mawan
2024-09-17 08:08:07
(2 weeks ago)
Suspected of having performed illicit activity on AMS server.
Web App Attack
FeG Deutschland
2024-09-16 17:11:02
(2 weeks ago)
Looking for CMS/PHP/SQL vulnerablilities - 13
Exploited Host
Web App Attack
Anonymous
2024-09-16 09:07:18
(2 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Gwyneth Llewelyn
2024-09-16 06:13:39
(2 weeks ago)
13.229.107.79 - - [16/Sep/2024:07:13:37 +0100] "GET //cgi-bin/class_api.php HTTP/2.0" 404 1105 "http ... show more 13.229.107.79 - - [16/Sep/2024:07:13:37 +0100] "GET //cgi-bin/class_api.php HTTP/2.0" 404 1105 "http://getasecondlife.net//cgi-bin/class_api.php#888xyz999" "Go-http-client/2.0" show less
Bad Web Bot
Anonymous
2024-09-16 02:11:32
(2 weeks ago)
Bot / scanning and/or hacking attempts: GET //wp-admin/maint/moon.php HTTP/1.1, GET /wp-admin/maint/ ... show more Bot / scanning and/or hacking attempts: GET //wp-admin/maint/moon.php HTTP/1.1, GET /wp-admin/maint/moon.php HTTP/1.1, GET //cgi-bin/moon.php HTTP/1.1, GET //.well-known/acme-challenge/moon.php HTTP/1.1, GET //wp-admin/maint/atomlib.php HTTP/1.1, GET //wp-admin/user/moon.php HTTP/1.1, GET /wp-admin/user/moon.php HTTP/1.1, GET //wp-includes/certificates/moon.php HTTP/1.1, GET /wp-content/upgrade/moon.php HTTP/1.1, GET //wp-includes/ID3/moon.php HTTP/1.1, GET /wp-content/themes/atomlib.php HTTP/1.1, GET //wp-content/upgrade/moon.php HTTP/1.1, GET /.well-known/acme-challenge/moon.php HTTP/1.1, GET /wp-includes/ID3/moon.php HTTP/1.1, GET /wp-admin/maint/atomlib.php HTTP/1.1, GET //wp-admin/js/widgets/moon.php HTTP/1.1, GET /wp-admin/js/widgets/moon.php HTTP/1.1, GET /class.api.php HTTP/1.1 show less
Hacking
Web App Attack
penjaga BRIN
2024-09-15 20:00:07
(2 weeks ago)
apache-auth-111
Brute-Force
Ba-Yu
2024-09-15 14:41:33
(2 weeks ago)
General hacking/exploits/scanning
Web Spam
Hacking
Brute-Force
Exploited Host
Web App Attack
Apache
2024-09-15 14:10:36
(2 weeks ago)
(mod_security) mod_security (id:20000010) triggered by 13.229.107.79 (SG/Singapore/ec2-13-229-107-79 ... show more (mod_security) mod_security (id:20000010) triggered by 13.229.107.79 (SG/Singapore/ec2-13-229-107-79.ap-southeast-1.compute.amazonaws.com): 5 in the last 300 secs show less
Brute-Force
Web App Attack
gu-alvareza
2024-09-15 07:05:24
(2 weeks ago)
PHP.URI.Code.Injection
SQL Injection
Web App Attack
vincent_EUDIER
2024-09-14 20:40:01
(2 weeks ago)
ET WEB_SERVER Possible SQL Injection (exec) in HTTP URI
Hacking
el-brujo
2024-09-14 17:53:12
(2 weeks ago)
14/Sep/2024:19:53:11.280764 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 14/Sep/2024:19:53:11.280764 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 13.229.107.79] ModSecurity: Warning. Pattern match "(?:;|\\\\\\\\{|\\\\\\\\||\\\\\\\\|\\\\\\\\||&|&&|\\\\\\\\n|\\\\\\\\r|\\\\\\\\$\\\\\\\\(|\\\\\\\\$\\\\\\\\(\\\\\\\\(|`|\\\\\\\\${|<\\\\\\\\(|>\\\\\\\\(|\\\\\\\\(\\\\\\\\s*\\\\\\\\))\\\\\\\\s*(?:{|\\\\\\\\s*\\\\\\\\(\\\\\\\\s*|\\\\\\\\w+=(?:[^\\\\\\\\s]*|\\\\\\\\$.*|\\\\\\\\$.*|<.*|>.*|\\\\\\\\'.*\\\\\\\\'|\\\\".*\\\\")\\\\\\\\s+|!\\\\\\\\s*|\\\\\\\\$)*\\\\\\\\s*(?:'|\\\\")*(?:[\\\\\\\\?\\\\\\\\*\\\\\\\\[\\\\\\\\]\\\\\\\\(\\\\\\\\)\\\\\\\\-\\\\\\\\|+\\\\\\\\w'\\\\"\\\\\\\\./\\\\\\\\\\\\\\\\]+/)?[\\\\\\\\\\\\\\\\'\\\\"]*(?:l[\\\\\\\\\\\\\\\\'\\\\"]* ..." at ARGS:sfilecontent. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "123"] [id "932100"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: ; eval found within ARGS:sfilecontent: <?php function get($url) { $ch = c
... show less
Hacking
Web App Attack
el-brujo
2024-09-14 13:30:24
(2 weeks ago)
14/Sep/2024:15:30:24.274912 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 14/Sep/2024:15:30:24.274912 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 13.229.107.79] ModSecurity: Warning. Pattern match "(?:;|\\\\\\\\{|\\\\\\\\||\\\\\\\\|\\\\\\\\||&|&&|\\\\\\\\n|\\\\\\\\r|\\\\\\\\$\\\\\\\\(|\\\\\\\\$\\\\\\\\(\\\\\\\\(|`|\\\\\\\\${|<\\\\\\\\(|>\\\\\\\\(|\\\\\\\\(\\\\\\\\s*\\\\\\\\))\\\\\\\\s*(?:{|\\\\\\\\s*\\\\\\\\(\\\\\\\\s*|\\\\\\\\w+=(?:[^\\\\\\\\s]*|\\\\\\\\$.*|\\\\\\\\$.*|<.*|>.*|\\\\\\\\'.*\\\\\\\\'|\\\\".*\\\\")\\\\\\\\s+|!\\\\\\\\s*|\\\\\\\\$)*\\\\\\\\s*(?:'|\\\\")*(?:[\\\\\\\\?\\\\\\\\*\\\\\\\\[\\\\\\\\]\\\\\\\\(\\\\\\\\)\\\\\\\\-\\\\\\\\|+\\\\\\\\w'\\\\"\\\\\\\\./\\\\\\\\\\\\\\\\]+/)?[\\\\\\\\\\\\\\\\'\\\\"]*(?:l[\\\\\\\\\\\\\\\\'\\\\"]* ..." at ARGS:sfilecontent. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "123"] [id "932100"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: ; eval found within ARGS:sfilecontent: <?php function get($url) { $ch = c
... show less
Hacking
Web App Attack
el-brujo
2024-09-14 10:51:13
(2 weeks ago)
14/Sep/2024:12:51:12.599941 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 14/Sep/2024:12:51:12.599941 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 13.229.107.79] ModSecurity: Warning. Pattern match "(?:;|\\\\\\\\{|\\\\\\\\||\\\\\\\\|\\\\\\\\||&|&&|\\\\\\\\n|\\\\\\\\r|\\\\\\\\$\\\\\\\\(|\\\\\\\\$\\\\\\\\(\\\\\\\\(|`|\\\\\\\\${|<\\\\\\\\(|>\\\\\\\\(|\\\\\\\\(\\\\\\\\s*\\\\\\\\))\\\\\\\\s*(?:{|\\\\\\\\s*\\\\\\\\(\\\\\\\\s*|\\\\\\\\w+=(?:[^\\\\\\\\s]*|\\\\\\\\$.*|\\\\\\\\$.*|<.*|>.*|\\\\\\\\'.*\\\\\\\\'|\\\\".*\\\\")\\\\\\\\s+|!\\\\\\\\s*|\\\\\\\\$)*\\\\\\\\s*(?:'|\\\\")*(?:[\\\\\\\\?\\\\\\\\*\\\\\\\\[\\\\\\\\]\\\\\\\\(\\\\\\\\)\\\\\\\\-\\\\\\\\|+\\\\\\\\w'\\\\"\\\\\\\\./\\\\\\\\\\\\\\\\]+/)?[\\\\\\\\\\\\\\\\'\\\\"]*(?:l[\\\\\\\\\\\\\\\\'\\\\"]* ..." at ARGS:sfilecontent. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "123"] [id "932100"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: ; eval found within ARGS:sfilecontent: <?php function get($url) { $ch = c
... show less
Hacking
Web App Attack
FeG Deutschland
2024-09-14 09:01:01
(2 weeks ago)
Looking for CMS/PHP/SQL vulnerablilities - 13
Exploited Host
Web App Attack
gu-alvareza
2024-09-14 07:05:18
(2 weeks ago)
PHP.URI.Code.Injection
SQL Injection
Web App Attack