TPI-Abuse
2024-12-01 06:52:44
(14 hours ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.153 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 01 01:52:37.808286 2024] [security2:error] [pid 24585:tid 24585] [client 212.30.37.153:17351] [client 212.30.37.153] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.dudleyanddudley.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.dudleyanddudley.com"] [uri "/restore/mysql.sql"] [unique_id "Z0wHta94GcQZ4vGwkcpf2gAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-01 06:19:30
(15 hours ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.153 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 01 01:19:23.431326 2024] [security2:error] [pid 802362:tid 802362] [client 212.30.37.153:19783] [client 212.30.37.153] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||fxztrader.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "fxztrader.com"] [uri "/backup/backup.sql"] [unique_id "Z0v_66U6UD1sfcmp4dr7sQAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
nyuuzyou
2024-11-25 15:31:23
(6 days ago)
Intensive scraping: /web?s=%D8%B3%D8%A7%DB%8C%D8%AA&scraper=yep. User-Agent: Mozilla/5.0 (Macintosh; ... show more Intensive scraping: /web?s=%D8%B3%D8%A7%DB%8C%D8%AA&scraper=yep. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36. show less
Bad Web Bot
diego
2024-11-10 22:56:11
(2 weeks ago)
Events: TCP SYN Discovery or Flooding, Seen 3 times in the last 10800 seconds
DDoS Attack
Anonymous
2024-11-10 02:32:29
(3 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-11-02 20:46:50
(4 weeks ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.153 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 02 16:46:44.139848 2024] [security2:error] [pid 4434:tid 4434] [client 212.30.37.153:4751] [client 212.30.37.153] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||barnesandbrower.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "barnesandbrower.com"] [uri "/bak/dump.sql"] [unique_id "ZyaPtEQidWpwWDbgXqp3xwAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-10-26 09:48:47
(1 month ago)
Ports: 25,110,143,993,995; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-10-21 01:43:03
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 212.30.37.153 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.30.37.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 20 21:42:57.072557 2024] [security2:error] [pid 18823:tid 18823] [client 212.30.37.153:23787] [client 212.30.37.153] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "otrantocapital.com"] [uri "/restore/sftp-config.json"] [unique_id "ZxWxofDNIUsc4GhwIDhVsAAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-08 02:41:03
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.153 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 07 22:40:56.561481 2024] [security2:error] [pid 12111:tid 12111] [client 212.30.37.153:51823] [client 212.30.37.153] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||bitcoincasting.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bitcoincasting.com"] [uri "/bak/mysql.sql"] [unique_id "ZwSbuFPwj_hAY_ERHkNrpwAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-27 23:12:45
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.153 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 27 19:12:40.732926 2024] [security2:error] [pid 13023:tid 13023] [client 212.30.37.153:44573] [client 212.30.37.153] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||qcryptocoin.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "qcryptocoin.com"] [uri "/backup/sql.sql"] [unique_id "Zvc76BrvWfeAJsQGjPHKswAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-09-25 21:05:16
(2 months ago)
Account archive download attempts
Hacking
Brute-Force
TPI-Abuse
2024-09-24 23:36:27
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.153 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 24 19:36:21.247386 2024] [security2:error] [pid 14253:tid 14253] [client 212.30.37.153:63457] [client 212.30.37.153] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||brazilianbikinis.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "brazilianbikinis.com"] [uri "/backups/backup.sql"] [unique_id "ZvNM9bToXR2-tTWvb-G47wAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
lp
2024-09-06 17:01:10
(2 months ago)
Email account brute force: 4 attempts were recorded from 212.30.37.153
2024-09-06T17:39:49+02: ... show more Email account brute force: 4 attempts were recorded from 212.30.37.153
2024-09-06T17:39:49+02:00 warning: unknown[212.30.37.153]: SASL LOGIN authentication failed: authentication failure, [email protected]
2024-09-06T17:39:54+02:00 warning: unknown[212.30.37.153]: SASL LOGIN authentication failed: authentication failure, [email protected]
2024-09-06T17:40:00+02:00 warning: unknown[212.30.37.153]: SASL LOGIN authentication failed: authentication failure, [email protected]
2024-09-06T17:40:04+02:00 warning: unknown[212.30.37.153]: SASL LOGIN authentication failed: authentication failure, [email protected] show less
Brute-Force
Anonymous
2024-07-27 19:25:16
(4 months ago)
Small botnet with 400-1000 ip addresses calling HEAD / for no reason
Bad Web Bot
Linuxmalwarehuntingnl
2024-07-03 07:07:41
(4 months ago)
Unauthorized connection attempt
Brute-Force