๐ณ๐ด
jad-abuse
2026-07-17 09:38:10
(46 minutes ago)
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: wp_admin, ...
show more
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: wp_admin, cgi_probe, db_dump. Observed by 1 sensor(s); 37 hits.
show less
Hacking
Brute-Force
Web App Attack
๐บ๐ธ
Matthew Ping
2026-07-17 09:30:06
(54 minutes ago)
ModSecurity rule 949110 triggered on wp3. Web application attack blocked by CSF/LFD.
Web App Attack
Hacking
๐จ๐ญ
Origon
2026-07-17 09:21:11
(1 hour ago)
http-probing - IP: 41.62.251.160 - time="2026-07-17T11:21:11+02:00" level=info msg="(555f66b4f6a745 ...
show more
http-probing - IP: 41.62.251.160 - time="2026-07-17T11:21:11+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-probing by ip 41.62.251.160 (TN/37705) : 4h ban on Ip 41.62.251.160" module=db
show less
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2026-07-17 09:11:22
(1 hour ago)
41.62.251.160 - - [17/Jul/2026:12:11:17 +0300] "GET /cgi-bin/cgiServer.exx?download=/etc/passwd HTTP ...
show more
41.62.251.160 - - [17/Jul/2026:12:11:17 +0300] "GET /cgi-bin/cgiServer.exx?download=/etc/passwd HTTP/1.1" 404 729 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:1.9.6.20) Gecko/ Firefox/3.6.5"
41.62.251.160 - - [17/Jul/2026:12:11:21 +0300] "GET /wp-content/wphb-logs/api-debug.log HTTP/1.1" 404 729 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_3; en-ca) AppleWebKit/525.18 (KHTML, like Gecko) Version/3.1.1 Safari/525.20"
...
show less
Web App Attack
Anonymous
2026-07-17 08:59:44
(1 hour ago)
Fail2Ban apache-noscript
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-17 08:33:41
(1 hour ago)
(mod_security) mod_security (id:211190) triggered by 41.62.251.160 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:211190) triggered by 41.62.251.160 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 04:33:35.186749 2026] [security2:error] [pid 704142:tid 704142] [client 41.62.251.160:51806] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||danzadance.org|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /cgi-bin/cgiServer.exx?download=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "danzadance.org"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "alno39bpxQ7kS_8xKSLrqgAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-17 08:03:58
(2 hours ago)
Fail2Ban nginx-botsearch on Security-Instance. Persistent malicious activity detected. Evidence:
/va ...
show more
Fail2Ban nginx-botsearch on Security-Instance. Persistent malicious activity detected. Evidence:
/var/log/nginx/access.log:41.62.251.160 - - [17/Jul/2026:10:03:54 +0200] "GET /bin/login/XWikiLogin?xpage=uorgsuggest&uorg=user&wiki&media=json HTTP/1.1" 404 11615 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; it-it) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27" "-"
/var/log/nginx/access.log:41.62.251.160 - - [17/Jul/2026:10:03:54 +0200] "GET / HTTP/1.1" 200 17686 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0.1 Safari/605.1.15" "-"
/var/log/nginx/access.log:41.62.251.160 - admin [17/Jul/2026:10:03:57 +0200] "GET /backup2.cgi HTTP/1.1" 404 11615 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) A
show less
Bad Web Bot
๐บ๐ธ
ipblock.com
2026-07-17 07:52:00
(2 hours ago)
IPBlock protected site ID [1365-l].
Exploit request, vulnerability scanner.
Hacking
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 07:32:23
(2 hours ago)
(mod_security) mod_security (id:211190) triggered by 41.62.251.160 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:211190) triggered by 41.62.251.160 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 03:32:14.487853 2026] [security2:error] [pid 449283:tid 449283] [client 41.62.251.160:51589] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||gubbio.name|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /cgi-bin/cgiServer.exx?download=/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gubbio.name"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "alnafnfN9rVWPOJzJYfXTAAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 06:21:52
(4 hours ago)
(mod_security) mod_security (id:949110) triggered by 41.62.251.160 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:949110) triggered by 41.62.251.160 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 02:21:45.994505 2026] [security2:error] [pid 305054:tid 305054] [client 41.62.251.160:1028] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "experimentalscene.com"] [uri "/cgi-bin/cgiServer.exx"] [unique_id "alnJ-dSc5fRYJum4zXDHVAAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
Tilellit.PRO
2026-07-17 06:14:20
(4 hours ago)
Malicious web traffic detected by CrowdSec
Hacking
Anonymous
2026-07-17 05:43:08
(4 hours ago)
Fail2Ban nginx-botsearch on Security-Instance. Persistent malicious activity detected. Evidence:
/va ...
show more
Fail2Ban nginx-botsearch on Security-Instance. Persistent malicious activity detected. Evidence:
/var/log/nginx/access.log:41.62.251.160 - helpdeskIntegrationUser [17/Jul/2026:07:43:07 +0200] "GET /helpdesk/WebObjects/Helpdesk.woa/ra/OrionTickets/ HTTP/1.1" 404 11615 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:138.0) Gecko/20100101 Firefox/138.0" "-"
/var/log/nginx/access.log:41.62.251.160 - - [17/Jul/2026:07:43:08 +0200] "GET / HTTP/1.1" 200 17686 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56" "-"
/var/log/nginx/access.log:41.62.251.160 - - [17/Jul/2026:07:43:08 +0200] "GET /backupsettings.dat HTTP/1.1" 404 11615 "-" "Mozilla/5.0 (Knoppix; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/53
show less
Bad Web Bot
๐ซ๐ท
dynamix
2026-07-17 05:02:24
(5 hours ago)
Multiple WAF Violations
Web App Attack