TPI-Abuse
2024-07-14 00:09:58
(2 months ago)
(mod_security) mod_security (id:210350) triggered by 124.226.222.66 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 124.226.222.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 13 20:09:46.735244 2024] [security2:error] [pid 7385] [client 124.226.222.66:36262] [client 124.226.222.66] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.stbensbluesfest.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.stbensbluesfest.com"] [uri "/"] [unique_id "ZpMXSix_mTEjhJpmrX2v7gAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-07-13 21:32:47
(2 months ago)
fail2ban apache-modsecurity [msg "Multiple/Conflicting Connection Header Data Found."] [uri "/"]
Web App Attack
TPI-Abuse
2024-07-12 06:13:24
(3 months ago)
(mod_security) mod_security (id:210350) triggered by 124.226.222.66 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 124.226.222.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 12 02:13:13.824984 2024] [security2:error] [pid 7887] [client 124.226.222.66:46505] [client 124.226.222.66] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.billwegener.net|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.billwegener.net"] [uri "/"] [unique_id "ZpDJeUqHCQ_HFCZXfkt-2wAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-11 03:50:14
(3 months ago)
(mod_security) mod_security (id:210350) triggered by 124.226.222.66 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 124.226.222.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 10 23:50:05.130309 2024] [security2:error] [pid 28690] [client 124.226.222.66:35392] [client 124.226.222.66] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.zenithxen.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.zenithxen.com"] [uri "/"] [unique_id "Zo9WbXi7CA15AFjpMBlh2gAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-09 09:28:03
(3 months ago)
(mod_security) mod_security (id:210350) triggered by 124.226.222.66 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 124.226.222.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 09 05:27:52.291612 2024] [security2:error] [pid 28310] [client 124.226.222.66:34011] [client 124.226.222.66] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||travelimts.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "travelimts.com"] [uri "/"] [unique_id "Zo0CmFmqbKlP_lSV_NwQVwAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-07-09 01:07:20
(3 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
quicksand
2024-07-08 18:31:56
(3 months ago)
Invalid host header [GET /] [Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/60 ... show more Invalid host header [GET /] [Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1] (WAF Rule Name Within Group: malicious-behavior#MaliciousHostHeader) show less
Bad Web Bot
Web App Attack
Block_Steady_Crew
2024-07-08 06:50:19
(3 months ago)
Honeypot snared from 124.226.222.66
Port Scan
Web App Attack
10dencehispahard SL
2024-07-06 23:00:16
(3 months ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
HoneyPotEU02
2024-07-06 09:40:19
(3 months ago)
agressive web scan, random user agents, random languages, scanner.ducks.party agent
Bad Web Bot
MAGIC
2024-07-06 00:01:28
(3 months ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TPI-Abuse
2024-07-04 07:18:36
(3 months ago)
(mod_security) mod_security (id:210350) triggered by 124.226.222.66 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 124.226.222.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 04 03:18:25.168476 2024] [security2:error] [pid 29974:tid 47150868289280] [client 124.226.222.66:59473] [client 124.226.222.66] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||certifiedeconomist.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "certifiedeconomist.com"] [uri "/"] [unique_id "ZoZMwTpZJOpsO7ZlT57IoQAAAtU"] show less
Brute-Force
Bad Web Bot
Web App Attack
sdos.es
2024-07-03 15:56:16
(3 months ago)
"Multiple/Conflicting Connection Header Data Found - keep-alive, close"
Web App Attack
MAGIC
2024-07-01 07:08:48
(3 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Linuxmalwarehuntingnl
2024-06-30 09:55:20
(3 months ago)
Unauthorized connection attempt
Brute-Force