๐บ๐ธ
mawan
2025-03-23 16:23:38
(1 year ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
๐ฉ๐ช
niceshops.com
2025-03-23 01:23:43
(1 year ago)
Web Attack (22/Mar/2025:23:03:55.025", "frontend": "frontend_disco~", "backend": "backend_online2_fe ...
show more
Web Attack (22/Mar/2025:23:03:55.025", "frontend": "frontend_disco~", "backend": "backend_online2_fe", "backend_server": "server_online2_fe_1", "time_request": 0, "time_wait": 0, "time_connect": 5, "time_response": 68, "time_active": 74, "status": 404, "bytes_read": 104907, "termination_state": "--NI", "actconn": 162, "feconn": 161, "beconn": 81, "srv_conn": 0, "retries": 0, "srv_queue": 0, "backend_queue": 0, "capture_request": "{www.vitalabo.fr|0|0||1||0|Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36|1||2fd3df911ef6380341431bb4ec90f236-SG-14061-159.223.0.0-00-y-feba--l-x-00000000-n-u-x-n-n|y-feba--l-x-m-00000000-236e1c2f-00000000-7c9b1d0d-078d41e6-n-n-1.1-u-x-x-n-n|2fd3df911ef6380341431bb4ec90f236||18||2|1|0|unverified|SG|14061|0|0}", "capture_response GET //wp-includes/wlwmanifest.xml)
show less
Web App Attack
๐ฉ๐ช
paissangroup
2025-03-22 03:58:30
(1 year ago)
Multiple WAF Violations
Web App Attack
๐ฎ๐ฉ
Burayot
2025-03-22 03:57:09
(1 year ago)
LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 159.223.53.39 (SG/Singapore/-): 2 i ...
show more
LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 159.223.53.39 (SG/Singapore/-): 2 in the last 3600 secs
show less
Web App Attack
๐ธ๐ฌ
Cloudkul Cloudkul
2025-03-21 06:30:09
(1 year ago)
Multiple unauthorized attempts to access web resources
Brute-Force
Web App Attack
๐น๐ท
rtbh.com.tr
2025-03-20 20:48:45
(1 year ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
๐บ๐ธ
mawan
2025-03-20 10:06:54
(1 year ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
๐ฉ๐ช
niceshops.com
2025-03-20 06:58:07
(1 year ago)
Web Attack (20/Mar/2025:07:32:30.366", "frontend": "frontend_disco~", "backend": "backend_online2_fe ...
show more
Web Attack (20/Mar/2025:07:32:30.366", "frontend": "frontend_disco~", "backend": "backend_online2_fe", "backend_server": "server_online2_fe_2", "time_request": 0, "time_wait": 0, "time_connect": 1, "time_response": 179, "time_active": 181, "status": 404, "bytes_read": 106882, "termination_state": "--NI", "actconn": 84, "feconn": 83, "beconn": 5, "srv_conn": 1, "retries": 0, "srv_queue": 0, "backend_queue": 0, "capture_request": "{www.piccantino.de|0|0||1||0|Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36|1||2fd3df911ef6380341431bb4ec90f236-SG-14061-159.223.0.0-00-y-feba--l-x-00000000-n-u-x-n-n|y-feba--l-x-m-00000000-236e1c2f-00000000-7c9b1d0d-078d41e6-n-n-1.1-u-x-x-n-n|2fd3df911ef6380341431bb4ec90f236||9||2|1|0|unverified|SG|14061|0|0}", "capture_response GET //wp-includes/wlwmanifest.xml)
show less
Web App Attack
๐ง๐ช
cmbplf
2025-03-20 01:20:09
(1 year ago)
2.236 requests to */xmlrpc.php
Brute-Force
Bad Web Bot
๐ฉ๐ช
niceshops.com
2025-03-19 10:29:27
(1 year ago)
Web Attack (19/Mar/2025:11:19:23.520", "frontend": "frontend_disco~", "backend": "backend_online2_fe ...
show more
Web Attack (19/Mar/2025:11:19:23.520", "frontend": "frontend_disco~", "backend": "backend_online2_fe", "backend_server": "server_online2_fe_3", "time_request": 0, "time_wait": 0, "time_connect": 1, "time_response": 100, "time_active": 102, "status": 404, "bytes_read": 107183, "termination_state": "--NI", "actconn": 126, "feconn": 125, "beconn": 8, "srv_conn": 3, "retries": 0, "srv_queue": 0, "backend_queue": 0, "capture_request": "{www.interismo.at|0|0||1||0|Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36|1||2fd3df911ef6380341431bb4ec90f236-SG-14061-159.223.0.0-00-y-feba--l-x-00000000-n-u-x-n-n|y-feba--l-x-m-00000000-236e1c2f-00000000-7c9b1d0d-078d41e6-n-n-1.1-u-x-x-n-n|2fd3df911ef6380341431bb4ec90f236||55||2|1|0|unverified|SG|14061|150|2550}", "capture_response GET //wp-includes/wlwmanifest.xml)
show less
Web App Attack
๐ฎ๐ฉ
Burayot
2025-03-18 21:23:24
(1 year ago)
LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 159.223.53.39 (SG/Singapore/-): 1 i ...
show more
LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 159.223.53.39 (SG/Singapore/-): 1 in the last 3600 secs
show less
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2025-03-18 04:51:33
(1 year ago)
159.223.53.39 - - [18/Mar/2025:06:51:32 +0200] "GET //xmlrpc.php?rsd HTTP/1.1" 404 2584 "-" "Mozilla ...
show more
159.223.53.39 - - [18/Mar/2025:06:51:32 +0200] "GET //xmlrpc.php?rsd HTTP/1.1" 404 2584 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36"
159.223.53.39 - - [18/Mar/2025:06:51:32 +0200] "GET //xmlrpc.php?rsd HTTP/1.1" 404 2584 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36"
...
show less
Web App Attack
๐ฎ๐ฉ
hermawan
2025-03-18 04:05:35
(1 year ago)
[Tue Mar 18 11:00:55.544839 2025] [security2:error] [pid 373358:tid 140353743083200] [client 159.223 ...
show more
[Tue Mar 18 11:00:55.544839 2025] [security2:error] [pid 373358:tid 140353743083200] [client 159.223.53.39:58562] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "300" at REQUEST_HEADERS:Keep-Alive. [file "/etc/modsecurity/coreruleset-4.10.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "273"] [id "440004"] [msg "Keep Alive Header"] [data "Matched Data: 300 found within REQUEST_HEADERS:Keep-Alive: 300 request_line = GET / HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/"] [unique_id "Z9jv96gjcx7dQv3-afZzYAAAAf4"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[373500] [8vea812EbnU] [Z9jv96gjcx7dQv3-afZzYAAAAf4] keep_alive=[0] [2025-03-18 11:00:55.544842] [R:Z9jv96gjcx7dQv3-afZzYAAAAf4] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' Accept-Language
...
show less
Hacking
Web App Attack
๐ฎ๐ฉ
hermawan
2025-03-17 23:03:45
(1 year ago)
[Tue Mar 18 06:02:59.340308 2025] [security2:error] [pid 208849:tid 140564095801024] [client 159.223 ...
show more
[Tue Mar 18 06:02:59.340308 2025] [security2:error] [pid 208849:tid 140564095801024] [client 159.223.53.39:59568] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "300" at REQUEST_HEADERS:Keep-Alive. [file "/etc/modsecurity/coreruleset-4.10.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "273"] [id "440004"] [msg "Keep Alive Header"] [data "Matched Data: 300 found within REQUEST_HEADERS:Keep-Alive: 300 request_line = GET / HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-malang.info"] [uri "/"] [unique_id "Z9iqIyH0UPb32Mb6jgUM5gAAALk"] [staklim-malang.info] [staklim-malang.info] top=[208969] [SLsZyhn19v4] [Z9iqIyH0UPb32Mb6jgUM5gAAALk] keep_alive=[0] [2025-03-18 06:02:59.340311] [R:Z9iqIyH0UPb32Mb6jgUM5gAAALk] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36' Host:'staklim-malang.info' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' Accept-Language:'en-US,en;q=0.5
...
show less
Hacking
Web App Attack
๐ธ๐ฌ
pusathosting.com
2025-03-17 02:40:06
(1 year ago)
2ds22 bruteforce
Brute-Force
Web App Attack