Anonymous
2024-09-20 00:50:28
(2 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
w-e-c-l-o-u-d-i-t
2024-09-07 22:07:46
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 194.5.82.100 (SG/Singapore/-): 1 in the last 60 ... show more (mod_security) mod_security (id:210730) triggered by 194.5.82.100 (SG/Singapore/-): 1 in the last 600 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC show less
Brute-Force
SSH
TPI-Abuse
2024-09-04 11:16:42
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 194.5.82.100 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 194.5.82.100 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 04 07:16:34.302133 2024] [security2:error] [pid 2373660:tid 2373660] [client 194.5.82.100:42067] [client 194.5.82.100] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||autodiscover.book-runningonempty.com|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.book-runningonempty.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "ZthBkvP6XNC6MyNHkfuUDQAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-28 14:47:03
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 194.5.82.100 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 194.5.82.100 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 28 10:46:59.869716 2024] [security2:error] [pid 2466:tid 2466] [client 194.5.82.100:32447] [client 194.5.82.100] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||cyberviews.club|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cyberviews.club"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "Zs84Y-BOmRoJlImuRkzg4gAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-23 08:10:51
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 194.5.82.100 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 194.5.82.100 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 23 04:10:43.470185 2024] [security2:error] [pid 23749:tid 23749] [client 194.5.82.100:4621] [client 194.5.82.100] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||autodiscover.stardancertantra.com|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.stardancertantra.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "ZshEAzmSBaml5NLfUBfDhgAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-21 20:28:26
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 194.5.82.100 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 194.5.82.100 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 21 16:28:19.687618 2024] [security2:error] [pid 23082:tid 23082] [client 194.5.82.100:54711] [client 194.5.82.100] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pngtravel.com|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pngtravel.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "ZsZN49-vBQYg-RbaOsV6RgAAAAE"], referer: https://pngtravel.com/Telerik.Web.UI.WebResource.axd?type=rau show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-20 12:41:01
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 194.5.82.100 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 194.5.82.100 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 20 08:40:56.939903 2024] [security2:error] [pid 5060:tid 5060] [client 194.5.82.100:31375] [client 194.5.82.100] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||autodiscover.calligraphybycorrespondence.com|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.calligraphybycorrespondence.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "ZsSO2AwX34Vt9lE42G7l3QAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
Linuxmalwarehuntingnl
2024-07-03 08:56:56
(3 months ago)
Unauthorized connection attempt
Brute-Force
TPI-Abuse
2024-06-28 20:01:32
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 194.5.82.100 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 194.5.82.100 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 28 16:01:28.081238 2024] [security2:error] [pid 25229] [client 194.5.82.100:35701] [client 194.5.82.100] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||medicareupgrade.debtsolutionsus.com|F|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "medicareupgrade.debtsolutionsus.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "Zn8WmDU0ORS71xl19F6e6QAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-06-14 11:03:52
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
Brute-Force
SSH
SSH
oncord
2024-04-19 11:50:15
(5 months ago)
Form spam
Web Spam
TPI-Abuse
2024-04-19 07:49:38
(5 months ago)
(mod_security) mod_security (id:217280) triggered by 194.5.82.100 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:217280) triggered by 194.5.82.100 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 19 03:49:33.361177 2024] [security2:error] [pid 3206] [client 194.5.82.100:51817] [client 194.5.82.100] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\n|\\\\r)+(?:get|post|head|options|connect|put|delete|trace|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "137"] [id "217280"] [rev "6"] [msg "COMODO WAF: HTTP Request Smuggling Attack||nypdkids.org|F|2"] [data "Matched Data: get found within MATCHED_VAR"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "nypdkids.org"] [uri "/php/send_email.php"] [unique_id "ZiIiDVAGDyl1HltbstvgcgAAAAY"], referer: http://nypdkids.org/contact-donate-nypd-kids.html show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-04-18 14:10:09
(5 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-04-18 14:10:09
(5 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-04-18 14:10:09
(5 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH