Anonymous
2024-12-04 06:47:11
(1 day ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-12-02 14:36:16
(3 days ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Study Bitcoin 🤗
2024-11-30 18:02:48
(5 days ago)
Port probe to tcp/80 (http)
[srv125]
Port Scan
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-26 11:08:43
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 162.158.103.41 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 162.158.103.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 26 06:07:44.225874 2024] [security2:error] [pid 2301828:tid 2301828] [client 162.158.103.41:18924] [client 162.158.103.41] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "newmanwood.com"] [uri "/api/user/v1/.git/config"] [unique_id "Z0WsAFi42XdJLtlTXyV0FQAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-24 08:32:32
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 162.158.103.41 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 162.158.103.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 24 03:32:26.322897 2024] [security2:error] [pid 15236:tid 15236] [client 162.158.103.41:60458] [client 162.158.103.41] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "perl-photo.com"] [uri "/.env"] [unique_id "Z0LkmjtUHoVxgFHoIcR3WQAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
Study Bitcoin 🤗
2024-11-14 10:56:39
(3 weeks ago)
Port probe to tcp/443 (https)
[srv125]
Port Scan
Brute-Force
Bad Web Bot
Web App Attack
Yepngo
2024-10-26 20:39:01
(1 month ago)
162.158.103.41 - - [26/Oct/2024:22:36:33 +0200] "POST /xmlrpc.php HTTP/2.0" 200 408 "-" "Mozilla/5.0 ... show more 162.158.103.41 - - [26/Oct/2024:22:36:33 +0200] "POST /xmlrpc.php HTTP/2.0" 200 408 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
162.158.103.41 - - [26/Oct/2024:22:39:01 +0200] "POST /xmlrpc.php HTTP/2.0" 200 408 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
... show less
Brute-Force
Web App Attack
Anonymous
2024-10-08 05:18:53
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-10-03 06:42:10
(2 months ago)
| SQL injection attempt.
Hacking
SQL Injection
Web App Attack
Anonymous
2024-09-16 03:27:58
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
mawan
2024-09-10 07:47:48
(2 months ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
mawan
2024-09-07 17:40:20
(2 months ago)
Suspected of having performed illicit activity on AMS server.
Web App Attack
TPI-Abuse
2024-09-06 20:49:29
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.103.41 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 162.158.103.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 06 16:49:26.189010 2024] [security2:error] [pid 1397079:tid 1397079] [client 162.158.103.41:24140] [client 162.158.103.41] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.thectegroup.net"] [uri "/.env"] [unique_id "Zttq1p3n6FN_4xSo2HkGoAAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-03 06:07:48
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.103.41 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 162.158.103.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 03 02:07:40.457613 2024] [security2:error] [pid 6500:tid 6500] [client 162.158.103.41:13738] [client 162.158.103.41] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.ndanetworks.com"] [uri "/.env.local"] [unique_id "ZtanrPYNgRYiCjb3l74pYwAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-29 06:57:57
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.103.41 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 162.158.103.41 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 29 02:57:52.469142 2024] [security2:error] [pid 9404:tid 9404] [client 162.158.103.41:28228] [client 162.158.103.41] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jspsf.com"] [uri "/test/.env"] [unique_id "ZtAb8C-Egaht0YvH251nFQAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack