๐ฉ๐ช
kkeyser
2026-07-19 06:05:26
(7 hours ago)
GET /owa/auth/logon.aspx?replaceCurrent=1&url=https%3A//owa.mgateB.kmkorma.ru/owa/ HTTP/1.1
Web App Attack
๐ฉ๐ช
filstal.org
2026-07-19 05:36:57
(8 hours ago)
Automated bot: spoofed/impossible user-agent, web scraping or automated request patterns detected. U ...
show more
Automated bot: spoofed/impossible user-agent, web scraping or automated request patterns detected. UA: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
show less
Bad Web Bot
Web App Attack
Anonymous
2026-07-10 10:05:26
(1 week ago)
(caddyscan) Scanner path probe from 168.253.116.138 (NE/Niger/host-168-253-116-138.ngcomworld.com): ...
show more
(caddyscan) Scanner path probe from 168.253.116.138 (NE/Niger/host-168-253-116-138.ngcomworld.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 404 301 168.253.116.138 - - [10/Jul/2026:09:25:51 +0000] "GET /owa/auth/logon.aspx?replaceCurrent=1&url=https%3A//[REDACTED]/owa/ HTTP/1.1"
[REDACTED] 404 300 168.253.116.138 - - [10/Jul/2026:09:25:52 +0000] "GET /owa/auth/logon.aspx?replaceCurrent=1&url=http%3A//[REDACTED]/owa/ HTTP/1.1"
[REDACTED] 200 2627 168.253.116.138 - - [10/Jul/2026:10:00:25 +0000] "GET /owa/auth/logon.aspx?replaceCurrent=1&url=http%3A//[REDACTED]/owa/ HTTP/1.1"
[REDACTED] 200 2627 168.253.116.138 - - [10/Jul/2026:10:00:29 +0000] "GET /owa/auth/logon.aspx?replaceCurrent=1&url=http%3A//[REDACTED]/owa/ HTTP/1.1"
[REDACTED] 200 2627 168.253.116.138 - - [10/Jul/2026:10:05:22 +0000] "GET /owa/auth/logon.aspx?replaceCurrent=1&url=http%3A//[REDACTED]/owa/ HTTP/1.1"
show less
Port Scan
Anonymous
2026-07-10 03:20:20
(1 week ago)
(caddyscan) Scanner path probe from 168.253.116.138 (NE/Niger/host-168-253-116-138.ngcomworld.com): ...
show more
(caddyscan) Scanner path probe from 168.253.116.138 (NE/Niger/host-168-253-116-138.ngcomworld.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 404 298 168.253.116.138 - - [10/Jul/2026:02:48:38 +0000] "GET /owa/auth/logon.aspx?replaceCurrent=1&url=http%3A//[REDACTED]/owa/ HTTP/1.1"
[REDACTED] 200 2627 168.253.116.138 - - [10/Jul/2026:02:52:25 +0000] "GET /owa/auth/logon.aspx?replaceCurrent=1&url=http%3A//[REDACTED]/owa/ HTTP/1.1"
[REDACTED] 200 2627 168.253.116.138 - - [10/Jul/2026:03:11:22 +0000] "GET /owa/auth/logon.aspx?replaceCurrent=1&url=http%3A//[REDACTED]/owa/ HTTP/1.1"
[REDACTED] 200 2627 168.253.116.138 - - [10/Jul/2026:03:11:43 +0000] "GET /owa/auth/logon.aspx?replaceCurrent=1&url=http%3A//[REDACTED]/owa/ HTTP/1.1"
[REDACTED] 200 2627 168.253.116.138 - - [10/Jul/2026:03:20:18 +0000] "GET /owa/auth/logon.aspx?replaceCurrent=1&url=http%3A//[REDACTED]/owa/ HTTP/1.1"
show less
Port Scan
๐บ๐ธ
kosada.com
2026-07-09 09:04:05
(1 week ago)
Web vulnerability probing: /owa/auth/logon.aspx
Web App Attack
๐จ๐ญ
Origon
2026-07-09 00:05:15
(1 week ago)
http-technology-probing - IP: 168.253.116.138 - time="2026-07-09T02:05:15+02:00" level=info msg="(5 ...
show more
http-technology-probing - IP: 168.253.116.138 - time="2026-07-09T02:05:15+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje) alert : crowdsecurity/http-technology-probing by ip 168.253.116.138 (NG/37347)" module=db
show less
Web App Attack
๐บ๐ธ
jkcunningham
2026-07-08 01:10:56
(1 week ago)
Vulnerability scanner. Targets os and filesystem, Attempts OWA login with user redirect.
Bad Web Bot
Port Scan
๐ซ๐ท
IRISIO
2026-07-06 09:44:46
(1 week ago)
scans/SQL injection/spam posts : 22 queries
Web App Attack
SQL Injection
Anonymous
2026-07-06 07:32:13
(1 week ago)
"GET /owa/auth/logon.aspx?replaceCurrent=1&url=https%3A//owa./owa/ HTTP/1.1"
Hacking
Web App Attack
Anonymous
2026-07-05 19:08:19
(1 week ago)
Unauthorized connection attempt
Port Scan
Hacking
Exploited Host
๐จ๐ญ
Origon
2026-07-05 08:42:43
(2 weeks ago)
http-technology-probing - IP: 168.253.116.138 - time="2026-07-05T10:42:43+02:00" level=info msg="(5 ...
show more
http-technology-probing - IP: 168.253.116.138 - time="2026-07-05T10:42:43+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje) alert : crowdsecurity/http-technology-probing by ip 168.253.116.138 (NG/37347)" module=db
show less
Web App Attack
๐บ๐ธ
NXTwoThou
2026-07-02 10:30:42
(2 weeks ago)
/owa/auth/logon.aspx%3FreplaceCurrent=1%26url=https%3A//owa.winvoice.com/owa/
Web App Attack
๐จ๐ญ
Origon
2026-06-30 16:27:00
(2 weeks ago)
http-technology-probing - IP: 168.253.116.138 - time="2026-06-30T18:26:59+02:00" level=info msg="(5 ...
show more
http-technology-probing - IP: 168.253.116.138 - time="2026-06-30T18:26:59+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje) alert : crowdsecurity/http-technology-probing by ip 168.253.116.138 (NG/37347)" module=db
show less
Web App Attack
๐ฉ๐ช
mnpx
2026-01-08 06:54:20
(6 months ago)
SMTP brute forcing (6ร over 4h:52m); first seen here 2025-12-27T23:43Z
Brute-Force
๐ฉ๐ช
mnpx
2026-01-08 06:54:20
(6 months ago)
SMTP brute forcing (4ร over 2h:27m); first seen here 2025-12-27T23:43Z
Brute-Force