el-brujo
2024-11-15 01:14:28
(2 months ago)
Cloudflare WAF: Request Path: /php/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php Request Qu ... show more Cloudflare WAF: Request Path: /php/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php Request Query: Host: forum.elhacker.net userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Action: block Source: firewallManaged ASN Description: AEZA-AS Country: DE Method: GET Timestamp: 2024-11-15T01:14:28Z ruleId: db1f213645904ab9b16b227b4a6a7b3a. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less
Hacking
SQL Injection
Web App Attack
Anonymous
2024-11-15 00:55:15
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
el-brujo
2024-11-15 00:24:11
(2 months ago)
Cloudflare WAF: Request Path: /profile/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php Reques ... show more Cloudflare WAF: Request Path: /profile/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php Request Query: Host: forum.elhacker.net userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36 Action: block Source: firewallManaged ASN Description: AEZA-AS Country: DE Method: GET Timestamp: 2024-11-15T00:24:11Z ruleId: db1f213645904ab9b16b227b4a6a7b3a. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less
Hacking
SQL Injection
Web App Attack
el-brujo
2024-11-15 00:17:28
(2 months ago)
15/Nov/2024:01:17:27.558898 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 15/Nov/2024:01:17:27.558898 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 92.246.136.95] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "703"] [id "920340"] [msg "Request Containing Content, but Missing Content-Type header"] [severity "NOTICE"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "elhacker.info"] [uri "/manuales/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "ZzaTF6pn0fYx_N4XLcGP-AAAB30"]
... show less
Hacking
Web App Attack
Anonymous
2024-11-14 21:02:13
(2 months ago)
Web attack
Bad Web Bot
Web App Attack
Cloudkul Cloudkul
2024-11-14 19:45:17
(2 months ago)
Attempted Not Found (404 status code) requests on our application, more than 30% of their total requ ... show more Attempted Not Found (404 status code) requests on our application, more than 30% of their total requests. show less
Brute-Force
Web App Attack
SCHAPPY
2024-11-14 19:17:18
(2 months ago)
Critical web app attack detected. PHP Injection Attack: PHP Script File Upload Found
Web App Attack
Anonymous
2024-11-14 17:39:00
(2 months ago)
Brute force attack on CMS admin login.
Brute-Force
Web App Attack
RoboSOC
2024-11-14 15:59:39
(2 months ago)
Joomla HTTP User Agent Object Injection Vulnerability , PTR: wanting-wax-n1.aeza.network.
Exploited Host
Anonymous
2024-11-14 14:58:31
(2 months ago)
Excessive crawling/scraping
Hacking
Brute-Force
TPI-Abuse
2024-11-14 14:32:34
(2 months ago)
(mod_security) mod_security (id:234930) triggered by 92.246.136.95 (wanting-wax-n1.aeza.network): 1 ... show more (mod_security) mod_security (id:234930) triggered by 92.246.136.95 (wanting-wax-n1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 09:32:27.985270 2024] [security2:error] [pid 27401:tid 27401] [client 92.246.136.95:54336] [client 92.246.136.95] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||limadeltadx.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "limadeltadx.org"] [uri "/lima-delta-news/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZzYJ-2ubgJ0xDctAYYfiOgAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
SilverZippo
2024-11-14 12:59:11
(2 months ago)
Web App Attack
Web App Attack
TPI-Abuse
2024-11-14 09:58:56
(2 months ago)
(mod_security) mod_security (id:234930) triggered by 92.246.136.95 (wanting-wax-n1.aeza.network): 1 ... show more (mod_security) mod_security (id:234930) triggered by 92.246.136.95 (wanting-wax-n1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 04:58:53.011616 2024] [security2:error] [pid 7089:tid 7089] [client 92.246.136.95:36084] [client 92.246.136.95] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.stalbansparish.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.stalbansparish.org"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZzXJ3RQyZShmcNqi3VqLEAAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
rsiddall
2024-11-14 09:52:38
(2 months ago)
2024-11-14T04:52:29.980861linnet.elirion.net drupal[26680]: https://www.uuhumanists.org|1731577949|u ... show more 2024-11-14T04:52:29.980861linnet.elirion.net drupal[26680]: https://www.uuhumanists.org|1731577949|user|92.246.136.95|https://www.uuhumanists.org/?q=user||0||Login attempt failed for uuhumanists.
2024-11-14T04:52:31.410543linnet.elirion.net drupal[27537]: https://www.uuhumanists.org|1731577951|user|92.246.136.95|https://www.uuhumanists.org/?q=user||0||Login attempt failed for admin.
2024-11-14T04:52:33.852915linnet.elirion.net drupal[27537]: https://www.uuhumanists.org|1731577953|user|92.246.136.95|https://www.uuhumanists.org/?q=user||0||Login attempt failed for administrator.
2024-11-14T04:52:36.589588linnet.elirion.net drupal[26680]: https://www.uuhumanists.org|1731577956|user|92.246.136.95|https://www.uuhumanists.org/?q=user||0||Login attempt failed for uuhumanists.
2024-11-14T04:52:38.012843linnet.elirion.net drupal[26680]: https://www.uuhumanists.org|1731577958|user|92.246.136.95|https://www.uuhumanists.org/?q=user||0||Login attempt failed for admin.
... show less
Brute-Force
TPI-Abuse
2024-11-14 09:35:59
(2 months ago)
(mod_security) mod_security (id:234930) triggered by 92.246.136.95 (wanting-wax-n1.aeza.network): 1 ... show more (mod_security) mod_security (id:234930) triggered by 92.246.136.95 (wanting-wax-n1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 04:35:56.236391 2024] [security2:error] [pid 8360:tid 8360] [client 92.246.136.95:55618] [client 92.246.136.95] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.mavikalem.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.mavikalem.org"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZzXEfEpLgF9zxxLonHbq5QAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack