TPI-Abuse
2024-12-11 21:19:01
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 162.158.78.250 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 162.158.78.250 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 11 16:18:55.638053 2024] [security2:error] [pid 25787:tid 25787] [client 162.158.78.250:17308] [client 162.158.78.250] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 35.204.1.196 (+1 hits since last alert)|www.upskirtcrazy.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.upskirtcrazy.com"] [uri "/xmlrpc.php"] [unique_id "Z1oBv1EWycw9cu-ni4QJXQAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Study Bitcoin 🤗
2024-12-09 23:24:41
(4 days ago)
Port probe to tcp/80 (http)
[srv125]
Port Scan
Bad Web Bot
Web App Attack
Study Bitcoin 🤗
2024-12-08 14:16:40
(6 days ago)
Port probe to tcp/80 (http)
[srv125]
Port Scan
Bad Web Bot
Web App Attack
Study Bitcoin 🤗
2024-11-30 10:20:28
(2 weeks ago)
Port probe to tcp/443 (https)
[srv130]
Port Scan
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-26 08:21:59
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 162.158.78.250 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 162.158.78.250 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 26 03:21:53.056294 2024] [security2:error] [pid 8995:tid 8995] [client 162.158.78.250:14752] [client 162.158.78.250] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||new-bethel-baptist-church.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "new-bethel-baptist-church.com"] [uri "/home/tancedi1/new-bethel-baptist-church.com"] [unique_id "Z0WFIdPZyloPY-FCE-c2IgAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
Study Bitcoin 🤗
2024-11-18 07:28:38
(3 weeks ago)
Port probe to tcp/443 (https)
[srv130]
Port Scan
Brute-Force
Bad Web Bot
Web App Attack
Study Bitcoin 🤗
2024-11-14 05:30:44
(1 month ago)
Port probe to tcp/443 (https)
[srv130]
Port Scan
Brute-Force
Bad Web Bot
Web App Attack
Study Bitcoin 🤗
2024-11-08 08:44:33
(1 month ago)
Port probe to tcp/443 (https)
[srv130]
Port Scan
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-22 23:30:51
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.78.250 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 162.158.78.250 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 22 19:30:43.297403 2024] [security2:error] [pid 6034:tid 6034] [client 162.158.78.250:32748] [client 162.158.78.250] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.yggdrasil.org"] [uri "/blog/.env"] [unique_id "ZsfKIyH0XFmZZKFQhgPjDAAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-15 08:33:15
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.78.250 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 162.158.78.250 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 04:33:09.355439 2024] [security2:error] [pid 1234:tid 1234] [client 162.158.78.250:58028] [client 162.158.78.250] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "adultcreatoracademy.com"] [uri "/.env"] [unique_id "Zr29ReQfOT8a9rqsVyvYmwAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-15 06:15:23
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.78.250 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 162.158.78.250 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 02:15:16.149236 2024] [security2:error] [pid 27388:tid 27388] [client 162.158.78.250:30194] [client 162.158.78.250] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "safe-secure-protect.com"] [uri "/app/.env"] [unique_id "Zr2c9JiK0TtxDpX0xyGanAAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-06 20:58:35
(4 months ago)
(mod_security) mod_security (id:225170) triggered by 162.158.78.250 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 162.158.78.250 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 06 16:58:30.562479 2024] [security2:error] [pid 9045:tid 9045] [client 162.158.78.250:29146] [client 162.158.78.250] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||ndanetworks.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ndanetworks.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZrKOdv13wAlV3yaQOvCROgAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-06-27 06:08:25
(5 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-05-05 02:43:19
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 162.158.78.250 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 162.158.78.250 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 04 22:43:13.351645 2024] [security2:error] [pid 12597] [client 162.158.78.250:13508] [client 162.158.78.250] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kryptonome.com"] [uri "/.env"] [unique_id "ZjbyQeB1AZ6eXXkXroNGQgAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-04-30 06:25:16
(7 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH