nyuuzyou
2024-11-25 14:36:30
(2 weeks ago)
Intensive scraping: /web?s=%D8%A7%DB%8C%D9%86%D8%AA%D8%B1%D9%86%D8%AA%DB%8C&country=fa-fa&scraper=br ... show more Intensive scraping: /web?s=%D8%A7%DB%8C%D9%86%D8%AA%D8%B1%D9%86%D8%AA%DB%8C&country=fa-fa&scraper=brave. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.4 Safari/605.1.15. show less
Bad Web Bot
TPI-Abuse
2024-11-02 20:46:49
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 02 16:46:43.707502 2024] [security2:error] [pid 5943:tid 5943] [client 212.30.37.165:4813] [client 212.30.37.165] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||barnesandbrower.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "barnesandbrower.com"] [uri "/restore/backup.sql"] [unique_id "ZyaPs8sG7LrTVmW56l2t4gAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-28 21:25:14
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 212.30.37.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.30.37.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 28 17:25:07.266267 2024] [security2:error] [pid 10209:tid 10209] [client 212.30.37.165:11571] [client 212.30.37.165] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "boat-accessories.net"] [uri "/restore/sftp-config.json"] [unique_id "ZyABM0Z-8Q6LyjPLahde6gAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
MSZ
2024-10-28 21:16:26
(1 month ago)
Blocked by Fail2Ban (plesk-modsecurity)
Hacking
Brute-Force
Web App Attack
Thaliruth
2024-10-25 06:09:04
(1 month ago)
212.30.37.165 - - [25/Oct/2024:08:09:00 +0200] "HEAD /restore/public_html.gz HTTP/1.1" 301 0 "-" "-" ... show more 212.30.37.165 - - [25/Oct/2024:08:09:00 +0200] "HEAD /restore/public_html.gz HTTP/1.1" 301 0 "-" "-"
reiter-von-rohan.com:443 212.30.37.165 - - [25/Oct/2024:08:09:03 +0200] "HEAD /restore/backup.rar HTTP/1.0" 404 930 "-" "-"
212.30.37.165 - - [25/Oct/2024:08:09:03 +0200] "HEAD /restore/backup.rar HTTP/1.0" 404 930 "-" "-"
... show less
Hacking
Web App Attack
TPI-Abuse
2024-10-08 02:51:29
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 07 22:51:22.075595 2024] [security2:error] [pid 5052:tid 5052] [client 212.30.37.165:36361] [client 212.30.37.165] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||crypto-stamps.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "crypto-stamps.com"] [uri "/backup/backup.sql"] [unique_id "ZwSeKg_GOMeYVaofmNqpZgAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-04 16:47:12
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 212.30.37.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.30.37.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 04 12:46:54.999098 2024] [security2:error] [pid 12179:tid 12179] [client 212.30.37.165:9171] [client 212.30.37.165] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.celltechs.net"] [uri "/ProductPage.asp"] [unique_id "ZtiO_sQH4x7ipYcAjdO2QAAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-18 14:06:29
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 212.30.37.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.30.37.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 18 10:06:11.307943 2024] [security2:error] [pid 7251:tid 7251] [client 212.30.37.165:19747] [client 212.30.37.165] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thegoldentether.com"] [uri "/bak/sftp-config.json"] [unique_id "ZsH_0yBOm4V5DHkjzZMzjQAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-28 21:19:38
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 28 17:19:22.670814 2024] [security2:error] [pid 10336:tid 10336] [client 212.30.37.165:13631] [client 212.30.37.165] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||equine-essence.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "equine-essence.com"] [uri "/backup/wallet.dat"] [unique_id "Zqa12rgjyGy_QRljK7to6gAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
10dencehispahard SL
2024-07-21 22:00:52
(4 months ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
TPI-Abuse
2024-07-21 21:46:25
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 21 17:46:10.834474 2024] [security2:error] [pid 18983:tid 18983] [client 212.30.37.165:65359] [client 212.30.37.165] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mapleleaf-marketing.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mapleleaf-marketing.com"] [uri "/old/www.sql"] [unique_id "Zp2BoqD0Oi2J1vzPpXVEggAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-07-21 03:35:33
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 212.30.37.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.30.37.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 20 23:35:19.469210 2024] [security2:error] [pid 19841:tid 19841] [client 212.30.37.165:27603] [client 212.30.37.165] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "teenybikinigirls.com"] [uri "/sftp-config.json"] [unique_id "ZpyB9-4DHTeYvTDdKPqJeQAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
Linuxmalwarehuntingnl
2024-07-03 07:07:41
(5 months ago)
Unauthorized connection attempt
Brute-Force
TPI-Abuse
2024-06-20 21:01:51
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 212.30.37.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.30.37.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 20 17:01:35.541344 2024] [security2:error] [pid 13667] [client 212.30.37.165:18973] [client 212.30.37.165] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cvgandhes.investments"] [uri "/.env"] [unique_id "ZnSYr8pkYFWBWovcDtp94QAAACk"] show less
Brute-Force
Brute-Force
Bad Web Bot
Bad Web Bot
Web App Attack
Web App Attack
TPI-Abuse
2024-06-17 23:02:07
(5 months ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.165 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 17 19:01:49.126692 2024] [security2:error] [pid 2698608] [client 212.30.37.165:42969] [client 212.30.37.165] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||otrantocapital.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "otrantocapital.com"] [uri "/site_name_com.sql"] [unique_id "ZnDAXRr05GTG4upCkQs63gAAAAU"] show less
Brute-Force
Brute-Force
Bad Web Bot
Bad Web Bot
Web App Attack
Web App Attack