ds6.net
2024-11-21 03:47:44
(1 week ago)
Blocked by CSF Firewall. Reason: lfd: (mod_security) mod_security (id:210492) triggered by 85.192.28 ... show more Blocked by CSF Firewall. Reason: lfd: (mod_security) mod_security (id:210492) triggered by 85.192.28.160 (DE/Germany/mixed-canvas-n1.aeza.network): 5 in the last 3600 secs - Sun Nov 10 09:50:16 2024 show less
Hacking
pusathosting.com
2024-11-11 09:00:06
(3 weeks ago)
2ds22 bruteforce
Brute-Force
Web App Attack
TPI-Abuse
2024-11-11 06:59:22
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 85.192.28.160 (mixed-canvas-n1.aeza.network): 1 ... show more (mod_security) mod_security (id:225170) triggered by 85.192.28.160 (mixed-canvas-n1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 01:59:17.079856 2024] [security2:error] [pid 8103:tid 8149] [client 85.192.28.160:60200] [client 85.192.28.160] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||words.xavidominguez.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "words.xavidominguez.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZzGrRYAdA9f0hSz7PG-ynwAAAEg"] show less
Brute-Force
Bad Web Bot
Web App Attack
nfsec.pl
2024-11-11 06:15:20
(3 weeks ago)
85.192.28.160 - - [11/Nov/2024:07:15:18 +0100] "GET /media/vendor/phpunit/phpunit/src/Util/PHP/eval- ... show more 85.192.28.160 - - [11/Nov/2024:07:15:18 +0100] "GET /media/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 88762 "-" "Mozilla/5.0 (X11; Ubuntu; 2916 ;Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0"
85.192.28.160 - - [11/Nov/2024:07:15:18 +0100] "POST /media/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 88747 "-" "Mozilla/5.0 (X11; Ubuntu; 2916 ;Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0"
85.192.28.160 - - [11/Nov/2024:07:15:19 +0100] "GET /media/vendor/phpunit/phpunit/src/Util/PHP/evil.php HTTP/1.1" 404 88876 "-" "Mozilla/5.0 (X11; Ubuntu; 2916 ;Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0"
85.192.28.160 - - [11/Nov/2024:07:15:19 +0100] "POST /media/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 88742 "-" "Mozilla/5.0 (X11; Ubuntu; 2916 ;Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0"
85.192.28.160 - - [11/Nov/2024:07:15:20 +0100] "GET /media/app/vendor/phpunit/phpunit/src/Util/PHP/evil.php HTTP/1.1" 404 88789 "-"
... show less
Exploited Host
Web App Attack
TPI-Abuse
2024-11-11 05:59:26
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 85.192.28.160 (mixed-canvas-n1.aeza.network): 1 ... show more (mod_security) mod_security (id:210492) triggered by 85.192.28.160 (mixed-canvas-n1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 00:59:21.195918 2024] [security2:error] [pid 29887:tid 29887] [client 85.192.28.160:60624] [client 85.192.28.160] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mavikalem.org"] [uri "/MYzoomsounds/"] [unique_id "ZzGdOQmzbK7WCfwXfKzVQAAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
CrystalMaker
2024-11-11 05:25:31
(3 weeks ago)
PHP vulnerability scan - GET /singlecrystal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php; POST ... show more PHP vulnerability scan - GET /singlecrystal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php; POST /singlecrystal/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php; GET /singlecrystal/vendor/phpunit/phpunit/src/Util/PHP/evil.php; GET /singlecrystal/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php; POST /singlecrystal/app/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php; GET /singlecrystal/app/vendor/phpunit/phpunit/src/Util/PHP/evil.php; GET /singlecrystal/.env show less
Web App Attack
David Gebler
2024-11-11 05:09:44
(3 weeks ago)
85.192.28.160 - - [11/Nov/2024:05:09:43 +0000] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin. ... show more 85.192.28.160 - - [11/Nov/2024:05:09:43 +0000] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 403 4029 "-" "Mozilla/5.0 (X11; Ubuntu; 2712 ;Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0" show less
Brute-Force
Web App Attack
URAN Publishing Service
2024-11-11 04:56:35
(3 weeks ago)
85.192.28.160 - - [11/Nov/2024:06:56:34 +0200] "GET /.env HTTP/1.1" 404 275 "-" "Mozilla/5.0 (X11; U ... show more 85.192.28.160 - - [11/Nov/2024:06:56:34 +0200] "GET /.env HTTP/1.1" 404 275 "-" "Mozilla/5.0 (X11; Ubuntu; 2946 ;Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0"
... show less
Web App Attack
TPI-Abuse
2024-11-11 03:34:40
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 85.192.28.160 (mixed-canvas-n1.aeza.network): 1 ... show more (mod_security) mod_security (id:210492) triggered by 85.192.28.160 (mixed-canvas-n1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 22:34:37.980169 2024] [security2:error] [pid 2767498:tid 2767498] [client 85.192.28.160:50930] [client 85.192.28.160] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "glezen.org"] [uri "/update/.env"] [unique_id "ZzF7TXkjwku7KRxRVykASQAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-11 01:51:23
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 85.192.28.160 (mixed-canvas-n1.aeza.network): 1 ... show more (mod_security) mod_security (id:210492) triggered by 85.192.28.160 (mixed-canvas-n1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 20:51:17.843656 2024] [security2:error] [pid 30357:tid 30357] [client 85.192.28.160:34114] [client 85.192.28.160] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nebraskaadaptivesports.org"] [uri "/.env"] [unique_id "ZzFjFYnIEg8ZOTEWJ9eDagAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
RoboSOC
2024-11-11 01:15:07
(3 weeks ago)
WordPress Site Editor Plugin Local File Inclusion Vulnerability , PTR: mixed-canvas-n1.aeza.network.
Hacking
4server
2024-11-11 01:05:26
(3 weeks ago)
[MonNov1102:05:22.6270712024][security2:error][pid41068:tid41111][client85.192.28.160:0][client85.19 ... show more [MonNov1102:05:22.6270712024][security2:error][pid41068:tid41111][client85.192.28.160:0][client85.192.28.160]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchedphrase\"wp-config.php\"atARGS:link.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"135\"][id\"344360\"][rev\"5\"][msg\"Atomicorp.comWAFRules:UnauthorizedOperatingSystemFileAccessAttempt\"][data\"MatchedData:wp-config.phpfoundwithinARGS:link:../../wp-config.php\"][severity\"CRITICAL\"][tag\"attack-lfi\"][hostname\"prstartup.ch\"][uri\"/MYzoomsounds/\"][unique_id\"ZzFYUt9XQCDIzCcsAziklwAAAA0\"][MonNov1102:05:22.7451472024][security2:error][pid41068:tid41111][client85.192.28.160:0][client85.192.28.160]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchedphrase\"wp-config.php\"atARGS:link.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"135\"][id\"344360\"][rev\"5\"][msg\"Atomicorp.comWAFRules:UnauthorizedOperatingSystemFileAccessAttempt\"][data\"MatchedData:wp-config.phpfoundwithinARGS:link:../../wp-config.php\"][sev show less
Port Scan
Brute-Force
Web App Attack
theEngineer
2024-11-11 00:37:29
(3 weeks ago)
[00:37:26] 4: Exploit attempt against non-existent file - //vendor/phpunit/phpunit/src/Util/PHP/eval ... show more [00:37:26] 4: Exploit attempt against non-existent file - //vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php show less
Hacking
Web App Attack
selahattinalan
2024-11-11 00:00:33
(3 weeks ago)
09/Nov/2024:18:36:25 +030085.192.28.160 - - [11/Nov/2024:03:00:32 +0300] "GET /xmlrpc.php HTTP/1.1" ... show more 09/Nov/2024:18:36:25 +030085.192.28.160 - - [11/Nov/2024:03:00:32 +0300] "GET /xmlrpc.php HTTP/1.1" 405 299 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" show less
Brute-Force
TPI-Abuse
2024-11-10 22:00:20
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 85.192.28.160 (mixed-canvas-n1.aeza.network): 1 ... show more (mod_security) mod_security (id:210492) triggered by 85.192.28.160 (mixed-canvas-n1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 17:00:15.816694 2024] [security2:error] [pid 27600:tid 27600] [client 85.192.28.160:49304] [client 85.192.28.160] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.doctoredwinalvarez.com"] [uri "/.env"] [unique_id "ZzEs79a7qv_2WDy0SjrgSQAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack