Reporte diario de Ataques ante Intrusiones Externas

Reporte diario de todos los ataques originados desde internet

Created By: Administrator

Date: November 27, 2015 5:30:11 AM

Reporte diario de Ataques ante Intrusiones Externas

Data Scope
Name
Source GeoLocation
Time frame

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Operation
Not equals
Between

Values
Internal network
From: 11/26/15 12:00:00 AM To: 11/26/15 11:59:59
PM

Page 2

Acciones ante alertas de seguridad

Immediate Action
Block
None

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Alert No. Count Distinct

140
292

Page 3

Eventos de seguridad por servicio web

Service
Service Aplicaciones Java
Service Aplicaciones Java
Service Pagina Web
Service Pagina Web
Service Sigaweb
Service Sigaweb

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Immediate Action
Block
None
Block
None
Block
None
None

Num. of Events
32
455
905
1,531
38
19
199

Page 4

Alertas de seguridad por servicio web

Service
Service Aplicaciones Java
Service Aplicaciones Java
Service Pagina Web
Service Pagina Web
Service Sigaweb
Service Sigaweb

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Immediate Action
Block
None
Block
None
Block
None

Alert No. Count Distinct

14
156
112
94
14
9

Page 5

Service

Immediate Action
None

Alert No. Count Distinct

33

Criticidad de ataques

Service
Service Aplicaciones Java
Service Aplicaciones Java
Service Aplicaciones Java

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Severity
Low
Medium
High

Num. of Events
31
431
25

Page 6

Service
Service Pagina Web
Service Pagina Web
Service Pagina Web
Service Sigaweb
Service Sigaweb

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Severity
Low
Medium
High
Medium
High
Informative

Num. of Events
165
1,377
894
19
38
199

Page 7

Geolocalizacin

Source GeoLocation
Algeria
Argentina
Australia
Australia
Austria
Bolivia, Plurinational State of
Brazil
Brazil

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Immediate Action
Block
Block
Block
None
Block
Block
Block
None

Num. of Events
1
3
47
45
1
1
39
40

Page 8

Source GeoLocation
Bulgaria
Canada
Canada
Chile
Colombia
Croatia
Croatia
Czech Republic
Ecuador
Ecuador
Egypt
France
France
Georgia
Germany
Germany
Greece
Greece
India
India
Iran, Islamic Republic of
Ireland
Israel
Israel
Italy
Italy
Japan
Japan
Kazakhstan
Korea, Republic of
Korea, Republic of

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Immediate Action
Block
Block
None
Block
Block
Block
None
None
Block
None
Block
Block
None
Block
Block
None
Block
None
Block
None
Block
None
Block
None
Block
None
Block
None
Block
Block
None

Num. of Events
2
17
5
6
2
16
16
1
11
1
2
1,040
195
2
600
114
1
1
1
3
8
68
53
53
9
9
16
21
7
200
4

Page 9

Source GeoLocation
Lithuania
Lithuania
Macedonia, the former Yugoslav Republic of
Macedonia, the former Yugoslav Republic of
Mexico
Moldova, Republic of
Morocco
Morocco
Netherlands
Netherlands
Pakistan
Peru
Peru
Philippines
Poland
Poland
Portugal
Portugal
Romania
Romania
South Africa
Spain
Switzerland
Switzerland
Taiwan
Thailand
Thailand
Trinidad and Tobago
Turkey
Turkey
United Kingdom of Great Britain

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Immediate Action
Block
None
Block
None
Block
Block
Block
None
Block
None
None
Block
None
None
Block
None
Block
None
Block
None
None
Block
Block
None
None
Block
None
Block
Block
None
Block

Num. of Events
599
9
4
4
2
1
4
4
65
44
2
500
941
1
37
22
2
7
18
18
2
6
1
30
10
1
1
16
1
12
3,631

Page 10

Source GeoLocation
United Kingdom of Great Britain
United States of America
United States of America
Uruguay

Immediate Action
None
Block
None
Block

Num. of Events
15
442
706
1

Listado de ataques
Alert Start Time Alert End Time

Num. Service
of
Events

Application

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Parameter Type
Violation
txtbuscar_doc in
aplicaciones.mininte
r.gob.pe/sige/simpri
mirhtllenada
Parameter Type
Violation txt_login in
aplicaciones.mininte
r.gob.pe/sige/susuari
ovalidar
Parameter Type
Violation hid_doc in
aplicaciones.mininte
r.gob.pe/sige/simpri
mirhtllenada
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/imprim
ir.jsp parameter
orgdesc
Distributed Too
Many of the Same
Response Code
(404)
Distributed Too
Many of the Same
Response Code
(404)

Medium

None

/sige/simprimirhtllen
ada

Peru (outdated)

Medium

None

/sige/susuariovalidar

Peru (outdated)

Medium

None

/sige/simprimirhtllen
ada

Peru (outdated)

Medium

None

/sige/imprimir.jsp

Peru (outdated)

Low

None

/sige/css/calendarsystem.css

Peru (outdated)

Low

None

/includes/form.css

Peru (outdated)

Service: Service Aplicaciones Java

11/26/2015
4:53:16 AM

11/26/2015
4:53:16 AM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
7:42:20 AM

11/26/2015
7:42:20 AM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
7:53:17 AM

11/26/2015
4:30:05 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
7:53:38 AM

11/26/2015
2:03:24 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
8:04:20 AM

11/26/2015
8:04:27 PM

Service Aplicaciones App Sige

Java

Correlation Too Many of the

Same Response
Code

11/26/2015
8:04:20 AM

11/26/2015
8:04:27 PM

Service Aplicaciones Default app java Correlation Too Many of the

Java
Same Response
Code

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Page 11

Alert Start Time Alert End Time

Num. Service
Application
of
Events
6
Service Aplicaciones App Sige
Java

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Correlation Too Many of the

Same Response
Code

Distributed Too
Many of the Same
Response Code
(404)
Distributed Too
Many of the Same
Response Code
(404)
Distributed Too
Many of the Same
Response Code
(404)
Distributed Too
Many of the Same
Response Code
(404)
Parameter Type
Violation filtro4 in
aplicaciones.mininte
r.gob.pe/sige/sbande
jacomun
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sbande
jacomun parameter
filtro1
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentointernoregistra
r parameter
txt_sumilla
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code

Low

None

/sige/js/calendarsetup.js

Peru (outdated)

Low

None

/favicon.ico

Peru (outdated)

Low

None

/sige/js/calendar.js

Peru (outdated)

Low

None

/sige/js/calendares.js

Peru (outdated)

Medium

None

/sige/sbandejacomun Peru (outdated)

Medium

None

/sige/sbandejacomun Peru (outdated)

Medium

None

/sige/sdocumentoint
ernoregistrar

Peru (outdated)

Medium

None

Peru (outdated)

Medium

None

/sige/documentosge
neradosconsultarlist
ado.jsp
/sige/regdocinterno.j
sp

Medium

None

11/26/2015
8:04:20 AM

11/26/2015
8:04:27 PM

11/26/2015
8:04:20 AM

11/26/2015
8:04:27 PM

Service Aplicaciones Default app java Correlation Too Many of the

Java
Same Response
Code

11/26/2015
8:04:20 AM

11/26/2015
8:04:27 PM

Service Aplicaciones App Sige

Java

Correlation Too Many of the

Same Response
Code

11/26/2015
8:04:20 AM

11/26/2015
8:04:27 PM

Service Aplicaciones App Sige

Java

Correlation Too Many of the

Same Response
Code

11/26/2015
8:05:59 AM

11/26/2015
8:05:59 AM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
8:10:50 AM

11/26/2015
7:12:03 PM

14

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
8:20:14 AM

11/26/2015
1:13:02 PM

20

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
8:26:21 AM

11/26/2015
9:47:57 PM

17

Service Aplicaciones App Sige

Java

Custom

Custom Violation

11/26/2015
8:26:21 AM

11/26/2015
7:27:07 PM

Service Aplicaciones App Sige

Java

Custom

Custom Violation

11/26/2015
8:26:21 AM

11/26/2015
7:27:07 PM

Service Aplicaciones App Sige

Java

Custom

Custom Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Peru (outdated)

/sige/regdocexterno.j Peru (outdated)

sp

Page 12

Alert Start Time Alert End Time

Num. Service
Application
of
Events
1
Service Aplicaciones App Sige
Java

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Custom

Custom Violation

Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Cookie Tampering on
cookie mstnc:
Expected 1,
Observed 2
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sbusca
roficina parameter
hid_org
Automated
Vulnerability
Scanning
Parameter Type
Violation filtro1 in
aplicaciones.mininte
r.gob.pe/sige/bandej
acomun.jsp
Parameter Type
Violation
txtRemitente in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentosgeneradosco
nsulta
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sbande
jacomun parameter
filtro2
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/bandej
acomun.jsp
parameter filtro2

Medium

None

/sige/cambiarclaveus Peru (outdated)

uario.jsp

Medium

None

/sige/derivardocume
nto.jsp

Peru (outdated)

Medium

Block

/sige/susuariovalidar

Peru (outdated)

Medium

None

/sige/sbuscaroficina

Peru (outdated)

High

Block

/sige/js/calendarsetup.js

Peru (outdated)

Medium

None

/sige/bandejacomun. Peru (outdated)

jsp

Medium

None

/sige/sdocumentosge Peru (outdated)

neradosconsulta

Medium

None

/sige/sbandejacomun Peru (outdated)

Medium

None

/sige/bandejacomun. Peru (outdated)

jsp

11/26/2015
8:26:21 AM

11/26/2015
7:27:07 PM

11/26/2015
8:26:21 AM

11/26/2015
9:47:57 PM

Service Aplicaciones App Sige

Java

Custom

Custom Violation

11/26/2015
8:34:08 AM

11/26/2015
8:34:36 AM

Service Aplicaciones App Sige

Java

Profile

Cookie Tampering

11/26/2015
8:37:46 AM

11/26/2015
8:46:40 AM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
8:49:48 AM

11/26/2015
8:49:48 AM

Service Aplicaciones App Sige

Java

Custom

Custom Violation

11/26/2015
8:57:32 AM

11/26/2015
7:12:03 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
9:02:59 AM

11/26/2015
3:38:50 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
9:05:54 AM

11/26/2015
2:04:08 PM

11

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
9:05:54 AM

11/26/2015
1:26:24 PM

10

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Source
GeoLocation

Page 13

Alert Start Time Alert End Time

Num. Service
Application
of
Events
5
Service Aplicaciones App Sige
Java

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Profile

Parameter Type
Violation

Parameter Type
Violation
txtDescripcionOrgani
zacion in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentoexternoregistr
ar
Parameter Type
Violation
textarea_oficina in
aplicaciones.mininte
r.gob.pe/sige/smodifi
carinternograbar
Parameter Type
Violation
txtDocumento in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentosgeneradosco
nsulta
Parameter Type
Violation
txt_observaciones in
aplicaciones.mininte
r.gob.pe/sige/srespo
nderregistrar
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentoexternoregistr
ar parameter
txtNroDocumento
Parameter Type
Violation
txt_observaciones in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentointernoregistra
r
Parameter Type
Violation Efecha_ini1
in
aplicaciones.mininte
r.gob.pe/sige/sbande
jacomun

Medium

None

/sige/sdocumentoext Peru (outdated)

ernoregistrar

Medium

None

/sige/smodificarinter
nograbar

Medium

None

/sige/sdocumentosge Peru (outdated)

neradosconsulta

Medium

None

/sige/sresponderregi
strar

Medium

None

/sige/sdocumentoext Peru (outdated)

ernoregistrar

Medium

None

/sige/sdocumentoint
ernoregistrar

Medium

None

/sige/sbandejacomun Peru (outdated)

11/26/2015
9:09:07 AM

11/26/2015
6:07:01 PM

11/26/2015
9:13:22 AM

11/26/2015
5:15:51 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
9:14:48 AM

11/26/2015
8:45:22 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
9:16:04 AM

11/26/2015
3:28:56 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
9:18:41 AM

11/26/2015
12:21:29 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
9:21:43 AM

11/26/2015
9:21:43 AM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
9:21:49 AM

11/26/2015
9:21:49 AM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Source
GeoLocation

Peru (outdated)

Peru (outdated)

Peru (outdated)

Page 14

Alert Start Time Alert End Time

Num. Service
Application
of
Events
12
Service Aplicaciones App Sige
Java

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Profile

Parameter Type
Violation

Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/susuari
ovalidar parameter
txt_login
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentosgeneradosco
nsulta parameter
txtHojaTramite
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/simpri
mirhtllenada
parameter
txtbuscar_doc
Parameter Type
Violation
datoDependencia in
aplicaciones.mininte
r.gob.pe/sigu/ldep.js
p
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentosgeneradosco
nsulta parameter
txtusuario
Parameter Type
Violation nom in
aplicaciones.mininte
r.gob.pe/sigu/usuario
.do
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/scomb
ouo parameter
rndval

Medium

None

/sige/susuariovalidar

Peru (outdated)

Medium

None

/sige/sdocumentosge Peru (outdated)

neradosconsulta

Medium

None

/sige/simprimirhtllen
ada

Peru (outdated)

Medium

None

/sigu/ldep.jsp

Peru (outdated)

Medium

None

/sige/sdocumentosge Peru (outdated)

neradosconsulta

Medium

None

/sigu/usuario.do

Peru (outdated)

Medium

None

/sige/scombouo

Peru (outdated)

11/26/2015
9:33:42 AM

11/26/2015
5:52:25 PM

11/26/2015
9:39:32 AM

11/26/2015
3:14:51 PM

19

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
9:46:18 AM

11/26/2015
12:14:55 PM

12

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
9:54:49 AM

11/26/2015
10:09:01 AM

Service Aplicaciones App Sigu

Java

Profile

Parameter Type
Violation

11/26/2015
10:01:22 AM

11/26/2015
10:04:54 AM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
10:08:10 AM

11/26/2015
10:08:10 AM

Service Aplicaciones App Sigu

Java

Profile

Parameter Type
Violation

11/26/2015
10:22:46 AM

11/26/2015
10:58:52 AM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Page 15

Alert Start Time Alert End Time

Num. Service
Application
of
Events
3
Service Aplicaciones App Sige
Java

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Profile

Parameter Type
Violation

Parameter Type
Violation txtArchivo
in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentointernoregistra
r
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentosgeneradosco
nsulta parameter
txtDocumento
Unknown HTTP
Request Method
Xw[[#14]][t)N
X}[[#26]]m&
|[[#26]]'L_l[[#25]]
([[#20]].T[
[#30]]?[[[#8]][[#2
4]][[#18]][[#19]]~(
%IX[[#19]]u
h[[#2]]~sW[[#2
4]]+[[#27]][[#25
]]c[[#21]] in URL
]du+vv[[#20]]
[[#8]][[#21]]1y
9'qdz[[#16]]
kwxon[[#30]]/[[#1]]
5_<f[[#23]][[
#29]]!
lriu[[#20]]t,
Illegal Byte Code
Character in Method
Xw[[#14]][t)N
X}[[#26]]m&
|[[#26]]'L_l[[#25]]
([[#20]].T[
[#30]]?[[[#8]][[#2
4]][[#18]][[#19]]~(
%IX[[#19]]u
h[[#2]]~sW[[#2
4]]+[[#27]][[#25
]]c[[#21]]

Medium

None

/sige/sdocumentoint
ernoregistrar

Peru (outdated)

Medium

None

/sige/sdocumentosge Peru (outdated)

neradosconsulta

High

Block

]du+vv[[#20]] Peru (outdated)

[[#8]][[#21]]1y
9'qdz[[#16]]
kwxon[[#30]]/[[#1]]
5_<f[[#23]][[
#29]]!
lriu[[#20]]t,

High

Block

]du+vv[[#20]] Peru (outdated)

[[#8]][[#21]]1y
9'qdz[[#16]]
kwxon[[#30]]/[[#1]]
5_<f[[#23]][[
#29]]!
lriu[[#20]]t,

11/26/2015
10:23:01 AM

11/26/2015
10:28:29 AM

11/26/2015
10:24:02 AM

11/26/2015
12:55:04 PM

16

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
10:25:36 AM

11/26/2015
10:25:36 AM

Service Aplicaciones
Java

Protocol

Unknown HTTP
Request Method

11/26/2015
10:25:36 AM

11/26/2015
10:25:36 AM

Service Aplicaciones
Java

Protocol

Illegal Byte Code

Character in Method

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Page 16

Alert Start Time Alert End Time

Num. Service
Application
of
Events
2
Service Aplicaciones
Java

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Protocol

Illegal Byte Code

Character in URL

Illegal Byte Code

Character in URL
]du+vv[[#20]]
[[#8]][[#21]]1y
9'qdz[[#16]]
kwxon[[#30]]/[[#1]]
5_<f[[#23]][[
#29]]!
lriu[[#20]]t,
Parameter Type
Violation txt_sumilla
in
aplicaciones.mininte
r.gob.pe/sige/smodifi
carinternograbar
Cookie Injection on
cookie mstmode
with value manual
Parameter Type
Violation
txt_observaciones in
aplicaciones.mininte
r.gob.pe/sige/sarchiv
ardocumentoregistra
r
Parameter Type
Violation txtusuario
in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentosgeneradosco
nsulta
Parameter Type
Violation
txtRemitente in
aplicaciones.mininte
r.gob.pe/sige/sanexa
raexpedienteregistra
r
Parameter Type
Violation
txtbuscar_doc in
aplicaciones.mininte
r.gob.pe/sige/sbusca
rreiterativos

High

Block

]du+vv[[#20]] Peru (outdated)

[[#8]][[#21]]1y
9'qdz[[#16]]
kwxon[[#30]]/[[#1]]
5_<f[[#23]][[
#29]]!
lriu[[#20]]t,

Medium

None

/sige/smodificarinter
nograbar

Peru (outdated)

Medium

Block

/sige/susuariovalidar

Peru (outdated)

Medium

None

/sige/sarchivardocu
mentoregistrar

Peru (outdated)

Medium

None

/sige/sdocumentosge Peru (outdated)

neradosconsulta

Medium

None

/sige/sanexaraexpedi Peru (outdated)

enteregistrar

Medium

None

/sige/sbuscarreiterati Peru (outdated)

vos

11/26/2015
10:25:36 AM

11/26/2015
10:25:36 AM

11/26/2015
10:35:58 AM

11/26/2015
12:41:57 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
11:01:56 AM

11/26/2015
11:01:56 AM

Service Aplicaciones App Sige

Java

Profile

Cookie Injection

11/26/2015
11:06:11 AM

11/26/2015
6:05:54 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
11:12:44 AM

11/26/2015
10:10:00 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
11:21:21 AM

11/26/2015
5:48:47 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
11:22:01 AM

11/26/2015
12:27:21 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Source
GeoLocation

Page 17

Alert Start Time Alert End Time

Num. Service
Application
of
Events
4
Service Aplicaciones App Sige
Java

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Profile

Parameter Type
Violation

Parameter Type
Violation
txtbuscar_doc in
aplicaciones.mininte
r.gob.pe/sige/sbusca
ranexaraexpediente
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentoexternoregistr
ar parameter
txtRemitente
Parameter Type
Violation
txt_contrasena in
aplicaciones.mininte
r.gob.pe/sige/susuari
ovalidar
Parameter Type
Violation
txt_observaciones in
aplicaciones.mininte
r.gob.pe/sige/smodifi
carinternograbar
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sbande
jacomun parameter
filtro4
Parameter Type
Violation combo3 in
aplicaciones.mininte
r.gob.pe/sige/scomb
ouo7
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/srespo
nderregistrar
parameter
hid_siglaorganizacio
n

Medium

None

/sige/sbuscaranexara Peru (outdated)

expediente

Medium

None

/sige/sdocumentoext Peru (outdated)

ernoregistrar

Medium

None

/sige/susuariovalidar

Peru (outdated)

Medium

None

/sige/smodificarinter
nograbar

Peru (outdated)

Medium

None

/sige/sbandejacomun Peru (outdated)

Medium

None

/sige/scombouo7

Peru (outdated)

Medium

None

/sige/sresponderregi
strar

Peru (outdated)

11/26/2015
11:22:15 AM

11/26/2015
11:22:26 AM

11/26/2015
11:23:27 AM

11/26/2015
11:55:40 AM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
11:23:36 AM

11/26/2015
11:23:36 AM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
11:23:38 AM

11/26/2015
8:29:47 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
11:33:10 AM

11/26/2015
3:08:29 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
11:33:22 AM

11/26/2015
10:32:36 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
11:34:10 AM

11/26/2015
11:54:47 AM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Source
GeoLocation

Page 18

Alert Start Time Alert End Time

Num. Service
Application
of
Events
4
Service Aplicaciones App Sige
Java

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Profile

Parameter Type
Violation

Parameter Type
Violation filtro4 in
aplicaciones.mininte
r.gob.pe/sige/bandej
acomun.jsp
Parameter Type
Violation
txtHoraInicio in
aplicaciones.mininte
r.gob.pe/sige/smovi
mientosconsultar
Parameter Type
Violation hid_org in
190.235.197.236/sig
e/sbuscaroficina
Parameter Type
Violation
textarea_oficina in
aplicaciones.mininte
r.gob.pe/sige/smodifi
carderivograbar
Parameter Type
Violation asunto in
aplicaciones.mininte
r.gob.pe/sige/desarc
hivar.jsp
Parameter Type
Violation pol in
aplicaciones.mininte
r.gob.pe/sige/scomb
ouo6
Parameter Type
Violation txtAsunto
in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentosgeneradosco
nsulta
Parameter Type
Violation
txtRemitente in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentoexternoregistr
ar

Medium

None

/sige/bandejacomun. Peru (outdated)

jsp

Medium

None

/sige/smovimientosc
onsultar

Peru (outdated)

Medium

None

/sige/sbuscaroficina

Peru (outdated)

Medium

None

/sige/smodificarderiv Peru (outdated)

ograbar

Medium

None

/sige/desarchivar.jsp

Peru (outdated)

Medium

None

/sige/scombouo6

Peru (outdated)

Medium

None

/sige/sdocumentosge Peru (outdated)

neradosconsulta

Medium

None

/sige/sdocumentoext Peru (outdated)

ernoregistrar

11/26/2015
11:36:58 AM

11/26/2015
3:08:29 PM

11/26/2015
11:43:12 AM

11/26/2015
11:43:12 AM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
12:13:54 PM

11/26/2015
12:13:54 PM

Service Aplicaciones Default app java Profile

Java

Parameter Type
Violation

11/26/2015
12:26:21 PM

11/26/2015
12:26:21 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
12:31:55 PM

11/26/2015
12:31:55 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
12:36:02 PM

11/26/2015
12:36:02 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
12:42:19 PM

11/26/2015
5:35:07 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
12:58:20 PM

11/26/2015
2:29:04 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Source
GeoLocation

Page 19

Alert Start Time Alert End Time

Num. Service
Application
Alert Type Alert Name
of
Events
1
Service Aplicaciones Default app java Profile
Parameter Type
Java
Violation

11/26/2015
1:12:55 PM

11/26/2015
1:12:55 PM

11/26/2015
1:22:16 PM

11/26/2015
1:22:16 PM

Service Aplicaciones Default app java Profile

Java

Parameter Type
Violation

11/26/2015
1:22:50 PM

11/26/2015
1:22:50 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
1:22:50 PM

11/26/2015
1:22:50 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
1:24:17 PM

11/26/2015
1:24:17 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
1:27:08 PM

11/26/2015
4:47:48 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
1:28:07 PM

11/26/2015
1:28:07 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
1:29:31 PM

11/26/2015
4:09:33 PM

11

Service Aplicaciones App Sipp

Java

Profile

Parameter Type
Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Parameter Type
Violation combo3 in
190.235.197.236/sig
e/scombouo6
Parameter Type
Violation combo6 in
190.235.197.236/sig
e/scombouo7
Parameter Type
Violation
ReqDocumento in
aplicaciones.mininte
r.gob.pe/sige/reiterat
ivos.jsp
Parameter Type
Violation hid_doc in
aplicaciones.mininte
r.gob.pe/sige/sbusca
rreiterativos
Parameter Type
Violation
txt_observacionesU
in
aplicaciones.mininte
r.gob.pe/sige/sasign
aratenciongrabar
Parameter Type
Violation filtro1 in
aplicaciones.mininte
r.gob.pe/sige/sbande
jacomun
Parameter Type
Violation
txt_observaciones in
aplicaciones.mininte
r.gob.pe/sige/sanexa
raexpedienteregistra
r
Parameter Type
Violation
datoNombres in
aplicaciones.mininte
r.gob.pe/sipp/legajo.
do

Medium

None

/sige/scombouo6

Peru (outdated)

Medium

None

/sige/scombouo7

Peru (outdated)

Medium

None

/sige/reiterativos.jsp

Peru (outdated)

Medium

None

/sige/sbuscarreiterati Peru (outdated)

vos

Medium

None

/sige/sasignaratencio Peru (outdated)

ngrabar

Medium

None

/sige/sbandejacomun Peru (outdated)

Medium

None

/sige/sanexaraexpedi Peru (outdated)

enteregistrar

Medium

None

/sipp/legajo.do

Peru (outdated)

Page 20

Alert Start Time Alert End Time

Num. Service
Application
of
Events
1
Service Aplicaciones App Sige
Java

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Profile

Parameter Type
Violation

Parameter Type
Violation combo7 in
aplicaciones.mininte
r.gob.pe/sige/scomb
ouo11
Parameter Type
Violation
txtNroDocumento in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentointernoregistra
r
Parameter Type
Violation
textarea_oficina in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentosgeneradosco
nsulta
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentoexternoregistr
ar parameter
txtDescripcionOrgani
zacion
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/susuari
ovalidar parameter
txt_contrasena
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/scomb
ouo11 parameter
combo9
Parameter Type
Violation hora1 in
aplicaciones.mininte
r.gob.pe/sige/smovi
mientosconsultarofic
inas

Medium

None

/sige/scombouo11

Peru (outdated)

Medium

None

/sige/sdocumentoint
ernoregistrar

Peru (outdated)

Medium

None

/sige/sdocumentosge Peru (outdated)

neradosconsulta

Medium

None

/sige/sdocumentoext Peru (outdated)

ernoregistrar

Medium

None

/sige/susuariovalidar

Peru (outdated)

Medium

None

/sige/scombouo11

Peru (outdated)

Medium

None

/sige/smovimientosc
onsultaroficinas

Peru (outdated)

11/26/2015
1:43:51 PM

11/26/2015
1:43:51 PM

11/26/2015
1:55:04 PM

11/26/2015
6:20:43 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
1:56:59 PM

11/26/2015
1:56:59 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
2:08:35 PM

11/26/2015
2:24:54 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
2:13:51 PM

11/26/2015
5:53:17 PM

15

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
2:18:19 PM

11/26/2015
3:07:38 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
2:24:01 PM

11/26/2015
2:24:01 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Page 21

Alert Start Time Alert End Time

Num. Service
Application
of
Events
2
Service Aplicaciones App Sige
Java

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Profile

Parameter Type
Violation

Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentosgeneradosco
nsulta parameter
txtAsunto
Parameter Type
Violation txtoficina in
aplicaciones.mininte
r.gob.pe/sige/sbusca
roficina
Parameter Type
Violation txt_sumilla
in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentointernoregistra
r
Parameter Type
Violation filtro4 in
aplicaciones.mininte
r.gob.pe/sige/modific
arinterno.jsp
Parameter Type
Violation filtro4 in
aplicaciones.mininte
r.gob.pe/sige/smodifi
carinternograbar
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentoexternoregistr
ar parameter
txtApeMaterno
Parameter Type
Violation
textarea_oficina in
aplicaciones.mininte
r.gob.pe/sige/smodifi
carexternograbar
Parameter Type
Violation combo6 in
aplicaciones.mininte
r.gob.pe/sige/scomb
ouo9

Medium

None

/sige/sdocumentosge Peru (outdated)

neradosconsulta

Medium

None

/sige/sbuscaroficina

Peru (outdated)

Medium

None

/sige/sdocumentoint
ernoregistrar

Peru (outdated)

Medium

None

/sige/modificarintern
o.jsp

Peru (outdated)

Medium

None

/sige/smodificarinter
nograbar

Peru (outdated)

Medium

None

/sige/sdocumentoext Peru (outdated)

ernoregistrar

Medium

None

/sige/smodificarexter Peru (outdated)

nograbar

Medium

None

/sige/scombouo9

11/26/2015
2:27:36 PM

11/26/2015
3:19:37 PM

11/26/2015
2:42:09 PM

11/26/2015
6:06:54 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
2:54:04 PM

11/26/2015
8:25:38 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
2:56:00 PM

11/26/2015
4:47:04 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
2:56:09 PM

11/26/2015
4:46:08 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
2:58:38 PM

11/26/2015
3:12:45 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
3:01:34 PM

11/26/2015
3:01:34 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
3:06:14 PM

11/26/2015
3:06:14 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Source
GeoLocation

Peru (outdated)

Page 22

Alert Start Time Alert End Time

Num. Service
Application
of
Events
4
Service Aplicaciones App Sige
Java

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Profile

Parameter Type
Violation

Parameter Type
Violation combo6 in
aplicaciones.mininte
r.gob.pe/sige/scomb
ouo11
Parameter Type
Violation orgdesc in
aplicaciones.mininte
r.gob.pe/sige/imprim
ir.jsp
Parameter Type
Violation
txtNroDocumento in
aplicaciones.mininte
r.gob.pe/sige/smodifi
cardocumentograbar
Parameter Type
Violation
txtNroDocumento in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentoexternoregistr
ar
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentointernoregistra
r parameter
txt_observaciones
Parameter Type
Violation
txtObservaciones in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentosgeneradosco
nsulta
Parameter Type
Violation
txtobservaciones in
aplicaciones.mininte
r.gob.pe/sige/sagreg
arcopiasregistrar

Medium

None

/sige/scombouo11

Peru (outdated)

Medium

None

/sige/imprimir.jsp

Peru (outdated)

Medium

None

/sige/smodificardocu
mentograbar

Peru (outdated)

Medium

None

/sige/sdocumentoext Peru (outdated)

ernoregistrar

Medium

None

/sige/sdocumentoint
ernoregistrar

Medium

None

/sige/sdocumentosge Peru (outdated)

neradosconsulta

Medium

None

/sige/sagregarcopias
registrar

11/26/2015
3:06:20 PM

11/26/2015
3:06:20 PM

11/26/2015
3:08:09 PM

11/26/2015
3:08:09 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
3:18:51 PM

11/26/2015
3:18:51 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
3:20:44 PM

11/26/2015
3:22:01 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
3:31:23 PM

11/26/2015
4:16:20 PM

11

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
3:39:38 PM

11/26/2015
3:40:52 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
3:40:00 PM

11/26/2015
3:40:00 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Peru (outdated)

Peru (outdated)

Page 23

Alert Start Time Alert End Time

Num. Service
Application
of
Events
1
Service Aplicaciones App Sige
Java

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Profile

Parameter Type
Violation

Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/smodifi
carinternograbar
parameter
txt_sumilla
Parameter Type
Violation filtro2 in
aplicaciones.mininte
r.gob.pe/sige/bandej
acomun.jsp
Parameter Type
Violation filtro2 in
aplicaciones.mininte
r.gob.pe/sige/sbande
jacomun
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/smodifi
carderivograbar
parameter
textarea_oficina
Parameter Type
Violation
txtbuscar_org_extern
a in
aplicaciones.mininte
r.gob.pe/sige/sbusca
rorganizacion
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/scomb
ouo7 parameter
combo3
Parameter Type
Violation
txtHojaTramite in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentosgeneradosco
nsulta

Medium

None

/sige/smodificarinter
nograbar

Peru (outdated)

Medium

None

/sige/bandejacomun. Peru (outdated)

jsp

Medium

None

/sige/sbandejacomun Peru (outdated)

Medium

None

/sige/smodificarderiv Peru (outdated)

ograbar

Medium

None

/sige/sbuscarorganiz
acion

Peru (outdated)

Medium

None

/sige/scombouo7

Peru (outdated)

Medium

None

/sige/sdocumentosge Peru (outdated)

neradosconsulta

11/26/2015
3:57:12 PM

11/26/2015
4:10:42 PM

11/26/2015
3:59:53 PM

11/26/2015
3:59:53 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
3:59:53 PM

11/26/2015
3:59:53 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
4:04:42 PM

11/26/2015
4:47:14 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
4:09:37 PM

11/26/2015
4:09:37 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
4:18:42 PM

11/26/2015
4:42:01 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
4:19:55 PM

11/26/2015
6:42:18 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Page 24

Alert Start Time Alert End Time

Num. Service
Application
of
Events
1
Service Aplicaciones App Sige
Java

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Profile

Parameter Type
Violation

Parameter Type
Violation
txt_observaciones in
aplicaciones.mininte
r.gob.pe/sige/sreiter
ativosregistrar
Parameter Type
Violation hid_org in
aplicaciones.mininte
r.gob.pe/sige/sbusca
roficina
Parameter Type
Violation
txtApeMaterno in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentoexternoregistr
ar
Multiple Illegal Byte
Code Character in
URL from
190.233.151.91

Medium

None

/sige/sreiterativosreg Peru (outdated)

istrar

Medium

None

/sige/sbuscaroficina

Medium

None

/sige/sdocumentoext Peru (outdated)

ernoregistrar

High

Block

zmlk[[#19]]
!ifg\[[#7]]x[[
#0]]rmm2.s[[
#23]]k\][[#27]]
)
zmlk[[#19]]
!ifg\[[#7]]x[[
#0]]rmm2.s[[
#23]]k\][[#27]]
)
j@[[#22]]x2}
em[[#7]][[#24]]
[[#2]]z[[#16]]e
x`d[[#6]]
[[#29]]
j@[[#22]]x2}
em[[#7]][[#24]]
[[#2]]z[[#16]]e
x`d[[#6]]
[[#29]]
j@[[#22]]x2}
em[[#7]][[#24]]
[[#2]]z[[#16]]e
x`d[[#6]]
[[#29]]

11/26/2015
4:56:50 PM

11/26/2015
4:56:50 PM

11/26/2015
4:58:52 PM

11/26/2015
4:58:52 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
5:13:28 PM

11/26/2015
6:41:19 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
5:15:35 PM

11/26/2015
5:15:39 PM

Service Aplicaciones
Java

Protocol

Illegal Byte Code

Character in URL

11/26/2015
5:15:35 PM

11/26/2015
5:15:39 PM

Service Aplicaciones
Java

Protocol

Illegal Byte Code

Character in
Parameter Name

Multiple Illegal Byte High

Code Character in
Parameter Name
from 190.233.151.91

Block

11/26/2015
5:15:35 PM

11/26/2015
5:15:39 PM

Service Aplicaciones
Java

Protocol

Illegal Byte Code

Character in Query
String

Multiple Illegal Byte

Code Character in
Query String from
190.233.151.91

High

Block

11/26/2015
5:15:35 PM

11/26/2015
5:15:39 PM

Service Aplicaciones
Java

Protocol

Unknown HTTP
Request Method

Multiple Unknown
HTTP Request
Method from
190.233.151.91

High

Block

11/26/2015
5:15:35 PM

11/26/2015
5:15:35 PM

Service Aplicaciones
Java

Protocol

Illegal Byte Code

Character in
Parameter Value

Illegal Byte Code

Medium
Character in
Parameter Value at
44 for
j@[[#22]]x2}
em[[#7]][[#24]]
[[#2]]z[[#16]]e
x`d[[#6]]
[[#29]]

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

None

Source
GeoLocation

Peru (outdated)

Peru (outdated)

Peru (outdated)

Peru (outdated)

Peru (outdated)

Peru (outdated)

Page 25

Alert Start Time Alert End Time

Num. Service
Application
of
Events
1
Service Aplicaciones
Java

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Protocol

Unknown HTTP
Request Method

Multiple Unknown
HTTP Request
Method from
190.233.151.91
Multiple Illegal Byte
Code Character in
Query String from
190.233.151.91
Multiple Illegal Byte
Code Character in
Method from
190.233.151.91

High

Block

Peru (outdated)

High

Block

High

Block

11/26/2015
5:15:35 PM

11/26/2015
5:15:39 PM

11/26/2015
5:15:35 PM

11/26/2015
5:15:39 PM

Service Aplicaciones
Java

Protocol

Illegal Byte Code

Character in Query
String

11/26/2015
5:15:35 PM

11/26/2015
5:15:39 PM

Service Aplicaciones
Java

Protocol

Illegal Byte Code

Character in Method

11/26/2015
5:15:35 PM

11/26/2015
5:15:35 PM

Service Aplicaciones
Java

Protocol

Illegal Byte Code

Character in Header
Name

Illegal Byte Code

Character in Header
Name

High

Block

11/26/2015
5:15:35 PM

11/26/2015
5:15:39 PM

Service Aplicaciones
Java

Protocol

Illegal Byte Code

Character in Method

Multiple Illegal Byte

Code Character in
Method from
190.233.151.91

High

Block

11/26/2015
5:15:35 PM

11/26/2015
5:15:39 PM

Service Aplicaciones
Java

Protocol

Illegal Byte Code

Character in URL

Multiple Illegal Byte

Code Character in
URL from
190.233.151.91

High

Block

11/26/2015
5:15:35 PM

11/26/2015
5:15:39 PM

Service Aplicaciones
Java

Protocol

Unknown HTTP
Request Method

Multiple Unknown
HTTP Request
Method from
190.233.151.91

High

Block

11/26/2015
5:15:35 PM

11/26/2015
5:15:39 PM

Service Aplicaciones
Java

Protocol

Illegal Byte Code

Character in Method

High

Block

11/26/2015
5:15:35 PM

11/26/2015
5:15:35 PM

Service Aplicaciones
Java

Protocol

Illegal HTTP Version

Multiple Illegal Byte

Code Character in
Method from
190.233.151.91
Illegal HTTP Version

High

Block

11/26/2015
5:15:35 PM

11/26/2015
5:15:39 PM

Service Aplicaciones
Java

Protocol

Illegal Byte Code

Character in
Parameter Name

Multiple Illegal Byte High

Code Character in
Parameter Name
from 190.233.151.91

Block

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

]dz[[#20]]
b[[#30]][[#15]]i[[#
28]][[#25]]dyv[[#
25]]>i9ej.
]dz[[#20]]
b[[#30]][[#15]]i[[#
28]][[#25]]dyv[[#
25]]>i9ej.
j@[[#22]]x2}
em[[#7]][[#24]]
[[#2]]z[[#16]]e
x`d[[#6]]
[[#29]]
j@[[#22]]x2}
em[[#7]][[#24]]
[[#2]]z[[#16]]e
x`d[[#6]]
[[#29]]
zmlk[[#19]]
!ifg\[[#7]]x[[
#0]]rmm2.s[[
#23]]k\][[#27]]
)
j@[[#22]]x2}
em[[#7]][[#24]]
[[#2]]z[[#16]]e
x`d[[#6]]
[[#29]]
zmlk[[#19]]
!ifg\[[#7]]x[[
#0]]rmm2.s[[
#23]]k\][[#27]]
)
]dz[[#20]]
b[[#30]][[#15]]i[[#
28]][[#25]]dyv[[#
25]]>i9ej.
j@[[#22]]x2}
em[[#7]][[#24]]
[[#2]]z[[#16]]e
x`d[[#6]]
[[#29]]
]dz[[#20]]
b[[#30]][[#15]]i[[#
28]][[#25]]dyv[[#
25]]>i9ej.

Peru (outdated)

Peru (outdated)

Peru (outdated)

Peru (outdated)

Peru (outdated)

Peru (outdated)

Peru (outdated)

Peru (outdated)

Peru (outdated)

Page 26

Alert Start Time Alert End Time

Num. Service
Application
of
Events
2
Service Aplicaciones
Java

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Protocol

Illegal Byte Code

Character in URL

Multiple Illegal Byte High

Code Character in
URL from
190.233.151.91
Multiple Illegal Byte High
Code Character in
Parameter Name
from 190.233.151.91

Block

11/26/2015
5:15:35 PM

11/26/2015
5:15:39 PM

11/26/2015
5:15:35 PM

11/26/2015
5:15:39 PM

Service Aplicaciones
Java

Protocol

Illegal Byte Code

Character in
Parameter Name

11/26/2015
5:15:35 PM

11/26/2015
5:15:39 PM

Service Aplicaciones
Java

Protocol

Illegal Byte Code

Character in Query
String

Multiple Illegal Byte

Code Character in
Query String from
190.233.151.91

High

Block

11/26/2015
5:46:36 PM

11/26/2015
5:46:36 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

Medium

None

11/26/2015
5:46:36 PM

11/26/2015
5:46:36 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

Medium

11/26/2015
6:29:06 PM

11/26/2015
6:29:06 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
6:52:32 PM

11/26/2015
6:52:32 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
7:20:12 PM

11/26/2015
7:20:12 PM

Service Aplicaciones App Sigu

Java

Profile

Parameter Type
Violation

Parameter Type
Violation txt_sumilla
in
aplicaciones.mininte
r.gob.pe/sige/sanexa
raexpedienteregistra
r
Parameter Type
Violation txt_sumilla
in
aplicaciones.mininte
r.gob.pe/sige/srespo
nderregistrar
Parameter Type
Violation txtNombres
in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentoexternoregistr
ar
Parameter Type
Violation txt_sumilla
in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentoexternoregistr
ar
Parameter Type
Violation obs in
aplicaciones.mininte
r.gob.pe/sigu/usuario
.do

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Source
GeoLocation

]dz[[#20]]
b[[#30]][[#15]]i[[#
28]][[#25]]dyv[[#
25]]>i9ej.
j@[[#22]]x2}
em[[#7]][[#24]]
[[#2]]z[[#16]]e
x`d[[#6]]
[[#29]]
zmlk[[#19]]
!ifg\[[#7]]x[[
#0]]rmm2.s[[
#23]]k\][[#27]]
)
/sige/sanexaraexpedi
enteregistrar

Peru (outdated)

None

/sige/sresponderregi
strar

Peru (outdated)

Medium

None

/sige/sdocumentoext Peru (outdated)

ernoregistrar

Medium

None

/sige/sdocumentoext Peru (outdated)

ernoregistrar

Medium

None

/sigu/usuario.do

Block

Peru (outdated)

Peru (outdated)

Peru (outdated)

Peru (outdated)

Page 27

Alert Start Time Alert End Time

Num. Service
Application
of
Events
1
Service Aplicaciones App Sige
Java

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Profile

Parameter Type
Violation

Parameter Type
Violation txt_sumilla
in
aplicaciones.mininte
r.gob.pe/sige/smodifi
carexternograbar
Cookie Injection on
cookie
SSESSd88321c116bf
040fcbd4305d5dfa1
089 with value 6C61ibiiHLQ1undzjM9
_Hnqi2mpvSE6NExO5p0ocs
Parameter Type
Violation combo3 in
aplicaciones.mininte
r.gob.pe/sige/scomb
ouo9
Parameter Type
Violation combo3 in
aplicaciones.mininte
r.gob.pe/sige/scomb
ouo11

Medium

None

/sige/smodificarexter Peru (outdated)

nograbar

Medium

Block

/sige/susuariovalidar

Peru (outdated)

Medium

None

/sige/scombouo9

Peru (outdated)

Medium

None

/sige/scombouo11

Peru (outdated)

Web Worm from

95.211.156.100
Multiple Redundant
HTTP Headers in
header Referer
Multiple Illegal Byte
Code Character in
Parameter Value
from 87.114.187.212
Parameter Type
Violation q in
search.daum.net/sea
rch
Parameter Type
Violation as_q in
www.google.com/sea
rch
Distributed Bloqueo
CPanel

High

Block

/cgi-bin/textenv.pl

Medium

None

Medium

None

/used_cars/vehicledetail/ul1327105516
/ford/f150
/announce

Netherlands
(outdated)
United States of
America (outdated)

Medium

None

/search

Korea, Republic of
(outdated)

Medium

None

/search

United States of
America (outdated)

High

Block

/admin/archivos/231
12011055159_acta
resultado preliminar
cas 093.pdf

Germany (outdated)

11/26/2015
7:27:58 PM

11/26/2015
7:27:58 PM

11/26/2015
7:29:01 PM

11/26/2015
7:29:49 PM

Service Aplicaciones App Sige

Java

Profile

Cookie Injection

11/26/2015
10:32:42 PM

11/26/2015
10:32:42 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

11/26/2015
10:32:59 PM

11/26/2015
10:32:59 PM

Service Aplicaciones App Sige

Java

Profile

Parameter Type
Violation

Source
GeoLocation

Service: Service Pagina Web

11/25/2015
4:14:27 PM
11/25/2015
9:41:53 PM

11/27/2015
5:14:25 AM
11/26/2015
12:42:20 AM

24

Service Pagina Web

App Pagina Web Worm

Web Worm

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

11/25/2015
9:55:34 PM

11/26/2015
8:09:05 AM

Service Pagina Web

App Pagina Web Protocol

Illegal Byte Code

Character in
Parameter Value

11/25/2015
10:31:56 PM

11/26/2015
3:20:02 AM

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/25/2015
10:40:23 PM

11/26/2015
1:25:55 PM

25

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/25/2015
10:43:32 PM

11/26/2015
10:43:15 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

United Kingdom of
Great Britain
(outdated)

Page 28

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Custom

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Custom Violation

Distributed Bloqueo
CPanel

High

Block

Germany (outdated)

11/25/2015
10:43:32 PM

11/26/2015
10:43:15 AM

11/25/2015
10:43:32 PM

11/27/2015
5:27:22 AM

10

Service Pagina Web

App Pagina Web Custom

Custom Violation

Distributed Bloqueo
CPanel

High

Block

11/25/2015
10:43:32 PM

11/26/2015
10:43:15 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Distributed Bloqueo
CPanel

High

Block

11/25/2015
10:43:32 PM

11/26/2015
10:43:15 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Distributed Bloqueo
CPanel

High

Block

11/25/2015
10:43:32 PM

11/26/2015
10:43:15 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Distributed Bloqueo
CPanel

High

Block

11/25/2015
10:43:32 PM

11/26/2015
10:43:15 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Distributed Bloqueo
CPanel

High

Block

11/25/2015
10:43:32 PM

11/26/2015
10:25:55 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Distributed Bloqueo
CPanel

High

Block

11/25/2015
10:43:32 PM

11/26/2015
10:43:15 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Distributed Bloqueo
CPanel

High

Block

11/25/2015
10:43:32 PM

11/26/2015
10:43:15 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Distributed Bloqueo
CPanel

High

Block

11/25/2015
11:02:38 PM
11/25/2015
11:02:38 PM
11/25/2015
11:02:38 PM
11/25/2015
11:06:46 PM

11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM
11/26/2015
9:43:44 AM
11/26/2015
12:06:30 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Low

None

Service Pagina Web

App Pagina Web Custom

Custom Violation

Low

None

/out.php

France (outdated)

Service Pagina Web

App Pagina Web Custom

Custom Violation

Low

None

/index.php

France (outdated)

17

Service Pagina Web

Protocol

High

Block

11/25/2015
11:06:46 PM

11/26/2015
12:06:30 AM

Service Pagina Web

Protocol

Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed Illegal
Byte Code Character
in Header Name
Distributed Illegal
Byte Code Character
in Header Name

/admin/archivos/231
12011055310_acta
resultado preliminar
cas 096.pdf
/sites/all/modules/ad
min_menu/admin_de
vel/admin_devel.js
/admin/archivos/120
82013133911_acta
resultado preliminar
cas 139.pdf
/admin/archivos/010
42013142242_acta
resultado preliminar
proceso cas 34.pdf
/admin/archivos/260
42012112611_relaci
on_pensionistas_hab
eres_mar2012.pdf
/admin/archivos/lega
les/28072011091551
_rm ogaj.pdf
/sites/all/modules/ad
min_menu/admin_de
vel/admin_devel.js
/admin/archivos/151
22010130333_result
ado final
convocatoria 17defensa nacional.pdf
/sites/all/modules/ad
min_menu/admin_de
vel/admin_devel.js
/cgi-bin/info.php

High

Block

]^<hg[[#29]] Peru (outdated)

<q~8c[[#18]]
im$h
9f1w[|[[#30]] Peru (outdated)
+c

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Illegal Byte Code

Character in Header
Name
Illegal Byte Code
Character in Header
Name

United States of
America (outdated)
Germany (outdated)

Germany (outdated)

Germany (outdated)

Germany (outdated)

Argentina (outdated)

Germany (outdated)

Netherlands
(outdated)
France (outdated)

Page 29

Alert Start Time Alert End Time

Num. Service
of
Events
21
Service Pagina Web

Application

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Protocol

Illegal Byte Code

Character in Header
Name
Illegal Byte Code
Character in Header
Name

Distributed Illegal
Byte Code Character
in Header Name
Distributed Illegal
Byte Code Character
in Header Name

High

Block

Peru (outdated)

High

Block

5@o*p[[#12]]t Peru (outdated)

x[[#20]]|[[#31
]]t>[[#8]][
[#26]]tctos
z3n=6pv"3j
[[#30]]zj[[#30]]q
x)[[#3]]sp[[#15
]]mp^il[[
#31]][[#15]]]
ow-3
[[#18]]ud`o[ Peru (outdated)
[#29]]+[[#2
9]]^hj(y[ez
b_"[[#11]][[#
16]][[#26]]fu@g

Peru (outdated)

11/25/2015
11:06:46 PM

11/26/2015
12:06:30 AM

11/25/2015
11:06:46 PM

11/26/2015
12:06:30 AM

21

Service Pagina Web

Protocol

11/25/2015
11:06:46 PM

11/26/2015
12:06:30 AM

15

Service Pagina Web

Protocol

Illegal Byte Code

Character in Header
Name

Distributed Illegal
Byte Code Character
in Header Name

High

Block

11/25/2015
11:06:46 PM

11/26/2015
12:06:30 AM

Service Pagina Web

Protocol

Block

11/26/2015
12:06:30 AM

19

Service Pagina Web

App Pagina Web Protocol

High

Block

[[#30]]0x3f Peru (outdated)

gu

11/25/2015
11:06:46 PM

11/26/2015
12:06:30 AM

21

Service Pagina Web

Protocol

High

Block

11/25/2015
11:18:53 PM

11/26/2015
12:07:36 AM

Service Pagina Web

Protocol

High

Block

11/25/2015
11:18:53 PM

11/26/2015
12:07:36 AM

Service Pagina Web

Protocol

Illegal Byte Code

Character in URL

High

Block

]^<hg[[#29]] Peru (outdated)

<q~8c[[#18]]
im$h
t
Peru (outdated)

11/25/2015
11:18:53 PM

11/26/2015
12:07:36 AM

Service Pagina Web

App Pagina Web Protocol

Illegal Byte Code

Character in URL

High

Block

[[#30]]0x3f Peru (outdated)

gu

11/25/2015
11:18:53 PM

11/26/2015
12:07:36 AM

Service Pagina Web

Protocol

Illegal Byte Code

Character in URL

Distributed Illegal
Byte Code Character
in Header Name
Distributed Illegal
Byte Code Character
in Header Name
Distributed Illegal
Byte Code Character
in Header Name
Distributed Illegal
Byte Code Character
in URL
Distributed Illegal
Byte Code Character
in URL
Distributed Illegal
Byte Code Character
in URL
Distributed Illegal
Byte Code Character
in URL

High

11/25/2015
11:06:46 PM

Illegal Byte Code

Character in Header
Name
Illegal Byte Code
Character in Header
Name
Illegal Byte Code
Character in Header
Name
Illegal Byte Code
Character in URL

High

Block

5@o*p[[#12]]t Peru (outdated)

x[[#20]]|[[#31
]]t>[[#8]][
[#26]]tctos
z3n=6pv"3j
[[#30]]zj[[#30]]q
x)[[#3]]sp[[#15
]]mp^il[[
#31]][[#15]]]
ow-3

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Peru (outdated)

Page 30

Alert Start Time Alert End Time

Num. Service
of
Events
2
Service Pagina Web

Application

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Protocol

Illegal Byte Code

Character in URL

Distributed Illegal
Byte Code Character
in URL

High

Block

Source
GeoLocation

11/25/2015
11:18:53 PM

11/26/2015
12:07:36 AM

11/25/2015
11:18:53 PM

11/26/2015
12:07:36 AM

Service Pagina Web

Protocol

Illegal Byte Code

Character in URL

Distributed Illegal
Byte Code Character
in URL

High

Block

11/25/2015
11:18:53 PM

11/26/2015
12:07:36 AM

Service Pagina Web

Protocol

Illegal Byte Code

Character in URL

High

Block

11/25/2015
11:18:53 PM

11/26/2015
12:07:36 AM

Service Pagina Web

Protocol

Illegal Byte Code

Character in URL

High

Block

9f1w[|[[#30]]
+c

11/25/2015
11:24:44 PM

11/27/2015
5:28:43 AM

Service Pagina Web

App Pagina Web Protocol

Unauthorized
Request Content
Type

Medium

None

/gpservices/proxyjud Netherlands
ge7/
(outdated)

11/25/2015
11:24:44 PM

11/27/2015
5:28:43 AM

18

Service Pagina Web

App Pagina Web Protocol

Unauthorized
Request Content
Type

Medium

None

/judge/

France (outdated)

11/25/2015
11:24:44 PM

11/26/2015
11:26:56 AM

Service Pagina Web

App Pagina Web Protocol

Unauthorized
Request Content
Type

Medium

None

/judge/

Turkey (outdated)

11/25/2015
11:24:44 PM

11/27/2015
5:28:43 AM

18

Service Pagina Web

App Pagina Web Protocol

Unauthorized
Request Content
Type

Distributed Illegal
Byte Code Character
in URL
Distributed Illegal
Byte Code Character
in URL
Multiple
Unauthorized
Request Content
Type:
'text/html,applicatio
n/xhtml+xml,applica
tion/xml;q=0.9,imag
e/webp,*/*;q=0.8'
Multiple
Unauthorized
Request Content
Type:
'text/html,applicatio
n/xhtml+xml,applica
tion/xml;q=0.9,imag
e/webp,*/*;q=0.8'
Multiple
Unauthorized
Request Content
Type:
'text/html,applicatio
n/xhtml+xml,applica
tion/xml;q=0.9,imag
e/webp,*/*;q=0.8'
Multiple
Unauthorized
Request Content
Type:
'text/html,applicatio
n/xhtml+xml,applica
tion/xml;q=0.9,imag
e/webp,*/*;q=0.8'

Medium

None

/judge/

United States of
America (outdated)

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

jz[[#21]]na[[#1 Peru (outdated)

6]]7[[#1]][[#23]]7
:[[#31]][[#4]]u
rk([[#15]][[#1
8]]w\}%h
[[#18]]ud`o[ Peru (outdated)
[#29]]+[[#2
9]]^hj(y[ez
b_"[[#11]][[#
16]][[#26]]fu@g

Peru (outdated)

Peru (outdated)

Page 31

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Worm

Web Worm

11/25/2015
11:36:27 PM

11/26/2015
12:30:16 AM

11/25/2015
11:36:27 PM

11/26/2015
12:30:16 AM

Service Pagina Web

App Pagina Web Worm

Web Worm

11/25/2015
11:44:59 PM

11/26/2015
5:13:15 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/25/2015
11:44:59 PM

11/26/2015
5:13:15 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/25/2015
11:45:27 PM

11/26/2015
11:48:01 AM

Service Pagina Web

Protocol

Illegal Byte Code

Character in Method

11/25/2015
11:45:27 PM

11/26/2015
11:48:01 AM

Service Pagina Web

Protocol

Illegal Byte Code

Character in Method

11/25/2015
11:45:27 PM

11/26/2015
11:48:01 AM

Service Pagina Web

Protocol

Illegal Byte Code

Character in Method

11/25/2015
11:45:27 PM

11/26/2015
11:48:01 AM

Service Pagina Web

Protocol

Illegal Byte Code

Character in Method

11/25/2015
11:45:27 PM

11/26/2015
11:48:01 AM

Service Pagina Web

Protocol

Illegal Byte Code

Character in Method

11/25/2015
11:45:27 PM

11/26/2015
11:48:01 AM

Service Pagina Web

App Pagina Web Protocol

Illegal Byte Code

Character in Method

11/25/2015
11:45:27 PM

11/26/2015
11:48:01 AM

Service Pagina Web

Protocol

Illegal Byte Code

Character in Method

11/25/2015
11:45:27 PM

11/26/2015
11:48:01 AM

Service Pagina Web

Protocol

Illegal Byte Code

Character in Method

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Multiple URL worm

attacks from
45.63.1.12
Multiple URL worm
attacks from
45.63.1.12
Distributed Robot
site scan attempt
4(+)
Distributed Robot
site scan attempt
4(+)
Distributed Illegal
Byte Code Character
in Method

High

Block

/cgi-bin/awstats.pl

United States of
America (outdated)

High

Block

/c/

United States of
America (outdated)

High

Block

/ping/200.48.4.150

High

Block

/ping/200.48.4.150

Iran, Islamic
Republic of
(outdated)
Netherlands
(outdated)

High

Block

Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method

High

Block

[[#18]]ud`o[ Peru (outdated)

[#29]]+[[#2
9]]^hj(y[ez
b_"[[#11]][[#
16]][[#26]]fu@g
9f1w[|[[#30]] Peru (outdated)
+c

High

Block

Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method

High

Block

High

Block

High

Block

[[#30]]0x3f Peru (outdated)

gu

High

Block

Peru (outdated)

High

Block

jz[[#21]]na[[#1 Peru (outdated)

6]]7[[#1]][[#23]]7
:[[#31]][[#4]]u
rk([[#15]][[#1
8]]w\}%h
]^<hg[[#29]] Peru (outdated)
<q~8c[[#18]]
im$h
t
Peru (outdated)

Peru (outdated)

Page 32

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Protocol

Illegal Byte Code

Character in Method

Distributed Illegal
Byte Code Character
in Method

High

Block

Multiple Illegal HTTP

Version from
201.240.112.33
Multiple Illegal HTTP
Version from
201.240.112.33
Multiple Illegal HTTP
Version from
201.240.112.33

High

Block

High

Block

High

Block

Multiple Unknown
HTTP Request
Method from
201.240.112.33
Multiple Illegal Byte
Code Character in
Header Value from
201.240.112.33
Multiple Illegal Byte
Code Character in
Header Value from
201.240.112.33
Multiple Illegal HTTP
Version from
201.240.112.33
Multiple Illegal HTTP
Version from
201.240.112.33

High

Block

Medium

None

Peru (outdated)

Medium

None

[[#30]]0x3f Peru (outdated)

gu

High

Block

High

Block

5@o*p[[#12]]t Peru (outdated)

x[[#20]]|[[#31
]]t>[[#8]][
[#26]]tctos
z3n=6pv"3j
[[#30]]zj[[#30]]q
x)[[#3]]sp[[#15
]]mp^il[[
#31]][[#15]]]
ow-3

11/25/2015
11:45:27 PM

11/26/2015
11:48:01 AM

11/26/2015
12:04:54 AM

11/26/2015
12:06:30 AM

Service Pagina Web

Protocol

Illegal HTTP Version

11/26/2015
12:04:54 AM

11/26/2015
12:06:30 AM

Service Pagina Web

Protocol

Illegal HTTP Version

11/26/2015
12:04:54 AM

11/26/2015
12:06:30 AM

Service Pagina Web

Protocol

Illegal HTTP Version

11/26/2015
12:04:54 AM

11/26/2015
12:07:36 AM

Service Pagina Web

Protocol

Unknown HTTP
Request Method

11/26/2015
12:04:54 AM

11/26/2015
12:06:30 AM

11

Service Pagina Web

Protocol

Illegal Byte Code

Character in Header
Value

11/26/2015
12:04:54 AM

11/26/2015
12:06:30 AM

Service Pagina Web

App Pagina Web Protocol

Illegal Byte Code

Character in Header
Value

11/26/2015
12:04:54 AM

11/26/2015
12:06:30 AM

Service Pagina Web

Protocol

Illegal HTTP Version

11/26/2015
12:04:54 AM

11/26/2015
12:06:30 AM

Service Pagina Web

Protocol

Illegal HTTP Version

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Source
GeoLocation

5@o*p[[#12]]t Peru (outdated)

x[[#20]]|[[#31
]]t>[[#8]][
[#26]]tctos
z3n=6pv"3j
[[#30]]zj[[#30]]q
x)[[#3]]sp[[#15
]]mp^il[[
#31]][[#15]]]
ow-3
]^<hg[[#29]] Peru (outdated)
<q~8c[[#18]]
im$h
9f1w[|[[#30]] Peru (outdated)
+c
[[#18]]ud`o[ Peru (outdated)
[#29]]+[[#2
9]]^hj(y[ez
b_"[[#11]][[#
16]][[#26]]fu@g
]^<hg[[#29]] Peru (outdated)
<q~8c[[#18]]
im$h

Peru (outdated)

Page 33

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Protocol

Unknown HTTP
Request Method

Multiple Unknown
HTTP Request
Method from
201.240.112.33

High

Block

Multiple Illegal Byte

Code Character in
Header Value from
201.240.112.33
Multiple Unknown
HTTP Request
Method from
201.240.112.33
Multiple Unknown
HTTP Request
Method from
201.240.112.33

Medium

None

High

Block

9f1w[|[[#30]]
+c

Peru (outdated)

High

Block

jz[[#21]]na[[#1
6]]7[[#1]][[#23]]7
:[[#31]][[#4]]u
rk([[#15]][[#1
8]]w\}%h
[[#18]]ud`o[
[#29]]+[[#2
9]]^hj(y[ez
b_"[[#11]][[#
16]][[#26]]fu@g
[[#18]]ud`o[
[#29]]+[[#2
9]]^hj(y[ez
b_"[[#11]][[#
16]][[#26]]fu@g
9f1w[|[[#30]]
+c

Peru (outdated)

11/26/2015
12:04:54 AM

11/26/2015
12:07:36 AM

11/26/2015
12:04:54 AM

11/26/2015
12:06:30 AM

Service Pagina Web

Protocol

Illegal Byte Code

Character in Header
Value

11/26/2015
12:04:54 AM

11/26/2015
12:07:36 AM

Service Pagina Web

Protocol

Unknown HTTP
Request Method

11/26/2015
12:04:54 AM

11/26/2015
12:07:36 AM

Service Pagina Web

Protocol

Unknown HTTP
Request Method

11/26/2015
12:04:54 AM

11/26/2015
12:06:30 AM

11

Service Pagina Web

Protocol

Illegal Byte Code

Character in Header
Value

Multiple Illegal Byte

Code Character in
Header Value from
201.240.112.33

Medium

None

11/26/2015
12:04:54 AM

11/26/2015
12:07:36 AM

Service Pagina Web

Protocol

Unknown HTTP
Request Method

Multiple Unknown
HTTP Request
Method from
201.240.112.33

High

Block

11/26/2015
12:04:54 AM

11/26/2015
12:06:30 AM

Service Pagina Web

Protocol

Illegal Byte Code

Character in Header
Value

Medium

None

11/26/2015
12:04:54 AM

11/26/2015
12:06:30 AM

10

Service Pagina Web

Protocol

Illegal Byte Code

Character in Header
Value

Medium

None

]^<hg[[#29]] Peru (outdated)

<q~8c[[#18]]
im$h

11/26/2015
12:04:54 AM

11/26/2015
12:07:36 AM

Service Pagina Web

Protocol

Unknown HTTP
Request Method

Multiple Illegal Byte

Code Character in
Header Value from
201.240.112.33
Multiple Illegal Byte
Code Character in
Header Value from
201.240.112.33
Multiple Unknown
HTTP Request
Method from
201.240.112.33

High

Block

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

5@o*p[[#12]]t Peru (outdated)

x[[#20]]|[[#31
]]t>[[#8]][
[#26]]tctos
z3n=6pv"3j
[[#30]]zj[[#30]]q
x)[[#3]]sp[[#15
]]mp^il[[
#31]][[#15]]]
ow-3
t
Peru (outdated)

Peru (outdated)

Peru (outdated)

Peru (outdated)

Peru (outdated)

Page 34

Alert Start Time Alert End Time

Num. Service
of
Events
2
Service Pagina Web

Application

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Protocol

Unknown HTTP
Request Method

Multiple Unknown
HTTP Request
Method from
201.240.112.33
Multiple Unknown
HTTP Request
Method from
201.240.112.33
Multiple Illegal HTTP
Version from
201.240.112.33
Multiple Unknown
HTTP Request
Method from
201.240.112.33
Multiple Illegal Byte
Code Character in
Header Value from
201.240.112.33

High

Block

Peru (outdated)

High

Block

Peru (outdated)

High

Block

Peru (outdated)

High

Block

[[#30]]0x3f Peru (outdated)

gu

Medium

None

Multiple Illegal HTTP

Version from
201.240.112.33
Multiple Illegal Byte
Code Character in
Header Value from
201.240.112.33
Illegal Byte Code
Character in Query
String
[[#11]]K6@6o
_ [[#26]]; on
]^<hg[[#29]]
<q~8c[[#18]]
im$h
Illegal Byte Code
Character in
Parameter Name
[[#11]]K6@6o
_ [[#26]]; in
]^<hg[[#29]]
<q~8c[[#18]]
im$h

High

Block

5@o*p[[#12]]t Peru (outdated)

x[[#20]]|[[#31
]]t>[[#8]][
[#26]]tctos
z3n=6pv"3j
[[#30]]zj[[#30]]q
x)[[#3]]sp[[#15
]]mp^il[[
#31]][[#15]]]
ow-3
[[#30]]0x3f Peru (outdated)
gu

Medium

None

High

Block

]^<hg[[#29]] Peru (outdated)

<q~8c[[#18]]
im$h

High

Block

]^<hg[[#29]] Peru (outdated)

<q~8c[[#18]]
im$h

11/26/2015
12:04:54 AM

11/26/2015
12:07:36 AM

11/26/2015
12:04:54 AM

11/26/2015
12:07:36 AM

Service Pagina Web

Protocol

Unknown HTTP
Request Method

11/26/2015
12:04:54 AM

11/26/2015
12:06:30 AM

Service Pagina Web

Protocol

Illegal HTTP Version

11/26/2015
12:04:54 AM

11/26/2015
12:07:36 AM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
12:04:54 AM

11/26/2015
12:06:30 AM

13

Service Pagina Web

Protocol

Illegal Byte Code

Character in Header
Value

11/26/2015
12:04:54 AM

11/26/2015
12:06:30 AM

Service Pagina Web

App Pagina Web Protocol

Illegal HTTP Version

11/26/2015
12:04:54 AM

11/26/2015
12:06:30 AM

Service Pagina Web

Protocol

Illegal Byte Code

Character in Header
Value

11/26/2015
12:05:00 AM

11/26/2015
12:05:00 AM

Service Pagina Web

Protocol

Illegal Byte Code

Character in Query
String

11/26/2015
12:05:00 AM

11/26/2015
12:05:00 AM

Service Pagina Web

Protocol

Illegal Byte Code

Character in
Parameter Name

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Unknown HTTP
Request Method

Peru (outdated)

Page 35

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

App Pagina Web Protocol

Illegal Host Name

Distributed Illegal
Host Name
Distributed Illegal
Host Name
Distributed Illegal
Host Name
Distributed Illegal
Host Name
Parameter Type
Violation start in
www.google.com/sea
rch
Scraping attack on
App Pagina Web

High

Block

Germany (outdated)

15

Service Pagina Web

App Pagina Web Protocol

Illegal Host Name

High

Block

/data/

12

Service Pagina Web

App Pagina Web Protocol

Illegal Host Name

High

Block

High

Block

/de/wasserzeichen.ht Germany (outdated)

ml
Lithuania (outdated)

34

Service Pagina Web

App Pagina Web Protocol

Illegal Host Name

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

Medium

None

/search

Germany (outdated)

Scraping Attack

High

Block

45.22.7.33:24843

Scraping Attack

Scraping attack on
App Pagina Web

High

Block

5.102.221.118:5336
3

Scraping Attack

Scraping attack on
App Pagina Web

High

Block

92.251.74.30:50321

Scraping Attack

Scraping attack on
App Pagina Web

High

Block

80.216.80.251:2365
2

Scraping Attack

Scraping attack on
App Pagina Web

High

Block

5.55.163.242:19359

Parameter Type
Violation

Parameter Type
Medium
Violation oq in
173.194.53.102/sear
ch
Access to: /bin/get
High

None

/search

United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United States of
America (outdated)

Block

/bin/get

Distributed
Medium
Parameter Type
Violation on
steamcommunity.co
m/market/priceoverv
iew/ parameter
market_hash_name
Parameter Type
Medium
Violation gb_id in
www.biotoxxx.com/g
uestbook/comment.p
hp

None

/market/priceovervie United States of

w/
America (outdated)

None

/guestbook/comment France (outdated)

.php

11/26/2015
12:12:39 AM
11/26/2015
12:12:39 AM
11/26/2015
12:12:39 AM
11/26/2015
12:12:39 AM
11/26/2015
12:27:09 AM

11/26/2015
12:13:40 PM
11/27/2015
12:18:09 AM
11/27/2015
12:18:09 AM
11/27/2015
12:18:09 AM
11/26/2015
6:22:25 AM

11/26/2015
12:40:39 AM

11/26/2015
2:26:22 AM

Service Pagina Web

11/26/2015
12:40:39 AM

11/26/2015
2:26:22 AM

Service Pagina Web

11/26/2015
12:40:39 AM

11/26/2015
2:26:22 AM

Service Pagina Web

11/26/2015
12:40:39 AM

11/26/2015
2:26:22 AM

Service Pagina Web

11/26/2015
12:40:39 AM

11/26/2015
2:26:22 AM

Service Pagina Web

11/26/2015
12:58:44 AM

11/26/2015
12:58:44 AM

Service Pagina Web

App Pagina Web Anti

Automatio
n
App Pagina Web Anti
Automatio
n
App Pagina Web Anti
Automatio
n
App Pagina Web Anti
Automatio
n
App Pagina Web Anti
Automatio
n
App Pagina Web Profile

11/26/2015
12:59:27 AM
11/26/2015
1:07:58 AM

11/26/2015
10:50:57 PM
11/26/2015
2:32:09 AM

Service Pagina Web

App Pagina Web Worm

Web Worm

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
1:08:24 AM

11/26/2015
1:35:04 AM

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Germany (outdated)

Japan (outdated)

Page 36

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
1:34:40 AM

11/26/2015
3:44:22 AM

11/26/2015
1:34:40 AM

11/26/2015
3:44:22 AM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
1:34:40 AM

11/26/2015
3:44:22 AM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
1:34:40 AM

11/26/2015
3:44:22 AM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
1:37:18 AM
11/26/2015
1:49:12 AM

11/26/2015
1:37:18 AM
11/26/2015
1:49:12 AM

Service Pagina Web

App Pagina Web Worm

Web Worm

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
1:51:31 AM

11/26/2015
1:51:31 AM

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
1:53:38 AM

11/26/2015
1:53:38 AM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
2:05:21 AM

11/26/2015
2:05:21 AM

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
2:27:49 AM

11/26/2015
2:43:47 AM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Multiple CVE-20148670: vBulletin

'go.php' url
Parameter Open
Redirect(+) from
192.249.64.154
Multiple CVE-20148670: vBulletin
'go.php' url
Parameter Open
Redirect(+) from
192.249.64.154
Multiple CVE-20148670: vBulletin
'go.php' url
Parameter Open
Redirect(+) from
192.249.64.154
Multiple CVE-20148670: vBulletin
'go.php' url
Parameter Open
Redirect(+) from
192.249.64.154
Access to: /cgibin/blockpage.cgi
Parameter Type
Violation oq in
74.125.2.13/search
Parameter Type
Violation oq in
74.125.0.117/search
Multiple
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 3(+) from
106.188.146.162
Parameter Type
Violation to in
ligaretail.ru/away/
Multiple IIS Server
Name Spoofing(+)
from 176.222.137.89

High

Block

/cms/redir.php

United States of
America (outdated)

High

Block

/blogsize/size/header United States of

.php
America (outdated)

High

Block

/guestold/go.php

High

Block

/sub/http:/wuensch- United States of

media.com/portal/we America (outdated)
bverzeichnis/go.php

High

Block

Japan (outdated)

Medium

None

/cgibin/blockpage.cgi
/search

Medium

None

/search

United States of
America (outdated)

Low

None

/disk9/file.php

Japan (outdated)

Medium

None

/away/

United States of
America (outdated)

High

Block

United States of
America (outdated)

United States of
America (outdated)

Kazakhstan
(outdated)

Page 37

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Profile

Parameter Type
Violation

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Parameter Type
Violation id in
ptp.skillerzforum.co
m/promote.php
Parameter Type
Violation oq in
74.125.111.103/sear
ch
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer

Medium

None

/promote.php

Germany (outdated)

Medium

None

/search

United States of
America (outdated)

Medium

None

/used_cars/listings

United States of
America (outdated)

Medium

None

United States of
America (outdated)

United States of
America (outdated)

11/26/2015
2:32:17 AM

11/26/2015
2:32:17 AM

11/26/2015
2:46:36 AM

11/26/2015
2:46:36 AM

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
2:47:52 AM

11/26/2015
11:58:49 PM

59

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

11/26/2015
2:47:52 AM

11/26/2015
4:59:17 AM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

11/26/2015
2:47:52 AM

11/26/2015
4:59:17 AM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

Multiple Redundant
HTTP Headers in
header Referer

Medium

None

11/26/2015
2:47:52 AM

11/26/2015
4:59:17 AM

23

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

Medium

None

11/26/2015
2:47:52 AM

11/26/2015
4:59:17 AM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer

Medium

None

11/26/2015
2:47:52 AM

11/26/2015
4:59:17 AM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

Medium

None

11/26/2015
2:48:00 AM

11/26/2015
2:48:00 AM

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

Medium

None

11/26/2015
2:48:00 AM

11/26/2015
2:48:00 AM

Service Pagina Web

App Pagina Web Correlation SQL injection

High

Block

/search

11/26/2015
2:56:20 AM

11/26/2015
1:40:45 PM

Service Pagina Web

App Pagina Web Protocol

Multiple Redundant
HTTP Headers in
header Referer
Parameter Type
Violation oq in
74.125.6.8/search
SQL injection on
parameter oq in
74.125.6.8/search
Malformed JSON
Message

/dsc_de/globalsessio
nid/dsc_de6937616d
306b6535ff3e54540
3545200/dsc_locale/
de_de/appid/dsc_de/
sitelocale/de_de/vsci
nvokequicktodetaile
dsearch.jam2
/dsc_de/globalsessio
nid/dsc_de6f37383a
3f382e67ff3a325403
555000/dsc_locale/d
e_de/appid/dsc_de/si
telocale/de_de/vscin
vokequicktodetaileds
earch.jam2
/used_cars/vehicledetail/ul1306545433
/cadillac/escalade
/used_cars/vehicledetail/ul1329216053
/jeep/grandcherokee
/used_cars/vehicledetail/ul1327561452
/gmc/yukon-xl-denali
/search

Medium

None

/api/data/updatepost United States of

America (outdated)

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Malformed JSON
Message

United States of
America (outdated)

United States of
America (outdated)
United States of
America (outdated)

United States of
America (outdated)
United States of
America (outdated)

Page 38

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

App Pagina Web Profile

Parameter Type
Violation

Parameter Type
Violation oq in
173.194.25.73/searc
h
Web Worm from
62.210.157.80
Multiple Illegal Byte
Code Character in
Header Name from
31.3.245.106
Scraping attack on
App Pagina Web

Medium

None

/search

United States of
America (outdated)

High

Block

/cgi-bin/info.php

France (outdated)

High

Block

www.stoiximan.gr:44 United Kingdom of

3
Great Britain
(outdated)

High

Block

/sites/default/files/lo
gico.png

Korea, Republic of
(outdated)

Scraping Attack

Scraping attack on
App Pagina Web

High

Block

176.44.123.52:1025

Scraping Attack

Scraping attack on
App Pagina Web

High

Block

164.115.221.51:500
84

Scraping Attack

Scraping attack on
App Pagina Web

High

Block

150.17.206.209:547
22

HTTP Signature
Violation

Multiple
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 14(+) from
162.244.15.117
Multiple
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 14(+) from
162.244.15.117
Multiple URL worm
attacks from
220.221.207.78
Multiple URL worm
attacks from
220.221.207.78
WEB-MISC apache
DOS attempt
Multiple Post
Request - Missing
Content Type: 'none'

Low

None

/search

United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United States of
America (outdated)

Low

None

/do/m/mobilesearch

United States of
America (outdated)

High

Block

/bin/get

Japan (outdated)

High

Block

/bin/get.x

Japan (outdated)

Low

None

Medium

None

United States of
America (outdated)
United States of
America (outdated)

11/26/2015
3:11:47 AM

11/26/2015
3:11:47 AM

11/26/2015
3:14:59 AM
11/26/2015
3:23:49 AM

11/26/2015
8:22:41 AM
11/26/2015
5:05:32 AM

Service Pagina Web

App Pagina Web Worm

Web Worm

Service Pagina Web

App Pagina Web Protocol

Illegal Byte Code

Character in Header
Name

11/26/2015
3:29:39 AM

11/26/2015
4:09:58 AM

Service Pagina Web

Scraping Attack

11/26/2015
3:29:39 AM

11/26/2015
4:09:58 AM

Service Pagina Web

11/26/2015
3:29:39 AM

11/26/2015
4:09:58 AM

Service Pagina Web

11/26/2015
3:29:39 AM

11/26/2015
4:09:58 AM

Service Pagina Web

11/26/2015
3:30:20 AM

11/26/2015
4:29:24 AM

Service Pagina Web

App Pagina Web Anti

Automatio
n
App Pagina Web Anti
Automatio
n
App Pagina Web Anti
Automatio
n
App Pagina Web Anti
Automatio
n
App Pagina Web Signature

11/26/2015
3:30:20 AM

11/26/2015
4:29:24 AM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
3:40:53 AM

11/26/2015
5:28:17 AM

Service Pagina Web

App Pagina Web Worm

Web Worm

11/26/2015
3:40:53 AM

11/26/2015
7:50:42 AM

Service Pagina Web

App Pagina Web Worm

Web Worm

11/26/2015
3:49:29 AM
11/26/2015
4:00:41 AM

11/26/2015
3:49:29 AM
11/26/2015
10:39:30 AM

Service Pagina Web

App Pagina Web Signature

Service Pagina Web

App Pagina Web Protocol

HTTP Signature
Violation
Post Request Missing Content
Type

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Page 39

Alert Start Time Alert End Time

Num. Service
of
Events
3
Service Pagina Web

Application

Alert Type Alert Name

11/26/2015
4:00:41 AM

11/26/2015
1:39:29 PM

11/26/2015
4:02:18 AM

11/26/2015
7:42:10 AM

Service Pagina Web

App Pagina Web Signature

11/26/2015
4:09:59 AM
11/26/2015
4:25:42 AM

11/26/2015
9:22:40 PM
11/26/2015
4:25:42 AM

Service Pagina Web

11/26/2015
4:35:40 AM

11/26/2015
7:06:48 AM

11/26/2015
4:42:29 AM

Severity Immediate URL

Action

Source
GeoLocation

Post Request Missing Content

Type
HTTP Signature
Violation

Multiple Post
Medium
Request - Missing
Content Type: 'none'
Robot site scan
High
attempt 4

None

/omaha/update.php

Portugal (outdated)

