TPI-Abuse
2024-11-15 18:01:01
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 45.134.212.99 (unn-45-134-212-99.datapacket.com ... show more (mod_security) mod_security (id:210730) triggered by 45.134.212.99 (unn-45-134-212-99.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 15 13:00:57.075064 2024] [security2:error] [pid 20182:tid 20182] [client 45.134.212.99:58562] [client 45.134.212.99] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||tci.land|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "tci.land"] [uri "/wp-content/debug.log"] [unique_id "ZzeMWZukrV6KSAAUaKlRDQAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-15 11:04:49
(2 weeks ago)
Backdrop CMS module - malicious activity detected
Bad Web Bot
Web App Attack
cmbplf
2024-11-15 09:00:14
(2 weeks ago)
9.154 4xx requests in 1 hour (1w1d21h)
Brute-Force
Bad Web Bot
Anonymous
2024-11-15 01:50:28
(2 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Savvii
2024-11-14 22:57:26
(2 weeks ago)
20 attempts against mh-misbehave-ban on redirect
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-14 20:45:28
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 45.134.212.99 (unn-45-134-212-99.datapacket.com ... show more (mod_security) mod_security (id:210730) triggered by 45.134.212.99 (unn-45-134-212-99.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 15:45:22.187021 2024] [security2:error] [pid 2380:tid 2380] [client 45.134.212.99:61269] [client 45.134.212.99] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||otrantocapital.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "otrantocapital.com"] [uri "/wp-content/debug.log"] [unique_id "ZzZhYkaMvosvMaMuIlwyWgAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
SpeedIT Solutions
2024-11-14 20:17:30
(2 weeks ago)
(mod_security) mod_security triggered on hostname [redacted] 45.134.212.99 (PL/Poland/unn-45-134-212 ... show more (mod_security) mod_security triggered on hostname [redacted] 45.134.212.99 (PL/Poland/unn-45-134-212-99.datapacket.com): (CF_ENABLE) show less
SQL Injection
TPI-Abuse
2024-11-14 14:12:25
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 45.134.212.99 (unn-45-134-212-99.datapacket.com ... show more (mod_security) mod_security (id:210730) triggered by 45.134.212.99 (unn-45-134-212-99.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 14 09:12:17.029678 2024] [security2:error] [pid 4744:tid 4744] [client 45.134.212.99:64503] [client 45.134.212.99] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||greybrucepork.ca|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "greybrucepork.ca"] [uri "/wp-content/debug.log"] [unique_id "ZzYFQWF5EOLUdcLEHR7HtgAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
yukon.ca
2024-11-14 11:08:33
(2 weeks ago)
WordPress Enforcement Protection: WordPress LiteSpeed Cache Plugin Information Disclosure (CVE-2024- ... show more WordPress Enforcement Protection: WordPress LiteSpeed Cache Plugin Information Disclosure (CVE-2024-44000)
Port:80 show less
Hacking
Exploited Host
penjaga BRIN
2024-11-13 01:14:08
(2 weeks ago)
Multiple BOT Scanning Attack Detected from same source ip.-111
Web App Attack
Burayot
2024-11-12 20:09:11
(2 weeks ago)
LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 45.134.212.99 (PL/Poland/unn-45-134 ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 45.134.212.99 (PL/Poland/unn-45-134-212-99.datapacket.com): 1 in the last 3600 secs show less
Web App Attack
mawan
2024-11-12 19:25:32
(2 weeks ago)
Suspected of having performed illicit activity on AMS server.
Web App Attack
Burayot
2024-11-12 19:24:06
(2 weeks ago)
LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 45.134.212.99 (PL/Poland/unn-45-134 ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 45.134.212.99 (PL/Poland/unn-45-134-212-99.datapacket.com): 2 in the last 3600 secs show less
Web App Attack
hostseries
2024-08-09 01:40:51
(3 months ago)
Trigger: LF_SMTPAUTH
Brute-Force
Anonymous
2024-05-12 02:13:29
(6 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH