๐บ๐ธ
TPI-Abuse
2024-04-14 23:17:11
(2 years ago)
(mod_security) mod_security (id:225170) triggered by 199.249.230.74 (tor21.quintex.com): 1 in the la ...
show more
(mod_security) mod_security (id:225170) triggered by 199.249.230.74 (tor21.quintex.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 14 19:17:05.187821 2024] [security2:error] [pid 13891] [client 199.249.230.74:43598] [client 199.249.230.74] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||thesweetfam.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "thesweetfam.com"] [uri "/blog/wp-json/wp/v2/users/"] [unique_id "Zhxj8Ynr9iH5-uPcO4vz0AAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-04-14 02:23:47
(2 years ago)
(mod_security) mod_security (id:210730) triggered by 199.249.230.74 (tor21.quintex.com): 1 in the la ...
show more
(mod_security) mod_security (id:210730) triggered by 199.249.230.74 (tor21.quintex.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 13 22:23:41.586180 2024] [security2:error] [pid 104543] [client 199.249.230.74:45190] [client 199.249.230.74] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||rddeckerphotography.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "rddeckerphotography.com"] [uri "/phy.sql"] [unique_id "Zhs-Lc73VjV8wClLXJhlrQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-04-13 12:09:05
(2 years ago)
(mod_security) mod_security (id:210730) triggered by 199.249.230.74 (tor21.quintex.com): 1 in the la ...
show more
(mod_security) mod_security (id:210730) triggered by 199.249.230.74 (tor21.quintex.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 13 08:09:00.593256 2024] [security2:error] [pid 29425:tid 47566163023616] [client 199.249.230.74:42744] [client 199.249.230.74] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||willmanlawfirm.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "willmanlawfirm.com"] [uri "/willmanlaw.sql"] [unique_id "Zhp13E8fc_hmeLmJ4NQ3EwAAAQY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-04-12 10:18:06
(2 years ago)
(mod_security) mod_security (id:210831) triggered by 199.249.230.74 (tor21.quintex.com): 1 in the la ...
show more
(mod_security) mod_security (id:210831) triggered by 199.249.230.74 (tor21.quintex.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 12 06:18:02.372593 2024] [security2:error] [pid 19897] [client 199.249.230.74:52290] [client 199.249.230.74] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.fromthecellarnyc.com|F|4"] [data "panscient.com"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.fromthecellarnyc.com"] [uri "/"] [unique_id "ZhkKWo3TSqlRWbMsOM8hHgAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ช๐ธ
10dencehispahard SL
2024-04-11 10:01:28
(2 years ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
๐ฒ๐พ
Rizzy
2024-04-10 19:21:44
(2 years ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-02-15 00:12:33
(2 years ago)
(mod_security) mod_security (id:225170) triggered by 199.249.230.74 (tor21.quintex.com): 1 in the la ...
show more
(mod_security) mod_security (id:225170) triggered by 199.249.230.74 (tor21.quintex.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 14 19:12:30.589172 2024] [security2:error] [pid 28502] [client 199.249.230.74:58466] [client 199.249.230.74] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||enpozo.club|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "enpozo.club"] [uri "/wp-json/wp/v2/users/4"] [unique_id "Zc1W7h3-Ed-VxgNfqN612QAAAAs"], referer: https://enpozo.club/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
niceshops.com
2024-02-14 10:40:39
(2 years ago)
Web Attack multi (Feb 24 11:40:38 Matching rules: Detect possible SQL injection - E.g. Waitfor .. D ...
show more
Web Attack multi (Feb 24 11:40:38 Matching rules: Detect possible SQL injection - E.g. Waitfor .. Delay )
show less
SQL Injection
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-02-13 14:33:02
(2 years ago)
(mod_security) mod_security (id:210492) triggered by 199.249.230.74 (tor21.quintex.com): 1 in the la ...
show more
(mod_security) mod_security (id:210492) triggered by 199.249.230.74 (tor21.quintex.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 13 09:32:58.568075 2024] [security2:error] [pid 8108] [client 199.249.230.74:54040] [client 199.249.230.74] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.perthdps.com"] [uri "/.git/config"] [unique_id "Zct9mqkBgBO4YLCqj3X88gAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ท๐บ
sms.ru
2024-02-13 12:40:05
(2 years ago)
SMS pumping attack (request flood from TOR)
DDoS Attack
๐ฉ๐ช
ger-stg-sifi1
2024-02-12 23:16:07
(2 years ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-02-12 08:02:57
(2 years ago)
(mod_security) mod_security (id:210730) triggered by 199.249.230.74 (tor21.quintex.com): 1 in the la ...
show more
(mod_security) mod_security (id:210730) triggered by 199.249.230.74 (tor21.quintex.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 12 03:02:50.439402 2024] [security2:error] [pid 20562] [client 199.249.230.74:60300] [client 199.249.230.74] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||hempdoctorsusa.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "hempdoctorsusa.com"] [uri "/americasbestcbd.sql"] [unique_id "ZcnQqsdm3Us0slBcj2etAgAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
niceshops.com
2024-02-12 06:03:37
(2 years ago)
Web Attack multi (Feb 24 07:03:37 Matching rules: Detect possible SQL injection - E.g. CHR(72) )
SQL Injection
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-02-11 23:49:57
(2 years ago)
Participating in distributed denial-of-service. Repeatedly requested web resource with randomized U ...
show more
Participating in distributed denial-of-service. Repeatedly requested web resource with randomized URI query parameter and value.
show less
DDoS Attack
Exploited Host
๐ฉ๐ช
niceshops.com
2024-02-11 06:53:41
(2 years ago)
Web Attack multi (Feb 24 07:53:41 Matching rules: Detect possible SQL injection - E.g. Select * fro ...
show more
Web Attack multi (Feb 24 07:53:41 Matching rules: Detect possible SQL injection - E.g. Select * from )
show less
SQL Injection
Brute-Force
Bad Web Bot
Web App Attack