TPI-Abuse
2024-12-18 06:19:16
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 109.245.175.139 (net139-175-245-109.dynamic.mbb ... show more (mod_security) mod_security (id:210730) triggered by 109.245.175.139 (net139-175-245-109.dynamic.mbb.yettel.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 18 01:19:11.357128 2024] [security2:error] [pid 10740:tid 10740] [client 109.245.175.139:7041] [client 109.245.175.139] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||engine-watch.com|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "engine-watch.com"] [uri "/b2-include/xmlrpc.inc"] [unique_id "Z2JpX9nQTZXQKjirF5w8VQAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-16 12:59:18
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 109.245.175.139 (net139-175-245-109.dynamic.mbb ... show more (mod_security) mod_security (id:210730) triggered by 109.245.175.139 (net139-175-245-109.dynamic.mbb.yettel.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 16 07:59:15.750006 2024] [security2:error] [pid 1019:tid 1019] [client 109.245.175.139:14904] [client 109.245.175.139] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||amp712.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "amp712.com"] [uri "/wp-content/debug.log"] [unique_id "Z2AkI0UxdAp7X3x-S51ZMgAAAAU"], referer: https://amp712.com show less
Brute-Force
Bad Web Bot
Web App Attack
Progetto1
2024-12-15 20:08:03
(1 month ago)
Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
BlueWire Hosting
2024-12-14 21:10:06
(1 month ago)
Detected as a bad bot
Bad Web Bot
TPI-Abuse
2024-12-14 20:40:50
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 109.245.175.139 (net139-175-245-109.dynamic.mbb ... show more (mod_security) mod_security (id:210730) triggered by 109.245.175.139 (net139-175-245-109.dynamic.mbb.yettel.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 14 15:40:45.048079 2024] [security2:error] [pid 19860:tid 19860] [client 109.245.175.139:11904] [client 109.245.175.139] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.americanureport.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.americanureport.com"] [uri "/wp-content/debug.log"] [unique_id "Z13tTWAfzqU0g9T2_uE6jQAAAA4"], referer: http://www.americanureport.com show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-14 05:08:49
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 109.245.175.139 (net139-175-245-109.dynamic.mbb ... show more (mod_security) mod_security (id:210730) triggered by 109.245.175.139 (net139-175-245-109.dynamic.mbb.yettel.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 14 00:08:45.340699 2024] [security2:error] [pid 20456:tid 20456] [client 109.245.175.139:10392] [client 109.245.175.139] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.americanexportimport.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.americanexportimport.com"] [uri "/wp-content/debug.log"] [unique_id "Z10S3T5h9bVu9bqgu027NQAAAAk"], referer: http://www.americanexportimport.com show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-14 02:23:17
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 109.245.175.139 (net139-175-245-109.dynamic.mbb ... show more (mod_security) mod_security (id:210730) triggered by 109.245.175.139 (net139-175-245-109.dynamic.mbb.yettel.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 13 21:23:14.059472 2024] [security2:error] [pid 7212:tid 7235] [client 109.245.175.139:5834] [client 109.245.175.139] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||earthlink-internet.com|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "earthlink-internet.com"] [uri "/b2-include/xmlrpc.inc"] [unique_id "Z1zsEqBkZVt7A2opAQIm0wAAAJE"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-12-13 22:05:06
(1 month ago)
(apache-useragents) Failed apache-useragents trigger with match [python-requests/2.25.1] from 109.24 ... show more (apache-useragents) Failed apache-useragents trigger with match [python-requests/2.25.1] from 109.245.175.139 (RS/Serbia/net139-175-245-109.dynamic.mbb.yettel.rs): 5 in the last 300 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 109.245.175.139 - - [13/Dec/2024:23:04:37 +0100] "GET / HTTP/1.1" 301 477 "-" "python-requests/2.25.1"
109.245.175.139 - - [13/Dec/2024:23:04:41 +0100] "GET / HTTP/1.1" 200 42387 "-" "python-requests/2.25.1"
109.245.175.139 - - [13/Dec/2024:23:04:51 +0100] "GET / HTTP/1.1" 200 42387 "-" "python-requests/2.25.1"
109.245.175.139 - - [13/Dec/2024:23:04:58 +0100] "GET / HTTP/1.1" 301 485 "-" "python-requests/2.25.1"
109.245.175.139 - - [13/Dec/2024:23:05:01 +0100] "GET / HTTP/1.1" 301 3459 "-" "python-requests/2.25.1" show less
Port Scan
Anonymous
2024-12-13 18:51:18
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-12-13 12:29:16
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 109.245.175.139 (net139-175-245-109.dynamic.mbb ... show more (mod_security) mod_security (id:210730) triggered by 109.245.175.139 (net139-175-245-109.dynamic.mbb.yettel.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 13 07:29:10.202482 2024] [security2:error] [pid 21476:tid 21592] [client 109.245.175.139:13709] [client 109.245.175.139] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.duplexgoldmine.com|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.duplexgoldmine.com"] [uri "/b2-include/xmlrpc.inc"] [unique_id "Z1wolpZ9KLSxNYg8sOxT9wAAAQ4"] show less
Brute-Force
Bad Web Bot
Web App Attack
mnsf
2024-12-13 10:03:07
(1 month ago)
Too many Status 40X (15)
Brute-Force
Web App Attack
Anonymous
2024-12-12 17:17:12
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-12-12 14:14:06
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_MODSEC
Brute-Force
SSH
TPI-Abuse
2024-12-12 09:39:43
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 109.245.175.139 (net139-175-245-109.dynamic.mbb ... show more (mod_security) mod_security (id:210730) triggered by 109.245.175.139 (net139-175-245-109.dynamic.mbb.yettel.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 12 04:39:38.633287 2024] [security2:error] [pid 27043:tid 27043] [client 109.245.175.139:6994] [client 109.245.175.139] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.drayvian.com|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.drayvian.com"] [uri "/b2-include/xmlrpc.inc"] [unique_id "Z1qvWvW_2ZUYbOc38A4kmQAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-12 05:52:41
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 109.245.175.139 (net139-175-245-109.dynamic.mbb ... show more (mod_security) mod_security (id:210730) triggered by 109.245.175.139 (net139-175-245-109.dynamic.mbb.yettel.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 12 00:52:34.240764 2024] [security2:error] [pid 7017:tid 7017] [client 109.245.175.139:10871] [client 109.245.175.139] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dougrhodes.com|F|2"] [data ".inc"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.dougrhodes.com"] [uri "/b2-include/xmlrpc.inc"] [unique_id "Z1p6Ikr3pvaWezNRq2xIkgAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack