Study Bitcoin 🤗
2025-01-02 21:46:47
(2 weeks ago)
Port probe to tcp/80 (http)
[srv125]
Port Scan
Bad Web Bot
Web App Attack
BodegaServer
2025-01-02 03:29:16
(2 weeks ago)
172.69.150.130 - - [01/Jan/2025:21:29:14 -0600] "GET /wp-admin/setup-config.php HTTP/1.1" 200 315 "- ... show more 172.69.150.130 - - [01/Jan/2025:21:29:14 -0600] "GET /wp-admin/setup-config.php HTTP/1.1" 200 315 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
... show less
Port Scan
Hacking
Bad Web Bot
Web App Attack
Anonymous
2025-01-01 17:42:16
(2 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Study Bitcoin 🤗
2024-12-30 17:01:00
(2 weeks ago)
Port probe to tcp/80 (http)
[srv125]
Port Scan
Bad Web Bot
Web App Attack
el-brujo
2024-12-25 16:32:00
(3 weeks ago)
25/Dec/2024:17:31:59.890015 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 25/Dec/2024:17:31:59.890015 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 172.69.150.130] ModSecurity: Warning. detected SQLi using libinjection with fingerprint '1UEv,' [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "66"] [id "942100"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: 1UEv, found within ARGS:id_form: 1 UNION ALL SELECT NULL,NULL,md5(999999999),NULL,NULL,NULL,NULL,NULL-- -"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname "nextcloud.elhacker.net"] [uri "/wp-admin/admin-ajax.php"] [unique_id "Z2wzf5gzRJWpCQKsfxf-QgADsRk"]
... show less
Hacking
Web App Attack
lnklnx
2024-12-25 10:26:11
(3 weeks ago)
www.rcmeal.com:80 172.69.150.130 - - [25/Dec/2024:04:26:10 -0600] "GET /wordpress/wp-admin/setup-con ... show more www.rcmeal.com:80 172.69.150.130 - - [25/Dec/2024:04:26:10 -0600] "GET /wordpress/wp-admin/setup-config.php HTTP/1.1" 301 546 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
... show less
Web App Attack
el-brujo
2024-12-23 10:56:17
(3 weeks ago)
23/Dec/2024:11:56:16.092049 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 23/Dec/2024:11:56:16.092049 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 172.69.150.130] ModSecurity: Warning. Pattern match "\\\\\\\\.\\\\\\\\./" at REQUEST_URI. [file "/etc/httpd/conf.d/mod_security.conf"] [line "86"] [id "500002"] [hostname "nextcloud.elhacker.net"] [uri "/myaccount/javax.faces.resource/web.xml"] [unique_id "Z2lB0LP8VugL_vTzynH5ggAA3yE"]
... show less
Hacking
Web App Attack
Anonymous
2024-12-17 23:11:06
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
mawan
2024-12-12 15:24:08
(1 month ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
Anonymous
2024-12-11 21:07:27
(1 month ago)
[Wed Dec 11 22:01:15.022192 2024] [authz_core:error] [pid 30337] [client 172.69.150.130:54312] AH016 ... show more [Wed Dec 11 22:01:15.022192 2024] [authz_core:error] [pid 30337] [client 172.69.150.130:54312] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Wed Dec 11 22:04:07.864111 2024] [authz_core:error] [pid 30646] [client 172.69.150.130:56858] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Wed Dec 11 22:07:26.452035 2024] [authz_core:error] [pid 31696] [client 172.69.150.130:40048] AH01630: client denied by server configuration: /etc/httpd/htdocs
... show less
Web App Attack
Anonymous
2024-12-11 06:22:26
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-12-07 14:59:01
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.69.150.130 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.69.150.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 07 09:58:55.241704 2024] [security2:error] [pid 3635994:tid 3635994] [client 172.69.150.130:23486] [client 172.69.150.130] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "yggdrasil.org"] [uri "/api/.git/config"] [unique_id "Z1Rir-S2Nywur0TzKG3ULAAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-12-05 18:57:33
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-12-03 04:16:53
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-12-02 04:15:08
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH