Académique Documents
Professionnel Documents
Culture Documents
Data Scope
Name
Source GeoLocation
Time frame
Operation
Not equals
Between
Values
Internal network
From: 11/26/15 12:00:00 AM To: 11/26/15 11:59:59
PM
Page 2
Immediate Action
Block
None
Page 3
Service
Service Aplicaciones Java
Service Aplicaciones Java
Service Pagina Web
Service Pagina Web
Service Sigaweb
Service Sigaweb
Immediate Action
Block
None
Block
None
Block
None
None
Num. of Events
32
455
905
1,531
38
19
199
Page 4
Service
Service Aplicaciones Java
Service Aplicaciones Java
Service Pagina Web
Service Pagina Web
Service Sigaweb
Service Sigaweb
Immediate Action
Block
None
Block
None
Block
None
Page 5
Service
Immediate Action
None
Criticidad de ataques
Service
Service Aplicaciones Java
Service Aplicaciones Java
Service Aplicaciones Java
Severity
Low
Medium
High
Num. of Events
31
431
25
Page 6
Service
Service Pagina Web
Service Pagina Web
Service Pagina Web
Service Sigaweb
Service Sigaweb
Severity
Low
Medium
High
Medium
High
Informative
Num. of Events
165
1,377
894
19
38
199
Page 7
Geolocalizacin
Source GeoLocation
Algeria
Argentina
Australia
Australia
Austria
Bolivia, Plurinational State of
Brazil
Brazil
Immediate Action
Block
Block
Block
None
Block
Block
Block
None
Num. of Events
1
3
47
45
1
1
39
40
Page 8
Source GeoLocation
Bulgaria
Canada
Canada
Chile
Colombia
Croatia
Croatia
Czech Republic
Ecuador
Ecuador
Egypt
France
France
Georgia
Germany
Germany
Greece
Greece
India
India
Iran, Islamic Republic of
Ireland
Israel
Israel
Italy
Italy
Japan
Japan
Kazakhstan
Korea, Republic of
Korea, Republic of
Immediate Action
Block
Block
None
Block
Block
Block
None
None
Block
None
Block
Block
None
Block
Block
None
Block
None
Block
None
Block
None
Block
None
Block
None
Block
None
Block
Block
None
Num. of Events
2
17
5
6
2
16
16
1
11
1
2
1,040
195
2
600
114
1
1
1
3
8
68
53
53
9
9
16
21
7
200
4
Page 9
Source GeoLocation
Lithuania
Lithuania
Macedonia, the former Yugoslav Republic of
Macedonia, the former Yugoslav Republic of
Mexico
Moldova, Republic of
Morocco
Morocco
Netherlands
Netherlands
Pakistan
Peru
Peru
Philippines
Poland
Poland
Portugal
Portugal
Romania
Romania
South Africa
Spain
Switzerland
Switzerland
Taiwan
Thailand
Thailand
Trinidad and Tobago
Turkey
Turkey
United Kingdom of Great Britain
Immediate Action
Block
None
Block
None
Block
Block
Block
None
Block
None
None
Block
None
None
Block
None
Block
None
Block
None
None
Block
Block
None
None
Block
None
Block
Block
None
Block
Num. of Events
599
9
4
4
2
1
4
4
65
44
2
500
941
1
37
22
2
7
18
18
2
6
1
30
10
1
1
16
1
12
3,631
Page 10
Source GeoLocation
United Kingdom of Great Britain
United States of America
United States of America
Uruguay
Immediate Action
None
Block
None
Block
Num. of Events
15
442
706
1
Listado de ataques
Alert Start Time Alert End Time
Num. Service
of
Events
Application
Alert Description
Source
GeoLocation
Parameter Type
Violation
txtbuscar_doc in
aplicaciones.mininte
r.gob.pe/sige/simpri
mirhtllenada
Parameter Type
Violation txt_login in
aplicaciones.mininte
r.gob.pe/sige/susuari
ovalidar
Parameter Type
Violation hid_doc in
aplicaciones.mininte
r.gob.pe/sige/simpri
mirhtllenada
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/imprim
ir.jsp parameter
orgdesc
Distributed Too
Many of the Same
Response Code
(404)
Distributed Too
Many of the Same
Response Code
(404)
Medium
None
/sige/simprimirhtllen
ada
Peru (outdated)
Medium
None
/sige/susuariovalidar
Peru (outdated)
Medium
None
/sige/simprimirhtllen
ada
Peru (outdated)
Medium
None
/sige/imprimir.jsp
Peru (outdated)
Low
None
/sige/css/calendarsystem.css
Peru (outdated)
Low
None
/includes/form.css
Peru (outdated)
11/26/2015
4:53:16 AM
Profile
Parameter Type
Violation
11/26/2015
7:42:20 AM
11/26/2015
7:42:20 AM
Profile
Parameter Type
Violation
11/26/2015
7:53:17 AM
11/26/2015
4:30:05 PM
Profile
Parameter Type
Violation
11/26/2015
7:53:38 AM
11/26/2015
2:03:24 PM
Profile
Parameter Type
Violation
11/26/2015
8:04:20 AM
11/26/2015
8:04:27 PM
11/26/2015
8:04:20 AM
11/26/2015
8:04:27 PM
Page 11
Num. Service
Application
of
Events
6
Service Aplicaciones App Sige
Java
Alert Description
Source
GeoLocation
Distributed Too
Many of the Same
Response Code
(404)
Distributed Too
Many of the Same
Response Code
(404)
Distributed Too
Many of the Same
Response Code
(404)
Distributed Too
Many of the Same
Response Code
(404)
Parameter Type
Violation filtro4 in
aplicaciones.mininte
r.gob.pe/sige/sbande
jacomun
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sbande
jacomun parameter
filtro1
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentointernoregistra
r parameter
txt_sumilla
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Low
None
/sige/js/calendarsetup.js
Peru (outdated)
Low
None
/favicon.ico
Peru (outdated)
Low
None
/sige/js/calendar.js
Peru (outdated)
Low
None
/sige/js/calendares.js
Peru (outdated)
Medium
None
Medium
None
Medium
None
/sige/sdocumentoint
ernoregistrar
Peru (outdated)
Medium
None
Peru (outdated)
Medium
None
/sige/documentosge
neradosconsultarlist
ado.jsp
/sige/regdocinterno.j
sp
Medium
None
11/26/2015
8:04:20 AM
11/26/2015
8:04:27 PM
11/26/2015
8:04:20 AM
11/26/2015
8:04:27 PM
11/26/2015
8:04:20 AM
11/26/2015
8:04:27 PM
11/26/2015
8:04:20 AM
11/26/2015
8:04:27 PM
11/26/2015
8:05:59 AM
11/26/2015
8:05:59 AM
Profile
Parameter Type
Violation
11/26/2015
8:10:50 AM
11/26/2015
7:12:03 PM
14
Profile
Parameter Type
Violation
11/26/2015
8:20:14 AM
11/26/2015
1:13:02 PM
20
Profile
Parameter Type
Violation
11/26/2015
8:26:21 AM
11/26/2015
9:47:57 PM
17
Custom
Custom Violation
11/26/2015
8:26:21 AM
11/26/2015
7:27:07 PM
Custom
Custom Violation
11/26/2015
8:26:21 AM
11/26/2015
7:27:07 PM
Custom
Custom Violation
Peru (outdated)
Page 12
Num. Service
Application
of
Events
1
Service Aplicaciones App Sige
Java
Alert Description
Custom
Custom Violation
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Cookie Tampering on
cookie mstnc:
Expected 1,
Observed 2
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sbusca
roficina parameter
hid_org
Automated
Vulnerability
Scanning
Parameter Type
Violation filtro1 in
aplicaciones.mininte
r.gob.pe/sige/bandej
acomun.jsp
Parameter Type
Violation
txtRemitente in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentosgeneradosco
nsulta
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sbande
jacomun parameter
filtro2
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/bandej
acomun.jsp
parameter filtro2
Medium
None
Medium
None
/sige/derivardocume
nto.jsp
Peru (outdated)
Medium
Block
/sige/susuariovalidar
Peru (outdated)
Medium
None
/sige/sbuscaroficina
Peru (outdated)
High
Block
/sige/js/calendarsetup.js
Peru (outdated)
Medium
None
Medium
None
Medium
None
Medium
None
11/26/2015
8:26:21 AM
11/26/2015
7:27:07 PM
11/26/2015
8:26:21 AM
11/26/2015
9:47:57 PM
Custom
Custom Violation
11/26/2015
8:34:08 AM
11/26/2015
8:34:36 AM
Profile
Cookie Tampering
11/26/2015
8:37:46 AM
11/26/2015
8:46:40 AM
Profile
Parameter Type
Violation
11/26/2015
8:49:48 AM
11/26/2015
8:49:48 AM
Custom
Custom Violation
11/26/2015
8:57:32 AM
11/26/2015
7:12:03 PM
Profile
Parameter Type
Violation
11/26/2015
9:02:59 AM
11/26/2015
3:38:50 PM
Profile
Parameter Type
Violation
11/26/2015
9:05:54 AM
11/26/2015
2:04:08 PM
11
Profile
Parameter Type
Violation
11/26/2015
9:05:54 AM
11/26/2015
1:26:24 PM
10
Profile
Parameter Type
Violation
Source
GeoLocation
Page 13
Num. Service
Application
of
Events
5
Service Aplicaciones App Sige
Java
Alert Description
Profile
Parameter Type
Violation
Parameter Type
Violation
txtDescripcionOrgani
zacion in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentoexternoregistr
ar
Parameter Type
Violation
textarea_oficina in
aplicaciones.mininte
r.gob.pe/sige/smodifi
carinternograbar
Parameter Type
Violation
txtDocumento in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentosgeneradosco
nsulta
Parameter Type
Violation
txt_observaciones in
aplicaciones.mininte
r.gob.pe/sige/srespo
nderregistrar
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentoexternoregistr
ar parameter
txtNroDocumento
Parameter Type
Violation
txt_observaciones in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentointernoregistra
r
Parameter Type
Violation Efecha_ini1
in
aplicaciones.mininte
r.gob.pe/sige/sbande
jacomun
Medium
None
Medium
None
/sige/smodificarinter
nograbar
Medium
None
Medium
None
/sige/sresponderregi
strar
Medium
None
Medium
None
/sige/sdocumentoint
ernoregistrar
Medium
None
11/26/2015
9:09:07 AM
11/26/2015
6:07:01 PM
11/26/2015
9:13:22 AM
11/26/2015
5:15:51 PM
Profile
Parameter Type
Violation
11/26/2015
9:14:48 AM
11/26/2015
8:45:22 PM
Profile
Parameter Type
Violation
11/26/2015
9:16:04 AM
11/26/2015
3:28:56 PM
Profile
Parameter Type
Violation
11/26/2015
9:18:41 AM
11/26/2015
12:21:29 PM
Profile
Parameter Type
Violation
11/26/2015
9:21:43 AM
11/26/2015
9:21:43 AM
Profile
Parameter Type
Violation
11/26/2015
9:21:49 AM
11/26/2015
9:21:49 AM
Profile
Parameter Type
Violation
Source
GeoLocation
Peru (outdated)
Peru (outdated)
Peru (outdated)
Page 14
Num. Service
Application
of
Events
12
Service Aplicaciones App Sige
Java
Alert Description
Source
GeoLocation
Profile
Parameter Type
Violation
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/susuari
ovalidar parameter
txt_login
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentosgeneradosco
nsulta parameter
txtHojaTramite
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/simpri
mirhtllenada
parameter
txtbuscar_doc
Parameter Type
Violation
datoDependencia in
aplicaciones.mininte
r.gob.pe/sigu/ldep.js
p
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentosgeneradosco
nsulta parameter
txtusuario
Parameter Type
Violation nom in
aplicaciones.mininte
r.gob.pe/sigu/usuario
.do
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/scomb
ouo parameter
rndval
Medium
None
/sige/susuariovalidar
Peru (outdated)
Medium
None
Medium
None
/sige/simprimirhtllen
ada
Peru (outdated)
Medium
None
/sigu/ldep.jsp
Peru (outdated)
Medium
None
Medium
None
/sigu/usuario.do
Peru (outdated)
Medium
None
/sige/scombouo
Peru (outdated)
11/26/2015
9:33:42 AM
11/26/2015
5:52:25 PM
11/26/2015
9:39:32 AM
11/26/2015
3:14:51 PM
19
Profile
Parameter Type
Violation
11/26/2015
9:46:18 AM
11/26/2015
12:14:55 PM
12
Profile
Parameter Type
Violation
11/26/2015
9:54:49 AM
11/26/2015
10:09:01 AM
Profile
Parameter Type
Violation
11/26/2015
10:01:22 AM
11/26/2015
10:04:54 AM
Profile
Parameter Type
Violation
11/26/2015
10:08:10 AM
11/26/2015
10:08:10 AM
Profile
Parameter Type
Violation
11/26/2015
10:22:46 AM
11/26/2015
10:58:52 AM
Profile
Parameter Type
Violation
Page 15
Num. Service
Application
of
Events
3
Service Aplicaciones App Sige
Java
Alert Description
Source
GeoLocation
Profile
Parameter Type
Violation
Parameter Type
Violation txtArchivo
in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentointernoregistra
r
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentosgeneradosco
nsulta parameter
txtDocumento
Unknown HTTP
Request Method
Xw[[#14]][t)N
X}[[#26]]m&
|[[#26]]'L_l[[#25]]
([[#20]].T[
[#30]]?[[[#8]][[#2
4]][[#18]][[#19]]~(
%IX[[#19]]u
h[[#2]]~sW[[#2
4]]+[[#27]][[#25
]]c[[#21]] in URL
]du+vv[[#20]]
[[#8]][[#21]]1y
9'qdz[[#16]]
kwxon[[#30]]/[[#1]]
5_<f[[#23]][[
#29]]!
