TPI-Abuse
2024-11-27 11:33:03
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 198.98.60.90 (tor.samic.org): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 198.98.60.90 (tor.samic.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 27 06:32:57.564108 2024] [security2:error] [pid 1341:tid 1435] [client 198.98.60.90:33720] [client 198.98.60.90] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.sattraffic.com"] [uri "/.git/config"] [unique_id "Z0cDaa-8QFOQ76HlVoilTQAAAMY"] show less
Brute-Force
Bad Web Bot
Web App Attack
canine.tools
2024-11-26 09:37:17
(1 week ago)
[fail2ban Auto Report] searxng search spam abuse
Port Scan
Brute-Force
Study Bitcoin 🤗
2024-11-03 04:30:33
(1 month ago)
Port probe to tcp/21 (ftp control)
[srv131]
FTP Brute-Force
Port Scan
Brute-Force
MPL
2024-11-02 05:55:00
(1 month ago)
tcp/22
Port Scan
MPL
2024-11-02 05:55:00
(1 month ago)
tcp/22
Port Scan
TPI-Abuse
2024-10-28 15:00:59
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 198.98.60.90 (tor.samic.org): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 198.98.60.90 (tor.samic.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 28 11:00:50.479415 2024] [security2:error] [pid 17823:tid 17823] [client 198.98.60.90:48144] [client 198.98.60.90] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.todosconlaura.com"] [uri "/.git/config"] [unique_id "Zx-nIm5sciu3WxTnLNIszgAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
Linuxmalwarehuntingnl
2024-06-28 22:49:42
(5 months ago)
Honeypot HIT
Brute-Force
strefapi_com
2024-03-16 12:30:10
(8 months ago)
Brute-force web
...
Hacking
Brute-Force
Web App Attack
TPI-Abuse
2024-03-14 13:36:05
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 198.98.60.90 (tor.samic.org): 1 in the last 300 ... show more (mod_security) mod_security (id:210730) triggered by 198.98.60.90 (tor.samic.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 14 09:36:01.134901 2024] [security2:error] [pid 26372] [client 198.98.60.90:53740] [client 198.98.60.90] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||coolcustomproducts.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "coolcustomproducts.com"] [uri "/backup.sql"] [unique_id "ZfL9QX4Ux_IPwUmX6zaligAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-02-27 13:20:04
(9 months ago)
(mod_security) mod_security (id:210730) triggered by 198.98.60.90 (tor.samic.org): 1 in the last 300 ... show more (mod_security) mod_security (id:210730) triggered by 198.98.60.90 (tor.samic.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 27 08:19:58.067879 2024] [security2:error] [pid 22872] [client 198.98.60.90:43708] [client 198.98.60.90] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||buildyourownpublishing.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "buildyourownpublishing.com"] [uri "/daily.sql"] [unique_id "Zd3hftFjGzAPuFSMLPkjlQAAABU"] show less
Brute-Force
Bad Web Bot
Web App Attack
niceshops.com
2024-02-11 19:46:47
(9 months ago)
Web Attack ([11/Feb/2024:20:46:27 +0100] )
Brute-Force
Bad Web Bot
Web App Attack
niceshops.com
2024-01-17 18:49:28
(10 months ago)
Web Attack multi (Jan 24 19:49:27 Matching rules: Detect possible SQL injection - E.g. Select * fro ... show more Web Attack multi (Jan 24 19:49:27 Matching rules: Detect possible SQL injection - E.g. Select * from ) show less
SQL Injection
Brute-Force
Bad Web Bot
Web App Attack
ozisp.com.au
2024-01-09 09:10:41
(10 months ago)
US_FranTech_<33>1704791440 [1:2522073:5399] ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffi ... show more US_FranTech_<33>1704791440 [1:2522073:5399] ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 74 [Classification: Misc Attack] [Priority: 2] {TCP} 198.98.60.90:40848 show less
Open Proxy
ger-stg-sifi1
2024-01-07 21:32:41
(11 months ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
psauxit
2024-01-07 20:32:06
(11 months ago)
Fail2Ban - NGINX bad requests 400-401-403-404-444, high level vulnerability scanning, commonly xmlrp ... show more Fail2Ban - NGINX bad requests 400-401-403-404-444, high level vulnerability scanning, commonly xmlrpc_attack, wp-login brute force, excessive crawling/scraping show less
Hacking
Web App Attack