Anonymous
2024-09-13 13:26:41
(6 days ago)
fail2ban_hh apache-modsecurity [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [uri "/favico ... show more fail2ban_hh apache-modsecurity [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [uri "/favicon.ico"] show less
Web App Attack
chrypox.be
2024-08-16 15:17:57
(1 month ago)
[Fri Aug 16 17:04:18.890819 2024] [:error] [pid 3624:tid 3792] [client 37.19.207.89:51798] [client 3 ... show more [Fri Aug 16 17:04:18.890819 2024] [:error] [pid 3624:tid 3792] [client 37.19.207.89:51798] [client 37.19.207.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "153"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "62.197.121.143"] [uri "/+CSCOE+/files/file_list.json"] [unique_id "Zr9qcYWpf5s80Q4USgMAmgAAAFg"]
[Fri Aug 16 17:17:54.482756 2024] [:error] [pid 3624:tid 3732] [client 37.19.207.89:7508] [client 37.19.207.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "153"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8
... show less
Hacking
Web App Attack
webbie
2024-08-16 14:44:07
(1 month ago)
37.19.207.89 - - [16/Aug/2024:16:32:21 +0200] "GET /login.html HTTP/1.1" 404 3648 "Mozilla/5.0 (Wind ... show more 37.19.207.89 - - [16/Aug/2024:16:32:21 +0200] "GET /login.html HTTP/1.1" 404 3648 "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36"
37.19.207.89 - - [16/Aug/2024:16:36:02 +0200] "POST /human.aspx?Username=SQL%27 HTTP/1.1" 404 3648 "Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2919.83 Safari/537.36"
37.19.207.89 - - [16/Aug/2024:16:38:52 +0200] "POST /?PHPRC=/dev/fd/0 HTTP/1.1" 403 3651 "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36"
37.19.207.89 - - [16/Aug/2024:16:44:06 +0200] "GET /app?service=page/SetupCompleted HTTP/1.1" 404 3648 "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36"
37.19.207.89 - - [16/Aug/2024:16:44:06 +0200] "POST /app HTTP/1.1" 403 3651 "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
... show less
Brute-Force
Web App Attack
Anonymous
2024-08-16 14:29:26
(1 month ago)
fail2ban_hh apache-modsecurity [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [uri "/favico ... show more fail2ban_hh apache-modsecurity [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [uri "/favicon.ico"] show less
Web App Attack
webbie
2024-08-02 14:19:41
(1 month ago)
37.19.207.89 - - [02/Aug/2024:16:04:50 +0200] "GET /login.html HTTP/1.1" 404 3648 "Mozilla/5.0 (Wind ... show more 37.19.207.89 - - [02/Aug/2024:16:04:50 +0200] "GET /login.html HTTP/1.1" 404 3648 "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36"
37.19.207.89 - - [02/Aug/2024:16:09:14 +0200] "POST /human.aspx?Username=SQL%27 HTTP/1.1" 404 3648 "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36"
37.19.207.89 - - [02/Aug/2024:16:12:46 +0200] "POST /?PHPRC=/dev/fd/0 HTTP/1.1" 403 3651 "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36"
37.19.207.89 - - [02/Aug/2024:16:19:39 +0200] "GET /app?service=page/SetupCompleted HTTP/1.1" 404 3648 "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.93 Safari/537.36"
37.19.207.89 - - [02/Aug/2024:16:19:40 +0200] "POST /app HTTP/1.1" 403 3651 "Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36"
... show less
Brute-Force
Web App Attack
chrypox.be
2024-08-02 14:16:28
(1 month ago)
[Fri Aug 02 16:11:25.967691 2024] [:error] [pid 265811:tid 265878] [client 37.19.207.89:44004] [clie ... show more [Fri Aug 02 16:11:25.967691 2024] [:error] [pid 265811:tid 265878] [client 37.19.207.89:44004] [client 37.19.207.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "153"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "62.197.121.143"] [uri "/"] [unique_id "ZqzpDVDrMZ4JsZVp2J5Z7AAAABU"]
[Fri Aug 02 16:16:26.233845 2024] [:error] [pid 265812:tid 265978] [client 37.19.207.89:60406] [client 37.19.207.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "153"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRI
... show less
Hacking
Web App Attack
Anonymous
2024-08-02 14:00:29
(1 month ago)
fail2ban_hh apache-modsecurity [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [uri "/favico ... show more fail2ban_hh apache-modsecurity [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [uri "/favicon.ico"] show less
Web App Attack
webbie
2024-07-19 13:45:37
(2 months ago)
37.19.207.89 - - [19/Jul/2024:15:31:12 +0200] "GET /login.html HTTP/1.1" 404 3648 "Mozilla/5.0 (Maci ... show more 37.19.207.89 - - [19/Jul/2024:15:31:12 +0200] "GET /login.html HTTP/1.1" 404 3648 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2656.18 Safari/537.36"
37.19.207.89 - - [19/Jul/2024:15:36:13 +0200] "POST /human.aspx?Username=SQL%27 HTTP/1.1" 404 3648 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
37.19.207.89 - - [19/Jul/2024:15:39:45 +0200] "POST /?PHPRC=/dev/fd/0 HTTP/1.1" 403 3651 "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2227.0 Safari/537.36"
37.19.207.89 - - [19/Jul/2024:15:45:34 +0200] "GET /app?service=page/SetupCompleted HTTP/1.1" 404 3648 "Mozilla/5.0 (X11; Ubuntu; Linux i686 on x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2820.59 Safari/537.36"
37.19.207.89 - - [19/Jul/2024:15:45:35 +0200] "POST /app HTTP/1.1" 403 3651 "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome
... show less
Brute-Force
Web App Attack
Anonymous
2024-07-19 13:28:15
(2 months ago)
fail2ban_hh apache-modsecurity [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [uri "/favico ... show more fail2ban_hh apache-modsecurity [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [uri "/favicon.ico"] show less
Web App Attack
webbie
2024-07-06 05:09:15
(2 months ago)
37.19.207.89 - - [06/Jul/2024:06:53:38 +0200] "GET /login.html HTTP/1.1" 404 3648 "Mozilla/5.0 (Maci ... show more 37.19.207.89 - - [06/Jul/2024:06:53:38 +0200] "GET /login.html HTTP/1.1" 404 3648 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2866.71 Safari/537.36"
37.19.207.89 - - [06/Jul/2024:06:59:18 +0200] "POST /human.aspx?Username=SQL%27 HTTP/1.1" 404 3648 "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2309.372 Safari/537.36"
37.19.207.89 - - [06/Jul/2024:07:03:09 +0200] "POST /?PHPRC=/dev/fd/0 HTTP/1.1" 403 3651 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36"
37.19.207.89 - - [06/Jul/2024:07:09:12 +0200] "GET /app?service=page/SetupCompleted HTTP/1.1" 404 3648 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36"
37.19.207.89 - - [06/Jul/2024:07:09:13 +0200] "POST /app HTTP/1.1" 403 3651 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Geck
... show less
Brute-Force
Web App Attack
chrypox.be
2024-07-06 05:07:01
(2 months ago)
[Sat Jul 06 07:02:12.701154 2024] [:error] [pid 5587:tid 5712] [client 37.19.207.89:21652] [client 3 ... show more [Sat Jul 06 07:02:12.701154 2024] [:error] [pid 5587:tid 5712] [client 37.19.207.89:21652] [client 37.19.207.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "153"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "62.197.121.143"] [uri "/"] [unique_id "ZojP0-w32eweoicSLE1ktQAAAIA"]
[Sat Jul 06 07:07:00.114188 2024] [:error] [pid 5584:tid 5748] [client 37.19.207.89:27212] [client 37.19.207.89] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "153"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"]
... show less
Hacking
Web App Attack
Anonymous
2024-07-06 04:50:57
(2 months ago)
fail2ban_hh apache-modsecurity [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [uri "/favico ... show more fail2ban_hh apache-modsecurity [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [uri "/favicon.ico"] show less
Web App Attack
Linuxmalwarehuntingnl
2024-07-01 10:33:57
(2 months ago)
Unauthorized connection attempt
Brute-Force
Anonymous
2024-06-24 21:47:50
(2 months ago)
fail2ban_hh apache-modsecurity [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [uri "/app/re ... show more fail2ban_hh apache-modsecurity [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [uri "/app/rest/users/id:1/tokens/2iLLb4LshxiVTguDjvoW3YIvegH;.jsp"] show less
Web App Attack
webbie
2024-06-24 12:48:58
(2 months ago)
37.19.207.89 - - [24/Jun/2024:14:36:59 +0200] "GET /login.html HTTP/1.1" 404 360 "Mozilla/5.0 (Windo ... show more 37.19.207.89 - - [24/Jun/2024:14:36:59 +0200] "GET /login.html HTTP/1.1" 404 360 "Mozilla/5.0 (Windows NT 6.4; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2225.0 Safari/537.36"
37.19.207.89 - - [24/Jun/2024:14:36:59 +0200] "GET /login.html HTTP/1.1" 404 3662 "Mozilla/5.0 (Windows NT 4.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36"
37.19.207.89 - - [24/Jun/2024:14:44:27 +0200] "POST /human.aspx?Username=SQL%27 HTTP/1.1" 404 360 "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36"
37.19.207.89 - - [24/Jun/2024:14:44:27 +0200] "POST /human.aspx?Username=SQL%27 HTTP/1.1" 404 3662 "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36"
37.19.207.89 - - [24/Jun/2024:14:48:57 +0200] "POST /?PHPRC=/dev/fd/0 HTTP/1.1" 403 363 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36
... show less
Brute-Force
Web App Attack