TPI-Abuse
2024-11-05 00:43:34
(2 months ago)
(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static ... show more (mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static.eastern-tele.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 04 19:43:31.304600 2024] [security2:error] [pid 2336:tid 2336] [client 120.89.41.98:65306] [client 120.89.41.98] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||emelecsrl.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "emelecsrl.com"] [uri "/images/stories/radio.php"] [unique_id "ZylqM6A2UdZ-NHnd7ROtswAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-04 20:33:02
(2 months ago)
Bot / scanning and/or hacking attempts: GET /wp-admin/about.php HTTP/1.1, GET /wp-admin/install.php ... show more Bot / scanning and/or hacking attempts: GET /wp-admin/about.php HTTP/1.1, GET /wp-admin/install.php HTTP/1.1, GET /mah.php HTTP/1.1, GET /wp-form-header.php HTTP/1.1, GET /chosen.php?p= HTTP/1.1, GET /wp-content/about.php HTTP/1.1 show less
Hacking
Web App Attack
Hirte
2024-11-04 19:51:17
(2 months ago)
C2: Web Attack GET /wp-includes/install.php
Web Spam
Hacking
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-04 19:46:14
(2 months ago)
(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static ... show more (mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static.eastern-tele.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 04 14:46:08.861580 2024] [security2:error] [pid 6103:tid 6103] [client 120.89.41.98:58509] [client 120.89.41.98] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||tinkerlabyrinth.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "tinkerlabyrinth.com"] [uri "/images/stories/radio.php"] [unique_id "ZykkgOaekLO2G_ZC7YeGLwAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-04 18:53:50
(2 months ago)
(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static ... show more (mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static.eastern-tele.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 04 13:53:42.226968 2024] [security2:error] [pid 16693:tid 16693] [client 120.89.41.98:52731] [client 120.89.41.98] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||daydar.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "daydar.net"] [uri "/images/stories/radio.php"] [unique_id "ZykYNsGG2ywrYUK4V2GeSQAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-04 16:23:30
(2 months ago)
(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static ... show more (mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static.eastern-tele.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 04 11:23:26.465881 2024] [security2:error] [pid 3329099:tid 3329099] [client 120.89.41.98:51088] [client 120.89.41.98] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||www.step1nutrition.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "www.step1nutrition.com"] [uri "/images/stories/radio.php"] [unique_id "Zyj0_mYayIoepHXjYjs0zwAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-04 15:16:03
(2 months ago)
Malicious activity detected
Hacking
Web App Attack
TPI-Abuse
2024-11-04 14:45:23
(2 months ago)
(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static ... show more (mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static.eastern-tele.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 04 09:45:20.637441 2024] [security2:error] [pid 13312:tid 13312] [client 120.89.41.98:61717] [client 120.89.41.98] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "87"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||keithbowles.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "keithbowles.com"] [uri "/images/stories/radio.php"] [unique_id "ZyjeACLnbUFzA5ZojUVQTAAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-04 13:13:34
(2 months ago)
(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static ... show more (mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static.eastern-tele.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 04 08:13:30.623644 2024] [security2:error] [pid 20874:tid 20951] [client 120.89.41.98:52804] [client 120.89.41.98] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||tnccivic.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "tnccivic.org"] [uri "/images/stories/radio.php"] [unique_id "ZyjIeuxPXIz7HwozihAyAAAAANA"] show less
Brute-Force
Bad Web Bot
Web App Attack
zynex
2024-11-04 12:37:00
(2 months ago)
URL Probing: /wp-content/about.php
Web App Attack
TPI-Abuse
2024-11-04 11:02:40
(2 months ago)
(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static ... show more (mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static.eastern-tele.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 04 06:02:32.382143 2024] [security2:error] [pid 24340:tid 24340] [client 120.89.41.98:52237] [client 120.89.41.98] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||microkerneltechnologies.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "microkerneltechnologies.com"] [uri "/images/stories/radio.php"] [unique_id "ZyipyDAoPb9Uos1ufx7rzQAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-04 10:23:49
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_APACHE_403
Brute-Force
SSH
TPI-Abuse
2024-11-04 09:29:17
(2 months ago)
(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static ... show more (mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static.eastern-tele.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 04 04:29:11.034829 2024] [security2:error] [pid 15542:tid 15542] [client 120.89.41.98:64176] [client 120.89.41.98] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||madronabluff.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "madronabluff.com"] [uri "/images/stories/radio.php"] [unique_id "ZyiT5zxieqApqcmtuv1_zAAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-04 09:04:08
(2 months ago)
(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static ... show more (mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static.eastern-tele.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 04 04:04:03.705694 2024] [security2:error] [pid 29080:tid 29080] [client 120.89.41.98:52206] [client 120.89.41.98] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||pitiuses.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "pitiuses.com"] [uri "/images/stories/radio.php"] [unique_id "ZyiOA26WuTfGboncFjsilwAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-04 06:29:19
(2 months ago)
(mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static ... show more (mod_security) mod_security (id:240000) triggered by 120.89.41.98 (98.41.89.120.ids.customers.static.eastern-tele.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 04 01:29:14.894066 2024] [security2:error] [pid 28683:tid 28683] [client 120.89.41.98:57484] [client 120.89.41.98] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||professorjunk.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "professorjunk.com"] [uri "/images/stories/radio.php"] [unique_id "ZyhpupVZBhxxInIxE5C2tgAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack