TPI-Abuse
2024-08-17 07:26:16
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 ... show more (mod_security) mod_security (id:210730) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 17 03:26:10.790459 2024] [security2:error] [pid 896:tid 896] [client 31.220.75.237:33926] [client 31.220.75.237] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||lawrencehale.com|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lawrencehale.com"] [uri "/config.bak"] [unique_id "ZsBQkv38BHdjICbvFZBvEgAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-17 03:01:46
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 ... show more (mod_security) mod_security (id:210492) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 16 23:01:38.766638 2024] [security2:error] [pid 11305:tid 11305] [client 31.220.75.237:59022] [client 31.220.75.237] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.txt" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "amendment28.us"] [uri "/wp-config.txt"] [unique_id "ZsASkt-e5hJpuh7AAE5mGQAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
oncord
2024-08-16 16:13:01
(1 month ago)
Form spam
Web Spam
packets-decreaser.net
2024-08-16 15:24:37
(1 month ago)
Incoming Layer 7 Flood Detected
DDoS Attack
Web Spam
TPI-Abuse
2024-08-16 10:22:02
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 ... show more (mod_security) mod_security (id:210492) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 16 06:21:58.648391 2024] [security2:error] [pid 14189:tid 14189] [client 31.220.75.237:52690] [client 31.220.75.237] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fishleadership.org"] [uri "/wp-config.phptmp"] [unique_id "Zr8oRhaFU4qjBzPYVPHC7AAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-16 03:52:04
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 ... show more (mod_security) mod_security (id:210492) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 23:52:02.160898 2024] [security2:error] [pid 27931:tid 27931] [client 31.220.75.237:47190] [client 31.220.75.237] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.hazelwerner.com"] [uri "/.git/config"] [unique_id "Zr7M4o3pDI7rJEAEAV2XFAAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
NotCool
2024-08-15 09:38:46
(1 month ago)
(sshd) Failed SSH login from 31.220.75.237 (DE/Germany/vmi2055856.contaboserver.net): 10 in the last ... show more (sshd) Failed SSH login from 31.220.75.237 (DE/Germany/vmi2055856.contaboserver.net): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER show less
Brute-Force
TPI-Abuse
2024-08-15 08:58:16
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 ... show more (mod_security) mod_security (id:210492) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 04:58:11.052857 2024] [security2:error] [pid 20176:tid 20176] [client 31.220.75.237:56388] [client 31.220.75.237] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arrowheadornamentals.com"] [uri "/wp-config.phpbak"] [unique_id "Zr3DIxOXgbQZQQOC16AjNQAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-15 07:02:53
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 ... show more (mod_security) mod_security (id:210492) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 03:02:49.965953 2024] [security2:error] [pid 13941:tid 13941] [client 31.220.75.237:34506] [client 31.220.75.237] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "brianwhitty.com"] [uri "/wp-config.php-n"] [unique_id "Zr2oGYdhrmX5QEAcGsk6cgAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-15 00:25:02
(1 month ago)
Bot / scanning and/or hacking attempts: GET /wp-config.htm HTTP/1.1, GET /wp-config.html HTTP/1.1
Hacking
Web App Attack
TPI-Abuse
2024-08-14 15:16:08
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 ... show more (mod_security) mod_security (id:210492) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 14 11:16:04.249287 2024] [security2:error] [pid 11280:tid 11280] [client 31.220.75.237:60420] [client 31.220.75.237] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "epetsure.co"] [uri "/wp-config.phpc"] [unique_id "ZrzKNPIHHd3m5lWuBwRL7wAAABY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-14 11:55:19
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 ... show more (mod_security) mod_security (id:210492) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 14 07:55:11.424967 2024] [security2:error] [pid 4007012:tid 4007012] [client 31.220.75.237:47828] [client 31.220.75.237] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.butterflymornings.com"] [uri "/.git/config"] [unique_id "ZrybH3h3iGzoY_az_vj2gwAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-14 07:43:09
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 ... show more (mod_security) mod_security (id:210730) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 14 03:43:03.763906 2024] [security2:error] [pid 24527:tid 24527] [client 31.220.75.237:58646] [client 31.220.75.237] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||edmundtadros.com|F|2"] [data ".cfg"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "edmundtadros.com"] [uri "/wp-config.cfg"] [unique_id "ZrxgBxS8A_ScBOwFtXb5mgAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-13 20:13:26
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 ... show more (mod_security) mod_security (id:210730) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 13 16:13:21.804241 2024] [security2:error] [pid 8465:tid 8465] [client 31.220.75.237:59486] [client 31.220.75.237] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||pastorjohndunning.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "pastorjohndunning.com"] [uri "/wp-config-sample.php.bak"] [unique_id "Zru-YdljQ8IEp1PMR7qd_QAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-13 08:48:25
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 ... show more (mod_security) mod_security (id:210492) triggered by 31.220.75.237 (vmi2055856.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 13 04:48:16.056662 2024] [security2:error] [pid 6008:tid 6113] [client 31.220.75.237:34356] [client 31.220.75.237] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pilargarciamanzanares.com"] [uri "/wp-config.phpbak"] [unique_id "Zrsd0MiHS-SGAxECi2RPnAAAAJQ"] show less
Brute-Force
Bad Web Bot
Web App Attack