TPI-Abuse
2024-11-10 14:41:18
(19 hours ago)
(mod_security) mod_security (id:210730) triggered by 37.120.221.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 37.120.221.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 09:41:11.341367 2024] [security2:error] [pid 27915:tid 27915] [client 37.120.221.249:1153] [client 37.120.221.249] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||usbea.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "usbea.com"] [uri "/restore/mysql.sql"] [unique_id "ZzDGB4zXTLsjVzm-sQFuIgAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-10 05:45:41
(1 day ago)
(mod_security) mod_security (id:210730) triggered by 37.120.221.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 37.120.221.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 00:45:34.868305 2024] [security2:error] [pid 9288:tid 9305] [client 37.120.221.249:41955] [client 37.120.221.249] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||magazineofwallstreet.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "magazineofwallstreet.com"] [uri "/back/www.sql"] [unique_id "ZzBIfisvFBu9Zqt3SqmcOwAAAQ8"] show less
Brute-Force
Bad Web Bot
Web App Attack
nyuuzyou
2024-11-05 18:05:27
(5 days ago)
Intensive scraping: /web?s=%22Best%20Salt%20Lake%20City%20waxing%20salons%22&country=si-si&scraper=y ... show more Intensive scraping: /web?s=%22Best%20Salt%20Lake%20City%20waxing%20salons%22&country=si-si&scraper=yep. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Vivaldi/5.3.2679.68. show less
Bad Web Bot
Anonymous
2024-11-03 14:56:04
(1 week ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-11-02 22:20:03
(1 week ago)
| Suspicious URL access.
Hacking
SQL Injection
Web App Attack
unifr
2024-10-30 13:23:22
(1 week ago)
Unauthorized IMAP connection attempt
Brute-Force
TPI-Abuse
2024-10-24 21:50:15
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 37.120.221.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 37.120.221.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 24 17:50:08.265227 2024] [security2:error] [pid 4266:tid 4266] [client 37.120.221.249:61113] [client 37.120.221.249] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.nationalenq.com"] [uri "/restore/sftp-config.json"] [unique_id "ZxrBEODvSe-LN5nMGrSOlgAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-10-22 08:39:43
(2 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-10-21 02:41:38
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 37.120.221.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 37.120.221.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 20 22:41:31.749136 2024] [security2:error] [pid 4989:tid 4989] [client 37.120.221.249:48077] [client 37.120.221.249] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||csgohub.gg|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "csgohub.gg"] [uri "/bak/backup.sql"] [unique_id "ZxW_WyEMZDRkiORymeXSAwAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-20 22:18:41
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 37.120.221.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 37.120.221.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 20 18:18:34.724876 2024] [security2:error] [pid 15376:tid 15376] [client 37.120.221.249:49805] [client 37.120.221.249] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||otrantocapital.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "otrantocapital.com"] [uri "/site_name_com.sql"] [unique_id "ZxWBuqpnhSM5POHm570LAgAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-20 18:26:24
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 37.120.221.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 37.120.221.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 20 14:26:19.749596 2024] [security2:error] [pid 20387:tid 20387] [client 37.120.221.249:31873] [client 37.120.221.249] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||bitcointoolshop.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bitcointoolshop.com"] [uri "/restore/mysql.sql"] [unique_id "ZxVLS8MY8dUR9YW9s8q5PgAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-18 17:55:01
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 37.120.221.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 37.120.221.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 18 13:54:56.587879 2024] [security2:error] [pid 1565487:tid 1565487] [client 37.120.221.249:54121] [client 37.120.221.249] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ourhotmail.com"] [uri "/restore/sftp-config.json"] [unique_id "ZxKg8E3PHQP25KEPpjXxPQAAABo"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-16 21:35:10
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 37.120.221.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 37.120.221.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 16 17:35:03.791832 2024] [security2:error] [pid 6465:tid 6473] [client 37.120.221.249:5011] [client 37.120.221.249] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dpscsde.com"] [uri "/backups/sftp-config.json"] [unique_id "ZxAxh0ylrhXQLMYW1Ov3kAAAAIU"] show less
Brute-Force
Bad Web Bot
Web App Attack
CryptoYakari
2024-10-15 15:58:49
(3 weeks ago)
37.120.221.249 - - [15/Oct/2024:18:58:39 +0300] "HEAD /backup/config.json HTTP/1.0" 404 436 "-" "-"< ... show more 37.120.221.249 - - [15/Oct/2024:18:58:39 +0300] "HEAD /backup/config.json HTTP/1.0" 404 436 "-" "-"
37.120.221.249 - - [15/Oct/2024:18:58:42 +0300] "GET /restore/website.gz HTTP/1.0" 404 28899 "-" "-"
37.120.221.249 - - [15/Oct/2024:18:58:42 +0300] "GET /old/directory.tar.gz HTTP/1.0" 404 28913 "-" "-"
37.120.221.249 - - [15/Oct/2024:18:58:43 +0300] "GET /old/website.gz HTTP/1.0" 404 28859 "-" "-"
37.120.221.249 - - [15/Oct/2024:18:58:47 +0300] "GET /directory.zip HTTP/1.0" 404 28859 "-" "-"
... show less
Web Spam
Blog Spam
Bad Web Bot
Web App Attack
Anonymous
2024-10-15 04:48:35
(3 weeks ago)
Account archive download attempts
Hacking
Brute-Force