MAGIC
2025-01-14 21:02:09
(4 days ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
wil.com
2024-12-10 14:57:59
(1 month ago)
GlobalProtect login attempts with user jsands.
VPN IP
Brute-Force
TPI-Abuse
2024-11-26 01:22:53
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 185.92.25.60 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 185.92.25.60 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 25 20:22:47.220116 2024] [security2:error] [pid 432850:tid 432850] [client 185.92.25.60:13383] [client 185.92.25.60] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||www.robcohn.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.robcohn.com"] [uri "/bak/www.sql"] [unique_id "Z0Ui53Fi8XONJlZjiHucogAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
unifr
2024-11-05 18:54:34
(2 months ago)
Unauthorized IMAP connection attempt
Brute-Force
TPI-Abuse
2024-11-01 05:01:24
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 185.92.25.60 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 185.92.25.60 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 01 01:01:17.015551 2024] [security2:error] [pid 9408:tid 9408] [client 185.92.25.60:2835] [client 185.92.25.60] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.nationalenq.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.nationalenq.com"] [uri "/back/dump.sql"] [unique_id "ZyRgnUAEl3tS22NDHBejeAAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-10-23 01:42:56
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-10-21 00:01:21
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 185.92.25.60 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 185.92.25.60 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 20 20:01:13.953595 2024] [security2:error] [pid 19056:tid 19056] [client 185.92.25.60:22409] [client 185.92.25.60] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "missevelyn.com"] [uri "/backup/sftp-config.json"] [unique_id "ZxWZyc-hNkunjox6DKta2AAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
stypr
2024-05-14 10:11:44
(8 months ago)
Malicious activity detected on HTTP/HTTPS
Hacking
Brute-Force
Web App Attack
10dencehispahard SL
2024-05-14 05:00:30
(8 months ago)
Unauthorized login attempts [ wordpress-xmlrpc]
Brute-Force
Web App Attack
TPI-Abuse
2024-01-21 11:08:54
(11 months ago)
(mod_security) mod_security (id:210730) triggered by 185.92.25.60 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 185.92.25.60 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 21 06:08:50.491750 2024] [security2:error] [pid 22289] [client 185.92.25.60:60685] [client 185.92.25.60] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||towlesilvapsychotherapy.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "towlesilvapsychotherapy.com"] [uri "/backups/sql.sql"] [unique_id "Zaz7Qkz4uUODf3AUXRRzOgAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
sumnone
2023-11-08 03:17:53
(1 year ago)
Vulnerability probing: Error 404. The requested page (/old/backup.sql) was not found
Bad Web Bot
Exploited Host
Web App Attack
Unwasted
2022-07-12 01:34:54
(2 years ago)
No request method on web server
Port Scan
Delta Whiskey
2022-07-12 01:31:52
(2 years ago)
Multiple failed WordPress authentication attempts
Brute-Force
Web App Attack
SUNDAY Technologies
2021-12-04 00:44:03
(3 years ago)
...
Dec 4 06:44:02 drop SRC=185.92.25.60 LEN=60 PROTO=TCP DPT=8080 ACK=0 WINDOW=64 ... show more ...
Dec 4 06:44:02 drop SRC=185.92.25.60 LEN=60 PROTO=TCP DPT=8080 ACK=0 WINDOW=64240 SYN URGP=0 MARK=0 show less
Port Scan
snydr
2021-12-03 17:47:59
(3 years ago)
connection attempt port 80 TCP
Port Scan