TPI-Abuse
2024-10-06 17:43:57
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 172.70.47.94 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.70.47.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 06 13:43:50.303304 2024] [security2:error] [pid 9958:tid 9958] [client 172.70.47.94:27080] [client 172.70.47.94] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.ard.global"] [uri "/.env"] [unique_id "ZwLMVrJjnsS37OIQLd88UAAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-10-03 20:50:50
(5 days ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-09-12 17:54:54
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 172.70.47.94 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 172.70.47.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 12 13:54:13.641500 2024] [security2:error] [pid 4249:tid 4249] [client 172.70.47.94:52544] [client 172.70.47.94] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||christechsupport.net|F|2"] [data ".pwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "christechsupport.net"] [uri "/_vti_pvt/administrators.pwd"] [unique_id "ZuMqxXKFcax1yydxxxpuTwAAABw"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-09-10 14:54:31
(4 weeks ago)
Web Probe / Attack
Web App Attack
Anonymous
2024-09-07 19:04:51
(1 month ago)
Web Probe / Attack
Web App Attack
Anonymous
2024-08-16 09:55:03
(1 month ago)
| CMS (WordPress or Joomla) brute force attempt 10 times (rewritten)
Hacking
SQL Injection
Web App Attack
TPI-Abuse
2024-08-03 15:10:09
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.47.94 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.70.47.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 03 11:10:05.723861 2024] [security2:error] [pid 3890083:tid 3890083] [client 172.70.47.94:38434] [client 172.70.47.94] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "corecss.io"] [uri "/xampp/.env"] [unique_id "Zq5ITYNNaeomt25-ARhvfgAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
Sefinek
2024-07-28 03:29:08
(2 months ago)
IP: 172.70.47.94
Protocol: TCP
Source port: 35286
Destination port: 443
TTL: ... show more IP: 172.70.47.94
Protocol: TCP
Source port: 35286
Destination port: 443
TTL: 47
Packet length: 40
TOS: 0x00
Timestamp: Jul 28 05:29:06 (05:29:06, 28.07.2024)
The IP address was blocked by the Uncomplicated Firewall (UFW) due to suspicious activity. Packet details indicate a possible unauthorized access attempt or network scan. show less
Port Scan
Web App Attack
ParaBug
2024-07-26 19:53:04
(2 months ago)
172.70.47.94 - - [26/Jul/2024:21:53:04 +0200] "GET /cerramiento-terraza-exterior-c-29586/cerramiento ... show more 172.70.47.94 - - [26/Jul/2024:21:53:04 +0200] "GET /cerramiento-terraza-exterior-c-29586/cerramientos-%E2%9C%B4%EF%B8%8F-para-terrazas-p-4788425 HTTP/1.1" 403 400 "-" "Mozilla/5.0 (compatible; Pinterestbot/1.0; +http://www.pinterest.com/bot.html)"
... show less
Phishing
Brute-Force
Web App Attack
Anonymous
2024-06-30 21:20:29
(3 months ago)
Jun 30 23:20:27 syscgn kernel: [2515739.238180] [UFW BLOCK] IN=eth0 OUT= MAC=0a:d1:7f:3c:98:09:bc:0f ... show more Jun 30 23:20:27 syscgn kernel: [2515739.238180] [UFW BLOCK] IN=eth0 OUT= MAC=0a:d1:7f:3c:98:09:bc:0f:fe:37:fb:a2:08:00 SRC=172.70.47.94 DST=185.194.141.106 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=11381 DF PROTO=TCP SPT=37636 DPT=2052 WINDOW=65535 RES=0x00 SYN URGP=0
... show less
Hacking
Anonymous
2024-06-28 08:16:28
(3 months ago)
Jun 28 10:16:26 syscgn kernel: [2295917.467450] [UFW BLOCK] IN=eth0 OUT= MAC=0a:d1:7f:3c:98:09:bc:0f ... show more Jun 28 10:16:26 syscgn kernel: [2295917.467450] [UFW BLOCK] IN=eth0 OUT= MAC=0a:d1:7f:3c:98:09:bc:0f:fe:37:fb:a2:08:00 SRC=172.70.47.94 DST=185.194.141.106 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=28989 DF PROTO=TCP SPT=47828 DPT=8880 WINDOW=65535 RES=0x00 SYN URGP=0
... show less
Hacking
ParaBug
2024-06-26 10:13:17
(3 months ago)
172.70.47.94 - - [26/Jun/2024:12:13:16 +0200] "GET /xmlrpc.php?rsd HTTP/1.1" 403 400 "-" "Mozilla/5. ... show more 172.70.47.94 - - [26/Jun/2024:12:13:16 +0200] "GET /xmlrpc.php?rsd HTTP/1.1" 403 400 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36"
... show less
Phishing
Brute-Force
Web App Attack
ParaBug
2024-06-11 05:55:59
(3 months ago)
172.70.47.94 - - [11/Jun/2024:07:55:58 +0200] "GET /index.php?cPath=32310&main_page=product_info&pro ... show more 172.70.47.94 - - [11/Jun/2024:07:55:58 +0200] "GET /index.php?cPath=32310&main_page=product_info&products_id=210665 HTTP/1.1" 403 400 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"
... show less
Phishing
Brute-Force
Web App Attack
TPI-Abuse
2024-05-13 17:41:44
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 172.70.47.94 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 172.70.47.94 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 13 13:41:40.777021 2024] [security2:error] [pid 18261] [client 172.70.47.94:61662] [client 172.70.47.94] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||sportsbookcommission.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "sportsbookcommission.com"] [uri "/back/backup.sql"] [unique_id "ZkJQ1LHkSgUH4SkCPTzyowAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
oncord
2024-05-01 22:50:14
(5 months ago)
Form spam
Web Spam