[Silicon Defense logo]

SnortSnarf signature page

SERVER-WEBAPP PHPUnit PHP remote code execution attempt

SnortSnarf v021111.1

Signature section (933)Top 20 source IPsTop 20 dest IPs

152 alerts with this signature using input module SnortFileInput, with sources:

Earliest such alert at 21:03:50.792744 on 10/31/2020
Latest such alert at 19:30:23.473400 on 09/26/2021

SERVER-WEBAPP PHPUnit PHP remote code execution attempt 24 sources 1 destinations
Priority: 1Classification: Web Application Attack
[sid:45749] [CVE:2017-9841]

Sources triggering this attack signature

Source# Alerts (sig)# Alerts (total)# Dsts (sig)# Dsts (total)
104.131.29.93282811
52.247.113.177272711
118.27.32.69252511
161.35.143.115242411
159.89.43.50242411
207.154.208.764411
45.88.12.1682211
185.204.1.2172211
192.228.100.981111
18.237.205.1641111
164.100.125.711111
47.52.255.2021111
94.191.110.2001311
31.210.20.561111
94.191.75.1451111
194.146.50.1941111
93.190.217.981111
119.29.148.1681311
35.247.157.1581111
128.199.46.1781111
13.78.126.1051111
111.231.203.1291111
82.146.39.471111
137.135.113.1451111

Destinations receiving this attack signature

Destinations# Alerts (sig)# Alerts (total)# Srcs (sig)# Srcs (total)
192.168.0.3815292924557

SnortSnarf brought to you courtesy of Silicon Defense
Authors: Jim Hoagland and Stuart Staniford
See also the Snort Page by Marty Roesch
Page generated at Tue Sep 28 07:01:02 2021