TPI-Abuse
2024-09-10 04:37:09
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 10 00:37:02.006428 2024] [security2:error] [pid 13519:tid 13519] [client 2001:910:1400:107::2:39602] [client 2001:910:1400:107::2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.solasdecals.com"] [uri "/.git/config"] [unique_id "Zt_M7kozIxN1XcouGy19vwAAABk"] show less
Brute-Force
Bad Web Bot
Web App Attack
Kinsei Engineering Inc.
2024-08-29 08:15:13
(2 weeks ago)
UFW:High-frequency access to non-released ports used by software with known vulnerabilities.
Port Scan
TPI-Abuse
2024-08-22 00:06:03
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 21 20:05:56.507878 2024] [security2:error] [pid 5015:tid 5015] [client 2001:910:1400:107::2:52048] [client 2001:910:1400:107::2] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||usaangelinvestors.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "usaangelinvestors.com"] [uri "/investors.sql"] [unique_id "ZsaA5BFcF3hyGEgrYSM8IwAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-17 21:39:23
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 17 17:39:15.709194 2024] [security2:error] [pid 529:tid 529] [client 2001:910:1400:107::2:41460] [client 2001:910:1400:107::2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.epicureankids.com"] [uri "/.git/config"] [unique_id "ZsEYgxQOGxgwfgAolPcImwAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
maxxsense
2024-08-11 12:53:39
(1 month ago)
*Port Scan* detected from 2001:910:1400:107::2 (FR/France/-).
Port Scan
cmbplf
2024-08-10 22:29:26
(1 month ago)
526 requests to */xmlrpc.php
Brute-Force
Bad Web Bot
TPI-Abuse
2024-07-29 22:31:31
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 29 18:31:22.385906 2024] [security2:error] [pid 6390:tid 6390] [client 2001:910:1400:107::2:46896] [client 2001:910:1400:107::2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.samanthasomers.com"] [uri "/.git/config"] [unique_id "ZqgYOsMFIjw0N3pflWicPAAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-28 17:48:17
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 28 13:48:09.453843 2024] [security2:error] [pid 5575:tid 5575] [client 2001:910:1400:107::2:36962] [client 2001:910:1400:107::2] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||transcapitalsolutions.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "transcapitalsolutions.com"] [uri "/transc.sql"] [unique_id "ZqaEWadhu7qAhJJltIqvqQAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-22 21:40:53
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 22 17:40:46.034656 2024] [security2:error] [pid 1354847:tid 1354847] [client 2001:910:1400:107::2:59608] [client 2001:910:1400:107::2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.georgegourmet.com"] [uri "/wp-config.php~"] [unique_id "Zp7R3i6u0YIRcObUEGRG2AAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-22 17:12:08
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 22 13:12:01.982873 2024] [security2:error] [pid 929522:tid 929522] [client 2001:910:1400:107::2:41284] [client 2001:910:1400:107::2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.karendraughon.com"] [uri "/.git/config"] [unique_id "Zp6S4UMoltuj2fPf9H6ihgAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-22 15:49:53
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 22 11:49:49.256256 2024] [security2:error] [pid 24878:tid 24878] [client 2001:910:1400:107::2:59584] [client 2001:910:1400:107::2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.rothmanproperties.com"] [uri "/.git/config"] [unique_id "Zp5_nYCgeKez_w89YQNqUgAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
mawan
2024-07-18 07:35:56
(1 month ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
TPI-Abuse
2024-07-14 02:29:45
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 13 22:29:39.931152 2024] [security2:error] [pid 12687] [client 2001:910:1400:107::2:60130] [client 2001:910:1400:107::2] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||marjosse.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "marjosse.com"] [uri "/backup-2023.sql"] [unique_id "ZpM4Ez5PLObEW7CkQDhabwAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-11 10:39:34
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 11 06:39:28.823539 2024] [security2:error] [pid 17890] [client 2001:910:1400:107::2:60130] [client 2001:910:1400:107::2] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||timbertoysbt.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "timbertoysbt.com"] [uri "/daily.sql"] [unique_id "Zo-2YI100dypX46dgh1JkgAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-09 21:06:13
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2001:910:1400:107::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 09 17:06:07.821231 2024] [security2:error] [pid 32560:tid 46999318054656] [client 2001:910:1400:107::2:38200] [client 2001:910:1400:107::2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.aarongreenvo.com"] [uri "/.git/config"] [unique_id "Zo2mP7Y3aOpW8YDxP-5QNAAAAEc"] show less
Brute-Force
Bad Web Bot
Web App Attack