TPI-Abuse
2024-10-28 07:19:31
(5 days ago)
(mod_security) mod_security (id:210730) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 28 03:19:26.663349 2024] [security2:error] [pid 28807:tid 28878] [client 45.91.20.248:18601] [client 45.91.20.248] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||bluetigertees.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bluetigertees.com"] [uri "/bak/www.sql"] [unique_id "Zx86_uqmZefhJdY20bH-HwAAAcA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-26 15:31:53
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 26 11:31:47.599974 2024] [security2:error] [pid 30612:tid 30612] [client 45.91.20.248:21325] [client 45.91.20.248] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mapleleaf-marketing.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mapleleaf-marketing.com"] [uri "/back/wallet.dat"] [unique_id "Zx0LYzLNPgPtkxKWRSUlJgAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-09 12:20:33
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 09 08:20:29.032970 2024] [security2:error] [pid 13151:tid 13151] [client 45.91.20.248:13289] [client 45.91.20.248] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "usbea.com"] [uri "/old/sftp-config.json"] [unique_id "ZwZ1DSTGaCYjQgjoUzTvFwAAABQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
MSZ
2024-10-09 06:33:10
(3 weeks ago)
Blocked by Fail2Ban (plesk-modsecurity)
Hacking
Brute-Force
Web App Attack
Anonymous
2024-10-09 05:53:01
(3 weeks ago)
Account archive download attempts
Hacking
Brute-Force
TPI-Abuse
2024-10-08 04:05:28
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 08 00:05:21.738580 2024] [security2:error] [pid 31474:tid 31474] [client 45.91.20.248:20859] [client 45.91.20.248] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.naturephotographyadventures.com"] [uri "/biodiane.htm/old/sftp-config.json"] [unique_id "ZwSvgW5bHxYtBTLuvvgAZwAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-03 09:16:25
(4 weeks ago)
(mod_security) mod_security (id:210730) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 03 05:16:18.856511 2024] [security2:error] [pid 10285:tid 10285] [client 45.91.20.248:8855] [client 45.91.20.248] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||www.spectorworld.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.spectorworld.com"] [uri "/backups/backup.sql"] [unique_id "Zv5g4lpnyDyBZHeILX476QAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-10 10:10:05
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 10 06:09:56.075705 2024] [security2:error] [pid 21753:tid 21753] [client 45.91.20.248:10649] [client 45.91.20.248] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||nationalenq.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nationalenq.com"] [uri "/mysql.sql"] [unique_id "ZuAa9DLINPb-eJJnwxmhmAAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-24 16:00:28
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 24 12:00:21.982635 2024] [security2:error] [pid 4388:tid 4388] [client 45.91.20.248:15453] [client 45.91.20.248] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.enriquelaw.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.enriquelaw.com"] [uri "/back/mysql.sql"] [unique_id "ZsoDlRSoqZiTqV9p3Yw4QQAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-24 15:39:26
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 24 11:39:19.716498 2024] [security2:error] [pid 3707754:tid 3707754] [client 45.91.20.248:45233] [client 45.91.20.248] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "wethepeoplealliance.network"] [uri "/old/sftp-config.json"] [unique_id "Zsn-p5wsaSYds-Wunut-xAAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-06-11 18:40:29
(4 months ago)
(mod_security) mod_security (id:217280) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:217280) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 11 14:40:23.310796 2024] [security2:error] [pid 12339] [client 45.91.20.248:30461] [client 45.91.20.248] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\n|\\\\r)+(?:get|post|head|options|connect|put|delete|trace|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "137"] [id "217280"] [rev "6"] [msg "COMODO WAF: HTTP Request Smuggling Attack||networkingpeak.com|F|2"] [data "Matched Data: put found within MATCHED_VAR"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "networkingpeak.com"] [uri "/contact.html"] [unique_id "ZmiaF2TB8aUL0H0fjAyI4wAAAAU"], referer: http://networkingpeak.com/contact.html show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-06-11 18:11:52
(4 months ago)
(mod_security) mod_security (id:217280) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:217280) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 11 14:11:48.500169 2024] [security2:error] [pid 10253] [client 45.91.20.248:50075] [client 45.91.20.248] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\n|\\\\r)+(?:get|post|head|options|connect|put|delete|trace|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "137"] [id "217280"] [rev "6"] [msg "COMODO WAF: HTTP Request Smuggling Attack||www.qkarz.com|F|2"] [data "Matched Data: get found within MATCHED_VAR"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "www.qkarz.com"] [uri "/pages/contactus"] [unique_id "ZmiTZAfbm2OTEeRRp4kr9QAAAA8"], referer: http://www.qkarz.com/pages/contactus show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-06-11 08:34:34
(4 months ago)
(mod_security) mod_security (id:217280) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:217280) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 11 04:34:27.125874 2024] [security2:error] [pid 129794] [client 45.91.20.248:49839] [client 45.91.20.248] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\n|\\\\r)+(?:get|post|head|options|connect|put|delete|trace|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "137"] [id "217280"] [rev "6"] [msg "COMODO WAF: HTTP Request Smuggling Attack||advantstudio.com|F|2"] [data "Matched Data: get found within MATCHED_VAR"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "advantstudio.com"] [uri "/"] [unique_id "ZmgME7UfSXYD-Vt5ylbEdAAAAAY"], referer: https://advantstudio.com/ show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-06-11 06:06:22
(4 months ago)
Web Spam
TPI-Abuse
2024-06-11 04:20:49
(4 months ago)
(mod_security) mod_security (id:217280) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:217280) triggered by 45.91.20.248 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 11 00:20:45.861544 2024] [security2:error] [pid 28083] [client 45.91.20.248:17139] [client 45.91.20.248] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\n|\\\\r)+(?:get|post|head|options|connect|put|delete|trace|propfind|propatch|mkcol|copy|move|lock|unlock)\\\\s+" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "137"] [id "217280"] [rev "6"] [msg "COMODO WAF: HTTP Request Smuggling Attack||fxztrader.com|F|2"] [data "Matched Data: get found within MATCHED_VAR"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "fxztrader.com"] [uri "/contact/"] [unique_id "ZmfQndktYw8HXJiHMtrMTwAAAAE"], referer: https://fxztrader.com/contact/ show less
Brute-Force
Bad Web Bot
Web App Attack