Skip to content
Threat Feed

Tag

Fuzzing

4 briefs RSS
low advisory

Web Server Error Response Spike Indicating Reconnaissance

An unusual spike in web server error codes (500, 502, 503, 504) may indicate reconnaissance activities like vulnerability scanning or fuzzing, where attackers probe for weaknesses, potentially leading to exploitation of server-side issues.

Nginx +4 web-server reconnaissance vulnerability-scanning fuzzing
2r 2t
low advisory

Web Server Discovery or Fuzzing Activity Detection

This rule detects potential web server discovery or fuzzing activity by identifying a high volume of HTTP GET requests resulting in 404 or 403 status codes from a single source IP address within a short timeframe, indicating attackers discovering hidden resources for targeted attacks.

Nginx +4 web-server fuzzing reconnaissance web
2r 2t
low advisory

Web Server Discovery or Fuzzing Activity Detected

Detection of web server discovery or fuzzing activity indicated by a high volume of HTTP GET requests resulting in 404 or 403 status codes originating from a single source IP address within a short timeframe, suggesting attempts to discover hidden resources.

Nginx +4 web-server fuzzing reconnaissance web-application
2r 2t
low advisory

Web Server Discovery or Fuzzing Activity

Detection of potential web server discovery or fuzzing activity characterized by a high volume of HTTP GET requests resulting in 404 or 403 status codes originating from a single source IP address within a short timeframe, indicating attackers are probing for hidden resources.

Nginx +4 reconnaissance web-server fuzzing
2r 2t