Tag
low
advisory
Web Server Error Response Spike Indicating Reconnaissance
2 rules 2 TTPsAn unusual spike in web server error codes (500, 502, 503, 504) may indicate reconnaissance activities like vulnerability scanning or fuzzing, where attackers probe for weaknesses, potentially leading to exploitation of server-side issues.
Nginx +4
web-server
reconnaissance
vulnerability-scanning
fuzzing
2r
2t
low
advisory
Web Server Reconnaissance via Unusual User Agents
2 rules 4 TTPsDetection of unusual spikes in web server requests with uncommon or suspicious user-agent strings indicative of reconnaissance attempts to identify web application vulnerabilities or brute-force attacks.
Nginx +4
web-server
reconnaissance
vulnerability-scanning
user-agent
2r
4t