psauxit
2024-05-17 00:35:53
(6 months ago)
Fail2Ban - NGINX bad requests 400-401-403-404-444, high level vulnerability scanning, commonly xmlrp ... show more Fail2Ban - NGINX bad requests 400-401-403-404-444, high level vulnerability scanning, commonly xmlrpc_attack, wp-login brute force, excessive crawling/scraping show less
Hacking
Web App Attack
NxtGenIT
2024-05-16 15:04:05
(6 months ago)
79.124.8.241 has been observed attacking Port 1812. Observed Threat: RADIUS Login Brute Force Attemp ... show more 79.124.8.241 has been observed attacking Port 1812. Observed Threat: RADIUS Login Brute Force Attempt show less
Brute-Force
TPI-Abuse
2024-05-16 05:26:03
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 79.124.8.241 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 79.124.8.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 16 01:25:59.880123 2024] [security2:error] [pid 1578609] [client 79.124.8.241:50146] [client 79.124.8.241] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||daebakdesign.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "daebakdesign.com"] [uri "/sign.sql"] [unique_id "ZkWY550u3YUlb693Mi4g8QAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
lp
2024-05-12 13:57:03
(7 months ago)
Unauthorized VPN login attempts: 1 attempts were recorded from 79.124.8.241
2024-05-12T15:21:2 ... show more Unauthorized VPN login attempts: 1 attempts were recorded from 79.124.8.241
2024-05-12T15:21:20+02:00 vpn Access-Reject 'araadmin' station: 79.124.8.241 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' show less
Brute-Force
Web App Attack
TPI-Abuse
2024-05-11 23:12:21
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 79.124.8.241 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 79.124.8.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 11 19:12:14.185085 2024] [security2:error] [pid 32726] [client 79.124.8.241:43664] [client 79.124.8.241] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||dupagekanewildliferemoval.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dupagekanewildliferemoval.com"] [uri "/removal.sql"] [unique_id "Zj_7TsLOsAG7jdTGDfYGVwAAAB4"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-05-10 19:38:12
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 79.124.8.241 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 79.124.8.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 10 15:38:07.554455 2024] [security2:error] [pid 10812] [client 79.124.8.241:56358] [client 79.124.8.241] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||zabdisrl.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "zabdisrl.com"] [uri "/za.sql"] [unique_id "Zj53n8yPUIsPV8OPFiuYsgAAACQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
Dadelinux
2024-05-09 18:17:17
(7 months ago)
79.124.8.241 - - [09/May/2024:20:17:03 +0200] "POST /xmlrpc.php HTTP/1.1" 200 5505 "-" "Mozilla/5.0 ... show more 79.124.8.241 - - [09/May/2024:20:17:03 +0200] "POST /xmlrpc.php HTTP/1.1" 200 5505 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
79.124.8.241 - - [09/May/2024:20:17:11 +0200] "POST /xmlrpc.php HTTP/1.1" 200 5507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"
79.124.8.241 - - [09/May/2024:20:17:14 +0200] "POST /xmlrpc.php HTTP/1.1" 200 5507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" show less
SQL Injection
Web App Attack
TPI-Abuse
2024-05-09 07:35:45
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 79.124.8.241 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 79.124.8.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 09 03:35:38.944788 2024] [security2:error] [pid 15275] [client 79.124.8.241:57164] [client 79.124.8.241] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||hawkeyestategolf.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "hawkeyestategolf.com"] [uri "/hawkeyest.sql"] [unique_id "Zjx8ym1ays-B0gQ4ajdvdQAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-05-08 09:15:11
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 79.124.8.241 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 79.124.8.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 08 05:15:06.070810 2024] [security2:error] [pid 14293] [client 79.124.8.241:56978] [client 79.124.8.241] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kaldaragroup.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kaldaragroup.com"] [uri "/.sql"] [unique_id "ZjtCmmSVz6xG0czOFf2vSgAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-05-07 19:14:03
(7 months ago)
May 7 21:14:02 mx1 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<*** ... show more May 7 21:14:02 mx1 dovecot: imap-login: Disconnected (auth failed, 1 attempts in 2 secs): user=<***@***.de>, method=PLAIN, rip=79.124.8.241, lip=[***], TLS, session=<SNcF/eEXqttPfAjx> show less
Brute-Force
lp
2024-05-06 13:56:26
(7 months ago)
Unauthorized VPN login attempts: 1 attempts were recorded from 79.124.8.241
2024-05-06T15:19:1 ... show more Unauthorized VPN login attempts: 1 attempts were recorded from 79.124.8.241
2024-05-06T15:19:17+02:00 vpn Access-Reject '[email protected] ' station: 79.124.8.241 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' show less
Brute-Force
Web App Attack
TPI-Abuse
2024-05-06 11:31:10
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 79.124.8.241 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 79.124.8.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 06 07:31:02.055326 2024] [security2:error] [pid 1652898] [client 79.124.8.241:40770] [client 79.124.8.241] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ohanameetup.party|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ohanameetup.party"] [uri "/ohanameetu.sql"] [unique_id "Zji_diPzSupmvNITmrshzwAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
Dark0547
2024-05-05 21:55:06
(7 months ago)
[2024-05-05 21:54:57.629679] SSH/2222 Unautorized connection. Suspicious SSH Brute-force.
Port Scan
Hacking
Brute-Force
Exploited Host
SSH
lp
2024-05-03 19:56:11
(7 months ago)
Unauthorized VPN login attempts: 1 attempts were recorded from 79.124.8.241
2024-05-03T19:27:1 ... show more Unauthorized VPN login attempts: 1 attempts were recorded from 79.124.8.241
2024-05-03T19:27:16+02:00 vpn Access-Reject '[email protected] ' station: 79.124.8.241 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' show less
Brute-Force
Web App Attack
TPI-Abuse
2024-05-03 14:53:20
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 79.124.8.241 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 79.124.8.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 03 10:53:14.544955 2024] [security2:error] [pid 1364614:tid 47614607898368] [client 79.124.8.241:49562] [client 79.124.8.241] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||whatismetamodern.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "whatismetamodern.com"] [uri "/whati.sql"] [unique_id "ZjT6Wh9Bbta_zUnEwvdrnwAAAQw"] show less
Brute-Force
Bad Web Bot
Web App Attack