FeG Deutschland
2025-01-02 18:29:02
(1 week ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 147
Exploited Host
Web App Attack
TPI-Abuse
2024-12-31 16:11:30
(1 week ago)
(mod_security) mod_security (id:210381) triggered by 35.189.208.192 (192.208.189.35.bc.googleusercon ... show more (mod_security) mod_security (id:210381) triggered by 35.189.208.192 (192.208.189.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 31 11:11:25.417473 2024] [security2:error] [pid 18120:tid 18120] [client 35.189.208.192:43952] [client 35.189.208.192] ModSecurity: Access denied with code 403 (phase 2). Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "82"] [id "210381"] [rev "6"] [msg "COMODO WAF: URL Encoding Abuse Attack Attempt||stacyfarm.com|F|4"] [data "REQUEST_URI=/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/js/%url%"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "stacyfarm.com"] [uri "/wp-content/plugins/easy-facebook-likebox/facebook/frontend/assets/js/%url%"] [unique_id "Z3QXrc2Yilq2KQpsHLrcmgAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-12-31 10:16:01
(1 week ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TPI-Abuse
2024-12-30 13:54:47
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 35.189.208.192 (192.208.189.35.bc.googleusercon ... show more (mod_security) mod_security (id:210730) triggered by 35.189.208.192 (192.208.189.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 30 08:54:42.647833 2024] [security2:error] [pid 3044610:tid 3044610] [client 35.189.208.192:40908] [client 35.189.208.192] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||techspertnet.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "techspertnet.com"] [uri "/[email protected] "] [unique_id "Z3KmInUk-NjqFmi9ijBmmAAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-12-28 12:43:15
(2 weeks ago)
Malicious activity detected
Hacking
Brute-Force
FeG Deutschland
2024-12-26 19:28:43
(2 weeks ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 147
Exploited Host
Web App Attack
FeG Deutschland
2024-12-25 08:08:22
(2 weeks ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 147
Exploited Host
Web App Attack
conseilgouz
2024-12-25 07:07:29
(2 weeks ago)
arw-Joomla User : try to access forms...
Hacking
MAGIC
2024-12-19 18:01:06
(3 weeks ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
FeG Deutschland
2024-12-19 11:02:01
(3 weeks ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 1347
Exploited Host
Web App Attack
RLDD
2024-12-19 04:42:00
(3 weeks ago)
WP probing for vulnerabilities -kjv
Web App Attack
TPI-Abuse
2024-12-19 01:30:51
(3 weeks ago)
(mod_security) mod_security (id:210381) triggered by 35.189.208.192 (192.208.189.35.bc.googleusercon ... show more (mod_security) mod_security (id:210381) triggered by 35.189.208.192 (192.208.189.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 18 20:30:48.673682 2024] [security2:error] [pid 3370688:tid 3370688] [client 35.189.208.192:39518] [client 35.189.208.192] ModSecurity: Access denied with code 403 (phase 2). Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "82"] [id "210381"] [rev "6"] [msg "COMODO WAF: URL Encoding Abuse Attack Attempt||www.memphislimousines.com|F|4"] [data "REQUEST_URI=/assets/js/%url%"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.memphislimousines.com"] [uri "/assets/js/%url%"] [unique_id "Z2N3SNXa37OoY0aDPg5qXQAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack
Carsten
2024-12-18 07:45:37
(3 weeks ago)
port scan with outdated browser [firefox/52.]
Port Scan
TPI-Abuse
2024-12-15 02:18:27
(4 weeks ago)
(mod_security) mod_security (id:210730) triggered by 35.189.208.192 (192.208.189.35.bc.googleusercon ... show more (mod_security) mod_security (id:210730) triggered by 35.189.208.192 (192.208.189.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 14 21:18:19.072741 2024] [security2:error] [pid 15849:tid 15866] [client 35.189.208.192:37430] [client 35.189.208.192] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||vtweaversguild.org|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vtweaversguild.org"] [uri "/VWG-FORUM/[email protected] "] [unique_id "Z148a0Cm2mKSF5nUghlCRgAAAE8"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-12-12 15:41:00
(1 month ago)
Bad Bot
Bad Web Bot