πΊπΈ
threatx
2024-11-27 22:58:38
(1 year ago)
Common blacklisted IPs across tenants
DDoS Attack
Bad Web Bot
Web App Attack
πΊπΈ
threatx
2024-11-26 08:22:06
(1 year ago)
Common blacklisted IPs across tenants
DDoS Attack
Bad Web Bot
Web App Attack
πΉπ·
rtbh.com.tr
2024-11-18 20:53:16
(1 year ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
π¨π¦
Mediashaker
2024-11-18 06:21:54
(1 year ago)
(apache-scanners) Failed apache-scanners trigger with match [redacted] from 38.180.91.113 (US/United ...
show more
(apache-scanners) Failed apache-scanners trigger with match [redacted] from 38.180.91.113 (US/United States/-)
show less
Port Scan
πΊπΈ
TPI-Abuse
2024-11-18 01:26:32
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 38.180.91.113 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 38.180.91.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 17 20:26:24.403510 2024] [security2:error] [pid 4478:tid 4478] [client 38.180.91.113:41239] [client 38.180.91.113] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||aallred.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "aallred.com"] [uri "/config/php.ini"] [unique_id "ZzqXwGo2KClmcFNo9JylqQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΉπ·
rtbh.com.tr
2024-11-17 20:53:17
(1 year ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
π©πͺ
ghostwarriors
2024-11-17 07:50:04
(1 year ago)
Attempts against non-existent wp-login
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2024-11-17 01:32:54
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 38.180.91.113 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 38.180.91.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 16 20:32:48.880137 2024] [security2:error] [pid 22406:tid 22406] [client 38.180.91.113:10390] [client 38.180.91.113] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||honigcpa.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "honigcpa.com"] [uri "/config/php.ini"] [unique_id "ZzlHwI547eaKP3BXrGMuGgAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2024-11-17 01:17:31
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 38.180.91.113 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 38.180.91.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 16 20:17:25.866926 2024] [security2:error] [pid 14548:tid 14548] [client 38.180.91.113:54921] [client 38.180.91.113] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||fusionrep.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "fusionrep.com"] [uri "/config/php.ini"] [unique_id "ZzlEJRc5WuhxEgZiOpvVqQAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2024-11-16 23:58:46
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 38.180.91.113 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 38.180.91.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 16 18:58:41.979041 2024] [security2:error] [pid 5255:tid 5255] [client 38.180.91.113:26261] [client 38.180.91.113] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||wea-inc.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "wea-inc.com"] [uri "/config/php.ini"] [unique_id "ZzkxsaAoySuU2fUOewoBQAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π³πΏ
Tripwire
2024-11-16 23:33:17
(1 year ago)
Unauthorized admin access - /admin/config
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2024-11-16 14:17:06
(1 year ago)
(mod_security) mod_security (id:243320) triggered by 38.180.91.113 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:243320) triggered by 38.180.91.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 16 09:17:02.595456 2024] [security2:error] [pid 23145:tid 23145] [client 38.180.91.113:1864] [client 38.180.91.113] ModSecurity: Access denied with code 403 (phase 2). String match "/.profile" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "6621"] [id "243320"] [rev "1"] [msg "COMODO WAF: Information disclosure vulnerability in Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products (CVE-2016-6639)||harintonmechanical.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "harintonmechanical.com"] [uri "/.profile"] [unique_id "ZzipXv-fVmZeEPC3XQjqdQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π§πͺ
cmbplf
2024-11-16 07:29:45
(1 year ago)
112 requests to *.gitlab-ci.yml
Brute-Force
Bad Web Bot
πΊπΈ
TPI-Abuse
2024-11-16 02:55:40
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 38.180.91.113 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 38.180.91.113 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 15 21:55:37.039482 2024] [security2:error] [pid 1605483:tid 1605483] [client 38.180.91.113:33479] [client 38.180.91.113] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||renperfco.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "renperfco.com"] [uri "/config/php.ini"] [unique_id "ZzgJqVLIvvLf_ZXJPyHVoAAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-15 22:36:40
(1 year ago)
Restricted File Access Requests
Hacking
Brute-Force