TPI-Abuse
2024-09-10 09:39:38
(4 weeks ago)
(mod_security) mod_security (id:240335) triggered by 172.70.34.137 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 172.70.34.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 10 05:39:34.526189 2024] [security2:error] [pid 19834:tid 19834] [client 172.70.34.137:10116] [client 172.70.34.137] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 163.5.65.81 (+1 hits since last alert)|www.terenc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.terenc.com"] [uri "/xmlrpc.php"] [unique_id "ZuAT1jcun-AcpnjA2rmkJgAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-12 11:52:57
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.70.34.137 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 172.70.34.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 12 07:52:52.978217 2024] [security2:error] [pid 29589:tid 29589] [client 172.70.34.137:34878] [client 172.70.34.137] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jspsf.com"] [uri "/home/.env"] [unique_id "Zrn3lP-RJWrT--88SV6mvgAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-11 14:59:25
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.70.34.137 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 172.70.34.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 11 10:59:19.738158 2024] [security2:error] [pid 4763:tid 4763] [client 172.70.34.137:65422] [client 172.70.34.137] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.upskirtcrazy.com"] [uri "/category/upskirt-pictures/page/.git/HEAD"] [unique_id "ZrjRx5WDhpJl-jyPfpOh2wAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-07-30 01:14:19
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
entspannt
2024-05-12 19:37:35
(4 months ago)
web scraper with user agent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KH ... show more web scraper with user agent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36" show less
Port Scan
Anonymous
2024-05-03 00:07:56
(5 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-04-30 07:18:47
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.34.137 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 172.70.34.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 30 03:18:42.929287 2024] [security2:error] [pid 12364] [client 172.70.34.137:37464] [client 172.70.34.137] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "corecss.io"] [uri "/.git/config"] [unique_id "ZjCbUujm1Bd9B1CuwZ_UIAAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-04-24 05:59:39
(5 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-04-17 05:36:08
(5 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-04-16 22:12:41
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.34.137 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 172.70.34.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 16 18:12:36.500714 2024] [security2:error] [pid 29320] [client 172.70.34.137:12864] [client 172.70.34.137] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "eddysgroup.com"] [uri "/.env"] [unique_id "Zh731KbkF4qJpO5z8NhdVQAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-04-16 15:57:52
(5 months ago)
(mod_security) mod_security (id:211190) triggered by 172.70.34.137 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:211190) triggered by 172.70.34.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 16 11:57:46.551646 2024] [security2:error] [pid 506] [client 172.70.34.137:13572] [client 172.70.34.137] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||barracuda.assistguide.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;/root/kerbynet.cgi/scripts/getkey%20../../../etc/passwd;%22"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "barracuda.assistguide.com"] [uri "/cgi-bin/kerbynet"] [unique_id "Zh6f-lTKaxKwvb0bTytRDwAAABQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-04-14 17:33:16
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.34.137 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 172.70.34.137 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 14 13:33:06.749360 2024] [security2:error] [pid 14268] [client 172.70.34.137:13534] [client 172.70.34.137] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "volga24.vip"] [uri "/.env"] [unique_id "ZhwTUiStDyhwPQ8NWn-JoQAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-04-14 17:22:30
(5 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-04-12 23:17:59
(5 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-03-19 06:19:01
(6 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH