|
πΊπΈ
TheMadBeaker
|
|
Fail2Ban Ban Triggered
Wordpress Attack Attempt
|
Brute-Force
Web App Attack
|
|
|
Anonymous
|
|
Typically sends a set of test URLs and if one of them responds, the hacker starts an attack script.
|
Web App Attack
|
|
|
π¦πΊ
MAGIC
|
|
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|
|
π¦πΊ
MAGIC
|
|
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|
|
πΊπΈ
rayxis.com
|
|
[Sat Jun 29 21:15:26.374641 2024] [proxy_fcgi:error] [pid 304262:tid 304380] [client 74.208.2.232:55 ...
show more
[Sat Jun 29 21:15:26.374641 2024] [proxy_fcgi:error] [pid 304262:tid 304380] [client 74.208.2.232:55141] AH01071: Got error 'Primary script unknown'
...
show less
|
Bad Web Bot
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 74.208.2.232 (crawlga159.1and1.org): 1 in the l ...
show more
(mod_security) mod_security (id:210730) triggered by 74.208.2.232 (crawlga159.1and1.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 12 07:57:11.429149 2024] [security2:error] [pid 30234] [client 74.208.2.232:50809] [client 74.208.2.232] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||dgereviews.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dgereviews.com"] [uri "/dge/demandgenerationengine.com"] [unique_id "ZkCul1L6qsAlYxitv_f0cwAAAAw"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 74.208.2.232 (crawlga159.1and1.org): 1 in the l ...
show more
(mod_security) mod_security (id:210730) triggered by 74.208.2.232 (crawlga159.1and1.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 09 23:51:21.616476 2024] [security2:error] [pid 19011] [client 74.208.2.232:43883] [client 74.208.2.232] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||nccb.org|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nccb.org"] [uri "/theunion.com"] [unique_id "ZhYMuRC8S7d_gG4r-DSVZgAAAAA"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 74.208.2.232 (crawlga159.1and1.org): 1 in the l ...
show more
(mod_security) mod_security (id:210730) triggered by 74.208.2.232 (crawlga159.1and1.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 01 23:03:30.488021 2024] [security2:error] [pid 17765] [client 74.208.2.232:52521] [client 74.208.2.232] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||f4fbbs.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "f4fbbs.com"] [uri "/54-snake.com"] [unique_id "ZeKlEkZJxFUfepOE-5NRtQAAABc"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 74.208.2.232 (crawlga159.1and1.org): 1 in the l ...
show more
(mod_security) mod_security (id:210730) triggered by 74.208.2.232 (crawlga159.1and1.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 13 19:58:02.281455 2024] [security2:error] [pid 18561] [client 74.208.2.232:53199] [client 74.208.2.232] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.chicagowca.com|F|2"] [data ".artadvice.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.chicagowca.com"] [uri "/www.artadvice.com"] [unique_id "ZcwQGks73g_Ac0PyNtGqqwAAAAo"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
πΊπΈ
rayxis.com
|
|
[Sun Feb 11 22:54:48.378785 2024] [proxy_fcgi:error] [pid 940307:tid 940454] [client 74.208.2.232:36 ...
show more
[Sun Feb 11 22:54:48.378785 2024] [proxy_fcgi:error] [pid 940307:tid 940454] [client 74.208.2.232:36769] AH01071: Got error 'Primary script unknown'
...
show less
|
Bad Web Bot
Web App Attack
|
|
|
π©πͺ
conseilgouz
|
|
vew-Joomla User : try to access forms...
|
Hacking
|
|
|
πΈπ¬
mypatricks
|
|
74.208.2.232 | Port: 29860 | DNS: crawlga159.1and1.org 2023-07-31T13:48:13+08:00 Asia/Singapore | Un ...
show more
74.208.2.232 | Port: 29860 | DNS: crawlga159.1and1.org 2023-07-31T13:48:13+08:00 Asia/Singapore | Un-authorized bots or crawlers | UA: IonCrawl (https://www.ionos.de/terms-gtc/faq-crawler-en/) HTTP/1.1 443 GET | URL: /wp-sitemap.xml | Ref: - | Country: US/United States/-08:00 IP City: 7ef38d109a3ae909-DFW/Dallas, TX, United States 1 hits/0 secs Robots 0
show less
|
Web Spam
Blog Spam
Brute-Force
Exploited Host
Web App Attack
|
|
|
Anonymous
|
|
|
Web Spam
Email Spam
Blog Spam
Bad Web Bot
Web App Attack
|
|
|
Anonymous
|
|
[Drupal AbuseIPDB module] Request path is blacklisted. /wp-admin/admin-ajax.php
|
Web App Attack
|
|
|
πΊπΈ
GCS
|
|
/wp-admin/admin-ajax.php
|
Hacking
|
|