๐ฉ๐ช
NewGastroline
2026-07-15 08:37:01
(1 day ago)
Malicious request blocked by CrowdSec on gastro-prod1.boreus.de
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 08:32:13
(1 day ago)
(mod_security) mod_security (id:218420) triggered by 193.168.145.69 (unassigned.as62000.net): 1 in t ...
show more
(mod_security) mod_security (id:218420) triggered by 193.168.145.69 (unassigned.as62000.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 04:32:07.138810 2026] [security2:error] [pid 12954:tid 12954] [client 193.168.145.69:43660] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||192.64.150.169:80|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.169"] [uri "/hello.world"] [unique_id "aldFh3UoVvTGsBtCa2mcfwAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
SchorelWeb
2026-07-15 08:31:22
(1 day ago)
(sshd) Failed SSH login from 193.168.145.69 (FR/France/-): 3 in the last (Omitted)
Brute-Force
SSH
๐น๐ญ
Sawasdee
2026-07-15 07:39:11
(2 days ago)
SSH break in attempt
...
SSH
๐ต๐ฑ
mkey
2026-07-15 07:00:01
(2 days ago)
Verified scan activity detected by local IDS/firewall correlation. SCAN: HIGHRISK_SINGLEPORT | PORTS ...
show more
Verified scan activity detected by local IDS/firewall correlation. SCAN: HIGHRISK_SINGLEPORT | PORTS=22 | HITS=2 | IPSET=ADD | FIRST=2026-07-15 08:56:57 | LAST=2026-07-15 08:56:57. Last seen 2026-07-15 08:56:57.
show less
Port Scan
๐บ๐ธ
TPI-Abuse
2026-07-15 06:58:38
(2 days ago)
(mod_security) mod_security (id:218420) triggered by 193.168.145.69 (unassigned.as62000.net): 1 in t ...
show more
(mod_security) mod_security (id:218420) triggered by 193.168.145.69 (unassigned.as62000.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 02:58:30.269985 2026] [security2:error] [pid 4320:tid 4320] [client 193.168.145.69:38330] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in|out|err)|(in|out)put|fd|memory|temp|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found||192.64.150.196:80|F|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.196"] [uri "/hello.world"] [unique_id "alcvlvMqGOMHV9zQVnZ_pwAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ฟ
Countryman
2026-07-15 06:50:29
(2 days ago)
IPS detection: Apache.HTTP.Server.cgi-bin.Path.Traversal
Hacking
Anonymous
2026-07-15 06:31:51
(2 days ago)
Unauthorized connection attempt on Port 23
Port Scan
Hacking
Exploited Host
๐บ๐ธ
MPL
2026-07-15 06:29:16
(2 days ago)
tcp/22 (4 or more attempts)
Port Scan
๐ณ๐ฑ
ipoac.nl
2026-07-15 06:12:00
(2 days ago)
[Wed Jul 15 08:12:00.101907 2026] [core:error] [pid 2565042:tid 2565377] [client 193.168.145.69:5285 ...
show more
[Wed Jul 15 08:12:00.101907 2026] [core:error] [pid 2565042:tid 2565377] [client 193.168.145.69:52858] AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh)
show less
Hacking
๐ซ๐ท
dsl
2026-07-15 05:48:39
(2 days ago)
Jul 15 05:48:37 dabeau sshd[31974]: Invalid user admin from 193.168.145.69 port 53378
Jul 15 05:48:3 ...
show more
Jul 15 05:48:37 dabeau sshd[31974]: Invalid user admin from 193.168.145.69 port 53378
Jul 15 05:48:37 dabeau sshd[31974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.168.145.69
Jul 15 05:48:38 dabeau sshd[31974]: Failed password for invalid user admin from 193.168.145.69 port 53378 ssh2
...
show less
Brute-Force
SSH
๐ณ๐ฑ
BIV
2026-07-15 03:44:36
(2 days ago)
Honeypot multi-source hit. Sources: dshield:fw. Ports: 80. Automated tiered (T-Pot+DShield).
Port Scan
Hacking
Bad Web Bot
๐บ๐ธ
MPL
2026-07-15 02:57:27
(2 days ago)
tcp/2375 (2 or more attempts)
Port Scan
๐บ๐ธ
MPL
2026-07-15 02:52:19
(2 days ago)
tcp ports: 2375,80 (4 or more attempts)
Port Scan
๐ญ๐ฐ
mutebot.net
2026-07-15 02:41:27
(2 days ago)
SRC=193.168.145.69, PROTO=TCP, SPT=38726, DPT=23
Port Scan