|
๐ฑ๐น
Cirkulis
|
|
Palo Alto Networks GlobalProtect OS Command Injection Vulnerability
|
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:218420) triggered by 159.89.43.208 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:218420) triggered by 159.89.43.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 16 23:56:21.647489 2024] [security2:error] [pid 3754:tid 3754] [client 159.89.43.208:58342] [client 159.89.43.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||192.64.150.63|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.63"] [uri "/php-cgi/php-cgi.exe"] [unique_id "Zzl3depkNnOFTYgJCIwTFwAAAAM"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:218420) triggered by 159.89.43.208 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:218420) triggered by 159.89.43.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 16 21:00:59.874381 2024] [security2:error] [pid 385243:tid 385243] [client 159.89.43.208:44318] [client 159.89.43.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||192.64.150.103|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.103"] [uri "/php-cgi/php-cgi.exe"] [unique_id "ZzlOW94idrQXjs8yDY1DcQAAAAA"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:218420) triggered by 159.89.43.208 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:218420) triggered by 159.89.43.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 16 03:54:11.298621 2024] [security2:error] [pid 23738:tid 23758] [client 159.89.43.208:34588] [client 159.89.43.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||jofdt.com|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "jofdt.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "Zzhds5J_F-9LzepTvq2v_wAAAE4"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:218420) triggered by 159.89.43.208 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:218420) triggered by 159.89.43.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 15 21:14:02.315376 2024] [security2:error] [pid 30218:tid 30218] [client 159.89.43.208:58372] [client 159.89.43.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||192.64.150.36|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.36"] [uri "/php-cgi/php-cgi.exe"] [unique_id "Zzf_6qFesYk5Hd5T2ew8zwAAAA4"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐ฏ๐ต
VXG-NET
|
|
port=80, indicator_type=info-leak
|
Hacking
|
|
|
๐ฏ๐ต
VXG-NET
|
|
port=80, indicator_type=info-leak
|
Hacking
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:218420) triggered by 159.89.43.208 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:218420) triggered by 159.89.43.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 15 14:01:40.914407 2024] [security2:error] [pid 2632:tid 2632] [client 159.89.43.208:36836] [client 159.89.43.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||192.64.150.55|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.55"] [uri "/php-cgi/php-cgi.exe"] [unique_id "ZzealPV62Ff198ddMId7QwAAADU"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:218420) triggered by 159.89.43.208 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:218420) triggered by 159.89.43.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 09 05:47:49.204643 2024] [security2:error] [pid 2494:tid 2494] [client 159.89.43.208:54038] [client 159.89.43.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||test.wave94.com|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "test.wave94.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "Zy891UvTOK_nT0zg5nCOpwAAACI"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:218420) triggered by 159.89.43.208 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:218420) triggered by 159.89.43.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 09 05:28:30.243982 2024] [security2:error] [pid 28882:tid 28882] [client 159.89.43.208:59058] [client 159.89.43.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||192.64.150.45|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.45"] [uri "/php-cgi/php-cgi.exe"] [unique_id "Zy85TpTVS1jNFDTlEah7ygAAABc"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐จ๐ฟ
Countryman
|
|
IPS detection: PHP.CGI.Argument.Injection
|
Hacking
|
|
|
๐ฎ๐ช
Jim Keir
|
|
2024-11-09 02:08:10 159.89.43.208 File scanning, blocking 159.89.43.208 for 5 minutes
|
Web App Attack
|
|
|
๐ฎ๐ฉ
penjaga BRIN
|
|
Cisco.IOS.XE.Web.UI.Unauthorized.Account.Creation
|
Web App Attack
|
|
|
๐ณ๐ฑ
rshict
|
|
Hacking, Brute-Force, Web App Attack
|
Hacking
Brute-Force
Web App Attack
|
|
|
๐จ๐ฟ
Petr Dub
|
|
Brute-force attack on MS SQL server, port 1433.
|
Brute-Force
|
|