๐ซ๐ฎ
FlamingMojo
2025-11-21 00:41:43
(7 months ago)
Cowrie Honeypot: Unauthorised SSH/Telnet login attempt with user "root" at 2025-11-21T00:41:43Z
Brute-Force
SSH
๐ช๐ธ
masterguru
2025-11-18 07:33:24
(8 months ago)
COMODO WAF: URL file extension is restricted by policy. Match of "pmFromFile userdata_wl_extensions" ...
show more
COMODO WAF: URL file extension is restricted by policy. Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. (210730-122)
show less
Hacking
๐บ๐ธ
xmission.com
2025-11-07 00:51:30
(8 months ago)
5.255.111.64 - - [06/Nov/2025:17:51:29 -0700] "POST /wp-login.php HTTP/1.1" 200 2328 "-" "Mozilla/5. ...
show more
5.255.111.64 - - [06/Nov/2025:17:51:29 -0700] "POST /wp-login.php HTTP/1.1" 200 2328 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0"
...
show less
Brute-Force
๐ง๐ช
madeit
2025-11-04 19:55:49
(8 months ago)
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-28 07:50:42
(8 months ago)
(mod_security) mod_security (id:210492) triggered by 5.255.111.64 (kornnatter.dedyn.io): 1 in the la ...
show more
(mod_security) mod_security (id:210492) triggered by 5.255.111.64 (kornnatter.dedyn.io): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 03:50:35.158655 2025] [security2:error] [pid 861:tid 861] [client 5.255.111.64:51558] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.luenwowine.com"] [uri "/.git/config"] [unique_id "aQB1y47I0IO4O8pd-d75AAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-13 07:26:42
(9 months ago)
(mod_security) mod_security (id:210831) triggered by 5.255.111.64 (kornnatter.dedyn.io): 1 in the la ...
show more
(mod_security) mod_security (id:210831) triggered by 5.255.111.64 (kornnatter.dedyn.io): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 13 03:26:37.185280 2025] [security2:error] [pid 9876:tid 9888] [client 5.255.111.64:47790] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.thatspecial.com|F|4"] [data "panscient.com"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.thatspecial.com"] [uri "/"] [unique_id "aOyprfl7Tw_3iAQv8XxjzAAAAQo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
oncord
2025-10-10 05:28:43
(9 months ago)
Form spam
Web Spam
๐ง๐ช
cmbplf
2025-09-15 18:59:40
(10 months ago)
9.707 requests in 1 hour (1mo2w1dfromnow)
Brute-Force
Bad Web Bot
๐ฐ๐ท
forgeban
2025-09-08 01:49:37
(10 months ago)
Session Report (UTC: 2025-09-08T01:49:37.061Z)
Session Duration: 2025-09-08T01:49:34.057Z - 2025-09- ...
show more
Session Report (UTC: 2025-09-08T01:49:37.061Z)
Session Duration: 2025-09-08T01:49:34.057Z - 2025-09-08T01:49:37.061Z
Client: SSH-2.0-libssh_0.9.6
Source Port: 48460
Activities:
- no_auth
- no_auth
- Login attempt - User: root (SUCCESS)
- connection
- connection_close
show less
Hacking
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2025-09-05 17:08:51
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 5.255.111.64 (kornnatter.dedyn.io): 1 in the la ...
show more
(mod_security) mod_security (id:210730) triggered by 5.255.111.64 (kornnatter.dedyn.io): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 05 13:08:43.552003 2025] [security2:error] [pid 26734:tid 26734] [client 5.255.111.64:37958] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||keyspring-niseko.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "keyspring-niseko.com"] [uri "/yspring-niseko.sql"] [unique_id "aLsZG2Qhd6hFr8sp1EWDfAAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-09-04 19:03:51
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 5.255.111.64 (kornnatter.dedyn.io): 1 in the la ...
show more
(mod_security) mod_security (id:210730) triggered by 5.255.111.64 (kornnatter.dedyn.io): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 04 15:03:48.278878 2025] [security2:error] [pid 25778:tid 25778] [client 5.255.111.64:57886] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||fusionrep.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "fusionrep.com"] [uri "/sionrep.sql"] [unique_id "aLnilEdISTl6rvpEwW-qWwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
oncord
2025-09-04 12:38:38
(10 months ago)
Form spam
Web Spam
๐ฉ๐ช
Packets-Decreaser.NET
2025-09-01 20:33:31
(10 months ago)
Incoming Layer 7 Flood Detected
DDoS Attack
Web Spam
๐จ๐ญ
backslash
2025-09-01 13:55:18
(10 months ago)
block ruleset 3D3AFA921A373ECE19B6BA285C2D722163304638
Bad Web Bot
๐ฉ๐ช
Packets-Decreaser.NET
2025-08-31 17:43:05
(10 months ago)
Incoming Layer 7 Flood Detected
DDoS Attack
Web Spam