pierredh
2024-10-09 01:23:56
(1 day ago)
SQL injection:/newsites/free/pierre/search/searchSVI.php?continentName=EU%22%29%29%29%20AND%20MAKE_S ... show more SQL injection:/newsites/free/pierre/search/searchSVI.php?continentName=EU%22%29%29%29%20AND%20MAKE_SET%289511%3D9511%2C5171%29%20AND%20%28%28%28%22BQRz%22%20LIKE%20%22BQRz&country=276%20&prj_typ=all&startdate=&enddate=&from=&page=1&searchSubmission=Recherche show less
SQL Injection
Anonymous
2024-10-07 02:26:44
(3 days ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
mawan
2024-10-06 06:24:41
(4 days ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
Anonymous
2024-09-29 05:41:24
(1 week ago)
[Sun Sep 29 07:41:23.161162 2024] [authz_core:error] [pid 16530] [client 172.68.238.25:59950] AH0163 ... show more [Sun Sep 29 07:41:23.161162 2024] [authz_core:error] [pid 16530] [client 172.68.238.25:59950] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Sun Sep 29 07:41:23.219069 2024] [authz_core:error] [pid 16530] [client 172.68.238.25:59950] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Sun Sep 29 07:41:23.274379 2024] [authz_core:error] [pid 16530] [client 172.68.238.25:59950] AH01630: client denied by server configuration: /etc/httpd/htdocs
... show less
Web App Attack
TPI-Abuse
2024-09-23 21:47:48
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 172.68.238.25 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 172.68.238.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 23 17:47:42.625479 2024] [security2:error] [pid 12826:tid 12826] [client 172.68.238.25:28344] [client 172.68.238.25] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kryptonome.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kryptonome.com"] [uri "/old/dump.sql"] [unique_id "ZvHh_gCrAgA_xv12AYmbHQAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
Yepngo
2024-09-21 03:09:51
(2 weeks ago)
Sep 21 05:09:46 ns3006402 kernel: [244908.024965] [UFW BLOCK] IN=eno1 OUT= MAC=f0:79:59:6e:bf:2b:00: ... show more Sep 21 05:09:46 ns3006402 kernel: [244908.024965] [UFW BLOCK] IN=eno1 OUT= MAC=f0:79:59:6e:bf:2b:00:ff:ff:ff:ff:fb:08:00 SRC=172.68.238.25 DST=151.80.47.9 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=31813 DF PROTO=TCP SPT=58842 DPT=2083 WINDOW=65535 RES=0x00 SYN URGP=0
Sep 21 05:09:47 ns3006402 kernel: [244909.082988] [UFW BLOCK] IN=eno1 OUT= MAC=f0:79:59:6e:bf:2b:00:ff:ff:ff:ff:fb:08:00 SRC=172.68.238.25 DST=151.80.47.9 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=31814 DF PROTO=TCP SPT=58842 DPT=2083 WINDOW=65535 RES=0x00 SYN URGP=0
Sep 21 05:09:48 ns3006402 kernel: [244910.106999] [UFW BLOCK] IN=eno1 OUT= MAC=f0:79:59:6e:bf:2b:00:ff:ff:ff:ff:fb:08:00 SRC=172.68.238.25 DST=151.80.47.9 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=31815 DF PROTO=TCP SPT=58842 DPT=2083 WINDOW=65535 RES=0x00 SYN URGP=0
Sep 21 05:09:49 ns3006402 kernel: [244911.131989] [UFW BLOCK] IN=eno1 OUT= MAC=f0:79:59:6e:bf:2b:00:ff:ff:ff:ff:fb:08:00 SRC=172.68.238.25 DST=151.80.47.9 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=31816 DF PROTO=TCP S
... show less
Port Scan
TPI-Abuse
2024-09-20 02:53:32
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 172.68.238.25 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 172.68.238.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 19 22:53:25.187948 2024] [security2:error] [pid 24130:tid 24130] [client 172.68.238.25:11022] [client 172.68.238.25] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "antitribu.com"] [uri "/staging/.env"] [unique_id "ZuzjpXSLaTVs2jaoFM0sOQAAAB8"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-09-18 01:23:58
(3 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-09-07 02:07:08
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
mawan
2024-09-06 02:26:34
(1 month ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
TPI-Abuse
2024-09-02 03:27:30
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.68.238.25 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 172.68.238.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 01 23:27:24.663366 2024] [security2:error] [pid 9774:tid 9774] [client 172.68.238.25:58784] [client 172.68.238.25] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.volga24.vip"] [uri "/.env.production.local"] [unique_id "ZtUwnNF10h51MxH90EutCwAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-26 21:15:12
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.68.238.25 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 172.68.238.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 26 17:15:07.229402 2024] [security2:error] [pid 2015537:tid 2015537] [client 172.68.238.25:25280] [client 172.68.238.25] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.ruralcommunitycare.org"] [uri "/.env.production.local"] [unique_id "ZszwW2_OVN9Pnn1Aw8lqRgAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
URAN Publishing Service
2024-08-22 13:13:49
(1 month ago)
172.68.238.25 - - [22/Aug/2024:16:13:47 +0300] "GET /wp-includes/pomo/content.php HTTP/1.1" 404 274 ... show more 172.68.238.25 - - [22/Aug/2024:16:13:47 +0300] "GET /wp-includes/pomo/content.php HTTP/1.1" 404 274 "-" "fasthttp"
172.68.238.25 - - [22/Aug/2024:16:13:48 +0300] "GET /wp-admin/maint/wp-blog.php HTTP/1.1" 404 274 "-" "fasthttp"
... show less
Web App Attack
URAN Publishing Service
2024-08-19 21:19:13
(1 month ago)
172.68.238.25 - - [20/Aug/2024:00:19:12 +0300] "GET /wp-includes/class-php HTTP/1.1" 404 280 "-" "Mo ... show more 172.68.238.25 - - [20/Aug/2024:00:19:12 +0300] "GET /wp-includes/class-php HTTP/1.1" 404 280 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:79.0) Gecko/20100101 Firefox/79.0"
... show less
Web App Attack
URAN Publishing Service
2024-08-19 18:23:01
(1 month ago)
172.68.238.25 - - [19/Aug/2024:21:22:58 +0300] "GET /wp-content/plugins/hellopress/ HTTP/1.1" 404 28 ... show more 172.68.238.25 - - [19/Aug/2024:21:22:58 +0300] "GET /wp-content/plugins/hellopress/ HTTP/1.1" 404 282 "-" "fasthttp"
172.68.238.25 - - [19/Aug/2024:21:22:59 +0300] "GET /wp-content/plugins/ango/ HTTP/1.1" 404 282 "-" "fasthttp"
... show less
Web App Attack