๐ฎ๐ฉ
no body
2022-10-11 07:48:24
(3 years ago)
[2022-10-05 06:28:15] "/upload?file=../../../../../../../../../../../../../../etc/passwd"
Web App Attack
Anonymous
2022-10-10 16:56:20
(3 years ago)
General scanning observed in manual log review.
Web App Attack
๐จ๐ฟ
Countryman
2022-10-05 12:32:26
(3 years ago)
repeated unauthorized connection attempts, host sweep, port scan
Port Scan
๐ฌ๐ท
JCB
2022-10-05 10:41:48
(3 years ago)
95.216.80.144 - - [05/Oct/2022:06:14:20 +0300] "GET /plugin?file=../../../../../../../../../../../.. ...
show more
95.216.80.144 - - [05/Oct/2022:06:14:20 +0300] "GET /plugin?file=../../../../../../../../../../../../../../etc/passwd HTTP/1.1" 404 196 "-" "Mozilla/5.0 (X11; Linux i686; rv:6.0a2) Gecko/20110615 Firefox/6.0a2 Iceweasel/6.0a2"
95.216.80.144 - - [05/Oct/2022:06:31:44 +0300] "GET /upload?file=../../../../../../../../../../../../../../etc/passwd HTTP/1.1" 404 196 "-" "Mozilla/5.0 (X11; CrOS x86_64 13982.88.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.162 Safari/537.36"
95.216.80.144 - - [05/Oct/2022:07:55:10 +0300] "GET /plugin?file=../../../../../../../../../../../../../../etc/passwd HTTP/1.1" 404 2850 "-" "Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0"
...
show less
Hacking
Brute-Force
Web App Attack
๐จ๐ฟ
Countryman
2022-10-05 06:57:56
(3 years ago)
Web.Server.Password.Files.Access
Hacking
๐น๐ท
kozkabas
2022-10-05 03:02:57
(3 years ago)
/plugin?file=../../../../../../../../../../../../../../etc/passwd
Hacking
Web App Attack
๐ฎ๐ฉ
NOC Monitoring KAI
2022-10-05 01:47:40
(3 years ago)
Web Attack
Web App Attack
๐ฉ๐ช
reigo
2022-10-05 01:41:49
(3 years ago)
Sql/code injection probe
Web App Attack
๐จ๐ฟ
lp
2022-10-05 01:34:36
(3 years ago)
Bot webscan
95.216.80.144 - - [05/Oct/2022:07:34:36 +0200] "GET /login?redirect=http://169.254.169.2 ...
show more
Bot webscan
95.216.80.144 - - [05/Oct/2022:07:34:36 +0200] "GET /login?redirect=http://169.254.169.254/latest/meta-data/ HTTP/1.1" 404 6145 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"
...
show less
Web App Attack
๐จ๐ฟ
lp
2022-10-04 23:30:28
(3 years ago)
Bot webscan
95.216.80.144 - - [05/Oct/2022:05:30:28 +0200] "GET /login?redirect=http://169.254.169.2 ...
show more
Bot webscan
95.216.80.144 - - [05/Oct/2022:05:30:28 +0200] "GET /login?redirect=http://169.254.169.254/latest/meta-data/ HTTP/1.1" 404 5750 "-" "CSSCheck/1.2.2"
...
show less
Web App Attack
๐ฎ๐ฉ
hermawan
2022-10-04 21:39:20
(3 years ago)
[Wed Oct 05 08:39:10.153556 2022] [-:error] [pid 43056:tid 140051090290240] [client 95.216.80.144:33 ...
show more
[Wed Oct 05 08:39:10.153556 2022] [-:error] [pid 43056:tid 140051090290240] [client 95.216.80.144:33480] [client 95.216.80.144] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^(?i:file|ftps?|https?)://(?:\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3}\\\\.\\\\d{1,3})" at ARGS:next. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-931-APPLICATION-ATTACK-RFI.conf"] [line "58"] [id "931100"] [msg "Possible Remote File Inclusion (RFI) Attack: URL Parameter using IP Address"] [data "Matched Data: http://169.254.169.254 found within ARGS:next: http://169.254.169.254/latest/meta-data/"] [severity "CRITICAL"] [ver "OWASP_CRS/4.0.0-rc1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-rfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/175/253"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/login/"] [unique_id "YzzgPmsD5uppEVGDBDD1_wAAAAE"] [karangploso.jatim.bmkg.go.id] [karangploso.jatim.bmkg.go.id] top=[43149]
...
show less
Hacking
Web App Attack
๐ฏ๐ต
aem-www.imr.tohoku.ac.jp
2022-10-04 21:36:57
(3 years ago)
HTTP_USER_AGENT : Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Ge ...
show more
HTTP_USER_AGENT : Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.57 Whale/3.14.133.23 Safari/537.36
REQUEST_URI : /upload?file=../../../../../../../../../../../../../../etc/passwd
show less
Web App Attack
๐ฎ๐ฉ
hermawan
2022-10-04 21:09:41
(3 years ago)
[Wed Oct 05 08:09:40.448871 2022] [-:error] [pid 145609:tid 139658402965056] [client 95.216.80.144:4 ...
show more
[Wed Oct 05 08:09:40.448871 2022] [-:error] [pid 145609:tid 139658402965056] [client 95.216.80.144:42526] [client 95.216.80.144] ModSecurity: Access denied with code 403 (phase 1). Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1777"] [id "920300"] [msg "Request Missing an Accept Header"] [data "Matched Data: connection found within REQUEST_HEADERS:User-Agent: Opera/9.20 (Macintosh; Intel Mac OS X; U; en) request_line = GET /plugin?file=../../../../../../../../../../../../../../etc/passwd HTTP/1.1"] [severity "NOTICE"] [ver "OWASP_CRS/4.0.0-rc1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [tag "paranoia-level/3"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/plugin"] [unique_id "YzzZVJGInrKtbe1IaZo77gAAAGQ"] [karangploso.jatim.bmkg.go.id
...
show less
Hacking
Web App Attack
๐จ๐ฟ
lp
2022-10-04 19:55:38
(3 years ago)
Bot webscan
95.216.80.144 - - [05/Oct/2022:01:55:38 +0200] "GET /plugin?file=../../../../../../../.. ...
show more
Bot webscan
95.216.80.144 - - [05/Oct/2022:01:55:38 +0200] "GET /plugin?file=../../../../../../../../../../../../../../etc/passwd HTTP/1.1" 404 6145 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36"
...
show less
Web App Attack
๐จ๐ญ
unifr
2022-10-04 18:46:08
(3 years ago)
Unauthorized IMAP connection attempt
Brute-Force