☢MiG☢
2025-01-12 16:04:26
(9 hours ago)
"GET /redmine/.env HTTP/1.1" 403 3951 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:105.0) Gecko/20100101 ... show more "GET /redmine/.env HTTP/1.1" 403 3951 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0" show less
Web App Attack
thedreamer.nl
2025-01-10 06:38:05
(2 days ago)
109.110.169.11 - - [10/Jan/2025:07:37:26 +0100] "GET /.DS_Store HTTP/1.1" 404 153 "-" "Mozilla/5.0 ( ... show more 109.110.169.11 - - [10/Jan/2025:07:37:26 +0100] "GET /.DS_Store HTTP/1.1" 404 153 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:105.0) Gecko/20100101 Firefox/105.0" "GB" "Coventry" "52.40640" "-1.50820"
109.110.169.11 - - [10/Jan/2025:07:37:42 +0100] "GET /db.json HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36" "GB" "Coventry" "52.40640" "-1.50820"
109.110.169.11 - - [10/Jan/2025:07:37:43 +0100] "GET /ws-config.json HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" "GB" "Coventry" "52.40640" "-1.50820"
109.110.169.11 - - [10/Jan/2025:07:38:05 +0100] "GET /owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" "GB" "Coventry" "52.40640" "-1.50820"
... show less
Brute-Force
Bad Web Bot
☢MiG☢
2025-01-07 23:04:44
(5 days ago)
"GET /.env.production HTTP/1.1" 403 3952 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Ge ... show more "GET /.env.production HTTP/1.1" 403 3952 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0" show less
Web App Attack
TPI-Abuse
2025-01-07 10:24:22
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 109.110.169.11 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 109.110.169.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 07 05:24:16.934701 2025] [security2:error] [pid 18826:tid 18826] [client 109.110.169.11:27923] [client 109.110.169.11] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.exorex.com"] [uri "/.env"] [unique_id "Z30A0J8i4ato9o8a2yp7mAAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-12-19 01:16:45
(3 weeks ago)
Attempted brute force login to web vpn
Hacking
Brute-Force
Anonymous
2024-12-18 00:15:48
(3 weeks ago)
Attempted brute force login to web vpn
Hacking
Brute-Force
Anonymous
2024-12-17 20:53:08
(3 weeks ago)
Attempted brute force login to web vpn
Hacking
Brute-Force
wil.com
2024-12-10 16:19:19
(1 month ago)
GlobalProtect login attempts with user mfrench.
VPN IP
Brute-Force
ezsystems.com
2024-09-10 21:29:40
(4 months ago)
Web Spam
oncord
2024-09-09 18:29:12
(4 months ago)
Form spam
Web Spam
TPI-Abuse
2024-09-04 15:18:03
(4 months ago)
(mod_security) mod_security (id:217280) triggered by 109.110.169.11 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:217280) triggered by 109.110.169.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 04 11:17:56.873214 2024] [security2:error] [pid 21377:tid 21377] [client 109.110.169.11:3977] [client 109.110.169.11] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\n|\\\\r)+(?:get|post|head|options|connect|put|delete|trace|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "137"] [id "217280"] [rev "6"] [msg "COMODO WAF: HTTP Request Smuggling Attack||ventivhealthcare.com|F|2"] [data "Matched Data: move found within MATCHED_VAR"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "ventivhealthcare.com"] [uri "/scripts/form-a772-86d8.php"] [unique_id "Zth6JLQLDCgc0bt-q6OcFgAAABI"], referer: http://ventivhealthcare.com/Contact-Us.html show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-09-04 00:51:12
(4 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-09-03 13:47:10
(4 months ago)
(mod_security) mod_security (id:217280) triggered by 109.110.169.11 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:217280) triggered by 109.110.169.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 03 09:47:02.008119 2024] [security2:error] [pid 1252810:tid 1252810] [client 109.110.169.11:11931] [client 109.110.169.11] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\n|\\\\r)+(?:get|post|head|options|connect|put|delete|trace|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "137"] [id "217280"] [rev "6"] [msg "COMODO WAF: HTTP Request Smuggling Attack||www.namisushionline.com|F|2"] [data "Matched Data: get found within MATCHED_VAR"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "www.namisushionline.com"] [uri "/action.php"] [unique_id "ZtcTVlOra3TVKlpmWa719gAAABM"], referer: https://www.namisushionline.com show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-03 13:00:28
(4 months ago)
(mod_security) mod_security (id:217280) triggered by 109.110.169.11 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:217280) triggered by 109.110.169.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 03 09:00:21.921930 2024] [security2:error] [pid 808502:tid 808502] [client 109.110.169.11:48565] [client 109.110.169.11] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\n|\\\\r)+(?:get|post|head|options|connect|put|delete|trace|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "137"] [id "217280"] [rev "6"] [msg "COMODO WAF: HTTP Request Smuggling Attack||jsvnetwork.com|F|2"] [data "Matched Data: get found within MATCHED_VAR"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "jsvnetwork.com"] [uri "/contact.php"] [unique_id "ZtcIZePoxYop6KDnKMNvTQAAAAk"], referer: http://jsvnetwork.com/contact.html show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-09-02 21:49:27
(4 months ago)
Web Spam