TPI-Abuse
2025-02-14 02:21:18
(2 days ago)
(mod_security) mod_security (id:210730) triggered by 185.220.101.149 (tor-exit-149.relayon.org): 1 i ... show more (mod_security) mod_security (id:210730) triggered by 185.220.101.149 (tor-exit-149.relayon.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 13 21:21:12.722121 2025] [security2:error] [pid 6076:tid 6117] [client 185.220.101.149:35999] [client 185.220.101.149] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||dejacats.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dejacats.com"] [uri "/daily.sql"] [unique_id "Z66omP_2wwXv8Wzo4_5regAAAs4"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-02-13 23:49:31
(2 days ago)
(mod_security) mod_security (id:210730) triggered by 185.220.101.149 (tor-exit-149.relayon.org): 1 i ... show more (mod_security) mod_security (id:210730) triggered by 185.220.101.149 (tor-exit-149.relayon.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 13 18:49:26.540759 2025] [security2:error] [pid 3114977:tid 3114977] [client 185.220.101.149:61865] [client 185.220.101.149] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||talkingmess.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "talkingmess.com"] [uri "/backups.sql"] [unique_id "Z66FBgkf06vV7eq6JUbbuwAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
Jim Keir
2025-02-09 17:54:37
(6 days ago)
2025-02-09 17:54:36 185.220.101.149 File scanning, blocking 185.220.101.149 for 5 minutes
Web App Attack
TPI-Abuse
2025-02-07 10:46:37
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 185.220.101.149 (tor-exit-149.relayon.org): 1 i ... show more (mod_security) mod_security (id:210492) triggered by 185.220.101.149 (tor-exit-149.relayon.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 07 05:46:31.192250 2025] [security2:error] [pid 174438:tid 174438] [client 185.220.101.149:28427] [client 185.220.101.149] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "inverzona.com"] [uri "/wp-config.php.CloudTech_bak"] [unique_id "Z6Xkh_bDXgBIDHQ5QDlVmwAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2025-02-07 04:03:24
(1 week ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TPI-Abuse
2025-02-04 16:54:49
(1 week ago)
(mod_security) mod_security (id:210350) triggered by 185.220.101.149 (tor-exit-149.relayon.org): 1 i ... show more (mod_security) mod_security (id:210350) triggered by 185.220.101.149 (tor-exit-149.relayon.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 04 11:54:46.453519 2025] [security2:error] [pid 11827:tid 11827] [client 185.220.101.149:25837] [client 185.220.101.149] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.fishleadership.org|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.fishleadership.org"] [uri "/"] [unique_id "Z6JGVguhb6ZaYJlDHsyzNQAAAA8"], referer: http://www.fishleadership.org/ show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-02-04 15:46:14
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 185.220.101.149 (tor-exit-149.relayon.org): 1 i ... show more (mod_security) mod_security (id:210492) triggered by 185.220.101.149 (tor-exit-149.relayon.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 04 10:46:07.925590 2025] [security2:error] [pid 316304:tid 316304] [client 185.220.101.149:44397] [client 185.220.101.149] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "eb5coalition.org"] [uri "/wp-config.php_old2"] [unique_id "Z6I2PyVmn9r7B7eZH_T6HwAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
exxos
2025-02-04 12:20:32
(1 week ago)
Attacks with Bad user agents
Hacking
mkey
2025-02-03 08:40:43
(1 week ago)
2025-02-03 04:34:12 - Unauthorized connection probe. Source on blacklist
Port Scan
Hacking
Anonymous
2025-02-01 19:03:43
(2 weeks ago)
Action: Block, Reason: DDOS attack detected
DDoS Attack
aranguren.org
2025-01-30 17:39:49
(2 weeks ago)
2025-01-31T04:39:49.139242+11:00 luisaranguren sshd-session[3184870]: kex_exchange_identification: c ... show more 2025-01-31T04:39:49.139242+11:00 luisaranguren sshd-session[3184870]: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.0"
2025-01-31T04:39:49.139341+11:00 luisaranguren sshd-session[3184870]: banner exchange: Connection from 185.220.101.149 port 46883: invalid format
... show less
Brute-Force
SSH
David Ferneding
2025-01-27 19:41:25
(2 weeks ago)
Attempted fake-order-flood, 7476 requests from this ip in 4 min
Fraud Orders
DDoS Attack
Bad Web Bot
strzonnek
2025-01-27 05:34:46
(2 weeks ago)
attack on webform
Brute-Force
Web App Attack
psauxit
2025-01-26 03:25:06
(3 weeks ago)
Fail2Ban - NGINX 403 forcing to access a restricted resource
Hacking
strzonnek
2025-01-25 16:10:23
(3 weeks ago)
attack on webform
Brute-Force
Web App Attack