TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com ... show more(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 18 06:07:13.950266 2024] [security2:error] [pid 21170:tid 21170] [client 138.199.18.73:46618] [client 138.199.18.73] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.killarneypool.org"] [uri "/css/wp-config.php"] [unique_id "ZuqmUTIfZDrG8icc_th_WQAAAB4"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Rizzy
|
|
Multiple WAF Violations
|
Brute-Force
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com ... show more(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 18 03:35:46.463965 2024] [security2:error] [pid 5754:tid 5754] [client 138.199.18.73:57880] [client 138.199.18.73] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.clossglobal.com"] [uri "/css/wp-config.php"] [unique_id "ZuqC0s23bPMXqDfd8mG0EQAAABM"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com ... show more(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 18 02:36:44.800916 2024] [security2:error] [pid 28288:tid 28288] [client 138.199.18.73:45562] [client 138.199.18.73] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "glassclublake.com"] [uri "/css/wp-config.php"] [unique_id "Zup0_ORQTSSi8LPznoJLswAAABk"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com ... show more(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 17 23:45:34.084117 2024] [security2:error] [pid 6110:tid 6110] [client 138.199.18.73:56736] [client 138.199.18.73] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.windsorhills.iainrealtor.com"] [uri "/css/wp-config.php"] [unique_id "ZupM3pHifJmah2-tjO2sSQAAAAM"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com ... show more(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 17 22:08:01.290072 2024] [security2:error] [pid 23573:tid 23573] [client 138.199.18.73:45968] [client 138.199.18.73] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kairoslogammakmur.com"] [uri "/css/wp-config.php"] [unique_id "Zuo2AQHqb-aVkhfQ1s2WugAAAAo"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com ... show more(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 17 20:45:04.803779 2024] [security2:error] [pid 943:tid 943] [client 138.199.18.73:34500] [client 138.199.18.73] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.takemehomedogrescue.org"] [uri "/css/wp-config.php"] [unique_id "ZuoikIToJs7ESXsD_YvZMAAAAAQ"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com ... show more(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 17 14:20:44.379793 2024] [security2:error] [pid 16404:tid 16404] [client 138.199.18.73:45152] [client 138.199.18.73] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.michleen-collins.com"] [uri "/css/wp-config.php"] [unique_id "ZunIfPY-hgiDWI4QgVT4sAAAAA8"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com ... show more(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 17 13:43:24.927155 2024] [security2:error] [pid 5427:tid 5427] [client 138.199.18.73:34078] [client 138.199.18.73] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.edlee.biz"] [uri "/css/wp-config.php"] [unique_id "Zum_vLv8a66pdZbxOLpxvwAAABI"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_APACHE_403
|
Brute-Force
SSH
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com ... show more(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 17 13:22:54.690652 2024] [security2:error] [pid 14473:tid 14473] [client 138.199.18.73:45522] [client 138.199.18.73] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rabota24.vip"] [uri "/css/wp-config.php"] [unique_id "Zum67ukEs1gcY-970xcZlQAAAAM"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
cmbplf
|
|
511 requests to */.well-known/pki-validation/*.php
|
Brute-Force
Bad Web Bot
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com ... show more(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 17 12:27:09.996799 2024] [security2:error] [pid 9275:tid 9275] [client 138.199.18.73:53794] [client 138.199.18.73] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bellehollow.com"] [uri "/css/wp-config.php"] [unique_id "Zumt3TQZNkEZnliUkhK5JQAAABI"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com ... show more(mod_security) mod_security (id:210492) triggered by 138.199.18.73 (unn-138-199-18-73.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 17 12:08:10.183421 2024] [security2:error] [pid 32022:tid 32022] [client 138.199.18.73:56596] [client 138.199.18.73] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.bonito.pet"] [uri "/css/wp-config.php"] [unique_id "Zumparr50K1lbkm0Jcx7qwAAAAU"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|