TPI-Abuse
2024-12-31 18:14:16
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 31 13:14:11.782171 2024] [security2:error] [pid 2477061:tid 2477061] [client 134.122.94.92:51576] [client 134.122.94.92] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||stmaarten.fishing|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "stmaarten.fishing"] [uri "/wallet.dat"] [unique_id "Z3Q0c4nHMjA8BhcHbln6_wAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-31 17:24:05
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 31 12:23:59.288163 2024] [security2:error] [pid 7157:tid 7157] [client 134.122.94.92:50976] [client 134.122.94.92] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.247.fishing|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.247.fishing"] [uri "/wallet.dat"] [unique_id "Z3Qor0tnv1TjIBDkvLq5fgAAABc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-31 08:10:20
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 31 03:10:16.369300 2024] [security2:error] [pid 924902:tid 924902] [client 134.122.94.92:45028] [client 134.122.94.92] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ecuablue.farm|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ecuablue.farm"] [uri "/wallet.dat"] [unique_id "Z3Om6DAzFI90Vf3Bj2nrTAAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-29 20:46:47
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 29 15:46:40.924461 2024] [security2:error] [pid 16303:tid 16303] [client 134.122.94.92:47956] [client 134.122.94.92] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||bearbeds.email|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bearbeds.email"] [uri "/wallet.dat"] [unique_id "Z3G1MGyfkxawb7dDdiAI4AAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-27 15:37:11
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 27 10:37:07.406569 2024] [security2:error] [pid 11697:tid 11697] [client 134.122.94.92:47808] [client 134.122.94.92] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||hal.dance|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "hal.dance"] [uri "/wallet.dat"] [unique_id "Z27Jo8jngPkAGfBtfqZmTAAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-24 21:05:56
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 24 16:05:51.599990 2024] [security2:error] [pid 18217:tid 18217] [client 134.122.94.92:59472] [client 134.122.94.92] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||theyw.clinic|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "theyw.clinic"] [uri "/wallet.dat"] [unique_id "Z2siLw5m1FMVVF3YM4psfAAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-24 06:59:53
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 24 01:59:48.224345 2024] [security2:error] [pid 13126:tid 13133] [client 134.122.94.92:38788] [client 134.122.94.92] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ecocentri.city|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ecocentri.city"] [uri "/wallet.dat"] [unique_id "Z2pb5EW8H61Kos861AVzNQAAAMU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-24 02:26:20
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 23 21:26:14.998217 2024] [security2:error] [pid 2178830:tid 2178830] [client 134.122.94.92:55764] [client 134.122.94.92] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||kingdomway.church|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kingdomway.church"] [uri "/wallet.dat"] [unique_id "Z2obxouAIVIWORJ-uN66KgAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-23 13:25:17
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 23 08:25:12.624892 2024] [security2:error] [pid 15641:tid 15706] [client 134.122.94.92:47332] [client 134.122.94.92] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||dba.center|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dba.center"] [uri "/wallet.dat"] [unique_id "Z2lkuKVILQa0bGbtEZ3WxwAAAIU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-20 02:23:59
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 19 21:23:52.931831 2024] [security2:error] [pid 15553:tid 15557] [client 134.122.94.92:47892] [client 134.122.94.92] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||killasgarage.bike|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "killasgarage.bike"] [uri "/wallet.dat"] [unique_id "Z2TVOIHjIS0Jvk9EtjJVbgAAAII"] show less
Brute-Force
Bad Web Bot
Web App Attack
webbfabriken
2024-12-19 05:41:30
(3 weeks ago)
spam or other hacking activities reported by webbfabriken security servers
Attack reported by ... show more spam or other hacking activities reported by webbfabriken security servers
Attack reported by Webbfabriken Security API - WFSecAPI show less
Web Spam
TPI-Abuse
2024-12-18 15:31:22
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 18 10:31:16.524106 2024] [security2:error] [pid 4694:tid 4694] [client 134.122.94.92:46128] [client 134.122.94.92] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||desertedge.band|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "desertedge.band"] [uri "/wallet.dat"] [unique_id "Z2LqxPMt9stT1vbWahhV3gAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-17 10:18:34
(4 weeks ago)
(mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 17 05:18:31.284981 2024] [security2:error] [pid 23507:tid 23622] [client 134.122.94.92:33262] [client 134.122.94.92] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||artmarialeon.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "artmarialeon.com"] [uri "/wallet.dat"] [unique_id "Z2FP9-zurmE_nuzyuyVTWAAAAJE"] show less
Brute-Force
Bad Web Bot
Web App Attack
Cookie
2024-12-16 01:09:13
(4 weeks ago)
Blocked by UFW (TCP on port 80).
Source port: 36730
TTL: 46
Packet length: 60<br / ... show more Blocked by UFW (TCP on port 80).
Source port: 36730
TTL: 46
Packet length: 60
TOS: 0x00
Timestamp: 2024-12-16 01:09:12 [Europe/Warsaw]
This report (for 134.122.94.92) was generated by:
https://github.com/sefinek24/UFW-AbuseIPDB-Reporter show less
Port Scan
Web App Attack
TPI-Abuse
2024-12-15 07:43:42
(4 weeks ago)
(mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 134.122.94.92 (cerial.chickenkiller.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 15 02:43:38.663335 2024] [security2:error] [pid 6905:tid 6905] [client 134.122.94.92:57754] [client 134.122.94.92] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||argun.wine|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "argun.wine"] [uri "/wallet.dat"] [unique_id "Z16IqqQrE9WfFqEl8-BrsQAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack