Sefinek
2024-09-30 20:37:23
(5 days ago)
Triggered Cloudflare WAF (firewallCustom) from T1.
Action taken: CHALLENGE
ASN: 210558 ( ... show more Triggered Cloudflare WAF (firewallCustom) from T1.
Action taken: CHALLENGE
ASN: 210558 (SERVICES-1337-GMBH 1337-SERVICES-GMBH-NETWORK)
Protocol: HTTP/1.1 (method GET)
Domain: sefinek.net
Endpoint: /
Timestamp: 2024-09-30T10:43:42Z
Ray ID: 8cb39d0dfebdbf41
Rule ID: cc5e7a6277d447eca9c1818934ba65c8
UA: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Vivaldi/5.3.2679.68
Report generated by Node-Cloudflare-WAF-AbuseIPDB https://github.com/sefinek24/Node-Cloudflare-WAF-AbuseIPDB show less
Bad Web Bot
TPI-Abuse
2024-09-30 15:03:52
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 45.141.215.62 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 45.141.215.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 30 11:03:46.301462 2024] [security2:error] [pid 13826:tid 13826] [client 45.141.215.62:30650] [client 45.141.215.62] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.old" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cemesur-vision21.com"] [uri "/wp-config.old"] [unique_id "Zvq90jIsdWzcuINeO7kWJQAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-29 20:04:41
(6 days ago)
(mod_security) mod_security (id:210730) triggered by 45.141.215.62 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 45.141.215.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 29 16:04:34.016712 2024] [security2:error] [pid 31394:tid 31394] [client 45.141.215.62:51952] [client 45.141.215.62] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||inclined2wander.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "inclined2wander.com"] [uri "/.sql"] [unique_id "Zvmy0rbx0SH_swXo9MN8GQAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
botreporter
2024-09-22 06:07:38
(1 week ago)
botnet ignoring robots.txt
Bad Web Bot
quicksand
2024-09-18 08:39:47
(2 weeks ago)
Malicious URI path [GET /.DS_Store] [Go-http-client/1.1] **Reported from WAF sampled requests**
Bad Web Bot
Web App Attack
Anonymous
2024-09-17 21:24:57
(2 weeks ago)
Excessive crawling/scraping
Hacking
Brute-Force
oncord
2024-09-17 00:23:13
(2 weeks ago)
Form spam
Web Spam
TPI-Abuse
2024-09-16 05:29:49
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 45.141.215.62 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 45.141.215.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 16 01:29:38.946549 2024] [security2:error] [pid 2277:tid 2277] [client 45.141.215.62:26126] [client 45.141.215.62] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.register-yacht-cayman.com.yacht-register-holland.com"] [uri "/.git/config"] [unique_id "ZufCQrTxuNVMLLjWlAip-QAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-14 05:42:47
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 45.141.215.62 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 45.141.215.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 14 01:42:42.940863 2024] [security2:error] [pid 1599649:tid 1599649] [client 45.141.215.62:59926] [client 45.141.215.62] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "queenscountyparade.org"] [uri "/wp-config.php~"] [unique_id "ZuUiUgAZGthCjPZiC1SfzAAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
oncord
2024-09-14 03:52:24
(3 weeks ago)
Form spam
Web Spam
Yawning Angel
2024-09-13 13:16:06
(3 weeks ago)
type=traffic action=deny srcip=45.141.215.62 dstip=REDACTED srcport=32034 dstport=443 srcname=45.141 ... show more type=traffic action=deny srcip=45.141.215.62 dstip=REDACTED srcport=32034 dstport=443 srcname=45.141.215.62 app=HTTPS srccountry=Poland dstcountry=United States show less
Hacking
Web App Attack
TPI-Abuse
2024-09-12 23:27:26
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 45.141.215.62 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 45.141.215.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 12 19:27:18.801943 2024] [security2:error] [pid 29807:tid 29807] [client 45.141.215.62:23614] [client 45.141.215.62] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "work.tww18.cc"] [uri "/.git/config"] [unique_id "ZuN41lzcqfVrv46F3lTrZAAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-11 12:52:55
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 45.141.215.62 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 45.141.215.62 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 11 08:52:49.741979 2024] [security2:error] [pid 15056:tid 15056] [client 45.141.215.62:40458] [client 45.141.215.62] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.quicksmogsandiego.com"] [uri "/.git/config"] [unique_id "ZuGSoTP6Djovu194HsZKegAAABg"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-09-10 05:49:16
(3 weeks ago)
Action: Block, Reason: DDOS attack detected
DDoS Attack
Anonymous
2024-09-08 08:00:53
(3 weeks ago)
45.141.215.62 - - [08/Sep/2024:10:00:39 +0200] "POST /producten/alle-producten?tx_laposta_subscribe% ... show more 45.141.215.62 - - [08/Sep/2024:10:00:39 +0200] "POST /producten/alle-producten?tx_laposta_subscribe%5Baction%5D=rest&tx_laposta_subscribe%5Bcontroller%5D=Subscriptionlist&cHash=87286a273ad14449b643dd9f4e6483b3 HTTP/1.1" 400 9955 "https://www.solgar.nl/producten/alle-producten?tx_laposta_subscribe%5Baction%5D=rest&tx_laposta_subscribe%5Bcontroller%5D=Subscriptionlist&cHash=87286a273ad14449b643dd9f4e6483b3" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3409.2 Safari/537.36" 497189
45.141.215.62 - - [08/Sep/2024:10:00:42 +0200] "POST /producten/alle-producten?tx_laposta_subscribe%5Baction%5D=rest&tx_laposta_subscribe%5Bcontroller%5D=Subscriptionlist&cHash=87286a273ad14449b643dd9f4e6483b3 HTTP/1.1" 400 9955 "https://www.solgar.nl/producten/alle-producten?tx_laposta_subscribe%5Baction%5D=rest&tx_laposta_subscribe%5Bcontroller%5D=Subscriptionlist&cHash=87286a273ad14449b643dd9f4e6483b3" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML,
... show less
Brute-Force