RoboSOC
2025-01-27 19:45:39
(1 week ago)
HTTP Directory Traversal Vulnerability , PTR: PTR record not found
Hacking
Mr-Money
2025-01-27 18:56:54
(1 week ago)
204.12.227.16 - - [27/Jan/2025:19:56:52 +0100] "GET /redirect.php?code=%3Cscript%3Ealert%28%27XSS%27 ... show more 204.12.227.16 - - [27/Jan/2025:19:56:52 +0100] "GET /redirect.php?code=%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E&webinar_id=4 HTTP/1.1" 302 3359 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"
... show less
Hacking
SQL Injection
Bad Web Bot
Exploited Host
Web App Attack
conseilgouz
2025-01-27 18:55:24
(1 week ago)
sae-12 : Block return, carriage return, ... characters=>/index.php?catid=77%3Aarchives-actualites&am ... show more sae-12 : Block return, carriage return, ... characters=>/index.php?catid=77%3Aarchives-actualites&id=205%3Aprojet-sncf-fermeture-de-la-gare-de-santeuil-...(%) show less
Hacking
conseilgouz
2025-01-27 18:55:24
(1 week ago)
sae-12 : Block return, carriage return, ... characters=>/index.php?catid=77%3Aarchives-actualites&am ... show more sae-12 : Block return, carriage return, ... characters=>/index.php?catid=77%3Aarchives-actualites&catid=%27&id=205%3Aprojet-sncf-fermeture-de-la-gar...(') show less
Hacking
exxos
2025-01-27 18:54:52
(1 week ago)
Traversal attacks
Hacking
cmbplf
2025-01-27 18:29:07
(1 week ago)
117 requests to *.env
Brute-Force
Bad Web Bot
subnetprotocol
2025-01-27 18:26:41
(1 week ago)
27/Jan/2025:19:26:40.684918 +0100Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client ... show more 27/Jan/2025:19:26:40.684918 +0100Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 204.12.227.16] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "mail.mignonne.com"] [uri "/.env"] [unique_id "Z5fP4AEcIb5jBxE6FBJ5-QAABVc"]
27/Jan/2025:19:26:40.896279 +0100Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 204.12.227.16] ModSecurity: Warning. Pattern match "(?:^|[\\\\\\\\/])\\\\\\\\.\\\\\\\\.(?:[\\\\\\\\/]|$)" at ARGS:action. [file "/etc/apache2/conf.d/modsec_vendor_conf
... show less
Hacking
Web App Attack
FeG Deutschland
2025-01-27 18:21:12
(1 week ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack
london2038.com
2025-01-27 18:14:25
(1 week ago)
Malformed or malicious web request
204.12.227.16 - - [27/Jan/2025:19:14:22 +0100] "GET /index. ... show more Malformed or malicious web request
204.12.227.16 - - [27/Jan/2025:19:14:22 +0100] "GET /index.php?redirect=no&title=%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E HTTP/1.1" 400 9114 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36" show less
Hacking
Web App Attack
TPI-Abuse
2025-01-27 17:59:48
(1 week ago)
(mod_security) mod_security (id:212620) triggered by 204.12.227.16 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:212620) triggered by 204.12.227.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 27 12:59:44.298243 2025] [security2:error] [pid 2233926:tid 2233926] [client 204.12.227.16:63897] [client 204.12.227.16] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||old.renju.net|F|2"] [data "Matched Data: <script found within REQUEST_URI: /blog/index.php?register=<script>alert('xss')</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "old.renju.net"] [uri "/blog/index.php"] [unique_id "Z5fJkLXe9t1E1e0blIu7OwAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
pa4080
2025-01-27 17:59:08
(1 week ago)
Detected by ModSecurity. Request URI: /index.php?page=7&page=..%252F..%252F..%252F..%252F..%252F..%2 ... show more Detected by ModSecurity. Request URI: /index.php?page=7&page=..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252F..%252Fetc%252Fpasswd&title=File%3AUsing_Portainer_with_Docker_and_Docker_Compose_-_Earthly_Blog.pdf show less
Hacking
Web App Attack
Jim Keir
2025-01-27 17:39:16
(1 week ago)
2025-01-27 17:39:16 204.12.227.16 File scanning, blocking 204.12.227.16 for 5 minutes
Web App Attack
TPI-Abuse
2025-01-27 17:29:56
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 204.12.227.16 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 204.12.227.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 27 12:29:48.985073 2025] [security2:error] [pid 300526:tid 300526] [client 204.12.227.16:59593] [client 204.12.227.16] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "apiceasttexas.com"] [uri "/.env"] [unique_id "Z5fCjCna_nRbL5YUZFXbvgAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-01-27 06:10:02
(2 weeks ago)
| Multiple SQL injection attempts from same source ip.(multiple servers)
Hacking
SQL Injection
Web App Attack
paulshipley.com.au
2025-01-27 02:57:02
(2 weeks ago)
valueaddedpromotions.com.au:443 204.12.227.16 - - [27/Jan/2025:13:56:37 +1100] "GET /promo/www/produ ... show more valueaddedpromotions.com.au:443 204.12.227.16 - - [27/Jan/2025:13:56:37 +1100] "GET /promo/www/product/productlist.php?category=02021&main-category=outer-wear&name=jackets&page=8 HTTP/1.1" 404 146180 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"
valueaddedpromotions.com.au:443 204.12.227.16 - - [27/Jan/2025:13:56:40 +1100] "GET /promo/www/product/productlist.php?category=02021&main-category=outer-wear&name=jackets&name=%27&page=8 HTTP/1.1" 404 146188 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"
valueaddedpromotions.com.au:443 204.12.227.16 - - [27/Jan/2025:13:56:42 +1100] "GET /promo/www/product/productlist.php?category=02021&main-category=outer-wear&name=jackets&page=8&page=%27 HTTP/1.1" 404 146190 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36"
valueaddedpromotions.com.au:
... show less
Web App Attack