uhlhosting
2024-08-02 09:56:56
(2 months ago)
idleslidegloves.com 193.37.32.90 - - [02/Aug/2024:11:56:53.409135 +0200] "GET /.well-known/pki-valid ... show more idleslidegloves.com 193.37.32.90 - - [02/Aug/2024:11:56:53.409135 +0200] "GET /.well-known/pki-validation/install.php HTTP/1.1" 403 199 "-" "-" ZqytZYC3hW5fMh1ra7X_3AAAAQc "-" /apache/20240802/20240802-1156/20240802-115653-ZqytZYC3hW5fMh1ra7X_3AAAAQc 0 1100 md5:b2bd4b3b54b2eb8567cb309c4b12a210
idleslidegloves.com 193.37.32.90 - - [02/Aug/2024:11:56:55.324579 +0200] "GET /wp-includes/pomo/pomo.php HTTP/1.1" 403 199 "-" "-" ZqytZ4C3hW5fMh1ra7X_3wAAAQY "-" /apache/20240802/20240802-1156/20240802-115655-ZqytZ4C3hW5fMh1ra7X_3wAAAQY 0 1119 md5:b29071c95611b743d4be85c26fbe6bb8
idleslidegloves.com 193.37.32.90 - - [02/Aug/2024:11:56:55.489158 +0200] "GET /.well-known/about.php HTTP/1.1" 403 199 "-" "-" ZqytZ4C3hW5fMh1ra7X_4AAAAQE "-" /apache/20240802/20240802-1156/20240802-115655-ZqytZ4C3hW5fMh1ra7X_4AAAAQE 0 1083 md5:a468f1e7ec02e911c7c461f8929cc4c9
idleslidegloves.com 193.37.32.90 - - [02/Aug/2024:11:56:55.657486 +0200] "GET /wp-includes/IXR/themes.php HTTP/1.1" 403 199 "-" "-" ZqytZ4C3hW
... show less
DDoS Attack
Brute-Force
TPI-Abuse
2024-08-01 09:28:08
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 193.37.32.90 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 193.37.32.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 01 05:28:03.499813 2024] [security2:error] [pid 5917:tid 5917] [client 193.37.32.90:48665] [client 193.37.32.90] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thebradleyclinic.com"] [uri "/admin/.env-prod"] [unique_id "ZqtVI_lfxw8Eg8nA_EB2qQAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-01 00:44:49
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-07-24 08:16:16
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 193.37.32.90 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 193.37.32.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 24 04:16:10.412160 2024] [security2:error] [pid 21703:tid 21703] [client 193.37.32.90:21543] [client 193.37.32.90] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.anthraxbook.banis-associates.com|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.anthraxbook.banis-associates.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "ZqC4SvlTCUpHmr7jvHR5QAAAABY"] show less
Brute-Force
Bad Web Bot
Web App Attack
taivas.nl
2024-07-19 04:32:26
(2 months ago)
Many_bad_calls
Web App Attack
taivas.nl
2024-07-18 14:02:04
(2 months ago)
Wordpress_Attack
Web App Attack
TPI-Abuse
2024-07-14 02:13:59
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 193.37.32.90 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 193.37.32.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 13 22:13:54.528908 2024] [security2:error] [pid 22824] [client 193.37.32.90:14945] [client 193.37.32.90] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "travelto.info"] [uri "/wp-config.php"] [unique_id "ZpM0YszuiBEytY4bjv3zJgAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-12 13:02:26
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 193.37.32.90 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 193.37.32.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 12 09:02:21.733498 2024] [security2:error] [pid 7461] [client 193.37.32.90:40789] [client 193.37.32.90] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.chilako.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.chilako.com"] [uri "/settings.php.bak"] [unique_id "ZpEpXSk85wzns-VewyXo7gAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-11 16:58:51
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 193.37.32.90 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 193.37.32.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 11 12:58:44.506216 2024] [security2:error] [pid 6433] [client 193.37.32.90:53647] [client 193.37.32.90] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "scermak.com"] [uri "/wp-config.php"] [unique_id "ZpAPRBEKjZikIomKiyJzrwAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-11 10:59:23
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 193.37.32.90 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 193.37.32.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 11 06:59:16.264381 2024] [security2:error] [pid 12907] [client 193.37.32.90:64573] [client 193.37.32.90] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nashtechnologies.net"] [uri "/wp-config.php"] [unique_id "Zo-7BNS0nIqTx1rji_iJoAAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-07-11 07:13:24
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-07-10 23:23:54
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 193.37.32.90 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 193.37.32.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 10 19:23:48.002808 2024] [security2:error] [pid 12995] [client 193.37.32.90:59181] [client 193.37.32.90] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.coolingsprings.org|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.coolingsprings.org"] [uri "/settings.php.bak"] [unique_id "Zo8YBNpkWzYG2TICXuaZcQAAABQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
cmbplf
2024-07-10 19:23:07
(2 months ago)
7.143 4xx requests in 1 hour (2w5d14h)
Brute-Force
Bad Web Bot
10dencehispahard SL
2024-07-10 14:02:26
(2 months ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
MAGIC
2024-07-01 15:02:13
(3 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot