SkyDancer
2024-12-06 22:39:33
(6 days ago)
Multiple login attempts via RDP and/or SSH using wrong credentials. Attack automatically blocked by ... show more Multiple login attempts via RDP and/or SSH using wrong credentials. Attack automatically blocked by SkyDancer Ai. EXT-SYS-A-X show less
Hacking
Brute-Force
SSH
taivas.nl
2024-11-28 04:02:12
(2 weeks ago)
Bad_requests
Bad Web Bot
Evag Touf
2024-11-24 17:33:04
(2 weeks ago)
(mod_security) mod_security triggered on hostname [redacted] 45.66.230.26 (BG/Bulgaria/-): (CF_ENAB ... show more (mod_security) mod_security triggered on hostname [redacted] 45.66.230.26 (BG/Bulgaria/-): (CF_ENABLE) show less
SQL Injection
Al Coholic
2024-11-21 02:19:07
(3 weeks ago)
Detected By Fail2ban
Bad Web Bot
Rosh
2024-11-20 17:05:46
(3 weeks ago)
[11/20/24 18:05:45] Restricted access detected by web app
Web App Attack
Anonymous
2024-11-13 08:51:39
(4 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-11-12 10:22:54
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 45.66.230.26 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.66.230.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 05:22:48.827544 2024] [security2:error] [pid 6001:tid 6001] [client 45.66.230.26:58825] [client 45.66.230.26] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||qbasys.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "qbasys.com"] [uri "/QBAsys/mailto:[email protected] "] [unique_id "ZzMseDMXVR5FiMAr2p3Z_wAAAAY"], referer: http://qbasys.com//mailto:[email protected] ?subject=Error%20message%20[404]%20(none)%20for%20qbasys.com/QBAsys/%20port%2080%20on%20Tuesday,%2012-Nov-2024%2005:22:28%20EST%27 show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-12 04:05:44
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 45.66.230.26 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.66.230.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 23:05:36.645843 2024] [security2:error] [pid 12048:tid 12048] [client 45.66.230.26:61605] [client 45.66.230.26] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||the-practical-pionus.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "the-practical-pionus.com"] [uri "/mailto:[email protected] "] [unique_id "ZzLUEJATaC42GvZWnwQNwwAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-11 18:39:41
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 45.66.230.26 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.66.230.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 13:39:37.344077 2024] [security2:error] [pid 22610:tid 22610] [client 45.66.230.26:64648] [client 45.66.230.26] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||tearstojoy.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "tearstojoy.com"] [uri "/tearstojoy/mailto:[email protected] "] [unique_id "ZzJPadciWZKIU0EgO8mmIgAAAAI"], referer: http://tearstojoy.com//mailto:[email protected] ?subject=Error%20message%20[404]%20(none)%20for%20tearstojoy.com/tearstojoy%20port%2080%20on%20Monday,%2011-Nov-2024%2013:39:36%20EST%27 show less
Brute-Force
Bad Web Bot
Web App Attack
Cloudkul Cloudkul
2024-11-11 18:25:06
(1 month ago)
Multiple unauthorized attempts to access web resources
Brute-Force
Web App Attack
TPI-Abuse
2024-11-11 17:41:12
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 45.66.230.26 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.66.230.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 12:41:05.005147 2024] [security2:error] [pid 13903:tid 13903] [client 45.66.230.26:65087] [client 45.66.230.26] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||crescentcitycafe.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "crescentcitycafe.com"] [uri "/mailto:[email protected] "] [unique_id "ZzJBsU4ITUx5H3OMd0jaWQAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
conseilgouz
2024-11-11 15:51:10
(1 month ago)
are-12 : Block return, carriage return, ... characters=>/component/search/?id=37%27&Itemid=1 ... show more are-12 : Block return, carriage return, ... characters=>/component/search/?id=37%27&Itemid=103&format=opensearch(') show less
Hacking
Anonymous
2024-11-11 11:44:19
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-11-11 11:29:14
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 45.66.230.26 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.66.230.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 06:29:08.005676 2024] [security2:error] [pid 21219:tid 21219] [client 45.66.230.26:53093] [client 45.66.230.26] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||jhonbens.com|F|2"] [data ".net;[email protected] ;[email protected] ;[email protected] "] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jhonbens.com"] [uri "/mailto:[email protected] ;[email protected] ;[email protected] ;[email protected] "] [unique_id "ZzHqhKZwvDIp3jnaW4AtkQAAABc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-11 11:13:59
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 45.66.230.26 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.66.230.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 06:13:55.379894 2024] [security2:error] [pid 25261:tid 25261] [client 45.66.230.26:49901] [client 45.66.230.26] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||lakesideshelving.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lakesideshelving.com"] [uri "/mailto:[email protected] "] [unique_id "ZzHm81oPyClaylRU6FGt1AAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack