mnsf
2024-08-15 01:09:07
(3 weeks ago)
Request Overload (102)
Brute-Force
Web App Attack
TPI-Abuse
2024-08-14 17:52:31
(3 weeks ago)
(mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 14 13:52:26.287724 2024] [security2:error] [pid 12513:tid 12513] [client 43.135.163.214:40256] [client 43.135.163.214] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||teenybikini.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "teenybikini.com"] [uri "/blog/"] [unique_id "Zrzu2ke8CuJlUxmDzK7tOQAAACc"], referer: http://www.teeniebikini.com show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-08-14 10:01:45
(3 weeks ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TPI-Abuse
2024-08-14 09:10:44
(3 weeks ago)
(mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 14 05:10:39.982743 2024] [security2:error] [pid 17786:tid 17786] [client 43.135.163.214:46038] [client 43.135.163.214] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.twtcsl.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.twtcsl.com"] [uri "/"] [unique_id "Zrx0j1hCtWP4YMxZAoRySwAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-14 07:30:43
(3 weeks ago)
(mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 14 03:30:39.779512 2024] [security2:error] [pid 31812:tid 31812] [client 43.135.163.214:36368] [client 43.135.163.214] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.isci.global|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.isci.global"] [uri "/"] [unique_id "ZrxdH7D1_JAS36r_acq6hAAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-14 06:52:21
(3 weeks ago)
(mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 14 02:52:17.048446 2024] [security2:error] [pid 16696:tid 16696] [client 43.135.163.214:49248] [client 43.135.163.214] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.teguer.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.teguer.com"] [uri "/"] [unique_id "ZrxUITYDJR_PN_WRFYPplAAAAAg"], referer: http://www.teguer.info show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-14 05:55:31
(3 weeks ago)
(mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 14 01:55:24.212901 2024] [security2:error] [pid 26113:tid 26113] [client 43.135.163.214:42948] [client 43.135.163.214] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.instafaces.xyz|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.instafaces.xyz"] [uri "/"] [unique_id "ZrxGzNhenX41O4nTFCBB4AAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-14 05:06:47
(3 weeks ago)
(mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 14 01:06:40.048567 2024] [security2:error] [pid 15056:tid 15056] [client 43.135.163.214:45932] [client 43.135.163.214] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.swingboutique.net|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.swingboutique.net"] [uri "/"] [unique_id "Zrw7YCHUZasxtmrKVYL54QAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-14 04:44:03
(3 weeks ago)
(mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 14 00:43:55.149982 2024] [security2:error] [pid 11128:tid 11128] [client 43.135.163.214:35782] [client 43.135.163.214] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.databright.net|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.databright.net"] [uri "/"] [unique_id "Zrw2C0kHwSaCVwIC_hhEVgAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-14 04:26:26
(3 weeks ago)
(mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 14 00:26:18.865048 2024] [security2:error] [pid 13996:tid 13996] [client 43.135.163.214:54004] [client 43.135.163.214] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.carjinn.net|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.carjinn.net"] [uri "/"] [unique_id "Zrwx6qq53wjBuI2RVKerrwAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-14 04:05:45
(3 weeks ago)
(mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 14 00:05:39.246565 2024] [security2:error] [pid 17153:tid 17153] [client 43.135.163.214:44350] [client 43.135.163.214] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||secureonebank.net|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "secureonebank.net"] [uri "/buy-secure-coins.html"] [unique_id "ZrwtE6bRtJ-AHMOdf76UkQAAAAs"], referer: http://www.securecoin.cash show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-14 03:40:16
(3 weeks ago)
Excessive HTTP/HTTPS connections.
Bad Web Bot
TPI-Abuse
2024-08-14 03:27:57
(3 weeks ago)
(mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 13 23:27:51.568478 2024] [security2:error] [pid 18073:tid 18073] [client 43.135.163.214:59722] [client 43.135.163.214] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.ecuablue.farm|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.ecuablue.farm"] [uri "/"] [unique_id "ZrwkN52P2xo0fhSzXp3JMwAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
MHuiG
2024-08-14 02:31:17
(3 weeks ago)
The IP has triggered Cloudflare WAF. action: managed_challenge source: asn clientAsn: 132203 clientA ... show more The IP has triggered Cloudflare WAF. action: managed_challenge source: asn clientAsn: 132203 clientASNDescription: TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue clientCountryName: US clientIP: 43.135.163.214 clientRequestHTTPHost: mhuig.top clientRequestHTTPMethodName: GET clientRequestHTTPProtocol: HTTP/1.1 clientRequestPath: / clientRequestQuery: datetime: 2024-08-14T01:58:20Z rayName: 8b2d56d9eb0d1574 ruleId: asn userAgent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less
Open Proxy
VPN IP
Port Scan
Hacking
SQL Injection
Bad Web Bot
Exploited Host
Web App Attack
TPI-Abuse
2024-08-14 00:05:24
(3 weeks ago)
(mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 43.135.163.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 13 20:05:16.252635 2024] [security2:error] [pid 22799:tid 22808] [client 43.135.163.214:48038] [client 43.135.163.214] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||projectmanagementcertification.org|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "projectmanagementcertification.org"] [uri "/"] [unique_id "Zrv0vJ_2H8F_P0X86Hv91wAAAMc"] show less
Brute-Force
Bad Web Bot
Web App Attack