URAN Publishing Service
2024-07-17 22:27:04
(2 months ago)
193.37.32.164 - - [18/Jul/2024:01:27:03 +0300] "GET /wp-admin/includes/iR7SzrsOUEP.php HTTP/1.1" 404 ... show more 193.37.32.164 - - [18/Jul/2024:01:27:03 +0300] "GET /wp-admin/includes/iR7SzrsOUEP.php HTTP/1.1" 404 439 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36"
193.37.32.164 - - [18/Jul/2024:01:27:03 +0300] "GET /wp-includes/ID3/class.api.php HTTP/1.1" 404 439 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3"
... show less
Web App Attack
MAGIC
2024-07-17 00:08:03
(2 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Anonymous
2024-07-16 22:52:07
(2 months ago)
xmlrpc attack blocked attempt from fail2ban
...
Web App Attack
TPI-Abuse
2024-07-16 11:45:31
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 193.37.32.164 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 193.37.32.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 16 07:45:27.551898 2024] [security2:error] [pid 22583:tid 22583] [client 193.37.32.164:18593] [client 193.37.32.164] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "comobarbershop.com"] [uri "/wp-config.php"] [unique_id "ZpZdVzkpXkxf8UVQTcGNLwAAABQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
beruys.com
2024-07-11 15:19:32
(3 months ago)
[Thu Jul 11 17:19:30.959005 2024] [proxy_fcgi:error] [pid 291858:tid 139973453936384] [client 193.37 ... show more [Thu Jul 11 17:19:30.959005 2024] [proxy_fcgi:error] [pid 291858:tid 139973453936384] [client 193.37.32.164:18069] AH01071: Got error 'Primary script unknown'
[Thu Jul 11 17:19:31.190139 2024] [proxy_fcgi:error] [pid 291858:tid 139972514412288] [client 193.37.32.164:18069] AH01071: Got error 'Primary script unknown'
[Thu Jul 11 17:19:31.386675 2024] [proxy_fcgi:error] [pid 291858:tid 139973311325952] [client 193.37.32.164:18069] AH01071: Got error 'Primary script unknown'
... show less
DDoS Attack
SSH
TPI-Abuse
2024-07-09 05:00:05
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 193.37.32.164 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 193.37.32.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 09 00:59:57.696944 2024] [security2:error] [pid 9614] [client 193.37.32.164:10203] [client 193.37.32.164] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||etemcolak.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "etemcolak.com"] [uri "/site/default/settings.php.BAK"] [unique_id "ZozDzY_r8VcEKOt9UTjqkgAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
10dencehispahard SL
2024-07-08 13:00:25
(3 months ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
advena
2024-07-08 12:02:05
(3 months ago)
193.37.32.164 (AS206092 SECFIREWALLAS) was intercepted at 2024-07-08T11:46:42Z after violating WAF d ... show more 193.37.32.164 (AS206092 SECFIREWALLAS) was intercepted at 2024-07-08T11:46:42Z after violating WAF directive: 7deac62381044a1a91c2dd4a4d048ece. Pre-cautionary/corrective action applied: managed_challenge. show less
Web Spam
Hacking
Brute-Force
Web App Attack
Linuxmalwarehuntingnl
2024-07-03 08:56:56
(3 months ago)
Unauthorized connection attempt
Brute-Force
TPI-Abuse
2024-06-29 20:53:45
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 193.37.32.164 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 193.37.32.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 29 16:53:39.145281 2024] [security2:error] [pid 17967] [client 193.37.32.164:60369] [client 193.37.32.164] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.mthoodmuseum.midwayisland.com|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.mthoodmuseum.midwayisland.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "ZoB0U97XCJ3QuhrOY2f0vwAAABQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
someone
2024-06-28 02:40:57
(3 months ago)
*:443 193.37.32.164 - - [28/Jun/2024:04:40:55 +0200] "GET /config/default.json HTTP/1.1" 404 12937 " ... show more *:443 193.37.32.164 - - [28/Jun/2024:04:40:55 +0200] "GET /config/default.json HTTP/1.1" 404 12937 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36" show less
Web App Attack
ParaBug
2024-06-27 20:35:40
(3 months ago)
193.37.32.164 - - [27/Jun/2024:22:35:40 +0200] "POST /redmine/.env HTTP/1.1" 403 400 "-" "Mozilla/5. ... show more 193.37.32.164 - - [27/Jun/2024:22:35:40 +0200] "POST /redmine/.env HTTP/1.1" 403 400 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
... show less
Phishing
Brute-Force
Web App Attack
TPI-Abuse
2024-06-26 11:23:33
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 193.37.32.164 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 193.37.32.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 26 07:23:25.393875 2024] [security2:error] [pid 11915] [client 193.37.32.164:22973] [client 193.37.32.164] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||autodiscover.cassandramari.com|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.cassandramari.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "Znv6LRyt5k5FD7AreD7tkwAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
FireballDWF
2024-06-26 04:10:17
(3 months ago)
404 NOT FOUND
Web App Attack
TPI-Abuse
2024-06-24 01:27:31
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 193.37.32.164 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 193.37.32.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 23 21:27:25.343726 2024] [security2:error] [pid 16608:tid 46982383015680] [client 193.37.32.164:12525] [client 193.37.32.164] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mta-sts.absurdotron.com|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mta-sts.absurdotron.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "ZnjLfc7FSCI7GsneS9jOhgAAAQ8"] show less
Brute-Force
Bad Web Bot
Web App Attack