πΊπΈ
TPI-Abuse
2025-07-22 03:55:06
(11 months ago)
(mod_security) mod_security (id:210730) triggered by 44.235.110.155 (ec2-44-235-110-155.us-west-2.co ...
show more
(mod_security) mod_security (id:210730) triggered by 44.235.110.155 (ec2-44-235-110-155.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 21 23:55:00.447456 2025] [security2:error] [pid 11193:tid 11193] [client 44.235.110.155:49926] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||192.64.150.99|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "192.64.150.99"] [uri "/archive.sql"] [unique_id "aH8LlNKtusiVroO88HEomwAAABw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2024-09-17 15:56:56
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 44.235.110.155 (ec2-44-235-110-155.us-west-2.co ...
show more
(mod_security) mod_security (id:210730) triggered by 44.235.110.155 (ec2-44-235-110-155.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 17 11:56:49.519936 2024] [security2:error] [pid 29642:tid 29642] [client 44.235.110.155:8443] [client 44.235.110.155] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||cnwire.com|F|2"] [data ".mdb"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cnwire.com"] [uri "/Dz8PW09A.mdb"] [unique_id "ZummwbuKfj-JePXQ4GnzmwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2024-08-25 03:54:17
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 44.235.110.155 (ec2-44-235-110-155.us-west-2.co ...
show more
(mod_security) mod_security (id:210730) triggered by 44.235.110.155 (ec2-44-235-110-155.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 24 23:54:12.880976 2024] [security2:error] [pid 5405:tid 5405] [client 44.235.110.155:52066] [client 44.235.110.155] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||192.64.150.99|F|2"] [data ".64.150.99.sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "192.64.150.99"] [uri "/192.64.150.99.sql"] [unique_id "Zsqq5AhQDhEoHAJmXr0iEgAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
snappic
2024-08-07 08:23:53
(1 year ago)
Malicious query string & Amazon AWS User Agent Spoofing [GET /?a=%3Cscript%3Ealert%28%22XSS%22%29%3B ...
show more
Malicious query string & Amazon AWS User Agent Spoofing [GET /?a=%3Cscript%3Ealert%28%22XSS%22%29%3B%3C%2Fscript%3E&b=UNION+SELECT+ALL+FROM+information_schema+AND+%27+or+SLEEP%285%29+or+%27&c=..%2F..%2F..%2F..%2Fetc%2Fpasswd] [Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3770.100 Safari/537.36] **Reported from WAF sampled requests**
show less
Bad Web Bot
Web App Attack
Anonymous
2024-06-05 19:40:09
(2 years ago)
Excessive HTTP/HTTPS connections.
Bad Web Bot
Anonymous
2024-04-27 05:04:02
(2 years ago)
$f2bV_matches
Brute-Force
SSH
Anonymous
2024-04-19 08:40:43
(2 years ago)
Excessive HTTP/HTTPS connections.
Bad Web Bot
Anonymous
2024-04-17 07:10:31
(2 years ago)
Excessive HTTP/HTTPS connections.
Bad Web Bot
πΊπΈ
TPI-Abuse
2024-04-12 19:20:15
(2 years ago)
(mod_security) mod_security (id:210730) triggered by 44.235.110.155 (ec2-44-235-110-155.us-west-2.co ...
show more
(mod_security) mod_security (id:210730) triggered by 44.235.110.155 (ec2-44-235-110-155.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 12 15:20:10.522326 2024] [security2:error] [pid 27734] [client 44.235.110.155:19429] [client 44.235.110.155] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||192.64.150.202|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "192.64.150.202"] [uri "/cpanel_pdc14_com.sql"] [unique_id "ZhmJasU2LlVO19G8uI0fWAAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-03-29 19:20:19
(2 years ago)
Excessive HTTP/HTTPS connections.
Bad Web Bot
Anonymous
2024-03-12 11:42:00
(2 years ago)
Failed SSH login from 44.235.110.155 (US/United States/ec2-44-235-110-155.us-west-2.compute.amazonaw ...
show more
Failed SSH login from 44.235.110.155 (US/United States/ec2-44-235-110-155.us-west-2.compute.amazonaws.com): 5 in the last 3600 secs
show less
Hacking
Brute-Force
SSH
Anonymous
2024-03-04 18:40:05
(2 years ago)
Excessive HTTP/HTTPS connections.
Bad Web Bot
πΊπΈ
TPI-Abuse
2024-02-15 00:15:40
(2 years ago)
(mod_security) mod_security (id:210730) triggered by 44.235.110.155 (ec2-44-235-110-155.us-west-2.co ...
show more
(mod_security) mod_security (id:210730) triggered by 44.235.110.155 (ec2-44-235-110-155.us-west-2.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 14 19:15:34.869620 2024] [security2:error] [pid 24565:tid 47093456590592] [client 44.235.110.155:39121] [client 44.235.110.155] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||192.64.150.123|F|2"] [data ".cer"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "192.64.150.123"] [uri "/cpaneltexasinsuranceservices.cer"] [unique_id "Zc1Xpg7t_ChkiRE7VwZ6kgAAAEc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-01-30 04:50:58
(2 years ago)
Excessive HTTP/HTTPS connections.
Bad Web Bot
Anonymous
2024-01-29 01:33:34
(2 years ago)
Aggressive web scan
Web App Attack