mnsf
2024-12-03 03:04:23
(1 month ago)
Too many Status 40X (12)
Brute-Force
Web App Attack
MSZ
2024-12-03 02:32:18
(1 month ago)
Blocked by Fail2Ban (plesk-modsecurity)
Hacking
Brute-Force
Web App Attack
TPI-Abuse
2024-12-03 02:25:06
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 35.88.180.68 (ec2-35-88-180-68.us-west-2.comput ... show more (mod_security) mod_security (id:210492) triggered by 35.88.180.68 (ec2-35-88-180-68.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 02 21:25:00.511694 2024] [security2:error] [pid 5032:tid 5032] [client 35.88.180.68:59824] [client 35.88.180.68] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.trigonom.com"] [uri "/.git/"] [unique_id "Z05r_E9vpXGFI-ZI630R1AAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-03 01:45:24
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 35.88.180.68 (ec2-35-88-180-68.us-west-2.comput ... show more (mod_security) mod_security (id:210492) triggered by 35.88.180.68 (ec2-35-88-180-68.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 02 20:45:20.179130 2024] [security2:error] [pid 7275:tid 7275] [client 35.88.180.68:41410] [client 35.88.180.68] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.grossvial.com"] [uri "/.git/"] [unique_id "Z05isFWiZDwRAUuh955eRAAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
paissangroup
2024-12-03 01:20:25
(1 month ago)
Multiple WAF Violations
Web App Attack
TPI-Abuse
2024-12-02 23:53:46
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 35.88.180.68 (ec2-35-88-180-68.us-west-2.comput ... show more (mod_security) mod_security (id:210492) triggered by 35.88.180.68 (ec2-35-88-180-68.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 02 18:53:38.855590 2024] [security2:error] [pid 21530:tid 21530] [client 35.88.180.68:49122] [client 35.88.180.68] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kletzer.com"] [uri "/.git/"] [unique_id "Z05IgpW8XfREyQ8J82UtSAAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Aetherweb Ark
2024-12-02 23:38:29
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 35.88.180.68 (US/United States/ec2-35-88-180-68 ... show more (mod_security) mod_security (id:210492) triggered by 35.88.180.68 (US/United States/ec2-35-88-180-68.us-west-2.compute.amazonaws.com): N in the last X secs show less
Web App Attack
TPI-Abuse
2024-12-02 23:30:45
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 35.88.180.68 (ec2-35-88-180-68.us-west-2.comput ... show more (mod_security) mod_security (id:210492) triggered by 35.88.180.68 (ec2-35-88-180-68.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 02 18:30:42.390062 2024] [security2:error] [pid 19826:tid 20015] [client 35.88.180.68:38894] [client 35.88.180.68] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.jeflis.com"] [uri "/.git/"] [unique_id "Z05DIs8Bf_EGYHKughrndwAAAEk"] show less
Brute-Force
Bad Web Bot
Web App Attack
mawan
2024-12-02 23:24:06
(1 month ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
w-e-c-l-o-u-d-i-t
2024-12-02 23:22:21
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 35.88.180.68 (US/United States/ec2-35-88-180-68 ... show more (mod_security) mod_security (id:210492) triggered by 35.88.180.68 (US/United States/ec2-35-88-180-68.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 0; Trigger: LF_MODSEC show less
Brute-Force
SSH
Ba-Yu
2024-12-02 23:22:01
(1 month ago)
General hacking/exploits/scanning
Web Spam
Hacking
Brute-Force
Exploited Host
Web App Attack
TPI-Abuse
2024-12-02 23:15:20
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 35.88.180.68 (ec2-35-88-180-68.us-west-2.comput ... show more (mod_security) mod_security (id:210492) triggered by 35.88.180.68 (ec2-35-88-180-68.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 02 18:15:13.544462 2024] [security2:error] [pid 28948:tid 28948] [client 35.88.180.68:49326] [client 35.88.180.68] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.kmashburn.com"] [uri "/.git/"] [unique_id "Z04_gdW2S_A4H4qek3iVOQAAABk"] show less
Brute-Force
Bad Web Bot
Web App Attack
mashamal
2024-12-02 23:15:06
(1 month ago)
Vulnerability Probe
...
Web App Attack
gumbysoft
2024-12-02 23:08:24
(1 month ago)
Unauthorized web vulnerability scan (/.env, wordpress, etc.)
Web App Attack
TPI-Abuse
2024-12-02 22:57:43
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 35.88.180.68 (ec2-35-88-180-68.us-west-2.comput ... show more (mod_security) mod_security (id:210492) triggered by 35.88.180.68 (ec2-35-88-180-68.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 02 17:57:35.938499 2024] [security2:error] [pid 15832:tid 15832] [client 35.88.180.68:51528] [client 35.88.180.68] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.schrankhome.com"] [uri "/.git/"] [unique_id "Z047X1q21DMxh7WToXobpgAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack