Linuxmalwarehuntingnl
2024-07-01 10:38:11
(6 months ago)
Unauthorized connection attempt
Brute-Force
Anonymous
2024-06-27 01:49:36
(6 months ago)
Common attack or app scan event detected and blocked
Port Scan
Hacking
Web App Attack
monitblue
2024-06-26 02:27:00
(6 months ago)
Tentativas de login não autorizadas [accesslogs]
Hacking
Brute-Force
Web App Attack
conseilgouz
2024-06-21 12:22:21
(6 months ago)
ave-7 : Trying access unauthorized files/dir=>/wp-includes/customize/themes.php
Hacking
Hacking
beruys.com
2024-06-18 19:38:43
(7 months ago)
[Tue Jun 18 21:38:42.776244 2024] [proxy_fcgi:error] [pid 249985:tid 140592428603136] [client 212.30 ... show more [Tue Jun 18 21:38:42.776244 2024] [proxy_fcgi:error] [pid 249985:tid 140592428603136] [client 212.30.36.210:56235] AH01071: Got error 'Primary script unknown'
[Tue Jun 18 21:38:42.807452 2024] [proxy_fcgi:error] [pid 249985:tid 140591425894144] [client 212.30.36.210:56235] AH01071: Got error 'Primary script unknown'
[Tue Jun 18 21:38:42.842468 2024] [proxy_fcgi:error] [pid 249985:tid 140591409108736] [client 212.30.36.210:56235] AH01071: Got error 'Primary script unknown'
... show less
DDoS Attack
DDoS Attack
SSH
SSH
darkside
2024-06-14 13:59:35
(7 months ago)
212.30.36.210 - - [14/Jun/2024:09:59:33 -0400] "GET /.well-known/acme-challenge/termps_1.php HTTP/1. ... show more 212.30.36.210 - - [14/Jun/2024:09:59:33 -0400] "GET /.well-known/acme-challenge/termps_1.php HTTP/1.1" 404 71366 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.90 Safari/537.36"
212.30.36.210 - - [14/Jun/2024:09:59:34 -0400] "GET /.well-known/acme-challenge/options.php HTTP/1.1" 404 71366 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36"
... show less
Web App Attack
Web App Attack
TPI-Abuse
2024-06-11 08:57:17
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 212.30.36.210 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.30.36.210 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 11 04:57:01.266950 2024] [security2:error] [pid 4442] [client 212.30.36.210:24271] [client 212.30.36.210] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "doubloonswap.com"] [uri "/restore/sftp-config.json"] [unique_id "ZmgRXep5xwnDrT875SSj2gAAABo"] show less
Brute-Force
Bad Web Bot
Web App Attack
hostseries
2024-06-10 22:25:46
(7 months ago)
Trigger: LF_MODSEC
Brute-Force
Anonymous
2024-06-10 20:18:43
(7 months ago)
212.30.36.210 - - [10/Jun/2024:20:18:42 +0000] "GET /.aws/credentials HTTP/1.1" 404 11 "-" "Mozilla/ ... show more 212.30.36.210 - - [10/Jun/2024:20:18:42 +0000] "GET /.aws/credentials HTTP/1.1" 404 11 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:106.0) Gecko/20100101 Firefox/106.0"
... show less
Hacking
Web App Attack
Mediashaker
2024-06-10 16:08:00
(7 months ago)
(apache-scanners) Failed apache-scanners trigger with match [redacted] from 212.30.36.210 (DE/German ... show more (apache-scanners) Failed apache-scanners trigger with match [redacted] from 212.30.36.210 (DE/Germany/-) show less
Port Scan
Dolphi
2024-06-07 20:42:12
(7 months ago)
POST //xmlrpc.php
Brute-Force
Web App Attack
statistics indonesia
2024-06-07 16:35:35
(7 months ago)
WP Admin Scan Activities
Web App Attack
TPI-Abuse
2024-06-07 06:26:30
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 212.30.36.210 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.36.210 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 07 02:26:14.468868 2024] [security2:error] [pid 11577] [client 212.30.36.210:37231] [client 212.30.36.210] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||isitel.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "isitel.com"] [uri "/wallet.dat"] [unique_id "ZmKoBmS1CPdjT9jCP2dmJgAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
cmbplf
2024-06-02 18:07:07
(7 months ago)
252 requests to */.well-known/pki-validation/*.php
Brute-Force
Bad Web Bot
10dencehispahard SL
2024-05-28 07:00:05
(7 months ago)
Unauthorized login attempts [ accesslogs]
Brute-Force