lriu[[#20]]t,
Illegal Byte Code
Character in Method
Xw[[#14]][t)N
X}[[#26]]m&
|[[#26]]'L_l[[#25]]
([[#20]].T[
[#30]]?[[[#8]][[#2
4]][[#18]][[#19]]~(
%IX[[#19]]u
h[[#2]]~sW[[#2
4]]+[[#27]][[#25
]]c[[#21]]
Medium
None
/sige/sdocumentoint
ernoregistrar
Peru (outdated)
Medium
None
High
Block
High
Block
11/26/2015
10:23:01 AM
11/26/2015
10:28:29 AM
11/26/2015
10:24:02 AM
11/26/2015
12:55:04 PM
16
Profile
Parameter Type
Violation
11/26/2015
10:25:36 AM
11/26/2015
10:25:36 AM
Service Aplicaciones
Java
Protocol
Unknown HTTP
Request Method
11/26/2015
10:25:36 AM
11/26/2015
10:25:36 AM
Service Aplicaciones
Java
Protocol
Page 16
Num. Service
Application
of
Events
2
Service Aplicaciones
Java
Alert Description
Protocol
High
Block
Medium
None
/sige/smodificarinter
nograbar
Peru (outdated)
Medium
Block
/sige/susuariovalidar
Peru (outdated)
Medium
None
/sige/sarchivardocu
mentoregistrar
Peru (outdated)
Medium
None
Medium
None
Medium
None
11/26/2015
10:25:36 AM
11/26/2015
10:25:36 AM
11/26/2015
10:35:58 AM
11/26/2015
12:41:57 PM
Profile
Parameter Type
Violation
11/26/2015
11:01:56 AM
11/26/2015
11:01:56 AM
Profile
Cookie Injection
11/26/2015
11:06:11 AM
11/26/2015
6:05:54 PM
Profile
Parameter Type
Violation
11/26/2015
11:12:44 AM
11/26/2015
10:10:00 PM
Profile
Parameter Type
Violation
11/26/2015
11:21:21 AM
11/26/2015
5:48:47 PM
Profile
Parameter Type
Violation
11/26/2015
11:22:01 AM
11/26/2015
12:27:21 PM
Profile
Parameter Type
Violation
Source
GeoLocation
Page 17
Num. Service
Application
of
Events
4
Service Aplicaciones App Sige
Java
Alert Description
Profile
Parameter Type
Violation
Parameter Type
Violation
txtbuscar_doc in
aplicaciones.mininte
r.gob.pe/sige/sbusca
ranexaraexpediente
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentoexternoregistr
ar parameter
txtRemitente
Parameter Type
Violation
txt_contrasena in
aplicaciones.mininte
r.gob.pe/sige/susuari
ovalidar
Parameter Type
Violation
txt_observaciones in
aplicaciones.mininte
r.gob.pe/sige/smodifi
carinternograbar
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sbande
jacomun parameter
filtro4
Parameter Type
Violation combo3 in
aplicaciones.mininte
r.gob.pe/sige/scomb
ouo7
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/srespo
nderregistrar
parameter
hid_siglaorganizacio
n
Medium
None
Medium
None
Medium
None
/sige/susuariovalidar
Peru (outdated)
Medium
None
/sige/smodificarinter
nograbar
Peru (outdated)
Medium
None
Medium
None
/sige/scombouo7
Peru (outdated)
Medium
None
/sige/sresponderregi
strar
Peru (outdated)
11/26/2015
11:22:15 AM
11/26/2015
11:22:26 AM
11/26/2015
11:23:27 AM
11/26/2015
11:55:40 AM
Profile
Parameter Type
Violation
11/26/2015
11:23:36 AM
11/26/2015
11:23:36 AM
Profile
Parameter Type
Violation
11/26/2015
11:23:38 AM
11/26/2015
8:29:47 PM
Profile
Parameter Type
Violation
11/26/2015
11:33:10 AM
11/26/2015
3:08:29 PM
Profile
Parameter Type
Violation
11/26/2015
11:33:22 AM
11/26/2015
10:32:36 PM
Profile
Parameter Type
Violation
11/26/2015
11:34:10 AM
11/26/2015
11:54:47 AM
Profile
Parameter Type
Violation
Source
GeoLocation
Page 18
Num. Service
Application
of
Events
4
Service Aplicaciones App Sige
Java
Alert Description
Profile
Parameter Type
Violation
Parameter Type
Violation filtro4 in
aplicaciones.mininte
r.gob.pe/sige/bandej
acomun.jsp
Parameter Type
Violation
txtHoraInicio in
aplicaciones.mininte
r.gob.pe/sige/smovi
mientosconsultar
Parameter Type
Violation hid_org in
190.235.197.236/sig
e/sbuscaroficina
Parameter Type
Violation
textarea_oficina in
aplicaciones.mininte
r.gob.pe/sige/smodifi
carderivograbar
Parameter Type
Violation asunto in
aplicaciones.mininte
r.gob.pe/sige/desarc
hivar.jsp
Parameter Type
Violation pol in
aplicaciones.mininte
r.gob.pe/sige/scomb
ouo6
Parameter Type
Violation txtAsunto
in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentosgeneradosco
nsulta
Parameter Type
Violation
txtRemitente in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentoexternoregistr
ar
Medium
None
Medium
None
/sige/smovimientosc
onsultar
Peru (outdated)
Medium
None
/sige/sbuscaroficina
Peru (outdated)
Medium
None
Medium
None
/sige/desarchivar.jsp
Peru (outdated)
Medium
None
/sige/scombouo6
Peru (outdated)
Medium
None
Medium
None
11/26/2015
11:36:58 AM
11/26/2015
3:08:29 PM
11/26/2015
11:43:12 AM
11/26/2015
11:43:12 AM
Profile
Parameter Type
Violation
11/26/2015
12:13:54 PM
11/26/2015
12:13:54 PM
Parameter Type
Violation
11/26/2015
12:26:21 PM
11/26/2015
12:26:21 PM
Profile
Parameter Type
Violation
11/26/2015
12:31:55 PM
11/26/2015
12:31:55 PM
Profile
Parameter Type
Violation
11/26/2015
12:36:02 PM
11/26/2015
12:36:02 PM
Profile
Parameter Type
Violation
11/26/2015
12:42:19 PM
11/26/2015
5:35:07 PM
Profile
Parameter Type
Violation
11/26/2015
12:58:20 PM
11/26/2015
2:29:04 PM
Profile
Parameter Type
Violation
Source
GeoLocation
Page 19
Num. Service
Application
Alert Type Alert Name
of
Events
1
Service Aplicaciones Default app java Profile
Parameter Type
Java
Violation
11/26/2015
1:12:55 PM
11/26/2015
1:12:55 PM
11/26/2015
1:22:16 PM
11/26/2015
1:22:16 PM
Parameter Type
Violation
11/26/2015
1:22:50 PM
11/26/2015
1:22:50 PM
Profile
Parameter Type
Violation
11/26/2015
1:22:50 PM
11/26/2015
1:22:50 PM
Profile
Parameter Type
Violation
11/26/2015
1:24:17 PM
11/26/2015
1:24:17 PM
Profile
Parameter Type
Violation
11/26/2015
1:27:08 PM
11/26/2015
4:47:48 PM
Profile
Parameter Type
Violation
11/26/2015
1:28:07 PM
11/26/2015
1:28:07 PM
Profile
Parameter Type
Violation
11/26/2015
1:29:31 PM
11/26/2015
4:09:33 PM
11
Profile
Parameter Type
Violation
Alert Description
Source
GeoLocation
Parameter Type
Violation combo3 in
190.235.197.236/sig
e/scombouo6
Parameter Type
Violation combo6 in
190.235.197.236/sig
e/scombouo7
Parameter Type
Violation
ReqDocumento in
aplicaciones.mininte
r.gob.pe/sige/reiterat
ivos.jsp
Parameter Type
Violation hid_doc in
aplicaciones.mininte
r.gob.pe/sige/sbusca
rreiterativos
Parameter Type
Violation
txt_observacionesU
in
aplicaciones.mininte
r.gob.pe/sige/sasign
aratenciongrabar
Parameter Type
Violation filtro1 in
aplicaciones.mininte
r.gob.pe/sige/sbande
jacomun
Parameter Type
Violation
txt_observaciones in
aplicaciones.mininte
r.gob.pe/sige/sanexa
raexpedienteregistra
r
Parameter Type
Violation
datoNombres in
aplicaciones.mininte
r.gob.pe/sipp/legajo.
do
Medium
None
/sige/scombouo6
Peru (outdated)
Medium
None
/sige/scombouo7
Peru (outdated)
Medium
None
/sige/reiterativos.jsp
Peru (outdated)
Medium
None
Medium
None
Medium
None
Medium
None
Medium
None
/sipp/legajo.do
Peru (outdated)
Page 20
Num. Service
Application
of
Events
1
Service Aplicaciones App Sige
Java
Alert Description
Source
GeoLocation
Profile
Parameter Type
Violation
Parameter Type
Violation combo7 in
aplicaciones.mininte
r.gob.pe/sige/scomb
ouo11
Parameter Type
Violation
txtNroDocumento in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentointernoregistra
r
Parameter Type
Violation
textarea_oficina in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentosgeneradosco
nsulta
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentoexternoregistr
ar parameter
txtDescripcionOrgani
zacion
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/susuari
ovalidar parameter
txt_contrasena
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/scomb
ouo11 parameter
combo9
Parameter Type
Violation hora1 in
aplicaciones.mininte
r.gob.pe/sige/smovi
mientosconsultarofic
inas
Medium
None
/sige/scombouo11
Peru (outdated)
Medium
None
/sige/sdocumentoint
ernoregistrar
Peru (outdated)
Medium
None
Medium
None
Medium
None
/sige/susuariovalidar
Peru (outdated)
Medium
None
/sige/scombouo11
Peru (outdated)
Medium
None
/sige/smovimientosc
onsultaroficinas
Peru (outdated)
11/26/2015
1:43:51 PM
11/26/2015
1:43:51 PM
11/26/2015
1:55:04 PM
11/26/2015
6:20:43 PM
Profile
Parameter Type
Violation
11/26/2015
1:56:59 PM
11/26/2015
1:56:59 PM
Profile
Parameter Type
Violation
11/26/2015
2:08:35 PM
11/26/2015
2:24:54 PM
Profile
Parameter Type
Violation
11/26/2015
2:13:51 PM
11/26/2015
5:53:17 PM
15
Profile
Parameter Type
Violation
11/26/2015
2:18:19 PM
11/26/2015
3:07:38 PM
Profile
Parameter Type
Violation
11/26/2015
2:24:01 PM
11/26/2015
2:24:01 PM
Profile
Parameter Type
Violation
Page 21
Num. Service
Application
of
Events
2
Service Aplicaciones App Sige
Java
Alert Description
Profile
Parameter Type
Violation
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentosgeneradosco
nsulta parameter
txtAsunto
Parameter Type
Violation txtoficina in
aplicaciones.mininte
r.gob.pe/sige/sbusca
roficina
Parameter Type
Violation txt_sumilla
in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentointernoregistra
r
Parameter Type
Violation filtro4 in
aplicaciones.mininte
r.gob.pe/sige/modific
arinterno.jsp
Parameter Type
Violation filtro4 in
aplicaciones.mininte
r.gob.pe/sige/smodifi
carinternograbar
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentoexternoregistr
ar parameter
txtApeMaterno
Parameter Type
Violation
textarea_oficina in
aplicaciones.mininte
r.gob.pe/sige/smodifi
carexternograbar
Parameter Type
Violation combo6 in
aplicaciones.mininte
r.gob.pe/sige/scomb
ouo9
Medium
None
Medium
None
/sige/sbuscaroficina
Peru (outdated)
Medium
None
/sige/sdocumentoint
ernoregistrar
Peru (outdated)
Medium
None
/sige/modificarintern
o.jsp
Peru (outdated)
Medium
None
/sige/smodificarinter
nograbar
Peru (outdated)
Medium
None
Medium
None
Medium
None
/sige/scombouo9
11/26/2015
2:27:36 PM
11/26/2015
3:19:37 PM
11/26/2015
2:42:09 PM
11/26/2015
6:06:54 PM
Profile
Parameter Type
Violation
11/26/2015
2:54:04 PM
11/26/2015
8:25:38 PM
Profile
Parameter Type
Violation
11/26/2015
2:56:00 PM
11/26/2015
4:47:04 PM
Profile
Parameter Type
Violation
11/26/2015
2:56:09 PM
11/26/2015
4:46:08 PM
Profile
Parameter Type
Violation
11/26/2015
2:58:38 PM
11/26/2015
3:12:45 PM
Profile
Parameter Type
Violation
11/26/2015
3:01:34 PM
11/26/2015
3:01:34 PM
Profile
Parameter Type
Violation
11/26/2015
3:06:14 PM
11/26/2015
3:06:14 PM
Profile
Parameter Type
Violation
Source
GeoLocation
Peru (outdated)
Page 22
Num. Service
Application
of
Events
4
Service Aplicaciones App Sige
Java
Alert Description
Source
GeoLocation
Profile
Parameter Type
Violation
Parameter Type
Violation combo6 in
aplicaciones.mininte
r.gob.pe/sige/scomb
ouo11
Parameter Type
Violation orgdesc in
aplicaciones.mininte
r.gob.pe/sige/imprim
ir.jsp
Parameter Type
Violation
txtNroDocumento in
aplicaciones.mininte
r.gob.pe/sige/smodifi
cardocumentograbar
Parameter Type
Violation
txtNroDocumento in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentoexternoregistr
ar
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentointernoregistra
r parameter
txt_observaciones
Parameter Type
Violation
txtObservaciones in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentosgeneradosco
nsulta
Parameter Type
Violation
txtobservaciones in
aplicaciones.mininte
r.gob.pe/sige/sagreg
arcopiasregistrar
Medium
None
/sige/scombouo11
Peru (outdated)
Medium
None
/sige/imprimir.jsp
Peru (outdated)
Medium
None
/sige/smodificardocu
mentograbar
Peru (outdated)
Medium
None
Medium
None
/sige/sdocumentoint
ernoregistrar
Medium
None
Medium
None
/sige/sagregarcopias
registrar
11/26/2015
3:06:20 PM
11/26/2015
3:06:20 PM
11/26/2015
3:08:09 PM
11/26/2015
3:08:09 PM
Profile
Parameter Type
Violation
11/26/2015
3:18:51 PM
11/26/2015
3:18:51 PM
Profile
Parameter Type
Violation
11/26/2015
3:20:44 PM
11/26/2015
3:22:01 PM
Profile
Parameter Type
Violation
11/26/2015
3:31:23 PM
11/26/2015
4:16:20 PM
11
Profile
Parameter Type
Violation
11/26/2015
3:39:38 PM
11/26/2015
3:40:52 PM
Profile
Parameter Type
Violation
11/26/2015
3:40:00 PM
11/26/2015
3:40:00 PM
Profile
Parameter Type
Violation
Peru (outdated)
Peru (outdated)
Page 23
Num. Service
Application
of
Events
1
Service Aplicaciones App Sige
Java
Alert Description
Source
GeoLocation
Profile
Parameter Type
Violation
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/smodifi
carinternograbar
parameter
txt_sumilla
Parameter Type
Violation filtro2 in
aplicaciones.mininte
r.gob.pe/sige/bandej
acomun.jsp
Parameter Type
Violation filtro2 in
aplicaciones.mininte
r.gob.pe/sige/sbande
jacomun
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/smodifi
carderivograbar
parameter
textarea_oficina
Parameter Type
Violation
txtbuscar_org_extern
a in
aplicaciones.mininte
r.gob.pe/sige/sbusca
rorganizacion
Distributed
Parameter Type
Violation on
aplicaciones.mininte
r.gob.pe/sige/scomb
ouo7 parameter
combo3
Parameter Type
Violation
txtHojaTramite in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentosgeneradosco
nsulta
Medium
None
/sige/smodificarinter
nograbar
Peru (outdated)
Medium
None
Medium
None
Medium
None
Medium
None
/sige/sbuscarorganiz
acion
Peru (outdated)
Medium
None
/sige/scombouo7
Peru (outdated)
Medium
None
11/26/2015
3:57:12 PM
11/26/2015
4:10:42 PM
11/26/2015
3:59:53 PM
11/26/2015
3:59:53 PM
Profile
Parameter Type
Violation
11/26/2015
3:59:53 PM
11/26/2015
3:59:53 PM
Profile
Parameter Type
Violation
11/26/2015
4:04:42 PM
11/26/2015
4:47:14 PM
Profile
Parameter Type
Violation
11/26/2015
4:09:37 PM
11/26/2015
4:09:37 PM
Profile
Parameter Type
Violation
11/26/2015
4:18:42 PM
11/26/2015
4:42:01 PM
Profile
Parameter Type
Violation
11/26/2015
4:19:55 PM
11/26/2015
6:42:18 PM
Profile
Parameter Type
Violation
Page 24
Num. Service
Application
of
Events
1
Service Aplicaciones App Sige
Java
Alert Description
Profile
Parameter Type
Violation
Parameter Type
Violation
txt_observaciones in
aplicaciones.mininte
r.gob.pe/sige/sreiter
ativosregistrar
Parameter Type
Violation hid_org in
aplicaciones.mininte
r.gob.pe/sige/sbusca
roficina
Parameter Type
Violation
txtApeMaterno in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentoexternoregistr
ar
Multiple Illegal Byte
Code Character in
URL from
190.233.151.91
Medium
None
Medium
None
/sige/sbuscaroficina
Medium
None
High
Block
zmlk[[#19]]
!ifg\[[#7]]x[[
#0]]rmm2.s[[
#23]]k\][[#27]]
)
zmlk[[#19]]
!ifg\[[#7]]x[[
#0]]rmm2.s[[
#23]]k\][[#27]]
)
j@[[#22]]x2}
em[[#7]][[#24]]
[[#2]]z[[#16]]e
x`d[[#6]]
[[#29]]
j@[[#22]]x2}
em[[#7]][[#24]]
[[#2]]z[[#16]]e
x`d[[#6]]
[[#29]]
j@[[#22]]x2}
em[[#7]][[#24]]
[[#2]]z[[#16]]e
x`d[[#6]]
[[#29]]
11/26/2015
4:56:50 PM
11/26/2015
4:56:50 PM
11/26/2015
4:58:52 PM
11/26/2015
4:58:52 PM
Profile
Parameter Type
Violation
11/26/2015
5:13:28 PM
11/26/2015
6:41:19 PM
Profile
Parameter Type
Violation
11/26/2015
5:15:35 PM
11/26/2015
5:15:39 PM
Service Aplicaciones
Java
Protocol
11/26/2015
5:15:35 PM
11/26/2015
5:15:39 PM
Service Aplicaciones
Java
Protocol
Block
11/26/2015
5:15:35 PM
11/26/2015
5:15:39 PM
Service Aplicaciones
Java
Protocol
High
Block
11/26/2015
5:15:35 PM
11/26/2015
5:15:39 PM
Service Aplicaciones
Java
Protocol
Unknown HTTP
Request Method
Multiple Unknown
HTTP Request
Method from
190.233.151.91
High
Block
11/26/2015
5:15:35 PM
11/26/2015
5:15:35 PM
Service Aplicaciones
Java
Protocol
None
Source
GeoLocation
Peru (outdated)
Peru (outdated)
Peru (outdated)
Peru (outdated)
Peru (outdated)
Peru (outdated)
Page 25
Num. Service
Application
of
Events
1
Service Aplicaciones
Java
Alert Description
Source
GeoLocation
Protocol
Unknown HTTP
Request Method
Multiple Unknown
HTTP Request
Method from
190.233.151.91
Multiple Illegal Byte
Code Character in
Query String from
190.233.151.91
Multiple Illegal Byte
Code Character in
Method from
190.233.151.91
High
Block
Peru (outdated)
High
Block
High
Block
11/26/2015
5:15:35 PM
11/26/2015
5:15:39 PM
11/26/2015
5:15:35 PM
11/26/2015
5:15:39 PM
Service Aplicaciones
Java
Protocol
11/26/2015
5:15:35 PM
11/26/2015
5:15:39 PM
Service Aplicaciones
Java
Protocol
11/26/2015
5:15:35 PM
11/26/2015
5:15:35 PM
Service Aplicaciones
Java
Protocol
High
Block
11/26/2015
5:15:35 PM
11/26/2015
5:15:39 PM
Service Aplicaciones
Java
Protocol
High
Block
11/26/2015
5:15:35 PM
11/26/2015
5:15:39 PM
Service Aplicaciones
Java
Protocol
High
Block
11/26/2015
5:15:35 PM
11/26/2015
5:15:39 PM
Service Aplicaciones
Java
Protocol
Unknown HTTP
Request Method
Multiple Unknown
HTTP Request
Method from
190.233.151.91
High
Block
11/26/2015
5:15:35 PM
11/26/2015
5:15:39 PM
Service Aplicaciones
Java
Protocol
High
Block
11/26/2015
5:15:35 PM
11/26/2015
5:15:35 PM
Service Aplicaciones
Java
Protocol
High
Block
11/26/2015
5:15:35 PM
11/26/2015
5:15:39 PM
Service Aplicaciones
Java
Protocol
Block
]dz[[#20]]
b[[#30]][[#15]]i[[#
28]][[#25]]dyv[[#
25]]>i9ej.
]dz[[#20]]
b[[#30]][[#15]]i[[#
28]][[#25]]dyv[[#
25]]>i9ej.
j@[[#22]]x2}
em[[#7]][[#24]]
[[#2]]z[[#16]]e
x`d[[#6]]
[[#29]]
j@[[#22]]x2}
em[[#7]][[#24]]
[[#2]]z[[#16]]e
x`d[[#6]]
[[#29]]
zmlk[[#19]]
!ifg\[[#7]]x[[
#0]]rmm2.s[[
#23]]k\][[#27]]
)
j@[[#22]]x2}
em[[#7]][[#24]]
[[#2]]z[[#16]]e
x`d[[#6]]
[[#29]]
zmlk[[#19]]
!ifg\[[#7]]x[[
#0]]rmm2.s[[
#23]]k\][[#27]]
)
]dz[[#20]]
b[[#30]][[#15]]i[[#
28]][[#25]]dyv[[#
25]]>i9ej.
j@[[#22]]x2}
em[[#7]][[#24]]
[[#2]]z[[#16]]e
x`d[[#6]]
[[#29]]
]dz[[#20]]
b[[#30]][[#15]]i[[#
28]][[#25]]dyv[[#
25]]>i9ej.
Peru (outdated)
Peru (outdated)
Peru (outdated)
Peru (outdated)
Peru (outdated)
Peru (outdated)
Peru (outdated)
Peru (outdated)
Peru (outdated)
Page 26
Num. Service
Application
of
Events
2
Service Aplicaciones
Java
Alert Description
Protocol
Block
11/26/2015
5:15:35 PM
11/26/2015
5:15:39 PM
11/26/2015
5:15:35 PM
11/26/2015
5:15:39 PM
Service Aplicaciones
Java
Protocol
11/26/2015
5:15:35 PM
11/26/2015
5:15:39 PM
Service Aplicaciones
Java
Protocol
High
Block
11/26/2015
5:46:36 PM
11/26/2015
5:46:36 PM
Profile
Parameter Type
Violation
Medium
None
11/26/2015
5:46:36 PM
11/26/2015
5:46:36 PM
Profile
Parameter Type
Violation
Medium
11/26/2015
6:29:06 PM
11/26/2015
6:29:06 PM
Profile
Parameter Type
Violation
11/26/2015
6:52:32 PM
11/26/2015
6:52:32 PM
Profile
Parameter Type
Violation
11/26/2015
7:20:12 PM
11/26/2015
7:20:12 PM
Profile
Parameter Type
Violation
Parameter Type
Violation txt_sumilla
in
aplicaciones.mininte
r.gob.pe/sige/sanexa
raexpedienteregistra
r
Parameter Type
Violation txt_sumilla
in
aplicaciones.mininte
r.gob.pe/sige/srespo
nderregistrar
Parameter Type
Violation txtNombres
in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentoexternoregistr
ar
Parameter Type
Violation txt_sumilla
in
aplicaciones.mininte
r.gob.pe/sige/sdocu
mentoexternoregistr
ar
Parameter Type
Violation obs in
aplicaciones.mininte
r.gob.pe/sigu/usuario
.do
Source
GeoLocation
]dz[[#20]]
b[[#30]][[#15]]i[[#
28]][[#25]]dyv[[#
25]]>i9ej.
j@[[#22]]x2}
em[[#7]][[#24]]
[[#2]]z[[#16]]e
x`d[[#6]]
[[#29]]
zmlk[[#19]]
!ifg\[[#7]]x[[
#0]]rmm2.s[[
#23]]k\][[#27]]
)
/sige/sanexaraexpedi
enteregistrar
Peru (outdated)
None
/sige/sresponderregi
strar
Peru (outdated)
Medium
None
Medium
None
Medium
None
/sigu/usuario.do
Block
Peru (outdated)
Peru (outdated)
Peru (outdated)
Peru (outdated)
Page 27
Num. Service
Application
of
Events
1
Service Aplicaciones App Sige
Java
Alert Description
Profile
Parameter Type
Violation
Parameter Type
Violation txt_sumilla
in
aplicaciones.mininte
r.gob.pe/sige/smodifi
carexternograbar
Cookie Injection on
cookie
SSESSd88321c116bf
040fcbd4305d5dfa1
089 with value 6C61ibiiHLQ1undzjM9
_Hnqi2mpvSE6NExO5p0ocs
Parameter Type
Violation combo3 in
aplicaciones.mininte
r.gob.pe/sige/scomb
ouo9
Parameter Type
Violation combo3 in
aplicaciones.mininte
r.gob.pe/sige/scomb
ouo11
Medium
None
Medium
Block
/sige/susuariovalidar
Peru (outdated)
Medium
None
/sige/scombouo9
Peru (outdated)
Medium
None
/sige/scombouo11
Peru (outdated)
High
Block
/cgi-bin/textenv.pl
Medium
None
Medium
None
/used_cars/vehicledetail/ul1327105516
/ford/f150
/announce
Netherlands
(outdated)
United States of
America (outdated)
Medium
None
/search
Korea, Republic of
(outdated)
Medium
None
/search
United States of
America (outdated)
High
Block
/admin/archivos/231
12011055159_acta
resultado preliminar
cas 093.pdf
Germany (outdated)
11/26/2015
7:27:58 PM
11/26/2015
7:27:58 PM
11/26/2015
7:29:01 PM
11/26/2015
7:29:49 PM
Profile
Cookie Injection
11/26/2015
10:32:42 PM
11/26/2015
10:32:42 PM
Profile
Parameter Type
Violation
11/26/2015
10:32:59 PM
11/26/2015
10:32:59 PM
Profile
Parameter Type
Violation
Source
GeoLocation
11/27/2015
5:14:25 AM
11/26/2015
12:42:20 AM
24
Web Worm
Redundant HTTP
Headers
11/25/2015
9:55:34 PM
11/26/2015
8:09:05 AM
11/25/2015
10:31:56 PM
11/26/2015
3:20:02 AM
Parameter Type
Violation
11/25/2015
10:40:23 PM
11/26/2015
1:25:55 PM
25
Parameter Type
Violation
11/25/2015
10:43:32 PM
11/26/2015
10:43:15 AM
Custom Violation
United Kingdom of
Great Britain
(outdated)
Page 28
Num. Service
of
Events
1
Service Pagina Web
Application
Alert Description
Source
GeoLocation
Custom Violation
Distributed Bloqueo
CPanel
High
Block
Germany (outdated)
11/25/2015
10:43:32 PM
11/26/2015
10:43:15 AM
11/25/2015
10:43:32 PM
11/27/2015
5:27:22 AM
10
Custom Violation
Distributed Bloqueo
CPanel
High
Block
11/25/2015
10:43:32 PM
11/26/2015
10:43:15 AM
Custom Violation
Distributed Bloqueo
CPanel
High
Block
11/25/2015
10:43:32 PM
11/26/2015
10:43:15 AM
Custom Violation
Distributed Bloqueo
CPanel
High
Block
11/25/2015
10:43:32 PM
11/26/2015
10:43:15 AM
Custom Violation
Distributed Bloqueo
CPanel
High
Block
11/25/2015
10:43:32 PM
11/26/2015
10:43:15 AM
Custom Violation
Distributed Bloqueo
CPanel
High
Block
11/25/2015
10:43:32 PM
11/26/2015
10:25:55 PM
Custom Violation
Distributed Bloqueo
CPanel
High
Block
11/25/2015
10:43:32 PM
11/26/2015
10:43:15 AM
Custom Violation
Distributed Bloqueo
CPanel
High
Block
11/25/2015
10:43:32 PM
11/26/2015
10:43:15 AM
Custom Violation
Distributed Bloqueo
CPanel
High
Block
11/25/2015
11:02:38 PM
11/25/2015
11:02:38 PM
11/25/2015
11:02:38 PM
11/25/2015
11:06:46 PM
11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM
11/26/2015
9:43:44 AM
11/26/2015
12:06:30 AM
Custom Violation
Low
None
Custom Violation
Low
None
/out.php
France (outdated)
Custom Violation
Low
None
/index.php
France (outdated)
17
Protocol
High
Block
11/25/2015
11:06:46 PM
11/26/2015
12:06:30 AM
Protocol
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed Illegal
Byte Code Character
in Header Name
Distributed Illegal
Byte Code Character
in Header Name
/admin/archivos/231
12011055310_acta
resultado preliminar
cas 096.pdf
/sites/all/modules/ad
min_menu/admin_de
vel/admin_devel.js
/admin/archivos/120
82013133911_acta
resultado preliminar
cas 139.pdf
/admin/archivos/010
42013142242_acta
resultado preliminar
proceso cas 34.pdf
/admin/archivos/260
42012112611_relaci
on_pensionistas_hab
eres_mar2012.pdf
/admin/archivos/lega
les/28072011091551
_rm ogaj.pdf
/sites/all/modules/ad
min_menu/admin_de
vel/admin_devel.js
/admin/archivos/151
22010130333_result
ado final
convocatoria 17defensa nacional.pdf
/sites/all/modules/ad
min_menu/admin_de
vel/admin_devel.js
/cgi-bin/info.php
High
Block
United States of
America (outdated)
Germany (outdated)
Germany (outdated)
Germany (outdated)
Germany (outdated)
Argentina (outdated)
Germany (outdated)
Netherlands
(outdated)
France (outdated)
Page 29
Num. Service
of
Events
21
Service Pagina Web
Application
Alert Description
Source
GeoLocation
Protocol
Distributed Illegal
Byte Code Character
in Header Name
Distributed Illegal
Byte Code Character
in Header Name
High
Block
Peru (outdated)
High
Block
Peru (outdated)
11/25/2015
11:06:46 PM
11/26/2015
12:06:30 AM
11/25/2015
11:06:46 PM
11/26/2015
12:06:30 AM
21
Protocol
11/25/2015
11:06:46 PM
11/26/2015
12:06:30 AM
15
Protocol
Distributed Illegal
Byte Code Character
in Header Name
High
Block
11/25/2015
11:06:46 PM
11/26/2015
12:06:30 AM
Protocol
Block
11/26/2015
12:06:30 AM
19
High
Block
11/25/2015
11:06:46 PM
11/26/2015
12:06:30 AM
21
Protocol
High
Block
11/25/2015
11:18:53 PM
11/26/2015
12:07:36 AM
Protocol
High
Block
11/25/2015
11:18:53 PM
11/26/2015
12:07:36 AM
Protocol
High
Block
11/25/2015
11:18:53 PM
11/26/2015
12:07:36 AM
High
Block
11/25/2015
11:18:53 PM
11/26/2015
12:07:36 AM
Protocol
Distributed Illegal
Byte Code Character
in Header Name
Distributed Illegal
Byte Code Character
in Header Name
Distributed Illegal
Byte Code Character
in Header Name
Distributed Illegal
Byte Code Character
in URL
Distributed Illegal
Byte Code Character
in URL
Distributed Illegal
Byte Code Character
in URL
Distributed Illegal
Byte Code Character
in URL
High
11/25/2015
11:06:46 PM
High
Block
Peru (outdated)
Page 30
Num. Service
of
Events
2
Service Pagina Web
Application
Alert Description
Protocol
Distributed Illegal
Byte Code Character
in URL
High
Block
Source
GeoLocation
11/25/2015
11:18:53 PM
11/26/2015
12:07:36 AM
11/25/2015
11:18:53 PM
11/26/2015
12:07:36 AM
Protocol
Distributed Illegal
Byte Code Character
in URL
High
Block
11/25/2015
11:18:53 PM
11/26/2015
12:07:36 AM
Protocol
High
Block
11/25/2015
11:18:53 PM
11/26/2015
12:07:36 AM
Protocol
High
Block
9f1w[|[[#30]]
+c
11/25/2015
11:24:44 PM
11/27/2015
5:28:43 AM
Unauthorized
Request Content
Type
Medium
None
/gpservices/proxyjud Netherlands
ge7/
(outdated)
11/25/2015
11:24:44 PM
11/27/2015
5:28:43 AM
18
Unauthorized
Request Content
Type
Medium
None
/judge/
France (outdated)
11/25/2015
11:24:44 PM
11/26/2015
11:26:56 AM
Unauthorized
Request Content
Type
Medium
None
/judge/
Turkey (outdated)
11/25/2015
11:24:44 PM
11/27/2015
5:28:43 AM
18
Unauthorized
Request Content
Type
Distributed Illegal
Byte Code Character
in URL
Distributed Illegal
Byte Code Character
in URL
Multiple
Unauthorized
Request Content
Type:
'text/html,applicatio
n/xhtml+xml,applica
tion/xml;q=0.9,imag
e/webp,*/*;q=0.8'
Multiple
Unauthorized
Request Content
Type:
'text/html,applicatio
n/xhtml+xml,applica
tion/xml;q=0.9,imag
e/webp,*/*;q=0.8'
Multiple
Unauthorized
Request Content
Type:
'text/html,applicatio
n/xhtml+xml,applica
tion/xml;q=0.9,imag
e/webp,*/*;q=0.8'
Multiple
Unauthorized
Request Content
Type:
'text/html,applicatio
n/xhtml+xml,applica
tion/xml;q=0.9,imag
e/webp,*/*;q=0.8'
Medium
None
/judge/
United States of
America (outdated)
Peru (outdated)
Peru (outdated)
Page 31
Num. Service
of
Events
1
Service Pagina Web
Application
Web Worm
11/25/2015
11:36:27 PM
11/26/2015
12:30:16 AM
11/25/2015
11:36:27 PM
11/26/2015
12:30:16 AM
Web Worm
11/25/2015
11:44:59 PM
11/26/2015
5:13:15 PM
HTTP Signature
Violation
11/25/2015
11:44:59 PM
11/26/2015
5:13:15 PM
HTTP Signature
Violation
11/25/2015
11:45:27 PM
11/26/2015
11:48:01 AM
Protocol
11/25/2015
11:45:27 PM
11/26/2015
11:48:01 AM
Protocol
11/25/2015
11:45:27 PM
11/26/2015
11:48:01 AM
Protocol
11/25/2015
11:45:27 PM
11/26/2015
11:48:01 AM
Protocol
11/25/2015
11:45:27 PM
11/26/2015
11:48:01 AM
Protocol
11/25/2015
11:45:27 PM
11/26/2015
11:48:01 AM
11/25/2015
11:45:27 PM
11/26/2015
11:48:01 AM
Protocol
11/25/2015
11:45:27 PM
11/26/2015
11:48:01 AM
Protocol
Alert Description
Source
GeoLocation
High
Block
/cgi-bin/awstats.pl
United States of
America (outdated)
High
Block
/c/
United States of
America (outdated)
High
Block
/ping/200.48.4.150
High
Block
/ping/200.48.4.150
Iran, Islamic
Republic of
(outdated)
Netherlands
(outdated)
High
Block
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
High
Block
High
Block
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
High
Block
High
Block
High
Block
High
Block
Peru (outdated)
High
Block
Peru (outdated)
Page 32
Num. Service
of
Events
1
Service Pagina Web
Application
Alert Description
Protocol
Distributed Illegal
Byte Code Character
in Method
High
Block
High
Block
High
Block
High
Block
Multiple Unknown
HTTP Request
Method from
201.240.112.33
Multiple Illegal Byte
Code Character in
Header Value from
201.240.112.33
Multiple Illegal Byte
Code Character in
Header Value from
201.240.112.33
Multiple Illegal HTTP
Version from
201.240.112.33
Multiple Illegal HTTP
Version from
201.240.112.33
High
Block
Medium
None
Peru (outdated)
Medium
None
High
Block
High
Block
11/25/2015
11:45:27 PM
11/26/2015
11:48:01 AM
11/26/2015
12:04:54 AM
11/26/2015
12:06:30 AM
Protocol
11/26/2015
12:04:54 AM
11/26/2015
12:06:30 AM
Protocol
11/26/2015
12:04:54 AM
11/26/2015
12:06:30 AM
Protocol
11/26/2015
12:04:54 AM
11/26/2015
12:07:36 AM
Protocol
Unknown HTTP
Request Method
11/26/2015
12:04:54 AM
11/26/2015
12:06:30 AM
11
Protocol
11/26/2015
12:04:54 AM
11/26/2015
12:06:30 AM
11/26/2015
12:04:54 AM
