32 lines
9.8 KiB
JSON
32 lines
9.8 KiB
JSON
{"timestamp": "2026-04-07 19:48:29", "decky": "decky-webmail", "service": "smtp", "event_type": "startup", "attacker_ip": "Unknown", "raw_line": "<134>1 2026-04-07T19:48:29.520153+00:00 decky-webmail smtp - startup - SMTP server starting as decky-webmail"}
|
|
{"timestamp": "2026-04-07 19:48:29", "decky": "decky-webmail", "service": "imap", "event_type": "startup", "attacker_ip": "Unknown", "raw_line": "<134>1 2026-04-07T19:48:29.525953+00:00 decky-webmail imap - startup - IMAP server starting as decky-webmail"}
|
|
{"timestamp": "2026-04-07 19:48:29", "decky": "decky-webmail", "service": "pop3", "event_type": "startup", "attacker_ip": "Unknown", "raw_line": "<134>1 2026-04-07T19:48:29.531525+00:00 decky-webmail pop3 - startup - POP3 server starting as decky-webmail"}
|
|
{"timestamp": "2026-04-07 19:48:29", "decky": "decky-webmail", "service": "http", "event_type": "startup", "attacker_ip": "Unknown", "raw_line": "<134>1 2026-04-07T19:48:29.562070+00:00 decky-webmail http - startup - HTTP server starting as decky-webmail"}
|
|
{"timestamp": "2026-04-07 19:53:05", "decky": "decky-webmail", "service": "pop3", "event_type": "connect", "attacker_ip": "192.168.1.5", "raw_line": "<134>1 2026-04-07T19:53:05.202133+00:00 decky-webmail pop3 - connect [decnet@55555 src=\"192.168.1.5\" src_port=\"56394\"]"}
|
|
{"timestamp": "2026-04-07 19:53:05", "decky": "decky-webmail", "service": "smtp", "event_type": "connect", "attacker_ip": "192.168.1.5", "raw_line": "<134>1 2026-04-07T19:53:05.202095+00:00 decky-webmail smtp - connect [decnet@55555 src=\"192.168.1.5\" src_port=\"44836\"]"}
|
|
{"timestamp": "2026-04-07 19:53:05", "decky": "decky-webmail", "service": "imap", "event_type": "connect", "attacker_ip": "192.168.1.5", "raw_line": "<134>1 2026-04-07T19:53:05.202120+00:00 decky-webmail imap - connect [decnet@55555 src=\"192.168.1.5\" src_port=\"49892\"]"}
|
|
{"timestamp": "2026-04-07 19:53:05", "decky": "decky-webmail", "service": "smtp", "event_type": "disconnect", "attacker_ip": "192.168.1.5", "raw_line": "<134>1 2026-04-07T19:53:05.204537+00:00 decky-webmail smtp - disconnect [decnet@55555 src=\"192.168.1.5\"]"}
|
|
{"timestamp": "2026-04-07 19:53:11", "decky": "decky-webmail", "service": "imap", "event_type": "command", "attacker_ip": "192.168.1.5", "raw_line": "<134>1 2026-04-07T19:53:11.208384+00:00 decky-webmail imap - command [decnet@55555 src=\"192.168.1.5\" cmd=\"GET / HTTP/1.0\"]"}
|
|
{"timestamp": "2026-04-07 19:53:11", "decky": "decky-webmail", "service": "pop3", "event_type": "command", "attacker_ip": "192.168.1.5", "raw_line": "<134>1 2026-04-07T19:53:11.208384+00:00 decky-webmail pop3 - command [decnet@55555 src=\"192.168.1.5\" cmd=\"\"]"}
|
|
{"timestamp": "2026-04-07 19:53:11", "decky": "decky-webmail", "service": "pop3", "event_type": "command", "attacker_ip": "192.168.1.5", "raw_line": "<134>1 2026-04-07T19:53:11.208646+00:00 decky-webmail pop3 - command [decnet@55555 src=\"192.168.1.5\" cmd=\"\"]"}
|
|
{"timestamp": "2026-04-07 19:53:11", "decky": "decky-webmail", "service": "http", "event_type": "request", "attacker_ip": "Unknown", "raw_line": "<134>1 2026-04-07T19:53:11.208787+00:00 decky-webmail http - request [decnet@55555 method=\"GET\" path=\"/\" remote_addr=\"192.168.1.5\" headers=\"{}\" body=\"\"]"}
|
|
{"timestamp": "2026-04-07 19:53:16", "decky": "decky-webmail", "service": "pop3", "event_type": "disconnect", "attacker_ip": "192.168.1.5", "raw_line": "<134>1 2026-04-07T19:53:16.213731+00:00 decky-webmail pop3 - disconnect [decnet@55555 src=\"192.168.1.5\"]"}
|
|
{"timestamp": "2026-04-07 19:53:16", "decky": "decky-webmail", "service": "imap", "event_type": "disconnect", "attacker_ip": "192.168.1.5", "raw_line": "<134>1 2026-04-07T19:53:16.213827+00:00 decky-webmail imap - disconnect [decnet@55555 src=\"192.168.1.5\"]"}
|
|
{"timestamp": "2026-04-07 19:53:16", "decky": "decky-webmail", "service": "pop3", "event_type": "connect", "attacker_ip": "192.168.1.5", "raw_line": "<134>1 2026-04-07T19:53:16.214094+00:00 decky-webmail pop3 - connect [decnet@55555 src=\"192.168.1.5\" src_port=\"51296\"]"}
|
|
{"timestamp": "2026-04-07 19:53:16", "decky": "decky-webmail", "service": "imap", "event_type": "connect", "attacker_ip": "192.168.1.5", "raw_line": "<134>1 2026-04-07T19:53:16.214133+00:00 decky-webmail imap - connect [decnet@55555 src=\"192.168.1.5\" src_port=\"50426\"]"}
|
|
{"timestamp": "2026-04-07 19:53:16", "decky": "decky-webmail", "service": "pop3", "event_type": "command", "attacker_ip": "192.168.1.5", "raw_line": "<134>1 2026-04-07T19:53:16.214228+00:00 decky-webmail pop3 - command [decnet@55555 src=\"192.168.1.5\" cmd=\"OPTIONS / HTTP/1.0\"]"}
|
|
{"timestamp": "2026-04-07 19:53:16", "decky": "decky-webmail", "service": "pop3", "event_type": "command", "attacker_ip": "192.168.1.5", "raw_line": "<134>1 2026-04-07T19:53:16.214301+00:00 decky-webmail pop3 - command [decnet@55555 src=\"192.168.1.5\" cmd=\"\"]"}
|
|
{"timestamp": "2026-04-07 19:53:21", "decky": "decky-webmail", "service": "imap", "event_type": "disconnect", "attacker_ip": "192.168.1.5", "raw_line": "<134>1 2026-04-07T19:53:21.219340+00:00 decky-webmail imap - disconnect [decnet@55555 src=\"192.168.1.5\"]"}
|
|
{"timestamp": "2026-04-07 19:53:21", "decky": "decky-webmail", "service": "pop3", "event_type": "disconnect", "attacker_ip": "192.168.1.5", "raw_line": "<134>1 2026-04-07T19:53:21.219334+00:00 decky-webmail pop3 - disconnect [decnet@55555 src=\"192.168.1.5\"]"}
|
|
{"timestamp": "2026-04-07 19:53:21", "decky": "decky-webmail", "service": "http", "event_type": "request", "attacker_ip": "Unknown", "raw_line": "<134>1 2026-04-07T19:53:21.222956+00:00 decky-webmail http - request [decnet@55555 method=\"GET\" path=\"/\" remote_addr=\"192.168.1.5\" headers=\"{}\" body=\"\"]"}
|
|
{"timestamp": "2026-04-07 19:53:21", "decky": "decky-webmail", "service": "http", "event_type": "request", "attacker_ip": "Unknown", "raw_line": "<134>1 2026-04-07T19:53:21.223266+00:00 decky-webmail http - request [decnet@55555 method=\"POST\" path=\"/sdk\" remote_addr=\"192.168.1.5\" headers=\"{'Host': '192.168.1.110', 'Connection': 'close', 'Content-Length': '441', 'User-Agent': 'Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)'}\" body=\"<soap:Envelope xmlns:xsd=\\\"http://www.w3.org/2001/XMLSchema\\\" xmlns:xsi=\\\"http://www.w3.org/2001/XMLSchema-instance\\\" xmlns:soap=\\\"http://schemas.xmlsoap.org/soap/envelope/\\\"><soap:Header><operationID>00000001-00000001</operationID></soap:Header><soap:Body><RetrieveServiceContent xmlns=\\\"urn:internalvim25\\\"><_this xsi:type=\\\"ManagedObjectReference\\\" type=\\\"ServiceInstance\\\">ServiceInstance</_this></RetrieveServiceContent></soap:Body></soap:Envelope>\"]"}
|
|
{"timestamp": "2026-04-07 19:53:21", "decky": "decky-webmail", "service": "http", "event_type": "request", "attacker_ip": "Unknown", "raw_line": "<134>1 2026-04-07T19:53:21.223437+00:00 decky-webmail http - request [decnet@55555 method=\"GET\" path=\"/nmaplowercheck1775591601\" remote_addr=\"192.168.1.5\" headers=\"{'Host': '192.168.1.110', 'Connection': 'close', 'User-Agent': 'Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)'}\" body=\"\"]"}
|
|
{"timestamp": "2026-04-07 19:53:21", "decky": "decky-webmail", "service": "http", "event_type": "request", "attacker_ip": "Unknown", "raw_line": "<134>1 2026-04-07T19:53:21.224651+00:00 decky-webmail http - request [decnet@55555 method=\"GET\" path=\"/NmapUpperCheck1775591601\" remote_addr=\"192.168.1.5\" headers=\"{'Host': '192.168.1.110', 'Connection': 'close', 'User-Agent': 'Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)'}\" body=\"\"]"}
|
|
{"timestamp": "2026-04-07 19:53:21", "decky": "decky-webmail", "service": "http", "event_type": "request", "attacker_ip": "Unknown", "raw_line": "<134>1 2026-04-07T19:53:21.225177+00:00 decky-webmail http - request [decnet@55555 method=\"GET\" path=\"/Nmap/folder/check1775591601\" remote_addr=\"192.168.1.5\" headers=\"{'Host': '192.168.1.110', 'Connection': 'close', 'User-Agent': 'Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)'}\" body=\"\"]"}
|
|
{"timestamp": "2026-04-07 19:53:21", "decky": "decky-webmail", "service": "http", "event_type": "request", "attacker_ip": "Unknown", "raw_line": "<134>1 2026-04-07T19:53:21.225909+00:00 decky-webmail http - request [decnet@55555 method=\"GET\" path=\"/\" remote_addr=\"192.168.1.5\" headers=\"{}\" body=\"\"]"}
|
|
{"timestamp": "2026-04-07 19:53:21", "decky": "decky-webmail", "service": "http", "event_type": "request", "attacker_ip": "Unknown", "raw_line": "<134>1 2026-04-07T19:53:21.226287+00:00 decky-webmail http - request [decnet@55555 method=\"GET\" path=\"/\" remote_addr=\"192.168.1.5\" headers=\"{'Host': '192.168.1.110'}\" body=\"\"]"}
|
|
{"timestamp": "2026-04-07 20:24:03", "decky": "decky-webmail", "service": "smtp", "event_type": "startup", "attacker_ip": "Unknown", "fields": "{}", "msg": "SMTP server starting as decky-webmail", "raw_line": "<134>1 2026-04-07T20:24:03.279897+00:00 decky-webmail smtp - startup - SMTP server starting as decky-webmail"}
|
|
{"timestamp": "2026-04-07 20:24:03", "decky": "decky-webmail", "service": "imap", "event_type": "startup", "attacker_ip": "Unknown", "fields": "{}", "msg": "IMAP server starting as decky-webmail", "raw_line": "<134>1 2026-04-07T20:24:03.279954+00:00 decky-webmail imap - startup - IMAP server starting as decky-webmail"}
|
|
{"timestamp": "2026-04-07 20:24:03", "decky": "decky-webmail", "service": "pop3", "event_type": "startup", "attacker_ip": "Unknown", "fields": "{}", "msg": "POP3 server starting as decky-webmail", "raw_line": "<134>1 2026-04-07T20:24:03.283256+00:00 decky-webmail pop3 - startup - POP3 server starting as decky-webmail"}
|
|
{"timestamp": "2026-04-07 20:24:03", "decky": "decky-webmail", "service": "http", "event_type": "startup", "attacker_ip": "Unknown", "fields": "{}", "msg": "HTTP server starting as decky-webmail", "raw_line": "<134>1 2026-04-07T20:24:03.297543+00:00 decky-webmail http - startup - HTTP server starting as decky-webmail"}
|