|
๐บ๐ธ
kosada.com
|
|
Web bot: denial-of-service flood
|
DDoS Attack
Bad Web Bot
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:217210) triggered by 158.140.180.8 (host-158.140.180-8.myrepublic.co ...
show more
(mod_security) mod_security (id:217210) triggered by 158.140.180.8 (host-158.140.180-8.myrepublic.co.id): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 07:31:38.613829 2026] [security2:error] [pid 7217:tid 7230] [client 158.140.180.8:36915] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?i:(?:[a-z]{3,10}\\\\s+(?:\\\\w{3,7}?://[\\\\w\\\\-\\\\./]*(?::\\\\d+)?)?/[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?|connect (?:\\\\d{1,3}\\\\.){3}\\\\d{1,3}\\\\.?(?::\\\\d+)?|options \\\\*)\\\\s+[\\\\w\\\\./]+|get /[^?#]*(?:\\\\?[^#\\\\s]*)?(?:#[\\\\S]*)?)$" against "REQUEST_LINE" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "114"] [id "217210"] [rev "1"] [msg "COMODO WAF: Invalid HTTP Request Line||www.aqxsgw.cc|F|4"] [data "GET http://www.aqxsgw.cc HTTP/1.1"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.aqxsgw.cc"] [uri "/"] [unique_id "ajE0GuxmLjFwMDDNb7bKOQAAAEs"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐ท๐ด
abuse_IP_reporter
|
|
Apr 26 10:20:34 server UFW BLOCK SRC=158.140.180.8 DF PROTO=TCP SPT=12783
|
Port Scan
|
|
|
๐จ๐ญ
backslash
|
|
block ruleset Badbot using very old user-agents 5CF3CDB778C7D82564405B86B9242E612F378C68
|
Bad Web Bot
|
|
|
๐ฌ๐ง
Mendip_Defender
|
|
158.140.180.8 - - [02/Dec/2024:18:52:53 +0000] "POST /wp-login.php HTTP/1.0" 200 4453 "-" "Mozilla/5 ...
show more
158.140.180.8 - - [02/Dec/2024:18:52:53 +0000] "POST /wp-login.php HTTP/1.0" 200 4453 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0"
158.140.180.8 - - [02/Dec/2024:19:24:56 +0000] "POST /wp-login.php HTTP/1.0" 200 4454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
...
show less
|
Brute-Force
|
|
|
๐ฆ๐บ
MAGIC
|
|
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|
|
๐ฆ๐บ
MAGIC
|
|
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|
|
๐ฎ๐ฉ
amanat institute
|
|
ddos web app
|
DDoS Attack
Brute-Force
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 158.140.180.8 (host-158.140.180-8.myrepublic.co ...
show more
(mod_security) mod_security (id:210492) triggered by 158.140.180.8 (host-158.140.180-8.myrepublic.co.id): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 06 12:23:36.649935 2024] [security2:error] [pid 21241:tid 21241] [client 158.140.180.8:18573] [client 158.140.180.8] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "buddhas.net"] [uri "/tw/index.html/.env"] [unique_id "ZyumGNcdGHnvGgxoVm9t8gAAAA0"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 158.140.180.8 (host-158.140.180-8.myrepublic.co ...
show more
(mod_security) mod_security (id:210492) triggered by 158.140.180.8 (host-158.140.180-8.myrepublic.co.id): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 06 09:42:17.254140 2024] [security2:error] [pid 1419:tid 1419] [client 158.140.180.8:34563] [client 158.140.180.8] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.pharmasalesconnect.com"] [uri "/.env"] [unique_id "ZyuASdACCJrS6swbH3Zl2gAAAAM"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
Anonymous
|
|
Legion Credential Harvester / SMTP Hijacker: /.env
|
Hacking
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 158.140.180.8 (host-158.140.180-8.myrepublic.co ...
show more
(mod_security) mod_security (id:210492) triggered by 158.140.180.8 (host-158.140.180-8.myrepublic.co.id): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 06 01:09:44.274525 2024] [security2:error] [pid 13529:tid 13529] [client 158.140.180.8:54633] [client 158.140.180.8] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.amplifihearing.com"] [uri "/web/.env"] [unique_id "ZysIKAiz6WF5lMDJcr2PHwAAABI"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 158.140.180.8 (host-158.140.180-8.myrepublic.co ...
show more
(mod_security) mod_security (id:210492) triggered by 158.140.180.8 (host-158.140.180-8.myrepublic.co.id): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 06 00:06:13.264722 2024] [security2:error] [pid 22533:tid 22533] [client 158.140.180.8:19871] [client 158.140.180.8] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ssion.com"] [uri "/.env"] [unique_id "Zyr5RWP3gV1HpaBdDj2GmAAAAAU"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐จ๐ญ
teamsecure
|
|
Banned for trying to access env
|
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 158.140.180.8 (host-158.140.180-8.myrepublic.co ...
show more
(mod_security) mod_security (id:210492) triggered by 158.140.180.8 (host-158.140.180-8.myrepublic.co.id): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 04 06:54:50.191725 2024] [security2:error] [pid 27026:tid 27026] [client 158.140.180.8:39562] [client 158.140.180.8] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "armstrongpartnersllc.com"] [uri "/.env"] [unique_id "Zyi2CgMuCXICUc7_6U8bJAAAAAg"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|