nyuuzyou
2024-11-25 09:42:07
(1 week ago)
Intensive scraping: /web?s=%22Retail%20stores%20in%20Utah%22&country=eu-eu&scraper=mwmbl. User-Agent ... show more Intensive scraping: /web?s=%22Retail%20stores%20in%20Utah%22&country=eu-eu&scraper=mwmbl. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 YaBrowser/22.7.0 Yowser/2.5 Safari/537.36. show less
Bad Web Bot
TPI-Abuse
2024-11-25 08:39:16
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 185.132.187.50 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 185.132.187.50 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 25 03:39:08.754982 2024] [security2:error] [pid 6515:tid 6515] [client 185.132.187.50:37289] [client 185.132.187.50] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||usbea.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "usbea.com"] [uri "/dump.sql"] [unique_id "Z0Q3rBgD4mne1Rx0W0f2-gAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-19 09:13:52
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 185.132.187.50 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 185.132.187.50 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 19 04:13:47.158749 2024] [security2:error] [pid 10968:tid 10968] [client 185.132.187.50:50277] [client 185.132.187.50] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||symbarenewables.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "symbarenewables.com"] [uri "/www.sql"] [unique_id "ZzxWy4FlAQQ1KaA9p-xb8QAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-12 11:34:12
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 185.132.187.50 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 185.132.187.50 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 06:34:06.383825 2024] [security2:error] [pid 30093:tid 30093] [client 185.132.187.50:51353] [client 185.132.187.50] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.hodlmoser.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.hodlmoser.com"] [uri "/bak/wallet.dat"] [unique_id "ZzM9LiZmRwvydM-nAPkTfAAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
thedreamer.nl
2024-11-05 06:15:02
(1 month ago)
185.132.187.50 - - [05/Nov/2024:04:59:15 +0100] "GET /private/.env HTTP/1.1" 200 2213 "-" "Mozilla/5 ... show more 185.132.187.50 - - [05/Nov/2024:04:59:15 +0100] "GET /private/.env HTTP/1.1" 200 2213 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" "BE" "Brussels" "50.85340" "4.34700"
185.132.187.50 - - [05/Nov/2024:04:59:43 +0100] "POST /.env.dist HTTP/1.1" 405 150 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15" "BE" "Brussels" "50.85340" "4.34700"
185.132.187.50 - - [05/Nov/2024:07:14:10 +0100] "GET /.env.development%20 HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" "BE" "Brussels" "50.85340" "4.34700"
185.132.187.50 - - [05/Nov/2024:07:15:01 +0100] "POST /sources/.env HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" "BE" "Brussels" "50.85340" "4.34700"
... show less
Hacking
Brute-Force
Bad Web Bot
Web App Attack
moebius
2024-11-04 14:28:31
(1 month ago)
GET /.env HTTP/1.1" 404 19 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML
Web App Attack
TPI-Abuse
2024-10-29 17:52:37
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 185.132.187.50 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 185.132.187.50 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 29 13:52:32.559837 2024] [security2:error] [pid 21490:tid 21490] [client 185.132.187.50:47475] [client 185.132.187.50] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||olimpiacerda.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "olimpiacerda.com"] [uri "/dump.sql"] [unique_id "ZyEg4AhXzblIbmYL0QFCOwAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-11 21:58:56
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 185.132.187.50 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 185.132.187.50 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 11 17:58:48.873014 2024] [security2:error] [pid 6384:tid 6384] [client 185.132.187.50:56607] [client 185.132.187.50] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||bitcoinpornhub.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bitcoinpornhub.com"] [uri "/bak/sql.sql"] [unique_id "ZwmfmJIQ4_lTeZv1RcZL3QAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
openstrike.co.uk
2024-09-19 05:12:32
(2 months ago)
18 attacks on PHP URLs, Wordpress URLs:
GET /domain.cgi?id=200/xmlrpc.php?rsd HTTP/1.1
G ... show more 18 attacks on PHP URLs, Wordpress URLs:
GET /domain.cgi?id=200/xmlrpc.php?rsd HTTP/1.1
GET /domain.cgi?id=200/sito/wp-includes/wlwmanifest.xml HTTP/1.1 show less
Web App Attack
Anonymous
2024-09-18 16:17:15
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-08-27 04:40:40
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
JA
2024-08-15 14:00:37
(3 months ago)
Multiple Unauthorized SSLVPN Login Attempts
VPN IP
Exploited Host
JA
2024-08-15 14:00:37
(3 months ago)
Multiple Unauthorized SSLVPN Login Attempts
VPN IP
Exploited Host
unifr
2024-07-31 08:52:25
(4 months ago)
Unauthorized IMAP connection attempt
Brute-Force
Anonymous
2024-07-23 06:48:52
(4 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH