TPI-Abuse
2024-09-12 18:46:57
(1 hour ago)
(mod_security) mod_security (id:210730) triggered by 172.70.46.74 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 172.70.46.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 12 14:46:47.587364 2024] [security2:error] [pid 3993860:tid 3993860] [client 172.70.46.74:27576] [client 172.70.46.74] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.thectegroup.net|F|2"] [data ".pwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.thectegroup.net"] [uri "/_vti_pvt/authors.pwd"] [unique_id "ZuM3F-NSsgCYTLHoI4jNgwAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-06 16:06:12
(6 days ago)
(mod_security) mod_security (id:210492) triggered by 172.70.46.74 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.70.46.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 06 12:06:02.711895 2024] [security2:error] [pid 4034:tid 4034] [client 172.70.46.74:22528] [client 172.70.46.74] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tek-front.com"] [uri "/src/.env"] [unique_id "Ztsoakj56r0nHNzIBYTQHwAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
mawan
2024-09-02 12:56:44
(1 week ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
TPI-Abuse
2024-08-25 02:58:12
(2 weeks ago)
(mod_security) mod_security (id:225170) triggered by 172.70.46.74 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 172.70.46.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 24 22:58:05.306114 2024] [security2:error] [pid 1631:tid 1631] [client 172.70.46.74:55020] [client 172.70.46.74] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.upskirtcrazy.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.upskirtcrazy.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZsqdvWX8aH-W9xGgx7lsDQAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Yepngo
2024-08-12 00:09:21
(1 month ago)
172.70.46.74 - - [12/Aug/2024:02:09:21 +0200] "POST /xmlrpc.php HTTP/2.0" 200 410 "-" "Mozilla/5.0 ( ... show more 172.70.46.74 - - [12/Aug/2024:02:09:21 +0200] "POST /xmlrpc.php HTTP/2.0" 200 410 "-" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36"
... show less
Brute-Force
Web App Attack
TPI-Abuse
2024-08-08 20:29:30
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.70.46.74 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.70.46.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 16:29:22.918871 2024] [security2:error] [pid 14703:tid 14703] [client 172.70.46.74:21772] [client 172.70.46.74] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "chefericajoy.com"] [uri "/.git/config"] [unique_id "ZrUqouScYhbfAGbsPkxqhAAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-06 16:57:13
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.70.46.74 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.70.46.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 06 12:57:06.000080 2024] [security2:error] [pid 6898:tid 6898] [client 172.70.46.74:47248] [client 172.70.46.74] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "avaliantlife.com"] [uri "/.git/config"] [unique_id "ZrJV4ZNT83URi649ypKSAwAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-05 16:12:55
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.70.46.74 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.70.46.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 05 12:12:51.333433 2024] [security2:error] [pid 2233:tid 2233] [client 172.70.46.74:57422] [client 172.70.46.74] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "365soft.top"] [uri "/.env"] [unique_id "ZrD6A6xL2wvev_gFhj6xOQAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
ParaBug
2024-07-27 11:31:31
(1 month ago)
172.70.46.74 - - [27/Jul/2024:13:31:30 +0200] "POST /debug/default/view HTTP/1.1" 403 400 "-" "Mozil ... show more 172.70.46.74 - - [27/Jul/2024:13:31:30 +0200] "POST /debug/default/view HTTP/1.1" 403 400 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
... show less
Phishing
Brute-Force
Web App Attack
TPI-Abuse
2024-07-07 15:11:48
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.46.74 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.70.46.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 07 11:11:42.184055 2024] [security2:error] [pid 19012] [client 172.70.46.74:37734] [client 172.70.46.74] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.antitribu.com"] [uri "/.git/config"] [unique_id "ZoqwLiwRgsA9MJXFiQPCqAAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
Hydra-Shield.fr
2024-06-30 16:25:28
(2 months ago)
Directory Traversal on: /.env
Web App Attack
ParaBug
2024-06-25 08:18:38
(2 months ago)
172.70.46.74 - - [25/Jun/2024:10:18:38 +0200] "GET /50039-x-12034-drain-cleaner-250-w-drain-cleaning ... show more 172.70.46.74 - - [25/Jun/2024:10:18:38 +0200] "GET /50039-x-12034-drain-cleaner-250-w-drain-cleaning-machine-sewer-clog-w-5-cutters-p-590881.htm HTTP/1.1" 410 478 "-" "Mozilla/5.0 (compatible; SemrushBot/7~bl; +http://www.semrush.com/bot.html)"
... show less
Phishing
Brute-Force
Web App Attack
ParaBug
2024-06-11 05:58:13
(3 months ago)
172.70.46.74 - - [11/Jun/2024:07:58:12 +0200] "GET /admin HTTP/1.1" 403 400 "-" "python-requests/2.2 ... show more 172.70.46.74 - - [11/Jun/2024:07:58:12 +0200] "GET /admin HTTP/1.1" 403 400 "-" "python-requests/2.27.1"
... show less
Phishing
Brute-Force
Web App Attack
TPI-Abuse
2024-05-23 13:14:33
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.46.74 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.70.46.74 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 23 09:14:29.639798 2024] [security2:error] [pid 2653972] [client 172.70.46.74:27486] [client 172.70.46.74] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.hollyranch.com"] [uri "/.git/config"] [unique_id "Zk9BNXvI64wKZih7qcyZ1QAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
sms.ru
2024-03-25 15:55:04
(5 months ago)
SMS pumping attack from foreign country
DDoS Attack