Intrusion Exploit
Server: LiteSpeed
System: Linux cisadane.iixcp.rumahweb.net 5.14.0-427.42.1.el9_4.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Nov 1 14:58:02 EDT 2024 x86_64
User: lenf4658 (1805)
PHP: 8.4.19
Disabled: NONE
$ pwd: /home/lenf4658/tmp/awstats/ssl/
Upload Files
File: //home/lenf4658/tmp/awstats/ssl/awstats062025.hrisconnect.lensapedia.id.txt
AWSTATS DATA FILE 7.9 (build 20230108)
# If you remove this file, all statistics for date 202506 will be lost/reset.
# Last config file used to build this data file was /home/lenf4658/tmp/awstats/ssl/awstats.hrisconnect.lensapedia.id.conf.

# Position (offset in bytes) in this file for beginning of each section for
# direct I/O access. If you made changes somewhere in this file, you should
# also remove completely the MAP section (AWStats will rewrite it at next
# update).
BEGIN_MAP 28
POS_GENERAL 2060                
POS_TIME 2732                
POS_VISITOR 7784                
POS_DAY 8995                
POS_DOMAIN 3339                
POS_LOGIN 3635                
POS_ROBOT 3790                
POS_WORMS 4110                
POS_EMAILSENDER 4241                
POS_EMAILRECEIVER 4384                
POS_SESSION 9338                
POS_FILESIZE 9711                
POS_SIDER 9506                
POS_FILETYPES 4519                
POS_DOWNLOADS 4675                
POS_OS 4742                
POS_BROWSER 4895                
POS_SCREENSIZE 5222                
POS_UNKNOWNREFERER 5296                
POS_UNKNOWNREFERERBROWSER 5993                
POS_ORIGIN 6102                
POS_SEREFERRALS 6237                
POS_PAGEREFS 6381                
POS_SEARCHWORDS 6616                
POS_KEYWORDS 6768                
POS_MISC 2396                
POS_ERRORS 6827                
POS_CLUSTER 3491                
POS_SIDER_404 6951                
END_MAP

# LastLine    = Date of last record processed - Last record line number in last log - Last record offset in last log - Last record signature value
# FirstTime   = Date of first visit for history file
# LastTime    = Date of last visit for history file
# LastUpdate  = Date of last update - Nb of parsed records - Nb of parsed old records - Nb of parsed new records - Nb of parsed corrupted - Nb of parsed dropped
# TotalVisits = Number of visits
# TotalUnique = Number of unique visitors
# MonthHostsKnown   = Number of hosts known
# MonthHostsUnKnown = Number of hosts unknown
BEGIN_GENERAL 8
LastLine 20250701075146 1 0 12993639240061
FirstTime 20250601094159
LastTime 20250629181537
LastUpdate 20250701191513 1 0 0 0 0
TotalVisits 27                  
TotalUnique 27                  
MonthHostsKnown 0                   
MonthHostsUnknown 30                  
END_GENERAL

# Misc ID - Pages - Hits - Bandwidth
BEGIN_MISC 10
TotalMisc 0 0 0
JavascriptDisabled 0 0 0
JavaEnabled 0 0 0
FlashSupport 0 0 0
DirectorSupport 0 0 0
PDFSupport 0 0 0
QuickTimeSupport 0 0 0
AddToFavourites 0 3 0
WindowsMediaPlayerSupport 0 0 0
RealPlayerSupport 0 0 0
END_MISC

# Hour - Pages - Hits - Bandwidth - Not viewed Pages - Not viewed Hits - Not viewed Bandwidth
BEGIN_TIME 24
0 0 0 0 8 10 95610
1 32 70 1032721 20 25 17408
2 2 4 103086 2 2 812
3 0 0 0 0 0 0
4 2 4 103086 3 4 1246
5 2 4 103166 3 4 1056
6 3 5 112103 28 29 55824
7 7 33 465195 20 28 447403
8 0 0 0 0 0 0
9 2 4 18984 4 5 3122
10 0 0 0 0 0 0
11 1 2 9497 12 15 154597
12 0 0 0 0 0 0
13 1 2 9492 2 2 428
14 2 4 103166 7 9 132120
15 1 2 9495 2 2 428
16 0 0 0 0 0 0
17 0 0 0 3 3 9366
18 11 47 589457 15 20 29947
19 0 0 0 0 0 0
20 0 0 0 0 0 0
21 0 0 0 1 2 7255
22 0 0 0 5 5 45160
23 0 0 0 7 7 14335
END_TIME

# Domain - Pages - Hits - Bandwidth
# The 25 first Pages must be first (order not required for others)
BEGIN_DOMAIN 6
id 35 87 1120768
us 27 79 1346652
eu 1 2 9497
ru 1 1 8936
se 1 1 7511
ie 1 11 166060
END_DOMAIN

# Cluster ID - Pages - Hits - Bandwidth
BEGIN_CLUSTER 0
END_CLUSTER

# Login - Pages - Hits - Bandwidth - Last visit
# The 10 first Pages must be first (order not required for others)
BEGIN_LOGIN 0
END_LOGIN

# Robot ID - Hits - Bandwidth - Last visit - Hits on robots.txt
# The 25 first Hits must be first (order not required for others)
BEGIN_ROBOT 5
facebookexternalhit/ 25 723095 20250629181520 9
bitlybot 5 26850 20250629181514 2
Googlebot/ 4 96 20250629181309 4
no_user_agent 3 130456 20250630143439 0
checker 2 17883 20250623233344 0
END_ROBOT

# Worm ID - Hits - Bandwidth - Last visit
# The 5 first Hits must be first (order not required for others)
BEGIN_WORMS 0
END_WORMS

# EMail - Hits - Bandwidth - Last visit
# The 20 first Hits must be first (order not required for others)
BEGIN_EMAILSENDER 0
END_EMAILSENDER

# EMail - Hits - Bandwidth - Last visit
# The 20 first hits must be first (order not required for others)
BEGIN_EMAILRECEIVER 0
END_EMAILRECEIVER

# Files type - Hits - Bandwidth - Bandwidth without compression - Bandwidth after compression
BEGIN_FILETYPES 5
Unknown 65 899736 0 0
css 27 257967 0 0
svg 38 85492 0 0
map 1 149549 0 0
js 50 1266680 0 0
END_FILETYPES

# Downloads - Hits - Bandwidth
BEGIN_DOWNLOADS 1
/robots.txt 0 1 24
END_DOWNLOADS

# OS ID - Hits
BEGIN_OS ID - Hits - Pages 7
macosx15 41 26
android 32 8
Unknown 7 3
win10 44 6
win7 30 13
linux 16 9
android13 11 1
END_OS

# Browser ID - Hits - Pages
BEGIN_BROWSER 14
chrome136.0.7103.125 11 1
mozilla 2 1
safari5.0.4 24 12
chrome137.0.0.0 62 33
firefox137.0 6 3
firefox124.0 1 1
chrome117.0.5938.132 10 1
Unknown 2 2
chrome137.0.7151.112 32 8
samsung 3 0
chrome79.0.3945.79 10 1
chrome136.0.0.0 11 1
chrome83.0.4103.61 6 1
chrome117.0.0.0 1 1
END_BROWSER

# Screen size - Hits
BEGIN_SCREENSIZE 0
END_SCREENSIZE

# Unknown referer OS - Last visit date
BEGIN_UNKNOWNREFERER 4
[FBAN/FB4A;FBAV/515.1.0.62.90;FBBV/741281281;FBDM/{density=1.875,width=720,height=1452};FBLC/id_Qaau_ID;FBRV/0;FBCR/Telkomsel;FBMF/samsung;FBBD/samsung;FBPN/com.facebook.katana;FBDV/SM-A225F;FBSV/13;FBOP/1;FBCA/arm64-v8a:;] 20250605071016
Mozilla/5.0_(compatible;_InternetMeasurement/1.0;__https://internet-measurement.com/) 20250601094202
[FBAN/FB4A;FBAV/518.0.0.63.86;FBBV/750617326;FBDM/{density=3.0,width=1080,height=2168};FBLC/en_Qaau_US;FBRV/0;FBCR/INDOSATOOREDOO;FBMF/samsung;FBBD/samsung;FBPN/com.facebook.katana;FBDV/SM-A525F;FBSV/14;FBOP/1;FBCA/arm64-v8a:;] 20250629181533
GoogleOther 20250629181431
END_UNKNOWNREFERER

# Unknown referer Browser - Last visit date
BEGIN_UNKNOWNREFERERBROWSER 1
GoogleOther 20250629181431
END_UNKNOWNREFERERBROWSER

# Origin - Pages - Hits 
BEGIN_ORIGIN 6
From0 23 29
From1 0 3
From2 0 0
From3 5 5
From4 38 144
From5 0 0
END_ORIGIN

# Search engine referers ID - Pages - Hits
BEGIN_SEREFERRALS 0
END_SEREFERRALS

# External page referers - Pages - Hits
# The 25 first Pages must be first (order not required for others)
BEGIN_PAGEREFS 3
https://lm.facebook.com 3 3
https://bit.ly/hris-connect 1 1
https://l.facebook.com 1 1
END_PAGEREFS

# Search keyphrases - Number of search
# The 10 first number of search must be first (order not required for others)
BEGIN_SEARCHWORDS 0
END_SEARCHWORDS

# Search keywords - Number of search
# The 25 first number of search must be first (order not required for others)
BEGIN_KEYWORDS 0
END_KEYWORDS

# Errors - Hits - Bandwidth
BEGIN_ERRORS 4
302 90 22998
403 6 7452
404 32 85697
301 2 1590
END_ERRORS

# URL with 404 errors - Hits - Last URL referrer
BEGIN_SIDER_404 17
/wp/wp-admin/install.php 2 -
/app/blog/wp-includes/wlwmanifest.xml 1 -
/wp-admin/css 2 binance.com
/WordPress/wp-admin/install.php 2 -
/ads.txt 3 -
/backup/wp-admin/install.php 2 -
/lama/wp-admin/install.php 2 -
/WORDPRESS/wp-admin/install.php 2 -
/baru/wp-admin/install.php 2 -
/WP/wp-admin/install.php 2 -
/wordpress/wp-admin/install.php 2 -
/new/wp-admin/install.php 2 -
/app/wp-includes/wlwmanifest.xml 1 -
/app/xmlrpc.php 1 -
/wp-admin/install.php 2 -
/old/wp-admin/install.php 2 -
/Wordpress/wp-admin/install.php 2 -
END_SIDER_404

# Host - Pages - Hits - Bandwidth - Last visit date - [Start date of last visit] - [Last page of last visit]
# [Start date of last visit] and [Last page of last visit] are saved only if session is not finished
# The 25 first Hits must be first (order not required for others)
BEGIN_VISITOR 30
182.2.164.200 26 41 544896 20250615015825
111.95.120.220 8 33 406388 20250629181537
108.136.120.72 2 4 103166 20250625140030
108.137.11.123 2 4 103166 20250622062303
205.169.39.196 2 16 299740 20250622014618
16.78.74.33 2 4 103166 20250607073408
108.137.78.207 2 4 103166 20250612050755
108.136.51.64 2 4 103086 20250623020203
108.137.89.65 2 4 103086 20250606041346
31.13.127.114 1 8 139462 20250605071029
143.110.151.218 1 2 9494 20250612092305
193.138.218.215 1 1 7511 20250622014615
66.249.73.102 1 1 7512 20250605071015
159.223.238.169 1 2 9497 20250626115347
185.247.137.250 1 1 8936 20250601094159
154.28.229.158 1 1 7513 20250622014448
68.183.148.182 1 2 9492 20250622132817
178.62.219.225 1 2 9497 20250613183609
182.2.77.228 1 13 169484 20250605071011
68.183.206.3 1 2 9486 20250626073253
164.92.133.27 1 2 9495 20250624152433
159.65.51.249 1 2 9487 20250624071352
205.169.39.44 1 10 165565 20250622014554
198.54.135.126 1 1 7472 20250622014622
44.242.147.60 1 1 8937 20250625064753
45.55.153.86 0 1 554 
31.13.127.1 0 1 764 
31.13.127.11 0 2 25834 
66.249.71.169 1 1 7509 20250629181431
173.252.87.1 1 11 166063 20250629180810
END_VISITOR

# Date - Pages - Hits - Bandwidth - Visits
BEGIN_DAY 13
20250601 1 2 9490 1
20250605 3 25 343056 3
20250606 2 4 103086 1
20250607 2 4 103166 1
20250612 3 6 112660 2
20250613 1 2 9497 1
20250615 26 41 544896 1
20250622 9 35 600459 7
20250623 2 4 103086 1
20250624 2 4 18982 2
20250625 3 5 112103 2
20250626 2 4 18983 2
20250629 10 45 579960 3
END_DAY

# Session range - Number of visits
BEGIN_SESSION 3
0s-30s 25
2mn-5mn 1
5mn-15mn 1
END_SESSION

# URL - Pages - Bandwidth - Entry - Exit
# The 25 first Pages must be first (order not required for others)
BEGIN_SIDER 5
/app/login 30 454048 27 20
/livewire/update 19 53854 0 0
/app 8 68670 0 0
/app/register 8 323164 0 6
/livewire/livewire.min.js.map 1 149549 0 1
END_SIDER

# Payload Range - Payload Frequency
BEGIN_FILESIZE 6
500-1K 20
2K-5K 59
0-44 19
5K+ 135
100-500 100
1K-2K 20
END_FILESIZE
@ Telegram