oncord
2024-08-19 14:57:04
(3 weeks ago)
Form spam
Web Spam
Yawning Angel
2024-08-19 12:51:43
(3 weeks ago)
logdesc=SSL VPN login fail user=gstinson remip=80.78.27.66 reason=sslvpn_login_permission_denied
Hacking
Brute-Force
Anonymous
2024-08-18 16:04:08
(3 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
oncord
2024-08-18 10:03:48
(3 weeks ago)
Form spam
Web Spam
Anonymous
2024-08-18 05:08:40
(3 weeks ago)
Action: Block, Reason: DDOS attack detected
DDoS Attack
adnscom.net
2024-08-18 01:44:53
(3 weeks ago)
IPS trigger: Brute force WebApp/CMS scanning/attack
Brute-Force
Web App Attack
TPI-Abuse
2024-08-17 13:54:14
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 80.78.27.66 (504e1b42.host.njalla.net): 1 in th ... show more (mod_security) mod_security (id:210492) triggered by 80.78.27.66 (504e1b42.host.njalla.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 17 09:54:11.127231 2024] [security2:error] [pid 20910:tid 20989] [client 80.78.27.66:44102] [client 80.78.27.66] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bortec-corp.com"] [uri "/wp-config.php.bak"] [unique_id "ZsCrg0D_yBYXp-tnIEc1tAAAAMw"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-08-17 04:03:45
(3 weeks ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Anonymous
2024-08-17 03:35:44
(3 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-08-16 04:49:12
(4 weeks ago)
(mod_security) mod_security (id:210730) triggered by 80.78.27.66 (504e1b42.host.njalla.net): 1 in th ... show more (mod_security) mod_security (id:210730) triggered by 80.78.27.66 (504e1b42.host.njalla.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 16 00:49:05.551795 2024] [security2:error] [pid 21904:tid 21904] [client 80.78.27.66:40072] [client 80.78.27.66] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||247.fishing|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "247.fishing"] [uri "/wp-config-sample.php.bak"] [unique_id "Zr7aQbOVtkUJeORAufIUXQAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
stinpriza
2024-08-15 18:07:14
(4 weeks ago)
Drupal Authentication failure
Brute-Force
Web App Attack
HoneyPotEu
2024-08-15 09:58:09
(4 weeks ago)
80.78.27.66 [redacted] (39287-ab stract Sweden -) - - [15/Aug/2024:11:58:00 +0200] "GET /wp-config.p ... show more 80.78.27.66 [redacted] (39287-ab stract Sweden -) - - [15/Aug/2024:11:58:00 +0200] "GET /wp-config.php.txt HTTP/1.1" 404 55283 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, lik
... show less
Bad Web Bot
Web App Attack
Malta
2024-08-15 05:44:31
(4 weeks ago)
80.78.27.66 - - [15/Aug/2024:07:44:30 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; In ... show more 80.78.27.66 - - [15/Aug/2024:07:44:30 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36"
Brute-force password attempt
Using a TOR Exit node show less
Open Proxy
Hacking
Brute-Force
Web App Attack
TPI-Abuse
2024-08-14 13:42:37
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 80.78.27.66 (504e1b42.host.njalla.net): 1 in th ... show more (mod_security) mod_security (id:210492) triggered by 80.78.27.66 (504e1b42.host.njalla.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 14 09:42:31.388373 2024] [security2:error] [pid 32083:tid 32083] [client 80.78.27.66:46274] [client 80.78.27.66] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.imageries.net"] [uri "/.git/config"] [unique_id "Zry0Rx2eyHJ4dr4yNj_0-wAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-13 14:40:32
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 80.78.27.66 (504e1b42.host.njalla.net): 1 in th ... show more (mod_security) mod_security (id:210492) triggered by 80.78.27.66 (504e1b42.host.njalla.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 13 10:40:24.850563 2024] [security2:error] [pid 29687:tid 29687] [client 80.78.27.66:52002] [client 80.78.27.66] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "calvarycavaliers.org"] [uri "/wp-config.php.backup.txt"] [unique_id "ZrtwWPk2r3j662speTEfxwAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack