Anonymous
2024-12-11 21:45:51
(2 days ago)
GET / HTTP/1.1
GET / HTTP/1.1
GET / HTTP/1.1
Bad Web Bot
Web App Attack
SOC [GOLINE SA]
2024-12-07 14:39:03
(6 days ago)
(mod_security) mod_security (id:949110) triggered by 146.4.22.173 (CH/Switzerland/Zurich/Wetzikon/17 ... show more (mod_security) mod_security (id:949110) triggered by 146.4.22.173 (CH/Switzerland/Zurich/Wetzikon/173.22.4.146.static.wline.lns.sme.cust.swisscom.ch/[AS3303 Bluewin]): 1 in the last 3600 secs; IP: 146.4.22.173; Ports: *; Direction: 0; Trigger: LF_TRIGGER; Logs: [Sat Dec 07 15:39:01.387754 2024] [security2:error] [pid 285443:tid 285527] [client 146.4.22.173:38352] [client 146.4.22.173] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "speedtest.goline.ch"] [uri "/"] [unique_id "Z1ReBW0iynCiBQE88BoqzQAAAAQ"] show less
Brute-Force
SOC [GOLINE SA]
2024-11-20 04:29:02
(3 weeks ago)
(mod_security) mod_security (id:949110) triggered by 146.4.22.173 (CH/Switzerland/Zurich/Wetzikon/17 ... show more (mod_security) mod_security (id:949110) triggered by 146.4.22.173 (CH/Switzerland/Zurich/Wetzikon/173.22.4.146.static.wline.lns.sme.cust.swisscom.ch/[AS3303 Bluewin]): 1 in the last 3600 secs; IP: 146.4.22.173; Ports: *; Direction: 0; Trigger: LF_TRIGGER; Logs: [Wed Nov 20 05:28:58.940510 2024] [security2:error] [pid 994689:tid 994734] [client 146.4.22.173:36980] [client 146.4.22.173] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.goline.ch"] [uri "/"] [unique_id "Zz1lijcGQssVQwcf1-hm5QAAAFI"], referer: https://ns.goline.ch show less
Brute-Force
Anonymous
2024-11-14 07:53:39
(4 weeks ago)
Ports: *; Direction: 0; Trigger: CT_LIMIT
Brute-Force
SSH
backslash
2024-09-15 06:06:36
(2 months ago)
Bad Web Bot
blizzard
2024-08-25 00:03:13
(3 months ago)
Unauthorized HTTP/1.1 request, ignoring robots.txt: (ASN: 3303) (Network: SWISSCOM Swisscom Switzerl ... show more Unauthorized HTTP/1.1 request, ignoring robots.txt: (ASN: 3303) (Network: SWISSCOM Swisscom Switzerland Ltd) (Method: GET) (Path: /favicon.ico) (Query: ) (User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:13.0) Gecko/20100101 Firefox/13.0) show less
Port Scan
Hacking
SQL Injection
Bad Web Bot
Exploited Host
Web App Attack
blizzard
2024-06-23 06:39:49
(5 months ago)
Unauthorized HTTP/1.1 request, ignoring robots.txt: (ASN: 3303) (Network: SWISSCOM Swisscom Switzerl ... show more Unauthorized HTTP/1.1 request, ignoring robots.txt: (ASN: 3303) (Network: SWISSCOM Swisscom Switzerland Ltd) (Method: GET) (Path: /) (Query: ) (User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36 Edg/88.0.705.81) show less
Port Scan
Port Scan
Hacking
Hacking
SQL Injection
SQL Injection
Bad Web Bot
Bad Web Bot
Exploited Host
Exploited Host
Web App Attack
Web App Attack
blizzard
2024-06-03 21:20:37
(6 months ago)
Unauthorized HTTP/1.1 request, ignoring robots.txt: (ASN: 3303) (Network: SWISSCOM Swisscom Switzerl ... show more Unauthorized HTTP/1.1 request, ignoring robots.txt: (ASN: 3303) (Network: SWISSCOM Swisscom Switzerland Ltd) (Method: GET) (Path: /favicon.ico) (Query: ) (User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0) show less
Port Scan
Hacking
SQL Injection
Bad Web Bot
Exploited Host
Web App Attack
Anonymous
2024-05-28 14:28:32
(6 months ago)
Aggressive web scan
Web App Attack
Anonymous
2024-05-09 02:31:39
(7 months ago)
Ports: *; Direction: 0; Trigger: CT_LIMIT
Brute-Force
SSH
Anonymous
2024-04-23 10:32:17
(7 months ago)
Ports: *; Direction: 0; Trigger: CT_LIMIT
Brute-Force
SSH
Anonymous
2024-04-15 14:59:29
(7 months ago)
Ports: *; Direction: 0; Trigger: CT_LIMIT
Brute-Force
SSH
filou812
2023-09-19 17:09:12
(1 year ago)
urls tried are "/security.txt", "/.well-known/security.txt"
Web App Attack
uhlhosting
2023-09-19 13:28:02
(1 year ago)
tabaklaedeli.ch 146.4.22.173 - - [19/Sep/2023:14:04:10.837718 +0200] "GET /.well-known/security.txt ... show more tabaklaedeli.ch 146.4.22.173 - - [19/Sep/2023:14:04:10.837718 +0200] "GET /.well-known/security.txt HTTP/1.1" 403 199 "-" "-" ZQmOOhr1uBo0oOTxQ5kGZAAAAMs "-" /apache/20230919/20230919-1404/20230919-140410-ZQmOOhr1uBo0oOTxQ5kGZAAAAMs 0 1145 md5:ff352f1abbb52b507d836ed79f6c8667
garage-allstars.ch 146.4.22.173 - - [19/Sep/2023:14:45:43.590818 +0200] "GET /security.txt HTTP/1.1" 403 199 "-" "-" ZQmX91u1tmbzFmlnScKHxAAAAE4 "-" /apache/20230919/20230919-1445/20230919-144543-ZQmX91u1tmbzFmlnScKHxAAAAE4 0 1756 md5:cfb66870e1a0320f4df48305d4a508c3
garage-allstars.ch 146.4.22.173 - - [19/Sep/2023:14:45:43.677997 +0200] "GET /.well-known/security.txt HTTP/1.1" 403 199 "-" "-" ZQmX9wpxzh-fCNwh5ij5rQAAAIo "-" /apache/20230919/20230919-1445/20230919-144543-ZQmX9wpxzh-fCNwh5ij5rQAAAIo 0 1148 md5:3d85471ee5c047bb090adc0885d9fb68
taxigut.ch 146.4.22.173 - - [19/Sep/2023:15:28:01.780027 +0200] "GET /security.txt HTTP/1.1" 403 199 "-" "-" ZQmh4Qpxzh-fCNwh5ij8mQAAAII "-" /apache/20230919/20230919-1528/
... show less
DDoS Attack
Brute-Force
4server
2023-09-19 09:42:35
(1 year ago)
[TueSep1911:42:27.4017222023][security2:error][pid12797:tid47479275955968][client146.4.22.173:0][cli ... show more [TueSep1911:42:27.4017222023][security2:error][pid12797:tid47479275955968][client146.4.22.173:0][client146.4.22.173]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"python-requests/\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"187\"][id\"332039\"][rev\"4\"][msg\"Atomicorp.comWAFRules:SuspiciousUnusualUserAgent\(python-requests\).Disablethisruleifyouusepython-requests/.\"][severity\"CRITICAL\"][hostname\"escort-lugano-ticino.ch\"][uri\"/security.txt\"][unique_id\"ZQltA3vBkhym352mre7X0QAAAIk\"][TueSep1911:42:27.9543232023][security2:error][pid12797:tid47479275955968][client146.4.22.173:0][client146.4.22.173]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"python-requests/\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"187\"][id\"332039\"][rev\"4\"][msg\"Atomicorp.comWAFRules:SuspiciousUnusualUserAgent\(python-requests\).Disablethisruleifyouusepython-requests/.\"][severity\"CRITIC show less
Port Scan
Brute-Force
Web App Attack