Bad web bot performing aggressive directory brute-force and reconnaissance. Attempting to discover s ...
show moreBad web bot performing aggressive directory brute-force and reconnaissance. Attempting to discover sensitive files, credentials, and misconfigured endpoints (e.g., AWS/GCP credentials, docker-compose files, database dumps, and Spring Boot Actuators).
show less
Multiple SQL Injection attempts. Payload included UNION SELECT statements targeting web application ...
show moreMultiple SQL Injection attempts. Payload included UNION SELECT statements targeting web application parameters.
show less
Persistent and automated vulnerability scanning activity has been observed from this source, executi ...
show morePersistent and automated vulnerability scanning activity has been observed from this source, executing repetitive Path Traversal and Local File Inclusion (LFI) attempts against our web server infrastructure. The attacker utilizes malformed URIs embedded with directory traversal sequences (e.g., //../../../../ and encoded backslashes) explicitly targeting standard Windows system configuration files such as win.ini. The malicious traffic spans a multi-week period with identical payloads, which is highly characteristic of an automated botnet or aggressive vulnerability scanner probing for unpatched directory traversal vulnerabilities.
show less
Persistent WordPress Brute Force attacker. The attacker performed multiple POST requests to /wp-logi ...
show morePersistent WordPress Brute Force attacker. The attacker performed multiple POST requests to /wp-login.php across multiple subdomains.
show less
Automated web vulnerability scanning using sqlmap. Attempted various SQL Injection techniques (Error ...
show moreAutomated web vulnerability scanning using sqlmap. Attempted various SQL Injection techniques (Error-based, Time-based, OOB, Union). OS Command Injection.
show less
This IP address is associated with automated attempts to exploit known web server vulnerabilities. T ...
show moreThis IP address is associated with automated attempts to exploit known web server vulnerabilities. The attacker is specifically targeting common PHP libraries attempting to execute code using well-known attack vectors.
show less
Multiple shellshock attack (CVE-2014-6271). The IP repeatedly attempted to exploit common CGI paths ...
show moreMultiple shellshock attack (CVE-2014-6271). The IP repeatedly attempted to exploit common CGI paths to execute remote commands and retrieve the system's password file (/etc/passwd).
Payload: "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd"
show less
Shellshock attack
Exploitation for Privilege Escalation, Exploit Public-Facing Application CVE-2014 ...
show moreShellshock attack
Exploitation for Privilege Escalation, Exploit Public-Facing Application CVE-2014-6271
show less
Repeated suspicious HTTP requests from IP 91.224.92.51:
GET /logs/ HTTP/1.1
GET /payment/ HTTP/1 ...
show moreRepeated suspicious HTTP requests from IP 91.224.92.51:
GET /logs/ HTTP/1.1
GET /payment/ HTTP/1.1
GET /dump/ HTTP/1.1
GET /usdt/ HTTP/1.1
GET /admin/ HTTP/1.1
GET /withdraw/ HTTP/1.1
GET / HTTP/1.1
GET /crypto/ HTTP/1.1
GET /wallet/ HTTP/1.1
GET /backup/ HTTP/1.1
User-Agent: Python-urllib/3.9
The pattern suggests automated scanning for vulnerable endpoints, likely related to financial or admin functionality. This behavior is consistent with reconnaissance or hacking attempts.
show less
Attempted to connect using unsupported protocol during SSL handshake. Possible scan or exploit attem ...
show moreAttempted to connect using unsupported protocol during SSL handshake. Possible scan or exploit attempt. 10 hits
show less
Repeated unauthorized login attempts to a WordPress admin login page via POST requests to /wp-login. ...
show moreRepeated unauthorized login attempts to a WordPress admin login page via POST requests to /wp-login.php.
show less
Multiple SSL handshake failures from this IP. 4 repeated connection attempts were made to one HTTPS ...
show moreMultiple SSL handshake failures from this IP. 4 repeated connection attempts were made to one HTTPS server, followed by 4 more to another. Logs show "SSL_do_handshake() failed" due to "unsupported protocol", indicating protocol probing or reconnaissance activity.
show less
Attempted access to /.git/config file. This indicates an automated scan or attack attempting to expl ...
show moreAttempted access to /.git/config file. This indicates an automated scan or attack attempting to exploit exposed Git repositories on the web server.
show less
Suspicious request to root path with fake User-Agent ("Hello World/1.0"). Likely automated scanning ...
show moreSuspicious request to root path with fake User-Agent ("Hello World/1.0"). Likely automated scanning or probing activity.
show less
Repeated suspicious requests from this IP, including 404 errors on root path. Possible reconnaissanc ...
show moreRepeated suspicious requests from this IP, including 404 errors on root path. Possible reconnaissance or scanning activity.
show less
Attempted POST request to /wp-login.php, likely indicating a brute-force login attempt against a Wor ...
show moreAttempted POST request to /wp-login.php, likely indicating a brute-force login attempt against a WordPress site. Activity is suspicious and consistent with automated login scanners.
show less
Brute-ForceBad Web Bot
By clicking โAccept allโ, you agree to the storing of cookies on your device to remember preferences and
analyze site usage.
Read more
- Required to log into your AbuseIPDB account, and store these cookie preferences.