๐บ๐ธ
HCF
2026-07-06 16:50:00
(13 hours ago)
PHP.CGI.Argument.Injection
Web App Attack
Hacking
Anonymous
2026-07-06 10:37:20
(20 hours ago)
"POST /cgi-bin/php-cgi.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1"
Hacking
Web App Attack
๐ฒ๐พ
Rizzy
2026-07-06 03:47:47
(1 day ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐ฌ๐ง
cybersteve99
2026-07-06 01:29:51
(1 day ago)
Too many 4xx Requests -
Brute-Force
Web App Attack
๐บ๐ธ
rdpguard.com
2026-07-05 18:22:02
(1 day ago)
RdpGuard detected brute-force attempt on HTTP
Brute-Force
๐บ๐ธ
nyt
2026-07-05 16:43:51
(1 day ago)
Potential remote code execution attempt via PHP, CGI Probe, Attempted PHP injection with allow_url_i ...
show more
Potential remote code execution attempt via PHP, CGI Probe, Attempted PHP injection with allow_url_include
show less
Web App Attack
Anonymous
2026-07-05 08:36:07
(1 day ago)
38.72.89.3 - - [05/Jul/2026:16:36:06 +0800] "POST /cgi-bin/php-cgi.exe?%ADd+allow_url_include%3d1+%A ...
show more
38.72.89.3 - - [05/Jul/2026:16:36:06 +0800] "POST /cgi-bin/php-cgi.exe?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.3.27"
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 07:33:14
(1 day ago)
(mod_security) mod_security (id:218420) triggered by 38.72.89.3 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:218420) triggered by 38.72.89.3 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 03:33:00.680202 2026] [security2:error] [pid 8762:tid 8762] [client 38.72.89.3:34307] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||www.xyncom.com|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "www.xyncom.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "akoIrNWEQTxRgjRxj1mBGgAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 05:55:27
(2 days ago)
(mod_security) mod_security (id:218420) triggered by 38.72.89.3 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:218420) triggered by 38.72.89.3 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 01:55:10.853137 2026] [security2:error] [pid 21463:tid 21463] [client 38.72.89.3:24390] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||www.studioarts.net|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "www.studioarts.net"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aknxvkgbFCv2KPKWnXVI5gAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 04:15:46
(2 days ago)
(mod_security) mod_security (id:218420) triggered by 38.72.89.3 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:218420) triggered by 38.72.89.3 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 00:15:28.948311 2026] [security2:error] [pid 30318:tid 30318] [client 38.72.89.3:29865] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||www.namefinder.com|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "www.namefinder.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "aknaYH9dO1WBZIbTvKTX0QAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 02:15:58
(2 days ago)
(mod_security) mod_security (id:218420) triggered by 38.72.89.3 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:218420) triggered by 38.72.89.3 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 22:15:43.726143 2026] [security2:error] [pid 6938:tid 6938] [client 38.72.89.3:22673] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||www.homehealth101.com|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "www.homehealth101.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "akm-T9crmNxcmshp9gn2cQAAAB8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-04 23:22:12
(2 days ago)
(mod_security) mod_security (id:218420) triggered by 38.72.89.3 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:218420) triggered by 38.72.89.3 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 19:21:54.787116 2026] [security2:error] [pid 22345:tid 22345] [client 38.72.89.3:55044] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||www.backstore.com|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "www.backstore.com"] [uri "/php-cgi/php-cgi.exe"] [unique_id "akmVkrrhjaKDPqXeH-jrYAAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-04 16:47:10
(2 days ago)
(mod_security) mod_security (id:218420) triggered by 38.72.89.3 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:218420) triggered by 38.72.89.3 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 12:46:55.092064 2026] [security2:error] [pid 16317:tid 16345] [client 38.72.89.3:15947] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||financialanalyst.org|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "financialanalyst.org"] [uri "/php-cgi/php-cgi.exe"] [unique_id "akk4_4qDXsR9ItHPrX-5KQAAANg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
MusicLibrary
2026-06-29 19:02:45
(1 week ago)
Attempted access to non existent wordpress urls
Bad Web Bot
๐ฉ๐ช
MusicLibrary
2026-06-25 04:09:42
(1 week ago)
Attempted access to non existent wordpress urls
Bad Web Bot