Web Detections

Name	Data Source	Technique	Type	Analytic Story	Date
PaperCut NG Remote Web Access Attempt	Suricata	T1133 T1190	TTP	PaperCut MF NG Vulnerability	2026-05-13
Hunting for Log4Shell	Nginx Access	T1133 T1190	Hunting	CISA AA22-320A, Log4Shell CVE-2021-44228	2026-05-13
Windows IIS Server PSWA Console Access	Windows IIS	T1190	Hunting	CISA AA24-241A	2026-05-13
Zscaler Exploit Threat Blocked		T1566	TTP	Zscaler Browser Proxy Threats	2026-05-13
Zscaler Malware Activity Threat Blocked		T1566	Anomaly	Zscaler Browser Proxy Threats	2026-05-13
Web Remote ShellServlet Access	Nginx Access	T1190	TTP	GhostRedirector IIS Module and Rungan Backdoor, CVE-2023-22515 Privilege Escalation Vulnerability Confluence Data Center and Server	2026-05-13
Web Spring4Shell HTTP Request Class Module	Splunk Stream HTTP	T1133 T1190	TTP	Spring4Shell CVE-2022-22965	2026-05-13
Zscaler Behavior Analysis Threat Blocked		T1566	Anomaly	Zscaler Browser Proxy Threats	2026-05-13
SAP NetWeaver Visual Composer Exploitation Attempt	Suricata	T1190	Hunting	SAP NetWeaver Exploitation	2026-05-13
Unusually Long Content-Type Length		N/A	Anomaly	Apache Struts Vulnerability	2026-05-13
Log4Shell JNDI Payload Injection with Outbound Connection		T1133 T1190	Anomaly	CISA AA22-320A, Log4Shell CVE-2021-44228	2026-05-13
JetBrains TeamCity Authentication Bypass CVE-2024-27198	Suricata	T1190	TTP	JetBrains TeamCity Vulnerabilities	2026-05-13
Zscaler Phishing Activity Threat Blocked		T1566	Anomaly	Zscaler Browser Proxy Threats, Hellcat Ransomware	2026-05-13
Tomcat Session Deserialization Attempt	Nginx Access	T1190 T1505.003	Anomaly	Apache Tomcat Session Deserialization Attacks	2026-05-13
Zscaler Scam Destinations Threat Blocked		T1566	Anomaly	Zscaler Browser Proxy Threats	2026-05-13
Cisco IOS XE Implant Access	Suricata	T1190	TTP	Cisco IOS XE Software Web Management User Interface vulnerability	2026-05-13
Zscaler Virus Download threat blocked		T1566	Anomaly	Zscaler Browser Proxy Threats	2026-05-13
Zscaler Potentially Abused File Download		T1566	Anomaly	Zscaler Browser Proxy Threats	2026-05-13
Adobe ColdFusion Access Control Bypass	Suricata	T1190	Anomaly	Adobe ColdFusion Arbitrary Code Execution CVE-2023-29298 CVE-2023-26360	2026-05-13
Juniper Networks Remote Code Execution Exploit Detection	Suricata	T1059 T1105 T1190	TTP	Juniper JunOS Remote Code Execution	2026-05-13
Adobe ColdFusion Unauthenticated Arbitrary File Read	Suricata	T1190	Anomaly	Adobe ColdFusion Arbitrary Code Execution CVE-2023-29298 CVE-2023-26360	2026-05-13
Zscaler Employment Search Web Activity		T1566	Anomaly	Zscaler Browser Proxy Threats	2026-05-13
HTTP Duplicated Header	Suricata	T1071.001 T1190	Anomaly	HTTP Request Smuggling	2026-05-13
Ivanti EPM SQL Injection Remote Code Execution	Suricata	T1190	TTP	GhostRedirector IIS Module and Rungan Backdoor, Hellcat Ransomware, Ivanti EPM Vulnerabilities	2026-05-13
Spring4Shell Payload URL Request	Nginx Access	T1133 T1190 T1505.003	TTP	Spring4Shell CVE-2022-22965	2026-05-13
Ivanti Connect Secure Command Injection Attempts	Suricata	T1190	TTP	CISA AA24-241A, Ivanti Connect Secure VPN Vulnerabilities	2026-05-13
Confluence Pre-Auth RCE via OGNL Injection CVE-2023-22527	Suricata	T1190	TTP	Confluence Data Center and Confluence Server Vulnerabilities	2026-05-13
Detect Web Access to Decommissioned S3 Bucket	AWS Cloudfront	T1485	Anomaly	Data Destruction, AWS S3 Bucket Security Monitoring	2026-05-13
Ivanti Connect Secure SSRF in SAML Component	Suricata	T1190	TTP	Ivanti Connect Secure VPN Vulnerabilities	2026-05-13
Supernova Webshell		T1133 T1505.003	TTP	NOBELIUM Group, Earth Alux, GhostRedirector IIS Module and Rungan Backdoor	2026-05-13
Windows Exchange Autodiscover SSRF Abuse	Windows IIS	T1133 T1190	TTP	ProxyNotShell, BlackByte Ransomware, Seashell Blizzard, ProxyShell	2026-05-13
JetBrains TeamCity RCE Attempt	Suricata	T1190	TTP	CISA AA23-347A, JetBrains TeamCity Unauthenticated RCE, JetBrains TeamCity Vulnerabilities	2026-05-13
ProxyShell ProxyNotShell Behavior Detected		T1133 T1190	Correlation	ProxyNotShell, Seashell Blizzard, ProxyShell	2026-05-13
JetBrains TeamCity Limited Auth Bypass Suricata CVE-2024-27199	Suricata	T1190	TTP	JetBrains TeamCity Vulnerabilities	2026-05-13
Log4Shell JNDI Payload Injection Attempt	Nginx Access	T1133 T1190	Anomaly	CISA AA22-257A, CISA AA22-320A, Log4Shell CVE-2021-44228	2026-05-13
Detect attackers scanning for vulnerable JBoss servers		T1082 T1133	TTP	SamSam Ransomware, JBoss Vulnerability	2026-05-13
High Volume of Bytes Out to Url	Nginx Access	T1567	Anomaly	Hellcat Ransomware, Data Exfiltration	2026-05-13
Windows SharePoint Spinstall0 GET Request	Suricata	T1190 T1505.003 T1552	TTP	Microsoft SharePoint Vulnerabilities	2026-05-13
WS FTP Remote Code Execution	Suricata	T1190	TTP	WS FTP Server Critical Vulnerabilities	2026-05-13
Access to Vulnerable Ivanti Connect Secure Bookmark Endpoint	Suricata	T1190	TTP	CISA AA24-241A, Ivanti Connect Secure VPN Vulnerabilities	2026-05-13
Zscaler Privacy Risk Destinations Threat Blocked		T1566	Anomaly	Zscaler Browser Proxy Threats	2026-05-13
VMWare Aria Operations Exploit Attempt	Palo Alto Network Threat	T1068 T1133 T1190 T1210	TTP	VMware Aria Operations vRealize CVE-2023-20887	2026-05-13
Nginx ConnectWise ScreenConnect Authentication Bypass	Nginx Access	T1190	TTP	Hellcat Ransomware, Scattered Lapsus$ Hunters, Seashell Blizzard, ConnectWise ScreenConnect Vulnerabilities	2026-05-13
Tomcat Session File Upload Attempt	Nginx Access	T1190 T1505.003	Anomaly	Apache Tomcat Session Deserialization Attacks	2026-05-13
Microsoft SharePoint Server Elevation of Privilege	Suricata	T1068	Anomaly	Microsoft SharePoint Server Elevation of Privilege CVE-2023-29357	2026-05-13
Detect F5 TMUI RCE CVE-2020-5902		T1190	TTP	F5 TMUI RCE CVE-2020-5902	2026-05-13
Fortinet Appliance Auth bypass	Palo Alto Network Threat	T1133 T1190	TTP	CVE-2022-40684 Fortinet Appliance Auth bypass	2026-05-13
Citrix ADC and Gateway CitrixBleed 2 Memory Disclosure	Suricata	T1190	Anomaly	Citrix NetScaler ADC and NetScaler Gateway CVE-2025-5777	2026-05-13
SQL Injection with Long URLs		T1190	TTP	GhostRedirector IIS Module and Rungan Backdoor, SQL Injection	2026-05-13
Detect Remote Access Software Usage URL	Palo Alto Network Threat	T1219	Anomaly	CISA AA24-241A, Ransomware, Insider Threat, Command And Control, Remote Monitoring and Management Software, Scattered Lapsus$ Hunters, Interlock Ransomware	2026-05-13
Ivanti EPMM Remote Unauthenticated API Access CVE-2023-35082	Suricata	T1133 T1190	TTP	Ivanti EPMM Remote Unauthenticated Access	2026-05-13
Web Spring Cloud Function FunctionRouter	Splunk Stream HTTP	T1133 T1190	TTP	Spring4Shell CVE-2022-22965	2026-05-13
Zscaler CryptoMiner Downloaded Threat Blocked		T1566	Anomaly	Zscaler Browser Proxy Threats	2026-05-13
Windows SharePoint ToolPane Endpoint Exploitation Attempt	Suricata	T1190 T1505.003	TTP	Microsoft SharePoint Vulnerabilities	2026-05-13
F5 TMUI Authentication Bypass	Suricata	N/A	TTP	F5 Authentication Bypass with TMUI	2026-05-13
HTTP Request to Reserved Name on IIS Server	Suricata	T1071.001 T1190	TTP	HTTP Request Smuggling	2026-05-13
Confluence CVE-2023-22515 Trigger Vulnerability	Suricata	T1190	TTP	CVE-2023-22515 Privilege Escalation Vulnerability Confluence Data Center and Server	2026-05-13
Jenkins Arbitrary File Read CVE-2024-23897	Nginx Access	T1190	TTP	Hellcat Ransomware, Jenkins Server Vulnerabilities	2026-05-13
Citrix ADC Exploitation CVE-2023-3519	Palo Alto Network Threat	T1190	Hunting	CISA AA24-241A, Citrix Netscaler ADC CVE-2023-3519	2026-05-13
Confluence Data Center and Server Privilege Escalation	Nginx Access	T1190	TTP	CVE-2023-22515 Privilege Escalation Vulnerability Confluence Data Center and Server, Confluence Data Center and Confluence Server Vulnerabilities	2026-05-13
Exploit Public-Facing Fortinet FortiNAC CVE-2022-39952	Palo Alto Network Threat	T1133 T1190	TTP	Fortinet FortiNAC CVE-2022-39952, Hellcat Ransomware	2026-05-13
Monitor Web Traffic For Brand Abuse		N/A	TTP	Brand Monitoring	2026-05-13
Ivanti Connect Secure System Information Access via Auth Bypass	Suricata	T1190	Anomaly	CISA AA24-241A, Ivanti Connect Secure VPN Vulnerabilities	2026-05-13
Citrix ShareFile Exploitation CVE-2023-24489	Suricata	T1190	Hunting	Citrix ShareFile RCE CVE-2023-24489	2026-05-13
Java Class File download by Java User Agent	Splunk Stream HTTP	T1190	TTP	Log4Shell CVE-2021-44228	2026-05-13
Exploit Public Facing Application via Apache Commons Text	Nginx Access	T1133 T1190 T1505.003	Anomaly	Text4Shell CVE-2022-42889	2026-05-13
Citrix ADC and Gateway Unauthorized Data Disclosure	Suricata	T1190	TTP	Citrix NetScaler ADC and NetScaler Gateway CVE-2023-4966, Scattered Lapsus$ Hunters	2026-05-13
Confluence Unauthenticated Remote Code Execution CVE-2022-26134	Palo Alto Network Threat	T1133 T1190 T1505	TTP	Confluence Data Center and Confluence Server Vulnerabilities, Atlassian Confluence Server and Data Center CVE-2022-26134	2026-05-13
CrushFTP Authentication Bypass Exploitation	CrushFTP	T1059.001 T1059.003 T1190	TTP	Hellcat Ransomware, CrushFTP Vulnerabilities	2026-05-13
Plain HTTP POST Exfiltrated Data	Splunk Stream HTTP	T1048.003	TTP	Data Exfiltration, Command And Control, APT37 Rustonotto and FadeStealer	2026-05-13
Detect malicious requests to exploit JBoss servers		N/A	TTP	SamSam Ransomware, JBoss Vulnerability	2026-05-13
Zscaler Adware Activities Threat Blocked		T1566	Anomaly	Zscaler Browser Proxy Threats	2026-05-13
HTTP Rapid POST with Mixed Status Codes	Nginx Access	T1071.001 T1190 T1595	Anomaly	HTTP Request Smuggling	2026-05-13
CrushFTP Max Simultaneous Users From IP	CrushFTP	T1110.001 T1110.004	Anomaly	CrushFTP Vulnerabilities	2026-05-13
Web JSP Request via URL	Nginx Access	T1133 T1190 T1505.003	TTP	Earth Alux, Spring4Shell CVE-2022-22965	2026-05-13
HTTP Scripting Tool User Agent	Nginx Access	T1071.001	Anomaly	HTTP Request Smuggling, Suspicious User Agents	2026-05-13
ConnectWise ScreenConnect Authentication Bypass	Suricata	T1190	TTP	Seashell Blizzard, ConnectWise ScreenConnect Vulnerabilities	2026-05-13
WordPress Bricks Builder plugin RCE	Nginx Access	T1190	TTP	Hellcat Ransomware, WordPress Vulnerabilities	2026-05-13
JetBrains TeamCity Authentication Bypass Suricata CVE-2024-27198	Suricata	T1190	TTP	Hellcat Ransomware, JetBrains TeamCity Vulnerabilities	2026-05-13
VMware Workspace ONE Freemarker Server-side Template Injection	Palo Alto Network Threat	T1133 T1190	Anomaly	VMware Server Side Injection and Privilege Escalation	2026-05-13
Zscaler Legal Liability Threat Blocked		T1566	Anomaly	Zscaler Browser Proxy Threats	2026-05-13
HTTP Possible Request Smuggling	Suricata	T1071.001	TTP	HTTP Request Smuggling	2026-05-13
Ivanti EPMM Remote Unauthenticated API Access CVE-2023-35078	Suricata	T1133 T1190	TTP	Ivanti EPMM Remote Unauthenticated Access	2026-05-13
VMware Server Side Template Injection Hunt	Palo Alto Network Threat	T1133 T1190	Hunting	VMware Server Side Injection and Privilege Escalation	2026-05-13
Multiple Archive Files Http Post Traffic	Splunk Stream HTTP	T1048.003	TTP	Hellcat Ransomware, Data Exfiltration, Command And Control, APT37 Rustonotto and FadeStealer	2026-05-13