← Back to IP report

Log Explorer

Fact drill-down for 93.123.109.222

Risk 31 LOW Scope All time All-time facts 789 In-scope 789 Filtered 789 Seen 2025-04-09 → 2025-11-06

Freestyle query (contains)

Time (days, optional)

Page size 25 50 100 200

Apply Reset (all-time)

Active (none) Clear

Faceted filters (facts-based) exact core + snapshot + optional start/end

Annotation facets

Annotator (exact) (any) base — 539 cred — 193 ref — 24 trav — 12 ua — 6 sfp — 6 sqli — 5 fwprobe — 2 cmdi — 2 Severity (exact) (any) (none) — 617 10 — 115 6 — 24 28 — 10 8 — 6 34 — 6 26 — 6 18 — 5 Label (exact) (any) observed — 539 cred — 193 ref — 24 trav — 12 ua — 6 sensitive_file — 6 sqli — 5 fwprobe — 2 cmdi — 2

HTTP facets

Method (exact, case-insensitive) (any) GET — 789 HTTP status (exact) (any) 301 — 295 400 — 163 404 — 156 302 — 76 200 — 74 499 — 25

Snapshot facets

Subnet (exact) (any) 93.123.109.0/24 — 789 ASN (exact) (any) 48090 — 789 Country / Region / City (exact)

(any country) Andorra — 789 (any region) Andorra la Vella — 789

(any city) Andorra la Vella — 789

Org contains (ip_org or as_org_name)

Custom time window (optional override)

Provide start/end to scope time explicitly (overrides days). Leave blank for all-time.

Start

End

Tip: keep windows tight when you need speed, but the default is fact-complete.

Top annotators (facts, in-scope)

base 539 cred 193 ref 24 trav 12 ua 6 sfp 6 sqli 5 fwprobe 2 cmdi 2

Top labels (facts, in-scope)

observed 539 cred 193 ref 24 trav 12 ua 6 sensitive_file 6 sqli 5 fwprobe 2 cmdi 2

Click a pill to apply it as a filter.

Annotated access events

Showing page 1 / 16 — total 789 rows

← Prev Next →

#1 2025-11-06 23:53:57 event 20100525 GET 404 bytes 2933

ann base label observed

Request event observed

/login

referer

http://68.183.80.204/login

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/login

referer

http://68.183.80.204/login

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#2 2025-11-06 23:53:57 event 20100525 GET 404 bytes 2933

ann ref 6 label ref

Request External referer observed on an auth-like endpoint

/login

referer

http://68.183.80.204/login

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

ref

rule

ref:external_referer_to_auth

conf

70.00

details

External origins hitting login/auth endpoints can be a signal of phishing landing pages or malicious redirect chains. This is only emitted for auth-like paths.

More (full fields + snapshot) expand

url

/login

referer

http://68.183.80.204/login

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

External referer observed on an auth-like endpoint

details

External origins hitting login/auth endpoints can be a signal of phishing landing pages or malicious redirect chains. This is only emitted for auth-like paths.

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#3 2025-11-06 23:53:57 event 20100525 GET 404 bytes 2933

ann cred 10 label cred

Request Auth request appears to use an automation-oriented user agent

/login

referer

http://68.183.80.204/login

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

cred

rule

cred:scripted_user_agent

conf

70.00

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

More (full fields + snapshot) expand

url

/login

referer

http://68.183.80.204/login

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

Auth request appears to use an automation-oriented user agent

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#4 2025-11-06 23:53:57 event 20100525 GET 404 bytes 2933

ann cred label cred

Request Auth endpoint request observed

/login

referer

http://68.183.80.204/login

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

cred

rule

cred:auth_hit:login

conf

55.00

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

More (full fields + snapshot) expand

url

/login

referer

http://68.183.80.204/login

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

Auth endpoint request observed

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#5 2025-11-06 23:53:52 event 20100518 GET 301 bytes 178

ann base label observed

Request event observed

/login

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/login

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#6 2025-11-06 23:53:52 event 20100518 GET 301 bytes 178

ann cred 10 label cred

Request Auth redirect (301) on auth endpoint

/login

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

cred

rule

cred:auth_redirect

conf

72.00

details

Redirect outcomes can participate in 'success-after-fails' patterns during aggregation.

More (full fields + snapshot) expand

url

/login

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

Auth redirect (301) on auth endpoint

details

Redirect outcomes can participate in 'success-after-fails' patterns during aggregation.

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#7 2025-11-06 23:53:52 event 20100518 GET 301 bytes 178

ann cred 10 label cred

Request Auth request appears to use an automation-oriented user agent

/login

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

cred

rule

cred:scripted_user_agent

conf

70.00

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

More (full fields + snapshot) expand

url

/login

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

Auth request appears to use an automation-oriented user agent

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#8 2025-11-06 23:53:52 event 20100518 GET 301 bytes 178

ann cred label cred

Request Auth endpoint request observed

/login

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

cred

rule

cred:auth_hit:login

conf

55.00

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

More (full fields + snapshot) expand

url

/login

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

Auth endpoint request observed

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#9 2025-11-06 23:53:51 event 20100514 GET 404 bytes 2932

ann base label observed

Request event observed

/%20not%20found.

referer

http://68.183.80.204/%20not%20found.

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/%20not%20found.

referer

http://68.183.80.204/%20not%20found.

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#10 2025-11-06 23:53:51 event 20100513 GET 404 bytes 2930

ann base label observed

Request event observed

/login

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/login

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#11 2025-11-06 23:53:51 event 20100513 GET 404 bytes 2930

ann cred 10 label cred

Request Auth request appears to use an automation-oriented user agent

/login

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

cred

rule

cred:scripted_user_agent

conf

70.00

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

More (full fields + snapshot) expand

url

/login

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

Auth request appears to use an automation-oriented user agent

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#12 2025-11-06 23:53:51 event 20100513 GET 404 bytes 2930

ann cred label cred

Request Auth endpoint request observed

/login

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

cred

rule

cred:auth_hit:login

conf

55.00

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

More (full fields + snapshot) expand

url

/login

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

Auth endpoint request observed

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#13 2025-11-06 23:53:49 event 20100503 GET 400 bytes 666

ann base label observed

Request event observed

/./doc/page/login.asp

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/./doc/page/login.asp

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#14 2025-11-06 23:53:49 event 20100502 GET 301 bytes 178

ann base label observed

Request event observed

/%20not%20found.

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/%20not%20found.

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#15 2025-11-06 23:04:31 event 20087569 GET 404 bytes 2931

ann base label observed

Request event observed

/https://rcrm.robcol.k12.tr

referer

http://139.59.53.236/https://rcrm.robcol.k12.tr

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/https://rcrm.robcol.k12.tr

referer

http://139.59.53.236/https://rcrm.robcol.k12.tr

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#16 2025-11-06 23:04:30 event 20087557 GET 301 bytes 178

ann base label observed

Request event observed

/https://rcrm.robcol.k12.tr

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/https://rcrm.robcol.k12.tr

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#17 2025-11-06 23:04:29 event 20087556 GET 404 bytes 2930

ann base label observed

Request event observed

/login/login.html

referer

http://139.59.53.236/login/login.html

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/login/login.html

referer

http://139.59.53.236/login/login.html

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#18 2025-11-06 23:04:29 event 20087555 GET 404 bytes 2930

ann base label observed

Request event observed

/login

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/login

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#19 2025-11-06 23:04:29 event 20087556 GET 404 bytes 2930

ann ref 6 label ref

Request External referer observed on an auth-like endpoint

/login/login.html

referer

http://139.59.53.236/login/login.html

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

ref

rule

ref:external_referer_to_auth

conf

70.00

details

External origins hitting login/auth endpoints can be a signal of phishing landing pages or malicious redirect chains. This is only emitted for auth-like paths.

More (full fields + snapshot) expand

url

/login/login.html

referer

http://139.59.53.236/login/login.html

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

External referer observed on an auth-like endpoint

details

External origins hitting login/auth endpoints can be a signal of phishing landing pages or malicious redirect chains. This is only emitted for auth-like paths.

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#20 2025-11-06 23:04:29 event 20087556 GET 404 bytes 2930

ann cred 10 label cred

Request Auth request appears to use an automation-oriented user agent

/login/login.html

referer

http://139.59.53.236/login/login.html

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

cred

rule

cred:scripted_user_agent

conf

70.00

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

More (full fields + snapshot) expand

url

/login/login.html

referer

http://139.59.53.236/login/login.html

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

Auth request appears to use an automation-oriented user agent

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#21 2025-11-06 23:04:29 event 20087556 GET 404 bytes 2930

ann cred label cred

Request Auth endpoint request observed

/login/login.html

referer

http://139.59.53.236/login/login.html

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

cred

rule

cred:auth_hit:login

conf

55.00

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

More (full fields + snapshot) expand

url

/login/login.html

referer

http://139.59.53.236/login/login.html

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

Auth endpoint request observed

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#22 2025-11-06 23:04:29 event 20087555 GET 404 bytes 2930

ann cred 10 label cred

Request Auth request appears to use an automation-oriented user agent

/login

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

cred

rule

cred:scripted_user_agent

conf

70.00

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

More (full fields + snapshot) expand

url

/login

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

Auth request appears to use an automation-oriented user agent

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#23 2025-11-06 23:04:29 event 20087555 GET 404 bytes 2930

ann cred label cred

Request Auth endpoint request observed

/login

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

cred

rule

cred:auth_hit:login

conf

55.00

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

More (full fields + snapshot) expand

url

/login

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

Auth endpoint request observed

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#24 2025-11-06 23:04:26 event 20087547 GET 400 bytes 666

ann base label observed

Request event observed

/https://mitwpu.edu.in/

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/https://mitwpu.edu.in/

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#25 2025-11-06 23:04:26 event 20087546 GET 301 bytes 178

ann base label observed

Request event observed

/login/login.html

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/login/login.html

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#26 2025-11-06 23:04:26 event 20087546 GET 301 bytes 178

ann cred 10 label cred

Request Auth redirect (301) on auth endpoint

/login/login.html

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

cred

rule

cred:auth_redirect

conf

72.00

details

Redirect outcomes can participate in 'success-after-fails' patterns during aggregation.

More (full fields + snapshot) expand

url

/login/login.html

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

Auth redirect (301) on auth endpoint

details

Redirect outcomes can participate in 'success-after-fails' patterns during aggregation.

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#27 2025-11-06 23:04:26 event 20087546 GET 301 bytes 178

ann cred 10 label cred

Request Auth request appears to use an automation-oriented user agent

/login/login.html

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

cred

rule

cred:scripted_user_agent

conf

70.00

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

More (full fields + snapshot) expand

url

/login/login.html

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

Auth request appears to use an automation-oriented user agent

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#28 2025-11-06 23:04:26 event 20087546 GET 301 bytes 178

ann cred label cred

Request Auth endpoint request observed

/login/login.html

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

cred

rule

cred:auth_hit:login

conf

55.00

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

More (full fields + snapshot) expand

url

/login/login.html

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

Auth endpoint request observed

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#29 2025-10-14 14:00:30 event 17669517 GET 301 bytes 178

ann base label observed

Request event observed

/https://genie2.intutrack.com

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/https://genie2.intutrack.com

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#30 2025-10-14 14:00:30 event 17669516 GET 400 bytes 666

ann base label observed

Request event observed

/favicon.ico

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/favicon.ico

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#31 2025-10-12 11:19:49 event 19166609 GET 400 bytes 166

ann base label observed

Request event observed

/../index.html

referer

-

UA

-

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/../index.html

referer

-

UA

-

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#32 2025-10-12 11:19:49 event 19166608 GET 400 bytes 166

ann base label observed

Request event observed

/../index.html

referer

-

UA

-

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/../index.html

referer

-

UA

-

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#33 2025-10-12 11:19:49 event 19166609 GET 400 bytes 166

ann ua 8 label ua

Request Very short User-Agent string

/../index.html

referer

-

UA

-

Annotation facts

label

ua

rule

ua:very_short

conf

65.00

details

Short/generic UAs are common in basic scripts and commodity automation.

More (full fields + snapshot) expand

url

/../index.html

referer

-

UA

-

summary

Very short User-Agent string

details

Short/generic UAs are common in basic scripts and commodity automation.

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#34 2025-10-12 11:19:49 event 19166608 GET 400 bytes 166

ann ua 8 label ua

Request Very short User-Agent string

/../index.html

referer

-

UA

-

Annotation facts

label

ua

rule

ua:very_short

conf

65.00

details

Short/generic UAs are common in basic scripts and commodity automation.

More (full fields + snapshot) expand

url

/../index.html

referer

-

UA

-

summary

Very short User-Agent string

details

Short/generic UAs are common in basic scripts and commodity automation.

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#35 2025-10-12 11:19:49 event 19166609 GET 400 bytes 166

ann trav 26 label trav

Request Path traversal / LFI indicator detected

/../index.html

referer

-

UA

-

Annotation facts

label

trav

rule

trav:mixed_separators

conf

90.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/../index.html

referer

-

UA

-

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#36 2025-10-12 11:19:49 event 19166609 GET 400 bytes 166

ann trav 28 label trav

Request Path traversal / LFI indicator detected

/../index.html

referer

-

UA

-

Annotation facts

label

trav

rule

trav:dotdot_slash

conf

92.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/../index.html

referer

-

UA

-

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#37 2025-10-12 11:19:49 event 19166608 GET 400 bytes 166

ann trav 26 label trav

Request Path traversal / LFI indicator detected

/../index.html

referer

-

UA

-

Annotation facts

label

trav

rule

trav:mixed_separators

conf

90.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/../index.html

referer

-

UA

-

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#38 2025-10-12 11:19:49 event 19166608 GET 400 bytes 166

ann trav 28 label trav

Request Path traversal / LFI indicator detected

/../index.html

referer

-

UA

-

Annotation facts

label

trav

rule

trav:dotdot_slash

conf

92.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/../index.html

referer

-

UA

-

summary

Path traversal / LFI indicator detected

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#39 2025-10-12 11:19:49 event 19166609 GET 400 bytes 166

ann sfp 34 label sensitive_file

Request Directory traversal indicator

/../index.html

referer

-

UA

-

Annotation facts

label

sensitive_file

rule

sfp:traversal

conf

86.00

details

Traversal sequences were present (raw or encoded). Snippet='/../index.html'

More (full fields + snapshot) expand

url

/../index.html

referer

-

UA

-

summary

Directory traversal indicator

details

Traversal sequences were present (raw or encoded). Snippet='/../index.html'

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#40 2025-10-12 11:19:49 event 19166608 GET 400 bytes 166

ann sfp 34 label sensitive_file

Request Directory traversal indicator

/../index.html

referer

-

UA

-

Annotation facts

label

sensitive_file

rule

sfp:traversal

conf

86.00

details

Traversal sequences were present (raw or encoded). Snippet='/../index.html'

More (full fields + snapshot) expand

url

/../index.html

referer

-

UA

-

summary

Directory traversal indicator

details

Traversal sequences were present (raw or encoded). Snippet='/../index.html'

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#41 2025-10-12 11:19:48 event 19166607 GET 404 bytes 7942

ann base label observed

Request event observed

/login.html

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/login.html

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#42 2025-10-12 11:19:48 event 19166606 GET 404 bytes 7947

ann base label observed

Request event observed

/unsupported.html

referer

http://68.183.80.204/./unsupported.html

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/unsupported.html

referer

http://68.183.80.204/./unsupported.html

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#43 2025-10-12 11:19:48 event 19166603 GET 404 bytes 7942

ann base label observed

Request event observed

/login.html

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/login.html

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#44 2025-10-12 11:19:48 event 19166602 GET 404 bytes 7947

ann base label observed

Request event observed

/unsupported.html

referer

http://68.183.80.204/./unsupported.html

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/unsupported.html

referer

http://68.183.80.204/./unsupported.html

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#45 2025-10-12 11:19:30 event 19166566 GET 301 bytes 178

ann base label observed

Request event observed

/./unsupported.html

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/./unsupported.html

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#46 2025-10-12 11:19:30 event 19166565 GET 400 bytes 666

ann base label observed

Request event observed

/favicon.ico

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/favicon.ico

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#47 2025-10-12 11:19:30 event 19166563 GET 301 bytes 178

ann base label observed

Request event observed

/./unsupported.html

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/./unsupported.html

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#48 2025-10-12 11:19:30 event 19166562 GET 400 bytes 666

ann base label observed

Request event observed

/favicon.ico

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/favicon.ico

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#49 2025-10-10 04:59:16 event 18462099 GET 404 bytes 7946

ann base label observed

Request event observed

/src/signout.php%22;%20top.location%20=%20%22/src/signout.php

referer

http://68.183.80.204/src/signout.php%22;%20top.location%20=%20%22/src/signout.php

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/src/signout.php%22;%20top.location%20=%20%22/src/signout.php

referer

http://68.183.80.204/src/signout.php%22;%20top.location%20=%20%22/src/signout.php

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

#50 2025-10-10 04:59:16 event 18462098 GET 301 bytes 178

ann base label observed

Request event observed

/src/signout.php%22;%20top.location%20=%20%22/src/signout.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/src/signout.php%22;%20top.location%20=%20%22/src/signout.php

referer

-

UA

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

93.123.109.0/24

asn

48090 — TECHOFF SRV LIMITED

geo

Andorra, Andorra la Vella, Andorra la Vella

org

Techoff SRV Limited

Page 1 of 16

← Prev Next →