MAGIC
2024-12-05 03:04:46
(1 month ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
MAGIC
2024-10-25 03:00:12
(2 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Anonymous
2024-10-19 01:33:26
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
rtbh.com.tr
2024-10-18 20:53:44
(2 months ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
rtbh.com.tr
2024-10-18 08:53:45
(2 months ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
rtbh.com.tr
2024-10-17 20:53:44
(2 months ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
Malta
2024-10-17 00:15:59
(3 months ago)
50.114.159.195 - - [17/Oct/2024:02:15:59 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows ... show more 50.114.159.195 - - [17/Oct/2024:02:15:59 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.109 Safari/537.36" show less
Hacking
Web App Attack
TPI-Abuse
2024-10-16 01:29:55
(3 months ago)
(mod_security) mod_security (id:240335) triggered by 50.114.159.195 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 50.114.159.195 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 15 21:29:49.557546 2024] [security2:error] [pid 29046:tid 29452] [client 50.114.159.195:23245] [client 50.114.159.195] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 50.114.159.195 (+1 hits since last alert)|www.sparkhypnotherapy.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.sparkhypnotherapy.com"] [uri "/xmlrpc.php"] [unique_id "Zw8XDdvUX3DBkUbajmdOKgAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-10-16 01:01:35
(3 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
FeG Deutschland
2024-10-14 02:58:02
(3 months ago)
Looking for CMS/PHP/SQL vulnerablilities - 13
Exploited Host
Web App Attack
TPI-Abuse
2024-10-14 01:39:23
(3 months ago)
(mod_security) mod_security (id:240335) triggered by 50.114.159.195 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 50.114.159.195 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 13 21:39:17.120895 2024] [security2:error] [pid 26735:tid 26735] [client 50.114.159.195:15739] [client 50.114.159.195] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 50.114.159.195 (+1 hits since last alert)|www.abundancecompany.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.abundancecompany.com"] [uri "/xmlrpc.php"] [unique_id "Zwx2RezG0HPX5MiI-ulp2QAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-13 15:57:48
(3 months ago)
(mod_security) mod_security (id:240335) triggered by 50.114.159.195 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 50.114.159.195 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 13 11:57:45.071357 2024] [security2:error] [pid 30889:tid 30889] [client 50.114.159.195:10825] [client 50.114.159.195] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 50.114.159.195 (+1 hits since last alert)|www.sbeii.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.sbeii.com"] [uri "/xmlrpc.php"] [unique_id "Zwvt-QRWrON6O2tSMtPucAAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
Marc
2024-10-12 03:38:25
(3 months ago)
Brute-Force
SCHAPPY
2024-10-10 21:38:36
(3 months ago)
Mutliple attempts to access forbidden web resources, HTTP code 403.
Web App Attack
SpaceHost-Server
2024-10-10 13:11:00
(3 months ago)
50.114.159.195 - - [10/Oct/2024:15:10:45 +0200] "POST /xmlrpc.php HTTP/1.1" 200 1143 "-" "Mozilla/5. ... show more 50.114.159.195 - - [10/Oct/2024:15:10:45 +0200] "POST /xmlrpc.php HTTP/1.1" 200 1143 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.138 Safari/537.36"
50.114.159.195 - - [10/Oct/2024:15:10:49 +0200] "POST /xmlrpc.php HTTP/1.1" 200 1143 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.138 Safari/537.36"
50.114.159.195 - - [10/Oct/2024:15:10:59 +0200] "POST /xmlrpc.php HTTP/1.1" 200 1143 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.6613.138 Safari/537.36" show less
Hacking
Web App Attack