TPI-Abuse
2024-08-24 13:49:53
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 172.70.135.125 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 172.70.135.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 24 09:49:47.731158 2024] [security2:error] [pid 3156:tid 3156] [client 172.70.135.125:44024] [client 172.70.135.125] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 91.92.247.250 (+1 hits since last alert)|www.yggdrasil.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.yggdrasil.org"] [uri "/xmlrpc.php"] [unique_id "Zsnk-95FTn7bldDqjoNSbQAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-18 02:44:10
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.135.125 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.70.135.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 17 22:44:05.795520 2024] [security2:error] [pid 31152] [client 172.70.135.125:36254] [client 172.70.135.125] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "efko.group"] [uri "/.env"] [unique_id "ZpiBdV6AZoGbqboYKPhR9wAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
oncord
2024-07-04 10:47:39
(2 months ago)
Form spam
Web Spam
Anonymous
2024-05-31 04:27:32
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-05-29 04:43:00
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-05-07 04:26:32
(4 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-04-15 21:53:34
(5 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-03-31 03:20:12
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.135.125 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.70.135.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 30 23:20:06.108400 2024] [security2:error] [pid 19723] [client 172.70.135.125:27288] [client 172.70.135.125] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.stufman.shop"] [uri "/_profiler/open"] [unique_id "ZgjWZqbNvE-6iVjyjbRs8AAAABQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-03-19 23:56:35
(5 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-03-17 08:13:03
(6 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-03-11 09:01:07
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.135.125 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.70.135.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 11 05:01:00.154281 2024] [security2:error] [pid 13565] [client 172.70.135.125:12660] [client 172.70.135.125] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ard.global"] [uri "/.git/config"] [unique_id "Ze7ITHKcmMnDs8u-fLO4KwAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2023-12-28 23:13:48
(8 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.135.125 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.70.135.125 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 28 18:13:40.880921 2023] [security2:error] [pid 17838] [client 172.70.135.125:36158] [client 172.70.135.125] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "swarnar.com"] [uri "/.git/config"] [unique_id "ZY4BJG8EhVQjY0Rl2NmWZAAAADA"] show less
Brute-Force
Bad Web Bot
Web App Attack
mawan
2023-12-01 01:47:01
(9 months ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
oncord
2023-10-06 22:15:37
(11 months ago)
Form spam
Web Spam
tom jack
2023-08-29 02:58:44
(1 year ago)
Scanning for open ports and vulnerable services.
Port Scan