← Back to IP report

Log Explorer

Fact drill-down for 95.179.158.147

Risk 14 LOW Scope All time All-time facts 95 In-scope 95 Filtered 95 Seen 2023-11-07 → 2023-11-08

Reset (all-time)

Active (none) Clear

Faceted filters (facts-based) exact core + snapshot + optional start/end

Annotation facets

HTTP facets

Snapshot facets

Custom time window (optional override)

Provide start/end to scope time explicitly (overrides days). Leave blank for all-time.

Tip: keep windows tight when you need speed, but the default is fact-complete.

Top annotators (facts, in-scope)

base 44 sfp 15 trav 12 scan_velocity 9 cred 4 hdrinj 4 ua 3 cmdi 2 proto 2

Top labels (facts, in-scope)

observed 44 sensitive_file 15 trav 12 scan_velocity 9 hdrinj 4 cred 4 ua 3 cmdi 2 proto 2

Click a pill to apply it as a filter.

Annotated access events

Showing page 1 / 2 — total 95 rows

← Prev Next →

#1 2023-11-08 03:34:05 event 435176 GET 404 bytes 1998

ann base label observed

Request event observed

/server-info

referer

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/server-info

referer

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#2 2023-11-08 03:34:03 event 435175 GET 404 bytes 1999

ann base label observed

Request event observed

/server-status?full

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/server-status?full

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#3 2023-11-08 03:34:01 event 435174 GET 404 bytes 2000

ann base label observed

Request event observed

/server-status

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/server-status

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#4 2023-11-08 01:16:19 event 434519 GET 404 bytes 1999

ann base label observed

Request event observed

/prometheus/prometheus

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/prometheus/prometheus

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2224.3 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#5 2023-11-08 01:16:17 event 434518 GET 404 bytes 2000

ann base label observed

Request event observed

/prometheus

referer

Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/prometheus

referer

Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#6 2023-11-08 01:16:16 event 434517 GET 404 bytes 1998

ann base label observed

Request event observed

/assets/built%252F..%252F..%252F%25E0%25A4%25A/package.json

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/assets/built%252F..%252F..%252F%25E0%25A4%25A/package.json

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#7 2023-11-08 01:16:16 event 434517 GET 404 bytes 1998

ann trav 26 label trav

Request Path traversal / LFI indicator detected

/assets/built%252F..%252F..%252F%25E0%25A4%25A/package.json

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36

Annotation facts

label

trav

rule

trav:mixed_separators

conf

90.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/assets/built%252F..%252F..%252F%25E0%25A4%25A/package.json

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36

summary

Path traversal / LFI indicator detected

details

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#8 2023-11-08 01:16:16 event 434517 GET 404 bytes 1998

ann trav 28 label trav

Request Path traversal / LFI indicator detected

/assets/built%252F..%252F..%252F%25E0%25A4%25A/package.json

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36

Annotation facts

label

trav

rule

trav:dotdot_slash

conf

92.00

details

More (full fields + snapshot) expand

url

/assets/built%252F..%252F..%252F%25E0%25A4%25A/package.json

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36

summary

Path traversal / LFI indicator detected

details

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#9 2023-11-08 01:16:14 event 434515 GET 404 bytes 1996

ann base label observed

Request event observed

/assets/built%2F..%2F..%2F/package.json

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/assets/built%2F..%2F..%2F/package.json

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#10 2023-11-08 01:16:14 event 434515 GET 404 bytes 1996

ann trav 26 label trav

Request Path traversal / LFI indicator detected

/assets/built%2F..%2F..%2F/package.json

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

Annotation facts

label

trav

rule

trav:mixed_separators

conf

90.00

details

More (full fields + snapshot) expand

url

/assets/built%2F..%2F..%2F/package.json

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

summary

Path traversal / LFI indicator detected

details

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#11 2023-11-08 01:16:14 event 434515 GET 404 bytes 1996

ann trav 28 label trav

Request Path traversal / LFI indicator detected

/assets/built%2F..%2F..%2F/package.json

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

Annotation facts

label

trav

rule

trav:dotdot_slash

conf

92.00

details

More (full fields + snapshot) expand

url

/assets/built%2F..%2F..%2F/package.json

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

summary

Path traversal / LFI indicator detected

details

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#12 2023-11-08 01:16:14 event 434515 GET 404 bytes 1996

ann sfp 34 label sensitive_file

Request Directory traversal indicator

/assets/built%2F..%2F..%2F/package.json

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:traversal

conf

86.00

details

Traversal sequences were present (raw or encoded). Snippet='/assets/built/../..//package.json'

More (full fields + snapshot) expand

url

/assets/built%2F..%2F..%2F/package.json

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

summary

Directory traversal indicator

details

Traversal sequences were present (raw or encoded). Snippet='/assets/built/../..//package.json'

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#13 2023-11-07 23:13:06 event 407969 GET 404 bytes 1996

ann base label observed

Request event observed

/cheatset

referer

Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cheatset

referer

Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#14 2023-11-07 23:13:06 event 407968 GET 404 bytes 2000

ann base label observed

Request event observed

/stats

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/stats

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#15 2023-11-07 23:13:06 event 407967 GET 404 bytes 2000

ann base label observed

Request event observed

/setup/setup-s/%25u002e%25u002e/%25u002e%25u002e/log.jsp

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/setup/setup-s/%25u002e%25u002e/%25u002e%25u002e/log.jsp

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#16 2023-11-07 23:13:06 event 407966 GET 404 bytes 1996

ann base label observed

Request event observed

/cheatset

referer

Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cheatset

referer

Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#17 2023-11-07 23:13:06 event 407965 GET 404 bytes 2000

ann base label observed

Request event observed

/stats

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/stats

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#18 2023-11-07 23:13:06 event 407964 GET 404 bytes 2000

ann base label observed

Request event observed

/setup/setup-s/%25u002e%25u002e/%25u002e%25u002e/log.jsp

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/setup/setup-s/%25u002e%25u002e/%25u002e%25u002e/log.jsp

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#19 2023-11-07 23:13:04 event 407961 GET 404 bytes 1999

ann trav 34 label trav

Request Path traversal / LFI indicator detected

/_nuxt/@fs/etc/passwd

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

Annotation facts

label

trav

rule

trav:sensitive_target

conf

95.00

details

More (full fields + snapshot) expand

url

/_nuxt/@fs/etc/passwd

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

summary

Path traversal / LFI indicator detected

details

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#20 2023-11-07 23:13:04 event 407958 GET 404 bytes 1999

ann trav 34 label trav

Request Path traversal / LFI indicator detected

/_nuxt/@fs/etc/passwd

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

Annotation facts

label

trav

rule

trav:sensitive_target

conf

95.00

details

More (full fields + snapshot) expand

url

/_nuxt/@fs/etc/passwd

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

summary

Path traversal / LFI indicator detected

details

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#21 2023-11-07 23:13:04 event 407963 GET 404 bytes 1998

ann base label observed

Request event observed

/wpeprivate/config.json

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/wpeprivate/config.json

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#22 2023-11-07 23:13:04 event 407962 GET 404 bytes 1996

ann base label observed

Request event observed

/config.properties

referer

Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/config.properties

referer

Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#23 2023-11-07 23:13:04 event 407961 GET 404 bytes 1999

ann base label observed

Request event observed

/_nuxt/@fs/etc/passwd

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/_nuxt/@fs/etc/passwd

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#24 2023-11-07 23:13:04 event 407960 GET 404 bytes 1998

ann base label observed

Request event observed

/wpeprivate/config.json

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/wpeprivate/config.json

referer

Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#25 2023-11-07 23:13:04 event 407959 GET 404 bytes 1996

ann base label observed

Request event observed

/config.properties

referer

Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/config.properties

referer

Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#26 2023-11-07 23:13:04 event 407958 GET 404 bytes 1999

ann base label observed

Request event observed

/_nuxt/@fs/etc/passwd

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/_nuxt/@fs/etc/passwd

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#27 2023-11-07 23:13:04 event 407961 GET 404 bytes 1999

ann sfp 44 label sensitive_file

Request Probe for OS credential/secret file

/_nuxt/@fs/etc/passwd

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:os_secrets

conf

94.00

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/_nuxt/@fs/etc/passwd'

More (full fields + snapshot) expand

url

/_nuxt/@fs/etc/passwd

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

summary

Probe for OS credential/secret file

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/_nuxt/@fs/etc/passwd'

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#28 2023-11-07 23:13:04 event 407958 GET 404 bytes 1999

ann sfp 44 label sensitive_file

Request Probe for OS credential/secret file

/_nuxt/@fs/etc/passwd

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

Annotation facts

label

sensitive_file

rule

sfp:file:os_secrets

conf

94.00

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/_nuxt/@fs/etc/passwd'

More (full fields + snapshot) expand

url

/_nuxt/@fs/etc/passwd

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

summary

Probe for OS credential/secret file

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/_nuxt/@fs/etc/passwd'

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#29 2023-11-07 23:13:04 event 407961 GET 404 bytes 1999

ann scan_velocity 20 label scan_velocity

Request Scan-velocity indicator: scanv:ext_enum

/_nuxt/@fs/etc/passwd

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:ext_enum

conf

90.00

details

ext_hits=8; score=10; window=90s; total=29; rpm_equiv=19.3; upm_nonstatic_equiv=9.3; 404=24/29(0.83); ext_hits=8; ua_sig=0; methods=['GET', 'POST']

More (full fields + snapshot) expand

url

/_nuxt/@fs/etc/passwd

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

summary

Scan-velocity indicator: scanv:ext_enum

details

ext_hits=8; score=10; window=90s; total=29; rpm_equiv=19.3; upm_nonstatic_equiv=9.3; 404=24/29(0.83); ext_hits=8; ua_sig=0; methods=['GET', 'POST']

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#30 2023-11-07 23:13:04 event 407961 GET 404 bytes 1999

ann scan_velocity 20 label scan_velocity

Request Scan-velocity indicator: scanv:404_ratio

/_nuxt/@fs/etc/passwd

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:404_ratio

conf

90.00

details

404=24/29(0.83); score=10; window=90s; total=29; rpm_equiv=19.3; upm_nonstatic_equiv=9.3; 404=24/29(0.83); ext_hits=8; ua_sig=0; methods=['GET', 'POST']

More (full fields + snapshot) expand

url

/_nuxt/@fs/etc/passwd

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

summary

Scan-velocity indicator: scanv:404_ratio

details

404=24/29(0.83); score=10; window=90s; total=29; rpm_equiv=19.3; upm_nonstatic_equiv=9.3; 404=24/29(0.83); ext_hits=8; ua_sig=0; methods=['GET', 'POST']

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#31 2023-11-07 23:13:04 event 407961 GET 404 bytes 1999

ann scan_velocity label scan_velocity

Request Scan-velocity window summary

/_nuxt/@fs/etc/passwd

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:window

conf

—

details

window=90s; total=29; rpm_equiv=19.3; upm_nonstatic_equiv=9.3; 404=24/29(0.83); ext_hits=8; ua_sig=0; methods=['GET', 'POST']

More (full fields + snapshot) expand

url

/_nuxt/@fs/etc/passwd

referer

Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36

summary

Scan-velocity window summary

details

window=90s; total=29; rpm_equiv=19.3; upm_nonstatic_equiv=9.3; 404=24/29(0.83); ext_hits=8; ua_sig=0; methods=['GET', 'POST']

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#32 2023-11-07 23:13:03 event 407957 GET 404 bytes 1999

ann base label observed

Request event observed

/docker-compose.yml

referer

Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2820.59 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/docker-compose.yml

referer

Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2820.59 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#33 2023-11-07 23:13:03 event 407956 GET 404 bytes 1999

ann base label observed

Request event observed

/docker-compose.yml

referer

Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2820.59 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/docker-compose.yml

referer

Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2820.59 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#34 2023-11-07 23:13:02 event 407955 GET 404 bytes 2000

ann base label observed

Request event observed

/assets/env.js

referer

Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/assets/env.js

referer

Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#35 2023-11-07 23:13:02 event 407954 GET 404 bytes 1998

ann base label observed

Request event observed

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#36 2023-11-07 23:13:02 event 407953 GET 404 bytes 2000

ann base label observed

Request event observed

/assets/env.js

referer

Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/assets/env.js

referer

Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2226.0 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#37 2023-11-07 23:13:02 event 407952 GET 404 bytes 1998

ann base label observed

Request event observed

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#38 2023-11-07 23:13:02 event 407954 GET 404 bytes 1998

ann scan_velocity 18 label scan_velocity

Request Scan-velocity indicator: scanv:404_ratio

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:404_ratio

conf

90.00

details

404=17/22(0.77); score=9; window=90s; total=22; rpm_equiv=14.7; upm_nonstatic_equiv=6.7; 404=17/22(0.77); ext_hits=8; ua_sig=0; methods=['GET', 'POST']

More (full fields + snapshot) expand

url

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

summary

Scan-velocity indicator: scanv:404_ratio

details

404=17/22(0.77); score=9; window=90s; total=22; rpm_equiv=14.7; upm_nonstatic_equiv=6.7; 404=17/22(0.77); ext_hits=8; ua_sig=0; methods=['GET', 'POST']

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#39 2023-11-07 23:13:02 event 407954 GET 404 bytes 1998

ann scan_velocity 18 label scan_velocity

Request Scan-velocity indicator: scanv:ext_enum

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:ext_enum

conf

90.00

details

ext_hits=8; score=9; window=90s; total=22; rpm_equiv=14.7; upm_nonstatic_equiv=6.7; 404=17/22(0.77); ext_hits=8; ua_sig=0; methods=['GET', 'POST']

More (full fields + snapshot) expand

url

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

summary

Scan-velocity indicator: scanv:ext_enum

details

ext_hits=8; score=9; window=90s; total=22; rpm_equiv=14.7; upm_nonstatic_equiv=6.7; 404=17/22(0.77); ext_hits=8; ua_sig=0; methods=['GET', 'POST']

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#40 2023-11-07 23:13:02 event 407954 GET 404 bytes 1998

ann scan_velocity label scan_velocity

Request Scan-velocity window summary

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:window

conf

—

details

window=90s; total=22; rpm_equiv=14.7; upm_nonstatic_equiv=6.7; 404=17/22(0.77); ext_hits=8; ua_sig=0; methods=['GET', 'POST']

