TPI-Abuse
2024-08-31 02:40:10
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 2001:67c:6ec:203:192:42:116:216 (19.tor-exit.no ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:6ec:203:192:42:116:216 (19.tor-exit.nothingtohide.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 30 22:40:06.643960 2024] [security2:error] [pid 20474:tid 20474] [client 2001:67c:6ec:203:192:42:116:216:63747] [client 2001:67c:6ec:203:192:42:116:216] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||reyadecostarica.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "reyadecostarica.com"] [uri "/reyadecosta.sql"] [unique_id "ZtKChk4TvedkRZLzRVdpTQAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-29 18:38:38
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 2001:67c:6ec:203:192:42:116:216 (19.tor-exit.no ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:6ec:203:192:42:116:216 (19.tor-exit.nothingtohide.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 29 14:38:30.469207 2024] [security2:error] [pid 23775:tid 23775] [client 2001:67c:6ec:203:192:42:116:216:62923] [client 2001:67c:6ec:203:192:42:116:216] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||writebetweenthelines.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "writebetweenthelines.com"] [uri "/ebetweenthelines.sql"] [unique_id "ZtDAJuwtuJPWp_O5ZfsmUAAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-29 11:14:49
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 2001:67c:6ec:203:192:42:116:216 (19.tor-exit.no ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:6ec:203:192:42:116:216 (19.tor-exit.nothingtohide.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 29 07:14:43.713969 2024] [security2:error] [pid 11229:tid 11229] [client 2001:67c:6ec:203:192:42:116:216:21988] [client 2001:67c:6ec:203:192:42:116:216] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||lzbvi.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lzbvi.com"] [uri "/backup.sql"] [unique_id "ZtBYI_XhuTNv-AH-hEP5XgAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-11 14:49:51
(4 weeks ago)
(mod_security) mod_security (id:234930) triggered by 2001:67c:6ec:203:192:42:116:216 (19.tor-exit.no ... show more (mod_security) mod_security (id:234930) triggered by 2001:67c:6ec:203:192:42:116:216 (19.tor-exit.nothingtohide.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 11 10:49:43.044478 2024] [security2:error] [pid 10598:tid 10598] [client 2001:67c:6ec:203:192:42:116:216:57828] [client 2001:67c:6ec:203:192:42:116:216] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.mavikalem.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.mavikalem.org"] [uri "/en/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZrjPh9J37dX52wcvUk0IkwAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
VHosting
2024-08-10 22:43:53
(4 weeks ago)
Attempt from 2001:67c:6ec:203:192:42:116:216, reason: FailedCaptchaVerify
DDoS Attack
Bad Web Bot
stinpriza
2024-08-10 13:36:10
(4 weeks ago)
Drupal Authentication failure
Brute-Force
Web App Attack
TPI-Abuse
2024-08-09 03:59:30
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 2001:67c:6ec:203:192:42:116:216 (19.tor-exit.no ... show more (mod_security) mod_security (id:225170) triggered by 2001:67c:6ec:203:192:42:116:216 (19.tor-exit.nothingtohide.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 23:59:22.116002 2024] [security2:error] [pid 33039:tid 33039] [client 2001:67c:6ec:203:192:42:116:216:56399] [client 2001:67c:6ec:203:192:42:116:216] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||meganmurph.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "meganmurph.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZrWUGiMstgrcN6fWYYCn_gAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
cmbplf
2024-08-09 02:23:36
(1 month ago)
505 requests to */xmlrpc.php
Brute-Force
Bad Web Bot
TPI-Abuse
2024-08-06 06:26:05
