TPI-Abuse
2024-10-05 23:21:43
(4 days ago)
(mod_security) mod_security (id:210492) triggered by 212.30.33.189 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.30.33.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 05 19:21:38.681617 2024] [security2:error] [pid 25944:tid 25944] [client 212.30.33.189:29937] [client 212.30.33.189] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mrepoch.art"] [uri "/backups/sftp-config.json"] [unique_id "ZwHKAgGHFMo3gebcyQtZ7gAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-05 05:12:33
(5 days ago)
(mod_security) mod_security (id:210730) triggered by 212.30.33.189 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.33.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 05 01:12:28.116074 2024] [security2:error] [pid 8535:tid 8535] [client 212.30.33.189:46353] [client 212.30.33.189] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||cryptoedge.net|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cryptoedge.net"] [uri "/bak/www.sql"] [unique_id "ZwDKvGGiBA4aUyBws5E0MwAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-17 10:47:00
(3 weeks ago)
(mod_security) mod_security (id:212200) triggered by 212.30.33.189 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:212200) triggered by 212.30.33.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 17 06:46:53.012789 2024] [security2:error] [pid 6416:tid 6416] [client 212.30.33.189:48959] [client 212.30.33.189] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<body\\\\b.{0,}?\\\\bonload\\\\b" at ARGS:id. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "38"] [id "212200"] [rev "2"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||www.jwwsb.jaspercity.com|F|2"] [data "Matched Data: <body onload found within ARGS:id: <body onload=alert('xss')>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.jwwsb.jaspercity.com"] [uri "/index.php"] [unique_id "ZuleHWTWKYf33XRTCuxDfAAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Information Security
2024-09-16 11:45:13
(3 weeks ago)
Web App Attack
Web App Attack
TPI-Abuse
2024-09-16 11:41:43
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 212.30.33.189 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.30.33.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 16 07:40:24.540551 2024] [security2:error] [pid 17109:tid 17109] [client 212.30.33.189:43715] [client 212.30.33.189] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.exposohomadrid.com"] [uri "/platform/.env"] [unique_id "ZugZKJs87CJ-YrmyjwOfFAAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
backslash
2024-09-15 07:11:01
(3 weeks ago)
Bad Web Bot
soundboxxx.com
2024-09-15 02:23:00
(3 weeks ago)
ping 212.30.33.189 -t -l 10000
DDoS Attack
FTP Brute-Force
Ping of Death
Open Proxy
Port Scan
Hacking
SQL Injection
Brute-Force
Web App Attack
SSH
Information Security
2024-09-15 00:33:35
(3 weeks ago)
Web App Attack
Web App Attack
Aetherweb Ark
2024-09-15 00:31:38
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 212.30.33.189 (-): N in the last X secs
Web App Attack
Anonymous
2024-09-15 00:00:58
(3 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-09-14 23:37:13
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 212.30.33.189 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.30.33.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 14 19:36:18.426168 2024] [security2:error] [pid 3089:tid 3089] [client 212.30.33.189:21399] [client 212.30.33.189] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "logosformacion.net"] [uri "/platform/.env"] [unique_id "ZuYd8h-tQLKI67cAPnhBvAAAACQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TheMadBeaker
2024-09-14 23:30:48
(3 weeks ago)
Fail2Ban Ban Triggered
HTTP Exploit Attempt
Brute-Force
Web App Attack
Anonymous
2024-09-11 17:34:02
(4 weeks ago)
Malicious activity detected
Hacking
Web App Attack
Information Security
2024-09-10 14:50:12
(1 month ago)
Web App Attack
Web App Attack
FeG Deutschland
2024-09-10 14:36:19
(1 month ago)
Looking for CMS/PHP/SQL vulnerablilities - 13
Exploited Host
Web App Attack