Sklurk
|
|
Web App Attack
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:212620) triggered by 1.168.130.8 (1-168-130-8.dynamic-ip.hinet.net): ... show more(mod_security) mod_security (id:212620) triggered by 1.168.130.8 (1-168-130-8.dynamic-ip.hinet.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 10 07:20:55.117533 2024] [security2:error] [pid 19741:tid 19741] [client 1.168.130.8:55430] [client 1.168.130.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||cs-mall.com|F|2"] [data "Matched Data: <script found within REQUEST_URI: /category.php?cat=\\x22><script>alert(string.fromcharcode(88,83,83))</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "cs-mall.com"] [uri "/category.php"] [unique_id "ZuArlwy_-XbAH8hfpqshiAAAABM"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
evlhomer
|
|
Web App Attack
|
Web App Attack
|
|
Tonga-Soa
|
|
"Inject SQL SELECT ... etc/passwd..."
|
Hacking
SQL Injection
|
|
Anonymous
|
|
| Multiple SQL injection attempts from same source ip.(multiple servers)
|
Hacking
SQL Injection
Web App Attack
|
|
Information Security
|
|
Web App Attack
|
Web App Attack
|
|
london2038.com
|
|
Probing for exploits
1.168.130.8 - - [09/Sep/2024:10:13:18 +0200] "GET /index.php?title=Catego ... show moreProbing for exploits
1.168.130.8 - - [09/Sep/2024:10:13:18 +0200] "GET /index.php?title=Category:Unique_Items&pageuntil=Wolverine%20and%201%3d2 HTTP/1.1" 422 0 "-" "BaiduSpider"
1.168.130.8 - - [09/Sep/2024:10:13:21 +0200] "GET /index.php?title=Category:Unique_Items&pageuntil=Wolverine%20and%201%3d1 HTTP/1.1" 422 0 "-" "BaiduSpider" show less
|
Hacking
Web App Attack
|
|
Sklurk
|
|
Web App Attack
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:212620) triggered by 1.168.130.8 (1-168-130-8.dynamic-ip.hinet.net): ... show more(mod_security) mod_security (id:212620) triggered by 1.168.130.8 (1-168-130-8.dynamic-ip.hinet.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 08 21:57:41.534837 2024] [security2:error] [pid 26335:tid 26335] [client 1.168.130.8:58141] [client 1.168.130.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "3"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||www.kountz.org|F|2"] [data "Matched Data: <script found within REQUEST_URI: /getperson.php?personid=\\x22><script>alert(string.fromcharcode(88,83,83))</script>&tree=kountz&sitever=standard"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.kountz.org"] [uri "/getperson.php"] [unique_id "Zt5WFSbi41UZ5b7UNqF--gAAABM"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
sql injection
|
Web App Attack
|
|
Anonymous
|
|
sql injection
|
Web App Attack
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_MODSEC
|
Brute-Force
SSH
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:212620) triggered by 1.168.130.8 (1-168-130-8.dynamic-ip.hinet.net): ... show more(mod_security) mod_security (id:212620) triggered by 1.168.130.8 (1-168-130-8.dynamic-ip.hinet.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 07 21:21:03.156692 2024] [security2:error] [pid 11071:tid 11071] [client 1.168.130.8:64103] [client 1.168.130.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||listgene.com|F|2"] [data "Matched Data: <script found within REQUEST_URI: /burgos/pgm/liste.php?codepage=\\x22><script>alert(string.fromcharcode(88,83,83))</script>&l=evaua&ls=evaub"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "listgene.com"] [uri "/burgos/pgm/liste.php"] [unique_id "Ztz7_6IP7xPlLFFs6qSqxwAAAAE"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:212620) triggered by 1.168.130.8 (1-168-130-8.dynamic-ip.hinet.net): ... show more(mod_security) mod_security (id:212620) triggered by 1.168.130.8 (1-168-130-8.dynamic-ip.hinet.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 07 20:00:08.310359 2024] [security2:error] [pid 7523:tid 7523] [client 1.168.130.8:52068] [client 1.168.130.8] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||www.3905ccn.org|F|2"] [data "Matched Data: <script found within REQUEST_URI: /maintnetinstance.php?netid=7&netdateutc=\\x22><script>alert(string.fromcharcode(88,83,83))</script>&calendar=2023.08.[all].[all].[all]"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.3905ccn.org"] [uri "/maintNetInstance.php"] [unique_id "ZtzpCOwe1UPgMp7vvohNXAAAAAY"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Steve
|
|
SQL Injection Attempts
|
SQL Injection
Brute-Force
|
|