TPI-Abuse
2024-11-11 10:01:27
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a0b:4140:4f7e::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a0b:4140:4f7e::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 05:01:19.951462 2024] [security2:error] [pid 20608:tid 20608] [client 2a0b:4140:4f7e::2:42726] [client 2a0b:4140:4f7e::2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dudehotsauces.com"] [uri "/.env"] [unique_id "ZzHV74TzErFt2-0_R7JsVAAAABg"] show less
Brute-Force
Bad Web Bot
Web App Attack
VHosting
2024-11-11 09:44:22
(3 weeks ago)
Attempt from 2a0b:4140:4f7e::2, reason: FailedCaptchaVerify
DDoS Attack
Bad Web Bot
TPI-Abuse
2024-11-11 09:37:04
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 2a0b:4140:4f7e::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:225170) triggered by 2a0b:4140:4f7e::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 04:36:59.462448 2024] [security2:error] [pid 3459914:tid 3459914] [client 2a0b:4140:4f7e::2:52458] [client 2a0b:4140:4f7e::2] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.jellisonrepair.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.jellisonrepair.com"] [uri "/whats-for-sale/wp-json/wp/v2/users/1"] [unique_id "ZzHQO_yX73URIvfrFqWVZwAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-11 08:15:24
(3 weeks ago)
(mod_security) mod_security (id:234930) triggered by 2a0b:4140:4f7e::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:234930) triggered by 2a0b:4140:4f7e::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 03:15:17.501909 2024] [security2:error] [pid 271732:tid 271732] [client 2a0b:4140:4f7e::2:36918] [client 2a0b:4140:4f7e::2] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6787"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||jamesmsmall.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "jamesmsmall.com"] [uri "/blog/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZzG9Ffq-8ZjaLKiMt3G-DAAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
URAN Publishing Service
2024-11-11 06:11:40
(3 weeks ago)
2a0b:4140:4f7e::2 - - [11/Nov/2024:08:11:39 +0200] "GET /administrator/index.php HTTP/1.1" 404 278 " ... show more 2a0b:4140:4f7e::2 - - [11/Nov/2024:08:11:39 +0200] "GET /administrator/index.php HTTP/1.1" 404 278 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
... show less
Web App Attack
Anonymous
2024-11-10 22:40:04
(3 weeks ago)
| CMS (WordPress or Joomla) brute force attempt 10 times (rewritten)
Hacking
SQL Injection
Web App Attack
URAN Publishing Service
2024-11-10 22:04:03
(3 weeks ago)
2a0b:4140:4f7e::2 - - [11/Nov/2024:00:04:01 +0200] "GET /.env HTTP/1.1" 404 2866 "-" "Mozilla/5.0 (X ... show more 2a0b:4140:4f7e::2 - - [11/Nov/2024:00:04:01 +0200] "GET /.env HTTP/1.1" 404 2866 "-" "Mozilla/5.0 (X11; Ubuntu; 2932 ;Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0"
... show less
Web App Attack
TPI-Abuse
2024-11-10 18:10:57
(4 weeks ago)
(mod_security) mod_security (id:210580) triggered by 2a0b:4140:4f7e::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210580) triggered by 2a0b:4140:4f7e::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 13:10:52.808612 2024] [security2:error] [pid 7706:tid 7787] [client 2a0b:4140:4f7e::2:46808] [client 2a0b:4140:4f7e::2] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/configuration.php" at ARGS:f. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||ecothermtech.com|F|2"] [data "Matched Data: /configuration.php found within ARGS:f: ../../../configuration.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "ecothermtech.com"] [uri "/home/components/com_hdflvplayer/hdflvplayer/download.php"] [unique_id "ZzD3LPkZkYwbqYUZLrb58wAAAIs"] show less
Brute-Force
Bad Web Bot
Web App Attack
URAN Publishing Service
2024-11-10 17:57:29
(4 weeks ago)
2a0b:4140:4f7e::2 - - [10/Nov/2024:19:57:29 +0200] "GET /geofizicheskiy/.env HTTP/1.1" 404 2865 "-" ... show more 2a0b:4140:4f7e::2 - - [10/Nov/2024:19:57:29 +0200] "GET /geofizicheskiy/.env HTTP/1.1" 404 2865 "-" "Mozilla/5.0 (X11; Ubuntu; 1587 ;Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0"
... show less
Web App Attack
stinpriza
2024-11-10 17:55:13
(4 weeks ago)
Drupal Authentication failure
Brute-Force
Web App Attack
TPI-Abuse
2024-11-10 17:44:08
(4 weeks ago)
(mod_security) mod_security (id:210580) triggered by 2a0b:4140:4f7e::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210580) triggered by 2a0b:4140:4f7e::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 12:44:02.355751 2024] [security2:error] [pid 1731410:tid 1731410] [client 2a0b:4140:4f7e::2:58492] [client 2a0b:4140:4f7e::2] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/configuration.php" at ARGS:albumid. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||acmax.com|F|2"] [data "Matched Data: /configuration.php found within ARGS:albumid: ../../../configuration.php"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "acmax.com"] [uri "/home/index.php"] [unique_id "ZzDw4u9sHolmovEbKwID6gAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-10 17:06:46
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a0b:4140:4f7e::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a0b:4140:4f7e::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 12:06:40.914997 2024] [security2:error] [pid 2730:tid 2730] [client 2a0b:4140:4f7e::2:57120] [client 2a0b:4140:4f7e::2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.ideaofauniversity.website"] [uri "/MYzoomsounds/"] [unique_id "ZzDoIO17x8BgKH_U_2bvFgAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-10 15:18:27
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a0b:4140:4f7e::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a0b:4140:4f7e::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 10:18:20.408791 2024] [security2:error] [pid 7962:tid 7962] [client 2a0b:4140:4f7e::2:45356] [client 2a0b:4140:4f7e::2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sonarweapons.info"] [uri "/MYzoomsounds/"] [unique_id "ZzDOvFFBVKQx6cKO0mS3NAAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
URAN Publishing Service
2024-11-10 14:50:10
(4 weeks ago)
2a0b:4140:4f7e::2 - - [10/Nov/2024:16:50:09 +0200] "GET /administrator/index.php HTTP/1.1" 404 289 " ... show more 2a0b:4140:4f7e::2 - - [10/Nov/2024:16:50:09 +0200] "GET /administrator/index.php HTTP/1.1" 404 289 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
... show less
Web App Attack
TPI-Abuse
2024-11-10 13:44:55
(4 weeks ago)
(mod_security) mod_security (id:210492) triggered by 2a0b:4140:4f7e::2 (Unknown): 1 in the last 300 ... show more (mod_security) mod_security (id:210492) triggered by 2a0b:4140:4f7e::2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 08:44:48.229395 2024] [security2:error] [pid 31056:tid 31056] [client 2a0b:4140:4f7e::2:60042] [client 2a0b:4140:4f7e::2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "meganmurph.com"] [uri "/MYzoomsounds/"] [unique_id "ZzC40KqLIa2wefxRVuX07AAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack