threatx
|
|
Common blacklisted IPs across tenants
|
DDoS Attack
Bad Web Bot
Web App Attack
|
|
threatx
|
|
Common blacklisted IPs across tenants
|
DDoS Attack
Bad Web Bot
Web App Attack
|
|
threatx
|
|
BlackListed IPs by our ThreatX WAF. These Ips are common in multiple tenants
|
DDoS Attack
Bad Web Bot
Web App Attack
|
|
backslash
|
|
|
SQL Injection
|
|
Anonymous
|
|
124.108.7.19 - - [09/Nov/2024:05:14:13 +0100] "GET /css//..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..% ... show more124.108.7.19 - - [09/Nov/2024:05:14:13 +0100] "GET /css//..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows\\win.ini HTTP/1.1" 404 8835 "-" "-"
124.108.7.19 - - [09/Nov/2024:05:14:24 +0100] "GET /..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\..\\windows\\win.ini HTTP/1.1" 403 8838 "-" "-"
... show less
|
Hacking
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:234930) triggered by 124.108.7.19 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:234930) triggered by 124.108.7.19 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 08 22:07:35.612194 2024] [security2:error] [pid 6557:tid 6569] [client 124.108.7.19:57350] [client 124.108.7.19] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.transitionalcareservices.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.transitionalcareservices.com"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "Zy7R98fwOC9vh6QHcBQLRgAAAEo"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
sql injection
|
Web App Attack
|
|
yukon.ca
|
|
Web Server Enforcement Violation: Linux System Files Information Disclosure
Port:80
|
Hacking
Exploited Host
|
|
Anonymous
|
|
WAF detection: Command injection
|
Hacking
|
|
robotstxt
|
|
124.108.7.19 - - [08/Nov/2024:15:21:33 +0000] "GET /wp-admin/admin-ajax.php?action=ays_sccp_results_ ... show more124.108.7.19 - - [08/Nov/2024:15:21:33 +0000] "GET /wp-admin/admin-ajax.php?action=ays_sccp_results_export_file&sccp_id[]=1)+AND+(SELECT+1183+FROM+(SELECT(SLEEP(6)))UPad)+AND+(9752=9752&type=json HTTP/1.1" 400 11 "-" rt="0.186" "Mozilla/5.0 (Debian; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" "-" h="www.wppodcast.org" sn="www.wppodcast.org" ru="/wp-admin/admin-ajax.php?action=ays_sccp_results_export_file&sccp_id[]=1)+AND+(SELECT+1183+FROM+(SELECT(SLEEP(6)))UPad)+AND+(9752=9752&type=json" u="/wp-admin/admin-ajax.php" ucs="-" ua="unix:/var/run/php/wppodcast82.sock" us="400" uct="0.000" urt="0.187"
124.108.7.19 - - [08/Nov/2024:15:21:33 +0000] "GET /wp-admin/admin-ajax.php?action=ays_sccp_results_export_file&sccp_id[]=1)+AND+(SELECT+1183+FROM+(SELECT(SLEEP(6)))UPad)+AND+(9752=9752&type=json HTTP/1.1" 400 11 "-" "Mozilla/5.0 (Debian; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" "-"
124.108.7.19 - - [08/Nov/2024:15
... show less
|
Web Spam
Web App Attack
|
|
polycoda
|
|
📄 Probes for tons of inexistent files and PHP scripts
|
Hacking
Web App Attack
|
|
ph
|
|
Bad web bot attempting to run wp-admin on non-WP site
|
Hacking
Bad Web Bot
Web App Attack
|
|
Mr-Money
|
|
4:12:09124.108.7.19 - - [08/Nov/2024:12:56:50 +0100] "POST /scripts/setup.php HTTP/1.1" 404 119057 " ... show more4:12:09124.108.7.19 - - [08/Nov/2024:12:56:50 +0100] "POST /scripts/setup.php HTTP/1.1" 404 119057 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.7.19"
4:12:09124.108.7.19 - - [08/Nov/2024:12:56:56 +0100] "GET /wp-admin/admin-ajax.php?action=ays_sccp_results_export_file&sccp_id[]=1)+AND+(SELECT+1183+FROM+(SELECT(SLEEP(6)))UPad)+AND+(9752=9752&type=json HTTP/1.1" 404 4078 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.6.22"
4:12:09124.108.7.19 - - [08/Nov/2024:12:56:54 +0100] "GET /vpn/user/download/client?ostype=../../../../../../../../../etc/passwd HTTP/1.1" 403 5052 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14) AppleWebKit/616.21 (KHTML, like Gecko) Version/17.0 Safari/616.21"
... show less
|
Hacking
SQL Injection
Bad Web Bot
Exploited Host
Web App Attack
|
|
Information Security
|
|
Web App Attack
|
Web App Attack
|
|
mnsf
|
|
Too many Status 40X (15)
|
Brute-Force
Web App Attack
|
|