TPI-Abuse
2024-10-30 02:45:25
(6 days ago)
(mod_security) mod_security (id:210730) triggered by 212.30.33.148 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.33.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 29 22:45:21.080596 2024] [security2:error] [pid 13196:tid 13196] [client 212.30.33.148:1763] [client 212.30.33.148] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mjkhan.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mjkhan.com"] [uri "/backups/dump.sql"] [unique_id "ZyGdwfPMBa-tQffc_G0DEgAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-29 01:50:38
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 212.30.33.148 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.33.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 28 21:50:32.273935 2024] [security2:error] [pid 25861:tid 25861] [client 212.30.33.148:8939] [client 212.30.33.148] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||oliverhardy.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "oliverhardy.com"] [uri "/backup/sql.sql"] [unique_id "ZyA_aAxs4cwlcc36pMzz_gAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-26 05:53:24
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 212.30.33.148 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.33.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 26 01:53:19.572789 2024] [security2:error] [pid 1175:tid 1175] [client 212.30.33.148:1935] [client 212.30.33.148] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||bitcointradingsquare.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bitcointradingsquare.com"] [uri "/back/backup.sql"] [unique_id "ZxyDz1SVYw5M57qXRBfcPgAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-24 14:06:02
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 212.30.33.148 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.33.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 24 10:05:55.992017 2024] [security2:error] [pid 8126:tid 8126] [client 212.30.33.148:7367] [client 212.30.33.148] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||linnardfinancial.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "linnardfinancial.com"] [uri "/restore/backup.sql"] [unique_id "ZxpUQ5wgFF_5iUdbAxO3gAAAABg"] show less
Brute-Force
Bad Web Bot
Web App Attack
thetomtaylor.co.uk
2024-10-21 14:49:04
(2 weeks ago)
Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer
... [wa01]
Bad Web Bot
Web App Attack
Anonymous
2024-10-09 09:50:38
(3 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_MODSEC
Brute-Force
SSH
Anonymous
2024-09-09 11:40:20
(1 month ago)
| Multiple SQL injection attempts from same source ip.(multiple servers)
Hacking
SQL Injection
Web App Attack
TPI-Abuse
2024-09-06 22:25:58
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 212.30.33.148 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.30.33.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 06 18:25:01.655290 2024] [security2:error] [pid 16046:tid 16046] [client 212.30.33.148:42301] [client 212.30.33.148] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thegoldentether.com"] [uri "/platform/.env"] [unique_id "ZtuBPa-ZvsXWgwZxVikjpgAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TheMadBeaker
2024-09-06 21:18:00
(1 month ago)
Fail2Ban Ban Triggered
HTTP Exploit Attempt
Brute-Force
Web App Attack
Jim Keir
2024-09-06 21:14:46
(1 month ago)
2024-09-06 21:14:44 212.30.33.148 File scanning, blocking 212.30.33.148 for 5 minutes
Web App Attack
TPI-Abuse
2024-09-06 21:11:56
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 212.30.33.148 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.30.33.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 06 17:10:56.254040 2024] [security2:error] [pid 1296:tid 1296] [client 212.30.33.148:17489] [client 212.30.33.148] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.powerkiteforum.com"] [uri "/platform/.env"] [unique_id "Zttv4IUy00Tt9S16wlyHYgAAABQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
Sklurk
2024-09-04 08:27:13
(2 months ago)
Web App Attack
Web App Attack
Anonymous
2024-08-02 07:35:49
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-07-31 04:00:46
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-07-29 07:07:11
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH