Anonymous
2024-09-12 14:45:32
(2 days ago)
Spoofing detected
Hacking
Brute-Force
Sefinek
2024-09-03 09:19:27
(1 week ago)
Blocked by UFW (TCP on port 443).
Source port: 13074
TTL: 47
Packet length: 40<br ... show more Blocked by UFW (TCP on port 443).
Source port: 13074
TTL: 47
Packet length: 40
TOS: 0x00
Timestamp: 2024-09-03 11:19:27 [Europe/Warsaw]
This report (for 162.158.159.176) was generated by:
https://github.com/sefinek24/UFW-AbuseIPDB-Reporter show less
Port Scan
Web App Attack
Hydra-Shield.fr
2024-08-30 12:06:26
(2 weeks ago)
Directory Traversal on: /.vscode/sftp.json
Web App Attack
mawan
2024-08-14 10:41:07
(1 month ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
TPI-Abuse
2024-08-09 19:19:11
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 162.158.159.176 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 162.158.159.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 15:19:05.695885 2024] [security2:error] [pid 27400:tid 27400] [client 162.158.159.176:13296] [client 162.158.159.176] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ard.global"] [uri "/.env"] [unique_id "ZrZrqRg8Jmld3G1kMrlwTgAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-08 20:02:38
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.159.176 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 162.158.159.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 08 16:02:10.003811 2024] [security2:error] [pid 13831] [client 162.158.159.176:31374] [client 162.158.159.176] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.pmg-brightme.com"] [uri "/.env.bak"] [unique_id "ZoxFwrJOUm02s-OInSAS1wAAABg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-04 12:32:26
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.159.176 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 162.158.159.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 04 08:32:12.393030 2024] [security2:error] [pid 19193] [client 162.158.159.176:29472] [client 162.158.159.176] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "safe-secure-protect.com"] [uri "/.env_1"] [unique_id "ZoaWTCiCQmkdPzx_-A1_-QAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
el-brujo
2024-06-25 11:08:34
(2 months ago)
06/25/2024-11:08:27.862322 162.158.159.176 Protocol: 6 SURICATA STREAM Packet with broken ack
Hacking
el-brujo
2024-06-25 09:54:06
(2 months ago)
06/25/2024-09:54:05.943435 162.158.159.176 Protocol: 6 SURICATA STREAM Packet with broken ack
Hacking
el-brujo
2024-06-25 08:46:26
(2 months ago)
06/25/2024-08:46:25.819674 162.158.159.176 Protocol: 6 SURICATA STREAM Packet with broken ack
Hacking
el-brujo
2024-06-25 07:36:49
(2 months ago)
06/25/2024-07:36:48.994675 162.158.159.176 Protocol: 6 SURICATA STREAM Packet with broken ack
Hacking
TPI-Abuse
2024-06-10 23:25:08
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.159.176 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 162.158.159.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 10 19:25:05.078788 2024] [security2:error] [pid 16922] [client 162.158.159.176:21384] [client 162.158.159.176] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "registro.gibitdigital.com"] [uri "/dev/.git/config"] [unique_id "ZmeLUWrndLBcrLLAa972OQAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-06-04 05:46:47
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.159.176 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 162.158.159.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 04 01:46:42.561825 2024] [security2:error] [pid 1718656] [client 162.158.159.176:39532] [client 162.158.159.176] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.pixacast.com"] [uri "/api/.git/config"] [unique_id "Zl6qQk38IqT2xtyasy0rdQAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-04-18 18:42:39
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.159.176 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 162.158.159.176 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 18 14:42:33.376420 2024] [security2:error] [pid 14145] [client 162.158.159.176:42402] [client 162.158.159.176] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aslanhan.com"] [uri "/.env"] [unique_id "ZiFpmQuVSHuS-YLMbmvtoAAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-03-27 06:22:21
(5 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH