TPI-Abuse
2024-09-27 08:27:03
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.78.253 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 162.158.78.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 27 04:26:55.064425 2024] [security2:error] [pid 15592:tid 15592] [client 162.158.78.253:60732] [client 162.158.78.253] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "antitribu.com"] [uri "/src/assembly/.env"] [unique_id "ZvZsT2Cq24_syaI0H_rdAwAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
Frindestown
2024-09-21 09:34:17
(4 months ago)
162.158.78.253 - - [21/Sep/2024:11:34:16 +0200] "GET /js/scripts.js HTTP/1.1" 200 1764 "http://www.f ... show more 162.158.78.253 - - [21/Sep/2024:11:34:16 +0200] "GET /js/scripts.js HTTP/1.1" 200 1764 "http://www.frindestown.xyz/" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.113 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
... show less
Brute-Force
SSH
Frindestown
2024-08-30 03:22:09
(4 months ago)
162.158.78.253 - - [30/Aug/2024:05:22:07 +0200] "GET /js/scripts.js HTTP/1.1" 200 1764 "https://www. ... show more 162.158.78.253 - - [30/Aug/2024:05:22:07 +0200] "GET /js/scripts.js HTTP/1.1" 200 1764 "https://www.frindestown.xyz/" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.99 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
... show less
Brute-Force
SSH
Frindestown
2024-08-26 10:36:53
(4 months ago)
162.158.78.253 - - [26/Aug/2024:12:36:42 +0200] "GET /js/scripts.js HTTP/1.1" 200 1764 "https://www. ... show more 162.158.78.253 - - [26/Aug/2024:12:36:42 +0200] "GET /js/scripts.js HTTP/1.1" 200 1764 "https://www.frindestown.xyz/" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.6533.99 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
... show less
Brute-Force
SSH
TPI-Abuse
2024-08-15 08:33:54
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.78.253 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 162.158.78.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 04:33:50.500448 2024] [security2:error] [pid 732:tid 732] [client 162.158.78.253:38682] [client 162.158.78.253] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "adultcreatoracademy.com"] [uri "/web/.env"] [unique_id "Zr29bgZn41XO-4M5cxTqKwAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-08 08:21:41
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.78.253 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 162.158.78.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 04:21:34.363365 2024] [security2:error] [pid 7336:tid 7336] [client 162.158.78.253:21596] [client 162.158.78.253] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "plaiatech.com"] [uri "/.env"] [unique_id "ZrSADpZYiR7ja9bW16XLegAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
sefinek.net
2024-07-19 11:06:09
(6 months ago)
IP: 162.158.78.253
Protocol: TCP
Source port: 22846
Destination port: 443
TT ... show more IP: 162.158.78.253
Protocol: TCP
Source port: 22846
Destination port: 443
TTL: 47
Packet length: 40
TOS: 0x00
Timestamp: Jul 19 13:06:04 (13:06:04, 19.07.2024)
The IP address was blocked by the Uncomplicated Firewall (UFW) due to suspicious activity. Packet details indicate a possible unauthorized access attempt or network scan. show less
Port Scan
Web App Attack
sefinek.net
2024-07-18 08:14:45
(6 months ago)
IP: 162.158.78.253
Protocol: TCP
Source port: 27344
Destination port: 443
TT ... show more IP: 162.158.78.253
Protocol: TCP
Source port: 27344
Destination port: 443
TTL: 47
Packet length: 40
TOS: 0x08
Timestamp: Jul 18 10:14:44 (10:14:44, 18.07.2024)
The IP address was blocked by the Uncomplicated Firewall (UFW) due to suspicious activity. Packet details indicate a possible unauthorized access attempt or network scan. show less
Port Scan
Web App Attack
Anonymous
2024-06-27 07:21:25
(6 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-06-21 07:21:02
(7 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
Brute-Force
SSH
SSH
Anonymous
2024-06-18 06:29:57
(7 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
Brute-Force
SSH
SSH
mawan
2024-06-16 09:18:11
(7 months ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
Web App Attack
TPI-Abuse
2024-05-10 21:41:47
(8 months ago)
(mod_security) mod_security (id:225170) triggered by 162.158.78.253 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 162.158.78.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 10 17:41:43.940918 2024] [security2:error] [pid 8130] [client 162.158.78.253:41026] [client 162.158.78.253] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.yggdrasil.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.yggdrasil.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zj6Ul5_HcEo48dBgHduMEgAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-04-30 04:14:00
(8 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-04-28 13:35:26
(8 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.78.253 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 162.158.78.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 28 09:35:23.192714 2024] [security2:error] [pid 1201] [client 162.158.78.253:18696] [client 162.158.78.253] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "eddysgroup.com"] [uri "/web/.env"] [unique_id "Zi5QmzplZsl8VAKdahWJLQAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack