๐บ๐ธ
COMPLEX
2025-05-19 16:50:17
(1 year ago)
Triggered Cloudflare WAF (firewallCustom) from CN.
Action taken: BLOCK
ASN: 37963 (ALIBABA-CN-NET Ha ...
show more
Triggered Cloudflare WAF (firewallCustom) from CN.
Action taken: BLOCK
ASN: 37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd.)
Protocol: HTTP/1.1 (GET method)
Timestamp: 2025-05-19T11:16:32Z
show less
Bad Web Bot
๐บ๐ธ
COMPLEX
2025-05-19 10:50:04
(1 year ago)
Triggered Cloudflare WAF (firewallCustom) from CN.
Action taken: BLOCK
ASN: 37963 (ALIBABA-CN-NET Ha ...
show more
Triggered Cloudflare WAF (firewallCustom) from CN.
Action taken: BLOCK
ASN: 37963 (ALIBABA-CN-NET Hangzhou Alibaba Advertising Co.,Ltd.)
Protocol: HTTP/1.1 (GET method)
Timestamp: 2025-05-19T10:47:29Z
show less
Bad Web Bot
Anonymous
2025-05-19 08:56:38
(1 year ago)
This IP was detected by CrowdSec triggering crowdsecurity/CVE-2019-18935
Exploited Host
๐ฉ๐ช
conseilgouz
2025-05-19 08:54:27
(1 year ago)
sle-17 : Block hidden directories=>/.vscode/sftp.json(/)
Hacking
Anonymous
2025-05-19 08:05:04
(1 year ago)
Failed login attempt detected by Fail2Ban in plesk-modsecurity jail
Exploited Host
๐บ๐ธ
rdpguard.com
2025-05-19 07:35:54
(1 year ago)
RdpGuard detected brute-force attempt on HTTP
Brute-Force
๐บ๐ธ
mnsf
2025-05-19 07:05:14
(1 year ago)
Too many Status 40X (35)
Brute-Force
Web App Attack
๐ซ๐ท
uhlhosting
2025-05-19 06:59:20
(1 year ago)
uhl.cloud 39.106.163.131 - - [19/May/2025:08:39:26.808662 +0200] "GET /.vscode/sftp.json HTTP/1.1" 4 ...
show more
uhl.cloud 39.106.163.131 - - [19/May/2025:08:39:26.808662 +0200] "GET /.vscode/sftp.json HTTP/1.1" 403 199 "-" "-" aCrSHkbdz9BFkkCltK8uWwAAAAM "-" /apache/20250519/20250519-0839/20250519-083926-aCrSHkbdz9BFkkCltK8uWwAAAAM 0 1312 md5:a3f411034d6cc811712babbdc460e5cb
uhl.cloud 39.106.163.131 - - [19/May/2025:08:45:18.620194 +0200] "GET /.git/config HTTP/1.1" 403 199 "-" "-" aCrTflCUStefSY45p80YSAAAARA "-" /apache/20250519/20250519-0845/20250519-084518-aCrTflCUStefSY45p80YSAAAARA 0 1303 md5:2a3583d1994d9b725578eccb01c7e371
uhl.cloud 39.106.163.131 - - [19/May/2025:08:45:57.991735 +0200] "GET /.ftpconfig HTTP/1.1" 403 199 "-" "-" aCrTpfXL5xsChaNUR-B-EwAAAJM "-" /apache/20250519/20250519-0845/20250519-084557-aCrTpfXL5xsChaNUR-B-EwAAAJM 0 1308 md5:33b77409b7a49ef96dfb0c1a88475764
uhl.cloud 39.106.163.131 - - [19/May/2025:08:56:27.347722 +0200] "GET /.aws/credentials HTTP/1.1" 403 199 "-" "-" aCrWG_XL5xsChaNUR-B-zAAAAIc "-" /apache/20250519/20250519-0856/20250519-085627-aCrWG_XL5xsChaNUR-B
...
show less
DDoS Attack
Brute-Force
๐บ๐ธ
TPI-Abuse
2025-05-19 05:56:49
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 39.106.163.131 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 39.106.163.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 19 01:56:41.565721 2025] [security2:error] [pid 2736035:tid 2736035] [client 39.106.163.131:47132] [client 39.106.163.131] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||automotiveforms.net|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "automotiveforms.net"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aCrIGev1J9jv2bu3wxG85gAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-05-19 05:34:30
(1 year ago)
Ports: 80,443; Direction: 0; Trigger: LF_MODSEC
Brute-Force
SSH
๐ฌ๐ง
openstrike.co.uk
2025-05-19 05:12:33
(1 year ago)
2 attacks on password grabbing URLs:
GET /.aws/credentials HTTP/1.1
Hacking
๐ฉ๐ช
Roper123
2025-05-19 04:36:53
(1 year ago)
Web exploits - access forbidden
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-05-19 04:31:20
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 39.106.163.131 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 39.106.163.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 19 00:31:16.295155 2025] [security2:error] [pid 128767:tid 128767] [client 39.106.163.131:43500] [client 39.106.163.131] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||organizeit.biz|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "organizeit.biz"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aCq0FHF-qcVbLxKj81midgAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-05-19 01:50:06
(1 year ago)
IP banned by Fail2Ban in jail nginx-abusive-ips
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-05-19 01:15:25
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 39.106.163.131 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 39.106.163.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 18 21:15:16.827689 2025] [security2:error] [pid 657250:tid 657250] [client 39.106.163.131:42416] [client 39.106.163.131] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "triplecrownfundraising.com"] [uri "/sftp-config.json"] [unique_id "aCqGJDV_RF4bFze6Z1I98gAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack