Anonymous
2024-11-01 01:12:40
(1 week ago)
(mod_security) mod_security triggered on hostname [redacted] 142.93.180.129 (US/United States/-)
SQL Injection
paulshipley.com.au
2024-10-29 15:50:03
(1 week ago)
ccideas.com.au:443 142.93.180.129 - - [30/Oct/2024:02:49:57 +1100] "HEAD /backup.zip HTTP/1.1" 404 6 ... show more ccideas.com.au:443 142.93.180.129 - - [30/Oct/2024:02:49:57 +1100] "HEAD /backup.zip HTTP/1.1" 404 650 "https://ccideas.com.au/backup.zip" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
ccideas.com.au:443 142.93.180.129 - - [30/Oct/2024:02:49:58 +1100] "HEAD /backup.rar HTTP/1.1" 404 650 "https://ccideas.com.au/backup.rar" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
ccideas.com.au:443 142.93.180.129 - - [30/Oct/2024:02:49:58 +1100] "HEAD /backup.tar.gz HTTP/1.1" 404 650 "https://ccideas.com.au/backup.tar.gz" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
ccideas.com.au:443 142.93.180.129 - - [30/Oct/2024:02:49:59 +1100] "HEAD /backup.tgz HTTP/1.1" 404 650 "https://ccideas.com.au/backup.tgz" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)"
ccideas.com.au:443 142.93.180.129 - - [30/Oct/2024:02:49:59 +1100] "HEAD /backup.sql HTTP/1.1" 404 650 "https://ccideas.com.au/backup.sql" "Mozilla/5.0 (compatible; MSIE 9.0;
... show less
Web App Attack
TPI-Abuse
2024-10-28 10:32:27
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 142.93.180.129 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 142.93.180.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 28 06:32:21.875233 2024] [security2:error] [pid 25763:tid 25763] [client 142.93.180.129:64631] [client 142.93.180.129] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||comicpreservation.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "comicpreservation.com"] [uri "/backup.sql"] [unique_id "Zx9oNbx3-cQVMxN86V78bQAAAAY"], referer: http://comicpreservation.com/backup.sql show less
Brute-Force
Bad Web Bot
Web App Attack
weblite
2024-10-28 09:58:31
(1 week ago)
WP_MALWARE_PROBE
Hacking
Web App Attack
QT
2024-10-28 08:47:58
(1 week ago)
Website hack attempted at 2024-10-28 18:47:53 +1000
Web App Attack
TPI-Abuse
2024-10-27 14:34:13
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 142.93.180.129 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 142.93.180.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 27 10:34:09.850383 2024] [security2:error] [pid 8824:tid 8824] [client 142.93.180.129:51711] [client 142.93.180.129] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.rodatrack.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.rodatrack.com"] [uri "/backup.sql"] [unique_id "Zx5PYU8lC36J2F06OI3NZQAAAAc"], referer: http://www.rodatrack.com/backup.sql show less
Brute-Force
Bad Web Bot
Web App Attack
Apache
2024-10-27 13:17:00
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 142.93.180.129 (US/United States/-): 5 in the l ... show more (mod_security) mod_security (id:210730) triggered by 142.93.180.129 (US/United States/-): 5 in the last 300 secs show less
Brute-Force
Web App Attack
COMAITE
2024-10-27 03:00:55
(2 weeks ago)
Multiple web server 400 error codes from same source ip 142.93.180.129.
Web App Attack
rtbh.com.tr
2024-10-26 20:53:43
(2 weeks ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
TPI-Abuse
2024-10-26 13:33:14
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 142.93.180.129 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 142.93.180.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 26 09:33:09.245130 2024] [security2:error] [pid 4751:tid 4751] [client 142.93.180.129:49488] [client 142.93.180.129] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||norinpaco.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "norinpaco.com"] [uri "/backup.sql"] [unique_id "ZxzvlVp2FVfjBpDgg6MMcQAAAAI"], referer: http://norinpaco.com/backup.sql show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-26 08:49:47
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 142.93.180.129 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 142.93.180.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 26 04:49:39.954596 2024] [security2:error] [pid 514:tid 514] [client 142.93.180.129:51716] [client 142.93.180.129] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||uppermotradingco.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "uppermotradingco.com"] [uri "/backup.sql"] [unique_id "ZxytI1AeNBZoNYVFbmV8VAAAAAo"], referer: http://uppermotradingco.com/backup.sql show less
Brute-Force
Bad Web Bot
Web App Attack
rtbh.com.tr
2024-10-25 20:53:45
(2 weeks ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
TPI-Abuse
2024-10-25 09:28:42
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 142.93.180.129 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 142.93.180.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 25 05:28:35.289862 2024] [security2:error] [pid 1503:tid 1503] [client 142.93.180.129:51178] [client 142.93.180.129] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||stephenjewson.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "stephenjewson.com"] [uri "/backup.sql"] [unique_id "Zxtkw5WaQzHQEPaFB9KyYwAAABU"], referer: http://stephenjewson.com/backup.sql show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-25 07:39:46
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 142.93.180.129 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 142.93.180.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 25 03:39:39.267711 2024] [security2:error] [pid 18957:tid 18957] [client 142.93.180.129:55359] [client 142.93.180.129] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||wholesaleglassjars.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "wholesaleglassjars.com"] [uri "/backup.sql"] [unique_id "ZxtLO5SYMKiuOvI43EHHDgAAAAo"], referer: http://wholesaleglassjars.com/backup.sql show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-25 04:52:47
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 142.93.180.129 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 142.93.180.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 25 00:52:42.824085 2024] [security2:error] [pid 15577:tid 15577] [client 142.93.180.129:59994] [client 142.93.180.129] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||simon-hsieh.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "simon-hsieh.com"] [uri "/backup.sql"] [unique_id "ZxskGiC9jmEDSY1FdSIMpwAAAAQ"], referer: http://simon-hsieh.com/backup.sql show less
Brute-Force
Bad Web Bot
Web App Attack