Anonymous
2024-11-28 05:18:02
(4 days ago)
Action: Block, Reason: DDOS attack detected
DDoS Attack
TPI-Abuse
2024-11-20 01:32:04
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 2001:67c:6ec:203:192:42:116:182 (30.tor-exit.no ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:6ec:203:192:42:116:182 (30.tor-exit.nothingtohide.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 19 20:31:59.698198 2024] [security2:error] [pid 17990:tid 17990] [client 2001:67c:6ec:203:192:42:116:182:33225] [client 2001:67c:6ec:203:192:42:116:182] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.rockwaychiropractic.com"] [uri "/.git/config"] [unique_id "Zz08DwiSOVyz5DDNywWe7wAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-08 22:10:04
(3 weeks ago)
| Multiple common web attacks from same source ip. (multiple servers)
Hacking
SQL Injection
Web App Attack
lyratris.com
2024-11-02 18:39:16
(4 weeks ago)
Layer 7 HTTP Flood
DDoS Attack
TPI-Abuse
2024-11-01 07:08:26
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2001:67c:6ec:203:192:42:116:182 (30.tor-exit.no ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:6ec:203:192:42:116:182 (30.tor-exit.nothingtohide.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 01 03:08:22.101018 2024] [security2:error] [pid 11157:tid 11157] [client 2001:67c:6ec:203:192:42:116:182:60342] [client 2001:67c:6ec:203:192:42:116:182] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sunshine-trust.com"] [uri "/wp-config.php.bk"] [unique_id "ZyR-Zi9zQ_Ei6auJ685MHQAAACQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
afleventoffice.com.au
2024-10-04 04:20:33
(1 month ago)
GET /admin/ HTTP/1.1
Web App Attack
TPI-Abuse
2024-09-26 20:20:48
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 2001:67c:6ec:203:192:42:116:182 (30.tor-exit.no ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:6ec:203:192:42:116:182 (30.tor-exit.nothingtohide.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 26 16:20:43.043173 2024] [security2:error] [pid 10115:tid 10115] [client 2001:67c:6ec:203:192:42:116:182:63078] [client 2001:67c:6ec:203:192:42:116:182] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ontimelogistiks.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ontimelogistiks.com"] [uri "/wordpress.sql"] [unique_id "ZvXCG_JXj6U-7QWYmqotswAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-04 06:55:15
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 2001:67c:6ec:203:192:42:116:182 (30.tor-exit.no ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:6ec:203:192:42:116:182 (30.tor-exit.nothingtohide.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 04 02:55:11.108698 2024] [security2:error] [pid 1622634:tid 1622634] [client 2001:67c:6ec:203:192:42:116:182:15990] [client 2001:67c:6ec:203:192:42:116:182] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.kinesiologiaenmovimiento.com"] [uri "/.git/config"] [unique_id "ZtgET_a_W1LU6FXOQWOCNAAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
lyratris.com
2024-08-29 07:30:53
(3 months ago)
Layer 7 HTTP Flood
DDoS Attack
TPI-Abuse
2024-08-28 23:20:34
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 2001:67c:6ec:203:192:42:116:182 (30.tor-exit.no ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:6ec:203:192:42:116:182 (30.tor-exit.nothingtohide.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 28 19:20:24.271625 2024] [security2:error] [pid 13695:tid 13695] [client 2001:67c:6ec:203:192:42:116:182:61667] [client 2001:67c:6ec:203:192:42:116:182] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ultratecnologia.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ultratecnologia.com"] [uri "/ul.sql"] [unique_id "Zs-wuDHlqqOLL-bpjfmzyAAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-27 09:09:47
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 2001:67c:6ec:203:192:42:116:182 (30.tor-exit.no ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:6ec:203:192:42:116:182 (30.tor-exit.nothingtohide.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 27 05:09:41.031023 2024] [security2:error] [pid 10547:tid 10547] [client 2001:67c:6ec:203:192:42:116:182:46839] [client 2001:67c:6ec:203:192:42:116:182] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.zombiekillabob.com"] [uri "/.git/config"] [unique_id "Zs2X1VJELuzpMxZ8UPUW4gAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-18 00:54:08
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 2001:67c:6ec:203:192:42:116:182 (30.tor-exit.no ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:6ec:203:192:42:116:182 (30.tor-exit.nothingtohide.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 17 20:53:59.866971 2024] [security2:error] [pid 20948:tid 20948] [client 2001:67c:6ec:203:192:42:116:182:55187] [client 2001:67c:6ec:203:192:42:116:182] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.john-bell-associates.com"] [uri "/.git/config"] [unique_id "ZsFGJ95V-8Nwnd_85v5FIQAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
4server
2024-08-11 13:26:27
(3 months ago)
[SunAug1115:26:23.6826342024][security2:error][pid3563445:tid3563502][client2001:67c:6ec:203:192:42: ... show more [SunAug1115:26:23.6826342024][security2:error][pid3563445:tid3563502][client2001:67c:6ec:203:192:42:116:182:0][client2001:67c:6ec:203:192:42:116:182]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"wp-content/uploads/.\*\\\\\\\\.ph\(\?:p\|tml\|t\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/99_asl_jitp.conf\"][line\"5056\"][id\"382238\"][rev\"2\"][msg\"Atomicorp.comWAFRules-VirtualJustInTimePatch:PHPfileexecutioninuploadsdirectorydenied\"][data\"wp-content/uploads/mfw-activity-logger/csv-uploads/evil.php\"][severity\"CRITICAL\"][hostname\"prstartup.ch\"][uri\"/wp-content/uploads/mfw-activity-logger/csv-uploads/evil.php\"][unique_id\"Zri7_-kztIBWRNteCVX7RQAAAFM\"][SunAug1115:26:24.2988982024][security2:error][pid3563445:tid3563502][client2001:67c:6ec:203:192:42:116:182:0][client2001:67c:6ec:203:192:42:116:182]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"wp-content/uploads/.\*\\\\\\\\.ph\(\?:p\|tml\|t\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/99_asl_ show less
Port Scan
Brute-Force
Web App Attack
cmbplf
2024-08-08 15:33:34
(3 months ago)
633 requests to */xmlrpc.php
Brute-Force
Bad Web Bot
TPI-Abuse
2024-08-06 01:29:15
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 2001:67c:6ec:203:192:42:116:182 (30.tor-exit.no ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:6ec:203:192:42:116:182 (30.tor-exit.nothingtohide.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 05 21:29:05.742787 2024] [security2:error] [pid 16457:tid 16457] [client 2001:67c:6ec:203:192:42:116:182:31708] [client 2001:67c:6ec:203:192:42:116:182] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.acpalms.com"] [uri "/.git/config"] [unique_id "ZrF8YZV3fHz7KShvIpiMuQAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack