hbrks
2024-05-11 07:24:38
(3 months ago)
HEAD http://ncs.guru/bak.rar * statusCode: 503 *
Web Spam
Hacking
Bad Web Bot
hbrks
2024-05-11 04:01:29
(4 months ago)
HEAD http://epay.world/backup/sftp-config.json * statusCode: 503 *
Web Spam
Hacking
Bad Web Bot
10dencehispahard SL
2024-05-11 04:00:03
(4 months ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
hbrks
2024-05-11 03:32:13
(4 months ago)
HEAD http://epay.world/directory.tar * statusCode: 503 *
Web Spam
Hacking
Bad Web Bot
hbrks
2024-04-22 16:37:23
(4 months ago)
HEAD http://ncs.guru/bak/www.tar.gz * statusCode: 503 *
Web Spam
Hacking
Bad Web Bot
TPI-Abuse
2024-04-22 16:15:28
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 22 12:15:24.082697 2024] [security2:error] [pid 5821] [client 45.91.20.247:52213] [client 45.91.20.247] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||bitcointoolshop.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bitcointoolshop.com"] [uri "/backups/www.sql"] [unique_id "ZiaNHMwrNIzzaasFL46HsAAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-04-21 07:34:25
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 21 03:34:17.759519 2024] [security2:error] [pid 11469] [client 45.91.20.247:25917] [client 45.91.20.247] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||gcigmbh.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gcigmbh.com"] [uri "/dump.sql"] [unique_id "ZiTBeZSPl_baztnOVTIMfgAAABU"] show less
Brute-Force
Bad Web Bot
Web App Attack
Thaliruth
2024-04-21 07:11:15
(4 months ago)
reiter-von-rohan.com:443 45.91.20.247 - - [21/Apr/2024:09:08:35 +0200] "HEAD /back/index.zip HTTP/1. ... show more reiter-von-rohan.com:443 45.91.20.247 - - [21/Apr/2024:09:08:35 +0200] "HEAD /back/index.zip HTTP/1.0" 404 930 "-" "-"
45.91.20.247 - - [21/Apr/2024:09:08:35 +0200] "HEAD /back/index.zip HTTP/1.0" 404 930 "-" "-"
reports.reiter-von-rohan.com:443 45.91.20.247 - - [21/Apr/2024:09:11:14 +0200] "HEAD /back/www.zip HTTP/1.0" 404 774 "-" "-"
... show less
Hacking
Web App Attack
TPI-Abuse
2024-04-10 11:05:00
(5 months ago)
(mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 10 07:04:56.655656 2024] [security2:error] [pid 30957] [client 45.91.20.247:30473] [client 45.91.20.247] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mjkhan.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mjkhan.com"] [uri "/mysql.sql"] [unique_id "ZhZyWB9c0HR_0IRZBw8HOAAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-04-10 02:55:55
(5 months ago)
(mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 09 22:55:50.927138 2024] [security2:error] [pid 17200] [client 45.91.20.247:20545] [client 45.91.20.247] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||brazilianbikinis.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "brazilianbikinis.com"] [uri "/back/mysql.sql"] [unique_id "ZhX_tl7y68DDUtIJt9-mdAAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
hbrks
2024-04-07 15:07:23
(5 months ago)
HEAD http://crm.marche-be.com/bak/backup.zipstatusCode: 503
Web Spam
Hacking
Bad Web Bot
TPI-Abuse
2024-04-07 15:06:46
(5 months ago)
(mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 07 11:06:43.129720 2024] [security2:error] [pid 10790] [client 45.91.20.247:30451] [client 45.91.20.247] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||equine-essence.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "equine-essence.com"] [uri "/backup/dump.sql"] [unique_id "ZhK2g6fqD6AU-WNCsJOQSwAAABk"] show less
Brute-Force
Bad Web Bot
Web App Attack
hbrks
2024-04-07 14:50:44
(5 months ago)
HEAD http://crm.marche-be.com/bak/www.sqlstatusCode: 503
Web Spam
Hacking
Bad Web Bot
TPI-Abuse
2024-04-04 13:09:24
(5 months ago)
(mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 04 09:09:20.186596 2024] [security2:error] [pid 16090] [client 45.91.20.247:14421] [client 45.91.20.247] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||wethepeoplealliance.network|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "wethepeoplealliance.network"] [uri "/old/sql.sql"] [unique_id "Zg6mgJpSKehh3Q0Wo0cgAgAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-04-04 05:49:25
(5 months ago)
(mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 04 01:49:20.504799 2024] [security2:error] [pid 24156] [client 45.91.20.247:49943] [client 45.91.20.247] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||qualityelevatorcabs.com|F|2"] [data ".com.sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "qualityelevatorcabs.com"] [uri "/backup/qualityelevatorcabs.com.sql"] [unique_id "Zg4_YGNLrS8UWC0P8kpvdwAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack