๐บ๐ธ
TPI-Abuse
2024-08-23 16:16:14
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 109.237.99.219 (worried-button_n2.aeza.network) ...
show more
(mod_security) mod_security (id:210492) triggered by 109.237.99.219 (worried-button_n2.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 23 12:16:06.797720 2024] [security2:error] [pid 11740:tid 11740] [client 109.237.99.219:45074] [client 109.237.99.219] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bickleton.org"] [uri "/bluebird-inn/MYzoomsounds/"] [unique_id "Zsi1xvDhTsLg2Mz1l4I87gAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
tjs
2024-08-23 12:51:00
(1 year ago)
web attack
Hacking
Web App Attack
๐ฎ๐ฉ
hermawan
2024-08-23 04:36:10
(1 year ago)
[Fri Aug 23 10:42:02.936522 2024] [security2:error] [pid 126936:tid 137842156111424] [client 109.237 ...
show more
[Fri Aug 23 10:42:02.936522 2024] [security2:error] [pid 126936:tid 137842156111424] [client 109.237.99.219:56604] [client 109.237.99.219] ModSecurity: Access denied with code 403 (phase 2). Operator GT matched 400 at ARGS:password. [file "/etc/modsecurity/coreruleset-4.5.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1387"] [id "920370"] [msg "Argument value too long"] [data "ARGS:password=519"] [severity "CRITICAL"] [ver "OWASP_CRS/4.5.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "staklim-malang.info"] [uri "/index.php/component/users"] [unique_id "ZsgFCp8dNz-IYtPJKmzUMQAAAAo"] [staklim-malang.info] [staklim-malang.info] top=[126988] [XD/vjglzGSs] [ZsgFCp8dNz-IYtPJKmzUMQAAAAo] keep_alive=[0] [2024-08-23 10:42:02.936526] [R:ZsgFCp8dNz-IYtPJKmzUMQAAAAo] UA:'Mozilla/5.0 (Windows NT 6.1; 8855 ; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Ch
...
show less
Hacking
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2024-08-23 03:52:00
(1 year ago)
109.237.99.219 - - [23/Aug/2024:06:51:59 +0300] "GET /administrator/index.php HTTP/1.1" 404 275 "-" ...
show more
109.237.99.219 - - [23/Aug/2024:06:51:59 +0300] "GET /administrator/index.php HTTP/1.1" 404 275 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
...
show less
Web App Attack
Anonymous
2024-08-23 03:22:14
(1 year ago)
Ports: 80,443; Direction: 1; Trigger: LF_CXS
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2024-08-23 02:17:00
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 109.237.99.219 (worried-button_n2.aeza.network) ...
show more
(mod_security) mod_security (id:210492) triggered by 109.237.99.219 (worried-button_n2.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 22 22:16:53.343528 2024] [security2:error] [pid 1691346:tid 1691346] [client 109.237.99.219:37628] [client 109.237.99.219] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.letmespeakpodcast.com"] [uri "/MYzoomsounds/"] [unique_id "ZsfxFbUkY2XzqfZeK-XGDwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-23 02:15:37
(1 year ago)
HTTP index attack
DDoS Attack
๐บ๐ธ
TPI-Abuse
2024-08-23 00:48:27
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 109.237.99.219 (worried-button_n2.aeza.network) ...
show more
(mod_security) mod_security (id:225170) triggered by 109.237.99.219 (worried-button_n2.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 22 20:48:23.700708 2024] [security2:error] [pid 3372756:tid 3372756] [client 109.237.99.219:38868] [client 109.237.99.219] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.nivotrol.innovacionesnimba.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.nivotrol.innovacionesnimba.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZsfcVwxbp9Rh5QIgV0seKwAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
stinpriza
2024-08-22 21:57:04
(1 year ago)
Drupal Authentication failure
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-08-22 19:00:16
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 109.237.99.219 (worried-button_n2.aeza.network) ...
show more
(mod_security) mod_security (id:210492) triggered by 109.237.99.219 (worried-button_n2.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 22 15:00:12.416002 2024] [security2:error] [pid 7895:tid 7895] [client 109.237.99.219:38272] [client 109.237.99.219] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.emeraldhighlands.org"] [uri "/Assets/.env"] [unique_id "ZseKvBkAm1XBvNd0SH7GqwAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-08-22 18:13:07
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 109.237.99.219 (worried-button_n2.aeza.network) ...
show more
(mod_security) mod_security (id:210492) triggered by 109.237.99.219 (worried-button_n2.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 22 14:13:02.559001 2024] [security2:error] [pid 24142:tid 24142] [client 109.237.99.219:49930] [client 109.237.99.219] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nebraskaadaptivesports.org"] [uri "/.env"] [unique_id "Zsd_rlBDT2KanC9y5MmwswAAAB8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-22 15:57:32
(1 year ago)
[16:57:31] 4*: Exploit attempt against non-existent file - //vendor/phpunit/phpunit/src/Util/PHP/eva ...
show more
[16:57:31] 4*: Exploit attempt against non-existent file - //vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php (Repeat abuser, 5 other attacks previously recorded.)
show less
Hacking
Web App Attack
๐น๐ญ
MWA SOC
2024-08-22 15:18:37
(1 year ago)
Hacking
๐บ๐ธ
TPI-Abuse
2024-08-22 14:59:28
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 109.237.99.219 (worried-button_n2.aeza.network) ...
show more
(mod_security) mod_security (id:225170) triggered by 109.237.99.219 (worried-button_n2.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 22 10:59:21.862574 2024] [security2:error] [pid 19264:tid 19264] [client 109.237.99.219:33610] [client 109.237.99.219] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.sonarweapons.info|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.sonarweapons.info"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZsdSSfq72zv0vNOAxRtGsAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ท๐บ
apitree
2024-08-22 12:31:44
(1 year ago)
suspicious behavior judging by the logs from the server
Phishing
Port Scan
Hacking
Spoofing
Bad Web Bot