MAGIC
2024-04-02 14:04:53
(5 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TPI-Abuse
2024-03-16 06:19:35
(5 months ago)
(mod_security) mod_security (id:210730) triggered by 34.140.63.207 (207.63.140.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 34.140.63.207 (207.63.140.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 16 02:19:31.577816 2024] [security2:error] [pid 32320] [client 34.140.63.207:59982] [client 34.140.63.207] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.stalbansparish.org|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.stalbansparish.org"] [uri "/news-and-information/[email protected] "] [unique_id "ZfU584EsxZxEOII20UN9JAAAABo"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-03-15 18:28:25
(5 months ago)
(mod_security) mod_security (id:210730) triggered by 34.140.63.207 (207.63.140.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 34.140.63.207 (207.63.140.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 15 14:28:18.150578 2024] [security2:error] [pid 4267] [client 34.140.63.207:14833] [client 34.140.63.207] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.gapanda.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.gapanda.com"] [uri "/php-old.ini"] [unique_id "ZfSTQq70GJVUmrf6k9ieKwAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-03-11 12:00:16
(6 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
conseilgouz
2024-02-28 16:57:12
(6 months ago)
law-Joomla User : try to access forms...
Hacking
TPI-Abuse
2024-02-27 19:35:46
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 34.140.63.207 (207.63.140.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 34.140.63.207 (207.63.140.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 27 14:35:42.838309 2024] [security2:error] [pid 10515] [client 34.140.63.207:19513] [client 34.140.63.207] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.ncrcs.org|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.ncrcs.org"] [uri "/beginners/[email protected] "] [unique_id "Zd45jhyNJGOg1pU80M0NrQAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
Harm222
2024-02-27 18:55:43
(6 months ago)
phw-Joomla User : try to access forms...
Hacking
TPI-Abuse
2024-02-27 13:44:51
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 34.140.63.207 (207.63.140.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 34.140.63.207 (207.63.140.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 27 08:44:47.816720 2024] [security2:error] [pid 29003] [client 34.140.63.207:37328] [client 34.140.63.207] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.hazardvillefire.org|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.hazardvillefire.org"] [uri "/publicsafetyedu.com"] [unique_id "Zd3nT-E0Dc7_Vzb0O3-tWQAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
Bay13
2024-02-27 12:19:02
(6 months ago)
f2b http-redirect
Hacking
Web App Attack
TPI-Abuse
2024-02-27 09:45:34
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 34.140.63.207 (207.63.140.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 34.140.63.207 (207.63.140.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 27 04:45:27.906551 2024] [security2:error] [pid 4312:tid 47687400810240] [client 34.140.63.207:32787] [client 34.140.63.207] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.kerrfamilyassociation.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kerrfamilyassociation.com"] [uri "/[email protected] "] [unique_id "Zd2vNx3WvViYcgzICwCOQQAAAQ8"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-02-27 07:06:32
(6 months ago)
Bot / scanning and/or hacking attempts: GET / HTTP/1.1, GET /demo HTTP/1.1, GET /:https:/app.do-dash ... show more Bot / scanning and/or hacking attempts: GET / HTTP/1.1, GET /demo HTTP/1.1, GET /:https:/app.do-dashboard.nl HTTP/1.1, GET /login.php HTTP/1.1, GET /webinar HTTP/1.1, GET /robots.txt HTTP/1.1, GET /login.php?reset=true HTTP/1.1, GET /contact HTTP/1.1, GET //login.php HTTP/1.1, GET /training HTTP/1.1 show less
Hacking
Web App Attack
TPI-Abuse
2024-02-26 20:34:59
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 34.140.63.207 (207.63.140.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 34.140.63.207 (207.63.140.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 26 15:34:55.246136 2024] [security2:error] [pid 22020] [client 34.140.63.207:25889] [client 34.140.63.207] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.chicagowca.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.chicagowca.com"] [uri "/[email protected] "] [unique_id "Zdz170KCZz90tRC7aflrKQAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-02-26 20:04:23
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 34.140.63.207 (207.63.140.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 34.140.63.207 (207.63.140.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 26 15:04:18.546862 2024] [security2:error] [pid 24528] [client 34.140.63.207:31077] [client 34.140.63.207] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.solcargomiami.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.solcargomiami.com"] [uri "/mailto@[email protected] "] [unique_id "ZdzuwpBxYBqVb6Q0h-dd-QAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-02-26 13:55:25
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 34.140.63.207 (207.63.140.34.bc.googleuserconte ... show more (mod_security) mod_security (id:210730) triggered by 34.140.63.207 (207.63.140.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 26 08:55:20.957536 2024] [security2:error] [pid 12429] [client 34.140.63.207:61687] [client 34.140.63.207] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||www.thequietplacemassage.net|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.thequietplacemassage.net"] [uri "/[email protected] "] [unique_id "ZdyYSGgv6xcrXsqCJ_RFsAAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-02-26 10:09:28
(6 months ago)
Abusive crawling/scraping. User-Agent: DnBCrawler-Analytics. Auto blocked and Banned.
Port Scan
Hacking
Bad Web Bot
Web App Attack