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2001:67c:6ec:203:192:42:116:216 (19.tor-exit.no ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:6ec:203:192:42:116:216 (19.tor-exit.nothingtohide.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 06 02:25:58.815861 2024] [security2:error] [pid 28419:tid 28419] [client 2001:67c:6ec:203:192:42:116:216:37166] [client 2001:67c:6ec:203:192:42:116:216] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.professionalpartyplanner.org"] [uri "/.git/config"] [unique_id "ZrHB9lEntDbZHrBkXWcW0gAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-06 01:29:33
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2001:67c:6ec:203:192:42:116:216 (19.tor-exit.no ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:6ec:203:192:42:116:216 (19.tor-exit.nothingtohide.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 05 21:29:28.643577 2024] [security2:error] [pid 25857:tid 25857] [client 2001:67c:6ec:203:192:42:116:216:51779] [client 2001:67c:6ec:203:192:42:116:216] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.arteseros.com"] [uri "/.git/config"] [unique_id "ZrF8eEaXjMwuTDQU3VbetwAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-06 01:04:24
(1 month ago)
(mod_security) mod_security (id:240000) triggered by 2001:67c:6ec:203:192:42:116:216 (19.tor-exit.no ... show more (mod_security) mod_security (id:240000) triggered by 2001:67c:6ec:203:192:42:116:216 (19.tor-exit.nothingtohide.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 05 21:04:20.216252 2024] [security2:error] [pid 28256:tid 28256] [client 2001:67c:6ec:203:192:42:116:216:55847] [client 2001:67c:6ec:203:192:42:116:216] ModSecurity: Access denied with code 403 (phase 2). String match ".php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/24_Apps_Joomla.conf"] [line "74"] [id "240000"] [rev "1"] [msg "COMODO WAF: Protecting Joomla folder||stonehillpolicies.myomni.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Joomla"] [hostname "stonehillpolicies.myomni.us"] [uri "/portal/images/stories/evil.php"] [unique_id "ZrF2lFBw2T7obApQzEkyVAAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
OiledAmoeba
2024-08-05 16:04:49
(1 month ago)
2001:67c:6ec:203:192:42:116:216 - - [05/Aug/2024:18:04:40 +0200] "www.ruhnke.cloud" "POST //xmlrpc.p ... show more 2001:67c:6ec:203:192:42:116:216 - - [05/Aug/2024:18:04:40 +0200] "www.ruhnke.cloud" "POST //xmlrpc.php HTTP/1.1" 200 258 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "-" 1.167 "-"
2001:67c:6ec:203:192:42:116:216 - - [05/Aug/2024:18:04:42 +0200] "www.ruhnke.cloud" "POST //xmlrpc.php HTTP/1.1" 200 256 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "-" 0.595 "-"
2001:67c:6ec:203:192:42:116:216 - - [05/Aug/2024:18:04:43 +0200] "www.ruhnke.cloud" "POST //xmlrpc.php HTTP/1.1" 200 291 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "-" 0.583 "-"
2001:67c:6ec:203:192:42:116:216 - - [05/Aug/2024:18:04:43 +0200] "www.ruhnke.cloud" "POST //xmlrpc.php HTTP/1.1" 403 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36" "
... show less
Brute-Force
stinpriza
2024-08-05 15:59:34
(1 month ago)
Drupal Authentication failure
Brute-Force
Web App Attack
TPI-Abuse
2024-07-30 09:37:14
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2001:67c:6ec:203:192:42:116:216 (19.tor-exit.no ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:6ec:203:192:42:116:216 (19.tor-exit.nothingtohide.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 30 05:37:10.609627 2024] [security2:error] [pid 15672:tid 15672] [client 2001:67c:6ec:203:192:42:116:216:38230] [client 2001:67c:6ec:203:192:42:116:216] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.noreservationslocations.com"] [uri "/.git/config"] [unique_id "Zqi0RlOQfeO7cSwQmSR2RAAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-30 07:35:17
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2001:67c:6ec:203:192:42:116:216 (19.tor-exit.no ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:6ec:203:192:42:116:216 (19.tor-exit.nothingtohide.nl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 30 03:35:13.436682 2024] [security2:error] [pid 3816:tid 3816] [client 2001:67c:6ec:203:192:42:116:216:54804] [client 2001:67c:6ec:203:192:42:116:216] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.nifeconsult.com"] [uri "/.git/config"] [unique_id "ZqiXsXQWMA81d7JGSdlypwAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack