๐บ๐ธ
TPI-Abuse
2025-10-01 22:42:53
(9 months ago)
(mod_security) mod_security (id:210492) triggered by 45.153.160.40 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 45.153.160.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 18:41:54.075234 2025] [security2:error] [pid 22479:tid 22479] [client 45.153.160.40:20471] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thomasanthonyquinn.com"] [uri "/backup/.env.old"] [unique_id "aN2uMqG4cfYKCnNf2xo8mwAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Starburst SysOp Team
2025-10-01 22:41:57
(9 months ago)
(mod_security-custom) mod_security (id:210492) triggered by 45.153.160.40 (NL/The Netherlands/North ...
show more
(mod_security-custom) mod_security (id:210492) triggered by 45.153.160.40 (NL/The Netherlands/North Holland/Amsterdam/-/[AS2914 NTT-DATA-2914]): 1 in the last 3600 secs (0-srv1)
show less
Hacking
๐บ๐ธ
TPI-Abuse
2025-10-01 09:35:13
(9 months ago)
(mod_security) mod_security (id:210730) triggered by 45.153.160.40 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 45.153.160.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 05:35:08.124078 2025] [security2:error] [pid 30439:tid 30439] [client 45.153.160.40:30707] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||alsdepot.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "alsdepot.com"] [uri "/123456.sql"] [unique_id "aNz1zOBQp_FRoLcFgSzC-gAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-01 03:38:44
(9 months ago)
(mod_security) mod_security (id:210492) triggered by 45.153.160.40 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 45.153.160.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 30 23:38:40.326098 2025] [security2:error] [pid 30535:tid 30535] [client 45.153.160.40:15613] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fashionmenswear.com"] [uri "/pub/.env.old"] [unique_id "aNyiQDKW7g9hu2HGEn8s-gAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐ฉ
Burayot
2025-09-30 23:46:30
(9 months ago)
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 45.153.160.40 (CZ/Czechia/-): 1 in t ...
show more
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 45.153.160.40 (CZ/Czechia/-): 1 in the last 3600 secs
show less
Web App Attack
๐ซ๐ท
ecode hosting
2025-09-21 03:47:03
(9 months ago)
Domain : ermedmedical.com
Rule : admin
2025-09-21 03:46:02 10.100.1.20 GET /admin.zip - 443 - 45.153 ...
show more
Domain : ermedmedical.com
Rule : admin
2025-09-21 03:46:02 10.100.1.20 GET /admin.zip - 443 - 45.153.160.40 HTTP/1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0 - ermedmedical.com 404 0 2 1462 531 188 - -
show less
Hacking
SQL Injection
Brute-Force
๐บ๐ธ
TPI-Abuse
2025-09-15 01:04:23
(9 months ago)
(mod_security) mod_security (id:210730) triggered by 45.153.160.40 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 45.153.160.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 14 21:04:16.827457 2025] [security2:error] [pid 32678:tid 32678] [client 45.153.160.40:64153] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kemela.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kemela.com"] [uri "/archive.sql"] [unique_id "aMdmECs4WlHo_AGo6lQ0bQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-09-14 23:11:11
(9 months ago)
(mod_security) mod_security (id:210730) triggered by 45.153.160.40 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 45.153.160.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 14 19:11:05.380481 2025] [security2:error] [pid 29710:tid 29710] [client 45.153.160.40:5443] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||voodooshop.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "voodooshop.com"] [uri "/backup_3.sql"] [unique_id "aMdLiVz4D390dHK00lyogAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
ecosmartfire.com.au
2025-09-11 23:32:00
(9 months ago)
45.153.160.40 - - [12/Sep/2025:09:32:26 +1000] "GET /exports/ecosmartfire.ca.tar.gz HTTP/2.0" 403 13 ...
show more
45.153.160.40 - - [12/Sep/2025:09:32:26 +1000] "GET /exports/ecosmartfire.ca.tar.gz HTTP/2.0" 403 130 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36"
show less
Hacking
Brute-Force
๐บ๐ธ
TPI-Abuse
2025-09-11 21:38:32
(9 months ago)
(mod_security) mod_security (id:210730) triggered by 45.153.160.40 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 45.153.160.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 11 17:38:24.616596 2025] [security2:error] [pid 19036:tid 19036] [client 45.153.160.40:10245] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||allautousa.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "allautousa.com"] [uri "/exports/allautousa-backup.sql"] [unique_id "aMNBUOKMVzPELU68ckB20wAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack