π²πΎ
Rizzy
2024-08-16 13:50:40
(1 year ago)
Multiple WAF Violations
Brute-Force
Web App Attack
π΅π±
nfsec.pl
2024-08-16 12:33:00
(1 year ago)
79.137.197.198 - - [16/Aug/2024:14:32:59 +0200] "GET /media/up.php HTTP/1.1" 404 24829 "-" "Mozilla/ ...
show more
79.137.197.198 - - [16/Aug/2024:14:32:59 +0200] "GET /media/up.php HTTP/1.1" 404 24829 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
79.137.197.198 - - [16/Aug/2024:14:32:59 +0200] "GET /media/uploader.php HTTP/1.1" 404 24916 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
79.137.197.198 - - [16/Aug/2024:14:32:59 +0200] "GET /media/upload.php HTTP/1.1" 404 24643 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
79.137.197.198 - - [16/Aug/2024:14:32:59 +0200] "GET /media/bypass.php HTTP/1.1" 404 24740 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
79.137.197.198 - - [16/Aug/2024:14:32:59 +0200] "GET /media/u.php HTTP/1.1" 404 24853 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like G
...
show less
Exploited Host
Web App Attack
πͺπΈ
el-brujo
2024-08-16 10:19:36
(1 year ago)
16/Aug/2024:12:19:35.526158 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ...
show more
16/Aug/2024:12:19:35.526158 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 79.137.197.198] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "178"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "812"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "elhacker.info"] [uri "/Cursos/node/1"] [unique_id "Zr8nt_ktAMsLnWH8jkwwXwAAJz8"]
...
show less
Hacking
Web App Attack
Anonymous
2024-08-16 09:56:27
(1 year ago)
2024/08/15 Large number of invalid logon attempts to admin portal
Brute-Force
Web App Attack
πΊπΈ
bigscoots.com
2024-08-16 08:45:06
(1 year ago)
(PERMBLOCK) 79.137.197.198 (NL/The Netherlands/cumbersome-number_n4.aeza.network) has had more than ...
show more
(PERMBLOCK) 79.137.197.198 (NL/The Netherlands/cumbersome-number_n4.aeza.network) has had more than 4 temp blocks in the last 86400 secs; Ports: *; Direction: 1; Trigger: LF_PERMBLOCK_COUNT; Logs:
show less
Brute-Force
SSH
πΊπΈ
TPI-Abuse
2024-08-16 07:56:00
(1 year ago)
(mod_security) mod_security (id:240000) triggered by 79.137.197.198 (cumbersome-number_n4.aeza.netwo ...
show more
(mod_security) mod_security (id:240000) triggered by 79.137.197.198 (cumbersome-number_n4.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 16 03:55:57.166929 2024] [security2:error] [pid 21893:tid 21893] [client 79.137.197.198:60750] [client 79.137.197.198] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||acmax.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "acmax.com"] [uri "/home/images/stories/evil.php"] [unique_id "Zr8GDZ9c_L3XTp9qTMejCAAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πͺπΈ
el-brujo
2024-08-16 07:54:26
(1 year ago)
16/Aug/2024:09:54:26.338396 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ...
show more
16/Aug/2024:09:54:26.338396 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 79.137.197.198] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "178"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "812"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "elhacker.info"] [uri "/Cursos/node/1"] [unique_id "Zr8FsnOXrgS8OhJRYIw5lgAAaxE"]
...
show less
Hacking
Web App Attack
πͺπΈ
el-brujo
2024-08-16 06:09:52
(1 year ago)
16/Aug/2024:08:09:51.440239 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ...
show more
16/Aug/2024:08:09:51.440239 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 79.137.197.198] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "178"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "812"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "elhacker.info"] [uri "/Cursos/node/1"] [unique_id "Zr7tL4JxM6MonX9fy0rQhQAALjU"]
...
show less
Hacking
Web App Attack
πΊπΈ
TPI-Abuse
2024-08-16 05:41:18
(1 year ago)
(mod_security) mod_security (id:234930) triggered by 79.137.197.198 (cumbersome-number_n4.aeza.netwo ...
show more
(mod_security) mod_security (id:234930) triggered by 79.137.197.198 (cumbersome-number_n4.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 16 01:41:09.832148 2024] [security2:error] [pid 15959:tid 15959] [client 79.137.197.198:59036] [client 79.137.197.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.ideaofauniversity.website|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.ideaofauniversity.website"] [uri "/uncategorized/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "Zr7mdSOGQVc-_wmbOBp5ywAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
stinpriza
2024-08-16 04:56:06
(1 year ago)
Drupal Authentication failure
Brute-Force
Web App Attack
π§πͺ
taivas.nl
2024-08-16 04:32:27
(1 year ago)
Many_bad_calls
Web App Attack
Anonymous
2024-08-16 04:26:50
(1 year ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
πͺπΈ
el-brujo
2024-08-16 03:31:39
(1 year ago)
16/Aug/2024:05:31:39.111500 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ...
show more
16/Aug/2024:05:31:39.111500 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 79.137.197.198] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "178"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "812"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "elhacker.info"] [uri "/Cursos/node/1"] [unique_id "Zr7IG0v180yhfh4PlkYbogAAEhw"]
...
show less
Hacking
Web App Attack
πͺπΈ
el-brujo
2024-08-16 01:39:58
(1 year ago)
16/Aug/2024:03:39:57.933983 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ...
show more
16/Aug/2024:03:39:57.933983 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 79.137.197.198] ModSecurity: Warning. Match of "rx ^0?$" against "REQUEST_HEADERS:Content-Length" required. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "178"] [id "920170"] [msg "GET or HEAD Request with Body Content"] [data "812"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [hostname "elhacker.info"] [uri "/Cursos/node/1"] [unique_id "Zr6t7SX4HEaQgA7WcVXrtQAAZjs"]
...
show less
Hacking
Web App Attack
πΊπΈ
TPI-Abuse
2024-08-16 01:22:54
(1 year ago)
(mod_security) mod_security (id:234930) triggered by 79.137.197.198 (cumbersome-number_n4.aeza.netwo ...
show more
(mod_security) mod_security (id:234930) triggered by 79.137.197.198 (cumbersome-number_n4.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 21:22:49.110979 2024] [security2:error] [pid 20953:tid 21000] [client 79.137.197.198:38668] [client 79.137.197.198] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||pref-realestate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "pref-realestate.com"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "Zr6p6TVldHt8TE2ejmTBywAAAQY"]
show less
Brute-Force
Bad Web Bot
Web App Attack