π³π±
Linuxmalwarehuntingnl
2024-07-03 08:56:56
(1 year ago)
Unauthorized connection attempt
Brute-Force
π©πͺ
ps-center
2024-05-21 11:19:29
(2 years ago)
MYH: Web Attack GET /wp-admin/css/colors/blue/CasperExV1.php
Web Spam
Hacking
Bad Web Bot
Web App Attack
πΊπΈ
WebpodsLLC
2024-05-21 06:08:49
(2 years ago)
(mod_security) mod_security (id:14203) triggered by 194.233.83.199 (SG/Singapore/-): 3 in the last 3 ...
show more
(mod_security) mod_security (id:14203) triggered by 194.233.83.199 (SG/Singapore/-): 3 in the last 3600 secs (CF_ENABLE); Ports: *; Direction: 0; Trigger: LF_MODSEC;
show less
Port Scan
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2024-05-21 01:28:18
(2 years ago)
(mod_security) mod_security (id:210730) triggered by 194.233.83.199 (vmi1866075.contaboserver.net): ...
show more
(mod_security) mod_security (id:210730) triggered by 194.233.83.199 (vmi1866075.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 20 21:28:14.763915 2024] [security2:error] [pid 18279] [client 194.233.83.199:62987] [client 194.233.83.199] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||post35.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "post35.com"] [uri "/site/default/settings.php.BAK"] [unique_id "Zkv4rmB-ULRbtOKTN3dQMwAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¨π
zynex
2024-05-20 19:28:34
(2 years ago)
URL Probing: /wp-config-sample.php
Web App Attack
πΊπΈ
TPI-Abuse
2024-05-20 05:32:43
(2 years ago)
(mod_security) mod_security (id:210730) triggered by 194.233.83.199 (vmi1866075.contaboserver.net): ...
show more
(mod_security) mod_security (id:210730) triggered by 194.233.83.199 (vmi1866075.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 20 01:32:39.105640 2024] [security2:error] [pid 32188] [client 194.233.83.199:60797] [client 194.233.83.199] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.adorningmetal.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.adorningmetal.com"] [uri "/site/default/settings.php.BAK"] [unique_id "Zkrgd3YM5ekA2qqf-Au41AAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π§π·
hostseries
2024-05-20 04:18:50
(2 years ago)
Trigger: LF_MODSEC
Brute-Force
πΊπΈ
TPI-Abuse
2024-05-19 22:38:49
(2 years ago)
(mod_security) mod_security (id:210730) triggered by 194.233.83.199 (vmi1866075.contaboserver.net): ...
show more
(mod_security) mod_security (id:210730) triggered by 194.233.83.199 (vmi1866075.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 19 18:38:45.541533 2024] [security2:error] [pid 28338] [client 194.233.83.199:53141] [client 194.233.83.199] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||samanthasomers.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "samanthasomers.com"] [uri "/site/default/settings.php.BAK"] [unique_id "Zkp_dbhjEWbQHXKSF1BUBAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2024-05-19 21:21:22
(2 years ago)
(mod_security) mod_security (id:210730) triggered by 194.233.83.199 (vmi1866075.contaboserver.net): ...
show more
(mod_security) mod_security (id:210730) triggered by 194.233.83.199 (vmi1866075.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 19 17:21:16.779803 2024] [security2:error] [pid 31826] [client 194.233.83.199:63459] [client 194.233.83.199] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||cranelife.net|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cranelife.net"] [uri "/site/default/settings.php.BAK"] [unique_id "ZkptTNGrw9BUuFuGkYR4fQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¨π
zynex
2024-05-19 16:32:08
(2 years ago)
URL Probing: /wp-config-sample.php
Web App Attack
πΊπΈ
TPI-Abuse
2024-05-19 08:40:38
(2 years ago)
(mod_security) mod_security (id:210730) triggered by 194.233.83.199 (vmi1866075.contaboserver.net): ...
show more
(mod_security) mod_security (id:210730) triggered by 194.233.83.199 (vmi1866075.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 19 04:40:33.515340 2024] [security2:error] [pid 3276] [client 194.233.83.199:64603] [client 194.233.83.199] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||stonetarot.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "stonetarot.com"] [uri "/site/default/settings.php.BAK"] [unique_id "Zkm7AQoQaoE3hB7PDBBaXgAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
ππΊ
Sotlatnuh
2024-05-19 05:48:00
(2 years ago)
Very violent attack! Request URI: /index.php?_rwp=wp-2018.php
Hacking
πΊπΈ
TPI-Abuse
2024-05-19 04:13:54
(2 years ago)
(mod_security) mod_security (id:210492) triggered by 194.233.83.199 (vmi1866075.contaboserver.net): ...
show more
(mod_security) mod_security (id:210492) triggered by 194.233.83.199 (vmi1866075.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 19 00:13:49.750582 2024] [security2:error] [pid 8080] [client 194.233.83.199:59703] [client 194.233.83.199] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arabou.co"] [uri "/wp-config.php"] [unique_id "Zkl8fbxavxgVaPDnGFaHEAAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2024-05-19 01:34:21
(2 years ago)
(mod_security) mod_security (id:210730) triggered by 194.233.83.199 (vmi1866075.contaboserver.net): ...
show more
(mod_security) mod_security (id:210730) triggered by 194.233.83.199 (vmi1866075.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 18 21:34:13.430099 2024] [security2:error] [pid 4798] [client 194.233.83.199:50760] [client 194.233.83.199] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||asduk.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "asduk.com"] [uri "/site/default/settings.php.BAK"] [unique_id "ZklXFSkxQA0UtfMLYUws5wAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
2024-05-19 00:11:33
(2 years ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH