Anonymous
2024-06-16 02:20:18
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
Brute-Force
SSH
SSH
Anonymous
2024-06-14 04:08:24
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
Brute-Force
SSH
SSH
TPI-Abuse
2024-06-10 15:10:59
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 172.68.195.135 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 172.68.195.135 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 10 11:10:54.287733 2024] [security2:error] [pid 7439] [client 172.68.195.135:59992] [client 172.68.195.135] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||ruralcommunitycare.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ruralcommunitycare.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZmcXfpH_DLBBsBvllKqJiwAAAAU"], referer: http://ruralcommunitycare.org///wp-json/wp/v2/users/ show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-06-04 02:56:43
(4 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-05-30 01:06:28
(4 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-05-28 09:00:17
(4 months ago)
[Tue May 28 11:00:16.500913 2024] [authz_core:error] [pid 7356] [client 172.68.195.135:16466] AH0163 ... show more [Tue May 28 11:00:16.500913 2024] [authz_core:error] [pid 7356] [client 172.68.195.135:16466] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Tue May 28 11:00:16.601804 2024] [authz_core:error] [pid 7356] [client 172.68.195.135:16466] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Tue May 28 11:00:16.709679 2024] [authz_core:error] [pid 7356] [client 172.68.195.135:16466] AH01630: client denied by server configuration: /etc/httpd/htdocs
... show less
Web App Attack
Anonymous
2024-05-17 03:12:53
(4 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-05-16 18:24:03
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 172.68.195.135 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.68.195.135 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 16 14:23:56.406277 2024] [security2:error] [pid 298784] [client 172.68.195.135:51534] [client 172.68.195.135] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "upskirtcrazy.com"] [uri "/.env"] [unique_id "ZkZPPC9UCcr-fcnaZCx4LQAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-04-29 04:53:34
(5 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-04-27 12:16:49
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 172.68.195.135 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.68.195.135 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 27 08:16:43.014769 2024] [security2:error] [pid 14276] [client 172.68.195.135:39802] [client 172.68.195.135] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "eddysgroup.com"] [uri "/.env"] [unique_id "Zizsq5lxNDSq29IoRarw5gAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-04-24 15:21:21
(5 months ago)
port scan and connect, tcp 443 (https)
Port Scan
Anonymous
2024-04-19 08:18:49
(5 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-04-14 01:45:59
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 172.68.195.135 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.68.195.135 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 13 21:45:54.741301 2024] [security2:error] [pid 23365] [client 172.68.195.135:20638] [client 172.68.195.135] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sportsbookcommission.com"] [uri "/old/.env"] [unique_id "Zhs1Unx37-GYfCsUPxlrjwAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
mawan
2024-04-05 03:32:39
(6 months ago)
Suspected of having performed illicit activity on AMS server.
Web App Attack
Anonymous
2024-03-23 10:33:18
(6 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH