Thaliruth
|
|
45.91.20.247 - - [03/Apr/2024:23:09:23 +0200] "HEAD /bak/directory.tar.gz HTTP/1.1" 301 0 "-" "-"<br ... show more45.91.20.247 - - [03/Apr/2024:23:09:23 +0200] "HEAD /bak/directory.tar.gz HTTP/1.1" 301 0 "-" "-"
45.91.20.247 - - [03/Apr/2024:23:16:12 +0200] "HEAD /back/latest.zip HTTP/1.1" 301 0 "-" "-"
reports.reiter-von-rohan.com:443 45.91.20.247 - - [03/Apr/2024:23:16:13 +0200] "HEAD /back/latest.zip HTTP/1.0" 404 774 "-" "-"
... show less
|
Hacking
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 25 21:04:24.959570 2024] [security2:error] [pid 1535] [client 45.91.20.247:33979] [client 45.91.20.247] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||csgohub.gg|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "csgohub.gg"] [uri "/bak/mysql.sql"] [unique_id "ZgIfGJn7gx1eExvbf2FqnQAAAA4"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
hbrks
|
|
HEAD http://crm.marche-be.com/back/backup.sql.zip
statusCode: 503
|
Web Spam
Hacking
Bad Web Bot
|
|
hbrks
|
|
http://_/
statusCode: 400
user-agent:DDOS Attack
|
Web Spam
Hacking
Bad Web Bot
|
|
10dencehispahard SL
|
|
Unauthorized login attempts [ accesslogs]
|
Brute-Force
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:210492) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 27 02:14:13.839484 2024] [security2:error] [pid 6609] [client 45.91.20.247:26927] [client 45.91.20.247] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "powderriverinc.com"] [uri "/.env"] [unique_id "Zd2Lxc6C1DL94eh3ontHxwAAAA0"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Thaliruth
|
|
45.91.20.247 - - [20/Feb/2024:08:03:15 +0100] "HEAD /config.js HTTP/1.1" 301 0 "-" "-"
45.91.2 ... show more45.91.20.247 - - [20/Feb/2024:08:03:15 +0100] "HEAD /config.js HTTP/1.1" 301 0 "-" "-"
45.91.20.247 - - [20/Feb/2024:08:10:48 +0100] "HEAD /back/Archive.zip HTTP/1.1" 301 0 "-" "-"
reports.reiter-von-rohan.com:443 45.91.20.247 - - [20/Feb/2024:08:10:48 +0100] "HEAD /back/Archive.zip HTTP/1.0" 404 774 "-" "-"
... show less
|
Hacking
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 15 10:37:04.736945 2024] [security2:error] [pid 27705:tid 47774749980416] [client 45.91.20.247:51677] [client 45.91.20.247] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.fishrapper.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.fishrapper.com"] [uri "/backup/www.sql"] [unique_id "Zc4voGFMtbiD-i9vNibScwAAAAc"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
hbrks
|
|
HEAD http://leralmedia.com/bak/full_backup.zip
statusCode: 503
|
Web Spam
Hacking
Bad Web Bot
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 14 12:27:22.434061 2024] [security2:error] [pid 26092] [client 45.91.20.247:30799] [client 45.91.20.247] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||bitcoinbtcshop.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bitcoinbtcshop.com"] [uri "/backups/backup.sql"] [unique_id "Zcz3-k1HV-Sa4piGEp2Z6gAAABw"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 14 09:09:23.265740 2024] [security2:error] [pid 5331] [client 45.91.20.247:21679] [client 45.91.20.247] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.hodlmoser.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.hodlmoser.com"] [uri "/backup/wallet.dat"] [unique_id "ZczJkxkmkMGHJOKSQPWU-gAAAAo"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
hbrks
|
|
HEAD http://ncs.guru/restore/public_html.tar.gz
statusCode: 503
|
Web Spam
Hacking
Bad Web Bot
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 11 22:52:16.962373 2024] [security2:error] [pid 18852] [client 45.91.20.247:58223] [client 45.91.20.247] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||oliverhardy.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "oliverhardy.com"] [uri "/restore/mysql.sql"] [unique_id "ZcmV8IQTVdGUayi2gkUaZAAAAAQ"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 11 19:54:19.586661 2024] [security2:error] [pid 795] [client 45.91.20.247:13945] [client 45.91.20.247] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||sptzr.net|F|2"] [data ".net.sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "sptzr.net"] [uri "/old/sptzr.net.sql"] [unique_id "ZclsO5PV0JsWP5lby-DJIwAAAA4"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports ... show more(mod_security) mod_security (id:210730) triggered by 45.91.20.247 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 10 09:29:26.268891 2024] [security2:error] [pid 12657] [client 45.91.20.247:58143] [client 45.91.20.247] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||thegoldentether.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "thegoldentether.com"] [uri "/backups/backup.sql"] [unique_id "ZceIRt6hUwBv1AgP2QawNwAAAAQ"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|