Anonymous
2024-09-06 02:16:23
(1 week ago)
Excessive crawling/scraping
Hacking
Brute-Force
Sefinek
2024-09-04 06:29:14
(1 week ago)
Blocked by UFW (TCP on port 443).
Source port: 63596
TTL: 47
Packet length: 40<br ... show more Blocked by UFW (TCP on port 443).
Source port: 63596
TTL: 47
Packet length: 40
TOS: 0x00
Timestamp: 2024-09-04 08:29:14 [Europe/Warsaw]
This report (for 162.158.159.14) was generated by:
https://github.com/sefinek24/UFW-AbuseIPDB-Reporter show less
Port Scan
Web App Attack
Hydra-Shield.fr
2024-08-12 16:20:39
(1 month ago)
Directory Traversal on: /.vscode/sftp.json
Web App Attack
TPI-Abuse
2024-08-12 02:06:03
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 162.158.159.14 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 162.158.159.14 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 11 22:05:58.170491 2024] [security2:error] [pid 29165:tid 29165] [client 162.158.159.14:44306] [client 162.158.159.14] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.christechsupport.net"] [uri "/api/.env"] [unique_id "ZrluBiNfgNLi0z1r6RhJ6AAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-09 19:19:11
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 162.158.159.14 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 162.158.159.14 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 15:19:04.712536 2024] [security2:error] [pid 27388:tid 27388] [client 162.158.159.14:10600] [client 162.158.159.14] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ard.global"] [uri "/.git/config"] [unique_id "ZrZrqACLCETTOmihiHFfNQAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
HJ5Ss4Ju
2024-07-14 05:40:44
(2 months ago)
WordPress XMLRPC scan :: 162.158.159.14 - - [14/Jul/2024:05:40:43 0000] "GET /xmlrpc.php HTTP/1.1" ... show more WordPress XMLRPC scan :: 162.158.159.14 - - [14/Jul/2024:05:40:43 0000] "GET /xmlrpc.php HTTP/1.1" 405 53 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" show less
Hacking
Brute-Force
Web App Attack
TPI-Abuse
2024-07-13 13:02:57
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.159.14 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 162.158.159.14 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 13 09:02:31.938621 2024] [security2:error] [pid 7927] [client 162.158.159.14:28510] [client 162.158.159.14] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.upskirtcrazy.com"] [uri "/index/.git/config"] [unique_id "ZpJ658QMTmxEH10EQBZ-NwAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-07-11 00:07:25
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-06-30 10:30:18
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-06-11 01:53:03
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-06-06 09:16:42
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.159.14 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 162.158.159.14 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 06 05:16:38.006678 2024] [security2:error] [pid 19645] [client 162.158.159.14:62172] [client 162.158.159.14] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.eddysgroup.com"] [uri "/assets/.git/config"] [unique_id "ZmF-dpBpCcVZYmDfZRqsHQAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-05-24 20:01:12
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 162.158.159.14 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 162.158.159.14 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 24 16:01:08.344571 2024] [security2:error] [pid 30678] [client 162.158.159.14:12896] [client 162.158.159.14] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||antitribu.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "antitribu.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZlDyBCU8-R5etv-u1F2pzAAAAA8"], referer: https://www.google.com show less
Brute-Force
Bad Web Bot
Web App Attack
EricTheRedFL
2024-05-20 23:00:37
(3 months ago)
Port scan of TCP port 8443
Port Scan
Hacking
Anonymous
2024-05-10 03:03:17
(4 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-04-22 11:06:42
(4 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH