Anonymous
2024-09-01 16:19:40
(1 week ago)
Malicious activity detected
Hacking
Brute-Force
Anonymous
2024-08-28 16:30:17
(1 week ago)
Failed login attempt detected by Fail2Ban in plesk-modsecurity jail
Exploited Host
Rizzy
2024-08-28 09:34:59
(1 week ago)
Multiple WAF Violations
Brute-Force
Web App Attack
MAGIC
2024-08-28 05:05:58
(1 week ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Rizzy
2024-08-26 23:52:10
(1 week ago)
Multiple WAF Violations
Brute-Force
Web App Attack
TPI-Abuse
2024-08-25 08:01:34
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 108.165.237.164 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 108.165.237.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 25 04:01:28.335981 2024] [security2:error] [pid 201915:tid 201915] [client 108.165.237.164:54226] [client 108.165.237.164] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.rivervalleyhome.com|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.rivervalleyhome.com"] [uri "/CookieAuth.dll"] [unique_id "Zsrk2Caa8gQ8MwrO4gkY6AAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack
Rizzy
2024-08-24 21:19:55
(2 weeks ago)
Multiple WAF Violations
Brute-Force
Web App Attack
TPI-Abuse
2024-08-24 07:47:39
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 108.165.237.164 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 108.165.237.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 24 03:47:35.381528 2024] [security2:error] [pid 8377:tid 8377] [client 108.165.237.164:57474] [client 108.165.237.164] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.organizeit.biz|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.organizeit.biz"] [uri "/CookieAuth.dll"] [unique_id "ZsmQF681qZQyRagsrUL50AAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-08-23 23:06:07
(2 weeks ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TPI-Abuse
2024-08-23 22:17:02
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 108.165.237.164 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 108.165.237.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 23 18:16:57.101648 2024] [security2:error] [pid 9955:tid 9955] [client 108.165.237.164:62793] [client 108.165.237.164] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.lisalehmann.com|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.lisalehmann.com"] [uri "/CookieAuth.dll"] [unique_id "ZskKWZlOseuMewdIcdxgWwAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-23 22:06:56
(2 weeks ago)
(mod_security) mod_security triggered on hostname [redacted] 108.165.237.164 (US/United States/-)
SQL Injection
TPI-Abuse
2024-08-23 20:32:25
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 108.165.237.164 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 108.165.237.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 23 16:32:16.908275 2024] [security2:error] [pid 30392:tid 30392] [client 108.165.237.164:53503] [client 108.165.237.164] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.quickwink.com|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.quickwink.com"] [uri "/CookieAuth.dll"] [unique_id "Zsjx0K55NSjFK8yOhb4K0QAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Smel
2024-08-23 11:37:01
(2 weeks ago)
HTTP/80/443/8080 Unauthorized Probe, Hack -
Hacking
Web App Attack
Anonymous
2024-08-23 10:55:25
(2 weeks ago)
SuspiciousC Activity detected by FMBAD System 2024-08-23 13:55:24
Hacking
Bad Web Bot
Web App Attack
geot
2024-08-22 13:43:42
(2 weeks ago)
GET /contact HTTP/1.1
Web App Attack