Starburst SysOp Team
2024-09-04 22:44:38
(2 days ago)
(mod_security-custom) mod_security (id:210381) triggered by 141.98.11.114 (LT/Lithuania/srv-141-98-1 ... show more (mod_security-custom) mod_security (id:210381) triggered by 141.98.11.114 (LT/Lithuania/srv-141-98-11-114.serveroffer.net): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [Wed Sep 04 22:44:35.333880 2024] [:error] [pid 3167527:tid 3167571] [client 141.98.11.114:46276] [client 141.98.11.114] ModSecurity: Access denied with code 403 (phase 2). Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "82"] [id "210381"] [rev "6"] [msg "COMODO WAF: URL Encoding Abuse Attack Attempt||144.126.152.165|F|4"] [data "REQUEST_URI=/%TEMPU380SWIFTCOPYSLIP.exe"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "144.126.152.165"] [uri "/%TEMPU380SWIFTCOPYSLIP.exe"] [unique_id "Ztji01KcvJhVCySTAT5mmAAAAA8"] show less
Brute-Force
powersec
2024-09-04 06:02:14
(3 days ago)
Malicious Network Traffic. Request: GET /---.exe HTTP/1.1
Hacking
Bad Web Bot
Web App Attack
netdevops
2024-09-03 10:58:59
(4 days ago)
141.98.11.114 - - [03/Sep/2024:10:33:19 +0000] "GET /mail.exe HTTP/1.1" 404 134 "-" "BotPoke"
... show more 141.98.11.114 - - [03/Sep/2024:10:33:19 +0000] "GET /mail.exe HTTP/1.1" 404 134 "-" "BotPoke"
141.98.11.114 - - [03/Sep/2024:10:33:19 +0000] "GET /maildate_inst.exe HTTP/1.1" 404 134 "-" "BotPoke"
141.98.11.114 - - [03/Sep/2024:10:33:19 +0000] "GET /mailerbot.exe HTTP/1.1" 404 134 "-" "BotPoke"
141.98.11.114 - - [03/Sep/2024:10:33:20 +0000] "GET /mailo HTTP/1.1" 404 134 "-" "BotPoke"
141.98.11.114 - - [03/Sep/2024:10:58:57 +0000] "GET /webmail.hta HTTP/1.1" 404 134 "-" "BotPoke"
... show less
Brute-Force
Bad Web Bot
zorrigas
2024-08-19 14:47:40
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 141.98.11.114 (LT/Lithuania/srv-141-98-11-114.s ... show more (mod_security) mod_security (id:210730) triggered by 141.98.11.114 (LT/Lithuania/srv-141-98-11-114.serveroffer.net): 5 in the last 3600 secs show less
Brute-Force
juutis
2024-08-19 13:48:40
(2 weeks ago)
Multiple WAF abuses - IP blocked
Hacking
Brute-Force
Web App Attack
kais-universum.de
2024-08-19 13:05:03
(2 weeks ago)
Failed login attempt detected by Fail2Ban in plesk-modsecurity jail
Exploited Host
spyra.rocks
2024-08-19 01:23:01
(2 weeks ago)
Apache
Bad Web Bot
trung.fun
2024-08-17 17:10:07
(3 weeks ago)
DDoS, Hack, Brute Force, Web Attack
...
DDoS Attack
Web Spam
Hacking
Brute-Force
Web App Attack
aks4226
2024-08-16 18:18:10
(3 weeks ago)
Attacking common web applications. (n01)
Web App Attack
powersec
2024-08-16 02:00:12
(3 weeks ago)
Malicious Network Traffic. Request: GET /DHL-Miss%20Craciun%20Ana%20Maria%20%23BW20Feb19.exe HTTP/1. ... show more Malicious Network Traffic. Request: GET /DHL-Miss%20Craciun%20Ana%20Maria%20%23BW20Feb19.exe HTTP/1.1 show less
Hacking
Bad Web Bot
Web App Attack
powersec
2024-08-16 00:03:19
(3 weeks ago)
Malicious Network Traffic. Request: GET /---.exe HTTP/1.1
Hacking
Bad Web Bot
Web App Attack
Aplog
2024-08-15 09:50:02
(3 weeks ago)
[15/Aug/2024:09:46:26.317369 0000] Zr3OctxliiY5cGYsCBoqdQAAAFU 141.98.11.114 37888 127.0.0.1 7080<b ... show more [15/Aug/2024:09:46:26.317369 0000] Zr3OctxliiY5cGYsCBoqdQAAAFU 141.98.11.114 37888 127.0.0.1 7080
X-Real-IP: 141.98.11.114
Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 141.98.11.114] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/modsecurity.d/rules/comodo_free/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||74.208.110.204|F|2"] [data ".bat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "74.208.110.204"] [uri "/0cec6fe99f27c7425eb235e531d19737ea94d3d15208d7533bb677fd2dd89794.bat"] [unique_id "Zr3OctxliiY5cGYsCBoqdQAAAFU"] show less
Web App Attack
Starburst SysOp Team
2024-08-14 07:10:00
(3 weeks ago)
[Wed Aug 14 07:07:32.290309 2024] [:error] [pid 2919315:tid 2919342] [client 141.98.11.114:56376] [c ... show more [Wed Aug 14 07:07:32.290309 2024] [:error] [pid 2919315:tid 2919342] [client 141.98.11.114:56376] [client 141.98.11.114] ModSecurity: Access denied with code 403 (phase 2). Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/usr/local/apache/modsecurity-cwaf/rules/12_HTTP_Protocol.conf"] [line "82"] [id "210381"] [rev "6"] [msg "COMODO WAF: URL Encoding Abuse Attack Attempt||154.12.224.141|F|4"] [data "REQUEST_URI=/%TEMPU380SWIFTCOPYSLIP.exe"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "-"] [uri "/%TEMPU380SWIFTCOPYSLIP.exe"] [unique_id "ZrxXtBuC5cl0oLmZ8TxVhgAAAMA"] show less
Hacking
Brute-Force
Web App Attack
serverobot.de
2024-08-13 12:19:12
(3 weeks ago)
141.98.11.114 - - [13/Aug/2024:14:19:11 +0200] "GET /envifa.vbs HTTP/1.1" 404 146 "-" "BotPoke"<br / ... show more 141.98.11.114 - - [13/Aug/2024:14:19:11 +0200] "GET /envifa.vbs HTTP/1.1" 404 146 "-" "BotPoke"
... show less
Bad Web Bot
Web App Attack
ANTI SCANNER
2024-08-13 06:33:15
(3 weeks ago)
Scanner : /xmrnoadmin.exe
Web Spam