Anonymous
2024-09-18 07:46:00
(2 weeks ago)
[Wed Sep 18 09:42:17.746582 2024] [authz_core:error] [pid 29937] [client 172.71.99.127:57340] AH0163 ... show more [Wed Sep 18 09:42:17.746582 2024] [authz_core:error] [pid 29937] [client 172.71.99.127:57340] AH01630: client denied by server configuration: /etc/httpd/htdocs, referer: www.google.com
[Wed Sep 18 09:42:43.068740 2024] [authz_core:error] [pid 28351] [client 172.71.99.127:24330] AH01630: client denied by server configuration: /etc/httpd/htdocs, referer: www.google.com
[Wed Sep 18 09:45:59.823204 2024] [authz_core:error] [pid 29937] [client 172.71.99.127:64366] AH01630: client denied by server configuration: /etc/httpd/htdocs, referer: www.google.com
... show less
Web App Attack
TPI-Abuse
2024-09-12 11:38:29
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 172.71.99.127 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 172.71.99.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 12 07:38:24.740783 2024] [security2:error] [pid 30547:tid 30547] [client 172.71.99.127:22022] [client 172.71.99.127] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||ndanetworks.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ndanetworks.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZuLSsPdMnpE9vuqGiShjhAAAAB4"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-27 09:45:03
(1 month ago)
| CMS (WordPress or Joomla) brute force attempt 10 times (rewritten)
Hacking
SQL Injection
Web App Attack
S.O.B.A. Dev.
2024-08-20 07:47:23
(1 month ago)
Persistent port scanning or vulnerability scanning
Port Scan
TPI-Abuse
2024-07-29 14:04:03
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 172.71.99.127 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 172.71.99.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 29 10:03:59.175383 2024] [security2:error] [pid 20667:tid 20667] [client 172.71.99.127:43722] [client 172.71.99.127] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ard.global"] [uri "/.git/config"] [unique_id "ZqehT747UovCisSmneCioQAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
ParaBug
2024-07-25 15:01:27
(2 months ago)
172.71.99.127 - - [25/Jul/2024:17:01:26 +0200] "GET /js/nsc/main.js HTTP/1.1" 403 400 "http://www.be ... show more 172.71.99.127 - - [25/Jul/2024:17:01:26 +0200] "GET /js/nsc/main.js HTTP/1.1" 403 400 "http://www.belemzy.shop/js/nsc/main.js" "Mozilla/5.0 (Linux; Android 11; vivo 1906; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/87.0.4280.141 Mobile Safari/537.36 VivoBrowser/8.9.0.0 uni-app Html5Plus/1.0"
... show less
Phishing
Brute-Force
Web App Attack
Hydra-Shield.fr
2024-07-18 12:19:19
(2 months ago)
Directory Traversal on: /.git/config
Web App Attack
ParaBug
2024-06-27 00:11:51
(3 months ago)
172.71.99.127 - - [27/Jun/2024:02:11:50 +0200] "GET /angel-stitch-c-21385/angel-stitch-in-love-art-b ... show more 172.71.99.127 - - [27/Jun/2024:02:11:50 +0200] "GET /angel-stitch-c-21385/angel-stitch-in-love-art-board-print-by-gamingfashion-p-1951866 HTTP/1.1" 403 400 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.175 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
... show less
Phishing
Brute-Force
Web App Attack
ParaBug
2024-06-11 13:47:09
(3 months ago)
172.71.99.127 - - [11/Jun/2024:15:47:09 +0200] "GET /index.php?main_page=product_info&products_id=32 ... show more 172.71.99.127 - - [11/Jun/2024:15:47:09 +0200] "GET /index.php?main_page=product_info&products_id=3229742&cPath=18607¤cy=CAD HTTP/1.1" 403 400 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36"
... show less
Phishing
Brute-Force
Web App Attack
mawan
2024-06-10 00:52:02
(3 months ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
EricTheRedFL
2024-06-08 06:22:39
(3 months ago)
Port scan of TCP port 2095
Port Scan
Hacking
Anonymous
2024-05-20 05:10:56
(4 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-05-18 03:31:26
(4 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-05-16 00:20:34
(4 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-05-10 02:37:44
(4 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH