gu-alvareza
2024-10-28 07:05:14
(1 week ago)
Apache.HTTP.Server.cgi-bin.Path.Traversal
Hacking
Web App Attack
Grizzlytools
2024-10-28 06:23:32
(1 week ago)
Kingcopy(AI-IDS)RouterOS: Portscanner detected.
Port Scan
Mk R
2024-10-28 05:04:38
(1 week ago)
193.106.248.84 - - [28/Oct/2024:05:04:37 +0000] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.% ... show more 193.106.248.84 - - [28/Oct/2024:05:04:37 +0000] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 400 166 "-" "-"
193.106.248.84 - - [28/Oct/2024:05:04:37 +0000] "POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh HTTP/1.1" 400 166 "-" "-"
193.106.248.84 - - [28/Oct/2024:05:04:37 +0000] "POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 404 162 "-" "Custom-AsyncHttpClient"
193.106.248.84 - - [28/Oct/2024:05:04:37 +0000] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 162 "-" "Custom-AsyncHttpClient"
193.106.248.84 - - [28/Oct/2024:05:04:37 +0000] "GET /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 162 "-" "Custom-AsyncHttpClient"
193.106.248.84 - - [28/Oct/2024:05:04:38 +0000] "GET /vendor/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 162 "-" "Custom-AsyncHttpClient"
193.106.248.84 - - [28/Oct/2024
... show less
FTP Brute-Force
Port Scan
Hacking
Brute-Force
Bad Web Bot
Web App Attack
SSH
WebpodsLLC
2024-10-28 04:31:09
(1 week ago)
Direction: in Trigger: LF_MODSEC;
Port Scan
Brute-Force
Web App Attack
Artelis
2024-10-28 04:12:07
(1 week ago)
193.106.248.84 - - [28/Oct/2024:04:12:02 +0000] "POST /hello.world?%ADd+allow_url_include%3d1+%ADd+a ... show more 193.106.248.84 - - [28/Oct/2024:04:12:02 +0000] "POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 404 162 "-" "Custom-AsyncHttpClient"
193.106.248.84 - - [28/Oct/2024:04:12:02 +0000] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 162 "-" "Custom-AsyncHttpClient"
193.106.248.84 - - [28/Oct/2024:04:12:02 +0000] "GET /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 162 "-" "Custom-AsyncHttpClient"
193.106.248.84 - - [28/Oct/2024:04:12:03 +0000] "GET /vendor/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 162 "-" "Custom-AsyncHttpClient"
193.106.248.84 - - [28/Oct/2024:04:12:03 +0000] "GET /vendor/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 162 "-" "Custom-AsyncHttpClient"
193.106.248.84 - - [28/Oct/2024:04:12:03 +0000] "GET /vendor/phpunit/phpunit/LICENSE/eval-stdin.php HTTP/1.1" 404 162 "-" "Custom-AsyncHttpClient"
193.106.248.84 - - [28/Oct/2024:04:12:03 +0000] "GET /vendor/vendor/phpunit/phpunit/src/Uti
... show less
Web App Attack
webbfabriken
2024-10-28 03:31:10
(1 week ago)
spam or other hacking activities reported by webbfabriken security servers
Attack reported by ... show more spam or other hacking activities reported by webbfabriken security servers
Attack reported by Webbfabriken Security API - WFSecAPI show less
Web Spam
diego
2024-10-28 03:07:55
(1 week ago)
Events: TCP SYN Discovery or Flooding, Seen 4 times in the last 10800 seconds
DDoS Attack
selahattinalan
2024-10-28 03:06:33
(1 week ago)
193.106.248.84 - - [28/Oct/2024:06:06:33 +0300] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.% ... show more 193.106.248.84 - - [28/Oct/2024:06:06:33 +0300] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 400 392 "-" "Custom-AsyncHttpClient" show less
Brute-Force
Starburst SysOp Team
2024-10-28 01:43:00
(1 week ago)
[Mon Oct 28 01:43:46.373754 2024] [:error] [pid 2292269:tid 2292299] [client 193.106.248.84:54260] [ ... show more [Mon Oct 28 01:43:46.373754 2024] [:error] [pid 2292269:tid 2292299] [client 193.106.248.84:54260] [client 193.106.248.84] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/usr/local/apache/modsecurity-cwaf/rules/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||209.126.87.161:443|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "209.126.87.161"] [uri "/hello.world"] [unique_id "Zx7sUgVqxj2OxrMs0IPhMwAAAMM"] show less
Hacking
Brute-Force
Web App Attack
onkeltom
2024-10-28 01:08:24
(1 week ago)
Unauthorized connection attempts
Hacking
Brute-Force
MWA SOC
2024-10-28 01:02:51
(1 week ago)
Hacking
diego
2024-10-28 00:53:53
(1 week ago)
Events: TCP SYN Discovery or Flooding, Seen 3 times in the last 10800 seconds
DDoS Attack
Anonymous
2024-10-28 00:45:52
(1 week ago)
$f2bV_matches
Brute-Force
Bad Web Bot
Web App Attack
0xffffffff
2024-10-28 00:25:57
(1 week ago)
[2024-10-28 02:25:55.030654] [authz_core:error] [pid 3850938:tid 128466494162624] [client 193.106.24 ... show more [2024-10-28 02:25:55.030654] [authz_core:error] [pid 3850938:tid 128466494162624] [client 193.106.248.84:33728] AH01630: client denied by server configuration: /var/www/html/hello.world , error_notes:wrong-host , URI:'/hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input'
[2024-10-28 02:25:55.309347] [authz_core:error] [pid 3850938:tid 128466504648384] [client 193.106.248.84:33728] AH01630: client denied by server configuration: /var/www/html/vendor , error_notes:wrong-host , URI:'/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php'
[2024-10-28 02:25:55.600956] [authz_core:error] [pid 3850938:tid 128466483676864] [client 193.106.248.84:33728] AH01630: client denied by server configuration: /var/www/html/vendor , error_notes:wrong-host , URI:'/vendor/phpunit/phpunit/Util/PHP/eval-stdin.php'
[2024-10-28 02:25:55.864399] [authz_core:error] [pid 3850938:tid 128466452219584] [client 193.106.248.84:33728] AH01630: client denied by server configuration: /var/www/html/vendor , error_notes:wrong show less
Bad Web Bot
Web App Attack
stypr
2024-10-28 00:25:54
(1 week ago)
Malicious activity detected on HTTP/HTTPS
Hacking
Brute-Force
Web App Attack