ne1for23
2024-11-05 23:08:31
(1 month ago)
Attempt to access invalid virtual host name (###.###.###.###:443). Typically used to access "intern ... show more Attempt to access invalid virtual host name (###.###.###.###:443). Typically used to access "internal" resources improperly exposed externally and "protected" only by a lack of external DNS resolution.
47.252.113.79 - - [05/Nov/2024:23:08:30 +0000] "POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 403 153 "-" "Custom-AsyncHttpClient" "-" show less
Hacking
Kepler-1649c
2024-11-05 23:06:00
(1 month ago)
Apache.HTTP.Server.cgi-bin.Path.Traversal
Hacking
TPI-Abuse
2024-11-05 22:51:07
(1 month ago)
(mod_security) mod_security (id:218420) triggered by 47.252.113.79 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:218420) triggered by 47.252.113.79 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 17:51:02.827323 2024] [security2:error] [pid 21439:tid 21439] [client 47.252.113.79:47274] [client 47.252.113.79] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||192.64.151.6:443|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.151.6"] [uri "/hello.world"] [unique_id "ZyqhVn3fPxoZI3-rRXzs7wAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
Trashware
2024-11-05 20:57:47
(1 month ago)
Malicious connection attempt
Hacking
Web App Attack
services.org.pl
2024-11-05 20:39:07
(1 month ago)
open() "/var/www/html/hello.world" failed (2: No such file or directory), client: 47.252.113.79, ser ... show more open() "/var/www/html/hello.world" failed (2: No such file or directory), client: 47.252.113.79, server: api.services.org.pl, request: "POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1", host: "46.102.157.176:443" show less
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-05 19:03:57
(1 month ago)
(mod_security) mod_security (id:218420) triggered by 47.252.113.79 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:218420) triggered by 47.252.113.79 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 14:03:53.401751 2024] [security2:error] [pid 15317:tid 15317] [client 47.252.113.79:60928] [client 47.252.113.79] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "38"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||192.64.150.200:443|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.200"] [uri "/hello.world"] [unique_id "ZypsGZmMaJ9CJ6uIWni8jAAAABo"] show less
Brute-Force
Bad Web Bot
Web App Attack
Study Bitcoin 🤗
2024-11-05 18:58:27
(1 month ago)
Port probe to tcp/443 (https)
[srv129]
Port Scan
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-05 17:42:24
(1 month ago)
(mod_security) mod_security (id:218420) triggered by 47.252.113.79 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:218420) triggered by 47.252.113.79 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 05 12:42:20.942102 2024] [security2:error] [pid 24612:tid 24612] [client 47.252.113.79:56010] [client 47.252.113.79] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||192.64.150.136:443|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.136"] [uri "/hello.world"] [unique_id "ZypY_I_-EEeZG3Kvu6xSrwAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
EGP Abuse Dept
2024-11-05 15:45:53
(1 month ago)
Unauthorized connection to SSH port 22
Port Scan
Hacking
SSH
MPL
2024-11-05 15:43:15
(1 month ago)
tcp/22
Port Scan