🇺🇸
EricTheRedFL
2023-10-21 06:59:07
(2 years ago)
Port scan of TCP port 9200
Port Scan
Hacking
🇱🇺
Tha_14
2023-10-21 05:55:19
(2 years ago)
Incoming TCP Connection from 143.198.149.215 to port: 9200. Honeypot was triggered at 10/21/2023 05: ...
show more
Incoming TCP Connection from 143.198.149.215 to port: 9200. Honeypot was triggered at 10/21/2023 05:54:36 AM.
show less
Port Scan
🇩🇪
iNetWorker
2023-10-21 05:27:39
(2 years ago)
trying to access non-authorized port
Port Scan
🇧🇷
AC - Team
2022-08-08 23:19:43
(3 years ago)
143.198.149.215 - - [09/Aug/2022:00:19:41 -0300] "GET /wp-content/plugins/adaptive-images/adaptive-i ...
show more
143.198.149.215 - - [09/Aug/2022:00:19:41 -0300] "GET /wp-content/plugins/adaptive-images/adaptive-images-script.php?adaptive-images-settings[source_file]=../../../wp-config.php HTTP/1.1" 403 3443 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2919.83 Safari/537.36"
...
show less
Exploited Host
Web App Attack
🇧🇷
AC - Team
2022-08-08 20:03:33
(3 years ago)
143.198.149.215 - - [08/Aug/2022:21:03:39 -0300] "GET /wp-content/plugins/adaptive-images/adaptive-i ...
show more
143.198.149.215 - - [08/Aug/2022:21:03:39 -0300] "GET /wp-content/plugins/adaptive-images/adaptive-images-script.php?adaptive-images-settings[source_file]=../../../wp-config.php HTTP/1.1" 307 4520 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.3319.102 Safari/537.36"
...
show less
Exploited Host
Web App Attack
🇮🇩
hermawan
2022-08-08 15:40:45
(3 years ago)
[Tue Aug 09 02:40:41.724803 2022] [-:error] [pid 48867:tid 140730190239488] [client 143.198.149.215: ...
show more
[Tue Aug 09 02:40:41.724803 2022] [-:error] [pid 48867:tid 140730190239488] [client 143.198.149.215:41676] [client 143.198.149.215] ModSecurity: Access denied with code 403 (phase 2). Match of "endsWith .%{request_headers.host}" against "TX:rfi_parameter_ARGS:imageUrl" required. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "135"] [id "931130"] [msg "Possible Remote File Inclusion (RFI) Attack: Off-Domain Reference/Link"] [data "Matched Data: http://cbkvl85hc560u2800010544izaiq5rbox.oast.pro found within TX:rfi_parameter_ARGS:imageUrl: .cbkvl85hc560u2800010544izaiq5rbox.oast.pro"] [severity "CRITICAL"] [ver "OWASP_CRS/4.0.0-rc1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "OWASP_CRS"] [tag "capec/1000/152/175/253"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/Images/Remote"] [unique_id "YvFmuaOAQTsP06oCA3HN0gAAAEc"] [karangploso.jatim.bmkg.go.id] [kara
...
show less
Hacking
Web App Attack
🇳🇿
WebWizards.NZ
2022-08-07 17:20:06
(3 years ago)
dodgy URLs
Hacking
Web App Attack
🇩🇴
Alan Javier
2022-08-07 09:43:26
(3 years ago)
SERVIDOR-WEBAPP Intento de cruce de directorio SAP NetWeaver xMII
SERVIDOR-WEBAPP VMWare vSphere Cl ...
show more
SERVIDOR-WEBAPP Intento de cruce de directorio SAP NetWeaver xMII
SERVIDOR-WEBAPP VMWare vSphere Client intento de ejecución de código remoto
SERVIDOR-WEBAPP GPON Omisión de autenticación de enrutador e intento de inyección de comando
show less
Hacking
Web App Attack
🇮🇩
hermawan
2022-08-07 04:32:20
(3 years ago)
[Sun Aug 07 15:32:17.512855 2022] [-:error] [pid 191246:tid 140731448555264] [client 143.198.149.215 ...
show more
[Sun Aug 07 15:32:17.512855 2022] [-:error] [pid 191246:tid 140731448555264] [client 143.198.149.215:55424] [client 143.198.149.215] ModSecurity: Access denied with code 403 (phase 1). Pattern match "[\\\\n\\\\r]" at ARGS_GET:keywords. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-921-PROTOCOL-ATTACK.conf"] [line "307"] [id "921151"] [msg "HTTP Header Injection Attack via payload (CR/LF detected)"] [data "Matched Data: \\x0d found within ARGS_GET:keywords: <input/Autofocus/\\x0d*/Onfocus=alert(123);>"] [severity "CRITICAL"] [ver "OWASP_CRS/4.0.0-rc1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/2"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/33"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/tour-list/"] [unique_id "Yu94kZYYAKda98PTcuPyWgAAAJ8"] [karangploso.jatim.bmkg.go.id] [karangploso.jatim.bmkg.go.id] top=[191398] [os5ziQpanck] [Yu94kZYYAKda98PTcuPyWgAAAJ8] keep_alive=[0] [2022-08-07 15:32
...
show less
Hacking
Web App Attack
🇸🇬
pusathosting.com
2022-08-06 14:55:15
(3 years ago)
uvcm 143.198.149.215 [07/Aug/2022:01:49:36 "-" "GET /webshell4/login.php 301 393
143.198.149.215 [07 ...
show more
uvcm 143.198.149.215 [07/Aug/2022:01:49:36 "-" "GET /webshell4/login.php 301 393
143.198.149.215 [07/Aug/2022:01:49:41 "-" "GET /webshell4/login.php 301 502
143.198.149.215 [07/Aug/2022:01:49:48 "-" "GET /webshell4/login.php 301 388
show less
Brute-Force
Web App Attack
🇮🇩
hermawan
2022-08-05 23:13:52
(3 years ago)
[Sat Aug 06 10:13:49.201052 2022] [-:error] [pid 494317:tid 140731490486016] [client 143.198.149.215 ...
show more
[Sat Aug 06 10:13:49.201052 2022] [-:error] [pid 494317:tid 140731490486016] [client 143.198.149.215:59932] [client 143.198.149.215] ModSecurity: Access denied with code 403 (phase 1). Match of "within %{tx.allowed_methods}" against "REQUEST_METHOD" required. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-911-METHOD-ENFORCEMENT.conf"] [line "47"] [id "911100"] [msg "Method is not allowed by policy"] [data "PUT"] [severity "CRITICAL"] [ver "OWASP_CRS/4.0.0-rc1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272/220/274"] [tag "PCI/12.1"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/fileserver/test.txt"] [unique_id "Yu3cbQg5ykJKBf0UzWiUygAAAKM"] [karangploso.jatim.bmkg.go.id] [karangploso.jatim.bmkg.go.id] top=[494472] [W8qs+CG6/Mw] [Yu3cbQg5ykJKBf0UzWiUygAAAKM] keep_alive=[0] [2022-08-06 10:13:49.201058] [R:Yu3cbQg5ykJKBf0UzWiUygAAAKM] UA:'Mozilla/5.0 (Window
...
show less
Hacking
Web App Attack
🇮🇩
hermawan
2022-08-04 18:10:34
(3 years ago)
[Fri Aug 05 05:10:30.694940 2022] [-:error] [pid 485927:tid 140732304185088] [client 143.198.149.215 ...
show more
[Fri Aug 05 05:10:30.694940 2022] [-:error] [pid 485927:tid 140732304185088] [client 143.198.149.215:42334] [client 143.198.149.215] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/|\\\\x5c)(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8|e)0 ..." at REQUEST_URI_RAW. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "61"] [id "930100"] [msg "Path Traversal Attack (/../) or (/.../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /wp-content/themes/oxygen-theme/download.php?file=../../../wp-config.php"] [severity "CRITICAL"] [ver "OWASP_CRS/4.0.0-rc1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hos
...
show less
Hacking
Web App Attack
🇨🇴
ferreyo
2022-08-04 11:35:45
(3 years ago)
Cross Site Scripting
SQL Injection
Web App Attack
🇧🇷
AC - Team
2022-08-04 11:23:58
(3 years ago)
143.198.149.215 - - [04/Aug/2022:12:23:57 -0300] "GET /wp-content/themes/oxygen-theme/download.php?f ...
show more
143.198.149.215 - - [04/Aug/2022:12:23:57 -0300] "GET /wp-content/themes/oxygen-theme/download.php?file=../../../wp-config.php HTTP/1.1" 403 3442 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36"
...
show less
Exploited Host
Web App Attack
🇧🇷
AC - Team
2022-08-04 07:50:35
(3 years ago)
143.198.149.215 - - [04/Aug/2022:08:50:40 -0300] "GET /wp-content/themes/oxygen-theme/download.php?f ...
show more
143.198.149.215 - - [04/Aug/2022:08:50:40 -0300] "GET /wp-content/themes/oxygen-theme/download.php?file=../../../wp-config.php HTTP/1.1" 307 4468 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36"
...
show less
Exploited Host
Web App Attack