TPI-Abuse
2024-06-21 15:33:03
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 188.212.135.129 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 188.212.135.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 21 11:33:00.189267 2024] [security2:error] [pid 1325] [client 188.212.135.129:2451] [client 188.212.135.129] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "20e2lions.org"] [uri "/.env"] [unique_id "ZnWdLI08Via8M36eqso1qQAAAAU"] show less
Brute-Force
Brute-Force
Bad Web Bot
Bad Web Bot
Web App Attack
Web App Attack
10dencehispahard SL
2024-05-23 11:00:10
(8 months ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
TPI-Abuse
2024-05-09 04:00:00
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 188.212.135.129 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 188.212.135.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 08 23:59:53.181367 2024] [security2:error] [pid 1739712] [client 188.212.135.129:18565] [client 188.212.135.129] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||usbea.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "usbea.com"] [uri "/back/wallet.dat"] [unique_id "ZjxKOTzI7YwFSzeeyFBNlgAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-04-24 16:07:07
(9 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Anonymous
2024-04-24 10:24:01
(9 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-03-21 13:55:22
(10 months ago)
(mod_security) mod_security (id:210492) triggered by 188.212.135.129 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 188.212.135.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 21 09:55:19.137293 2024] [security2:error] [pid 30235] [client 188.212.135.129:5143] [client 188.212.135.129] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mrepoch.art"] [uri "/restore/sftp-config.json"] [unique_id "Zfw8R3-gazaj2QRNjgZU_wAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-03-19 00:20:49
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 188.212.135.129 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 188.212.135.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 18 20:20:43.058219 2024] [security2:error] [pid 19093] [client 188.212.135.129:8209] [client 188.212.135.129] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||csgohub.gg|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "csgohub.gg"] [uri "/back/backup.sql"] [unique_id "ZfjaW0kAtd9OP415stDRcAAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-03-17 21:33:56
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 188.212.135.129 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 188.212.135.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 17 17:33:49.112448 2024] [security2:error] [pid 10982] [client 188.212.135.129:40515] [client 188.212.135.129] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ezecredit.net|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ezecredit.net"] [uri "/backup/www.sql"] [unique_id "ZfdhvRTphdDWsxAQKmIOPwAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
10dencehispahard SL
2024-02-20 20:00:27
(11 months ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
TPI-Abuse
2024-02-10 06:02:43
(11 months ago)
(mod_security) mod_security (id:210730) triggered by 188.212.135.129 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 188.212.135.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 10 01:02:38.434179 2024] [security2:error] [pid 30337] [client 188.212.135.129:12473] [client 188.212.135.129] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||pigspolygon.xyz|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "pigspolygon.xyz"] [uri "/backup/sql.sql"] [unique_id "ZccRfr4lR6N16mpXjI77wQAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-01-24 21:49:55
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 188.212.135.129 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 188.212.135.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 24 16:49:51.279801 2024] [security2:error] [pid 15722] [client 188.212.135.129:41985] [client 188.212.135.129] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||krupaandsons.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "krupaandsons.com"] [uri "/restore/dump.sql"] [unique_id "ZbGF_5te2ca7ysaTg55LNQAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
oncord
2023-11-14 11:28:19
(1 year ago)
Form spam
Web Spam
Staging
2023-08-18 23:33:15
(1 year ago)
Automated report (2023-08-19T02:33:15+03:00). Caught probing for unsecured backup files.
Open Proxy
Hacking
Thaliruth
2023-05-26 04:08:36
(1 year ago)
188.212.135.129 - - [26/May/2023:06:08:36 +0200] "HEAD /bak/bak.tar.gz HTTP/1.1" 301 0 "-" "-" ... show more 188.212.135.129 - - [26/May/2023:06:08:36 +0200] "HEAD /bak/bak.tar.gz HTTP/1.1" 301 0 "-" "-"
... show less
Hacking
Web App Attack
unifr
2023-03-14 00:13:27
(1 year ago)
Unauthorized IMAP connection attempt
Brute-Force