RoboSOC
2024-11-04 14:15:08
(2 days ago)
TCP SYN with data , PTR: tor.node15.shadowbrokers.eu.
Hacking
oncord
2024-11-03 02:20:52
(3 days ago)
Form spam
Web Spam
MAGIC
2024-11-03 01:04:26
(3 days ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
onkeltom
2024-11-02 21:25:13
(3 days ago)
Multiple unauthorized connection attempts
Hacking
Brute-Force
RAP
2024-11-02 20:37:32
(3 days ago)
2024-11-02 20:37:32 UTC Unauthorized activity to TCP port 22. SSH
SSH
TPI-Abuse
2024-11-02 20:19:37
(4 days ago)
(mod_security) mod_security (id:210492) triggered by 185.106.94.195 (tor.node15.shadowbrokers.eu): 1 ... show more (mod_security) mod_security (id:210492) triggered by 185.106.94.195 (tor.node15.shadowbrokers.eu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 02 16:19:32.772783 2024] [security2:error] [pid 1496944:tid 1496944] [client 185.106.94.195:48406] [client 185.106.94.195] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arsenaultartistmanagement.com"] [uri "/wp-config.php.de"] [unique_id "ZyaJVExMJFY14eotw5ooWQAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-02 17:42:27
(4 days ago)
(mod_security) mod_security (id:210492) triggered by 185.106.94.195 (tor.node15.shadowbrokers.eu): 1 ... show more (mod_security) mod_security (id:210492) triggered by 185.106.94.195 (tor.node15.shadowbrokers.eu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 02 13:42:19.976343 2024] [security2:error] [pid 3338:tid 3338] [client 185.106.94.195:53686] [client 185.106.94.195] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "marilynmonroebooks.com"] [uri "/downl.php"] [unique_id "ZyZke0uhjVd4Saumlkn6TAAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
bsoft.de
2024-11-02 17:11:00
(4 days ago)
Searching for exploits
Hacking
myagent.site
2024-11-02 13:08:49
(4 days ago)
Blocking for trying to access an exploit file: /config.phptmp
Hacking
Philip Bradley
2024-11-01 11:00:00
(5 days ago)
""
Hacking
tropicalidad.be
2024-11-01 05:26:15
(5 days ago)
blog comment/referrer spam
Web Spam
TPI-Abuse
2024-11-01 00:16:54
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 185.106.94.195 (tor.node15.shadowbrokers.eu): 1 ... show more (mod_security) mod_security (id:210492) triggered by 185.106.94.195 (tor.node15.shadowbrokers.eu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 31 20:16:47.228750 2024] [security2:error] [pid 18243:tid 18247] [client 185.106.94.195:44368] [client 185.106.94.195] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "seriousgames.global"] [uri "/wp-config.php__"] [unique_id "ZyQd79cbWwvSlZgIvlUWOAAAAUI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-31 18:44:06
(6 days ago)
(mod_security) mod_security (id:225170) triggered by 185.106.94.195 (tor.node15.shadowbrokers.eu): 1 ... show more (mod_security) mod_security (id:225170) triggered by 185.106.94.195 (tor.node15.shadowbrokers.eu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 31 14:44:00.510981 2024] [security2:error] [pid 113665:tid 113665] [client 185.106.94.195:34096] [client 185.106.94.195] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||smogsandiego.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "smogsandiego.com"] [uri "/wp-json/wp/v2/users/3"] [unique_id "ZyPP8ALNp1JvNjKDfMQd2gAAABQ"], referer: https://smogsandiego.com/ show less
Brute-Force
Bad Web Bot
Web App Attack
LTM
2024-10-31 07:20:01
(6 days ago)
WebServer - Attempts to exploit
Hacking
Brute-Force
Web App Attack
TPI-Abuse
2024-10-31 05:49:18
(6 days ago)
(mod_security) mod_security (id:210492) triggered by 185.106.94.195 (tor.node15.shadowbrokers.eu): 1 ... show more (mod_security) mod_security (id:210492) triggered by 185.106.94.195 (tor.node15.shadowbrokers.eu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 31 01:49:12.191419 2024] [security2:error] [pid 4882:tid 4882] [client 185.106.94.195:37144] [client 185.106.94.195] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "modestosoftwater.com"] [uri "/wp-config.php.sample"] [unique_id "ZyMaWE2vJcpb7tadOyAh3gAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack