Vous êtes sur la page 1sur 1

REPORTE-detallado de amenazas

PA-5020 : 2017/08/16 22:56:32 - 2017/09/15 22:56:31


Severity Action Source address Source Host Name Destination address Destination Host Name Application Threat/Content Name ID Count
low alert 52.174.255.96 52.174.255.96 190.81.124.68 190.81.124.68 ms-rdp Ncrack RDP scan 36266 3.77 k
alert 52.174.255.96 52.174.255.96 190.81.124.70 190.81.124.70 ms-rdp Ncrack RDP scan 36266 2.70 k
alert 52.174.255.96 52.174.255.96 190.81.124.75 190.81.124.75 ms-rdp Ncrack RDP scan 36266 2.52 k
alert 52.174.255.96 52.174.255.96 190.81.124.66 190.81.124.66 ms-rdp Ncrack RDP scan 36266 2.48 k
alert 201.220.70.113 adsl-pool2-113.metrotel.net.co 190.81.124.68 190.81.124.68 ms-rdp Ncrack RDP scan 36266 1.59 k
alert 37.49.226.110 37.49.226.110 190.81.124.42 190.81.124.42 ms-rdp Ncrack RDP scan 36266 1.50 k
alert 37.49.226.110 37.49.226.110 190.81.124.72 190.81.124.72 ms-rdp Ncrack RDP scan 36266 1.49 k
alert 37.49.226.110 37.49.226.110 190.81.124.73 190.81.124.73 ms-rdp Ncrack RDP scan 36266 1.45 k
alert 37.49.226.110 37.49.226.110 190.81.124.75 190.81.124.75 ms-rdp Ncrack RDP scan 36266 1.45 k
alert 37.49.226.110 37.49.226.110 190.81.124.66 190.81.124.66 ms-rdp Ncrack RDP scan 36266 1.45 k
critical reset-both 5.188.10.250 5.188.10.250 190.81.124.68 190.81.124.68 web-browsing Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability 34221 960
reset-both 5.188.10.250 5.188.10.250 190.81.124.66 190.81.124.66 web-browsing Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability 34221 939
reset-both 5.188.10.250 5.188.10.250 190.81.124.76 190.81.124.76 web-browsing Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability 34221 642
reset-both 5.188.10.250 5.188.10.250 190.81.124.74 190.81.124.74 web-browsing Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability 34221 358
reset-both 5.188.10.250 5.188.10.250 190.81.124.72 190.81.124.72 web-browsing Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability 34221 340
reset-both 5.188.10.250 5.188.10.250 190.81.124.43 190.81.124.43 web-browsing Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability 34221 335
reset-both 5.188.10.250 5.188.10.250 190.81.124.67 190.81.124.67 web-browsing Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability 34221 320
reset-both 5.188.10.250 5.188.10.250 190.81.124.41 190.81.124.41 web-browsing Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability 34221 320
reset-both 5.188.10.250 5.188.10.250 190.81.124.75 190.81.124.75 web-browsing Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability 34221 320
reset-both 5.188.10.250 5.188.10.250 190.81.124.42 190.81.124.42 web-browsing Apache Struts Jakarta Multipart Parser Remote Code Execution Vulnerability 34221 320
medium reset-both 94.177.216.229 94.177.216.229 190.81.124.76 190.81.124.76 web-browsing HTTP SQL Injection Attempt 30514 507
reset-both 178.17.170.195 178.17.170.195 190.81.124.76 190.81.124.76 web-browsing HTTP SQL Injection Attempt 30514 167
reset-both 94.177.216.229 94.177.216.229 190.81.124.76 190.81.124.76 web-browsing HTTP SQL Injection Attempt 36241 56
reset-both 178.17.170.195 178.17.170.195 190.81.124.76 190.81.124.76 web-browsing HTTP SQL Injection Attempt 36241 56
reset-both 217.64.113.211 217.64.113.211 190.81.124.69 190.81.124.69 web-browsing HTTP SQL Injection Attempt 38195 53
reset-both 178.17.170.195 178.17.170.195 190.81.124.76 190.81.124.76 web-browsing HTTP SQL Injection Attempt 38195 44
reset-both 94.177.216.229 94.177.216.229 190.81.124.76 190.81.124.76 web-browsing HTTP SQL Injection Attempt 38195 44
reset-both 178.17.170.195 178.17.170.195 190.81.124.76 190.81.124.76 web-browsing HTTP SQL Injection Attempt 36242 28
reset-both 185.189.113.187 185.189.113.187 190.81.124.69 190.81.124.69 web-browsing PHP CGI Query String Parameter Handling Information Disclosure and DoS Vulnerability 34804 28
reset-both 94.177.216.229 94.177.216.229 190.81.124.76 190.81.124.76 web-browsing HTTP SQL Injection Attempt 36242 28
informational alert 216.244.143.111 216.244.143.111 190.81.124.46 190.81.124.46 web-browsing HTTP OPTIONS Method 30520 400
alert 190.81.124.66 190.81.124.66 180.97.106.39 180.97.106.39 unknown-tcp Suspicious HTTP Response Found 39825 20
alert 216.244.147.44 216.244.147.44 190.81.124.68 190.81.124.68 web-browsing HTTP OPTIONS Method 30520 16
alert 190.81.124.66 190.81.124.66 199.48.164.78 199.48.164.78 unknown-tcp Suspicious HTTP Response Found 39825 11
alert 190.81.124.66 190.81.124.66 46.17.46.239 46.17.46.239 unknown-tcp Suspicious HTTP Response Found 39825 11
alert 190.81.124.66 190.81.124.66 66.228.37.243 66.228.37.243 unknown-tcp Suspicious HTTP Response Found 39825 8
alert 190.81.124.66 190.81.124.66 180.97.106.164 180.97.106.164 unknown-tcp Suspicious HTTP Response Found 39825 8
alert 190.81.124.77 190.81.124.77 45.63.56.119 45.63.56.119 unknown-tcp Suspicious HTTP Response Found 39825 8
alert 190.81.124.72 190.81.124.72 45.63.56.119 45.63.56.119 unknown-tcp Suspicious HTTP Response Found 39825 8
alert 190.81.124.66 190.81.124.66 46.17.46.213 46.17.46.213 unknown-tcp Suspicious HTTP Response Found 39825 6
high reset-both 217.64.113.211 217.64.113.211 190.81.124.69 190.81.124.69 web-browsing HTTP /etc/passwd Access Attempt 30852 44
reset-both 122.155.84.251 122.155.84.251 190.81.124.71 190.81.124.71 ssh SSH User Authentication Brute Force Attempt 40015 32
reset-both 185.189.113.187 185.189.113.187 190.81.124.69 190.81.124.69 web-browsing Novell GroupWise Messenger Accept Language Header Overflow Vulnerability 30147 25
reset-both 217.64.113.211 217.64.113.211 190.81.124.69 190.81.124.69 web-browsing Microsoft Windows win.ini access attempt 30851 16
reset-both 223.104.9.203 223.104.9.203 190.81.124.68 190.81.124.68 web-browsing ManageEngine Products Directory Traversal Remote File Access Vulnerability 37854 14
reset-both 185.189.113.187 185.189.113.187 190.81.124.69 190.81.124.69 web-browsing Generic HTTP Cross Site Scripting Attempt 31477 12
reset-both 217.64.113.211 217.64.113.211 190.81.124.69 190.81.124.69 web-browsing Generic HTTP Cross Site Scripting Attempt 31477 12
reset-both 115.28.38.250 115.28.38.250 190.81.124.74 190.81.124.74 web-browsing HTTP /etc/passwd access attempt 35107 6
reset-both 124.172.232.49 124.172.232.49 190.81.124.42 190.81.124.42 web-browsing HTTP /etc/passwd access attempt 35107 6
reset-both 115.28.38.250 115.28.38.250 190.81.124.75 190.81.124.75 web-browsing HTTP /etc/passwd access attempt 35107 6

http://www.paloaltonetworks.com

Vous aimerez peut-être aussi