Anonymous
2024-04-14 17:23:25
(5 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-03-25 10:46:27
(6 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-03-19 04:43:54
(6 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Yepngo
2024-03-02 18:41:54
(7 months ago)
172.70.91.61 - - [02/Mar/2024:19:34:50 +0100] "POST //wp-login.php HTTP/2.0" 200 10658 "https://yepn ... show more 172.70.91.61 - - [02/Mar/2024:19:34:50 +0100] "POST //wp-login.php HTTP/2.0" 200 10658 "https://yepngo.com//wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
172.70.91.61 - - [02/Mar/2024:19:41:53 +0100] "POST //wp-login.php HTTP/2.0" 200 10658 "https://yepngo.com//wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
... show less
Brute-Force
Web App Attack
TPI-Abuse
2024-02-23 02:52:16
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 172.70.91.61 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 172.70.91.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 22 21:52:12.029200 2024] [security2:error] [pid 2337] [client 172.70.91.61:53752] [client 172.70.91.61] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||sportsbookcommission.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "sportsbookcommission.com"] [uri "/www.sql"] [unique_id "ZdgIXO2b0XA0HfVd0k_hwgAAABU"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-02-13 16:40:29
(7 months ago)
Feb 13 17:40:28 syscgn kernel: [2226762.334607] [UFW BLOCK] IN=eth0 OUT= MAC=0a:d1:7f:3c:98:09:10:0e ... show more Feb 13 17:40:28 syscgn kernel: [2226762.334607] [UFW BLOCK] IN=eth0 OUT= MAC=0a:d1:7f:3c:98:09:10:0e:7e:26:f1:c0:08:00 SRC=172.70.91.61 DST=185.194.141.106 LEN=60 TOS=0x00 PREC=0x00 TTL=58 ID=41572 DF PROTO=TCP SPT=46622 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0
... show less
Hacking
TPI-Abuse
2024-01-24 23:12:57
(8 months ago)
(mod_security) mod_security (id:225170) triggered by 172.70.91.61 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 172.70.91.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 24 18:12:50.033409 2024] [security2:error] [pid 25158] [client 172.70.91.61:17212] [client 172.70.91.61] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||rodrigoaldecoa.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rodrigoaldecoa.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZbGZcvshYCRuMVJtAS4TkwAAAB4"], referer: http://rodrigoaldecoa.com///wp-json/wp/v2/users/ show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-01-16 14:55:06
(8 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.91.61 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.70.91.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 16 09:55:03.167635 2024] [security2:error] [pid 9970] [client 172.70.91.61:43896] [client 172.70.91.61] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "zevikz.com"] [uri "/shared/.env"] [unique_id "ZaaYx1RcVtG5SXzsjJSwpwAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2023-12-03 01:17:13
(10 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.91.61 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.70.91.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 02 20:17:09.898704 2023] [security2:error] [pid 19294] [client 172.70.91.61:48900] [client 172.70.91.61] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "eddysgroup.com"] [uri "/web/.env"] [unique_id "ZWvXFYh96zy7GJhbdrBOHgAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
pusathosting.com
2023-11-08 01:03:03
(11 months ago)
2ds22 bruteforce
Brute-Force
Web App Attack
Secure Gateway®️
2023-11-05 22:04:46
(11 months ago)
Report By Secure Gateway Security Team: XSS Injection Attempt Detected
Hacking
ALSCO®️
2023-11-05 22:04:46
(11 months ago)
Report By ALSCO Security Team: Unsolicited Connection Attempt
Hacking
Secure Gateway®️
2023-11-04 22:04:25
(11 months ago)
Report By Secure Gateway Security Team: Unsolicited Connection Attempt
Web App Attack
ALSCO®️
2023-11-04 22:04:25
(11 months ago)
Report By ALSCO Security Team: Suspicious File Upload Attempt
Hacking
Secure Gateway®️
2023-11-03 22:06:18
(11 months ago)
Report By Secure Gateway Security Team: Potential CSRF Attack Detected
Hacking