Mendip_Defender
2024-11-14 13:43:27
(2 weeks ago)
[14/Nov/2024:13:43:35.130693 +0000] ZzX-h8MKbKrV-kjSy2FJ4gAAAA0 23.94.111.164 50900 188.246.206.60 7 ... show more [14/Nov/2024:13:43:35.130693 +0000] ZzX-h8MKbKrV-kjSy2FJ4gAAAA0 23.94.111.164 50900 188.246.206.60 7081
[14/Nov/2024:13:43:36.229154 +0000] ZzX-iCyKJCSkVA1ysXsFCAAAAIc 23.94.111.164 50914 188.246.206.60 7081
... show less
Brute-Force
Anonymous
2024-11-14 13:20:56
(2 weeks ago)
XSS Attempt
Hacking
Anonymous
2024-11-14 13:00:07
(2 weeks ago)
| XSS (Cross Site Scripting) attempt.
Hacking
SQL Injection
Web App Attack
backslash
2024-11-14 12:40:07
(2 weeks ago)
block ruleset AA06B7315BA6AEB6421B52F0B32E14B509FD5FF0
SQL Injection
Gwyneth Llewelyn
2024-11-14 11:51:54
(2 weeks ago)
23.94.111.164 - - [14/Nov/2024:11:51:53 +0000] "POST /cgi-bin/rpc HTTP/2.0" 404 1064 "-" "Mozilla/5. ... show more 23.94.111.164 - - [14/Nov/2024:11:51:53 +0000] "POST /cgi-bin/rpc HTTP/2.0" 404 1064 "-" "Mozilla/5.0 (CentOS; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" show less
Bad Web Bot
TPI-Abuse
2024-11-14 11:37:54
(2 weeks ago)
(mod_security) mod_security (id:217200) triggered by 23.94.111.164 (23-94-111-164-host.colocrossing. ... show more (mod_security) mod_security (id:217200) triggered by 23.94.111.164 (23-94-111-164-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 06:37:50.336224 2024] [security2:error] [pid 17987:tid 17987] [client 23.94.111.164:56626] [client 23.94.111.164] ModSecurity: Access denied with code 403 (phase 1). Match of "endsWith /wp-cron.php" against "REQUEST_FILENAME" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "103"] [id "217200"] [rev "2"] [msg "COMODO WAF: HTTP/1.1 POST request missing Content-Length Header||www.glendaleheritage.org|F|2"] [data "/guest_auth/guestisup.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "www.glendaleheritage.org"] [uri "/guest_auth/guestIsUp.php"] [unique_id "ZzXhDtXWQ9gfJCv7GvfYxAAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
mnsf
2024-11-14 11:06:10
(2 weeks ago)
Too many Status 40X (21)
Brute-Force
Web App Attack
TPI-Abuse
2024-11-14 10:37:33
(2 weeks ago)
(mod_security) mod_security (id:212620) triggered by 23.94.111.164 (23-94-111-164-host.colocrossing. ... show more (mod_security) mod_security (id:212620) triggered by 23.94.111.164 (23-94-111-164-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 05:37:29.283578 2024] [security2:error] [pid 2653:tid 2653] [client 23.94.111.164:39968] [client 23.94.111.164] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||www.beirutbazar.com|F|2"] [data "Matched Data: <script found within REQUEST_URI: /wp-content/plugins/dhtmlxspreadsheet/codebase/spreadsheet.php?page=<script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.beirutbazar.com"] [uri "/wp-content/plugins/dhtmlxspreadsheet/codebase/spreadsheet.php"] [unique_id "ZzXS6d_hb2zWegDTUo4a-wAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
netclix.gr
2024-11-14 10:32:26
(2 weeks ago)
(CT) IP 23.94.111.164 (US/United States/Illinois/Elk Grove Village/23-94-111-164-host.colocrossing.c ... show more (CT) IP 23.94.111.164 (US/United States/Illinois/Elk Grove Village/23-94-111-164-host.colocrossing.com) found to have 12 connections; Ports: *; Direction: inout; Trigger: CT_LIMIT; Logs: tcp: 23.94.111.164:41288 -> 148.251.44.120:443 (TIME_WAIT)
tcp: 23.94.111.164:41260 -> 148.251.44.120:443 (TIME_WAIT)
tcp: 23.94.111.164:41284 -> 148.251.44.120:443 (TIME_WAIT)
tcp: 23.94.111.164:41268 -> 148.251.44.120:443 (TIME_WAIT)
tcp: 23.94.111.164:41274 -> 148.251.44.120:443 (TIME_WAIT)
tcp: 23.94.111.164:41252 -> 148.251.44.120:443 (TIME_WAIT)
tcp: 23.94.111.164:41266 -> 148.251.44.120:443 (TIME_WAIT)
tcp: 23.94.111.164:41286 -> 148.251.44.120:443 (TIME_WAIT)
tcp: 23.94.111.164:41276 -> 148.251.44.120:443 (TIME_WAIT)
tcp: 23.94.111.164:41262 -> 148.251.44.120:443 (TIME_WAIT)
tcp: 23.94.111.164:41282 -> 148.251.44.120:443 (TIME_WAIT)
tcp: 23.94.111.164:41258 -> 148.251.44.120:443 (TIME_WAIT) show less
Port Scan
TPI-Abuse
2024-11-14 09:38:51
(2 weeks ago)
(mod_security) mod_security (id:217200) triggered by 23.94.111.164 (23-94-111-164-host.colocrossing. ... show more (mod_security) mod_security (id:217200) triggered by 23.94.111.164 (23-94-111-164-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 04:38:46.158698 2024] [security2:error] [pid 1609617:tid 1609617] [client 23.94.111.164:36996] [client 23.94.111.164] ModSecurity: Access denied with code 403 (phase 1). Match of "endsWith /wp-cron.php" against "REQUEST_FILENAME" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "103"] [id "217200"] [rev "2"] [msg "COMODO WAF: HTTP/1.1 POST request missing Content-Length Header||strawusa.com|F|2"] [data "/guest_auth/guestisup.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "strawusa.com"] [uri "/guest_auth/guestIsUp.php"] [unique_id "ZzXFJr0DeE0fDzHUCi0BeQAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-14 09:09:44
(2 weeks ago)
(mod_security) mod_security (id:217200) triggered by 23.94.111.164 (23-94-111-164-host.colocrossing. ... show more (mod_security) mod_security (id:217200) triggered by 23.94.111.164 (23-94-111-164-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 04:09:37.314618 2024] [security2:error] [pid 18608:tid 18622] [client 23.94.111.164:57744] [client 23.94.111.164] ModSecurity: Access denied with code 403 (phase 1). Match of "endsWith /wp-cron.php" against "REQUEST_FILENAME" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "103"] [id "217200"] [rev "2"] [msg "COMODO WAF: HTTP/1.1 POST request missing Content-Length Header||princesscastlebunkbed.com|F|2"] [data "/guest_auth/guestisup.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "princesscastlebunkbed.com"] [uri "/guest_auth/guestIsUp.php"] [unique_id "ZzW-UfeTj4uENmhhaLWYmgAAAEs"] show less
Brute-Force
Bad Web Bot
Web App Attack
URAN Publishing Service
2024-11-14 09:06:14
(2 weeks ago)
23.94.111.164 - - [14/Nov/2024:11:06:14 +0200] "POST /wp-content/plugins/age-verification/age-verifi ... show more 23.94.111.164 - - [14/Nov/2024:11:06:14 +0200] "POST /wp-content/plugins/age-verification/age-verification.php HTTP/1.1" 404 2830 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4.1 Safari/605.4.25"
... show less
Web App Attack
Apache
2024-11-14 08:45:37
(2 weeks ago)
(mod_security) mod_security (id:211190) triggered by 23.94.111.164 (US/United States/23-94-111-164-h ... show more (mod_security) mod_security (id:211190) triggered by 23.94.111.164 (US/United States/23-94-111-164-host.colocrossing.com): 5 in the last 300 secs show less
Brute-Force
Web App Attack
Web App Attack
TPI-Abuse
2024-11-14 08:42:15
(2 weeks ago)
(mod_security) mod_security (id:212620) triggered by 23.94.111.164 (23-94-111-164-host.colocrossing. ... show more (mod_security) mod_security (id:212620) triggered by 23.94.111.164 (23-94-111-164-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 03:42:11.178757 2024] [security2:error] [pid 22173:tid 22173] [client 23.94.111.164:37400] [client 23.94.111.164] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||modmove.com|F|2"] [data "Matched Data: <script found within REQUEST_URI: /wp-content/plugins/dhtmlxspreadsheet/codebase/spreadsheet.php?page=<script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "modmove.com"] [uri "/wp-content/plugins/dhtmlxspreadsheet/codebase/spreadsheet.php"] [unique_id "ZzW34-MbrZKKaz70vvbYMgAAABw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-14 08:13:38
(2 weeks ago)
(mod_security) mod_security (id:217200) triggered by 23.94.111.164 (23-94-111-164-host.colocrossing. ... show more (mod_security) mod_security (id:217200) triggered by 23.94.111.164 (23-94-111-164-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 03:13:35.128526 2024] [security2:error] [pid 27716:tid 27716] [client 23.94.111.164:49598] [client 23.94.111.164] ModSecurity: Access denied with code 403 (phase 1). Match of "endsWith /wp-cron.php" against "REQUEST_FILENAME" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "103"] [id "217200"] [rev "2"] [msg "COMODO WAF: HTTP/1.1 POST request missing Content-Length Header||journeytoaclosedcity.com|F|2"] [data "/guest_auth/guestisup.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "journeytoaclosedcity.com"] [uri "/guest_auth/guestIsUp.php"] [unique_id "ZzWxL25kxzlupi5LM-YEuQAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack