40
event
1184759
GET
200
bytes
916
ann
cred
8
label
cred
Request
Auth success (200) on auth endpoint
/admin/login/?next=/admin/assetmanager/i_upload_object_FSO.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
cred
rule
cred:auth_success
conf
70.00
details
Useful for takeover-style correlations when preceded by failures from same source.
More (full fields + snapshot)
expand
url
/admin/login/?next=/admin/assetmanager/i_upload_object_FSO.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Auth success (200) on auth endpoint
details
Useful for takeover-style correlations when preceded by failures from same source.
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
3
2024-05-07 14:31:40
event
1184759
GET
200
bytes
916
ann
cred
10
label
cred
Request
Auth request appears to use an automation-oriented user agent
/admin/login/?next=/admin/assetmanager/i_upload_object_FSO.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
cred
rule
cred:scripted_user_agent
conf
70.00
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
More (full fields + snapshot)
expand
url
/admin/login/?next=/admin/assetmanager/i_upload_object_FSO.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Auth request appears to use an automation-oriented user agent
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
4
2024-05-07 14:31:40
event
1184759
GET
200
bytes
916
ann
cred
label
cred
Request
Auth endpoint request observed
/admin/login/?next=/admin/assetmanager/i_upload_object_FSO.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
cred
rule
cred:auth_hit:admin_login
conf
55.00
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
More (full fields + snapshot)
expand
url
/admin/login/?next=/admin/assetmanager/i_upload_object_FSO.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Auth endpoint request observed
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
5
2024-05-07 14:31:38
event
1184758
GET
302
ann
base
label
observed
Request
event observed
/admin/assetmanager/i_upload_object_FSO.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/admin/assetmanager/i_upload_object_FSO.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
6
2024-05-07 14:31:35
event
1184757
GET
404
bytes
5556
ann
scan_velocity
14
label
scan_velocity
Request
Scan-velocity indicator: scanv:404_ratio
/editor/assetmanager/i_upload_object_FSO.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
scan_velocity
rule
scanv:404_ratio
conf
90.00
details
404=21/30(0.70); score=7; window=90s; total=30; rpm_equiv=20.0; upm_nonstatic_equiv=11.3; 404=21/30(0.70); ext_hits=5; ua_sig=0; methods=['GET']
More (full fields + snapshot)
expand
url
/editor/assetmanager/i_upload_object_FSO.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Scan-velocity indicator: scanv:404_ratio
details
404=21/30(0.70); score=7; window=90s; total=30; rpm_equiv=20.0; upm_nonstatic_equiv=11.3; 404=21/30(0.70); ext_hits=5; ua_sig=0; methods=['GET']
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
7
2024-05-07 14:31:35
event
1184757
GET
404
bytes
5556
ann
scan_velocity
14
label
scan_velocity
Request
Scan-velocity indicator: scanv:ext_enum
/editor/assetmanager/i_upload_object_FSO.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
scan_velocity
rule
scanv:ext_enum
conf
90.00
details
ext_hits=5; score=7; window=90s; total=30; rpm_equiv=20.0; upm_nonstatic_equiv=11.3; 404=21/30(0.70); ext_hits=5; ua_sig=0; methods=['GET']
More (full fields + snapshot)
expand
url
/editor/assetmanager/i_upload_object_FSO.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Scan-velocity indicator: scanv:ext_enum
details
ext_hits=5; score=7; window=90s; total=30; rpm_equiv=20.0; upm_nonstatic_equiv=11.3; 404=21/30(0.70); ext_hits=5; ua_sig=0; methods=['GET']
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
8
2024-05-07 14:31:35
event
1184757
GET
404
bytes
5556
ann
scan_velocity
label
scan_velocity
Request
Scan-velocity window summary
/editor/assetmanager/i_upload_object_FSO.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
scan_velocity
rule
scanv:window
conf
—
details
window=90s; total=30; rpm_equiv=20.0; upm_nonstatic_equiv=11.3; 404=21/30(0.70); ext_hits=5; ua_sig=0; methods=['GET']
More (full fields + snapshot)
expand
url
/editor/assetmanager/i_upload_object_FSO.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Scan-velocity window summary
details
window=90s; total=30; rpm_equiv=20.0; upm_nonstatic_equiv=11.3; 404=21/30(0.70); ext_hits=5; ua_sig=0; methods=['GET']
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
9
2024-05-07 14:31:35
event
1184757
GET
404
bytes
5556
ann
base
label
observed
Request
event observed
/editor/assetmanager/i_upload_object_FSO.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/editor/assetmanager/i_upload_object_FSO.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
10
2024-05-07 14:31:32
event
1184756
GET
404
bytes
5556
ann
base
label
observed
Request
event observed
/assetmanager/i_upload_object_FSO.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/assetmanager/i_upload_object_FSO.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
11
2024-05-07 14:31:29
event
1184755
GET
404
bytes
5556
ann
scan_velocity
10
label
scan_velocity
Request
Scan-velocity indicator: scanv:404_ratio
/webadmin/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
scan_velocity
rule
scanv:404_ratio
conf
75.00
details
404=20/30(0.67); score=2; window=90s; total=30; rpm_equiv=20.0; upm_nonstatic_equiv=11.3; 404=20/30(0.67); ext_hits=3; ua_sig=0; methods=['GET']
More (full fields + snapshot)
expand
url
/webadmin/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Scan-velocity indicator: scanv:404_ratio
details
404=20/30(0.67); score=2; window=90s; total=30; rpm_equiv=20.0; upm_nonstatic_equiv=11.3; 404=20/30(0.67); ext_hits=3; ua_sig=0; methods=['GET']
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
12
2024-05-07 14:31:29
event
1184755
GET
404
bytes
5556
ann
scan_velocity
label
scan_velocity
Request
Scan-velocity window summary
/webadmin/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
scan_velocity
rule
scanv:window
conf
—
details
window=90s; total=30; rpm_equiv=20.0; upm_nonstatic_equiv=11.3; 404=20/30(0.67); ext_hits=3; ua_sig=0; methods=['GET']
More (full fields + snapshot)
expand
url
/webadmin/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Scan-velocity window summary
details
window=90s; total=30; rpm_equiv=20.0; upm_nonstatic_equiv=11.3; 404=20/30(0.67); ext_hits=3; ua_sig=0; methods=['GET']
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
13
2024-05-07 14:31:29
event
1184755
GET
404
bytes
5556
ann
base
label
observed
Request
event observed
/webadmin/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/webadmin/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
14
2024-05-07 14:31:26
event
1184754
GET
404
bytes
5559
ann
base
label
observed
Request
event observed
/webadmin/editor/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/webadmin/editor/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
15
2024-05-07 14:31:23
event
1184753
GET
404
bytes
5557
ann
base
label
observed
Request
event observed
/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
16
2024-05-07 14:31:21
event
1184752
GET
404
bytes
5557
ann
base
label
observed
Request
event observed
/includes/editor/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/includes/editor/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
17
2024-05-07 14:31:17
event
1184751
GET
404
bytes
5557
ann
base
label
observed
Request
event observed
/js/editor/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/js/editor/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
18
2024-05-07 14:31:14
event
1184750
GET
200
bytes
907
ann
base
label
observed
Request
event observed
/admin/login/?next=/admin/editor/assetmanager/asset.aspx
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/admin/login/?next=/admin/editor/assetmanager/asset.aspx
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
19
2024-05-07 14:31:14
event
1184750
GET
200
bytes
907
ann
cred
8
label
cred
Request
Auth success (200) on auth endpoint
/admin/login/?next=/admin/editor/assetmanager/asset.aspx
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
cred
rule
cred:auth_success
conf
70.00
details
Useful for takeover-style correlations when preceded by failures from same source.
More (full fields + snapshot)
expand
url
/admin/login/?next=/admin/editor/assetmanager/asset.aspx
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Auth success (200) on auth endpoint
details
Useful for takeover-style correlations when preceded by failures from same source.
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
20
2024-05-07 14:31:14
event
1184750
GET
200
bytes
907
ann
cred
10
label
cred
Request
Auth request appears to use an automation-oriented user agent
/admin/login/?next=/admin/editor/assetmanager/asset.aspx
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
cred
rule
cred:scripted_user_agent
conf
70.00
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
More (full fields + snapshot)
expand
url
/admin/login/?next=/admin/editor/assetmanager/asset.aspx
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Auth request appears to use an automation-oriented user agent
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
21
2024-05-07 14:31:14
event
1184750
GET
200
bytes
907
ann
cred
label
cred
Request
Auth endpoint request observed
/admin/login/?next=/admin/editor/assetmanager/asset.aspx
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
cred
rule
cred:auth_hit:admin_login
conf
55.00
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
More (full fields + snapshot)
expand
url
/admin/login/?next=/admin/editor/assetmanager/asset.aspx
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Auth endpoint request observed
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
22
2024-05-07 14:31:12
event
1184749
GET
302
ann
base
label
observed
Request
event observed
/admin/editor/assetmanager/asset.aspx
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/admin/editor/assetmanager/asset.aspx
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
23
2024-05-07 14:31:08
event
1184748
GET
200
bytes
908
ann
base
label
observed
Request
event observed
/admin/login/?next=/admin/editor/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/admin/login/?next=/admin/editor/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
24
2024-05-07 14:31:08
event
1184748
GET
200
bytes
908
ann
cred
8
label
cred
Request
Auth success (200) on auth endpoint
/admin/login/?next=/admin/editor/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
cred
rule
cred:auth_success
conf
70.00
details
Useful for takeover-style correlations when preceded by failures from same source.
More (full fields + snapshot)
expand
url
/admin/login/?next=/admin/editor/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Auth success (200) on auth endpoint
details
Useful for takeover-style correlations when preceded by failures from same source.
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
25
2024-05-07 14:31:08
event
1184748
GET
200
bytes
908
ann
cred
10
label
cred
Request
Auth request appears to use an automation-oriented user agent
/admin/login/?next=/admin/editor/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
cred
rule
cred:scripted_user_agent
conf
70.00
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
More (full fields + snapshot)
expand
url
/admin/login/?next=/admin/editor/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Auth request appears to use an automation-oriented user agent
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
26
2024-05-07 14:31:08
event
1184748
GET
200
bytes
908
ann
cred
label
cred
Request
Auth endpoint request observed
/admin/login/?next=/admin/editor/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
cred
rule
cred:auth_hit:admin_login
conf
55.00
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
More (full fields + snapshot)
expand
url
/admin/login/?next=/admin/editor/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Auth endpoint request observed
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
27
2024-05-07 14:31:06
event
1184747
GET
302
ann
base
label
observed
Request
event observed
/admin/editor/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/admin/editor/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
28
2024-05-07 14:31:02
event
1184746
GET
200
bytes
908
ann
base
label
observed
Request
event observed
/admin/login/?next=/admin/editor/assetmanager/asset.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/admin/login/?next=/admin/editor/assetmanager/asset.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
29
2024-05-07 14:31:02
event
1184746
GET
200
bytes
908
ann
cred
8
label
cred
Request
Auth success (200) on auth endpoint
/admin/login/?next=/admin/editor/assetmanager/asset.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
cred
rule
cred:auth_success
conf
70.00
details
Useful for takeover-style correlations when preceded by failures from same source.
More (full fields + snapshot)
expand
url
/admin/login/?next=/admin/editor/assetmanager/asset.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Auth success (200) on auth endpoint
details
Useful for takeover-style correlations when preceded by failures from same source.
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
30
2024-05-07 14:31:02
event
1184746
GET
200
bytes
908
ann
cred
10
label
cred
Request
Auth request appears to use an automation-oriented user agent
/admin/login/?next=/admin/editor/assetmanager/asset.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
cred
rule
cred:scripted_user_agent
conf
70.00
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
More (full fields + snapshot)
expand
url
/admin/login/?next=/admin/editor/assetmanager/asset.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Auth request appears to use an automation-oriented user agent
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
31
2024-05-07 14:31:02
event
1184746
GET
200
bytes
908
ann
cred
label
cred
Request
Auth endpoint request observed
/admin/login/?next=/admin/editor/assetmanager/asset.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
cred
rule
cred:auth_hit:admin_login
conf
55.00
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
More (full fields + snapshot)
expand
url
/admin/login/?next=/admin/editor/assetmanager/asset.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Auth endpoint request observed
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
32
2024-05-07 14:31:00
event
1184745
GET
302
ann
base
label
observed
Request
event observed
/admin/editor/assetmanager/asset.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/admin/editor/assetmanager/asset.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
33
2024-05-07 14:30:57
event
1184744
GET
404
bytes
5558
ann
scan_velocity
10
label
scan_velocity
Request
Scan-velocity indicator: scanv:404_ratio
/editor/assetmanager/asset.aspx
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
scan_velocity
rule
scanv:404_ratio
conf
75.00
details
404=23/29(0.79); score=4; window=90s; total=29; rpm_equiv=19.3; upm_nonstatic_equiv=16.0; 404=23/29(0.79); ext_hits=3; ua_sig=0; methods=['GET']
More (full fields + snapshot)
expand
url
/editor/assetmanager/asset.aspx
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Scan-velocity indicator: scanv:404_ratio
details
404=23/29(0.79); score=4; window=90s; total=29; rpm_equiv=19.3; upm_nonstatic_equiv=16.0; 404=23/29(0.79); ext_hits=3; ua_sig=0; methods=['GET']
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
34
2024-05-07 14:30:57
event
1184744
GET
404
bytes
5558
ann
scan_velocity
label
scan_velocity
Request
Scan-velocity window summary
/editor/assetmanager/asset.aspx
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
scan_velocity
rule
scanv:window
conf
—
details
window=90s; total=29; rpm_equiv=19.3; upm_nonstatic_equiv=16.0; 404=23/29(0.79); ext_hits=3; ua_sig=0; methods=['GET']
More (full fields + snapshot)
expand
url
/editor/assetmanager/asset.aspx
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Scan-velocity window summary
details
window=90s; total=29; rpm_equiv=19.3; upm_nonstatic_equiv=16.0; 404=23/29(0.79); ext_hits=3; ua_sig=0; methods=['GET']
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
35
2024-05-07 14:30:57
event
1184744
GET
404
bytes
5558
ann
base
label
observed
Request
event observed
/editor/assetmanager/asset.aspx
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/editor/assetmanager/asset.aspx
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
36
2024-05-07 14:30:53
event
1184743
GET
404
bytes
5557
ann
base
label
observed
Request
event observed
/editor/assetmanager/asset.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/editor/assetmanager/asset.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
37
2024-05-07 14:30:50
event
1184742
GET
404
bytes
5556
ann
base
label
observed
Request
event observed
/editor/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/editor/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
38
2024-05-07 14:30:47
event
1184741
GET
404
bytes
5558
ann
base
label
observed
Request
event observed
/webmaster/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/webmaster/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
39
2024-05-07 14:30:44
event
1184740
GET
404
bytes
5558
ann
base
label
observed
Request
event observed
/siteadmin/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/siteadmin/assetmanager/style.css
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
40
2024-05-07 14:30:40
event
1184739
GET
404
bytes
5558
ann
base
label
observed
Request
event observed
/uploadTester.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/uploadTester.asp
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
41
2024-05-07 14:30:37
event
1184738
GET
200
bytes
905
ann
base
label
observed
Request
event observed
/admin/login/?next=/admin/roxyfileman/dev.html
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/admin/login/?next=/admin/roxyfileman/dev.html
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
42
2024-05-07 14:30:37
event
1184738
GET
200
bytes
905
ann
cred
8
label
cred
Request
Auth success (200) on auth endpoint
/admin/login/?next=/admin/roxyfileman/dev.html
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
cred
rule
cred:auth_success
conf
70.00
details
Useful for takeover-style correlations when preceded by failures from same source.
More (full fields + snapshot)
expand
url
/admin/login/?next=/admin/roxyfileman/dev.html
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Auth success (200) on auth endpoint
details
Useful for takeover-style correlations when preceded by failures from same source.
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
43
2024-05-07 14:30:37
event
1184738
GET
200
bytes
905
ann
cred
10
label
cred
Request
Auth request appears to use an automation-oriented user agent
/admin/login/?next=/admin/roxyfileman/dev.html
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
cred
rule
cred:scripted_user_agent
conf
70.00
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
More (full fields + snapshot)
expand
url
/admin/login/?next=/admin/roxyfileman/dev.html
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Auth request appears to use an automation-oriented user agent
details
Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
44
2024-05-07 14:30:37
event
1184738
GET
200
bytes
905
ann
cred
label
cred
Request
Auth endpoint request observed
/admin/login/?next=/admin/roxyfileman/dev.html
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
cred
rule
cred:auth_hit:admin_login
conf
55.00
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
More (full fields + snapshot)
expand
url
/admin/login/?next=/admin/roxyfileman/dev.html
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Auth endpoint request observed
details
Row-level auth primitive for downstream aggregation (no velocity logic here).
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
45
2024-05-07 14:30:34
event
1184737
GET
302
ann
base
label
observed
Request
event observed
/admin/roxyfileman/dev.html
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/admin/roxyfileman/dev.html
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
46
2024-05-07 14:30:31
event
1184736
GET
404
bytes
5558
ann
base
label
observed
Request
event observed
/roxy_fileman/dev.html
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/roxy_fileman/dev.html
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
47
2024-05-07 14:30:28
event
1184735
GET
404
bytes
5556
ann
base
label
observed
Request
event observed
/roxyfileman/dev.html
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
observed
rule
base_observed
conf
—
details
—
More (full fields + snapshot)
expand
url
/roxyfileman/dev.html
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
event observed
details
—
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
48
2024-05-07 14:30:25
event
1184734
GET
404
bytes
5561
ann
scan_velocity
20
label
scan_velocity
Request
Scan-velocity indicator: scanv:ext_enum
/editor/roxyfileman/dev.html
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
scan_velocity
rule
scanv:ext_enum
conf
90.00
details
ext_hits=8; score=10; window=90s; total=29; rpm_equiv=19.3; upm_nonstatic_equiv=18.7; 404=24/29(0.83); ext_hits=8; ua_sig=0; methods=['GET', 'HEAD']
More (full fields + snapshot)
expand
url
/editor/roxyfileman/dev.html
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Scan-velocity indicator: scanv:ext_enum
details
ext_hits=8; score=10; window=90s; total=29; rpm_equiv=19.3; upm_nonstatic_equiv=18.7; 404=24/29(0.83); ext_hits=8; ua_sig=0; methods=['GET', 'HEAD']
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
49
2024-05-07 14:30:25
event
1184734
GET
404
bytes
5561
ann
scan_velocity
20
label
scan_velocity
Request
Scan-velocity indicator: scanv:404_ratio
/editor/roxyfileman/dev.html
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
scan_velocity
rule
scanv:404_ratio
conf
90.00
details
404=24/29(0.83); score=10; window=90s; total=29; rpm_equiv=19.3; upm_nonstatic_equiv=18.7; 404=24/29(0.83); ext_hits=8; ua_sig=0; methods=['GET', 'HEAD']
More (full fields + snapshot)
expand
url
/editor/roxyfileman/dev.html
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Scan-velocity indicator: scanv:404_ratio
details
404=24/29(0.83); score=10; window=90s; total=29; rpm_equiv=19.3; upm_nonstatic_equiv=18.7; 404=24/29(0.83); ext_hits=8; ua_sig=0; methods=['GET', 'HEAD']
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
#
50
2024-05-07 14:30:25
event
1184734
GET
404
bytes
5561
ann
scan_velocity
label
scan_velocity
Request
Scan-velocity window summary
/editor/roxyfileman/dev.html
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
Annotation
facts
label
scan_velocity
rule
scanv:window
conf
—
details
window=90s; total=29; rpm_equiv=19.3; upm_nonstatic_equiv=18.7; 404=24/29(0.83); ext_hits=8; ua_sig=0; methods=['GET', 'HEAD']
More (full fields + snapshot)
expand
url
/editor/roxyfileman/dev.html
referer
-
UA
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/110.0
summary
Scan-velocity window summary
details
window=90s; total=29; rpm_equiv=19.3; upm_nonstatic_equiv=18.7; 404=24/29(0.83); ext_hits=8; ua_sig=0; methods=['GET', 'HEAD']
subnet
91.92.254.0/24
asn
—
geo
Bulgaria, Sofia-Capital, Sofia
org
Neterra Ltd
×
This is a custom alert message.
×
Confirm Action
Are you sure you want to proceed?
