rdpguard.com
2024-10-18 02:03:03
(3 weeks ago)
RdpGuard detected brute-force attempt on HTTP
Brute-Force
Charles
2024-10-10 17:09:28
(1 month ago)
112.193.255.175 - - [11/Oct/2024:01:08:20 +0800] "GET /database.sql.gz HTTP/1.1" 404 2110 "-" "Mozil ... show more 112.193.255.175 - - [11/Oct/2024:01:08:20 +0800] "GET /database.sql.gz HTTP/1.1" 404 2110 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
... show less
Web Spam
Email Spam
Brute-Force
Bad Web Bot
Web App Attack
SSH
TPI-Abuse
2024-10-05 08:20:51
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 05 04:19:04.172967 2024] [security2:error] [pid 18019:tid 18019] [client 112.193.255.175:44339] [client 112.193.255.175] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.mosherpit.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.mosherpit.com"] [uri "/auth.sql"] [unique_id "ZwD2eCe10IvkSgN4OB6MQwAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-05 02:25:15
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 04 22:22:44.412924 2024] [security2:error] [pid 700:tid 700] [client 112.193.255.175:43726] [client 112.193.255.175] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.wassusa.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.wassusa.com"] [uri "/database.sql"] [unique_id "ZwCi9IKQEb2x_pVTDUzh6gAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-04 00:11:43
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 03 20:10:11.918232 2024] [security2:error] [pid 20710:tid 20710] [client 112.193.255.175:43800] [client 112.193.255.175] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.hondaekamotor.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.hondaekamotor.com"] [uri "/db.sql"] [unique_id "Zv8yY6XmIkEcckRtNikeYwAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-03 14:53:36
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 03 10:50:45.830046 2024] [security2:error] [pid 3855:tid 3855] [client 112.193.255.175:43991] [client 112.193.255.175] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||www.paulburns.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.paulburns.com"] [uri "/members.sql"] [unique_id "Zv6vRUong7ywx55BvDnWyQAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-02 23:52:06
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 02 19:50:52.258074 2024] [security2:error] [pid 22469:tid 22469] [client 112.193.255.175:43012] [client 112.193.255.175] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.bobbyunser.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.bobbyunser.com"] [uri "/2023.sql"] [unique_id "Zv3cXLSzAidWrnjgvhrlmAAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-02 12:56:17
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 02 08:54:46.919730 2024] [security2:error] [pid 22814:tid 22814] [client 112.193.255.175:43374] [client 112.193.255.175] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.adj-tech.net|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.adj-tech.net"] [uri "/aspx.bak"] [unique_id "Zv1Clj4Cs6GWbu1bJaaElgAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-01 21:10:34
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 01 17:09:16.057536 2024] [security2:error] [pid 18062:tid 18062] [client 112.193.255.175:43037] [client 112.193.255.175] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.femalegamblers.org|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.femalegamblers.org"] [uri "/js.sql"] [unique_id "Zvxk_EpnU2C7b-uNTuX8uAAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-01 11:51:59
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 01 07:50:13.371160 2024] [security2:error] [pid 19422:tid 19422] [client 112.193.255.175:44325] [client 112.193.255.175] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.studiopilates.net|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.studiopilates.net"] [uri "/studiopilatesnet.sql"] [unique_id "Zvvh9SfMsT7wOsdzLj2HuwAAACQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-28 04:43:00
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 28 00:41:34.536962 2024] [security2:error] [pid 27196:tid 27196] [client 112.193.255.175:13052] [client 112.193.255.175] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.thorndikestudio.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.thorndikestudio.com"] [uri "/users.sql"] [unique_id "ZveI_u-Od6iQmqkn0AoH9wAAACA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-27 08:08:23
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 27 04:05:34.245935 2024] [security2:error] [pid 31415:tid 31415] [client 112.193.255.175:12675] [client 112.193.255.175] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.willowcreekretreathouse.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.willowcreekretreathouse.com"] [uri "/dump.sql"] [unique_id "ZvZnTq28cP91zscKD9pljgAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
RAP
2024-09-20 08:59:44
(1 month ago)
2024-09-20 08:59:44 UTC Unauthorized activity to TCP port 23. Telnet
Port Scan
TPI-Abuse
2024-09-17 12:53:05
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 17 08:51:38.730695 2024] [security2:error] [pid 27009:tid 27009] [client 112.193.255.175:35262] [client 112.193.255.175] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||www.gescosigns.com|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.gescosigns.com"] [uri "/log.bak"] [unique_id "Zul7WgATznqiBrpTcy2b2wAAABc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-16 00:55:06
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 112.193.255.175 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 15 20:54:19.874731 2024] [security2:error] [pid 14098:tid 14098] [client 112.193.255.175:35940] [client 112.193.255.175] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.catholicshopper.com|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.catholicshopper.com"] [uri "/dump.bak"] [unique_id "ZueBu5iJPEIoLXATLC-B7AAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack