diego
2024-12-07 02:43:34
(1 day ago)
Events: TCP SYN Discovery or Flooding, Seen 3 times in the last 10800 seconds
DDoS Attack
mnsf
2024-12-03 20:10:48
(4 days ago)
Too many Status 40X (14)
Brute-Force
Web App Attack
TPI-Abuse
2024-12-03 19:34:40
(4 days ago)
(mod_security) mod_security (id:210730) triggered by 45.91.20.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 45.91.20.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 03 14:34:36.710327 2024] [security2:error] [pid 2700:tid 2700] [client 45.91.20.8:38709] [client 45.91.20.8] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.domainexecs.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.domainexecs.com"] [uri "/backup/dump.sql"] [unique_id "Z09dTDVfzqRWAeVCSI0siQAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-12-03 00:55:20
(5 days ago)
(mod_security) mod_security (id:210730) triggered by 45.91.20.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 45.91.20.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 02 19:55:13.147126 2024] [security2:error] [pid 19747:tid 19747] [client 45.91.20.8:27967] [client 45.91.20.8] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||pigspolygon.xyz|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "pigspolygon.xyz"] [uri "/bak/wallet.dat"] [unique_id "Z05W8ch7HSVEPqeQRVRp0AAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
Valhalla
2024-12-03 00:44:42
(5 days ago)
Suspicious Activity Detected: /bak/backup.sql.gz
Hacking
Web App Attack
Anonymous
2024-11-30 02:03:18
(1 week ago)
Http Port:80 (http_status:403) - /owa/auth/logon.aspx?replaceCurrent=1&url=https%3A//owa.mailserver3 ... show more Http Port:80 (http_status:403) - /owa/auth/logon.aspx?replaceCurrent=1&url=https%3A//owa.mailserver3.inmesol.com/owa/ - Agent:Mozilla/5.0 (Windows NT 10.0; WOW64; rv:47.0) Gecko/20100101 Firefox/47.0 show less
Web App Attack
TPI-Abuse
2024-11-26 06:38:48
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 45.91.20.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 45.91.20.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 26 01:38:43.224917 2024] [security2:error] [pid 5371:tid 5371] [client 45.91.20.8:58931] [client 45.91.20.8] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cryptoedge.net"] [uri "/restore/sftp-config.json"] [unique_id "Z0Vs8zP9Ir_k8GC_YEYWqAAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-24 05:53:02
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 45.91.20.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 45.91.20.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 24 00:52:57.320200 2024] [security2:error] [pid 1355828:tid 1355828] [client 45.91.20.8:3251] [client 45.91.20.8] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aeongames.com"] [uri "/old/sftp-config.json"] [unique_id "Z0K_OT5mxTLmsIA6YiSsvQAAABU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-24 05:13:34
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 45.91.20.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 45.91.20.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 24 00:13:28.133491 2024] [security2:error] [pid 15758:tid 15758] [client 45.91.20.8:56579] [client 45.91.20.8] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||rdlogo.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "rdlogo.com"] [uri "/backup/dump.sql"] [unique_id "Z0K1-IFNiMEykWXmzqvWIAAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-22 16:05:00
(2 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-11-21 18:54:12
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 45.91.20.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 45.91.20.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 21 13:54:05.396927 2024] [security2:error] [pid 4286:tid 4286] [client 45.91.20.8:6827] [client 45.91.20.8] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ciptaconindotara.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ciptaconindotara.com"] [uri "/backup/sql.sql"] [unique_id "Zz-BzSydks6VvwMwt-NnCwAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-25 02:38:51
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 45.91.20.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 45.91.20.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 24 22:38:47.561994 2024] [security2:error] [pid 2685916:tid 2685916] [client 45.91.20.8:13457] [client 45.91.20.8] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.ixd.net|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.ixd.net"] [uri "/old/mysql.sql"] [unique_id "ZvN3t1aGHWiJ-JvfBoOf9AAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-06 06:32:58
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 45.91.20.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 45.91.20.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 06 02:32:53.898372 2024] [security2:error] [pid 6978:tid 6978] [client 45.91.20.8:16085] [client 45.91.20.8] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||krupaandsons.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "krupaandsons.com"] [uri "/mysql.sql"] [unique_id "ZrHDlcc7vAy8ywG1DCaYzQAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-05 00:54:26
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 45.91.20.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 45.91.20.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 04 20:54:18.491557 2024] [security2:error] [pid 10701:tid 10701] [client 45.91.20.8:60935] [client 45.91.20.8] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||sptzr.net|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "sptzr.net"] [uri "/backup.sql"] [unique_id "ZrAiurW98HDQzyUg0KUZNgAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-05 00:20:45
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 45.91.20.8 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 45.91.20.8 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 04 20:20:37.666873 2024] [security2:error] [pid 20234:tid 20234] [client 45.91.20.8:6229] [client 45.91.20.8] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||powderriverinc.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "powderriverinc.com"] [uri "/backup/www.sql"] [unique_id "ZrAa1T7AqIuUrexxR03FkgAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack