TPI-Abuse
2024-09-28 00:08:17
(5 days ago)
(mod_security) mod_security (id:210730) triggered by 212.30.33.4 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 212.30.33.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 27 20:08:11.902228 2024] [security2:error] [pid 22816:tid 22816] [client 212.30.33.4:36413] [client 212.30.33.4] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||crypto-stamps.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "crypto-stamps.com"] [uri "/backups/wallet.dat"] [unique_id "ZvdI61g9itdDduFu2x0CkAAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-17 10:46:42
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 212.30.33.4 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 212.30.33.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 17 06:45:31.719622 2024] [security2:error] [pid 6417:tid 6417] [client 212.30.33.4:45709] [client 212.30.33.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.jwwsb.jaspercity.com"] [uri "/platform/.env"] [unique_id "ZuldyxZS-OljxuDW8L67SQAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack
Jim Keir
2024-09-17 10:17:30
(2 weeks ago)
2024-09-17 10:17:28 212.30.33.4 File scanning, blocking 212.30.33.4 for 5 minutes
Web App Attack
Information Security
2024-09-16 11:45:16
(2 weeks ago)
Web App Attack
Web App Attack
TPI-Abuse
2024-09-16 11:34:25
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 212.30.33.4 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 212.30.33.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 16 07:33:32.314543 2024] [security2:error] [pid 16853:tid 16853] [client 212.30.33.4:55275] [client 212.30.33.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "old.renju.net"] [uri "/platform/.env"] [unique_id "ZugXjPWAhMgKHPEYI6LH1gAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
backslash
2024-09-15 07:13:20
(2 weeks ago)
Bad Web Bot
soundboxxx.com
2024-09-15 02:06:00
(2 weeks ago)
ping 212.30.33.4 -t -l 10000
DDoS Attack
FTP Brute-Force
Ping of Death
Open Proxy
Port Scan
Hacking
SQL Injection
Brute-Force
Web App Attack
SSH
Aetherweb Ark
2024-09-15 00:31:42
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 212.30.33.4 (-): N in the last X secs
Web App Attack
Information Security
2024-09-15 00:29:52
(2 weeks ago)
Web App Attack
Web App Attack
TheMadBeaker
2024-09-14 23:30:46
(2 weeks ago)
Fail2Ban Ban Triggered
HTTP Exploit Attempt
Brute-Force
Web App Attack
cmbplf
2024-09-10 15:09:29
(3 weeks ago)
103 requests to *.env
Brute-Force
Bad Web Bot
TPI-Abuse
2024-09-10 15:09:12
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 212.30.33.4 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 212.30.33.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 10 11:08:34.137134 2024] [security2:error] [pid 29281:tid 29281] [client 212.30.33.4:27993] [client 212.30.33.4] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "elefen.org"] [uri "/platform/.env"] [unique_id "ZuBg8h9dz42S8gpP3mUslwAAABc"] show less
Brute-Force
Bad Web Bot
Web App Attack
Information Security
2024-09-10 14:47:04
(3 weeks ago)
Web App Attack
Web App Attack
TPI-Abuse
2024-09-10 14:23:59
(3 weeks ago)
(mod_security) mod_security (id:212290) triggered by 212.30.33.4 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:212290) triggered by 212.30.33.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 10 10:22:52.113176 2024] [security2:error] [pid 29672:tid 29672] [client 212.30.33.4:16293] [client 212.30.33.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(?:href|src|lowsrc|url)\\\\b\\\\W+?\\\\b(?:(?:vb|java)script|shell)(?::|&colon)" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "47"] [id "212290"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||www.stragar.com|F|2"] [data "Matched Data: href='javascript: found within REQUEST_URI: /index.php?prod=<a href='javascript:alert(\\x22xss\\x22)'>click me</a>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.stragar.com"] [uri "/index.php"] [unique_id "ZuBWPCCnCUrTX51FUg_8fQAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
Sklurk
2024-09-04 09:34:06
(4 weeks ago)
Web App Attack
Web App Attack