hbrks
2024-06-01 07:30:11
(6 months ago)
HEAD http://epay.world/old/backup.tar.gz
Web Spam
Hacking
Bad Web Bot
hbrks
2024-05-29 22:20:01
(6 months ago)
HEAD http://techtronicgambia.com/back/www.sql
Web Spam
Hacking
Bad Web Bot
10dencehispahard SL
2024-05-29 05:04:53
(6 months ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
TPI-Abuse
2024-05-25 11:32:55
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 217.138.202.61 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 217.138.202.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 25 07:32:50.253692 2024] [security2:error] [pid 333412] [client 217.138.202.61:6325] [client 217.138.202.61] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||prostar.industries|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "prostar.industries"] [uri "/backup/www.sql"] [unique_id "ZlHMYlc2s9_l1fbmL24DWQAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
hbrks
2024-05-24 01:01:24
(6 months ago)
4 attacks in the last 15 minutes, like this one: HEAD http://p4u.xyz/backup/public_html.rar * status ... show more 4 attacks in the last 15 minutes, like this one: HEAD http://p4u.xyz/backup/public_html.rar * statusCode: 503 * show less
Web Spam
Hacking
Bad Web Bot
Aetherweb Ark
2024-05-22 18:07:32
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 217.138.202.61 (BG/Bulgaria/-): N in the last X ... show more (mod_security) mod_security (id:210730) triggered by 217.138.202.61 (BG/Bulgaria/-): N in the last X secs show less
Web App Attack
hbrks
2024-05-21 01:57:36
(6 months ago)
7 attacks in the last 15 minutes, like this one: HEAD http://techtronicgambia.com/restore/bak.gz * s ... show more 7 attacks in the last 15 minutes, like this one: HEAD http://techtronicgambia.com/restore/bak.gz * statusCode: 503 * show less
Web Spam
Hacking
Bad Web Bot
TPI-Abuse
2024-05-21 01:37:07
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 217.138.202.61 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 217.138.202.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 20 21:37:01.296825 2024] [security2:error] [pid 26728] [client 217.138.202.61:43375] [client 217.138.202.61] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||bitcoinsubscribers.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bitcoinsubscribers.com"] [uri "/backup.sql"] [unique_id "Zkv6vffe_2fgy_qCiIJU5QAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-05-18 20:22:44
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 217.138.202.61 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 217.138.202.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 18 16:22:40.491329 2024] [security2:error] [pid 4931] [client 217.138.202.61:64583] [client 217.138.202.61] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||gcigmbh.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gcigmbh.com"] [uri "/backup.sql"] [unique_id "ZkkOEEeAWQNDeFTTD0yVmwAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-05-17 06:27:44
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 217.138.202.61 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 217.138.202.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 17 02:27:37.134084 2024] [security2:error] [pid 13522:tid 47029184169728] [client 217.138.202.61:42623] [client 217.138.202.61] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||dpscsde.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dpscsde.com"] [uri "/bak/wallet.dat"] [unique_id "Zkb42W5-A3kqTBadHR4g-QAAAIE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-05-17 05:37:10
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 217.138.202.61 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 217.138.202.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 17 01:37:05.945731 2024] [security2:error] [pid 32293] [client 217.138.202.61:59893] [client 217.138.202.61] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mapleleaf-marketing.com"] [uri "/bak/sftp-config.json"] [unique_id "ZkbtAaMDxIk2lW2WGisSxwAAABQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
Thaliruth
2024-05-13 13:53:26
(6 months ago)
217.138.202.61 - - [13/May/2024:15:53:23 +0200] "HEAD /restore/index.zip HTTP/1.1" 301 0 "-" "-"<br ... show more 217.138.202.61 - - [13/May/2024:15:53:23 +0200] "HEAD /restore/index.zip HTTP/1.1" 301 0 "-" "-"
217.138.202.61 - - [13/May/2024:15:53:24 +0200] "HEAD /backup/website.tar.gz HTTP/1.1" 301 0 "-" "-"
217.138.202.61 - - [13/May/2024:15:53:25 +0200] "HEAD /old/config.json HTTP/1.1" 301 0 "-" "-"
... show less
Hacking
Web App Attack
CryptoYakari
2024-05-12 01:51:19
(7 months ago)
217.138.202.61 - - [12/May/2024:04:51:12 +0300] "GET /old/backup.sql.zip HTTP/1.0" 404 29061 "-" "-" ... show more 217.138.202.61 - - [12/May/2024:04:51:12 +0300] "GET /old/backup.sql.zip HTTP/1.0" 404 29061 "-" "-"
217.138.202.61 - - [12/May/2024:04:51:14 +0300] "HEAD /restore/wallet.dat HTTP/1.0" 404 436 "-" "-"
217.138.202.61 - - [12/May/2024:04:51:15 +0300] "GET /backup.sql.gz HTTP/1.0" 404 29024 "-" "-"
217.138.202.61 - - [12/May/2024:04:51:16 +0300] "GET /backup.tar HTTP/1.0" 404 28995 "-" "-"
217.138.202.61 - - [12/May/2024:04:51:17 +0300] "GET /back/config.js HTTP/1.0" 404 592 "-" "-"
... show less
Web Spam
Blog Spam
Bad Web Bot
Web App Attack
Anonymous
2024-05-12 01:33:20
(7 months ago)
Ports: 20,21,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096, ... show more Ports: 20,21,25,53,80,110,143,443,465,587,993,995,2077,2078,2079,2080,2082,2083,2086,2087,2095,2096,3306,2195; Direction: 0; Trigger: LF_CUSTOMTRIGGER show less
Brute-Force
SSH
hbrks
2024-05-11 07:03:13
(7 months ago)
HEAD http://ncs.guru/backups/www.tar * statusCode: 503 *
Web Spam
Hacking
Bad Web Bot