Naxsi - Rules [ 452 ]

42000466

Jenkins Deserialisation RCE CVE-2017-1000353

Detection: str:JENKINS REMOTING CAPACITY
Edit View

42000465

HOST-Header Injection

Detection: rx:^[a-zA-Z\d-]+\.[a-zA-Z]+$
Edit View

42000464

Java-OGNL Injection (Args+Body)

Detection: str:ognl.OgnlContext
Edit View

42000463

Apache Struts Injection (Args+Body)

Detection: str:apache.struts2.Servlet
Edit View

42000461

Wordpress REST-API Access

Detection: str:/wp-json/wp/v2/
Edit View

42000460

WordPress API Content Injection (GET)

Detection: rx:^\d+$
Edit View

42000459

WordPress API Content Injection (POST)

Detection: rx:^\d+$
Edit View

42000458

HTTPoxy - Attack

Detection: rx:.*
Edit View

42000457

Scanner/AttackBot GO-http-client 1.1

Detection: str:Go-http-client/1.1
Edit View

42000456

Scanner/AttackBot GO 1.1

Detection: str:Go 1.1 package http
Edit View

42000455

possible XML/XXE-Exploitation atempt (Doctype)

Detection: rx:<!DOCTYPE(\s+)(%*\s*)([{}:.a-zA-Z0-9_-]*)(\s+)SYSTEM
Edit View

42000454

Some Scanner nlpproject.info

Detection: str:nlpproject.info
Edit View

42000453

Cloud-Mapping-Scanner

Detection: str:cloudmapping
Edit View

42000452

SensePost Wikto-Scanner

Detection: str:SensePostNotThere
Edit View

42000451

Apache Commons Collection in Body

Detection: str:org.apache.commons
Edit View

42000450

Generic JMX/Invoker - Access

Detection: str:/invoker/jmx
Edit View

42000449

Possible Jenkins/Hudson RCE-Exploit (/script)

Detection: str:command
Edit View

42000448

Possible Jenkins/Hudson RCE-Exploit

Detection: str:command
Edit View

42000447

Jenkins User-Credentials-Access (GET)

Detection: str:hudson.util.Secret.decrypt
Edit View

42000446

Jenkins User-Credentials-Access (POST)

Detection: str:script=hudson.util.Secret.decrypt
Edit View

42000445

Possible Jenkins/Hudson RCE-Exploit

Detection: str:/scriptText
Edit View

42000444

WordPress XMLRPC Enumeration system.getCapabilities

Detection: str:system.getCapabilities
Edit View

42000443

WordPress XMLRPC Enumeration system.listMethods

Detection: str:system.listMethods
Edit View

42000442

Wordpress XMLRPC possible Password Brute Force

Detection: str:system.multicall
Edit View

42000441

JAVA.util in ARGS/BODY

Detection: str:java.util.
Edit View

42000440

Java.IO in ARGS/BODY

Detection: str:java.io.
Edit View

42000439

ElasticSearch - Exploit

Detection: rx:script_fields.*import.*java.util
Edit View

42000438

Possible PHPBackdoor-Access (bootstrap.inc.php)

Detection: str:/admin/bootstrap.inc.php
Edit View

42000437

EXE Download Request To Wordpress Folder

Detection: rx:/wp\-(content\/|admin\/|includes\/).*\.exe
Edit View

42000436

PCRE Library Heap Overflow Vulnerability

Detection: str:(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))
Edit View

42000435

Obvious /console - Access

Detection: str:/console
Edit View

42000434

Unusual Value ( 127.0.0 ) in X-Forward-For, possible ByPass

Detection: str:127.0.0
Edit View

42000433

Unusual Value (0000::1 ) in X-Forward-For, possible ByPass

Detection: str:0000::1
Edit View

42000432

PCRE Library Heap Overflow Vulnerability

Detection: str:(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)
Edit View

42000431

ElasticSearch - Path Transversal

Detection: rx:/_plugin/(.*)/../
Edit View

42000430

WordPress Default Template Bug Scan

Detection: str:/genericons/example.html
Edit View

42000429

Magento Shoplift-Bug-Scan

Detection: str:/Cms_Wysiwyg
Edit View

42000428

Possible IIS Integer Overflow DoS > (CVE-2015-1635)

Detection: str:18446744073709551615
Edit View

42000427

JMXConsole-Access

Detection: str:/jmx-console
Edit View

42000426

SQLiteManager - Exploit

Detection: str:/sqlite/main.php
Edit View

42000425

SQLiteManager - Exploit

Detection: str:/sqlitemanager/
Edit View

42000424

Acunetix PHPSensor-File-Scan

Detection: str:/acu_phpaspect.php
Edit View

42000423

PHP 4.x User-Agent detected in Request, possible flood

Detection: str:php/4.
Edit View

42000422

PHP 5.x User-Agent detected in Request, possible flood

Detection: str:php/5.
Edit View

42000421

Joomla Googlemap-Reflection - Scan

Detection: str:/plugin_googlemap2_proxy.php
Edit View

42000420

MS Exchange OWA Enumeration

Detection: rx:^/owa
Edit View

42000419

MS Exchange Enumeration

Detection: str:/ews/exchange
Edit View

42000418

MS Exchange Enumeration

Detection: rx:^/exchange
Edit View

42000417

MS Exchange ActiveSync Enumeration

Detection: str:/microsoft-server-activesync
Edit View

42000416

MS Exchange CAS Autodiscover Enumeration Vulnerability

Detection: str:/autodiscover/autodiscover.xml
Edit View

42000415

Generic Exec-Function detected

Detection: str:exec(
Edit View

42000414

Possible GHOST exploit-attempt in ARGS/HEADER/BODY

Detection: rx:[\d\.]{255}
Edit View

42000413

Obvious /login - Scan

Detection: str:/login
Edit View

42000412

Obvious Hudson-Scan

Detection: str:/hudson
Edit View

42000411

Obvious Jenkins-Scan

Detection: str:/jenkins
Edit View

42000410

Reflected File Download / Windows-Command - File download (cmd, bat, exe,...)

Detection: rx:[\w*]\.(bat|cmd|vbs|wsh|vbe|wsf|hta)[\W]{0,}$
Edit View

42000408

Drupal SQLI & RCE-Exploit Attempt #2 (rx)

Detection: rx:name\[\d+.{20,}\]
Edit View

42000407

Magento - MAGMI - Access

Detection: str:/magmi/
Edit View

42000406

Magento - MAGMI - ajax_readlocalxml.php

Detection: str:/web/ajax_readlocalxml.php
Edit View

42000405

Magento - MAGMI - clearcatalog.php

Detection: str:/web/clearcatalog.php
Edit View

42000404

Magento - MAGMI - magmi_*.php - Access

Detection: rx:/web/magmi_([a-z]*).php
Edit View

42000403

Magento - MAGMI - Plugin-Upload

Detection: str:/web/plugin_upload.php
Edit View

42000401

Magento - MAGMI-Access (possible Scan)

Detection: str:/web/magmi.php
Edit View

42000400

MongoDB Negated Parameter Server Side JavaScript Injection Attempt

Detection: str:[$ne]
Edit View

42000399

Drupal SQLI & RCE-Exploit Attempt (CVE-2014-3704)

Detection: str:name[0%20
Edit View

42000398

Apache /server-info - Access

Detection: str:/server-info
Edit View

42000397

possible UDP-Bind-Attempt (/dev/udp/)

Detection: str:/dev/udp/
Edit View

42000396

possible TCP-Bind-Attempt (/dev/tcp/)

Detection: str:/dev/tcp/
Edit View

42000395

Bash0day - Scan-Attempt

Detection: str:Thanks-Rob
Edit View

42000394

Shellshock-Masscan by Erratasec

Detection: str:shellshock-scan
Edit View

42000393

Possible Remote code execution through Bash CVE-2014-6271 (SherllShock)

Detection: str:() {
Edit View

42000392

known_hosts Access

Detection: str:/known_hosts
Edit View

42000391

authorized_keys - Access

Detection: str:/authorized_keys
Edit View

42000390

UPNP-Scan

Detection: str:/gatedesc.xml
Edit View

42000389

Open Proxy-Autoconfig-Scan

Detection: str:wpad.dat
Edit View

42000388

Open Proxy-Autoconfig-Scan

Detection: str:proxy.pac
Edit View

42000387

Open Proxy-Autoconfig-Scan

Detection: str:/whitelist.pac
Edit View

42000386

Nullbyte - Termination \0

Detection: str:\0
Edit View

42000385

RosettaFlash JSONP-Exploit callback=CWS

Detection: rx:^CWS\w{5}hC\w{50,}
Edit View

42000384

JAVA-Serialized-Object POST / Class=*

Detection: str:class=
Edit View

42000383

JAVA-Serialized-Object POST

Detection: str:java-serialized-object
Edit View

42000382

local File access via file://

Detection: str:file://
Edit View

42000381

Meterpreter-UA detected

Detection: str:meterpreter
Edit View

42000380

Tomcat-Manager/jmxproxy-access

Detection: str:/manager/jmxproxy/
Edit View

42000379

Tomcat-Manager/serverstatus-command

Detection: str:/manager/text/serverstatus
Edit View

42000378

Tomcat-Manager/findleaks-command

Detection: str:/manager/text/findleaks
Edit View

42000377

Tomcat-Manager/undeploy-command

Detection: str:/manager/text/undeploy
Edit View

42000376

Tomcat-Manager/stop-command

Detection: str:/manager/text/stop
Edit View

42000375

Tomcat-Manager/start-command

Detection: str:/manager/text/start
Edit View

42000374

Tomcat-Manager/sessions-command

Detection: str:/manager/text/sessions
Edit View

42000373

Tomcat-Manager/resources-command

Detection: str:/manager/text/resources
Edit View

42000372

Tomcat-Manager/serverinfo-command

Detection: str:/manager/text/serverinfo
Edit View

42000371

Tomcat-Manager/reload-command

Detection: str:/manager/text/reload
Edit View

42000370

Tomcat-Manager/list-command

Detection: str:/manager/text/list
Edit View

42000369

Tomcat-Manager/deploy-command

Detection: str:/manager/text/deploy
Edit View

42000368

Facebook External Hit

Detection: str:facebookexternalhit
Edit View

42000367

Java-Classloader-Call

Detection: str:classloader
Edit View

42000366

OpenVAS - Scanner

Detection: str:openvas
Edit View

42000365

SiteLock Vulnerability Scanner

Detection: str:sitelock
Edit View

42000364

Sucuri Vulnerability Scaner

Detection: str:sucuri
Edit View

42000363

ScanAlert Vulnerability Scaner

Detection: str:scanalert
Edit View

42000362

Bash-Profile et al Scan

Detection: str:.bash
Edit View

42000361

JAVA-UA, possible Scanner

Detection: str:Java/
Edit View

42000360

Contao-Install install.php - Access

Detection: str:/contao/install.php
Edit View

42000359

TYPO3_CONF_* Value - Injection

Detection: str:TYPO3_CONF
Edit View

42000358

Typo3-Backend-Access

Detection: str:/typo3/
Edit View

42000357

Contao-InstallTool-Access

Detection: str:installer
Edit View

42000356

Contao VAR TL_* - Injection

Detection: str:TL_
Edit View

42000355

WebLogicServer wls_internal - Access

Detection: str:wls_internal/
Edit View

42000354

WebLogicServer wls_deployment_internal - Access

Detection: str:wls_deployment_internal/
Edit View

42000353

Content-Type x-java-serialized-object

Detection: str:x-java-serialized-object
Edit View

42000352

Properties-File Access / Upload

Detection: str:.properties
Edit View

42000351

Possible JSP - File Upload

Detection: str:.jsp
Edit View

42000350

Possible WAR - File Upload

Detection: str:.war
Edit View

42000349

Possible JAR-File Upload

Detection: str:.jar
Edit View

42000348

Possible Java.Lang - Injection (URL-Args & POST-Body)

Detection: str:java.lang.
Edit View

42000347

Possible Wordpress-Plugin-Backdoor detected

Detection: str:jjoplmh
Edit View

42000346

Possible Java-Beans-Injection

Detection: str:java.beans.EventHandler
Edit View

42000345

Possible Casino-Spam (roulette in URL)

Detection: str:roulette
Edit View

42000344

Possible Casino-Spam (casino in URL)

Detection: str:casino
Edit View

42000343

possible PHP Object Injection

Detection: rx:O:\+?\d+:.*:\+?\d+:{(s|S):\+?\d+:.*;.*}
Edit View

42000342

Tomcat/Apache-Commons File Upload DOS Attempt

Detection: rx:multipart\/form-data;(\s*)boundary=[a-zA-Z0-9_-]{4000}
Edit View

42000341

possible XML/XXE-Exploitation atempt (Entity)

Detection: rx:<!ENTITY(\s+)(%*\s*)([{}:.a-zA-Z0-9_-]*)(\s+)SYSTEM
Edit View

42000340

Websocket-Connection-Scan

Detection: str:Upgrade
Edit View

42000339

WP-Content Themes-Scan

Detection: str:/wp-content/themes/
Edit View

42000338

WP-OptimizePress - Scan

Detection: str:/wp-content/uploads/optpress/
Edit View

42000337

PHP-CGI-Scan

Detection: str:/cgi-bin/php
Edit View

42000336

Apache Roller-Scan

Detection: str:/login.rol
Edit View

42000335

Java poss. OGNL-Injection / ActionSupport.getText in Request-Parameters

Detection: str:ActionSupport.getText
Edit View

42000334

CGI-BIN - Scan

Detection: str:/cgi-bin/
Edit View

42000333

PHP-Opener ( <? ) found

Detection: str:<?
Edit View

42000332

Java.io.File in Request-Parameters

Detection: str:java.io.File
Edit View

42000331

ApacheStruts - Exploit-Scan

Detection: str:/struts2-blank/
Edit View

42000330

CONNECT-Request Attempt

Detection: rx:^connect
Edit View

42000329

SSH-Homedir-Access

Detection: str:/.ssh/
Edit View

42000328

GestioIP Remote Code Execution - Scan

Detection: str:/ip_checkhost.cgi
Edit View

42000327

possible UPNP-Port-Manipulation

Detection: str:service:WANIPConnection:
Edit View

42000326

MASSCAN - UA Detected

Detection: str:masscan/
Edit View

42000325

Dlink-Router Backdoor-Scan

Detection: str:xmlset_roodkcableoj28840ybtide
Edit View

42000324

Potential vBulletin Exploit (v4+)

Detection: str:/install/upgrade.php
Edit View

42000323

vBulletinBoard-Scan

Detection: str:/core/install/
Edit View

42000322

Potential vBulletin Exploit (v5+)

Detection: str:/core/install/upgrade.php
Edit View

42000321

probably Malicous UA

Detection: str:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Edit View

42000320

Possible JBoss/Tomcat JMX InvokerServlet Auth Bypass Attempt

Detection: str:/invoker/EJBInvokerServlet
Edit View

42000319

Possible WHMCS - Scan

Detection: str:/register.php
Edit View

42000318

Possible WHMCS Exploit

Detection: str:AES_ENCRYPT
Edit View

42000317

Wordpress-UA, probably Botnet-Attack

Detection: str:WordPress/
Edit View

42000316

WinHttpRequest - UA

Detection: str:WinHttpRequest
Edit View

42000315

Generic Joomla /plugins/system - Scan

Detection: rx:/plugins/system/(.*).php
Edit View

42000314

Joomla highlight.php PHP Object Injection

Detection: str:/plugins/system/highlight/highlight.php
Edit View

42000313

Joomlas Administrator-Login-Attempt

Detection: str:/administrator/index.php
Edit View

42000312

Havij-SQL_scanner

Detection: str:Havij
Edit View

42000311

poss. malicious Scanner using Fake UA Apache/Synapse

Detection: str:Synapse
Edit View

42000310

Abnormal double http:// in HTTP header,

Detection: str:http://http://
Edit View

42000309

Misformed Proxy-Scan

Detection: rx:^/http
Edit View

42000308

Base64Encoded phpinfo

Detection: str:cGhwaW5mbygpOyAg
Edit View

42000307

WP-Contents/Plugins Access

Detection: str:/wp-content/plugins/
Edit View

42000306

Morfeus - F*cking-Scanner

Detection: str:/soapCaller.bs
Edit View

42000305

Possible HNAP-Exploit-Attempt

Detection: str:/HNAP
Edit View

42000304

Spambot Windows-Live-Social-Object-Extractor-Engine

Detection: str:Windows-Live-Social-Object-Extractor-Engine
Edit View

42000303

AWSTATS - Access (2)

Detection: str:stats/agent
Edit View

42000302

AWSTATS - Access

Detection: str:/awstats/data
Edit View

42000301

SQLNinja Attempt To Create xp_cmdshell Session

Detection: str:exec%20master%2E%2Exp%5Fcmdshell
Edit View

42000300

SQLNinja Attempt To Recreate xp_cmdshell Using sp_configure

Detection: str:exec%20master%2E%2Esp%5Fconfigure
Edit View

42000299

Attempt To Access MSSQL xp_ntsec_enumdomains Stored Procedure Via URI

Detection: str:xp_ntsec_enumdomains
Edit View

42000298

Attempt To Access MSSQLxp_enumgroups Stored Procedure Via URI

Detection: str:xp_enumgroups
Edit View

42000297

Attempt To Access MSSQL xp_enumdsn Stored Procedure Via URI

Detection: str:xp_enumdsn
Edit View

42000296

Attempt To Access MSSQL xp_readerrorlogs Stored Procedure Via URI

Detection: str:xp_readerrorlogs
Edit View

42000295

Attempt To Access MSSQL xp_enumerrorlogs Stored Procedure Via URI

Detection: str:xp_enumerrorlogs
Edit View

42000294

Attempt To Access MSSQL xp_fileexist Stored Procedure Via URI

Detection: str:xp_fileexist
Edit View

42000293

Attempt To Access MSSQL xp_regdeletekey Stored Procedure Via URI

Detection: str:xp_regdeletekey
Edit View

42000292

Attempt To Access MSSQL xp_regdeletevalue Stored Procedure Via URI

Detection: str:xp_regdeletevalue
Edit View

42000291

Attempt To Access MSSQL xp_regwrite Stored Procedure Via URI

Detection: str:xp_regwrite
Edit View

42000290

Attempt To Access MSSQL xp_regread Stored Procedure Via URI

Detection: str:xp_regread
Edit View

42000289

Attempt To Access MSSQL xp_servicecontrol Stored Procedure Via URI

Detection: str:xp_servicecontrol
Edit View

42000288

Generic JAVA - Attempt - getRuntime.exec() in Request

Detection: str:getRuntime().exec(
Edit View

42000287

Generic JAVA - Attempt - java.lang.Runtime in Request

Detection: str:java.lang.Runtime
Edit View

42000286

Apache Struts Possible OGNL Java ProcessBuilder URI

Detection: str:java.lang.ProcessBuilder
Edit View

42000285

Joomla JCE-Exploit-Scan

Detection: str:/images/stories/
Edit View

42000284

Open-Proxy-Scan

Detection: rx:^http
Edit View

42000282

HTTP Request Smuggling - Multiple Values in Transfer-Encoding

Detection: str:,
Edit View

42000280

HTTP Request Smuggling - Comma in Content-Length

Detection: str:
Edit View

42000279

HTTP Request Smuggling - Comma in Content-Type

Detection: str:,
Edit View

42000278

HTTP - Smuggling-Attempt (NewLine in URI)

Detection: str:\n\r
Edit View

42000277

HTTP - Smuggling-Attempt (Proxy-POST in Headers)

Detection: str:POST http
Edit View

42000276

HTTP - Smuggling-Attempt (Proxy-GET in Headers)

Detection: str:GET http
Edit View

42000275

HTTP - Smuggling-Attempt (POST in Headers)

Detection: str:POST /
Edit View

42000274

HTTP - Smuggling-Attempt (GET in Headers)

Detection: str:GET /
Edit View

42000273

Arachni Web Scan (URL)

Detection: str:/arachni
Edit View

42000272

Arachni Scanner Web Scan (UA)

Detection: str:Arachni
Edit View

42000271

ForumSpammer Access

Detection: str:++++++++Result
Edit View

42000270

Possible Fast-Track Tool Spidering User-Agent Detected

Detection: str:pymills-spider/
Edit View

42000269

Possible Scan for SolusVM WHMCS Module 3.16 Vulnerability

Detection: str:/rootpassword.php
Edit View

42000268

Possible SolusVM - Exploit-attempt

Detection: str:/centralbackup.php
Edit View

42000267

JetBrains IDE - Workspace-Scan

Detection: str:/.idea/
Edit View

42000266

IDE - workspace.xml - Scan

Detection: str:.idea/workspace.xml
Edit View

42000265

Plesk Apache Zeroday Remote Exploit - possible scan

Detection: str:/phppath/
Edit View

42000264

.htpasswd - Access

Detection: str:/.htpasswd
Edit View

42000263

.htaccess - Access

Detection: str:/.htaccess
Edit View

42000262

possible WP-Scan (wp-admin)

Detection: str:/wp-admin
Edit View

42000261

possible WP-Scan (wp-login)

Detection: str:/wp-login.php
Edit View

42000260

possible FaTaLisTiCz_Fx - Access detected

Detection: str:visitz
Edit View

42000259

gzinflate in URI

Detection: str:gzinflate(
Edit View

42000258

Brutus - Scanner

Detection: str:Brutus/
Edit View

42000257

/bin/sh in URI

Detection: str:/bin/sh
Edit View

42000256

Sumthin Scan

Detection: str:/sumthin
Edit View

42000255

PHP Scan Precursor

Detection: str:/thisdoesnotexist
Edit View

42000254

possible INI - File - Access

Detection: str:.ini
Edit View

42000253

possible INC - File - Access

Detection: str:.inc
Edit View

42000252

possible CONF-File - Access

Detection: str:.conf
Edit View

42000251

SQL-Injection-Scanner NV32ts

Detection: str:NV32ts
Edit View

42000250

JBOSS/JMX REMOTE WAR deployment attempt

Detection: str:/jmx-console/HtmlAdaptor
Edit View

42000249

Webserver-Scanner DataCha0s

Detection: str:DataCha0s
Edit View

42000248

SQL-Injection Scanner CZxt2s

Detection: str:CZxt2s
Edit View

42000247

UA-PHP-Injection-Attack

Detection: str:<?php
Edit View

42000246

UA-PHP-Injection-Attack

Detection: str:<?php
Edit View

42000245

PHPShell - Access detected

Detection: str:/phpshell.css
Edit View

42000244

PHPMyAdmin - Scanner (2)

Detection: str:/phpmyadmin
Edit View

42000243

PHPMyAdmin - Scanner

Detection: str:/pma
Edit View

42000242

PHPPgAdmin - Scanner

Detection: str:/phppgadmin
Edit View

42000241

MysqlDumper - Scanner

Detection: str:/mysqldumper
Edit View

42000240

AB - ApacheBenchmark-Tool detected

Detection: str:ApacheBench
Edit View

42000239

Typo3-JumpURL-Access

Detection: str:jumpurl=
Edit View

42000238

NMAP SQLSpider-Scan

Detection: str:sqlspider
Edit View

42000237

C99-Shell SelfKill detected

Detection: str:x=selfremove
Edit View

42000236

DoubleDot in URL

Detection: str:../
Edit View

42000235

C99-Shell SelfKill detected

Detection: str:x=selfremove
Edit View

42000234

Possible Webshell-Access

Detection: str:.php?x=img&img=
Edit View

42000233

Possible RAILS - Exploit using type=symbol

Detection: rx:type( *)=( *)[\"|']symbol[\"|']
Edit View

42000232

Possible RAILS - Exploit using type=yaml

Detection: rx:type( *)=( *)[\"|']yaml[\"|']
Edit View

42000231

ColdFusion - Vuln-URL-Access componentutils

Detection: str:/CFIDE/componentutils
Edit View

42000230

ColdFusion - Vuln-URL-Access adminapi

Detection: str:/CFIDE/adminapi
Edit View

42000229

ColdFusion - Vuln-URL-Access administrator

Detection: str:/CFIDE/administrator
Edit View

42000228

/etc/passwd encoded as Base64

Detection: str:L2V0Yy9wYXNzd2Q=
Edit View

42000227

Scanner ZmEu exploit scanner

Detection: str:ZmEu
Edit View

42000226

Scanner WITOOL SQL Injection Scan

Detection: str:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; MyIE2
Edit View

42000225

Wikto Backend Data Miner Scan

Detection: str:/actSensePostNotThereNoNotive
Edit View

42000224

Scanner Wikto Scan

Detection: str:/.adSensePostNotThereNoNobook
Edit View

42000223

Scanner WebShag Web Application Scan

Detection: str:webshag
Edit View

42000222

Open-Proxy ScannerBot (webcollage-UA)

Detection: str:webcollage
Edit View

42000221

Scanner Python-httplib

Detection: str:Python-httplib
Edit View

42000220

Scanner WebHack Control Center

Detection: str:WHCC/
Edit View

42000218

Scanner WafWoof Web Application Firewall Detection Scan

Detection: str:/<invalid>hello.html
Edit View

42000217

Tomcat upload from external source

Detection: str:/manager/html/upload
Edit View

42000216

Tomcat admin-admin login credentials

Detection: str:Basic YWRtaW46YWRtaW4=
Edit View

42000215

Tomcat Auth Brute Force attempt (manager)

Detection: str:Basic bWFuYWdlcjp
Edit View

42000211

Tomcat Auth Brute Force attempt (tomcat)

Detection: str:Basic dG9tY2F0
Edit View

42000210

Tomcat Auth Brute Force attempt (admin)

Detection: str:Basic YWRtaW46
Edit View

42000209

Scanner Toata Scanner User-Agent Detected

Detection: str:dragostea
Edit View

42000208

Scanner Sipvicious

Detection: str:sundayddr
Edit View

42000207

Scanner Sipvicious User-Agent Detected

Detection: str:friendly-scanner
Edit View

42000206

Scanner SQL Power Injector SQL Injection

Detection: str:SQL Power Injector
Edit View

42000205

Scanner SQL Injection Attempt (Agent uil2pn)

Detection: str:uil2pn
Edit View

42000204

Scanner Pavuk - Website Mirroring Tool for Off-line Analysis

Detection: str:pavuk
Edit View

42000203

Scanner Paros Proxy Scanner

Detection: str:Paros/
Edit View

42000202

Netsparker-Scan in Progress

Detection: str:/Netsparker
Edit View

42000201

Scanner Netsparker

Detection: str:Netsparker
Edit View

42000200

Scanner Mysqloit - Mysql Injection Takover Tool

Detection: str:Mysqloit
Edit View

42000199

Scanner Mini MySqlatOr SQL Injection

Detection: str:prog.CustomCrawler
Edit View

42000198

Scanner IBM NSA User Agent

Detection: str:Network-Services-Auditor
Edit View

42000197

Scanner Httprecon Web Server Fingerprint Scan

Detection: str:/etc/passwd?format=
Edit View

42000196

Scanner Grendel Web Scan

Detection: str:Mozilla/5.0 (compatible; Grendel-Scan
Edit View

42000194

Scanner DavTest WebDav Vulnerability Scanner

Detection: str:DAV.pm
Edit View

42000193

Scanner crimscanner

Detection: str:crimscanner
Edit View

42000192

Scanner Cisco-torch

Detection: str:Cisco-torch
Edit View

42000191

Scanner bsqlbf Brute Force SQL Injection

Detection: str:bsqlbf
Edit View

42000190

Scanner AutoGetColumn

Detection: str:AutoGetColumn
Edit View

42000189

Scanner Watchfire AppScan Web App Vulnerability Scanner

Detection: str:/appscan_fingerprint
Edit View

42000188

Acunetix-Scanner detected

Detection: str:/acunetix
Edit View

42000187

Scanner Absinthe

Detection: str:Absinthe
Edit View

42000186

Scanner / Broken UserAgent

Detection: str:\.
Edit View

42000185

Scanner t34mh4k

Detection: str:t34mh4k
Edit View

42000184

Scanner Fake GoogleBot

Detection: str:searchbot admin@google
Edit View

42000183

Scanner neuralbot

Detection: str:neuralbot
Edit View

42000182

Scanner gameboy

Detection: str:gameboy
Edit View

42000181

Scanner webster pro

Detection: str:webster pro
Edit View

42000180

Scanner picscout

Detection: str:picscout
Edit View

42000179

Scanner digimarc webreader

Detection: str:digimarc webreader
Edit View

42000178

Scanner w3af

Detection: str:w3af
Edit View

42000177

Scanner n-stealth

Detection: str:n-stealth
Edit View

42000176

Scanner chinaclaw

Detection: str:chinaclaw
Edit View

42000175

Scanner wordpress hash grabber

Detection: str:wordpress hash grabber
Edit View

42000174

PHP-Injetion on UA

Detection: str:http_get_vars
Edit View

42000173

Scanner SkipFish

Detection: str:Mozilla/5.0 SF
Edit View

42000172

Scanner XSSS (probably)

Detection: str:linux mozilla
Edit View

42000171

Scanner whisker

Detection: str:whisker
Edit View

42000170

Scanner sqlmap

Detection: str:sqlmap
Edit View

42000169

Scanner Nmap

Detection: str:Nmap
Edit View

42000167

Scanner Acunetix detected

Detection: str:acunetix
Edit View

42000166

Scanner planetwork

Detection: str:planetwork
Edit View

42000165

Scanner kmccrew

Detection: str:kmccrew
Edit View

42000164

Scanner casper

Detection: str:casper
Edit View

42000163

Scanner twengabot

Detection: str:twengabot
Edit View

42000162

Scanner autoemailspider

Detection: str:autoemailspider
Edit View

42000161

Scanner siphon

Detection: str:siphon
Edit View

42000160

Scanner core-project

Detection: str:core-project/
Edit View

42000159

Scanner webmole

Detection: str:webmole
Edit View

42000158

Scanner webinspect

Detection: str:webinspect
Edit View

42000157

Scanner s.t.a.l.k.e.r

Detection: str:s.t.a.l.k.e.r
Edit View

42000156

Scanner safexplorer

Detection: str:safexplorer
Edit View

42000155

Scanner poe-component-client

Detection: str:poe-component-client
Edit View

42000154

Scanner pmafind

Detection: str:pmafind
Edit View

42000153

Scanner n-stealth

Detection: str:n-stealth
Edit View

42000152

Scanner nsauditor

Detection: str:nsauditor
Edit View

42000151

Scanner whatweb

Detection: str:whatweb
Edit View

42000150

Scanner .nasl

Detection: str:.nasl
Edit View

42000149

Scanner nameofagent

Detection: str:nameofagent
Edit View

42000148

Scanner murzillo

Detection: str:murzillo
Edit View

42000147

Scanner mosiac

Detection: str:mosiac
Edit View

42000146

Scanner morzilla

Detection: str:morzilla
Edit View

42000145

Scanner morfeus

Detection: str:morfeus
Edit View

42000144

Scanner jaascois

Detection: str:jaascois
Edit View

42000143

Scanner internet-exprorer

Detection: str:internet-exprorer
Edit View

42000142

Scanner gameboy

Detection: str:gameboy
Edit View

42000141

Scanner fantombrowser

Detection: str:fantombrowser
Edit View

42000140

Scanner extractor

Detection: str:extractor
Edit View

42000139

Scanner exploit

Detection: str:exploit
Edit View

42000138

Scanner datacha0s

Detection: str:datacha0s
Edit View

42000137

Scanner copyrightcheck

Detection: str:copyrightcheck
Edit View

42000136

Scanner copyguard

Detection: str:copyguard
Edit View

42000135

Scanner cherrypickernice

Detection: str:cherrypicker
Edit View

42000134

Scanner cgichk

Detection: str:cgichk
Edit View

42000133

Scanner bwh3_user_agent

Detection: str:bwh3_user_agent
Edit View

42000132

Scanner blackwidow

Detection: str:blackwidow
Edit View

42000131

Scanner bilbo

Detection: str:bilbo
Edit View

42000130

Scanner backdoor

Detection: str:backdoor
Edit View

42000129

Scanner atomic_email_hunter

Detection: str:atomic_email_hunter
Edit View

42000128

Nessus-Scanner detected

Detection: str:nessus
Edit View

42000127

Scanner Amiga-Aweb

Detection: str:amiga-aweb/3.4
Edit View

42000126

WordPress Uploadify-Access

Detection: str:/uploadify/uploadify.php
Edit View

42000125

WordPress TotalCache-DBCache-Access

Detection: str:/w3tc/dbcache
Edit View

42000124

WP Plugins/Cache - Access

Detection: rx:/wp-content/plugins/(.*)/cache/
Edit View

42000123

WP TimThumb - Cache - Access

Detection: str:/timthumbdir/cache
Edit View

42000122

WP Timthumb - Access

Detection: str:/timthumb.php
Edit View

42000121

GZINFALTE in URL

Detection: str:gzinflate
Edit View

42000120

Linux/Chapro.A Malicious Apache Module CnC - Traffic

Detection: str:c=1&version=
Edit View

42000119

Light Shell2 - CHMOD 777 - Command

Detection: str:_act=777
Edit View

42000118

LightShell2 - PagarMod - Upload Command

Detection: str:_act=Kirim
Edit View

42000117

LightShell2 - PagarMod - List Files - Command

Detection: str:_act=Masuk!
Edit View

42000116

LightShell2 - PagarMod - Run Command

Detection: str:_act=Sikat!
Edit View

42000115

Light Shell2 - Run - Command

Detection: str:_act=Run
Edit View

42000114

PHPINI in URL

Detection: str:php.ini
Edit View

42000113

R57 - WebShell DB_QUERY- Command

Detection: str:cmd=db_query
Edit View

42000112

C99 WebShell Cookie Detected

Detection: str:c999shvars
Edit View

42000111

C99 - WebShell - Access Detected

Detection: str:surl_autofill_include=1
Edit View

42000110

C99 WebShell - Cookie Detected

Detection: str:c999sh_surl
Edit View

42000109

R57 - WebShell Download_File-Command

Detection: str:cmd=download_file
Edit View

42000108

C99 - WebShell - Access

Detection: str:/c99.php
Edit View

42000107

R57 - WebShell-Access

Detection: str:/r57shell.php
Edit View

42000106

Light Shell2 - Upload - Command

Detection: str:_act=Upload
Edit View

42000105

Light Shell2 - List_Files-Command

Detection: str:_act=List files
Edit View

42000104

Light Shell2 - Execute-Command

Detection: str:_act=Execute
Edit View

42000103

FX29 WebShell Quicklaunch Command-Call (POST)

Detection: rx:act=(.*)d=
Edit View

42000102

FX29 WebShell Commands-Panel -Call

Detection: str:cmd_txt=1
Edit View

42000101

FX29 WebShell File-Operation-Command-Call

Detection: str:act=(.*)&f=
Edit View

42000100

FX29 WebShell EVAL-POST-Command

Detection: str:act=eval
Edit View

42000099

FX29 WebShell Encoder-Command

Detection: str:act=encoder
Edit View

42000098

FX29 WebShellSec-Listing-Command

Detection: str:act=f&f=
Edit View

42000097

FX29 WebShell SQL-Command

Detection: str:act=sql&sql_
Edit View

42000096

FX29 WebShell SelfKill-Command

Detection: str:act=selfremove
Edit View

42000095

FX29 WebShell FXMailer-Command

Detection: str:act=fxmailer
Edit View

42000094

FX29 WebShell Quicklaunch Command-Call

Detection: rx:act=(.*)&d=
Edit View

42000093

FX29 WebShell PHPInfo-Command

Detection: str:act=phpinfo
Edit View

42000091

FX29WebShell - Sessioncookie detected

Detection: str:fx29shcook
Edit View

42000090

PHP - Command Passthru detected

Detection: str:passthru
Edit View

42000089

XMLRPC - Access detected (misc Wordpress/Magento-Vulns)

Detection: str:/xmlrpc.php
Edit View

42000088

Possible WordpressPingbackPortScanner

Detection: str:pingback.ping
Edit View

42000087

JOOMLA - Mass-Exploit-Backdoor-Access

Detection: str:/images/stories/story.php
Edit View

42000086

PIWIK-RemoteShell Access

Detection: str:/core/DataTable/Filter/Megre.php
Edit View

42000085

PIWIK-Backdoor-Access

Detection: str:/core/Loader.php
Edit View

42000084

SFTP-config-file access

Detection: str:/sftp-config.json
Edit View

42000083

Tomcat /host-manager/ Access

Detection: str:/host-manager/
Edit View

42000082

Tomcat - Manager - Access

Detection: str:/manager
Edit View

42000081

Apache BalancerManager - Access

Detection: str:/balancer-manager
Edit View

42000080

Apache /server-status - Access

Detection: str:/server-status
Edit View

42000079

VTI_RPC - Access

Detection: str:/_vti_rpc
Edit View

42000078

VTI_ADM - Access

Detection: str:/_vti_adm/
Edit View

42000077

LIBWWW_perl-UA detected

Detection: str:libwww-perl/
Edit View

42000076

VTI_BIN - Access

Detection: str:/_vti_bin/
Edit View

42000075

Yoyo-DDOS-Bot detected (Keep-Alivf))

Detection: str:Keep-Alivf
Edit View

42000074

Yoyo-DDOS-Bot detected

Detection: str:g{ip;
Edit View

42000073

Python-urllib UA, possible Scanner

Detection: str:urllib/
Edit View

42000072

Generic GLOBALS[] in Request

Detection: str:GLOBALS[
Edit View

42000071

PHPMYADMIN setup.php - Access

Detection: str:/scripts/setup.php
Edit View

42000070

possible sql-injection (CAST())

Detection: str:cast(
Edit View

42000069

misc DDOS-UAs

Detection: str:ddos
Edit View

42000068

JAR - Download Request

Detection: str:.jar
Edit View

42000067

Apache mod_proxy Reverse Proxy Exposure (v1)

Detection: rx:^@
Edit View

42000066

Apache mod_proxy Reverse Proxy Exposure

Detection: str::@
Edit View

42000065

Magento XMLRPC-Exploit Attempt

Detection: str:/api/xmlrpc
Edit View

42000064

FeelComz FaTaLisTiCz_Fx Webshell Detected

Detection: str:visitz=
Edit View

42000063

Suspicious User-Agent SimpleClient 1.0

Detection: str:SimpleClient
Edit View

42000062

Generic JOOMLA-Exploit-Attempt (option=com_)

Detection: str:com_
Edit View

42000061

Possible Remote PHP Code Execution (php.pjpg)

Detection: str:.php.pjpg
Edit View

42000060

Access To mm-forms-community upload dir

Detection: str:/wp-content/plugins/mm-forms-community/upload/temp/
Edit View

42000059

Possible unwanted Upload / Access To mm-forms-community upload dir

Detection: str:wp-content/plugins/mm-forms-community/includes/doajaxfileupload.php
Edit View

42000058

PHPMyAdmin BackDoor Access

Detection: str:/server_sync.php
Edit View

42000057

Possible JBoss/JMX InvokerServlet Auth Bypass Attempt

Detection: str:/invoker/JMXInvokerServlet/
Edit View

42000056

PhpTax Possible Remote Code Exec

Detection: str:&pfilez=
Edit View

42000055

WEBMIN /file/show.cgi Remote Command Execution

Detection: str:/file/show.cgi/bin/
Edit View

42000054

HEX_string found

Detection: str:hex(
Edit View

42000053

GIT_Repo-Access

Detection: str:.git/
Edit View

42000052

SVN_Repo-Access

Detection: str:.svn/
Edit View

42000051

Nikto-Scanner UA detected

Detection: str:Nikto
Edit View

42000050

PHP_EXEC_COMAND

Detection: str:exec(
Edit View

42000049

PHP_SYSTEM_CMD

Detection: str:system(
Edit View

42000048

PHPINFO - in URL/ARGS

Detection: str:phpinfo
Edit View

42000047

PHPMyAdmin - Scripts/Setup-Request

Detection: str:/scripts/setup.php
Edit View

42000046

DFind w00tw00t GET-Requests

Detection: str:/w00tw00t
Edit View

42000045

WebShag Web Application Scan Detected

Detection: str:webshag
Edit View

42000044

Wikto Scan

Detection: str:/.adSensePostNotThereNoNobook
Edit View

42000043

WhatWeb Web Application Fingerprint Scanner Default User-Agent Detected

Detection: str:WhatWeb/
Edit View

42000042

Open-Proxy ScannerBot (webcollage-UA)

Detection: str: webcollage/
Edit View

42000040

Toata Scanner User-Agent Detected

Detection: str:Toata dragostea
Edit View

42000039

Suspicious User-Agent inbound (bot)

Detection: str:bot/
Edit View

42000038

Springenwerk XSS Scanner User-Agent Detected

Detection: str:Springenwerk
Edit View

42000037

kipfish Web Application Scan Detected

Detection: str:Mozilla/5.0 SF
Edit View

42000036

DirBuster Web App Scan in Progress

Detection: str:DirBuster
Edit View

42000035

Automated Injection Tool User-Agent (AutoGetColumn)

Detection: str:AutoGetColumn
Edit View

42000034

Absinthe SQL Injection Tool HTTP Header Detected

Detection: str:Absinthe
Edit View

42000033

Base64Decode in URI

Detection: str:base64
Edit View

42000032

PHP-EVAL - Attempt

Detection: str:eval(
Edit View

42000031

Muieblackcat scanner

Detection: str:/muieblackcat
Edit View

42000030

/proc/self - Access in URI

Detection: str:/proc/self/
Edit View

42000029

/bin/sh in URI Possible Shell Command Execution Attempt

Detection: str:/bin/sh
Edit View

42000028

/bin/bash in URI Possible Shell Command Execution Attempt

Detection: str:/bin/bash
Edit View

42000027

Tilde in URI, potential .cgi source disclosure vulnerability

Detection: str:.cgi~
Edit View

42000026

Tilde in URI, potential .aspx source disclosure vulnerability

Detection: str:.aspx~
Edit View

42000025

Tilde in URI, potential .asp source disclosure vulnerability

Detection: str:.asp~
Edit View

42000024

Tilde in URI, potential .conf source disclosure vulnerability

Detection: str:.conf~
Edit View

42000023

Tilde in URI, potential .inc source disclosure vulnerability

Detection: str:.inc~
Edit View

42000022

Tilde in URI, potential .pl source disclosure vulnerability

Detection: str:.pl~
Edit View

42000021

Tilde in URI, potential .php source disclosure vulnerability

Detection: str:.php~
Edit View

42000020

ASPX_file access

Detection: str:.aspx
Edit View

42000019

Attack Tool Revolt Scanner

Detection: str:revolt
Edit View

42000018

PHP Easteregg Information-Disclosure (funny-logo)

Detection: str:PHPE9568F36-D428-11d2-A769-00AA001ACF42
Edit View

42000017

PHP Easteregg Information-Disclosure (zend-logo)

Detection: str:PHPE9568F35-D428-11d2-A769-00AA001ACF42
Edit View

42000016

PHP Easteregg Information-Disclosure (php-logo)

Detection: str:PHPE9568F34-D428-11d2-A769-00AA001ACF42
Edit View

42000015

PHP Easteregg Information-Disclosure (phpinfo)

Detection: str:PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000
Edit View

42000014

Bot Search RFI Scan (Casper-Like MaMa Cyber/ebes)

Detection: str:MaMa
Edit View

42000013

Bot Search RFI Scan (Casper-Like, Jcomers Bot scan)

Detection: str:Jcomers Bot
Edit View

42000012

Bot Search RFI Scan (ByroeNet/Casper-Like sun4u)

Detection: str:Mozilla/4.76 [ru] (X11; U; SunOS 5.7 sun4u)
Edit View

42000011

Bot Search RFI Scan (ByroeNet/Casper-Like, planetwork

Detection: str:plaNETWORK
Edit View

42000010

Casper Bot Search RFI Scan

Detection: str:Casper Bot
Edit View

42000009

PHP Attack Tool Morfeus F Scanner - M

Detection: str:M Fucking Scanner
Edit View

42000008

PHP Attack Tool Morfeus F Scanner

Detection: str:Morpheus
Edit View

42000007

/system32/ in Uri - Possible Protected Directory Access Attempt

Detection: str:/system32/
Edit View

42000006

cmd.exe In URI

Detection: str:/cmd.exe
Edit View

42000005

xp_cmdshell Attempt in Cookie

Detection: str:xp_cmdshell
Edit View

42000004

CGI_file access

Detection: str:.cgi
Edit View

42000003

ASP_file access

Detection: str:.asp
Edit View

42000002

PHP-file-access

Detection: str:.php
Edit View