11/26/2015
12:06:30 AM
Protocol
11/26/2015
12:04:54 AM
11/26/2015
12:06:30 AM
Protocol
Source
GeoLocation
Peru (outdated)
Page 33
Num. Service
of
Events
1
Service Pagina Web
Application
Alert Description
Source
GeoLocation
Protocol
Unknown HTTP
Request Method
Multiple Unknown
HTTP Request
Method from
201.240.112.33
High
Block
Medium
None
High
Block
9f1w[|[[#30]]
+c
Peru (outdated)
High
Block
jz[[#21]]na[[#1
6]]7[[#1]][[#23]]7
:[[#31]][[#4]]u
rk([[#15]][[#1
8]]w\}%h
[[#18]]ud`o[
[#29]]+[[#2
9]]^hj(y[ez
b_"[[#11]][[#
16]][[#26]]fu@g
[[#18]]ud`o[
[#29]]+[[#2
9]]^hj(y[ez
b_"[[#11]][[#
16]][[#26]]fu@g
9f1w[|[[#30]]
+c
Peru (outdated)
11/26/2015
12:04:54 AM
11/26/2015
12:07:36 AM
11/26/2015
12:04:54 AM
11/26/2015
12:06:30 AM
Protocol
11/26/2015
12:04:54 AM
11/26/2015
12:07:36 AM
Protocol
Unknown HTTP
Request Method
11/26/2015
12:04:54 AM
11/26/2015
12:07:36 AM
Protocol
Unknown HTTP
Request Method
11/26/2015
12:04:54 AM
11/26/2015
12:06:30 AM
11
Protocol
Medium
None
11/26/2015
12:04:54 AM
11/26/2015
12:07:36 AM
Protocol
Unknown HTTP
Request Method
Multiple Unknown
HTTP Request
Method from
201.240.112.33
High
Block
11/26/2015
12:04:54 AM
11/26/2015
12:06:30 AM
Protocol
Medium
None
11/26/2015
12:04:54 AM
11/26/2015
12:06:30 AM
10
Protocol
Medium
None
11/26/2015
12:04:54 AM
11/26/2015
12:07:36 AM
Protocol
Unknown HTTP
Request Method
High
Block
Peru (outdated)
Peru (outdated)
Peru (outdated)
Peru (outdated)
Page 34
Num. Service
of
Events
2
Service Pagina Web
Application
Alert Description
Source
GeoLocation
Protocol
Unknown HTTP
Request Method
Multiple Unknown
HTTP Request
Method from
201.240.112.33
Multiple Unknown
HTTP Request
Method from
201.240.112.33
Multiple Illegal HTTP
Version from
201.240.112.33
Multiple Unknown
HTTP Request
Method from
201.240.112.33
Multiple Illegal Byte
Code Character in
Header Value from
201.240.112.33
High
Block
Peru (outdated)
High
Block
Peru (outdated)
High
Block
Peru (outdated)
High
Block
Medium
None
High
Block
Medium
None
High
Block
High
Block
11/26/2015
12:04:54 AM
11/26/2015
12:07:36 AM
11/26/2015
12:04:54 AM
11/26/2015
12:07:36 AM
Protocol
Unknown HTTP
Request Method
11/26/2015
12:04:54 AM
11/26/2015
12:06:30 AM
Protocol
11/26/2015
12:04:54 AM
11/26/2015
12:07:36 AM
11/26/2015
12:04:54 AM
11/26/2015
12:06:30 AM
13
Protocol
11/26/2015
12:04:54 AM
11/26/2015
12:06:30 AM
11/26/2015
12:04:54 AM
11/26/2015
12:06:30 AM
Protocol
11/26/2015
12:05:00 AM
11/26/2015
12:05:00 AM
Protocol
11/26/2015
12:05:00 AM
11/26/2015
12:05:00 AM
Protocol
Unknown HTTP
Request Method
Peru (outdated)
Page 35
Num. Service
of
Events
1
Service Pagina Web
Application
Alert Description
Source
GeoLocation
Distributed Illegal
Host Name
Distributed Illegal
Host Name
Distributed Illegal
Host Name
Distributed Illegal
Host Name
Parameter Type
Violation start in
www.google.com/sea
rch
Scraping attack on
App Pagina Web
High
Block
Germany (outdated)
15
High
Block
/data/
12
High
Block
High
Block
34
Parameter Type
Violation
Medium
None
/search
Germany (outdated)
Scraping Attack
High
Block
45.22.7.33:24843
Scraping Attack
Scraping attack on
App Pagina Web
High
Block
5.102.221.118:5336
3
Scraping Attack
Scraping attack on
App Pagina Web
High
Block
92.251.74.30:50321
Scraping Attack
Scraping attack on
App Pagina Web
High
Block
80.216.80.251:2365
2
Scraping Attack
Scraping attack on
App Pagina Web
High
Block
5.55.163.242:19359
Parameter Type
Violation
Parameter Type
Medium
Violation oq in
173.194.53.102/sear
ch
Access to: /bin/get
High
None
/search
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United States of
America (outdated)
Block
/bin/get
Distributed
Medium
Parameter Type
Violation on
steamcommunity.co
m/market/priceoverv
iew/ parameter
market_hash_name
Parameter Type
Medium
Violation gb_id in
www.biotoxxx.com/g
uestbook/comment.p
hp
None
None
11/26/2015
12:12:39 AM
11/26/2015
12:12:39 AM
11/26/2015
12:12:39 AM
11/26/2015
12:12:39 AM
11/26/2015
12:27:09 AM
11/26/2015
12:13:40 PM
11/27/2015
12:18:09 AM
11/27/2015
12:18:09 AM
11/27/2015
12:18:09 AM
11/26/2015
6:22:25 AM
11/26/2015
12:40:39 AM
11/26/2015
2:26:22 AM
11/26/2015
12:40:39 AM
11/26/2015
2:26:22 AM
11/26/2015
12:40:39 AM
11/26/2015
2:26:22 AM
11/26/2015
12:40:39 AM
11/26/2015
2:26:22 AM
11/26/2015
12:40:39 AM
11/26/2015
2:26:22 AM
11/26/2015
12:58:44 AM
11/26/2015
12:58:44 AM
11/26/2015
12:59:27 AM
11/26/2015
1:07:58 AM
11/26/2015
10:50:57 PM
11/26/2015
2:32:09 AM
Web Worm
Parameter Type
Violation
11/26/2015
1:08:24 AM
11/26/2015
1:35:04 AM
Parameter Type
Violation
Germany (outdated)
Japan (outdated)
Page 36
Num. Service
of
Events
1
Service Pagina Web
Application
HTTP Signature
Violation
11/26/2015
1:34:40 AM
11/26/2015
3:44:22 AM
11/26/2015
1:34:40 AM
11/26/2015
3:44:22 AM
HTTP Signature
Violation
11/26/2015
1:34:40 AM
11/26/2015
3:44:22 AM
HTTP Signature
Violation
11/26/2015
1:34:40 AM
11/26/2015
3:44:22 AM
HTTP Signature
Violation
11/26/2015
1:37:18 AM
11/26/2015
1:49:12 AM
11/26/2015
1:37:18 AM
11/26/2015
1:49:12 AM
Web Worm
Parameter Type
Violation
11/26/2015
1:51:31 AM
11/26/2015
1:51:31 AM
Parameter Type
Violation
11/26/2015
1:53:38 AM
11/26/2015
1:53:38 AM
HTTP Signature
Violation
11/26/2015
2:05:21 AM
11/26/2015
2:05:21 AM
Parameter Type
Violation
11/26/2015
2:27:49 AM
11/26/2015
2:43:47 AM
HTTP Signature
Violation
Alert Description
Source
GeoLocation
High
Block
/cms/redir.php
United States of
America (outdated)
High
Block
High
Block
/guestold/go.php
High
Block
High
Block
Japan (outdated)
Medium
None
/cgibin/blockpage.cgi
/search
Medium
None
/search
United States of
America (outdated)
Low
None
/disk9/file.php
Japan (outdated)
Medium
None
/away/
United States of
America (outdated)
High
Block
United States of
America (outdated)
United States of
America (outdated)
Kazakhstan
(outdated)
Page 37
Num. Service
of
Events
1
Service Pagina Web
Application
Parameter Type
Violation
Alert Description
Source
GeoLocation
Parameter Type
Violation id in
ptp.skillerzforum.co
m/promote.php
Parameter Type
Violation oq in
74.125.111.103/sear
ch
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Medium
None
/promote.php
Germany (outdated)
Medium
None
/search
United States of
America (outdated)
Medium
None
/used_cars/listings
United States of
America (outdated)
Medium
None
United States of
America (outdated)
United States of
America (outdated)
11/26/2015
2:32:17 AM
11/26/2015
2:32:17 AM
11/26/2015
2:46:36 AM
11/26/2015
2:46:36 AM
Parameter Type
Violation
11/26/2015
2:47:52 AM
11/26/2015
11:58:49 PM
59
Redundant HTTP
Headers
11/26/2015
2:47:52 AM
11/26/2015
4:59:17 AM
Redundant HTTP
Headers
11/26/2015
2:47:52 AM
11/26/2015
4:59:17 AM
Redundant HTTP
Headers
Multiple Redundant
HTTP Headers in
header Referer
Medium
None
11/26/2015
2:47:52 AM
11/26/2015
4:59:17 AM
23
Redundant HTTP
Headers
Medium
None
11/26/2015
2:47:52 AM
11/26/2015
4:59:17 AM
Redundant HTTP
Headers
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Medium
None
11/26/2015
2:47:52 AM
11/26/2015
4:59:17 AM
Redundant HTTP
Headers
Medium
None
11/26/2015
2:48:00 AM
11/26/2015
2:48:00 AM
Parameter Type
Violation
Medium
None
11/26/2015
2:48:00 AM
11/26/2015
2:48:00 AM
High
Block
/search
11/26/2015
2:56:20 AM
11/26/2015
1:40:45 PM
Multiple Redundant
HTTP Headers in
header Referer
Parameter Type
Violation oq in
74.125.6.8/search
SQL injection on
parameter oq in
74.125.6.8/search
Malformed JSON
Message
/dsc_de/globalsessio
nid/dsc_de6937616d
306b6535ff3e54540
3545200/dsc_locale/
de_de/appid/dsc_de/
sitelocale/de_de/vsci
nvokequicktodetaile
dsearch.jam2
/dsc_de/globalsessio
nid/dsc_de6f37383a
3f382e67ff3a325403
555000/dsc_locale/d
e_de/appid/dsc_de/si
telocale/de_de/vscin
vokequicktodetaileds
earch.jam2
/used_cars/vehicledetail/ul1306545433
/cadillac/escalade
/used_cars/vehicledetail/ul1329216053
/jeep/grandcherokee
/used_cars/vehicledetail/ul1327561452
/gmc/yukon-xl-denali
/search
Medium
None
Malformed JSON
Message
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
Page 38
Num. Service
of
Events
1
Service Pagina Web
Application
Alert Description
Source
GeoLocation
Parameter Type
Violation
Parameter Type
Violation oq in
173.194.25.73/searc
h
Web Worm from
62.210.157.80
Multiple Illegal Byte
Code Character in
Header Name from
31.3.245.106
Scraping attack on
App Pagina Web
Medium
None
/search
United States of
America (outdated)
High
Block
/cgi-bin/info.php
France (outdated)
High
Block
High
Block
/sites/default/files/lo
gico.png
Korea, Republic of
(outdated)
Scraping Attack
Scraping attack on
App Pagina Web
High
Block
176.44.123.52:1025
Scraping Attack
Scraping attack on
App Pagina Web
High
Block
164.115.221.51:500
84
Scraping Attack
Scraping attack on
App Pagina Web
High
Block
150.17.206.209:547
22
HTTP Signature
Violation
Multiple
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 14(+) from
162.244.15.117
Multiple
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 14(+) from
162.244.15.117
Multiple URL worm
attacks from
220.221.207.78
Multiple URL worm
attacks from
220.221.207.78
WEB-MISC apache
DOS attempt
Multiple Post
Request - Missing
Content Type: 'none'
Low
None
/search
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United States of
America (outdated)
Low
None
/do/m/mobilesearch
United States of
America (outdated)
High
Block
/bin/get
Japan (outdated)
High
Block
/bin/get.x
Japan (outdated)
Low
None
Medium
None
United States of
America (outdated)
United States of
America (outdated)
11/26/2015
3:11:47 AM
11/26/2015
3:11:47 AM
11/26/2015
3:14:59 AM
11/26/2015
3:23:49 AM
11/26/2015
8:22:41 AM
11/26/2015
5:05:32 AM
Web Worm
11/26/2015
3:29:39 AM
11/26/2015
4:09:58 AM
Scraping Attack
11/26/2015
3:29:39 AM
11/26/2015
4:09:58 AM
11/26/2015
3:29:39 AM
11/26/2015
4:09:58 AM
11/26/2015
3:29:39 AM
11/26/2015
4:09:58 AM
11/26/2015
3:30:20 AM
11/26/2015
4:29:24 AM
11/26/2015
3:30:20 AM
11/26/2015
4:29:24 AM
HTTP Signature
Violation
11/26/2015
3:40:53 AM
11/26/2015
5:28:17 AM
Web Worm
11/26/2015
3:40:53 AM
11/26/2015
7:50:42 AM
Web Worm
11/26/2015
3:49:29 AM
11/26/2015
4:00:41 AM
11/26/2015
3:49:29 AM
11/26/2015
10:39:30 AM
HTTP Signature
Violation
Post Request Missing Content
Type
Page 39
Num. Service
of
Events
3
Service Pagina Web
Application
11/26/2015
4:00:41 AM
11/26/2015
1:39:29 PM
11/26/2015
4:02:18 AM
11/26/2015
7:42:10 AM
11/26/2015
4:09:59 AM
11/26/2015
4:25:42 AM
11/26/2015
9:22:40 PM
11/26/2015
4:25:42 AM
11/26/2015
4:35:40 AM
11/26/2015
7:06:48 AM
11/26/2015
4:42:29 AM
Source
GeoLocation
Multiple Post
Medium
Request - Missing
Content Type: 'none'
Robot site scan
High
attempt 4
None
/omaha/update.php
Portugal (outdated)
Block
/ping/200.48.4.150
Web Worm
High
Block
/cgi/rank.cgi
Parameter Type
Violation
Medium
None
/away/
Thailand (outdated)
Parameter Type
Violation
Medium
None
/web
United States of
America (outdated)
11/26/2015
5:15:11 AM
HTTP Signature
Violation
High
Block
/vote/pennywise/
Germany (outdated)
11/26/2015
5:13:37 AM
11/26/2015
6:27:02 AM
Scraping Attack
High
Block
/announce
11/26/2015
5:13:37 AM
11/26/2015
6:27:02 AM
Scraping Attack
Scraping attack on
App Pagina Web
High
Block
46.166.186.244:545
80
11/26/2015
5:13:37 AM
11/26/2015
6:27:02 AM
Scraping Attack
Scraping attack on
App Pagina Web
High
Block
10.240.254.117:555
07
11/26/2015
5:13:37 AM
11/26/2015
6:27:02 AM
Scraping Attack
Scraping attack on
App Pagina Web
High
Block
196.46.0.51:64540
11/26/2015
5:23:30 AM
11/26/2015
5:23:30 AM
Access to:
/cgi/rank.cgi
Parameter Type
Violation to in
ligaretail.ru/away/
Parameter Type
Violation q in
search.mail.com/web
Multiple XSS - Basic
3(+) from
79.219.218.87
Scraping attack on
App Pagina Web
Iran, Islamic
Republic of
(outdated)
Japan (outdated)
Parameter Type
Violation
None
/newserving/getkey.
php
11/26/2015
5:26:52 AM
11/26/2015
5:31:05 AM
11/26/2015
5:26:52 AM
11/26/2015
5:32:49 PM
None
/cgi-bin/prxjdg.cgi
30
HTTP Signature
Violation
Illegal Byte Code
Character in URL
Parameter Type
Medium
Violation url in
adserving.cpmgo.co
m/newserving/getke
y.php
cgiLow
bin/prxjdg.cgi.access
Multiple Illegal Byte High
Code Character in
URL from
209.104.144.76
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United States of
America (outdated)
Block
11/26/2015
5:34:27 AM
11/26/2015
5:34:27 AM
Parameter Type
Violation oq in
74.125.6.111/search
None
/used-list/make1<!doctype html>
<html>
<head>
<meta httpequiv=content-type
content=text/html
/search
Alert Description
Parameter Type
Violation
Medium
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
Page 40
Num. Service
of
Events
1
Service Pagina Web
Application
HTTP Signature
Violation
11/26/2015
5:35:17 AM
11/26/2015
5:54:00 AM
11/26/2015
5:35:17 AM
11/26/2015
5:54:00 AM
HTTP Signature
Violation
11/26/2015
5:43:39 AM
11/26/2015
5:43:39 AM
Parameter Type
Violation
11/26/2015
5:43:39 AM
11/26/2015
5:43:39 AM
11/26/2015
6:04:43 AM
11/26/2015
6:37:55 AM
HTTP Signature
Violation
11/26/2015
6:10:28 AM
11/26/2015
6:10:28 AM
Parameter Type
Violation
11/26/2015
6:14:22 AM
11/26/2015
6:32:14 AM
11/26/2015
6:43:49 AM
11/26/2015
6:14:22 AM
11/26/2015
4:51:36 PM
11/26/2015
7:00:02 AM
Redundant HTTP
Headers
Web Worm
11/26/2015
6:43:49 AM
11/26/2015
7:00:02 AM
11/26/2015
6:43:49 AM
11/26/2015
7:00:02 AM
11/26/2015
6:43:49 AM
11/26/2015
7:00:02 AM
11/26/2015
6:43:49 AM
11/26/2015
7:00:02 AM
Alert Description
Source
GeoLocation
High
Block
/modify-companydetails
United States of
America (outdated)
High
Block
/annuaire/go.php
France (outdated)
Medium
None
/search
United States of
America (outdated)
High
Block
/search
United States of
America (outdated)
High
Block
/loginn
Egypt (outdated)
Medium
None
/ads.php
Germany (outdated)
Medium
None
/used_cars/listings
High
Block
/cgi-bin/info.php
United States of
America (outdated)
France (outdated)
High
Block
/sites/default/files/m
of
High
Block
High
Block
High
Block
High
Block
Germany (outdated)
Page 41
Num. Service
of
Events
1
Service Pagina Web
Application
11/26/2015
6:43:49 AM
11/26/2015
7:00:02 AM
11/26/2015
6:43:49 AM
11/26/2015
7:00:02 AM
11/26/2015
6:43:49 AM
11/26/2015
7:00:02 AM
11/26/2015
6:43:49 AM
11/26/2015
7:00:02 AM
11/26/2015
6:43:49 AM
11/26/2015
7:00:02 AM
11/26/2015
6:43:49 AM
11/26/2015
7:00:02 AM
11/26/2015
6:43:49 AM
11/26/2015
7:00:02 AM
11/26/2015
6:43:49 AM
11/26/2015
7:00:02 AM
11/26/2015
6:45:55 AM
11/26/2015
6:45:55 AM
Parameter Type
Violation
11/26/2015
6:47:48 AM
11/26/2015
6:55:20 AM
11/26/2015
6:56:38 AM
11/26/2015
6:47:48 AM
11/26/2015
6:55:20 AM
11/26/2015
12:30:47 PM
Web Worm
Web Worm
11/26/2015
7:01:44 AM
11/26/2015
7:01:44 AM
11/26/2015
7:11:27 AM
11/26/2015
9:46:31 AM
HTTP Signature
Violation
Alert Description
Source
GeoLocation
High
Block
High
Block
High
Block
High
Block
High
Block
High
Block
High
Block
High
Block
Medium
None
/sites/default/files/inf
orme-000021-2015in-dga-db
/sites/default/files/31
032011072031_regla
mento
/sites/default/files/31
032011072554_regla
mento
/sites/default/files/31
032011073016_regla
mento
/gilla/
High
Block
/cgi-bin/otsing
High
Block
High
Block
High
Block
Multiple cgiLow
bin/prxjdg.cgi.access
(+) from
174.34.185.130
None
Germany (outdated)
Germany (outdated)
Germany (outdated)
Germany (outdated)
Poland (outdated)
United States of
America (outdated)
/cgi/mailafriend
United States of
America (outdated)
www.stoiximan.gr:44 United Kingdom of
3
Great Britain
(outdated)
/template3/images/s United States of
ampledata/header/b America (outdated)
egron 7.png
/cgi-bin/prxjdg.cgi
United States of
America (outdated)
Page 42
Num. Service
of
Events
1
Service Pagina Web
Application
Alert Description
Source
GeoLocation
Parameter Type
Violation
Parameter Type
Violation url in
www.liventerprise.co
m/out.php
Parameter Type
Violation oq in
173.194.52.242/sear
ch
Distributed CVE2014-8670: vBulletin
'go.php' url
Parameter Open
Redirect(+)
Distributed CVE2014-8670: vBulletin
'go.php' url
Parameter Open
Redirect(+)
Scraping attack on
App Pagina Web
Medium
None
/out.php
France (outdated)
Medium
None
/search
United States of
America (outdated)
High
Block
/talk/forum/go.php
France (outdated)
High
Block
/go.php
United States of
America (outdated)
High
Block
173.180.83.27:4227
9
Scraping Attack
Scraping attack on
App Pagina Web
High
Block
193.92.105.227:459
80
Scraping Attack
Scraping attack on
App Pagina Web
High
Block
87.209.8.40:35432
Scraping Attack
Scraping attack on
App Pagina Web
High
Block
177.161.88.28:6362
0
Scraping Attack
Scraping attack on
App Pagina Web
High
Block
88.88.128.240:6000
4
Scraping Attack
Scraping attack on
App Pagina Web
High
Block
180.148.214.86:330
03
Unauthorized
Request Content
Type
Multiple
Unauthorized
Request Content
Type: 'image/gif'
Multiple
Unauthorized
Request Content
Type: 'image/gif'
Medium
None
/v1/412202103/2
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
United Kingdom of
Great Britain
(outdated)
Peru (outdated)
Medium
None
/v1/412202103/3
Peru (outdated)
11/26/2015
7:14:44 AM
11/26/2015
7:14:44 AM
11/26/2015
7:16:08 AM
11/26/2015
7:16:08 AM
Parameter Type
Violation
11/26/2015
7:21:13 AM
11/26/2015
7:37:43 AM
HTTP Signature
Violation
11/26/2015
7:21:13 AM
11/26/2015
7:37:43 AM
HTTP Signature
Violation
11/26/2015
7:30:32 AM
11/26/2015
7:41:44 AM
Scraping Attack
11/26/2015
7:30:32 AM
11/26/2015
7:41:44 AM
11/26/2015
7:30:32 AM
11/26/2015
7:41:44 AM
11/26/2015
7:30:32 AM
11/26/2015
7:41:44 AM
11/26/2015
7:30:32 AM
11/26/2015
7:41:44 AM
11/26/2015
7:30:32 AM
11/26/2015
7:41:44 AM
11/26/2015
7:30:54 AM
11/26/2015
7:31:23 AM
11/26/2015
7:30:54 AM
11/26/2015
7:31:23 AM
Unauthorized
Request Content
Type
Page 43
Num. Service
of
Events
5
Service Pagina Web
Application
Redundant HTTP
Headers
Alert Description
Source
GeoLocation
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Medium
None
United States of
America (outdated)
Medium
None
Portugal (outdated)
11/26/2015
7:34:28 AM
11/26/2015
12:20:15 PM
11/26/2015
7:34:28 AM
11/26/2015
12:20:15 PM
Redundant HTTP
Headers
11/26/2015
7:34:28 AM
11/26/2015
12:20:15 PM
Redundant HTTP
Headers
Multiple Redundant
HTTP Headers in
header Referer
Medium
None
11/26/2015
7:34:28 AM
11/26/2015
12:20:15 PM
Redundant HTTP
Headers
Medium
None
11/26/2015
7:34:28 AM
11/26/2015
12:20:15 PM
Redundant HTTP
Headers
Medium
None
11/26/2015
7:34:28 AM
11/26/2015
11:58:49 PM
Redundant HTTP
Headers
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Medium
None
11/26/2015
7:34:28 AM
11/26/2015
12:20:15 PM
Redundant HTTP
Headers
Medium
None
11/26/2015
7:34:28 AM
11/26/2015
12:20:15 PM
Redundant HTTP
Headers
Medium
None
11/26/2015
7:34:28 AM
11/26/2015
12:20:15 PM
Redundant HTTP
Headers
Medium
None
11/26/2015
7:34:28 AM
11/26/2015
12:20:15 PM
Redundant HTTP
Headers
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Medium
None
11/26/2015
7:34:28 AM
11/26/2015
12:20:15 PM
Redundant HTTP
Headers
Multiple Redundant
HTTP Headers in
header Referer
Medium
None
11/26/2015
7:34:28 AM
11/26/2015
12:20:15 PM
Redundant HTTP
Headers
Medium
None
11/26/2015
7:39:29 AM
11/26/2015
4:39:30 PM
Multiple Redundant
HTTP Headers in
header Referer
Post Request Missing Content
Type
/used_cars/vehicledetail/ul1328079986
/chrysler/pt-cruiser
/auto/annonce53246365_cadillacescalade-platiniumesv-v8-62l-10km.html
/vwdeb/i/s|1300,u/l|1
00,729,stat_firstclass
,u/d|deu2091805131
7/controller.do
/159225976/2013/ho
nda/civic/usedcars/for-sale
/used_cars/vehicledetail/ul1314778515
/mazda/mazda3
/mwginternal/de5fs23hu7
3ds/files/default/styl
esheet.css
/used_cars/vehicledetail/ul1318863694
/hyundai/sonata
/used_cars/vehicledetail/ul1303452686
/ford/f150
/used_cars/vehicledetail/ul1319154827
/cadillac/ats
/vwdeb/i/s|1300,u/l|1
00,1097,stat_firstcla
ss,u/d|deu32557bss9
83/controller.do
/used_cars/vehicledetail/ul1322331618
/chevrolet/silverado1500
/listgn.aspx
Medium
None
/omaha/update.php
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
Page 44
Num. Service
of
Events
2
Service Pagina Web
Application
Parameter Type
Violation
11/26/2015
7:44:39 AM
11/26/2015
8:43:27 AM
11/26/2015
7:56:06 AM
11/26/2015
7:59:28 AM
11/26/2015
7:56:06 AM
11/26/2015
7:59:28 AM
Web Worm
Parameter Type
Violation
11/26/2015
8:14:03 AM
11/26/2015
9:34:17 AM
Web Worm
Alert Description
Source
GeoLocation
Parameter Type
Violation
market_hash_name
in
steamcommunity.co
m/market/priceoverv
iew/
Access to:
/cgi/search.exe
Parameter Type
Violation
commentURL in
www.dabbawalas.fr/i
ndex.php
Access to: /cgisys/suspendedpage.
cgi
Medium
None
High
Block
/cgi/search.exe
Medium
None
/index.php
High
Block
/cgisys/suspendedpage.
cgi
United States of
America (outdated)
Poland (outdated)
France (outdated)
Page 45
Num. Service
of
Events
2
Service Pagina Web
Application
Alert Description
Source
GeoLocation
App Conasec
Profile
Cookie Tampering
Medium
Block
/index.php
Peru (outdated)
Profile
Cookie Tampering
Cookie Tampering on
cookie
c_ref_1953962:
Expected
http://www.google.co
m.pe/url?sa=t&rct=j
&q=&esrc=s&frm=1
&source=web&cd=1
&ved=0ahUKEwju3OeJ_JAhVM7SYKHXdOD_
0QFggcMAA&url=htt
p%3A%2F%2Fconas
ec.mininter.gob.pe%
2Findex.php%3Fweb
%3D8&usg=AFQjCN
HrOemsbj8WYN2Zoy
fZ0oxBQpFi7A&sig2
=xZPL4JRIUH7zgGQ
OTaXLRA, Observed
http://www.google.co
m.pe/url?sa=t&rct=j
&q=&esrc=s&frm=1
&source=web&cd=1
&ved=0ahUKEwi7jLa
9mK7JAhWJNSYKHZ4
QDcEQFggcMAA&url
=http%3A%2F%2Fco
nasec.mininter.gob.p
e%2F&usg=AFQjCN
GJKT7_mA76uHd0y5l
I4staASOyOg&sig2=I
4TR4JoQ0x9PBl7OXU
OIsQ
Cookie Tampering on
cookie
HstCmu1953962:
Expected
1444767882498,
Observed
1448544837616
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 14(+)
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 14(+)
Medium
Block
/index.php
Peru (outdated)
Low
None
Low
None
/search
11/26/2015
8:26:58 AM
11/26/2015
8:27:23 AM
11/26/2015
8:37:14 AM
11/26/2015
8:37:14 AM
App Conasec
11/26/2015
8:39:31 AM
11/26/2015
9:41:48 AM
HTTP Signature
Violation
11/26/2015
8:39:31 AM
11/26/2015
9:41:48 AM
HTTP Signature
Violation
United States of
America (outdated)
Page 46
Num. Service
of
Events
1
Service Pagina Web
Application
Parameter Type
Violation
11/26/2015
8:45:55 AM
11/26/2015
8:45:55 AM
11/26/2015
8:46:39 AM
11/26/2015
8:46:39 AM
11/26/2015
8:46:39 AM
11/26/2015
8:46:39 AM
11/26/2015
8:46:39 AM
11/26/2015
8:46:39 AM
11/26/2015
8:46:39 AM
11/26/2015
8:48:58 AM
11/26/2015
8:50:09 AM
11/26/2015
8:50:09 AM
11/26/2015
8:50:09 AM
11/26/2015
8:50:09 AM
11/26/2015
8:50:09 AM
11/26/2015
8:50:09 AM
11/26/2015
8:50:09 AM
11/26/2015
8:48:58 AM
Custom Violation
Custom Violation
Custom Violation
Custom Violation
Custom Violation
Custom Violation
Custom Violation
Parameter Type
Violation
11/26/2015
8:51:10 AM
11/26/2015
8:51:10 AM
Parameter Type
Violation
11/26/2015
9:24:22 AM
11/26/2015
9:24:22 AM
Parameter Type
Violation
11/26/2015
9:28:13 AM
11/26/2015
10:38:52 AM
HTTP Signature
Violation
11/26/2015
9:28:13 AM
11/26/2015
10:38:52 AM
HTTP Signature
Violation
11/26/2015
9:28:13 AM
11/26/2015
10:38:52 AM
HTTP Signature
Violation
11/26/2015
9:28:13 AM
11/26/2015
10:55:27 PM
HTTP Signature
Violation
11/26/2015
9:37:52 AM
11/26/2015
9:37:52 AM
HTTP Signature
Violation
Alert Description
Source
GeoLocation
Parameter Type
Violation oq in
74.125.11.48/search
Webdav Method
Detection
Webdav Method
Detection
Webdav Method
Detection
Webdav Method
Detection
Webdav Method
Detection
Webdav Method
Detection
Webdav Method
Detection
Parameter Type
Violation id in
localsmart.in/index.p
hp
Parameter Type
Violation a in
www.levenstourisme
.com/index.php
Parameter Type
Violation
search_block_form in
www.mininter.gob.p
e/
Distributed Robot
site scan attempt
4(+)
Distributed Robot
site scan attempt
4(+)
Distributed Robot
site scan attempt
4(+)
Distributed Robot
site scan attempt
4(+)
Cross Site Scripting
on headers 3
Medium
None
/search
United States of
America (outdated)
Medium
None
/sites/default/files
Peru (outdated)
Medium
None
/sites/default/
Peru (outdated)
Medium
None
/sites
Peru (outdated)
Medium
None
/sites/
Peru (outdated)
Medium
None
/sites/default/files/
Peru (outdated)
Medium
None
Peru (outdated)
Medium
None
/sites/default
Peru (outdated)
Medium
None
/index.php
United States of
America (outdated)
Medium
None
/index.php
France (outdated)
Medium
None
Peru (outdated)
High
Block
Moldova, Republic of
(outdated)
High
Block
Georgia (outdated)
High
Block
United States of
America (outdated)
High
Block
High
Block
/ping/200.48.4.150
Germany (outdated)
France (outdated)
Page 47
Num. Service
of
Events
1
Service Pagina Web
Application
Parameter Type
Violation
11/26/2015
9:57:34 AM
11/26/2015
9:57:34 AM
11/26/2015
10:12:24 AM
11/26/2015
11:23:30 AM
HTTP Signature
Violation
11/26/2015
10:12:24 AM
11/26/2015
11:23:30 AM
HTTP Signature
Violation
11/26/2015
10:12:24 AM
11/26/2015
11:23:30 AM
HTTP Signature
Violation
11/26/2015
10:20:32 AM
11/26/2015
10:20:32 AM
Parameter Type
Violation
11/26/2015
10:36:21 AM
11/26/2015
10:36:25 PM
Custom Violation
11/26/2015
10:36:21 AM
11/26/2015
10:36:25 PM
Custom Violation
11/26/2015
10:36:21 AM
11/26/2015
10:36:25 PM
Custom Violation
11/26/2015
10:36:21 AM
11/26/2015
10:36:25 PM
Custom Violation
11/26/2015
10:36:21 AM
11/26/2015
10:36:25 PM
Custom Violation
11/26/2015
10:36:21 AM
11/26/2015
10:36:25 PM
Custom Violation
11/26/2015
10:36:21 AM
11/26/2015
10:36:25 PM
Custom Violation
Alert Description
Source
GeoLocation
Parameter Type
Violation oq in
74.125.160.200/sear
ch
Distributed CVE2014-8670: vBulletin
'go.php' url
Parameter Open
Redirect(+)
Distributed CVE2014-8670: vBulletin
'go.php' url
Parameter Open
Redirect(+)
Distributed CVE2014-8670: vBulletin
'go.php' url
Parameter Open
Redirect(+)
Parameter Type
Violation oq in
173.194.24.170/sear
ch
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Medium
None
/search
United States of
America (outdated)
High
Block
/go.php
France (outdated)
High
Block
/click.php
United States of
America (outdated)
High
Block
/chat/go.php
United States of
America (outdated)
Medium
None
/search
United States of
America (outdated)
Medium
None
/ip4.php
France (outdated)
Medium
None
United States of
America (outdated)
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Medium
None
Medium
None
/used_cars/vehicledetail/ul1322331618
/chevrolet/silverado1500
/cars-forsale/vehicledetails.x
html
/judge/judge.php
Medium
None
Medium
None
Medium
None
United States of
America (outdated)
Canada (outdated)
Philippines
(outdated)
/forum/world/maced
onia/taaaafn23pmg
mj147
/cars-forsale/new+cars/chev/
fl-33781
Canada (outdated)
United States of
America (outdated)
Page 48
Num. Service
of
Events
1
Service Pagina Web
Application
Custom Violation
11/26/2015
10:36:21 AM
11/26/2015
10:36:25 PM
11/26/2015
10:36:21 AM
11/26/2015
10:36:25 PM
Custom Violation
11/26/2015
10:36:21 AM
11/26/2015
10:36:25 PM
Custom Violation
11/26/2015
10:36:21 AM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
10:36:21 AM
11/26/2015
10:36:25 PM
Custom Violation
11/26/2015
10:36:21 AM
11/26/2015
10:36:25 PM
Custom Violation
11/26/2015
10:36:21 AM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
10:36:21 AM
11/26/2015
10:36:25 PM
Custom Violation
11/26/2015
10:36:21 AM
11/26/2015
10:36:25 PM
Custom Violation
11/26/2015
10:36:21 AM
11/26/2015
10:36:25 PM
Custom Violation
11/26/2015
10:36:21 AM
11/27/2015
5:30:08 AM
15
Custom Violation
11/26/2015
10:36:21 AM
11/26/2015
10:36:25 PM
Custom Violation
11/26/2015
10:36:21 AM
11/26/2015
10:36:25 PM
Custom Violation
11/26/2015
10:36:21 AM
11/26/2015
10:36:25 PM
Custom Violation
Alert Description
Source
GeoLocation
Distributed
Medium
Suspicious Response
Code
Distributed
Medium
Suspicious Response
Code
Distributed
Medium
Suspicious Response
Code
None
/sync/img
Canada (outdated)
None
/login/
Turkey (outdated)
None
Distributed
Medium
Suspicious Response
Code
Distributed
Medium
Suspicious Response
Code
Distributed
Medium
Suspicious Response
Code
None
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Medium
None
/enus/viewcar/default.html
United States of
America (outdated)
None
United States of
America (outdated)
None
/cars-forsale/cars/newcars/bmw/535i gran
turismo xdrive/
/start
Medium
None
/io/login
United States of
America (outdated)
Medium
None
United States of
America (outdated)
Medium
None
Medium
None
/cars-forsale/cars/newcars/bmw/545i/
/cars-forsale/new+cars/chev/
tx-77535
/gp/aag/ajax/asinren
dertojson.html
Medium
None
United States of
America (outdated)
Distributed
Medium
Suspicious Response
Code
Distributed
Medium
Suspicious Response
Code
None
/auto/annonce53246365_cadillacescalade-platiniumesv-v8-62l-10km.html
/for-sale/bentley-s_
-12
/cars-forsale/new+cars/audi/
ca-92332
United States of
America (outdated)
None
Ireland (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
Page 49
Num. Service
of
Events
1
Service Pagina Web
Application
Alert Description
Source
GeoLocation
Scraping Attack
Scraping attack on
App Pagina Web
High
Block
Peru (outdated)
Scraping Attack
Scraping attack on
App Pagina Web
High
Block
Custom Violation
Distributed Bloqueo
CPanel
High
Block
11/26/2015
10:38:03 AM
11/26/2015
11:15:30 AM
11/26/2015
10:38:03 AM
11/26/2015
11:15:30 AM
11/26/2015
10:49:06 AM
11/26/2015
10:25:55 PM
11/26/2015
10:49:06 AM
11/26/2015
10:25:55 PM
Custom Violation
Distributed Bloqueo
CPanel
High
Block
11/26/2015
10:49:06 AM
11/26/2015
10:49:06 AM
11/26/2015
10:49:06 AM
11/26/2015
10:25:55 PM
11/26/2015
10:25:55 PM
11/26/2015
10:25:55 PM
Custom Violation
High
Block
Custom Violation
High
Block
Custom Violation
Distributed Bloqueo
CPanel
Distributed Bloqueo
CPanel
Distributed Bloqueo
CPanel
High
Block
11/26/2015
10:49:06 AM
11/26/2015
10:25:55 PM
Custom Violation
Distributed Bloqueo
CPanel
High
Block
11/26/2015
10:49:06 AM
11/26/2015
10:25:55 PM
Custom Violation
Distributed Bloqueo
CPanel
High
Block
11/26/2015
10:49:06 AM
11/26/2015
10:25:55 PM
Custom Violation
Distributed Bloqueo
CPanel
High
Block
11/26/2015
10:49:06 AM
11/26/2015
10:25:55 PM
Custom Violation
Distributed Bloqueo
CPanel
High
Block
11/26/2015
10:49:06 AM
11/26/2015
10:25:55 PM
Custom Violation
Distributed Bloqueo
CPanel
High
Block
11/26/2015
10:49:06 AM
11/27/2015
5:27:22 AM
10
Custom Violation
Distributed Bloqueo
CPanel
High
Block
11/26/2015
10:49:06 AM
11/26/2015
10:25:55 PM
Custom Violation
Distributed Bloqueo
CPanel
High
Block
/consultaweb/scripts/
dojo-release1.7.2/dijit/_menubas
e.js
/consultaweb/scripts/
dojo-release1.7.2/dojo/html.js
/admin/archivos/200
703050122480.listad
odic06montepio.doc
/sites/all/modules/ad
min_menu/admin_de
vel/admin_devel.js
/admin/imgs/contem
ain_top.jpg
/admin/imgs/contem
ain_bot.jpg
/admin/archivos/230
92013164552_acta
resultado preliminar
convocatoria 018
practicas
profesionales
(ppaj).pdf
/admin/archivos/210
52012070305_relaci
on_pensionistas_hab
eres_abr2012.pdf
/sites/all/modules/ad
min_menu/admin_de
vel/admin_devel.js
/sites/all/modules/ad
min_menu/admin_de
vel/admin_devel.js
/admin/archivos/090
82012190923_acta
140.pdf
/sites/all/modules/ad
min_menu/admin_de
vel/admin_devel.js
/sites/all/modules/ad
min_menu/admin_de
vel/admin_devel.js
/sites/all/modules/ad
min_menu/admin_de
vel/admin_devel.js
Peru (outdated)
Germany (outdated)
Chile (outdated)
United States of
America (outdated)
United States of
America (outdated)
Germany (outdated)
Germany (outdated)
United Kingdom of
Great Britain
(outdated)
Bolivia, Plurinational
State of (outdated)
Germany (outdated)
Brazil (outdated)
Ecuador (outdated)
Uruguay (outdated)
Page 50
Num. Service
of
Events
2
Service Pagina Web
Application
HTTP Signature
Violation
Custom Violation
Custom Violation
Custom Violation
Custom Violation
11/26/2015
10:49:39 AM
11/26/2015
10:49:39 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
12:36:17 PM
11/26/2015
12:36:17 PM
11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
10:51:43 AM
11/26/2015
11:00:34 AM
11/26/2015
11:06:28 AM
11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM
11/27/2015
5:17:43 AM
11/27/2015
5:17:43 AM
11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM
11/26/2015
10:52:56 PM
11/26/2015
11:00:34 AM
11/26/2015
11:09:20 PM
Custom Violation
Custom Violation
Custom Violation
Custom Violation
Custom Violation
Custom Violation
Custom Violation
Custom Violation
Custom Violation
Custom Violation
Custom Violation
Custom Violation
Web Worm
Custom Violation
11/26/2015
11:06:28 AM
11/27/2015
5:30:08 AM
Custom Violation
Alert Description
Source
GeoLocation
Paros scanner
High
Block
/judge/
High
Block
/judge/
Low
None
Low
None
/info/anticor/index.p
html
/php/info.php
United States of
America (outdated)
United States of
America (outdated)
France (outdated)
Low
None
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Access to: /cgibin/timed.pl
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Low
None
Low
None
Low
None
Low
None
France (outdated)
Low
None
/info/
France (outdated)
Low
None
/phpinfo.php
France (outdated)
Low
None
Low
None
Low
None
Low
None
Low
None
Low
None
/wp-commentspost.php
/cgi-bin/info.php
High
Block
/cgi-bin/timed.pl
High
Block
45.33.54.195:80
High
Block
France (outdated)
India (outdated)
/staff/ahmed/version
s.php
/~jolguin/favoritos/p
hpinfo.php
France (outdated)
France (outdated)
United States of
America (outdated)
Poland (outdated)
United States of
America (outdated)
Bulgaria (outdated)
United States of
America (outdated)
Page 51
Num. Service
of
Events
2
Service Pagina Web
Application
Custom Violation
11/26/2015
11:06:28 AM
11/27/2015
5:30:08 AM
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:06:28 AM
11/27/2015
5:30:08 AM
Custom Violation
Alert Description
Source
GeoLocation
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Medium
None
204.79.197.200:80
Poland (outdated)
Medium
None
account.sony...om:4
43
Romania (outdated)
High
Block
account.sony...om:4
43
Romania (outdated)
Medium
None
www.marathonbet.c
om:443
Medium
None
api.twitch.tv:443
United Kingdom of
Great Britain
(outdated)
Germany (outdated)
High
Block
www.dateas.com:44
3
Israel (outdated)
High
Block
authserver.mojang.c
om:443
United States of
America (outdated)
Medium
None
my.vultr.com:443
Morocco (outdated)
High
Block
my.vultr.com:443
Morocco (outdated)
Medium
None
my.vultr.com:443
United States of
America (outdated)
Medium
None
authserver.mojang.c
om:443
High
Block
irc.icq.com:6668
Macedonia, the
former Yugoslav
Republic of
(outdated)
Australia (outdated)
High
Block
my.vultr.com:443
United States of
America (outdated)
High
Block
204.79.197.200:80
Poland (outdated)
Page 52
Num. Service
of
Events
2
Service Pagina Web
Application
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
Alert Description
Source
GeoLocation
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Medium
None
High
Block
www.linkedin.com:4
43
Medium
None
High
Block
www.linkedin.com:4
43
Netherlands
(outdated)
Medium
None
itunes.apple.com:44
3
Germany (outdated)
High
Block
itunes.apple.com:44
3
Germany (outdated)
Medium
None
www.linkedin.com:4
43
Romania (outdated)
Medium
None
United States of
America (outdated)
Medium
None
account.sonyentertai
nmentnetwork.com:
443
www.camfrog.com:4
43
Medium
None
irc.icq.com:6668
Australia (outdated)
Medium
None
45.33.54.195:80
Portugal (outdated)
High
Block
api.twitch.tv:443
Germany (outdated)
Medium
None
45.33.54.195:80
United States of
America (outdated)
High
Block
United States of
America (outdated)
Medium
None
account.sonyentertai
nmentnetwork.com:
443
authserver.mojang.c
om:443
Switzerland
(outdated)
United States of
America (outdated)
United States of
America (outdated)
Page 53
Num. Service
of
Events
1
Service Pagina Web
Application
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:28 AM
11/26/2015
11:09:20 PM
Custom Violation
11/26/2015
11:06:46 AM
11/26/2015
11:06:46 AM
HTTP Signature
Violation
11/26/2015
11:33:33 AM
11/27/2015
5:28:43 AM
Unauthorized
Request Content
Type
Alert Description
Source
GeoLocation
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Medium
None
www.google.com:44
3
Netherlands
(outdated)
High
Block
www.google.com:44
3
Netherlands
(outdated)
High
Block
www.linkedin.com:4
43
Romania (outdated)
Medium
None
www.linkedin.com:4
43
Switzerland
(outdated)
Medium
None
www.dateas.com:44
3
Israel (outdated)
High
Block
45.33.54.195:80
Portugal (outdated)
High
Block
authserver.mojang.c
om:443
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Jupiter CMS
Index.PHP Remote
File Include
Multiple
Unauthorized
Request Content
Type:
'text/html,applicatio
n/xhtml+xml,applica
tion/xml;q=0.9,imag
e/webp,*/*;q=0.8'
Medium
None
www.linkedin.com:4
43
Macedonia, the
former Yugoslav
Republic of
(outdated)
Netherlands
(outdated)
High
Block
High
Block
www.camfrog.com:4
43
United States of
America (outdated)
High
Block
www.marathonbet.c
om:443
High
Block
/register/guest.asp
United Kingdom of
Great Britain
(outdated)
Thailand (outdated)
Medium
None
/judge/
Brazil (outdated)
Page 54
Num. Service
of
Events
6
Service Pagina Web
Application
Unauthorized
Request Content
Type
11/26/2015
11:33:33 AM
11/27/2015
5:28:43 AM
11/26/2015
11:33:33 AM
11/26/2015
11:31:17 PM
Unauthorized
Request Content
Type
11/26/2015
11:33:33 AM
11/26/2015
11:31:17 PM
Unauthorized
Request Content
Type
11/26/2015
11:33:33 AM
11/26/2015
11:31:17 PM
Unauthorized
Request Content
Type
11/26/2015
11:37:40 AM
11/26/2015
11:43:06 AM
11/26/2015
11:37:40 AM
11/26/2015
12:14:55 PM
Web Worm
App Conasec
Cookie Tampering
11/26/2015
11:45:14 AM
11/26/2015
3:14:52 PM
11/26/2015
11:49:09 AM
11/26/2015
11:51:24 PM
Protocol
11/26/2015
11:49:09 AM
11/26/2015
11:51:24 PM
Protocol
Profile
Web Worm
Alert Description
Source
GeoLocation
Multiple
Unauthorized
Request Content
Type:
'text/html,applicatio
n/xhtml+xml,applica
tion/xml;q=0.9,imag
e/webp,*/*;q=0.8'
Multiple
Unauthorized
Request Content
Type:
'text/html,applicatio
n/xhtml+xml,applica
tion/xml;q=0.9,imag
e/webp,*/*;q=0.8'
Multiple
Unauthorized
Request Content
Type:
'text/html,applicatio
n/xhtml+xml,applica
tion/xml;q=0.9,imag
e/webp,*/*;q=0.8'
Multiple
Unauthorized
Request Content
Type:
'text/html,applicatio
n/xhtml+xml,applica
tion/xml;q=0.9,imag
e/webp,*/*;q=0.8'
Access to: /d/px
Medium
None
/judge/
Lithuania (outdated)
Medium
None
/judge/
Poland (outdated)
Medium
None
/judge/
Pakistan (outdated)
Medium
None
/judge/
Germany (outdated)
High
Block
/d/px
Canada (outdated)
Distributed Cookie
Tampering on token:
c_ref_1953962
Access to: /cgibin/iframe_sponsor.e
ur
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
Medium
Block
/index.php
Peru (outdated)
High
Block
High
Block
/cgiFrance (outdated)
bin/iframe_sponsor.e
ur
Spain (outdated)
High
Block
Mexico (outdated)
Page 55
Num. Service
of
Events
1
Service Pagina Web
Application
Alert Description
Source
GeoLocation
Protocol
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
Distributed Illegal
Byte Code Character
in Method
Parameter Type
Violation oq in
74.125.143.193/sear
ch
Parameter Type
Violation oq in
173.194.9.102/searc
h
Distributed Robot
site scan attempt
4(+)
Distributed Robot
site scan attempt
4(+)
Distributed Illegal
Host Name
Distributed Illegal
Host Name
Distributed Illegal
Host Name
High
Block
India (outdated)
High
Block
High
Block
United Kingdom of
Great Britain
(outdated)
United States of
America (outdated)
High
Block
Poland (outdated)
High
Block
Algeria (outdated)
High
Block
Canada (outdated)
High
Block
Turkey (outdated)
High
Block
France (outdated)
Medium
None
/search
United States of
America (outdated)
Medium
None
/search
United States of
America (outdated)
High
Block
Austria (outdated)
High
Block
Poland (outdated)
High
Block
/info/suche.php
High
Block
/>
High
Block
/en/phpobfuscator.html
11/26/2015
11:49:09 AM
11/26/2015
11:51:24 PM
11/26/2015
11:49:09 AM
11/27/2015
5:30:08 AM
Protocol
11/26/2015
11:49:09 AM
11/27/2015
5:30:08 AM
13
Protocol
11/26/2015
11:49:09 AM
11/27/2015
5:30:08 AM
Protocol
11/26/2015
11:49:09 AM
11/26/2015
11:51:24 PM
Protocol
11/26/2015
11:49:09 AM
11/26/2015
11:51:24 PM
Protocol
11/26/2015
11:49:09 AM
11/26/2015
11:51:24 PM
Protocol
11/26/2015
11:49:09 AM
11/27/2015
5:30:08 AM
22
Protocol
11/26/2015
11:56:56 AM
11/26/2015
11:56:56 AM
Parameter Type
Violation
11/26/2015
12:00:42 PM
11/26/2015
12:00:42 PM
Parameter Type
Violation
11/26/2015
12:08:42 PM
11/26/2015
5:13:15 PM
HTTP Signature
Violation
11/26/2015
12:08:42 PM
11/26/2015
5:13:15 PM
HTTP Signature
Violation
11/26/2015
12:15:55 PM
11/26/2015
12:15:55 PM
11/26/2015
12:15:55 PM
11/27/2015
12:18:09 AM
11/27/2015
12:18:09 AM
11/27/2015
12:18:09 AM
United States of
America (outdated)
Lithuania (outdated)
Germany (outdated)
Page 56
Num. Service
of
Events
1
Service Pagina Web
Application
Web Worm
Unauthorized
Request Content
Type
11/26/2015
12:19:00 PM
11/26/2015
12:38:01 PM
11/26/2015
12:19:00 PM
11/26/2015
12:39:07 PM
11/26/2015
12:38:01 PM
11/26/2015
12:39:07 PM
Unauthorized
Request Content
Type
11/26/2015
12:42:09 PM
11/26/2015
1:39:29 PM
11/26/2015
12:44:02 PM
11/26/2015
12:44:02 PM
App Conasec
11/26/2015
12:44:32 PM
11/26/2015
1:17:54 PM
11/26/2015
12:51:02 PM
11/26/2015
12:51:02 PM
Parameter Type
Violation
11/26/2015
1:18:34 PM
11/26/2015
1:23:03 PM
11/26/2015
1:30:24 PM
11/26/2015
9:44:07 PM
11/26/2015
2:13:32 PM
11/26/2015
1:43:26 PM
HTTP Signature
Violation
Web Worm
Redundant HTTP
Headers
11/26/2015
1:30:24 PM
11/26/2015
1:43:26 PM
Redundant HTTP
Headers
Signature
Alert Description
Source
GeoLocation
High
Block
/cgi-bin/frameit.cgi
Medium
None
/v1/310702290/4
United States of
America (outdated)
Peru (outdated)
Medium
None
/v1/310702290/1
Peru (outdated)
Medium
None
/e
Czech Republic
(outdated)
High
Block
High
Block
Medium
None
High
Block
/login.php
Canada (outdated)
High
Block
/cgi/rank.cgi
Japan (outdated)
Medium
None
United States of
America (outdated)
Medium
None
/used_cars/vehicledetail/ul1283561235
/kia/forte
/annonceautomoto/122/sarcell
es/diesel-mazdamazda6-fastwagon2-0-mzr-cd140performance2010/ffa41a8e-e65ae311-a30d5cf3fc6a23ca.html
Canada (outdated)
United States of
America (outdated)
Page 57
Num. Service
of
Events
1
Service Pagina Web
Application
HTTP Signature
Violation
Alert Description
Source
GeoLocation
High
Block
/links/redirect.php
United States of
America (outdated)
High
Block
/letsgo.php
United States of
America (outdated)
High
Block
/modify-companydetails
United States of
America (outdated)
Medium
None
/api
United States of
America (outdated)
Low
None
/fr/searchw
United States of
America (outdated)
Medium
None
/used_cars/vehicledetail/ul1283019612
/dodge/grandcaravan
/auto/annonce53282593_renaultscenic-expressioneuro-5---dci-110-fapeco2-2011.html
/used_cars/vehicledetail/ul1328677528
/toyota/highlander
/used_cars/vehicledetail/ul1328146602
/buick/enclave
/used_cars/vehicledetail/ul1326467972
/nissan/maxima
United States of
America (outdated)
11/26/2015
1:35:01 PM
11/26/2015
2:14:32 PM
11/26/2015
1:35:01 PM
11/26/2015
2:14:32 PM
HTTP Signature
Violation
11/26/2015
1:35:01 PM
11/26/2015
2:14:32 PM
HTTP Signature
Violation
11/26/2015
1:40:56 PM
11/26/2015
1:40:56 PM
11/26/2015
2:38:12 PM
11/26/2015
2:38:12 PM
HTTP Signature
Violation
11/26/2015
2:55:23 PM
11/26/2015
11:58:49 PM
Redundant HTTP
Headers
11/26/2015
2:55:23 PM
11/26/2015
11:58:49 PM
Redundant HTTP
Headers
Multiple Redundant
HTTP Headers in
header Referer
Medium
None
11/26/2015
2:55:23 PM
11/26/2015
11:58:49 PM
Redundant HTTP
Headers
Medium
None
11/26/2015
2:55:23 PM
11/26/2015
11:58:49 PM
Redundant HTTP
Headers
Medium
None
11/26/2015
2:55:23 PM
11/26/2015
11:58:49 PM
Redundant HTTP
Headers
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Medium
None
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
Page 58
Num. Service
of
Events
3
Service Pagina Web
Application
Redundant HTTP
Headers
11/26/2015
2:55:23 PM
11/26/2015
11:58:49 PM
11/26/2015
2:55:23 PM
11/26/2015
11:58:49 PM
Redundant HTTP
Headers
11/26/2015
2:55:23 PM
11/26/2015
11:58:49 PM
Redundant HTTP
Headers
11/26/2015
2:55:23 PM
11/26/2015
11:58:49 PM
Redundant HTTP
Headers
11/26/2015
2:55:23 PM
11/26/2015
11:58:49 PM
Redundant HTTP
Headers
11/26/2015
2:55:23 PM
11/26/2015
11:58:49 PM
Redundant HTTP
Headers
11/26/2015
2:55:23 PM
11/26/2015
11:58:49 PM
Redundant HTTP
Headers
11/26/2015
2:55:23 PM
11/26/2015
11:58:49 PM
Redundant HTTP
Headers
11/26/2015
2:55:23 PM
11/26/2015
11:58:49 PM
11
Redundant HTTP
Headers
11/26/2015
2:55:23 PM
11/26/2015
11:58:49 PM
Redundant HTTP
Headers
11/26/2015
2:55:23 PM
11/26/2015
11:58:49 PM
Redundant HTTP
Headers
11/26/2015
2:55:23 PM
11/26/2015
11:58:49 PM
Redundant HTTP
Headers
11/26/2015
2:55:23 PM
11/26/2015
11:58:49 PM
Redundant HTTP
Headers
11/26/2015
2:55:23 PM
11/26/2015
11:58:49 PM
Redundant HTTP
Headers
Alert Description
Source
GeoLocation
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Medium
None
United States of
America (outdated)
Medium
None
/used_cars/vehicledetail/ul1261999672
/chevrolet/impala
/classified/28040423
3
Medium
None
United States of
America (outdated)
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Medium
None
/vwdeb/i/s|1300,u/l|1
00,316,stat_firstclass
,u/d|deu7169294633
/mercedes-classe_c10605094.html
Medium
None
United States of
America (outdated)
Medium
None
Medium
None
Medium
None
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Multiple Redundant
HTTP Headers in
header Referer
Medium
None
Medium
None
Medium
None
Medium
None
Medium
None
Medium
None
/154769874/2006/je
ep/commander/used
-cars/for-sale
/used_cars/vehicledetail/ul1329705739
/toyota/tundra
/used_cars/vehicledetail/ul1321290986
/hyundai/elantra
/used_cars/vehicledetail/ul1324134084
/mercedes-benz/clsclass
/used_cars/vehicledetail/ul1315373758
/toyota/camry
/used_cars/vehicledetail/ul1329566613
/chevrolet/malibu
/used_cars/vehicledetail/ul1329743996
/dodge/journey
/used_cars/vehicledetail/ul1298816347
/hyundai/elantra
/used_cars/vehicledetail/ul1285639098
/nissan/juke
/160979202/2013/ho
nda/pilot/usedcars/for-sale
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
United States of
America (outdated)
Page 59
Num. Service
of
Events
3
Service Pagina Web
Application
Alert Description
Source
GeoLocation
Redundant HTTP
Headers
Multiple Redundant
HTTP Headers in
header Referer
Medium
None
United States of
America (outdated)
High
Block
Medium
None
/used_cars/vehicledetail/ul1307519369
/chevrolet/silverado2500hd
/cp/scripts/perl/guest
book/eguest_show.pl
/views/ajax
High
Block
/cgi-bin/info.php
High
Block
/leaving/index.php
United States of
America (outdated)
United States of
America (outdated)
Low
None
/disk37/file.php
Japan (outdated)
Low
None
/disk38/file.php
Japan (outdated)
Low
None
Low
None
/disk7/file.php
Japan (outdated)
Low
None
/search
United States of
America (outdated)
11/26/2015
2:55:23 PM
11/26/2015
11:58:49 PM
11/26/2015
2:55:37 PM
11/26/2015
2:55:37 PM
HTTP Signature
Violation
11/26/2015
3:08:07 PM
11/26/2015
3:08:55 PM
Parameter Type
Violation
11/26/2015
3:31:19 PM
11/26/2015
3:33:02 PM
11/26/2015
3:31:19 PM
11/26/2015
3:33:02 PM
Web Worm
HTTP Signature
Violation
11/26/2015
4:04:10 PM
11/26/2015
6:30:40 PM
HTTP Signature
Violation
11/26/2015
4:04:10 PM
11/26/2015
6:30:40 PM
HTTP Signature
Violation
11/26/2015
4:04:10 PM
11/26/2015
6:30:40 PM
HTTP Signature
Violation
11/26/2015
4:04:10 PM
11/26/2015
6:30:40 PM
HTTP Signature
Violation
11/26/2015
4:04:10 PM
11/26/2015
6:30:40 PM
HTTP Signature
Violation
United States of
America (outdated)
Peru (outdated)
Page 60
Num. Service
of
Events
2
Service Pagina Web
Application
HTTP Signature
Violation
11/26/2015
4:04:10 PM
11/26/2015
6:30:40 PM
11/26/2015
4:04:10 PM
11/26/2015
6:30:40 PM
HTTP Signature
Violation
11/26/2015
4:25:11 PM
11/26/2015
4:34:59 PM
HTTP Signature
Violation
11/26/2015
4:28:06 PM
11/26/2015
4:33:18 PM
11/26/2015
4:28:06 PM
11/26/2015
5:22:43 PM
HTTP Signature
Violation
HTTP Signature
Violation
11/26/2015
4:33:18 PM
11/26/2015
8:00:40 PM
HTTP Signature
Violation
11/26/2015
4:33:18 PM
11/26/2015
5:22:43 PM
HTTP Signature
Violation
11/26/2015
4:42:29 PM
11/26/2015
4:42:29 PM
Web Worm
11/26/2015
5:35:30 PM
11/27/2015
5:25:57 AM
11/26/2015
5:35:30 PM
11/27/2015
5:25:57 AM
27
Alert Description
Source
GeoLocation
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 89(+)
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 89(+)
Multiple CVE-20113192:Apache_httpd_
Remote_Denial_of_S
ervice_ME(+) from
181.177.248.131
Web leech 9
Low
None
/srsapp/search
United States of
America (outdated)
Low
None
/d.js
United States of
America (outdated)
High
Block
/sites/default/files/rv
m_nro_044-2014-invgi_0.pdf
Peru (outdated)
High
Block
/test/gate.php
Germany (outdated)
High
Block
/redir.php
United States of
America (outdated)
High
Block
/go.php
United States of
America (outdated)
High
Block
/forum/go.php
United States of
America (outdated)
High
Block
High
Block
/new-infinitiUnited States of
<a_href="javascript: America (outdated)
High
Block
/used-list/make1<!doctype html>
<html>
<head>
<meta httpequiv=content-type
content=text/html
United States of
America (outdated)
Page 61
Num. Service
of
Events
2
Service Pagina Web
Application
11/26/2015
5:35:30 PM
11/27/2015
5:25:57 AM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
Alert Description
Source
GeoLocation
Distributed Illegal
Byte Code Character
in URL
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
High
Block
/new-infiniti</div
United States of
America (outdated)
Medium
None
/k/so1xd
Switzerland
(outdated)
Medium
None
/aramaaranan=tn1h
7
Switzerland
(outdated)
Medium
None
Medium
None
/1gunv
Switzerland
(outdated)
Medium
None
/k/1e8b7
Switzerland
(outdated)
Medium
None
/1hglm
Switzerland
(outdated)
Medium
None
/ai2db
Switzerland
(outdated)
Medium
None
/128lp
Switzerland
(outdated)
Medium
None
/k/g69zf
Switzerland
(outdated)
Medium
None
/d8h18
Switzerland
(outdated)
Medium
None
/aramaaranan=lqk2s Switzerland
(outdated)
Medium
None
/pblp7
Switzerland
(outdated)
Medium
None
/k/pgbld
Switzerland
(outdated)
Medium
None
/47k61
Switzerland
(outdated)
Germany (outdated)
Page 62
Num. Service
of
Events
1
Service Pagina Web
Application
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
Alert Description
Source
GeoLocation
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Post
Request - Missing
Content Type: 'none'
Medium
None
/qavkv
Switzerland
(outdated)
Medium
None
/k/geg6c
Switzerland
(outdated)
Medium
None
/k6d3c
Switzerland
(outdated)
Medium
None
/aramaaranan=lqd3k Switzerland
(outdated)
Medium
None
/aramaaranan=1vq2
g
Switzerland
(outdated)
Medium
None
/k/pdl7h
Switzerland
(outdated)
Medium
None
/xpb3u
Switzerland
(outdated)
Medium
None
/k/0uo5d
Switzerland
(outdated)
Medium
None
/pgi63
Switzerland
(outdated)
Medium
None
/fto8t
Switzerland
(outdated)
Medium
None
/n3w2y
Switzerland
(outdated)
Medium
None
/k/3qvpa
Switzerland
(outdated)
Medium
None
/k/updbj
Switzerland
(outdated)
Medium
None
/aramaaranan=gznt
q
Switzerland
(outdated)
Medium
None
/w8do5
Switzerland
(outdated)
Page 63
Num. Service
of
Events
1
Service Pagina Web
Application
11/26/2015
5:50:42 PM
11/26/2015
8:21:46 PM
11/26/2015
5:52:54 PM
11/26/2015
11:55:25 PM
12
11/26/2015
6:19:33 PM
11/26/2015
6:23:45 PM
Redundant HTTP
Headers
11/26/2015
6:24:11 PM
11/26/2015
6:24:41 PM
11/26/2015
6:32:09 PM
11/26/2015
10:57:38 PM
11/26/2015
6:32:09 PM
11/26/2015
10:57:38 PM
11/26/2015
6:32:09 PM
11/26/2015
9:48:11 PM
11/26/2015
6:32:09 PM
11/26/2015
9:48:11 PM
11/26/2015
6:32:09 PM
11/26/2015
9:48:11 PM
11/26/2015
6:32:10 PM
11/26/2015
6:32:10 PM
11/26/2015
7:01:58 PM
11/26/2015
7:20:06 PM
11/26/2015
7:01:58 PM
11/26/2015
8:00:40 PM
Web Worm
HTTP Signature
Violation
Alert Description
Source
GeoLocation
Multiple Post
Request - Missing
Content Type: 'none'
Multiple Malformed
SOAP Message from
172.245.123.105
Redundant HTTP
Headers from
78.183.13.119
Multiple Illegal Byte
Code Character in
Parameter Value
from 77.46.96.96
Multiple Illegal HTTP
Version from
88.119.250.36
Multiple Illegal HTTP
Version from
88.119.250.36
Distributed Illegal
Byte Code Character
in Header Name
Distributed Illegal
Byte Code Character
in Header Name
Distributed Illegal
Byte Code Character
in Header Name
Unknown HTTP
Request Method <hr
in URL
2ddl.downloadntenta
ndo ingresar no
está
permitido, por favor
ingresar un
parámetro&n
bsp;
válido</>
Access to: /cgibin/suchen.pl
Multiple CVE-20148670: vBulletin
'go.php' url
Parameter Open
Redirect(+) from
192.249.64.154
Medium
None
/aramaaranan=nn9p Switzerland
2
(outdated)
Medium
None
/downloadapi.asmx
United States of
America (outdated)
Medium
None
/resources/login
Turkey (outdated)
Medium
None
/announce
Poland (outdated)
High
Block
High
Block
/>
Lithuania (outdated)
High
Block
/>
Lithuania (outdated)
High
Block
High
Block
High
Block
/>
Lithuania (outdated)
High
Block
/cgi-bin/suchen.pl
France (outdated)
High
Block
/signin
United States of
America (outdated)
Lithuania (outdated)
Page 64
Num. Service
of
Events
1
Service Pagina Web
Application
HTTP Signature
Violation
11/26/2015
7:20:06 PM
11/26/2015
8:00:40 PM
11/26/2015
7:20:06 PM
11/26/2015
8:00:40 PM
HTTP Signature
Violation
11/26/2015
7:49:49 PM
11/26/2015
7:49:49 PM
Parameter Type
Violation
11/26/2015
7:50:06 PM
11/26/2015
8:10:32 PM
Web Worm
11/26/2015
7:50:06 PM
11/26/2015
8:10:32 PM
Web Worm
11/26/2015
7:50:14 PM
11/26/2015
7:50:14 PM
Parameter Type
Violation
11/26/2015
8:33:07 PM
11/26/2015
8:40:36 PM
Web Worm
11/26/2015
8:46:49 PM
11/26/2015
8:46:49 PM
Unknown HTTP
Request Method
11/26/2015
9:00:25 PM
11/26/2015
10:55:27 PM
HTTP Signature
Violation
11/26/2015
9:06:47 PM
11/26/2015
10:44:04 PM
HTTP Signature
Violation
Alert Description
Source
GeoLocation
High
Block
/duow.asp
United States of
America (outdated)
High
Block
/index.php
United States of
America (outdated)
Medium
None
/forum/login.php
South Africa
(outdated)
High
Block
/cgi/mailafriend
United States of
America (outdated)
High
Block
/cgi/jump
United States of
America (outdated)
Medium
None
/index.php
United States of
America (outdated)
High
Block
/bin/get
Japan (outdated)
High
Block
/>
Lithuania (outdated)
High
Block
/feedback.php
United States of
America (outdated)
Low
None
/disk23/file.php
Japan (outdated)
Page 65
Num. Service
of
Events
4
Service Pagina Web
Application
HTTP Signature
Violation
11/26/2015
9:06:47 PM
11/26/2015
10:44:04 PM
11/26/2015
9:06:47 PM
11/26/2015
10:44:04 PM
HTTP Signature
Violation
11/26/2015
9:06:47 PM
11/26/2015
10:44:04 PM
HTTP Signature
Violation
11/26/2015
9:06:47 PM
11/26/2015
10:44:04 PM
HTTP Signature
Violation
11/26/2015
9:06:47 PM
11/26/2015
10:44:04 PM
HTTP Signature
Violation
11/26/2015
9:06:47 PM
11/26/2015
10:44:04 PM
HTTP Signature
Violation
11/26/2015
9:09:40 PM
11/26/2015
9:09:40 PM
HTTP Signature
Violation
11/26/2015
9:39:55 PM
11/26/2015
9:40:07 PM
App Conasec
Cookie Tampering
11/26/2015
10:36:27 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
10:36:27 PM
11/27/2015
5:30:08 AM
Custom Violation
Profile
Alert Description
Source
GeoLocation
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 3(+)
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 3(+)
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 3(+)
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 3(+)
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 3(+)
Distributed
Fullwidth/Halfwidth
Unicode Decoding
On URL/Parameter 3(+)
CVE-20113192:Apache_httpd_
Remote_Denial_of_S
ervice_ME
Cookie Tampering on
cookie
HstCmu1953962:
Expected
1445221643577,
Observed
1448603124255
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Low
None
/disk38/file.php
Japan (outdated)
Low
None
Low
None
Low
None
/disk18/file.php
Japan (outdated)
Low
None
/disk20/file.php
Japan (outdated)
Low
None
/disk14/file.php
Japan (outdated)
High
Block
/sites/default/files/rv
m-nro_023-2015-invgi.pdf
Peru (outdated)
Medium
Block
/index.php
Peru (outdated)
Medium
None
/disk18/file.php
Japan (outdated)
Medium
None
/judge/
United States of
America (outdated)
United States of
America (outdated)
Page 66
Num. Service
of
Events
1
Service Pagina Web
Application
Custom Violation
11/26/2015
10:36:27 PM
11/27/2015
5:30:08 AM
11/26/2015
10:36:27 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
10:36:27 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
10:36:27 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
10:36:27 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
10:36:27 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
10:36:27 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
10:36:27 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
10:36:27 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
10:36:27 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
10:52:55 PM
11/27/2015
5:27:22 AM
Custom Violation
11/26/2015
10:52:55 PM
11/27/2015
5:27:22 AM
Custom Violation
11/26/2015
10:52:55 PM
11/27/2015
5:27:22 AM
11/26/2015
10:52:55 PM
11/27/2015
5:27:22 AM
Alert Description
Source
GeoLocation
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Medium
None
France (outdated)
Medium
None
Medium
None
Medium
None
Medium
None
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed
Suspicious Response
Code
Distributed Bloqueo
CPanel
Medium
/contributor/211213/
name/capriorohinaldo
United States of
America (outdated)
United States of
America (outdated)
None
/cars/inventorylisting
/ajaxfetchsubsetinve
ntorylisting.action
/wpcontent/headlines/sh
op_cos_237.html
/cars-forsale/cars/newcars/bmw/328i
xdrive/
/used-car-finder
Medium
None
/members/index.php
France (outdated)
Medium
None
Medium
None
Medium
None
/api/user/login
France (outdated)
High
Block
Colombia (outdated)
Distributed Bloqueo
CPanel
High
Block
Custom Violation
Distributed Bloqueo
CPanel
High
Block
Custom Violation
Distributed Bloqueo
CPanel
High
Block
/sites/all/modules/ad
min_menu/admin_de
vel/admin_devel.js
/admin/archivos/180
62012111113_cuadr
o_consolidado_mayo
2012_pnp.pdf
/admin/archivos/151
02013151035_acta
resultado preliminar
proceso cas 247.pdf
/admin/archivos/060
12012170754_result
ado preliminar cas
132.pdf
France (outdated)
United States of
America (outdated)
United States of
America (outdated)
Germany (outdated)
Germany (outdated)
Germany (outdated)
Page 67
Num. Service
of
Events
1
Service Pagina Web
Application
Alert Description
Custom Violation
Distributed Bloqueo
CPanel
High
Block
Source
GeoLocation
11/26/2015
10:52:55 PM
11/27/2015
5:27:22 AM
11/26/2015
10:52:55 PM
11/27/2015
5:27:22 AM
Custom Violation
Distributed Bloqueo
CPanel
High
Block
11/26/2015
10:57:38 PM
11/26/2015
10:57:38 PM
Unknown HTTP
Request Method
High
Block
11/26/2015
10:57:38 PM
11/26/2015
10:57:38 PM
High
Block
/>
11/26/2015
10:57:38 PM
11/26/2015
10:57:38 PM
High
Block
11/26/2015
10:58:33 PM
11/26/2015
10:58:33 PM
11/27/2015
5:17:43 AM
11/27/2015
5:17:43 AM
Custom Violation
Low
None
/phpinfo.php
Custom Violation
Unknown HTTP
Request Method <hr
in URL
albumdl.comst&aacu
te; intentando
ingresar no
está
permitido, por favor
ingresar un
parámetro&n
bsp;
válido</>
Multiple Illegal Byte
Code Character in
Header Name from
88.119.250.36
Multiple Illegal Byte
Code Character in
Header Name from
88.119.250.36
Distributed HTML
Injection
Distributed HTML
Injection
Low
None
11/26/2015
10:58:33 PM
11/26/2015
10:58:33 PM
11/26/2015
10:58:33 PM
11/26/2015
10:58:33 PM
11/26/2015
10:58:33 PM
11/26/2015
10:58:33 PM
11/26/2015
11:07:56 PM
11/27/2015
5:17:43 AM
11/27/2015
5:17:43 AM
11/27/2015
5:17:43 AM
11/27/2015
5:17:43 AM
11/27/2015
5:17:43 AM
11/27/2015
5:17:43 AM
11/27/2015
5:24:16 AM
Custom Violation
Low
None
Custom Violation
Low
None
Custom Violation
Low
None
Custom Violation
Low
None
Custom Violation
Low
Custom Violation
16
Web Worm
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Distributed HTML
Injection
Web Worm from
190.213.144.152
Lithuania (outdated)
Lithuania (outdated)
Poland (outdated)
France (outdated)
None
/pergamumold/info.p
hp
/search/search_pd.as
p
/test/php/php_info.ph
p
/test.php
Low
None
/test
France (outdated)
High
Block
/cgi-bin/auth
Poland (outdated)
Poland (outdated)
France (outdated)
Page 68
Num. Service
of
Events
1
Service Pagina Web
Application
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
Alert Description
Source
GeoLocation
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed
Hazardous HTTP
request methods
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Distributed CVE2011-3368: Apache
Malformed URI
Medium
None
disqus.com:443
United States of
America (outdated)
Medium
None
www.google.com:44
3
United States of
America (outdated)
High
Block
www.google.com:44
3
United States of
America (outdated)
High
Block
twitter.com:443
Netherlands
(outdated)
High
Block
45.33.54.195:80
France (outdated)
High
Block
authserver.mojang.c
om:443
Croatia (outdated)
Medium
None
45.33.54.195:80
France (outdated)
Medium
None
twitter.com:443
Netherlands
(outdated)
Medium
None
www.bookryanair.co
m:443
Lithuania (outdated)
Medium
None
www.iFrance (outdated)
comparateur.com:80
Medium
None
m.bonton.com:443
United States of
America (outdated)
High
Block
disqus.com:443
United States of
America (outdated)
High
Block
www.iFrance (outdated)
comparateur.com:80
High
Block
members.blacked.co Netherlands
m:443
(outdated)
High
Block
www.paypal.com:44
3
Italy (outdated)
Page 69
Num. Service
of
Events
1
Service Pagina Web
Application
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:09:32 PM
11/27/2015
5:30:08 AM
Custom Violation
11/26/2015
11:52:33 PM
11/27/2015
5:30:08 AM
Protocol
11/26/2015
11:52:33 PM
11/27/2015
5:30:08 AM
Protocol
Alert Description
Source
GeoLocation
High
Block
45.33.54.195:80
Lithuania (outdated)
Medium
None
High
Block
45.33.54.195:80
Greece (outdated)
Medium
None
www.paypal.com:44
3
Italy (outdated)
High
Block
www.bookryanair.co
m:443
Lithuania (outdated)
Medium
None
members.blacked.co Netherlands
m:443
(outdated)
Medium
None
High
Block
m.bonton.com:443
High
Block
Medium
None
45.33.54.195:80
Lithuania (outdated)
Medium
None
authserver.mojang.c
om:443
Croatia (outdated)
Medium
None
45.33.54.195:80
Greece (outdated)
High
Block
High
Block
Colombia (outdated)
High
Block
Germany (outdated)
United States of
America (outdated)
Page 70
11/26/2015
11:52:33 PM
11/27/2015
5:30:08 AM
11/26/2015
11:58:27 PM
11/26/2015
11:58:27 PM
Num. Service
of
Events
2
Service Pagina Web
Application
App Conasec
Alert Description
Protocol
Block
Profile
Cookie Tampering
Distributed Illegal
High
Byte Code Character
in Method
Cookie Tampering on Medium
cookie
HstCmu1953962:
Expected
1444662050383,
Observed
1448600327852
Protocol
High
Block
Medium
None
www.google.pl:443
United States of
America (outdated)
Medium
None
www.google.pl:443
France (outdated)
High
Block
www.google.pl:443
United States of
America (outdated)
High
Block
www.google.pl:443
France (outdated)
High
Block
High
Block
s.yimg.com:443
United States of
America (outdated)
Medium
None
s.yimg.com:443
High
Block
United States of
America (outdated)
France (outdated)
Block
Source
GeoLocation
Australia (outdated)
11/26/2015
12:46:57 AM
Service Sigaweb
11/26/2015
12:52:21 AM
11/27/2015
12:10:28 AM
Service Sigaweb
App Sigaweb
Custom
Custom Violation
11/26/2015
12:52:21 AM
11/27/2015
12:10:28 AM
Service Sigaweb
App Sigaweb
Custom
Custom Violation
11/26/2015
12:52:21 AM
11/27/2015
12:10:28 AM
Service Sigaweb
App Sigaweb
Custom
Custom Violation
11/26/2015
12:52:21 AM
11/27/2015
12:10:28 AM
Service Sigaweb
App Sigaweb
Custom
Custom Violation
11/26/2015
3:30:44 AM
11/26/2015
7:05:08 AM
Service Sigaweb
Protocol
11/26/2015
4:24:14 AM
11/26/2015
9:12:32 PM
Service Sigaweb
App Sigaweb
Custom
Custom Violation
11/26/2015
4:24:14 AM
11/26/2015
4:32:51 AM
11/26/2015
9:12:32 PM
11/26/2015
8:30:18 AM
Service Sigaweb
App Sigaweb
Custom
Custom Violation
Service Sigaweb
Protocol
Netherlands
(outdated)
France (outdated)
Service:
Page 71
Num. Service
of
Events
2
Application
Alert Description
Source
GeoLocation
Firewall
SSL Untraceable
Connection
Multiple Untraceable
SSL Sessions from
201.240.112.33
(Protocol violation
(SSL_CONN_APPLICA
TION_DATA_EXCHAN
GE))
Multiple Untraceable
SSL Sessions from
190.238.13.186
(Protocol violation
(SSL_CONN_SERVER_
FINISH_RESUMED_SE
SSION))
Multiple Untraceable
SSL Sessions from
181.64.223.220
(Open Mode)
SSL Untraceable
Connection Protocol violation
(SSL_CONN_CLIENT_
HELLO)
Untraceable SSL
Sessions:
Unsupported Legacy
SSL Version
Untraceable SSL
Sessions: Protocol
violation
(SSL_CONN_SERVER_
FINISH_RESUMED_SE
SSION)
SSL Untraceable
Connection Protocol violation
(SSL_CONN_CLIENT_
HELLO)
Untraceable SSL
Sessions: Open Mode
Multiple Untraceable
SSL Sessions from
191.98.191.8
(Unsupported
Legacy SSL Version)
Informat None
ive
Peru (outdated)
Informat None
ive
Peru (outdated)
Informat None
ive
Peru (outdated)
Informat None
ive
Netherlands
(outdated)
Informat None
ive
Germany (outdated)
Informat None
ive
Peru (outdated)
Informat None
ive
Peru (outdated)
Informat None
ive
Informat None
ive
Peru (outdated)
11/26/2015
12:03:11 AM
11/26/2015
12:15:11 AM
11/26/2015
1:17:58 AM
11/26/2015
1:28:58 AM
Firewall
SSL Untraceable
Connection
11/26/2015
2:02:23 AM
11/26/2015
2:13:24 AM
Firewall
SSL Untraceable
Connection
11/26/2015
5:03:49 AM
11/26/2015
7:06:28 AM
Firewall
SSL Untraceable
Connection
11/26/2015
6:31:19 AM
11/26/2015
6:42:19 AM
Firewall
SSL Untraceable
Connection
11/26/2015
6:56:50 AM
11/27/2015
12:34:12 AM
100
Firewall
SSL Untraceable
Connection
11/26/2015
7:25:15 AM
11/26/2015
6:11:56 PM
Firewall
SSL Untraceable
Connection
11/26/2015
8:23:32 AM
11/26/2015
9:20:49 AM
11/26/2015
9:59:32 PM
11/26/2015
9:31:49 AM
59
Firewall
Firewall
SSL Untraceable
Connection
SSL Untraceable
Connection
Peru (outdated)
Page 72
Num. Service
of
Events
2
Application
Alert Description
Source
GeoLocation
Firewall
SSL Untraceable
Connection
SSL Untraceable
Connection Protocol violation
(SSL_CONN_APPLICA
TION_DATA_EXCHAN
GE)
Untraceable SSL
Sessions: Protocol
violation
(SSL_CONN_CLIENT_
HELLO)
Untraceable SSL
Sessions: Protocol
violation
(SSL_CONN_CLIENT_
HELLO)
SSL Untraceable
Connection Unknown SSL
Session
Untraceable SSL
Sessions:
Unsupported Legacy
SSL Version
Multiple Untraceable
SSL Sessions from
190.234.99.143
(Protocol violation
(SSL_CONN_CLIENT_
KEY_EXCHANGE))
Multiple Untraceable
SSL Sessions from
181.176.193.3
(Unsupported
Legacy SSL Version)
Multiple Untraceable
SSL Sessions from
190.42.17.123
(Unknown SSL
Session)
Untraceable SSL
Sessions: Open Mode
SSL Untraceable
Connection Unsupported Legacy
SSL Version
Informat None
ive
Peru (outdated)
Informat None
ive
Peru (outdated)
Informat None
ive
United States of
America (outdated)
Informat None
ive
Peru (outdated)
Informat None
ive
Peru (outdated)
Informat None
ive
Peru (outdated)
Informat None
ive
Peru (outdated)
Informat None
ive
Peru (outdated)
Informat None
ive
Informat None
ive
Ecuador (outdated)
11/26/2015
9:28:27 AM
11/26/2015
8:56:23 PM
11/26/2015
10:15:25 AM
11/26/2015
10:15:34 AM
Firewall
SSL Untraceable
Connection
11/26/2015
10:15:25 AM
11/26/2015
10:15:34 AM
Firewall
SSL Untraceable
Connection
11/26/2015
10:31:01 AM
11/26/2015
5:11:47 PM
Firewall
SSL Untraceable
Connection
11/26/2015
12:28:14 PM
11/26/2015
12:57:25 PM
Firewall
SSL Untraceable
Connection
11/26/2015
1:20:47 PM
11/26/2015
1:31:47 PM
Firewall
SSL Untraceable
Connection
11/26/2015
2:09:10 PM
11/26/2015
2:19:42 PM
Firewall
SSL Untraceable
Connection
11/26/2015
2:32:30 PM
11/26/2015
2:43:30 PM
Firewall
SSL Untraceable
Connection
11/26/2015
3:26:42 PM
11/26/2015
6:15:55 PM
11/26/2015
9:59:32 PM
11/26/2015
6:15:55 PM
Firewall
Firewall
SSL Untraceable
Connection
SSL Untraceable
Connection
Peru (outdated)
Page 73