Anonymous
2024-08-13 05:00:49
(4 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-08-07 09:29:11
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
ParaBug
2024-08-03 10:58:06
(1 month ago)
172.70.90.252 - - [03/Aug/2024:12:58:05 +0200] "GET /new-jeans-c-33017/newjeans-members-profile-and- ... show more 172.70.90.252 - - [03/Aug/2024:12:58:05 +0200] "GET /new-jeans-c-33017/newjeans-members-profile-and-facts-updated-kpop-profiles-p-393520?language=en HTTP/1.1" 403 344 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
... show less
Phishing
Brute-Force
Web App Attack
Anonymous
2024-07-10 06:24:32
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-07-09 05:17:16
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-07-07 21:49:01
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.90.252 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 172.70.90.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 07 17:48:55.351142 2024] [security2:error] [pid 746] [client 172.70.90.252:63690] [client 172.70.90.252] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ndanetworks.com"] [uri "/.env"] [unique_id "ZosNR-s91Pzrf5P4qy69sAAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-07-02 02:51:17
(2 months ago)
[Tue Jul 02 04:51:16.094607 2024] [authz_core:error] [pid 25581] [client 172.70.90.252:62924] AH0163 ... show more [Tue Jul 02 04:51:16.094607 2024] [authz_core:error] [pid 25581] [client 172.70.90.252:62924] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Tue Jul 02 04:51:16.363963 2024] [authz_core:error] [pid 25581] [client 172.70.90.252:62924] AH01630: client denied by server configuration: /etc/httpd/htdocs
[Tue Jul 02 04:51:16.630582 2024] [authz_core:error] [pid 25581] [client 172.70.90.252:62924] AH01630: client denied by server configuration: /etc/httpd/htdocs
... show less
Web App Attack
Anonymous
2024-06-27 07:42:44
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
ParaBug
2024-06-26 23:23:34
(2 months ago)
172.70.90.252 - - [27/Jun/2024:01:23:33 +0200] "GET /manual-prt05a-12ax7-tube-preamplifier-base-on-c ... show more 172.70.90.252 - - [27/Jun/2024:01:23:33 +0200] "GET /manual-prt05a-12ax7-tube-preamplifier-base-on-conradjohnson-cl-preamp-l1247-p-868050.htm HTTP/1.1" 410 422 "-" "Mozilla/5.0 (compatible; SemrushBot/7~bl; +http://www.semrush.com/bot.html)"
... show less
Phishing
Brute-Force
Web App Attack
TPI-Abuse
2024-06-12 01:07:40
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.90.252 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 172.70.90.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 11 21:06:58.590308 2024] [security2:error] [pid 29303] [client 172.70.90.252:30312] [client 172.70.90.252] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.eddysgroup.com"] [uri "/wp-content/.env"] [unique_id "Zmj0si2Vs3gJrEMrZBY_BwAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
WebServ
2024-06-03 18:36:29
(3 months ago)
2024-06-03T19:36:24.981225+01:00 new-vm kernel: [165106.169049] [UFW BLOCK] IN=eth0 OUT= MAC=c6:1a:3 ... show more 2024-06-03T19:36:24.981225+01:00 new-vm kernel: [165106.169049] [UFW BLOCK] IN=eth0 OUT= MAC=c6:1a:30:11:c3:71:fe:00:00:00:01:01:08:00 SRC=172.70.90.252 DST=178.62.105.126 LEN=60 TOS=0x10 PREC=0x00 TTL=57 ID=35518 DF PROTO=TCP SPT=17772 DPT=2087 WINDOW=65535 RES=0x00 SYN URGP=0
2024-06-03T19:36:26.041506+01:00 new-vm kernel: [165107.229270] [UFW BLOCK] IN=eth0 OUT= MAC=c6:1a:30:11:c3:71:fe:00:00:00:01:01:08:00 SRC=172.70.90.252 DST=178.62.105.126 LEN=60 TOS=0x10 PREC=0x00 TTL=57 ID=35519 DF PROTO=TCP SPT=17772 DPT=2087 WINDOW=65535 RES=0x00 SYN URGP=0
2024-06-03T19:36:27.065454+01:00 new-vm kernel: [165108.253182] [UFW BLOCK] IN=eth0 OUT= MAC=c6:1a:30:11:c3:71:fe:00:00:00:01:01:08:00 SRC=172.70.90.252 DST=178.62.105.126 LEN=60 TOS=0x10 PREC=0x00 TTL=57 ID=35520 DF PROTO=TCP SPT=17772 DPT=2087 WINDOW=65535 RES=0x00 SYN URGP=0
2024-06-03T19:36:28.090618+01:00 new-vm kernel: [165109.278310] [UFW BLOCK] IN=eth0 OUT= MAC=c6:1a:30:11:c3:71:fe:00:00:00:01:01:08:00 SRC=172.70.90.252 DST=178
... show less
Brute-Force
Anonymous
2024-05-24 01:37:13
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-05-15 06:23:55
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-05-12 08:01:04
(4 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-05-11 01:15:19
(4 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH