Microsoft Windows Server Administrator
2024-01-10 04:20:06
(1 year ago)
An account failed to log on.
Subject:
Security ID: NULL SID
Account ... show more An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Administrator
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC000006A
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: workstation
Source Network Address: 139.162.45.221
Source Port: 0
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). show less
Port Scan
Hacking
Brute-Force
Web App Attack
INTEQ
2023-12-28 10:19:25
(1 year ago)
Web attack from 139.162.45.221
Web App Attack
SCHAPPY
2023-12-28 04:39:39
(1 year ago)
Bad bot identified by user agent
Bad Web Bot
Dan
2023-12-25 03:09:56
(1 year ago)
RDP on port 80 scanning
Port Scan
Brute-Force
Anonymous
2023-12-24 02:47:34
(1 year ago)
Scenario: crowdsecurity/http-bad-user-agent
Bad Web Bot
Anonymous
2023-12-23 01:00:06
(1 year ago)
139.162.45.221 - autoconfig.sliver85.eu - [23/Dec/2023:01:58:17 +0100] "GET /BFeo HTTP/1.1" 444 "Moz ... show more 139.162.45.221 - autoconfig.sliver85.eu - [23/Dec/2023:01:58:17 +0100] "GET /BFeo HTTP/1.1" 444 "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
139.162.45.221 - autoconfig.sliver85.eu - [23/Dec/2023:01:58:18 +0100] "GET /oNXH HTTP/1.1" 444 "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
... show less
Brute-Force
Web App Attack
Anonymous
2023-12-21 22:03:04
(1 year ago)
139.162.45.221 - autoconfig.sliver85.eu - [21/Dec/2023:23:03:02 +0100] "GET /T9je HTTP/1.1" 444 "Moz ... show more 139.162.45.221 - autoconfig.sliver85.eu - [21/Dec/2023:23:03:02 +0100] "GET /T9je HTTP/1.1" 444 "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
139.162.45.221 - autoconfig.sliver85.eu - [21/Dec/2023:23:03:03 +0100] "GET /s0Bx HTTP/1.1" 444 "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
... show less
Brute-Force
Web App Attack
☢MiG☢
2023-12-21 19:46:53
(1 year ago)
"GET /8YzQ HTTP/1.1" 404 5358 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/ ... show more "GET /8YzQ HTTP/1.1" 404 5358 "-" "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)" show less
Web App Attack
kumiko
2023-12-20 19:16:12
(1 year ago)
[2023-12-20 19:16:11] Known bad bot [Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.or ... show more [2023-12-20 19:16:11] Known bad bot [Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)] show less
Bad Web Bot
Web App Attack
ut-addicted.com
2023-12-20 00:11:52
(1 year ago)
\[Wed Dec 20 01:11:49.947939 2023\] \[:error\] \[pid 29800:tid 140683371308800\] \[client 139.162.45 ... show more \[Wed Dec 20 01:11:49.947939 2023\] \[:error\] \[pid 29800:tid 140683371308800\] \[client 139.162.45.221:46576\] \[client 139.162.45.221\] ModSecurity: Access denied with code 403 \(phase 2\). Operator GE matched 5 at TX:anomaly_score. \[file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-949-BLOCKING-EVALUATION.conf"\] \[line "57"\] \[id "949110"\] \[msg "Inbound Anomaly Score Exceeded \(Total Score: 5\)"\] \[severity "CRITICAL"\] \[tag "application-multi"\] \[tag "language-multi"\] \[tag "platform-multi"\] \[tag "attack-generic"\] \[hostname "www.ut-addicted.com"\] \[uri "/9vZS"\] \[unique_id "ZYIxRSVCr74q359i2MMpFAAAAMo"\] show less
Brute-Force
Web App Attack
Anonymous
2023-12-18 23:00:21
(1 year ago)
139.162.45.221 - autoconfig.sliver85.eu - [18/Dec/2023:23:15:47 +0100] "GET /lMl7 HTTP/1.1" 444 "Moz ... show more 139.162.45.221 - autoconfig.sliver85.eu - [18/Dec/2023:23:15:47 +0100] "GET /lMl7 HTTP/1.1" 444 "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
139.162.45.221 - autoconfig.sliver85.eu - [18/Dec/2023:23:15:48 +0100] "GET /ck8W HTTP/1.1" 444 "Mozilla/5.0 (compatible; Nmap Scripting Engine; https://nmap.org/book/nse.html)"
... show less
Brute-Force
Web App Attack
nextweb
2023-12-16 19:05:10
(1 year ago)
(mod_security) mod_security (id:210801) triggered by 139.162.45.221 (SG/Singapore/-/Singapore/139-16 ... show more (mod_security) mod_security (id:210801) triggered by 139.162.45.221 (SG/Singapore/-/Singapore/139-162-45-221.ip.internet-metrics.com/[AS63949 Akamai Connected Cloud]): 5 in the last 3600 secs (CF_ENABLE) show less
Brute-Force
Anonymous
2023-12-15 23:04:59
(1 year ago)
Scenario: crowdsecurity/http-bad-user-agent
Bad Web Bot
Dan
2023-12-15 22:09:24
(1 year ago)
RDP on port 80 scanning
Port Scan
Brute-Force
Anonymous
2023-12-12 20:14:55
(1 year ago)
Scenario: crowdsecurity/http-bad-user-agent
Bad Web Bot