More (full fields + snapshot) expand

url

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

summary

Scan-velocity window summary

details

window=90s; total=22; rpm_equiv=14.7; upm_nonstatic_equiv=6.7; 404=17/22(0.77); ext_hits=8; ua_sig=0; methods=['GET', 'POST']

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#41 2023-11-07 23:13:02 event 407954 GET 404 bytes 1998

ann hdrinj 24 label hdrinj

Request Encoded newline detected (%0d/%0a)

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

Annotation facts

label

hdrinj

rule

hdrinj:encoded_newline

conf

90.00

details

Percent-encoded CR/LF sequences are a common indicator of CRLF injection / response splitting attempts.

More (full fields + snapshot) expand

url

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

summary

Encoded newline detected (%0d/%0a)

details

Percent-encoded CR/LF sequences are a common indicator of CRLF injection / response splitting attempts.

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#42 2023-11-07 23:13:02 event 407954 GET 404 bytes 1998

ann hdrinj 28 label hdrinj

Request Header overflow / response splitting indicator

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

Annotation facts

label

hdrinj

rule

hdrinj:header_overflow

conf

93.00

details

Multiple CRLF/newline sequences suggest an attempt to terminate headers and inject a secondary response or headers.

More (full fields + snapshot) expand

url

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

summary

Header overflow / response splitting indicator

details

Multiple CRLF/newline sequences suggest an attempt to terminate headers and inject a secondary response or headers.

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#43 2023-11-07 23:13:02 event 407952 GET 404 bytes 1998

ann hdrinj 24 label hdrinj

Request Encoded newline detected (%0d/%0a)

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

Annotation facts

label

hdrinj

rule

hdrinj:encoded_newline

conf

90.00

details

Percent-encoded CR/LF sequences are a common indicator of CRLF injection / response splitting attempts.

More (full fields + snapshot) expand

url

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

summary

Encoded newline detected (%0d/%0a)

details

Percent-encoded CR/LF sequences are a common indicator of CRLF injection / response splitting attempts.

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#44 2023-11-07 23:13:02 event 407952 GET 404 bytes 1998

ann hdrinj 28 label hdrinj

Request Header overflow / response splitting indicator

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

Annotation facts

label

hdrinj

rule

hdrinj:header_overflow

conf

93.00

details

Multiple CRLF/newline sequences suggest an attempt to terminate headers and inject a secondary response or headers.

More (full fields + snapshot) expand

url

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

summary

Header overflow / response splitting indicator

details

Multiple CRLF/newline sequences suggest an attempt to terminate headers and inject a secondary response or headers.

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#45 2023-11-07 23:13:02 event 407954 GET 404 bytes 1998

ann cred 10 label cred

Request Auth request appears to use an automation-oriented user agent

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

Annotation facts

label

cred

rule

cred:scripted_user_agent

conf

70.00

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

More (full fields + snapshot) expand

url

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

summary

Auth request appears to use an automation-oriented user agent

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#46 2023-11-07 23:13:02 event 407954 GET 404 bytes 1998

ann cred label cred

Request Auth endpoint request observed

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

Annotation facts

label

cred

rule

cred:auth_hit:oauth_oidc

conf

55.00

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

More (full fields + snapshot) expand

url

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

summary

Auth endpoint request observed

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#47 2023-11-07 23:13:02 event 407952 GET 404 bytes 1998

ann cred 10 label cred

Request Auth request appears to use an automation-oriented user agent

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

Annotation facts

label

cred

rule

cred:scripted_user_agent

conf

70.00

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

More (full fields + snapshot) expand

url

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

summary

Auth request appears to use an automation-oriented user agent

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#48 2023-11-07 23:13:02 event 407952 GET 404 bytes 1998

ann cred label cred

Request Auth endpoint request observed

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

Annotation facts

label

cred

rule

cred:auth_hit:oauth_oidc

conf

55.00

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

More (full fields + snapshot) expand

url

/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>

referer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36

summary

Auth endpoint request observed

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#49 2023-11-07 23:13:01 event 407951 POST 404 bytes 1998

ann base label observed

Request event observed

/main/webservices/additional_webservices.php

referer

Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/main/webservices/additional_webservices.php

referer

Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

#50 2023-11-07 23:13:01 event 407950 GET 404 bytes 1999

ann base label observed

Request event observed

/config/parameters.yml

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/config/parameters.yml

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36

summary

event observed

details

—

subnet

95.179.158.0/24

asn

20473 — The Constant Company, LLC

geo

The Netherlands, North Holland, Amsterdam

org

Vultr Holdings LLC Amsterdam

Log Explorer

Annotated access events

Confirm Action