Anonymous
2024-07-25 07:45:27
(1 year ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2024-07-24 18:12:16
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 45.137.22.137 (hosted-by.rootlayer.net): 1 in t ...
show more
(mod_security) mod_security (id:210730) triggered by 45.137.22.137 (hosted-by.rootlayer.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 24 14:12:13.133104 2024] [security2:error] [pid 5722:tid 5752] [client 45.137.22.137:49322] [client 45.137.22.137] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.hydservice.com|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.hydservice.com"] [uri "/CookieAuth.dll"] [unique_id "ZqFD_W3mwTJvJPWoMMFIcwAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-07-15 02:33:45
(1 year ago)
(mod_security) mod_security triggered on hostname [redacted] 45.137.22.137 (NL/The Netherlands/hoste ...
show more
(mod_security) mod_security triggered on hostname [redacted] 45.137.22.137 (NL/The Netherlands/hosted-by.rootlayer.net)
show less
SQL Injection
๐บ๐ธ
TPI-Abuse
2024-07-15 02:19:19
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 45.137.22.137 (hosted-by.rootlayer.net): 1 in t ...
show more
(mod_security) mod_security (id:210730) triggered by 45.137.22.137 (hosted-by.rootlayer.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 14 22:19:15.388027 2024] [security2:error] [pid 376801] [client 45.137.22.137:63036] [client 45.137.22.137] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.rivervalleyhome.com|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.rivervalleyhome.com"] [uri "/CookieAuth.dll"] [unique_id "ZpSHIysnrlmtZU7_GNSd0QAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-07-15 00:00:56
(1 year ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2024-07-05 03:54:11
(2 years ago)
(mod_security) mod_security (id:210730) triggered by 45.137.22.137 (hosted-by.rootlayer.net): 1 in t ...
show more
(mod_security) mod_security (id:210730) triggered by 45.137.22.137 (hosted-by.rootlayer.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 04 23:54:07.002759 2024] [security2:error] [pid 143172] [client 45.137.22.137:63085] [client 45.137.22.137] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.vmbinc.com|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.vmbinc.com"] [uri "/CookieAuth.dll"] [unique_id "ZoduXh2OsOaCBGqI5FxG3QAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-07-05 02:14:50
(2 years ago)
(mod_security) mod_security (id:210730) triggered by 45.137.22.137 (hosted-by.rootlayer.net): 1 in t ...
show more
(mod_security) mod_security (id:210730) triggered by 45.137.22.137 (hosted-by.rootlayer.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 04 22:14:44.163563 2024] [security2:error] [pid 11592:tid 47623614514944] [client 45.137.22.137:52417] [client 45.137.22.137] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.nationsrecovery.com|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.nationsrecovery.com"] [uri "/CookieAuth.dll"] [unique_id "ZodXFDZThzSKfBi08m_1fAAAAMU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-07-04 23:54:13
(2 years ago)
(mod_security) mod_security (id:210730) triggered by 45.137.22.137 (hosted-by.rootlayer.net): 1 in t ...
show more
(mod_security) mod_security (id:210730) triggered by 45.137.22.137 (hosted-by.rootlayer.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 04 19:54:07.733813 2024] [security2:error] [pid 4340] [client 45.137.22.137:57657] [client 45.137.22.137] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.form-a-tool.com|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.form-a-tool.com"] [uri "/CookieAuth.dll"] [unique_id "Zoc2H5B5cTFPvBkSz6PISwAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Linuxmalwarehuntingnl
2024-07-04 07:04:18
(2 years ago)
Unauthorized connection attempt
Brute-Force
๐บ๐ธ
TPI-Abuse
2024-06-11 23:00:06
(2 years ago)
(mod_security) mod_security (id:210730) triggered by 45.137.22.137 (hosted-by.rootlayer.net): 1 in t ...
show more
(mod_security) mod_security (id:210730) triggered by 45.137.22.137 (hosted-by.rootlayer.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 11 19:00:01.130243 2024] [security2:error] [pid 3268228] [client 45.137.22.137:64292] [client 45.137.22.137] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.kathleen-douglas.com|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.kathleen-douglas.com"] [uri "/CookieAuth.dll"] [unique_id "ZmjW8V90VL9nrGf2TabVrwAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-06-09 11:54:18
(2 years ago)
(mod_security) mod_security (id:210730) triggered by 45.137.22.137 (hosted-by.rootlayer.net): 1 in t ...
show more
(mod_security) mod_security (id:210730) triggered by 45.137.22.137 (hosted-by.rootlayer.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 09 07:54:14.184123 2024] [security2:error] [pid 8841] [client 45.137.22.137:60003] [client 45.137.22.137] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.watongacommunitycats.org|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.watongacommunitycats.org"] [uri "/CookieAuth.dll"] [unique_id "ZmWX5m6kF7VqLjnjAfPSsgAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
Swiptly
2024-06-09 11:46:11
(2 years ago)
Multiple critical ModSecurity events
...
Web Spam
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2024-06-09 10:02:59
(2 years ago)
(mod_security) mod_security (id:210730) triggered by 45.137.22.137 (hosted-by.rootlayer.net): 1 in t ...
show more
(mod_security) mod_security (id:210730) triggered by 45.137.22.137 (hosted-by.rootlayer.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 09 06:02:53.467927 2024] [security2:error] [pid 16162] [client 45.137.22.137:60881] [client 45.137.22.137] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.arrowheadornamentals.com|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.arrowheadornamentals.com"] [uri "/CookieAuth.dll"] [unique_id "ZmV9zZX9zJ2hl4QKa5PUKgAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2024-06-09 06:53:10
(2 years ago)
(mod_security) mod_security (id:210730) triggered by 45.137.22.137 (hosted-by.rootlayer.net): 1 in t ...
show more
(mod_security) mod_security (id:210730) triggered by 45.137.22.137 (hosted-by.rootlayer.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 09 02:53:04.169939 2024] [security2:error] [pid 1938182:tid 47827621259008] [client 45.137.22.137:64708] [client 45.137.22.137] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.pershia.net|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.pershia.net"] [uri "/CookieAuth.dll"] [unique_id "ZmVRUAn30Dh1FMPXl4DZxAAAAoY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-06-09 00:06:36
(2 years ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH