☢MiG☢
2025-01-12 16:05:01
(7 hours ago)
"GET /AwsConfig.json HTTP/1.1" 403 3953 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gec ... show more "GET /AwsConfig.json HTTP/1.1" 403 3953 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0" show less
Web App Attack
thedreamer.nl
2025-01-10 06:38:03
(2 days ago)
109.110.169.31 - - [10/Jan/2025:07:37:39 +0100] "GET /frontend/web/debug/default/view HTTP/1.1" 404 ... show more 109.110.169.31 - - [10/Jan/2025:07:37:39 +0100] "GET /frontend/web/debug/default/view HTTP/1.1" 404 555 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" "GB" "Coventry" "52.40640" "-1.50820"
109.110.169.31 - - [10/Jan/2025:07:37:50 +0100] "GET /client_secrets.json HTTP/1.1" 404 153 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0" "GB" "Coventry" "52.40640" "-1.50820"
109.110.169.31 - - [10/Jan/2025:07:37:58 +0100] "GET /.aws/credentials HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" "GB" "Coventry" "52.40640" "-1.50820"
109.110.169.31 - - [10/Jan/2025:07:38:02 +0100] "GET /app_dev.php/_profiler/phpinfo HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36" "GB" "Coventry" "52.40640" "-1.50820"
... show less
Brute-Force
Bad Web Bot
TPI-Abuse
2025-01-07 10:24:28
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 109.110.169.31 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 109.110.169.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 07 05:24:19.651742 2025] [security2:error] [pid 25949:tid 25949] [client 109.110.169.31:42685] [client 109.110.169.31] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.exorex.com"] [uri "/redmine/.env"] [unique_id "Z30A0we_20-s_SC1go08xwAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-12-19 00:00:25
(3 weeks ago)
Attempted brute force login to web vpn
Hacking
Brute-Force
Anonymous
2024-12-18 00:20:33
(3 weeks ago)
Attempted brute force login to web vpn
Hacking
Brute-Force
Anonymous
2024-12-17 21:13:07
(3 weeks ago)
Attempted brute force login to web vpn
Hacking
Brute-Force
☢MiG☢
2024-12-14 03:00:37
(4 weeks ago)
"GET /owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php HTTP/1.1" 404 395 ... show more "GET /owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php HTTP/1.1" 404 3954 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:105.0) Gecko/20100101 Firefox/105.0" show less
Web App Attack
oncord
2024-12-11 08:26:58
(1 month ago)
Form spam
Web Spam
wil.com
2024-12-10 16:06:22
(1 month ago)
GlobalProtect login attempts with user jvalenzuela.
VPN IP
Brute-Force
Anonymous
2024-09-09 05:34:13
(4 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
oncord
2024-09-04 05:50:08
(4 months ago)
Form spam
Web Spam
TPI-Abuse
2024-09-04 02:28:45
(4 months ago)
(mod_security) mod_security (id:217280) triggered by 109.110.169.31 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:217280) triggered by 109.110.169.31 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 03 22:28:38.139068 2024] [security2:error] [pid 32206:tid 32206] [client 109.110.169.31:58783] [client 109.110.169.31] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\n|\\\\r)+(?:get|post|head|options|connect|put|delete|trace|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "137"] [id "217280"] [rev "6"] [msg "COMODO WAF: HTTP Request Smuggling Attack||dibaplac.com|F|2"] [data "Matched Data: move found within MATCHED_VAR"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "dibaplac.com"] [uri "/index-4.html"] [unique_id "ZtfF1rTMsre3UyzNMY444AAAAAs"], referer: https://dibaplac.com/index-4.html show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-09-03 01:40:46
(4 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
oncord
2024-09-02 12:22:31
(4 months ago)
Form spam
Web Spam
Anonymous
2024-09-01 10:34:54
(4 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH