strefapi_com
2024-01-26 08:37:08
(10 months ago)
Brute-force web
...
Hacking
Brute-Force
Web App Attack
mnsf
2024-01-25 16:05:19
(10 months ago)
Scanning/Probing (31)
Request Overload (688)
Brute-Force
Web App Attack
TPI-Abuse
2024-01-19 20:24:01
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 188.95.65.97 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 188.95.65.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 19 15:23:57.192199 2024] [security2:error] [pid 21754:tid 47539469838080] [client 188.95.65.97:51346] [client 188.95.65.97] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||oldramona.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "oldramona.com"] [uri "/site/default/settings.php.BAK"] [unique_id "ZaraXWeL8c5mAoDJoykI-QAAAEM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-01-19 19:50:09
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 188.95.65.97 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 188.95.65.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 19 14:50:01.388471 2024] [security2:error] [pid 10853] [client 188.95.65.97:59248] [client 188.95.65.97] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||eydebrothers.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "eydebrothers.com"] [uri "/site/default/settings.php.BAK"] [unique_id "ZarSaUg-Py9e-i6zJDaYkQAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
mnsf
2024-01-19 19:03:37
(10 months ago)
Scanning/Probing (35)
Request Overload (1204)
Brute-Force
Web App Attack
TPI-Abuse
2024-01-19 18:53:35
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 188.95.65.97 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 188.95.65.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 19 13:53:29.263302 2024] [security2:error] [pid 16608] [client 188.95.65.97:47360] [client 188.95.65.97] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.chooseyourowntrail.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.chooseyourowntrail.com"] [uri "/site/default/settings.php.BAK"] [unique_id "ZarFKXBgK4MpH01pCOSIrwAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-01-19 16:27:23
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 188.95.65.97 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 188.95.65.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 19 11:27:18.064016 2024] [security2:error] [pid 7518] [client 188.95.65.97:33702] [client 188.95.65.97] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||jerielster.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jerielster.com"] [uri "/site/default/settings.php.BAK"] [unique_id "Zaqi5m4rHoX7-CccKmHGuwAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
hostseries
2024-01-19 13:15:44
(10 months ago)
Trigger: LF_MODSEC
Brute-Force
TPI-Abuse
2024-01-19 11:02:11
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 188.95.65.97 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 188.95.65.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 19 06:02:08.132568 2024] [security2:error] [pid 4919] [client 188.95.65.97:37350] [client 188.95.65.97] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.valentiti.alessiaalessandra.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.valentiti.alessiaalessandra.com"] [uri "/site/default/settings.php.BAK"] [unique_id "ZapWsJkXgYlHLvt27eIxGgAAABU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-01-19 10:09:41
(10 months ago)
(mod_security) mod_security (id:210730) triggered by 188.95.65.97 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 188.95.65.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 19 05:09:34.753433 2024] [security2:error] [pid 31094:tid 47923779430144] [client 188.95.65.97:53202] [client 188.95.65.97] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||dermatologycolorado.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dermatologycolorado.com"] [uri "/site/default/settings.php.BAK"] [unique_id "ZapKXvC9lR7upH-zABkQvgAAARc"] show less
Brute-Force
Bad Web Bot
Web App Attack
Buster
2024-01-10 22:53:30
(10 months ago)
Repeated script kiddie distributed mass - 588 attempts on each site - attack attempts on multiple si ... show more Repeated script kiddie distributed mass - 588 attempts on each site - attack attempts on multiple sites from Perm Blocked Extremely High Risk ASN and country: show less
Open Proxy
Hacking
Brute-Force
Web App Attack
mnsf
2024-01-08 10:05:12
(10 months ago)
Scanning/Probing (19)
Request Overload (454)
Brute-Force
Web App Attack
Anonymous
2023-12-26 23:30:01
(11 months ago)
| Multiple SQL injection attempts from same source ip.(multiple servers)
Hacking
SQL Injection
Web App Attack
TPI-Abuse
2023-12-21 13:47:52
(11 months ago)
(mod_security) mod_security (id:210730) triggered by 188.95.65.97 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 188.95.65.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 21 08:47:48.074249 2023] [security2:error] [pid 8125] [client 188.95.65.97:54946] [client 188.95.65.97] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mathsquad.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mathsquad.com"] [uri "/mathsquad_db.sql"] [unique_id "ZYRCBK-H8zMc97XTfjcjzwAAAAM"], referer: http://mathsquad.com/mathsquad_db.sql show less
Brute-Force
Bad Web Bot
Web App Attack
unifr
2023-12-20 07:33:07
(11 months ago)
Unauthorized IMAP connection attempt
Brute-Force