TPI-Abuse
2025-01-14 07:39:58
(4 days ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.43 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 14 02:39:51.753562 2025] [security2:error] [pid 2368:tid 2368] [client 212.30.37.43:10993] [client 212.30.37.43] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||powderriverinc.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "powderriverinc.com"] [uri "/backups/backup.sql"] [unique_id "Z4YUx0nUZuRab90dnts7kwAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-01-14 07:18:21
(4 days ago)
(mod_security) mod_security (id:210492) triggered by 212.30.37.43 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 212.30.37.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 14 02:18:16.050576 2025] [security2:error] [pid 2909784:tid 2909784] [client 212.30.37.43:20593] [client 212.30.37.43] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kim-porter.com"] [uri "/bak/sftp-config.json"] [unique_id "Z4YPuNVIBH2ZXZIoEV_9qQAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-01-10 21:17:58
(1 week ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
MAGIC
2024-12-30 18:06:26
(2 weeks ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
nyuuzyou
2024-12-14 01:42:35
(1 month ago)
Intensive scraping: /web?s=%22Salt%20Lake%20City%20tooth%20cavity%20filling%22&country=fj-fj&scraper ... show more Intensive scraping: /web?s=%22Salt%20Lake%20City%20tooth%20cavity%20filling%22&country=fj-fj&scraper=yandex. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 YaBrowser/22.7.0 Yowser/2.5 Safari/537.36. show less
Bad Web Bot
TPI-Abuse
2024-12-13 13:40:43
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.43 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 13 08:40:36.695686 2024] [security2:error] [pid 644310:tid 644310] [client 212.30.37.43:34191] [client 212.30.37.43] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mapleleaf-marketing.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mapleleaf-marketing.com"] [uri "/backups/backup.sql"] [unique_id "Z1w5VEOIXo26Lvv_RJguMwAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-12-04 20:08:53
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
wil.com
2024-12-04 12:15:00
(1 month ago)
GlobalProtect login attempts with user jchandler.
VPN IP
Brute-Force
nyuuzyou
2024-11-25 16:02:10
(1 month ago)
Intensive scraping: /web?s=%D8%B3%D8%A7%DB%8C%D8%AA&scraper=mojeek. User-Agent: Mozilla/5.0 (Macinto ... show more Intensive scraping: /web?s=%D8%B3%D8%A7%DB%8C%D8%AA&scraper=mojeek. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36. show less
Bad Web Bot
nyuuzyou
2024-11-11 05:41:09
(2 months ago)
Intensive scraping: /web?s=Top%20commercial%20real%20estate%20firms%20in%20California&country=gd-gd& ... show more Intensive scraping: /web?s=Top%20commercial%20real%20estate%20firms%20in%20California&country=gd-gd&scraper=mwmbl. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Vivaldi/5.3.2679.68. show less
Bad Web Bot
TPI-Abuse
2024-10-24 09:17:42
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.43 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 24 05:17:35.321019 2024] [security2:error] [pid 10068:tid 10068] [client 212.30.37.43:14811] [client 212.30.37.43] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||bitcoincasting.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bitcoincasting.com"] [uri "/restore/wallet.dat"] [unique_id "ZxoQryD_qoYwxeKswmnQFQAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-20 16:24:52
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.43 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 20 12:24:46.570733 2024] [security2:error] [pid 10946:tid 10946] [client 212.30.37.43:1179] [client 212.30.37.43] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||isitel.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "isitel.com"] [uri "/sql.sql"] [unique_id "ZxUuzgg6s5bLKcoqkCi7ZwAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-19 18:55:18
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.43 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 19 14:55:12.695783 2024] [security2:error] [pid 23264:tid 23264] [client 212.30.37.43:49883] [client 212.30.37.43] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||olimpiacerda.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "olimpiacerda.com"] [uri "/old/mysql.sql"] [unique_id "ZxQAkJBu0zCCHlMRkxCQHQAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-18 18:33:27
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.43 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 212.30.37.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 18 14:33:19.207177 2024] [security2:error] [pid 1594125:tid 1594125] [client 212.30.37.43:41417] [client 212.30.37.43] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ourhotmail.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ourhotmail.com"] [uri "/restore/www.sql"] [unique_id "ZxKp74E8i3XB18zDEQvC6gAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-10-03 10:48:10
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH