MAGIC
2024-08-29 14:00:42
(1 week ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TPI-Abuse
2024-08-12 12:35:35
(4 weeks ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.127 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 12 08:35:23.867505 2024] [security2:error] [pid 8480:tid 8480] [client 212.30.37.127:9285] [client 212.30.37.127] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.mindtoken.app|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.mindtoken.app"] [uri "/back/www.sql"] [unique_id "ZroBi6mDBNznVuZ67lAr5gAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-03 10:25:58
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 212.30.37.127 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.30.37.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 03 06:25:43.119867 2024] [security2:error] [pid 823:tid 823] [client 212.30.37.127:35509] [client 212.30.37.127] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jfexpressfr8.com"] [uri "/bak/sftp-config.json"] [unique_id "Zq4Fp1s0Vfb6FWNSu5OjVAAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-30 07:19:41
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.127 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 30 03:19:23.076357 2024] [security2:error] [pid 25346:tid 25346] [client 212.30.37.127:6107] [client 212.30.37.127] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||gcigmbh.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gcigmbh.com"] [uri "/backup/sql.sql"] [unique_id "ZqiT-x5uzmE6c8S4GsF1CgAAABQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
10dencehispahard SL
2024-07-21 06:03:11
(1 month ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
Linuxmalwarehuntingnl
2024-07-03 07:07:41
(2 months ago)
Unauthorized connection attempt
Brute-Force
TPI-Abuse
2024-06-19 16:54:11
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.127 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 19 12:53:53.963236 2024] [security2:error] [pid 24167] [client 212.30.37.127:40741] [client 212.30.37.127] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||csgohub.gg|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "csgohub.gg"] [uri "/restore/wallet.dat"] [unique_id "ZnMNIYbacvjjV2wC5HCaTQAAAAg"] show less
Brute-Force
Brute-Force
Bad Web Bot
Bad Web Bot
Web App Attack
Web App Attack
TPI-Abuse
2024-06-16 14:54:20
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 212.30.37.127 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.30.37.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 16 10:54:06.842568 2024] [security2:error] [pid 27022] [client 212.30.37.127:10101] [client 212.30.37.127] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.nationalenq.com"] [uri "/old/sftp-config.json"] [unique_id "Zm78jm3M-WM_v2c75nABjAAAAAs"] show less
Brute-Force
Brute-Force
Bad Web Bot
Bad Web Bot
Web App Attack
Web App Attack
10dencehispahard SL
2024-06-13 16:04:55
(2 months ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
TPI-Abuse
2024-06-03 15:18:48
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 212.30.37.127 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.30.37.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 03 11:18:32.229863 2024] [security2:error] [pid 1675964] [client 212.30.37.127:46683] [client 212.30.37.127] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "prostar.industries"] [uri "/backups/sftp-config.json"] [unique_id "Zl3eyCPfvO92LhTyML0WhgAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
hbrks
2024-05-24 01:10:14
(3 months ago)
HEAD http://p4u.xyz/restore/public_html.rar * statusCode: 503 *
Web Spam
Hacking
Bad Web Bot
TPI-Abuse
2024-05-21 01:21:31
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.127 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.127 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 20 21:21:24.716362 2024] [security2:error] [pid 14447] [client 212.30.37.127:2139] [client 212.30.37.127] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ciptaconindotara.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ciptaconindotara.com"] [uri "/backup/dump.sql"] [unique_id "Zkv3FMGTnY175KzYR6ryiQAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
DumaNet
2024-04-30 04:02:00
(4 months ago)
WordPress plugin attack attempts.
Date: 2024 Apr 29. 12:21:18
Source IP: 212.30.37.127 ... show more WordPress plugin attack attempts.
Date: 2024 Apr 29. 12:21:18
Source IP: 212.30.37.127
Portion of the log(s):
212.30.37.127 - - [29/Apr/2024:12:21:15 +0200] "GET /wp-content/themes/twentytwenty/404.php HTTP/1.1" 500 5 "http://[removed].org/wp-content/themes/twentytwenty/404.php" "Go-http-client/2.0" show less
Web App Attack
paulshipley.com.au
2024-04-29 16:42:17
(4 months ago)
dance4fitness.com.au:443 212.30.37.127 - - [30/Apr/2024:02:41:51 +1000] "GET /404.php/wp-admin/image ... show more dance4fitness.com.au:443 212.30.37.127 - - [30/Apr/2024:02:41:51 +1000] "GET /404.php/wp-admin/images/Mhbgf.php HTTP/1.1" 404 60856 "http://dance4fitness.com.au/404.php/wp-admin/images/Mhbgf.php" "Go-http-client/1.1"
dance4fitness.com.au:443 212.30.37.127 - - [30/Apr/2024:02:41:54 +1000] "GET /wp-admin/css/colors/coffee/wp-admin/images/Mhbgf.php HTTP/1.1" 404 57163 "https://dance4fitness.com.au/wp-admin/css/colors/coffee/index.php/wp-admin/images/Mhbgf.php" "Go-http-client/1.1"
dance4fitness.com.au:443 212.30.37.127 - - [30/Apr/2024:02:41:56 +1000] "GET /wso112233.php HTTP/1.1" 404 57057 "http://dance4fitness.com.au/wso112233.php" "Go-http-client/1.1"
dance4fitness.com.au:443 212.30.37.127 - - [30/Apr/2024:02:41:59 +1000] "GET /.well-known/plugins.php HTTP/1.1" 404 57090 "http://dance4fitness.com.au/.well-known/plugins.php" "Go-http-client/1.1"
dance4fitness.com.au:443 212.30.37.127 - - [30/Apr/2024:02:42:01 +1000] "GET /css/st.php HTTP/1.1" 404 57058 "http://dance4fitness.com.au/css/s
... show less
Web App Attack
10dencehispahard SL
2024-04-29 15:00:47
(4 months ago)
Unauthorized login attempts [ accesslogs]
Brute-Force