|
๐จ๐ญ
Elysium Security
|
|
Mass scanning for Web CVE
|
Web App Attack
|
|
|
๐จ๐ญ
SOC [GOLINE SA]
|
|
FortiGate detected DOS attack from IPv4 address 62.233.53.144
|
DDoS Attack
|
|
|
๐ฉ๐ช
Globol1312
|
|
several vulnerability scans
|
Port Scan
Brute-Force
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:243930) triggered by 62.233.53.144 (62-233-53-144.netherlands-2.vps. ...
show more
(mod_security) mod_security (id:243930) triggered by 62.233.53.144 (62-233-53-144.netherlands-2.vps.ac): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 02 02:20:24.070968 2025] [security2:error] [pid 27847:tid 27847] [client 62.233.53.144:33592] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^(?:\\\\w+\\\\/[\\\\w\\\\-\\\\.]+)(?:;(?:charset=[\\\\w\\\\-]{1,18}|boundary=[\\\\w\\\\-]+)?)?$" against "REQUEST_HEADERS:Content-Type" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "6743"] [id "243930"] [rev "2"] [msg "COMODO WAF: Remote code execution in Apache Struts versions 2.3.31 - 2.3.5 and 2.5 - 2.5.10 (CVE-2017-5638)||mail.goalsnet.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mail.goalsnet.net"] [uri "/"] [unique_id "aGTPqCjSWBwjTRIiHvItPAAAAAc"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:211190) triggered by 62.233.53.144 (62-233-53-144.netherlands-2.vps. ...
show more
(mod_security) mod_security (id:211190) triggered by 62.233.53.144 (62-233-53-144.netherlands-2.vps.ac): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 02 02:04:29.484083 2025] [security2:error] [pid 11000:tid 11000] [client 62.233.53.144:36228] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||mail.ggaccounting.services|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/localize-my-post/ajax/include.php?file=../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.ggaccounting.services"] [uri "/wp-content/plugins/localize-my-post/ajax/include.php"] [unique_id "aGTL7bO0a4LZcScdsA7hWwAAAAs"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
Anonymous
|
|
Multiple web server 400 error codes from same source ip
|
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:248270) triggered by 62.233.53.144 (62-233-53-144.netherlands-2.vps. ...
show more
(mod_security) mod_security (id:248270) triggered by 62.233.53.144 (62-233-53-144.netherlands-2.vps.ac): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 02 00:32:36.153513 2025] [security2:error] [pid 27911:tid 27911] [client 62.233.53.144:46712] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\$\\\\{jndi:(ldaps?|rmi|dns|iiop|nis|nds|corba|\\\\$\\\\{(?:lower|upper)):" at REQUEST_HEADERS:Cookie. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "7626"] [id "248270"] [rev "1"] [msg "COMODO WAF: Remote code execution in Apache log4j||mail.evolute.io|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mail.evolute.io"] [uri "/webtools/control/main"] [unique_id "aGS2ZFQfceHLHrCvhrf_cwAAAAA"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐ฎ๐น
VHosting
|
|
Detected WordPress attack from 4 different servers
|
Brute-Force
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:240950) triggered by 62.233.53.144 (62-233-53-144.netherlands-2.vps. ...
show more
(mod_security) mod_security (id:240950) triggered by 62.233.53.144 (62-233-53-144.netherlands-2.vps.ac): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 01 23:15:59.262529 2025] [security2:error] [pid 16340:tid 16356] [client 62.233.53.144:49686] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)||mail.dubarch.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mail.dubarch.com"] [uri "/_users/org.couchdb.user:poc"] [unique_id "aGSkb2WfsDS08dX1KBYakgAAAI0"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
Anonymous
|
|
Malicious activity detected
|
Hacking
Brute-Force
|
|
|
๐ซ๐ฎ
paissangroup
|
|
Multiple WAF Violations
|
Web App Attack
|
|