Block

/ping/200.48.4.150

App Pagina Web Worm

Web Worm

High

Block

/cgi/rank.cgi

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

Medium

None

/away/

Thailand (outdated)

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

Medium

None

/web

United States of
America (outdated)

11/26/2015
5:15:11 AM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

High

Block

/vote/pennywise/

Germany (outdated)

11/26/2015
5:13:37 AM

11/26/2015
6:27:02 AM

Service Pagina Web

Scraping Attack

High

Block

/announce

11/26/2015
5:13:37 AM

11/26/2015
6:27:02 AM

Service Pagina Web

Scraping Attack

Scraping attack on
App Pagina Web

High

Block

46.166.186.244:545
80

11/26/2015
5:13:37 AM

11/26/2015
6:27:02 AM

Service Pagina Web

Scraping Attack

Scraping attack on
App Pagina Web

High

Block

10.240.254.117:555
07

11/26/2015
5:13:37 AM

11/26/2015
6:27:02 AM

Service Pagina Web

Scraping Attack

Scraping attack on
App Pagina Web

High

Block

196.46.0.51:64540

11/26/2015
5:23:30 AM

11/26/2015
5:23:30 AM

Service Pagina Web

App Pagina Web Anti

Automatio
n
App Pagina Web Anti
Automatio
n
App Pagina Web Anti
Automatio
n
App Pagina Web Anti
Automatio
n
App Pagina Web Profile

Access to:
/cgi/rank.cgi
Parameter Type
Violation to in
ligaretail.ru/away/
Parameter Type
Violation q in
search.mail.com/web
Multiple XSS - Basic
3(+) from
79.219.218.87
Scraping attack on
App Pagina Web

Iran, Islamic
Republic of
(outdated)
Japan (outdated)

Parameter Type
Violation

None

/newserving/getkey.
php

11/26/2015
5:26:52 AM
11/26/2015
5:31:05 AM

11/26/2015
5:26:52 AM
11/26/2015
5:32:49 PM

Service Pagina Web

App Pagina Web Signature

None

/cgi-bin/prxjdg.cgi

30

Service Pagina Web

App Pagina Web Protocol

HTTP Signature
Violation
Illegal Byte Code
Character in URL

Parameter Type
Medium
Violation url in
adserving.cpmgo.co
m/newserving/getke
y.php
cgiLow
bin/prxjdg.cgi.access
Multiple Illegal Byte High
Code Character in
URL from
209.104.144.76

United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United States of
America (outdated)

Block

11/26/2015
5:34:27 AM

11/26/2015
5:34:27 AM

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation oq in
74.125.6.111/search

None

/used-list/make1<!doctype html>
<html>
<head>
<meta httpequiv=content-type
content=text/html
/search

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

App Pagina Web Protocol

Alert Description

Parameter Type
Violation

Medium

United States of
America (outdated)
United States of
America (outdated)

United States of
America (outdated)

Page 40

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
5:35:17 AM

11/26/2015
5:54:00 AM

11/26/2015
5:35:17 AM

11/26/2015
5:54:00 AM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
5:43:39 AM

11/26/2015
5:43:39 AM

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
5:43:39 AM

11/26/2015
5:43:39 AM

Service Pagina Web

App Pagina Web Correlation SQL injection

11/26/2015
6:04:43 AM

11/26/2015
6:37:55 AM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
6:10:28 AM

11/26/2015
6:10:28 AM

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
6:14:22 AM
11/26/2015
6:32:14 AM
11/26/2015
6:43:49 AM

11/26/2015
6:14:22 AM
11/26/2015
4:51:36 PM
11/26/2015
7:00:02 AM

Service Pagina Web

App Pagina Web Protocol

Service Pagina Web

App Pagina Web Worm

Redundant HTTP
Headers
Web Worm

Service Pagina Web

App Pagina Web Protocol

Illegal HTTP Version

11/26/2015
6:43:49 AM

11/26/2015
7:00:02 AM

Service Pagina Web

App Pagina Web Protocol

Illegal HTTP Version

11/26/2015
6:43:49 AM

11/26/2015
7:00:02 AM

Service Pagina Web

App Pagina Web Protocol

Illegal HTTP Version

11/26/2015
6:43:49 AM

11/26/2015
7:00:02 AM

Service Pagina Web

App Pagina Web Protocol

Illegal HTTP Version

11/26/2015
6:43:49 AM

11/26/2015
7:00:02 AM

Service Pagina Web

App Pagina Web Protocol

Illegal HTTP Version

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Distributed CVE2014-8670: vBulletin

'go.php' url
Parameter Open
Redirect(+)
Distributed CVE2014-8670: vBulletin
'go.php' url
Parameter Open
Redirect(+)
Parameter Type
Violation oq in
173.194.37.65/searc
h
SQL injection on
parameter oq in
173.194.37.65/searc
h
Distributed Robot
site scan attempt
4(+)
Parameter Type
Violation i in
ad.4ptp.com/ads.php
Redundant HTTP
Headers Referer
Access to: /cgibin/info.php
Multiple Illegal HTTP
Version from
178.63.53.14
Multiple Illegal HTTP
Version from
178.63.53.14
Multiple Illegal HTTP
Version from
178.63.53.14

High

Block

/modify-companydetails

United States of
America (outdated)

High

Block

/annuaire/go.php

France (outdated)

Medium

None

/search

United States of
America (outdated)

High

Block

/search

United States of
America (outdated)

High

Block

/loginn

Egypt (outdated)

Medium

None

/ads.php

Germany (outdated)

Medium

None

/used_cars/listings

High

Block

/cgi-bin/info.php

United States of
America (outdated)
France (outdated)

High

Block

/sites/default/files/m
of

High

Block

/sites/default/files/05 Germany (outdated)

062011104413_ley

High

Block

Multiple Illegal HTTP

Version from
178.63.53.14
Multiple Illegal HTTP
Version from
178.63.53.14

High

Block

/sites/default/files/st Germany (outdated)

yles/grande/public/sc
reenshotwww.flickr.com
/sites/default/files/ds Germany (outdated)

High

Block

Germany (outdated)

/sites/default/files/st Germany (outdated)

yles/miniatura/public
/screenshotwww.flickr.com

Page 41

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Protocol

Illegal HTTP Version

11/26/2015
6:43:49 AM

11/26/2015
7:00:02 AM

11/26/2015
6:43:49 AM

11/26/2015
7:00:02 AM

Service Pagina Web

App Pagina Web Protocol

Illegal HTTP Version

11/26/2015
6:43:49 AM

11/26/2015
7:00:02 AM

Service Pagina Web

App Pagina Web Protocol

Illegal HTTP Version

11/26/2015
6:43:49 AM

11/26/2015
7:00:02 AM

Service Pagina Web

App Pagina Web Protocol

Illegal HTTP Version

11/26/2015
6:43:49 AM

11/26/2015
7:00:02 AM

Service Pagina Web

App Pagina Web Protocol

Illegal HTTP Version

11/26/2015
6:43:49 AM

11/26/2015
7:00:02 AM

Service Pagina Web

App Pagina Web Protocol

Illegal HTTP Version

11/26/2015
6:43:49 AM

11/26/2015
7:00:02 AM

Service Pagina Web

App Pagina Web Protocol

Illegal HTTP Version

11/26/2015
6:43:49 AM

11/26/2015
7:00:02 AM

Service Pagina Web

App Pagina Web Protocol

Illegal HTTP Version

11/26/2015
6:45:55 AM

11/26/2015
6:45:55 AM

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
6:47:48 AM
11/26/2015
6:55:20 AM
11/26/2015
6:56:38 AM

11/26/2015
6:47:48 AM
11/26/2015
6:55:20 AM
11/26/2015
12:30:47 PM

Service Pagina Web

App Pagina Web Worm

Web Worm

Service Pagina Web

App Pagina Web Worm

Web Worm

Service Pagina Web

App Pagina Web Protocol

11/26/2015
7:01:44 AM

11/26/2015
7:01:44 AM

Service Pagina Web

App Pagina Web Signature

Illegal Byte Code

Character in Header
Name
HTTP Signature
Violation

11/26/2015
7:11:27 AM

11/26/2015
9:46:31 AM

Service Pagina Web

App Pagina Web Signature

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

HTTP Signature
Violation

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Multiple Illegal HTTP

Version from
178.63.53.14
Multiple Illegal HTTP
Version from
178.63.53.14
Multiple Illegal HTTP
Version from
178.63.53.14
Multiple Illegal HTTP
Version from
178.63.53.14
Multiple Illegal HTTP
Version from
178.63.53.14
Multiple Illegal HTTP
Version from
178.63.53.14
Multiple Illegal HTTP
Version from
178.63.53.14
Multiple Illegal HTTP
Version from
178.63.53.14
Parameter Type
Violation url in
devarox.bloggagratis
.se/gilla/
Access to: /cgibin/otsing
Access to:
/cgi/mailafriend
Illegal Byte Code
Character in Header
Name Cookie
IIS Server Name
Spoofing

High

Block

/sites/default/files/rm Germany (outdated)

High

Block

High

Block

High

Block

/sites/default/files/31 Germany (outdated)

032011072520_anex
o
/sites/default/files/19 Germany (outdated)
052010104650_rsg0
34
/sites/default/files/rm Germany (outdated)
-

High

Block

High

Block

High

Block

High

Block

Medium

None

/sites/default/files/inf
orme-000021-2015in-dga-db
/sites/default/files/31
032011072031_regla
mento
/sites/default/files/31
032011072554_regla
mento
/sites/default/files/31
032011073016_regla
mento
/gilla/

High

Block

/cgi-bin/otsing

High

Block

High

Block

High

Block

Multiple cgiLow
bin/prxjdg.cgi.access
(+) from
174.34.185.130

None

Germany (outdated)

Germany (outdated)

Germany (outdated)

Germany (outdated)

Poland (outdated)

United States of
America (outdated)
/cgi/mailafriend
United States of
America (outdated)
www.stoiximan.gr:44 United Kingdom of
3
Great Britain
(outdated)
/template3/images/s United States of
ampledata/header/b America (outdated)
egron 7.png
/cgi-bin/prxjdg.cgi
United States of
America (outdated)

Page 42

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

App Pagina Web Profile

Parameter Type
Violation

Parameter Type
Violation url in
www.liventerprise.co
m/out.php
Parameter Type
Violation oq in
173.194.52.242/sear
ch
Distributed CVE2014-8670: vBulletin
'go.php' url
Parameter Open
Redirect(+)
Distributed CVE2014-8670: vBulletin
'go.php' url
Parameter Open
Redirect(+)
Scraping attack on
App Pagina Web

Medium

None

/out.php

France (outdated)

Medium

None

/search

United States of
America (outdated)

High

Block

/talk/forum/go.php

France (outdated)

High

Block

/go.php

United States of
America (outdated)

High

Block

173.180.83.27:4227
9

Scraping Attack

Scraping attack on
App Pagina Web

High

Block

193.92.105.227:459
80

Scraping Attack

Scraping attack on
App Pagina Web

High

Block

87.209.8.40:35432

Scraping Attack

Scraping attack on
App Pagina Web

High

Block

177.161.88.28:6362
0

Scraping Attack

Scraping attack on
App Pagina Web

High

Block

88.88.128.240:6000
4

Scraping Attack

Scraping attack on
App Pagina Web

High

Block

180.148.214.86:330
03

Unauthorized
Request Content
Type

Multiple
Unauthorized
Request Content
Type: 'image/gif'
Multiple
Unauthorized
Request Content
Type: 'image/gif'

Medium

None

/v1/412202103/2

United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
Peru (outdated)

Medium

None

/v1/412202103/3

Peru (outdated)

11/26/2015
7:14:44 AM

11/26/2015
7:14:44 AM

11/26/2015
7:16:08 AM

11/26/2015
7:16:08 AM

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
7:21:13 AM

11/26/2015
7:37:43 AM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
7:21:13 AM

11/26/2015
7:37:43 AM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
7:30:32 AM

11/26/2015
7:41:44 AM

Service Pagina Web

Scraping Attack

11/26/2015
7:30:32 AM

11/26/2015
7:41:44 AM

Service Pagina Web

11/26/2015
7:30:32 AM

11/26/2015
7:41:44 AM

Service Pagina Web

11/26/2015
7:30:32 AM

11/26/2015
7:41:44 AM

Service Pagina Web

11/26/2015
7:30:32 AM

11/26/2015
7:41:44 AM

Service Pagina Web

11/26/2015
7:30:32 AM

11/26/2015
7:41:44 AM

Service Pagina Web

11/26/2015
7:30:54 AM

11/26/2015
7:31:23 AM

Service Pagina Web

App Pagina Web Anti

Automatio
n
App Pagina Web Anti
Automatio
n
App Pagina Web Anti
Automatio
n
App Pagina Web Anti
Automatio
n
App Pagina Web Anti
Automatio
n
App Pagina Web Anti
Automatio
n
App Pagina Web Protocol

11/26/2015
7:30:54 AM

11/26/2015
7:31:23 AM

Service Pagina Web

App Pagina Web Protocol

Unauthorized
Request Content
Type

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Page 43

Alert Start Time Alert End Time

Num. Service
of
Events
5
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Protocol

Redundant HTTP
Headers

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer

Medium

None

United States of
America (outdated)

Medium

None

Portugal (outdated)

11/26/2015
7:34:28 AM

11/26/2015
12:20:15 PM

11/26/2015
7:34:28 AM

11/26/2015
12:20:15 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

11/26/2015
7:34:28 AM

11/26/2015
12:20:15 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

Multiple Redundant
HTTP Headers in
header Referer

Medium

None

11/26/2015
7:34:28 AM

11/26/2015
12:20:15 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

Medium

None

11/26/2015
7:34:28 AM

11/26/2015
12:20:15 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

Medium

None

11/26/2015
7:34:28 AM

11/26/2015
11:58:49 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer

Medium

None

11/26/2015
7:34:28 AM

11/26/2015
12:20:15 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

Medium

None

11/26/2015
7:34:28 AM

11/26/2015
12:20:15 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

Medium

None

11/26/2015
7:34:28 AM

11/26/2015
12:20:15 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

Medium

None

11/26/2015
7:34:28 AM

11/26/2015
12:20:15 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer

Medium

None

11/26/2015
7:34:28 AM

11/26/2015
12:20:15 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

Multiple Redundant
HTTP Headers in
header Referer

Medium

None

11/26/2015
7:34:28 AM

11/26/2015
12:20:15 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

Medium

None

11/26/2015
7:39:29 AM

11/26/2015
4:39:30 PM

Service Pagina Web

App Pagina Web Protocol

Post Request Missing Content

Type

Multiple Redundant
HTTP Headers in
header Referer
Post Request Missing Content
Type

/used_cars/vehicledetail/ul1328079986
/chrysler/pt-cruiser
/auto/annonce53246365_cadillacescalade-platiniumesv-v8-62l-10km.html
/vwdeb/i/s|1300,u/l|1
00,729,stat_firstclass
,u/d|deu2091805131
7/controller.do
/159225976/2013/ho
nda/civic/usedcars/for-sale
/used_cars/vehicledetail/ul1314778515
/mazda/mazda3
/mwginternal/de5fs23hu7
3ds/files/default/styl
esheet.css
/used_cars/vehicledetail/ul1318863694
/hyundai/sonata
/used_cars/vehicledetail/ul1303452686
/ford/f150
/used_cars/vehicledetail/ul1319154827
/cadillac/ats
/vwdeb/i/s|1300,u/l|1
00,1097,stat_firstcla
ss,u/d|deu32557bss9
83/controller.do
/used_cars/vehicledetail/ul1322331618
/chevrolet/silverado1500
/listgn.aspx

Medium

None

/omaha/update.php

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

United States of
America (outdated)

United States of
America (outdated)

United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)

United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)

United States of
America (outdated)

United States of
America (outdated)

Page 44

Alert Start Time Alert End Time

Num. Service
of
Events
2
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
7:44:39 AM

11/26/2015
8:43:27 AM

11/26/2015
7:56:06 AM
11/26/2015
7:59:28 AM

11/26/2015
7:56:06 AM
11/26/2015
7:59:28 AM

Service Pagina Web

App Pagina Web Worm

Web Worm

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
8:14:03 AM

11/26/2015
9:34:17 AM

Service Pagina Web

App Pagina Web Worm

Web Worm

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Parameter Type
Violation
market_hash_name
in
steamcommunity.co
m/market/priceoverv
iew/
Access to:
/cgi/search.exe
Parameter Type
Violation
commentURL in
www.dabbawalas.fr/i
ndex.php
Access to: /cgisys/suspendedpage.
cgi

Medium

None

/market/priceovervie United States of

w/
America (outdated)

High

Block

/cgi/search.exe

Medium

None

/index.php

High

Block

/cgisys/suspendedpage.
cgi

United States of
America (outdated)
Poland (outdated)

France (outdated)

Page 45

Alert Start Time Alert End Time

Num. Service
of
Events
2
Service Pagina Web

Application

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

App Conasec

Profile

Cookie Tampering

Medium

Block

/index.php

Peru (outdated)

Profile

Cookie Tampering

Cookie Tampering on
cookie
c_ref_1953962:
Expected
http://www.google.co
m.pe/url?sa=t&rct=j
&q=&esrc=s&frm=1
&source=web&cd=1
&ved=0ahUKEwju3OeJ_JAhVM7SYKHXdOD_
0QFggcMAA&url=htt
p%3A%2F%2Fconas
ec.mininter.gob.pe%
2Findex.php%3Fweb
%3D8&usg=AFQjCN
HrOemsbj8WYN2Zoy
fZ0oxBQpFi7A&sig2
=xZPL4JRIUH7zgGQ
OTaXLRA, Observed
http://www.google.co
m.pe/url?sa=t&rct=j
&q=&esrc=s&frm=1
&source=web&cd=1
&ved=0ahUKEwi7jLa
9mK7JAhWJNSYKHZ4
QDcEQFggcMAA&url
=http%3A%2F%2Fco
nasec.mininter.gob.p
e%2F&usg=AFQjCN
GJKT7_mA76uHd0y5l
I4staASOyOg&sig2=I
4TR4JoQ0x9PBl7OXU
OIsQ
Cookie Tampering on
cookie
HstCmu1953962:
Expected
1444767882498,
Observed
1448544837616
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 14(+)
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 14(+)

Medium

Block

/index.php

Peru (outdated)

Low

None

/ajax/services/search Taiwan (outdated)

/web

Low

None

/search

11/26/2015
8:26:58 AM

11/26/2015
8:27:23 AM

11/26/2015
8:37:14 AM

11/26/2015
8:37:14 AM

Service Pagina Web

App Conasec

11/26/2015
8:39:31 AM

11/26/2015
9:41:48 AM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
8:39:31 AM

11/26/2015
9:41:48 AM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

United States of
America (outdated)

Page 46

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
8:45:55 AM

11/26/2015
8:45:55 AM

11/26/2015
8:46:39 AM
11/26/2015
8:46:39 AM
11/26/2015
8:46:39 AM
11/26/2015
8:46:39 AM
11/26/2015
8:46:39 AM
11/26/2015
8:46:39 AM
11/26/2015
8:46:39 AM
11/26/2015
8:48:58 AM

11/26/2015
8:50:09 AM
11/26/2015
8:50:09 AM
11/26/2015
8:50:09 AM
11/26/2015
8:50:09 AM
11/26/2015
8:50:09 AM
11/26/2015
8:50:09 AM
11/26/2015
8:50:09 AM
11/26/2015
8:48:58 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Service Pagina Web

App Pagina Web Custom

Custom Violation

Service Pagina Web

App Pagina Web Custom

Custom Violation

Service Pagina Web

App Pagina Web Custom

Custom Violation

Service Pagina Web

App Pagina Web Custom

Custom Violation

Service Pagina Web

App Pagina Web Custom

Custom Violation

Service Pagina Web

App Pagina Web Custom

Custom Violation

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
8:51:10 AM

11/26/2015
8:51:10 AM

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
9:24:22 AM

11/26/2015
9:24:22 AM

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
9:28:13 AM

11/26/2015
10:38:52 AM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
9:28:13 AM

11/26/2015
10:38:52 AM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
9:28:13 AM

11/26/2015
10:38:52 AM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
9:28:13 AM

11/26/2015
10:55:27 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
9:37:52 AM

11/26/2015
9:37:52 AM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Parameter Type
Violation oq in
74.125.11.48/search
Webdav Method
Detection
Webdav Method
Detection
Webdav Method
Detection
Webdav Method
Detection
Webdav Method
Detection
Webdav Method
Detection
Webdav Method
Detection
Parameter Type
Violation id in
localsmart.in/index.p
hp
Parameter Type
Violation a in
www.levenstourisme
.com/index.php
Parameter Type
Violation
search_block_form in
www.mininter.gob.p
e/
Distributed Robot
site scan attempt
4(+)
Distributed Robot
site scan attempt
4(+)
Distributed Robot
site scan attempt
4(+)
Distributed Robot
site scan attempt
4(+)
Cross Site Scripting
on headers 3

Medium

None

/search

United States of
America (outdated)

Medium

None

/sites/default/files

Peru (outdated)

Medium

None

/sites/default/

Peru (outdated)

Medium

None

/sites

Peru (outdated)

Medium

None

/sites/

Peru (outdated)

Medium

None

/sites/default/files/

Peru (outdated)

Medium

None

Peru (outdated)

Medium

None

/sites/default

Peru (outdated)

Medium

None

/index.php

United States of
America (outdated)

Medium

None

/index.php

France (outdated)

Medium

None

Peru (outdated)

High

Block

Moldova, Republic of
(outdated)

High

Block

Georgia (outdated)

High

Block

United States of
America (outdated)

High

Block

High

Block

/ping/200.48.4.150

Germany (outdated)

France (outdated)

Page 47

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
9:57:34 AM

11/26/2015
9:57:34 AM

11/26/2015
10:12:24 AM

11/26/2015
11:23:30 AM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
10:12:24 AM

11/26/2015
11:23:30 AM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
10:12:24 AM

11/26/2015
11:23:30 AM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
10:20:32 AM

11/26/2015
10:20:32 AM

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
10:36:21 AM

11/26/2015
10:36:25 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:21 AM

11/26/2015
10:36:25 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:21 AM

11/26/2015
10:36:25 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:21 AM

11/26/2015
10:36:25 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:21 AM

11/26/2015
10:36:25 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:21 AM

11/26/2015
10:36:25 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:21 AM

11/26/2015
10:36:25 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Parameter Type
Violation oq in
74.125.160.200/sear
ch
Distributed CVE2014-8670: vBulletin
'go.php' url
Parameter Open
Redirect(+)
Distributed CVE2014-8670: vBulletin
'go.php' url
Parameter Open
Redirect(+)
Distributed CVE2014-8670: vBulletin
'go.php' url
Parameter Open
Redirect(+)
Parameter Type
Violation oq in
173.194.24.170/sear
ch
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code

Medium

None

/search

United States of
America (outdated)

High

Block

/go.php

France (outdated)

High

Block

/click.php

United States of
America (outdated)

High

Block

/chat/go.php

United States of
America (outdated)

Medium

None

/search

United States of
America (outdated)

Medium

None

/ip4.php

France (outdated)

Medium

None

United States of
America (outdated)

Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code

Medium

None

Medium

None

/used_cars/vehicledetail/ul1322331618
/chevrolet/silverado1500
/cars-forsale/vehicledetails.x
html
/judge/judge.php

Medium

None

Medium

None

Medium

None

United States of
America (outdated)
Canada (outdated)

Philippines
(outdated)
/forum/world/maced
onia/taaaafn23pmg
mj147
/cars-forsale/new+cars/chev/
fl-33781

Canada (outdated)

United States of
America (outdated)

Page 48

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:21 AM

11/26/2015
10:36:25 PM

11/26/2015
10:36:21 AM

11/26/2015
10:36:25 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:21 AM

11/26/2015
10:36:25 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:21 AM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:21 AM

11/26/2015
10:36:25 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:21 AM

11/26/2015
10:36:25 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:21 AM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:21 AM

11/26/2015
10:36:25 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:21 AM

11/26/2015
10:36:25 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:21 AM

11/26/2015
10:36:25 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:21 AM

11/27/2015
5:30:08 AM

15

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:21 AM

11/26/2015
10:36:25 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:21 AM

11/26/2015
10:36:25 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:21 AM

11/26/2015
10:36:25 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Distributed
Medium
Suspicious Response
Code
Distributed
Medium
Suspicious Response
Code
Distributed
Medium
Suspicious Response
Code

None

/sync/img

Canada (outdated)

None

/login/

Turkey (outdated)

None

Distributed
Medium
Suspicious Response
Code
Distributed
Medium
Suspicious Response
Code
Distributed
Medium
Suspicious Response
Code

None

/hls101/win32fromsp United States of

ace_17904074192_3 America (outdated)
54770972/chunked/p
y-index-live.m3u8
France (outdated)

Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code

Medium

None

/enus/viewcar/default.html

United States of
America (outdated)

None

United States of
America (outdated)

None

/cars-forsale/cars/newcars/bmw/535i gran
turismo xdrive/
/start

Medium

None

/io/login

United States of
America (outdated)

Medium

None

United States of
America (outdated)

Medium

None

Medium

None

/cars-forsale/cars/newcars/bmw/545i/
/cars-forsale/new+cars/chev/
tx-77535
/gp/aag/ajax/asinren
dertojson.html

Medium

None

United States of
America (outdated)

Distributed
Medium
Suspicious Response
Code
Distributed
Medium
Suspicious Response
Code

None

/auto/annonce53246365_cadillacescalade-platiniumesv-v8-62l-10km.html
/for-sale/bentley-s_
-12
/cars-forsale/new+cars/audi/
ca-92332

United States of
America (outdated)

None

Ireland (outdated)

United States of
America (outdated)
United States of
America (outdated)

United States of
America (outdated)

Page 49

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Anti

Automatio
n

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Scraping Attack

Scraping attack on
App Pagina Web

High

Block

Peru (outdated)

Scraping Attack

Scraping attack on
App Pagina Web

High

Block

Custom Violation

Distributed Bloqueo
CPanel

High

Block

11/26/2015
10:38:03 AM

11/26/2015
11:15:30 AM

11/26/2015
10:38:03 AM

11/26/2015
11:15:30 AM

Service Pagina Web

11/26/2015
10:49:06 AM

11/26/2015
10:25:55 PM

Service Pagina Web

App Pagina Web Anti

Automatio
n
App Pagina Web Custom

11/26/2015
10:49:06 AM

11/26/2015
10:25:55 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Distributed Bloqueo
CPanel

High

Block

11/26/2015
10:49:06 AM
11/26/2015
10:49:06 AM
11/26/2015
10:49:06 AM

11/26/2015
10:25:55 PM
11/26/2015
10:25:55 PM
11/26/2015
10:25:55 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

High

Block

Service Pagina Web

App Pagina Web Custom

Custom Violation

High

Block

Service Pagina Web

App Pagina Web Custom

Custom Violation

Distributed Bloqueo
CPanel
Distributed Bloqueo
CPanel
Distributed Bloqueo
CPanel

High

Block

11/26/2015
10:49:06 AM

11/26/2015
10:25:55 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Distributed Bloqueo
CPanel

High

Block

11/26/2015
10:49:06 AM

11/26/2015
10:25:55 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Distributed Bloqueo
CPanel

High

Block

11/26/2015
10:49:06 AM

11/26/2015
10:25:55 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Distributed Bloqueo
CPanel

High

Block

11/26/2015
10:49:06 AM

11/26/2015
10:25:55 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Distributed Bloqueo
CPanel

High

Block

11/26/2015
10:49:06 AM

11/26/2015
10:25:55 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Distributed Bloqueo
CPanel

High

Block

11/26/2015
10:49:06 AM

11/27/2015
5:27:22 AM

10

Service Pagina Web

App Pagina Web Custom

Custom Violation

Distributed Bloqueo
CPanel

High

Block

11/26/2015
10:49:06 AM

11/26/2015
10:25:55 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Distributed Bloqueo
CPanel

High

Block

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

/consultaweb/scripts/
dojo-release1.7.2/dijit/_menubas
e.js
/consultaweb/scripts/
dojo-release1.7.2/dojo/html.js
/admin/archivos/200
703050122480.listad
odic06montepio.doc
/sites/all/modules/ad
min_menu/admin_de
vel/admin_devel.js
/admin/imgs/contem
ain_top.jpg
/admin/imgs/contem
ain_bot.jpg
/admin/archivos/230
92013164552_acta
resultado preliminar
convocatoria 018
practicas
profesionales
(ppaj).pdf
/admin/archivos/210
52012070305_relaci
on_pensionistas_hab
eres_abr2012.pdf
/sites/all/modules/ad
min_menu/admin_de
vel/admin_devel.js
/sites/all/modules/ad
min_menu/admin_de
vel/admin_devel.js
/admin/archivos/090
82012190923_acta
140.pdf
/sites/all/modules/ad
min_menu/admin_de
vel/admin_devel.js
/sites/all/modules/ad
min_menu/admin_de
vel/admin_devel.js
/sites/all/modules/ad
min_menu/admin_de
vel/admin_devel.js

Peru (outdated)

Germany (outdated)

Chile (outdated)

United States of
America (outdated)
United States of
America (outdated)
Germany (outdated)

Germany (outdated)

United Kingdom of
Great Britain
(outdated)
Bolivia, Plurinational
State of (outdated)
Germany (outdated)

Brazil (outdated)

Ecuador (outdated)

Uruguay (outdated)

Page 50

Alert Start Time Alert End Time

Num. Service
of
Events
2
Service Pagina Web

Application

Alert Type Alert Name

Service Pagina Web

App Pagina Web Custom

HTTP Signature
Violation
Custom Violation

Service Pagina Web

App Pagina Web Custom

Custom Violation

Service Pagina Web

App Pagina Web Custom

Custom Violation

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:49:39 AM
11/26/2015
10:49:39 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM

11/26/2015
12:36:17 PM
11/26/2015
12:36:17 PM
11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM

11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
11:00:34 AM
11/26/2015
11:06:28 AM

11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM
11/27/2015
5:17:43 AM
11/27/2015
5:17:43 AM
11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM
11/26/2015
11:00:34 AM
11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Service Pagina Web

App Pagina Web Custom

Custom Violation

Service Pagina Web

App Pagina Web Custom

Custom Violation

Service Pagina Web

App Pagina Web Custom

Custom Violation

Service Pagina Web

App Pagina Web Custom

Custom Violation

Service Pagina Web

App Pagina Web Custom

Custom Violation

Service Pagina Web

App Pagina Web Custom

Custom Violation

Service Pagina Web

App Pagina Web Custom

Custom Violation

Service Pagina Web

App Pagina Web Custom

Custom Violation

Service Pagina Web

App Pagina Web Custom

Custom Violation

Service Pagina Web

App Pagina Web Custom

Custom Violation

Service Pagina Web

App Pagina Web Custom

Custom Violation

Service Pagina Web

App Pagina Web Worm

Web Worm

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

App Pagina Web Signature

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Paros scanner

High

Block

/judge/

Plain Vanilla Scanner

Detection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection

High

Block

/judge/

Low

None

Low

None

/info/anticor/index.p
html
/php/info.php

United States of
America (outdated)
United States of
America (outdated)
France (outdated)

Low

None

Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Access to: /cgibin/timed.pl
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI

Low

None

Low

None

Low

None

/test/php/php_info.ph France (outdated)

p
/info.php
France (outdated)

Low

None

France (outdated)

Low

None

/info/

France (outdated)

Low

None

/phpinfo.php

France (outdated)

Low

None

Low

None

Low

None

Low

None

Low

None

Low

None

/wp-commentspost.php
/cgi-bin/info.php

High

Block

/cgi-bin/timed.pl

High

Block

45.33.54.195:80

High

Block

soundcloud.com:443 United States of

America (outdated)

France (outdated)

/admin.hosting.sure Poland (outdated)

west.net/phpinfo/php
info
/gphoto/php.php
France (outdated)

India (outdated)
/staff/ahmed/version
s.php
/~jolguin/favoritos/p
hpinfo.php

France (outdated)
France (outdated)
United States of
America (outdated)
Poland (outdated)
United States of
America (outdated)
Bulgaria (outdated)
United States of
America (outdated)

Page 51

Alert Start Time Alert End Time

Num. Service
of
Events
2
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/27/2015
5:30:08 AM

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods

Medium

None

204.79.197.200:80

Poland (outdated)

Medium

None

account.sony...om:4
43

Romania (outdated)

High

Block

account.sony...om:4
43

Romania (outdated)

Medium

None

www.marathonbet.c
om:443

Medium

None

api.twitch.tv:443

United Kingdom of
Great Britain
(outdated)
Germany (outdated)

High

Block

www.dateas.com:44
3

Israel (outdated)

High

Block

authserver.mojang.c
om:443

United States of
America (outdated)

Medium

None

my.vultr.com:443

Morocco (outdated)

High

Block

my.vultr.com:443

Morocco (outdated)

Medium

None

my.vultr.com:443

United States of
America (outdated)

Medium

None

authserver.mojang.c
om:443

Distributed CVE2011-3368: Apache

Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI

High

Block

irc.icq.com:6668

Macedonia, the
former Yugoslav
Republic of
(outdated)
Australia (outdated)

High

Block

my.vultr.com:443

United States of
America (outdated)

High

Block

204.79.197.200:80

Poland (outdated)

Page 52

Alert Start Time Alert End Time

Num. Service
of
Events
2
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods

Medium

None

lq.br.lol.riotgames.co Brazil (outdated)

m:443

High

Block

www.linkedin.com:4
43

Medium

None

soundcloud.com:443 United States of

America (outdated)

High

Block

www.linkedin.com:4
43

Netherlands
(outdated)

Medium

None

itunes.apple.com:44
3

Germany (outdated)

High

Block

itunes.apple.com:44
3

Germany (outdated)

Medium

None

www.linkedin.com:4
43

Romania (outdated)

Medium

None

United States of
America (outdated)

Medium

None

account.sonyentertai
nmentnetwork.com:
443
www.camfrog.com:4
43

Medium

None

irc.icq.com:6668

Australia (outdated)

Medium

None

45.33.54.195:80

Portugal (outdated)

High

Block

api.twitch.tv:443

Germany (outdated)

Medium

None

45.33.54.195:80

United States of
America (outdated)

High

Block

United States of
America (outdated)

Medium

None

account.sonyentertai
nmentnetwork.com:
443
authserver.mojang.c
om:443

Switzerland
(outdated)

United States of
America (outdated)

United States of
America (outdated)

Page 53

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:28 AM

11/26/2015
11:09:20 PM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:06:46 AM

11/26/2015
11:06:46 AM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
11:33:33 AM

11/27/2015
5:28:43 AM

Service Pagina Web

App Pagina Web Protocol

Unauthorized
Request Content
Type

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI

Medium

None

www.google.com:44
3

Netherlands
(outdated)

High

Block

www.google.com:44
3

Netherlands
(outdated)

High

Block

www.linkedin.com:4
43

Romania (outdated)

Medium

None

www.linkedin.com:4
43

Switzerland
(outdated)

Medium

None

www.dateas.com:44
3

Israel (outdated)

High

Block

45.33.54.195:80

Portugal (outdated)

High

Block

authserver.mojang.c
om:443

Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Jupiter CMS
Index.PHP Remote
File Include
Multiple
Unauthorized
Request Content
Type:
'text/html,applicatio
n/xhtml+xml,applica
tion/xml;q=0.9,imag
e/webp,*/*;q=0.8'

Medium

None

www.linkedin.com:4
43

Macedonia, the
former Yugoslav
Republic of
(outdated)
Netherlands
(outdated)

High

Block

lq.br.lol.riotgames.co Brazil (outdated)

m:443

High

Block

www.camfrog.com:4
43

United States of
America (outdated)

High

Block

www.marathonbet.c
om:443

High

Block

/register/guest.asp

United Kingdom of
Great Britain
(outdated)
Thailand (outdated)

Medium

None

/judge/

Brazil (outdated)

Page 54

Alert Start Time Alert End Time

Num. Service
of
Events
6
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Protocol

Unauthorized
Request Content
Type

11/26/2015
11:33:33 AM

11/27/2015
5:28:43 AM

11/26/2015
11:33:33 AM

11/26/2015
11:31:17 PM

Service Pagina Web

App Pagina Web Protocol

Unauthorized
Request Content
Type

11/26/2015
11:33:33 AM

11/26/2015
11:31:17 PM

Service Pagina Web

App Pagina Web Protocol

Unauthorized
Request Content
Type

11/26/2015
11:33:33 AM

11/26/2015
11:31:17 PM

Service Pagina Web

App Pagina Web Protocol

Unauthorized
Request Content
Type

11/26/2015
11:37:40 AM
11/26/2015
11:43:06 AM

11/26/2015
11:37:40 AM
11/26/2015
12:14:55 PM

Service Pagina Web

App Pagina Web Worm

Web Worm

Service Pagina Web

App Conasec

Cookie Tampering

11/26/2015
11:45:14 AM

11/26/2015
3:14:52 PM

Service Pagina Web

App Pagina Web Worm

11/26/2015
11:49:09 AM

11/26/2015
11:51:24 PM

Service Pagina Web

Protocol

Illegal Byte Code

Character in Method

11/26/2015
11:49:09 AM

11/26/2015
11:51:24 PM

Service Pagina Web

Protocol

Illegal Byte Code

Character in Method

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Profile

Web Worm

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Multiple
Unauthorized
Request Content
Type:
'text/html,applicatio
n/xhtml+xml,applica
tion/xml;q=0.9,imag
e/webp,*/*;q=0.8'
Multiple
Unauthorized
Request Content
Type:
'text/html,applicatio
n/xhtml+xml,applica
tion/xml;q=0.9,imag
e/webp,*/*;q=0.8'
Multiple
Unauthorized
Request Content
Type:
'text/html,applicatio
n/xhtml+xml,applica
tion/xml;q=0.9,imag
e/webp,*/*;q=0.8'
Multiple
Unauthorized
Request Content
Type:
'text/html,applicatio
n/xhtml+xml,applica
tion/xml;q=0.9,imag
e/webp,*/*;q=0.8'
Access to: /d/px

Medium

None

/judge/

Lithuania (outdated)

Medium

None

/judge/

Poland (outdated)

Medium

None

/judge/

Pakistan (outdated)

Medium

None

/judge/

Germany (outdated)

High

Block

/d/px

Canada (outdated)

Distributed Cookie
Tampering on token:
c_ref_1953962
Access to: /cgibin/iframe_sponsor.e
ur
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method

Medium

Block

/index.php

Peru (outdated)

High

Block

High

Block

/cgiFrance (outdated)
bin/iframe_sponsor.e
ur
Spain (outdated)

High

Block

Mexico (outdated)

Page 55

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Protocol

Illegal Byte Code

Character in Method

Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
Parameter Type
Violation oq in
74.125.143.193/sear
ch
Parameter Type
Violation oq in
173.194.9.102/searc
h
Distributed Robot
site scan attempt
4(+)
Distributed Robot
site scan attempt
4(+)
Distributed Illegal
Host Name
Distributed Illegal
Host Name
Distributed Illegal
Host Name

High

Block

India (outdated)

High

Block

High

Block

United Kingdom of
Great Britain
(outdated)
United States of
America (outdated)

High

Block

Poland (outdated)

High

Block

Algeria (outdated)

High

Block

Canada (outdated)

High

Block

Turkey (outdated)

High

Block

France (outdated)

Medium

None

/search

United States of
America (outdated)

Medium

None

/search

United States of
America (outdated)

High

Block

Austria (outdated)

High

Block

Poland (outdated)

High

Block

/info/suche.php

High

Block

/>

High

Block

/en/phpobfuscator.html

11/26/2015
11:49:09 AM

11/26/2015
11:51:24 PM

11/26/2015
11:49:09 AM

11/27/2015
5:30:08 AM

Service Pagina Web

Protocol

Illegal Byte Code

Character in Method

11/26/2015
11:49:09 AM

11/27/2015
5:30:08 AM

13

Service Pagina Web

Protocol

Illegal Byte Code

Character in Method

11/26/2015
11:49:09 AM

11/27/2015
5:30:08 AM

Service Pagina Web

Protocol

Illegal Byte Code

Character in Method

11/26/2015
11:49:09 AM

11/26/2015
11:51:24 PM

Service Pagina Web

Protocol

Illegal Byte Code

Character in Method

11/26/2015
11:49:09 AM

11/26/2015
11:51:24 PM

Service Pagina Web

Protocol

Illegal Byte Code

Character in Method

11/26/2015
11:49:09 AM

11/26/2015
11:51:24 PM

Service Pagina Web

Protocol

Illegal Byte Code

Character in Method

11/26/2015
11:49:09 AM

11/27/2015
5:30:08 AM

22

Service Pagina Web

Protocol

Illegal Byte Code

Character in Method

11/26/2015
11:56:56 AM

11/26/2015
11:56:56 AM

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
12:00:42 PM

11/26/2015
12:00:42 PM

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
12:08:42 PM

11/26/2015
5:13:15 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
12:08:42 PM

11/26/2015
5:13:15 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
12:15:55 PM
11/26/2015
12:15:55 PM
11/26/2015
12:15:55 PM

11/27/2015
12:18:09 AM
11/27/2015
12:18:09 AM
11/27/2015
12:18:09 AM

Service Pagina Web

App Pagina Web Protocol

Illegal Host Name

Service Pagina Web

App Pagina Web Protocol

Illegal Host Name

Service Pagina Web

App Pagina Web Protocol

Illegal Host Name

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

United States of
America (outdated)
Lithuania (outdated)
Germany (outdated)

Page 56

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Worm

Web Worm

Service Pagina Web

App Pagina Web Protocol

Unauthorized
Request Content
Type

11/26/2015
12:19:00 PM
11/26/2015
12:38:01 PM

11/26/2015
12:19:00 PM
11/26/2015
12:39:07 PM

11/26/2015
12:38:01 PM

11/26/2015
12:39:07 PM

Service Pagina Web

App Pagina Web Protocol

Unauthorized
Request Content
Type

11/26/2015
12:42:09 PM

11/26/2015
1:39:29 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
12:44:02 PM

11/26/2015
12:44:02 PM

Service Pagina Web

App Conasec

Post Request Missing Content

Type
HTTP Signature
Violation

11/26/2015
12:44:32 PM

11/26/2015
1:17:54 PM

Service Pagina Web

App Pagina Web Protocol

Illegal Byte Code

Character in
Parameter Name

11/26/2015
12:51:02 PM

11/26/2015
12:51:02 PM

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
1:18:34 PM
11/26/2015
1:23:03 PM
11/26/2015
1:30:24 PM

11/26/2015
9:44:07 PM
11/26/2015
2:13:32 PM
11/26/2015
1:43:26 PM

Service Pagina Web

App Pagina Web Signature

Service Pagina Web

App Pagina Web Worm

HTTP Signature
Violation
Web Worm

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

11/26/2015
1:30:24 PM

11/26/2015
1:43:26 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Signature

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Access to: /cgibin/frameit.cgi

Multiple
Unauthorized
Request Content
Type from
190.113.210.45
Multiple
Unauthorized
Request Content
Type from
190.113.210.45
Multiple Post
Request - Missing
Content Type: 'none'
CVE-20113192:Apache_httpd_
Remote_Denial_of_S
ervice_ME
Multiple Illegal Byte
Code Character in
Parameter Name
from 174.91.136.180
Parameter Type
Violation id in
www.rmeaudio.de/forum/viewf
orum.php
Exploit tool UserAgent
Web Worm from
219.110.174.21
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer

High

Block

/cgi-bin/frameit.cgi

Medium

None

/v1/310702290/4

United States of
America (outdated)
Peru (outdated)

Medium

None

/v1/310702290/1

Peru (outdated)

Medium

None

/e

Czech Republic
(outdated)

High

Block

/obnasec/pdfs/capaci Peru (outdated)

tacion_obnasec.pdf

High

Block

Medium

None

/forum/viewforum.ph Poland (outdated)

p

High

Block

/login.php

Canada (outdated)

High

Block

/cgi/rank.cgi

Japan (outdated)

Medium

None

United States of
America (outdated)

Medium

None

/used_cars/vehicledetail/ul1283561235
/kia/forte
/annonceautomoto/122/sarcell
es/diesel-mazdamazda6-fastwagon2-0-mzr-cd140performance2010/ffa41a8e-e65ae311-a30d5cf3fc6a23ca.html

Canada (outdated)

United States of
America (outdated)

Page 57

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Signature

HTTP Signature
Violation

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Multiple CVE-20148670: vBulletin

'go.php' url
Parameter Open
Redirect(+) from
192.249.64.154
Multiple CVE-20148670: vBulletin
'go.php' url
Parameter Open
Redirect(+) from
192.249.64.154
Multiple CVE-20148670: vBulletin
'go.php' url
Parameter Open
Redirect(+) from
192.249.64.154
Illegal Byte Code
Character in
Parameter Value at 4
for
149.154.167.91/api
Multiple
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 14(+) from
162.244.15.117
Multiple Redundant
HTTP Headers in
header Referer

High

Block

/links/redirect.php

United States of
America (outdated)

High

Block

/letsgo.php

United States of
America (outdated)

High

Block

/modify-companydetails

United States of
America (outdated)

Medium

None

/api

United States of
America (outdated)

Low

None

/fr/searchw

United States of
America (outdated)

Medium

None

/used_cars/vehicledetail/ul1283019612
/dodge/grandcaravan
/auto/annonce53282593_renaultscenic-expressioneuro-5---dci-110-fapeco2-2011.html
/used_cars/vehicledetail/ul1328677528
/toyota/highlander
/used_cars/vehicledetail/ul1328146602
/buick/enclave
/used_cars/vehicledetail/ul1326467972
/nissan/maxima

United States of
America (outdated)

11/26/2015
1:35:01 PM

11/26/2015
2:14:32 PM

11/26/2015
1:35:01 PM

11/26/2015
2:14:32 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
1:35:01 PM

11/26/2015
2:14:32 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
1:40:56 PM

11/26/2015
1:40:56 PM

Service Pagina Web

App Pagina Web Protocol

Illegal Byte Code

Character in
Parameter Value

11/26/2015
2:38:12 PM

11/26/2015
2:38:12 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
2:55:23 PM

11/26/2015
11:58:49 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

11/26/2015
2:55:23 PM

11/26/2015
11:58:49 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

Multiple Redundant
HTTP Headers in
header Referer

Medium

None

11/26/2015
2:55:23 PM

11/26/2015
11:58:49 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

Medium

None

11/26/2015
2:55:23 PM

11/26/2015
11:58:49 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

Medium

None

11/26/2015
2:55:23 PM

11/26/2015
11:58:49 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer

Medium

None

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

United States of
America (outdated)

United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)

Page 58

Alert Start Time Alert End Time

Num. Service
of
Events
3
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Protocol

Redundant HTTP
Headers

11/26/2015
2:55:23 PM

11/26/2015
11:58:49 PM

11/26/2015
2:55:23 PM

11/26/2015
11:58:49 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

11/26/2015
2:55:23 PM

11/26/2015
11:58:49 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

11/26/2015
2:55:23 PM

11/26/2015
11:58:49 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

11/26/2015
2:55:23 PM

11/26/2015
11:58:49 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

11/26/2015
2:55:23 PM

11/26/2015
11:58:49 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

11/26/2015
2:55:23 PM

11/26/2015
11:58:49 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

11/26/2015
2:55:23 PM

11/26/2015
11:58:49 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

11/26/2015
2:55:23 PM

11/26/2015
11:58:49 PM

11

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

11/26/2015
2:55:23 PM

11/26/2015
11:58:49 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

11/26/2015
2:55:23 PM

11/26/2015
11:58:49 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

11/26/2015
2:55:23 PM

11/26/2015
11:58:49 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

11/26/2015
2:55:23 PM

11/26/2015
11:58:49 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

11/26/2015
2:55:23 PM

11/26/2015
11:58:49 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer

Medium

None

United States of
America (outdated)

Medium

None

/used_cars/vehicledetail/ul1261999672
/chevrolet/impala
/classified/28040423
3

Medium

None

United States of
America (outdated)

Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer

Medium

None

/vwdeb/i/s|1300,u/l|1
00,316,stat_firstclass
,u/d|deu7169294633
/mercedes-classe_c10605094.html

Medium

None

United States of
America (outdated)

Medium

None

Medium

None

Medium

None

Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer

Medium

None

Medium

None

Medium

None

Medium

None

Medium

None

Medium

None

/154769874/2006/je
ep/commander/used
-cars/for-sale
/used_cars/vehicledetail/ul1329705739
/toyota/tundra
/used_cars/vehicledetail/ul1321290986
/hyundai/elantra
/used_cars/vehicledetail/ul1324134084
/mercedes-benz/clsclass
/used_cars/vehicledetail/ul1315373758
/toyota/camry
/used_cars/vehicledetail/ul1329566613
/chevrolet/malibu
/used_cars/vehicledetail/ul1329743996
/dodge/journey
/used_cars/vehicledetail/ul1298816347
/hyundai/elantra
/used_cars/vehicledetail/ul1285639098
/nissan/juke
/160979202/2013/ho
nda/pilot/usedcars/for-sale

United States of
America (outdated)

United States of
America (outdated)

United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)

United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)

Page 59

Alert Start Time Alert End Time

Num. Service
of
Events
3
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Protocol

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Redundant HTTP
Headers

Multiple Redundant
HTTP Headers in
header Referer

Medium

None

United States of
America (outdated)

Multiple WEB-IIS perl

access(+) from
23.254.144.254
Parameter Type
Violation
field_descripcion_res
olucion_value in
www.mininter.gob.p
e/views/ajax
Access to: /cgibin/info.php
nuBoard Index.PHP
Remote File Include
Vulnerability
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 89(+)
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 89(+)
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 89(+)
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 89(+)
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 89(+)

High

Block

Medium

None

/used_cars/vehicledetail/ul1307519369
/chevrolet/silverado2500hd
/cp/scripts/perl/guest
book/eguest_show.pl
/views/ajax

High

Block

/cgi-bin/info.php

High

Block

/leaving/index.php

United States of
America (outdated)
United States of
America (outdated)

Low

None

/disk37/file.php

Japan (outdated)

Low

None

/disk38/file.php

Japan (outdated)

Low

None

/ajax/services/search Taiwan (outdated)

/web

Low

None

/disk7/file.php

Japan (outdated)

Low

None

/search

United States of
America (outdated)

11/26/2015
2:55:23 PM

11/26/2015
11:58:49 PM

11/26/2015
2:55:37 PM

11/26/2015
2:55:37 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
3:08:07 PM

11/26/2015
3:08:55 PM

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
3:31:19 PM
11/26/2015
3:33:02 PM

11/26/2015
3:31:19 PM
11/26/2015
3:33:02 PM

Service Pagina Web

App Pagina Web Worm

Web Worm

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
4:04:10 PM

11/26/2015
6:30:40 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
4:04:10 PM

11/26/2015
6:30:40 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
4:04:10 PM

11/26/2015
6:30:40 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
4:04:10 PM

11/26/2015
6:30:40 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
4:04:10 PM

11/26/2015
6:30:40 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

United States of
America (outdated)
Peru (outdated)

Page 60

Alert Start Time Alert End Time

Num. Service
of
Events
2
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
4:04:10 PM

11/26/2015
6:30:40 PM

11/26/2015
4:04:10 PM

11/26/2015
6:30:40 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
4:25:11 PM

11/26/2015
4:34:59 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
4:28:06 PM
11/26/2015
4:33:18 PM

11/26/2015
4:28:06 PM
11/26/2015
5:22:43 PM

Service Pagina Web

App Pagina Web Signature

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation
HTTP Signature
Violation

11/26/2015
4:33:18 PM

11/26/2015
8:00:40 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
4:33:18 PM

11/26/2015
5:22:43 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
4:42:29 PM

11/26/2015
4:42:29 PM

Service Pagina Web

App Pagina Web Worm

Web Worm

11/26/2015
5:35:30 PM

11/27/2015
5:25:57 AM

Service Pagina Web

App Pagina Web Protocol

Illegal Byte Code

Character in URL

11/26/2015
5:35:30 PM

11/27/2015
5:25:57 AM

27

Service Pagina Web

App Pagina Web Protocol

Illegal Byte Code

Character in URL

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 89(+)
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 89(+)
Multiple CVE-20113192:Apache_httpd_
Remote_Denial_of_S
ervice_ME(+) from
181.177.248.131
Web leech 9

Low

None

/srsapp/search

United States of
America (outdated)

Low

None

/d.js

United States of
America (outdated)

High

Block

/sites/default/files/rv
m_nro_044-2014-invgi_0.pdf

Peru (outdated)

High

Block

/test/gate.php

Germany (outdated)

Multiple CVE-20148670: vBulletin

'go.php' url
Parameter Open
Redirect(+) from
192.249.64.154
Multiple CVE-20148670: vBulletin
'go.php' url
Parameter Open
Redirect(+) from
192.249.64.154
Multiple CVE-20148670: vBulletin
'go.php' url
Parameter Open
Redirect(+) from
192.249.64.154
Access to:
/bin/format_record.pl
5
Distributed Illegal
Byte Code Character
in URL
Distributed Illegal
Byte Code Character
in URL

High

Block

/redir.php

United States of
America (outdated)

High

Block

/go.php

United States of
America (outdated)

High

Block

/forum/go.php

United States of
America (outdated)

High

Block

/bin/format_record.pl Bulgaria (outdated)

5

High

Block

/new-infinitiUnited States of
<a_href="javascript: America (outdated)

High

Block

/used-list/make1<!doctype html>
<html>
<head>
<meta httpequiv=content-type
content=text/html

United States of
America (outdated)

Page 61

Alert Start Time Alert End Time

Num. Service
of
Events
2
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Protocol

Illegal Byte Code

Character in URL
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type

11/26/2015
5:35:30 PM

11/27/2015
5:25:57 AM

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Distributed Illegal
Byte Code Character
in URL
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'

High

Block

/new-infiniti</div

United States of
America (outdated)

Medium

None

/k/so1xd

Switzerland
(outdated)

Medium

None

/aramaaranan=tn1h
7

Switzerland
(outdated)

Medium

None

Medium

None

/1gunv

Switzerland
(outdated)

Medium

None

/k/1e8b7

Switzerland
(outdated)

Medium

None

/1hglm

Switzerland
(outdated)

Medium

None

/ai2db

Switzerland
(outdated)

Medium

None

/128lp

Switzerland
(outdated)

Medium

None

/k/g69zf

Switzerland
(outdated)

Medium

None

/d8h18

Switzerland
(outdated)

Medium

None

/aramaaranan=lqk2s Switzerland
(outdated)

Medium

None

/pblp7

Switzerland
(outdated)

Medium

None

/k/pgbld

Switzerland
(outdated)

Medium

None

/47k61

Switzerland
(outdated)

Germany (outdated)

Page 62

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

Service Pagina Web

App Pagina Web Protocol

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

App Pagina Web Protocol

Post Request Missing Content

Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type
Post Request Missing Content
Type

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'

Medium

None

/qavkv

Switzerland
(outdated)

Medium

None

/k/geg6c

Switzerland
(outdated)

Medium

None

/k6d3c

Switzerland
(outdated)

Medium

None

/aramaaranan=lqd3k Switzerland
(outdated)

Medium

None

/aramaaranan=1vq2
g

Switzerland
(outdated)

Medium

None

/k/pdl7h

Switzerland
(outdated)

Medium

None

/xpb3u

Switzerland
(outdated)

Medium

None

/k/0uo5d

Switzerland
(outdated)

Medium

None

/pgi63

Switzerland
(outdated)

Medium

None

/fto8t

Switzerland
(outdated)

Medium

None

/n3w2y

Switzerland
(outdated)

Medium

None

/k/3qvpa

Switzerland
(outdated)

Medium

None

/k/updbj

Switzerland
(outdated)

Medium

None

/aramaaranan=gznt
q

Switzerland
(outdated)

Medium

None

/w8do5

Switzerland
(outdated)

Page 63

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

11/26/2015
5:50:42 PM

11/26/2015
8:21:46 PM

11/26/2015
5:52:54 PM

11/26/2015
11:55:25 PM

12

Service Pagina Web

App Pagina Web Protocol

11/26/2015
6:19:33 PM

11/26/2015
6:23:45 PM

Service Pagina Web

App Pagina Web Protocol

Redundant HTTP
Headers

11/26/2015
6:24:11 PM

11/26/2015
6:24:41 PM

Service Pagina Web

App Pagina Web Protocol

Illegal Byte Code

Character in
Parameter Value

11/26/2015
6:32:09 PM

11/26/2015
10:57:38 PM

Service Pagina Web

App Pagina Web Protocol

Illegal HTTP Version

11/26/2015
6:32:09 PM

11/26/2015
10:57:38 PM

Service Pagina Web

App Pagina Web Protocol

Illegal HTTP Version

11/26/2015
6:32:09 PM

11/26/2015
9:48:11 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
6:32:09 PM

11/26/2015
9:48:11 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
6:32:09 PM

11/26/2015
9:48:11 PM

Service Pagina Web

App Pagina Web Protocol

11/26/2015
6:32:10 PM

11/26/2015
6:32:10 PM

Service Pagina Web

App Pagina Web Protocol

Illegal Byte Code

Character in Header
Name
Illegal Byte Code
Character in Header
Name
Illegal Byte Code
Character in Header
Name
Unknown HTTP
Request Method

11/26/2015
7:01:58 PM
11/26/2015
7:20:06 PM

11/26/2015
7:01:58 PM
11/26/2015
8:00:40 PM

Service Pagina Web

App Pagina Web Worm

Web Worm

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

App Pagina Web Protocol

Post Request Missing Content

Type
Malformed SOAP
Message

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Multiple Post
Request - Missing
Content Type: 'none'
Multiple Malformed
SOAP Message from
172.245.123.105
Redundant HTTP
Headers from
78.183.13.119
Multiple Illegal Byte
Code Character in
Parameter Value
from 77.46.96.96
Multiple Illegal HTTP
Version from
88.119.250.36
Multiple Illegal HTTP
Version from
88.119.250.36
Distributed Illegal
Byte Code Character
in Header Name
Distributed Illegal
Byte Code Character
in Header Name
Distributed Illegal
Byte Code Character
in Header Name
Unknown HTTP
Request Method <hr
in URL
2ddl.downloadntenta
ndo ingresar no
est&aacute;
permitido, por favor
ingresar un&nbsp;
par&aacute;metro&n
bsp;
v&aacute;lido</>
Access to: /cgibin/suchen.pl
Multiple CVE-20148670: vBulletin
'go.php' url
Parameter Open
Redirect(+) from
192.249.64.154

Medium

None

/aramaaranan=nn9p Switzerland
2
(outdated)

Medium

None

/downloadapi.asmx

United States of
America (outdated)

Medium

None

/resources/login

Turkey (outdated)

Medium

None

/announce

Poland (outdated)

High

Block

High

Block

/>

Lithuania (outdated)

High

Block

/>

Lithuania (outdated)

High

Block

High

Block

www.stoiximan.gr:44 United Kingdom of

3
Great Britain
(outdated)
Lithuania (outdated)

High

Block

/>

Lithuania (outdated)

High

Block

/cgi-bin/suchen.pl

France (outdated)

High

Block

/signin

United States of
America (outdated)

Lithuania (outdated)

Page 64

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
7:20:06 PM

11/26/2015
8:00:40 PM

11/26/2015
7:20:06 PM

11/26/2015
8:00:40 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
7:49:49 PM

11/26/2015
7:49:49 PM

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
7:50:06 PM

11/26/2015
8:10:32 PM

Service Pagina Web

App Pagina Web Worm

Web Worm

11/26/2015
7:50:06 PM

11/26/2015
8:10:32 PM

Service Pagina Web

App Pagina Web Worm

Web Worm

11/26/2015
7:50:14 PM

11/26/2015
7:50:14 PM

Service Pagina Web

App Pagina Web Profile

Parameter Type
Violation

11/26/2015
8:33:07 PM

11/26/2015
8:40:36 PM

Service Pagina Web

App Pagina Web Worm

Web Worm

11/26/2015
8:46:49 PM

11/26/2015
8:46:49 PM

Service Pagina Web

App Pagina Web Protocol

Unknown HTTP
Request Method

11/26/2015
9:00:25 PM

11/26/2015
10:55:27 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
9:06:47 PM

11/26/2015
10:44:04 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Multiple CVE-20148670: vBulletin

'go.php' url
Parameter Open
Redirect(+) from
192.249.64.154
Multiple CVE-20148670: vBulletin
'go.php' url
Parameter Open
Redirect(+) from
192.249.64.154
Parameter Type
Violation
vb_login_username
in
www.mihangsm.com
/forum/login.php
Multiple URL worm
attacks from
192.249.64.154
Multiple URL worm
attacks from
192.249.64.154
Parameter Type
Violation Itemid in
www.kinect.lt/index.
php
Multiple URL worm
attacks from
219.167.221.234
Unknown HTTP
Request Method <hr
in URL
2ddl.download&aacu
te;metro&nbsp;
v&aacute;lido</>
Distributed Robot
site scan attempt
4(+)
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 3(+)

High

Block

/duow.asp

United States of
America (outdated)

High

Block

/index.php

United States of
America (outdated)

Medium

None

/forum/login.php

South Africa
(outdated)

High

Block

/cgi/mailafriend

United States of
America (outdated)

High

Block

/cgi/jump

United States of
America (outdated)

Medium

None

/index.php

United States of
America (outdated)

High

Block

/bin/get

Japan (outdated)

High

Block

/>

Lithuania (outdated)

High

Block

/feedback.php

United States of
America (outdated)

Low

None

/disk23/file.php

Japan (outdated)

Page 65

Alert Start Time Alert End Time

Num. Service
of
Events
4
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
9:06:47 PM

11/26/2015
10:44:04 PM

11/26/2015
9:06:47 PM

11/26/2015
10:44:04 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
9:06:47 PM

11/26/2015
10:44:04 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
9:06:47 PM

11/26/2015
10:44:04 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
9:06:47 PM

11/26/2015
10:44:04 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
9:06:47 PM

11/26/2015
10:44:04 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
9:09:40 PM

11/26/2015
9:09:40 PM

Service Pagina Web

App Pagina Web Signature

HTTP Signature
Violation

11/26/2015
9:39:55 PM

11/26/2015
9:40:07 PM

Service Pagina Web

App Conasec

Cookie Tampering

11/26/2015
10:36:27 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:27 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Profile

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 3(+)
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 3(+)
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 3(+)
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 3(+)
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 3(+)
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 3(+)
CVE-20113192:Apache_httpd_
Remote_Denial_of_S
ervice_ME
Cookie Tampering on
cookie
HstCmu1953962:
Expected
1445221643577,
Observed
1448603124255
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code

Low

None

/disk38/file.php

Japan (outdated)

Low

None

/ajax/services/search Taiwan (outdated)

/web

Low

None

Low

None

/disk18/file.php

Japan (outdated)

Low

None

/disk20/file.php

Japan (outdated)

Low

None

/disk14/file.php

Japan (outdated)

High

Block

/sites/default/files/rv
m-nro_023-2015-invgi.pdf

Peru (outdated)

Medium

Block

/index.php

Peru (outdated)

Medium

None

/disk18/file.php

Japan (outdated)

Medium

None

/judge/

United States of
America (outdated)

United States of
America (outdated)

Page 66

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:27 PM

11/27/2015
5:30:08 AM

11/26/2015
10:36:27 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:27 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:27 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:27 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:27 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:27 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:27 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:27 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:36:27 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:52:55 PM

11/27/2015
5:27:22 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:52:55 PM

11/27/2015
5:27:22 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
10:52:55 PM

11/27/2015
5:27:22 AM

Service Pagina Web

App Pagina Web Custom

11/26/2015
10:52:55 PM

11/27/2015
5:27:22 AM

Service Pagina Web

App Pagina Web Custom

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code

Medium

None

France (outdated)

Medium

None

Medium

None

Medium

None

Medium

None

Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed Bloqueo
CPanel

Medium

/contributor/211213/
name/capriorohinaldo

United States of
America (outdated)
United States of
America (outdated)

None

/cars/inventorylisting
/ajaxfetchsubsetinve
ntorylisting.action
/wpcontent/headlines/sh
op_cos_237.html
/cars-forsale/cars/newcars/bmw/328i
xdrive/
/used-car-finder

Medium

None

/members/index.php

France (outdated)

Medium

None

Medium

None

/profiles/blogs/dance France (outdated)

-mat-typing-gamesfor-little-ones
/judge.php
France (outdated)

Medium

None

/api/user/login

France (outdated)

High

Block

Colombia (outdated)

Distributed Bloqueo
CPanel

High

Block

Custom Violation

Distributed Bloqueo
CPanel

High

Block

Custom Violation

Distributed Bloqueo
CPanel

High

Block

/sites/all/modules/ad
min_menu/admin_de
vel/admin_devel.js
/admin/archivos/180
62012111113_cuadr
o_consolidado_mayo
2012_pnp.pdf
/admin/archivos/151
02013151035_acta
resultado preliminar
proceso cas 247.pdf
/admin/archivos/060
12012170754_result
ado preliminar cas
132.pdf

France (outdated)

United States of
America (outdated)

United States of
America (outdated)

Germany (outdated)

Germany (outdated)

Germany (outdated)

Page 67

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Custom

Alert Description

Severity Immediate URL

Action

Custom Violation

Distributed Bloqueo
CPanel

High

Block

Source
GeoLocation

11/26/2015
10:52:55 PM

11/27/2015
5:27:22 AM

11/26/2015
10:52:55 PM

11/27/2015
5:27:22 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Distributed Bloqueo
CPanel

High

Block

11/26/2015
10:57:38 PM

11/26/2015
10:57:38 PM

Service Pagina Web

App Pagina Web Protocol

Unknown HTTP
Request Method

High

Block

11/26/2015
10:57:38 PM

11/26/2015
10:57:38 PM

Service Pagina Web

App Pagina Web Protocol

Illegal Byte Code

Character in Header
Name

High

Block

/>

11/26/2015
10:57:38 PM

11/26/2015
10:57:38 PM

Service Pagina Web

App Pagina Web Protocol

Illegal Byte Code

Character in Header
Name

High

Block

11/26/2015
10:58:33 PM
11/26/2015
10:58:33 PM

11/27/2015
5:17:43 AM
11/27/2015
5:17:43 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Low

None

/phpinfo.php

Service Pagina Web

App Pagina Web Custom

Custom Violation

Unknown HTTP
Request Method <hr
in URL
albumdl.comst&aacu
te; intentando
ingresar no
est&aacute;
permitido, por favor
ingresar un&nbsp;
par&aacute;metro&n
bsp;
v&aacute;lido</>
Multiple Illegal Byte
Code Character in
Header Name from
88.119.250.36
Multiple Illegal Byte
Code Character in
Header Name from
88.119.250.36
Distributed HTML
Injection
Distributed HTML
Injection

/admin/archivos/110 Germany (outdated)

72012110849_cuadr
o_consolidado_jun20
12_pnp.pdf
/admin.hosting.sure Poland (outdated)
west.net/phpinfo/php
info
/>
Lithuania (outdated)

Low

None

11/26/2015
10:58:33 PM
11/26/2015
10:58:33 PM
11/26/2015
10:58:33 PM
11/26/2015
10:58:33 PM
11/26/2015
10:58:33 PM
11/26/2015
10:58:33 PM
11/26/2015
11:07:56 PM

11/27/2015
5:17:43 AM
11/27/2015
5:17:43 AM
11/27/2015
5:17:43 AM
11/27/2015
5:17:43 AM
11/27/2015
5:17:43 AM
11/27/2015
5:17:43 AM
11/27/2015
5:24:16 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Low

None

Service Pagina Web

App Pagina Web Custom

Custom Violation

Low

None

Service Pagina Web

App Pagina Web Custom

Custom Violation

Low

None

Service Pagina Web

App Pagina Web Custom

Custom Violation

Low

None

Service Pagina Web

App Pagina Web Custom

Custom Violation

Low

Service Pagina Web

App Pagina Web Custom

Custom Violation

16

Service Pagina Web

App Pagina Web Worm

Web Worm

Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Web Worm from
190.213.144.152

/info.php/rk=0/rs=9t France (outdated)

hvoc87f_xzq5xrqclnh
.wdbl8/auktion/phpinfo.php France (outdated)

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Lithuania (outdated)

Lithuania (outdated)

Poland (outdated)

France (outdated)

None

/pergamumold/info.p
hp
/search/search_pd.as
p
/test/php/php_info.ph
p
/test.php

Low

None

/test

France (outdated)

High

Block

/cgi-bin/auth

Trinidad and Tobago

(outdated)

Poland (outdated)
Poland (outdated)
France (outdated)

Page 68

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI

Medium

None

disqus.com:443

United States of
America (outdated)

Medium

None

www.google.com:44
3

United States of
America (outdated)

High

Block

www.google.com:44
3

United States of
America (outdated)

High

Block

twitter.com:443

Netherlands
(outdated)

High

Block

45.33.54.195:80

France (outdated)

High

Block

authserver.mojang.c
om:443

Croatia (outdated)

Medium

None

45.33.54.195:80

France (outdated)

Medium

None

twitter.com:443

Netherlands
(outdated)

Medium

None

www.bookryanair.co
m:443

Lithuania (outdated)

Medium

None

www.iFrance (outdated)
comparateur.com:80

Medium

None

m.bonton.com:443

United States of
America (outdated)

High

Block

disqus.com:443

United States of
America (outdated)

High

Block

www.iFrance (outdated)
comparateur.com:80

High

Block

members.blacked.co Netherlands
m:443
(outdated)

High

Block

www.paypal.com:44
3

Italy (outdated)

Page 69

Alert Start Time Alert End Time

Num. Service
of
Events
1
Service Pagina Web

Application

Alert Type Alert Name

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:09:32 PM

11/27/2015
5:30:08 AM

Service Pagina Web

App Pagina Web Custom

Custom Violation

11/26/2015
11:52:33 PM

11/27/2015
5:30:08 AM

Service Pagina Web

Protocol

Illegal Byte Code

Character in Method

11/26/2015
11:52:33 PM

11/27/2015
5:30:08 AM

Service Pagina Web

Protocol

Illegal Byte Code

Character in Method

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Distributed CVE2011-3368: Apache

Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method

High

Block

45.33.54.195:80

Lithuania (outdated)

Medium

None

android.clients.googl Peru (outdated)

e.com:443

High

Block

45.33.54.195:80

Greece (outdated)

Medium

None

www.paypal.com:44
3

Italy (outdated)

High

Block

www.bookryanair.co
m:443

Lithuania (outdated)

Medium

None

members.blacked.co Netherlands
m:443
(outdated)

Medium

None

soundcloud.com:443 Germany (outdated)

High

Block

m.bonton.com:443

High

Block

soundcloud.com:443 Germany (outdated)

Medium

None

45.33.54.195:80

Lithuania (outdated)

Medium

None

authserver.mojang.c
om:443

Croatia (outdated)

Medium

None

45.33.54.195:80

Greece (outdated)

High

Block

android.clients.googl Peru (outdated)

e.com:443

High

Block

Colombia (outdated)

High

Block

Germany (outdated)

United States of
America (outdated)

Page 70

Alert Start Time Alert End Time

11/26/2015
11:52:33 PM

11/27/2015
5:30:08 AM

11/26/2015
11:58:27 PM

11/26/2015
11:58:27 PM

Num. Service
of
Events
2
Service Pagina Web

Application

Service Pagina Web

App Conasec

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Protocol

Illegal Byte Code

Character in Method

Block

Profile

Cookie Tampering

Distributed Illegal
High
Byte Code Character
in Method
Cookie Tampering on Medium
cookie
HstCmu1953962:
Expected
1444662050383,
Observed
1448600327852

Protocol

Illegal Byte Code

Character in Method

Multiple Illegal Byte

Code Character in
Method from
93.174.93.218
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Multiple Illegal Byte
Code Character in
Method from
212.83.175.48
CVE-2011-3368:
Apache Malformed
URI
Hazardous HTTP
request methods
Multiple Illegal Byte
Code Character in
Method from
212.83.190.184

High

Block

Medium

None

www.google.pl:443

United States of
America (outdated)

Medium

None

www.google.pl:443

France (outdated)

High

Block

www.google.pl:443

United States of
America (outdated)

High

Block

www.google.pl:443

France (outdated)

High

Block

High

Block

s.yimg.com:443

United States of
America (outdated)

Medium

None

s.yimg.com:443

High

Block

United States of
America (outdated)
France (outdated)

Block

Source
GeoLocation
Australia (outdated)

/obnasec/scripts/jque Peru (outdated)

ry-1.7.2.min.js

Service: Service Sigaweb

11/26/2015
12:46:57 AM

11/26/2015
12:46:57 AM

Service Sigaweb

11/26/2015
12:52:21 AM

11/27/2015
12:10:28 AM

Service Sigaweb

App Sigaweb

Custom

Custom Violation

11/26/2015
12:52:21 AM

11/27/2015
12:10:28 AM

Service Sigaweb

App Sigaweb

Custom

Custom Violation

11/26/2015
12:52:21 AM

11/27/2015
12:10:28 AM

Service Sigaweb

App Sigaweb

Custom

Custom Violation

11/26/2015
12:52:21 AM

11/27/2015
12:10:28 AM

Service Sigaweb

App Sigaweb

Custom

Custom Violation

11/26/2015
3:30:44 AM

11/26/2015
7:05:08 AM

Service Sigaweb

Protocol

Illegal Byte Code

Character in Method

11/26/2015
4:24:14 AM

11/26/2015
9:12:32 PM

Service Sigaweb

App Sigaweb

Custom

Custom Violation

11/26/2015
4:24:14 AM
11/26/2015
4:32:51 AM

11/26/2015
9:12:32 PM
11/26/2015
8:30:18 AM

Service Sigaweb

App Sigaweb

Custom

Custom Violation

Service Sigaweb

Protocol

Illegal Byte Code

Character in Method

Netherlands
(outdated)

France (outdated)

Service:

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Page 71

Alert Start Time Alert End Time

Num. Service
of
Events
2

Application

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Firewall

SSL Untraceable
Connection

Multiple Untraceable
SSL Sessions from
201.240.112.33
(Protocol violation
(SSL_CONN_APPLICA
TION_DATA_EXCHAN
GE))
Multiple Untraceable
SSL Sessions from
190.238.13.186
(Protocol violation
(SSL_CONN_SERVER_
FINISH_RESUMED_SE
SSION))
Multiple Untraceable
SSL Sessions from
181.64.223.220
(Open Mode)
SSL Untraceable
Connection Protocol violation
(SSL_CONN_CLIENT_
HELLO)
Untraceable SSL
Sessions:
Unsupported Legacy
SSL Version
Untraceable SSL
Sessions: Protocol
violation
(SSL_CONN_SERVER_
FINISH_RESUMED_SE
SSION)
SSL Untraceable
Connection Protocol violation
(SSL_CONN_CLIENT_
HELLO)
Untraceable SSL
Sessions: Open Mode
Multiple Untraceable
SSL Sessions from
191.98.191.8
(Unsupported
Legacy SSL Version)

Informat None
ive

Peru (outdated)

Informat None
ive

Peru (outdated)

Informat None
ive

Peru (outdated)

Informat None
ive

Netherlands
(outdated)

Informat None
ive

Germany (outdated)

Informat None
ive

Peru (outdated)

Informat None
ive

Peru (outdated)

Informat None
ive
Informat None
ive

Peru (outdated)

11/26/2015
12:03:11 AM

11/26/2015
12:15:11 AM

11/26/2015
1:17:58 AM

11/26/2015
1:28:58 AM

Firewall

SSL Untraceable
Connection

11/26/2015
2:02:23 AM

11/26/2015
2:13:24 AM

Firewall

SSL Untraceable
Connection

11/26/2015
5:03:49 AM

11/26/2015
7:06:28 AM

Firewall

SSL Untraceable
Connection

11/26/2015
6:31:19 AM

11/26/2015
6:42:19 AM

Firewall

SSL Untraceable
Connection

11/26/2015
6:56:50 AM

11/27/2015
12:34:12 AM

100

Firewall

SSL Untraceable
Connection

11/26/2015
7:25:15 AM

11/26/2015
6:11:56 PM

Firewall

SSL Untraceable
Connection

11/26/2015
8:23:32 AM
11/26/2015
9:20:49 AM

11/26/2015
9:59:32 PM
11/26/2015
9:31:49 AM

59

Firewall

Firewall

SSL Untraceable
Connection
SSL Untraceable
Connection

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Peru (outdated)

Page 72

Alert Start Time Alert End Time

Num. Service
of
Events
2

Application

Alert Type Alert Name

Alert Description

Severity Immediate URL

Action

Source
GeoLocation

Firewall

SSL Untraceable
Connection

SSL Untraceable
Connection Protocol violation
(SSL_CONN_APPLICA
TION_DATA_EXCHAN
GE)
Untraceable SSL
Sessions: Protocol
violation
(SSL_CONN_CLIENT_
HELLO)
Untraceable SSL
Sessions: Protocol
violation
(SSL_CONN_CLIENT_
HELLO)
SSL Untraceable
Connection Unknown SSL
Session
Untraceable SSL
Sessions:
Unsupported Legacy
SSL Version
Multiple Untraceable
SSL Sessions from
190.234.99.143
(Protocol violation
(SSL_CONN_CLIENT_
KEY_EXCHANGE))
Multiple Untraceable
SSL Sessions from
181.176.193.3
(Unsupported
Legacy SSL Version)
Multiple Untraceable
SSL Sessions from
190.42.17.123
(Unknown SSL
Session)
Untraceable SSL
Sessions: Open Mode
SSL Untraceable
Connection Unsupported Legacy
SSL Version

Informat None
ive

Peru (outdated)

Informat None
ive

Peru (outdated)

Informat None
ive

United States of
America (outdated)

Informat None
ive

Peru (outdated)

Informat None
ive

Peru (outdated)

Informat None
ive

Peru (outdated)

Informat None
ive

Peru (outdated)

Informat None
ive

Peru (outdated)

Informat None
ive
Informat None
ive

Ecuador (outdated)

11/26/2015
9:28:27 AM

11/26/2015
8:56:23 PM

11/26/2015
10:15:25 AM

11/26/2015
10:15:34 AM

Firewall

SSL Untraceable
Connection

11/26/2015
10:15:25 AM

11/26/2015
10:15:34 AM

Firewall

SSL Untraceable
Connection

11/26/2015
10:31:01 AM

11/26/2015
5:11:47 PM

Firewall

SSL Untraceable
Connection

11/26/2015
12:28:14 PM

11/26/2015
12:57:25 PM

Firewall

SSL Untraceable
Connection

11/26/2015
1:20:47 PM

11/26/2015
1:31:47 PM

Firewall

SSL Untraceable
Connection

11/26/2015
2:09:10 PM

11/26/2015
2:19:42 PM

Firewall

SSL Untraceable
Connection

11/26/2015
2:32:30 PM

11/26/2015
2:43:30 PM

Firewall

SSL Untraceable
Connection

11/26/2015
3:26:42 PM
11/26/2015
6:15:55 PM

11/26/2015
9:59:32 PM
11/26/2015
6:15:55 PM

Firewall

Firewall

SSL Untraceable
Connection
SSL Untraceable
Connection

Reporte diario de Ataques ante Intrusiones Externas

Administrator | November 27, 2015 5:30:11 AM

Peru (outdated)

Page 73