Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
Xuan Can
|
|
(mod_security) mod_security (id:77220020) triggered by 45.94.236.121 (DE/Germany/-): 1 in the last 3 ... show more(mod_security) mod_security (id:77220020) triggered by 45.94.236.121 (DE/Germany/-): 1 in the last 3600 secs; Ports: 80,443; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 27 14:42:05.877039 2024] [security2:error] [pid 12733:tid 12875] [client 45.94.236.121:48531] [client 45.94.236.121] ModSecurity: Access denied with code 403 (phase 1). Match of "rx \\\\/exchange_1C_Opencart\\\\.php" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/013_i360_generic.conf"] [line "82"] [id "77220020"] [msg "IM360 WAF: DoS vulnerability in Apache 2.2.17 - 2.2.21 (CVE-2012-0021)||MVN:REQUEST_URI||MV:/||RSV:6.33||T:APACHE||"] [severity "CRITICAL"] [tag "service_gen"] [hostname "test31.pavietnam.com"] [uri "/"] [unique_id "Z25aTT2h2nrFNoJQ2Gmo6gAAAVY"] show less
|
Brute-Force
SSH
|
|
MAGIC
|
|
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:220020) triggered by 45.94.236.121 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:220020) triggered by 45.94.236.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 26 14:48:11.625442 2024] [security2:error] [pid 17773:tid 17773] [client 45.94.236.121:50197] [client 45.94.236.121] ModSecurity: Access denied with code 403 (phase 1). Pattern match "(^|;)=(;|$)" at REQUEST_HEADERS:Cookie. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "220020"] [rev "2"] [msg "COMODO WAF: DoS vulnerability in Apache 2.2.17 - 2.2.21 (CVE-2012-0021)||khaistencpa.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "khaistencpa.com"] [uri "/"] [unique_id "Z22y-4zON-90UZ8xV_oE2gAAAAU"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
backslash
|
|
honeypot
|
Bad Web Bot
|
|
Xuan Can
|
|
(mod_security) mod_security (id:77220020) triggered by 45.94.236.121 (DE/Germany/-): 1 in the last 3 ... show more(mod_security) mod_security (id:77220020) triggered by 45.94.236.121 (DE/Germany/-): 1 in the last 3600 secs; Ports: 80,443; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 19 17:20:38.024166 2024] [security2:error] [pid 8912:tid 8947] [client 45.94.236.121:0] [client 45.94.236.121] ModSecurity: Access denied with code 403 (phase 1). Match of "rx \\\\/exchange_1C_Opencart\\\\.php" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/imunify360-full-apache/013_i360_generic.conf"] [line "82"] [id "77220020"] [msg "IM360 WAF: DoS vulnerability in Apache 2.2.17 - 2.2.21 (CVE-2012-0021)||MVN:REQUEST_URI||MV:/||RSV:6.33||T:APACHE||"] [severity "CRITICAL"] [tag "service_gen"] [hostname "kb.sieuthimaychu.vn"] [uri "/"] [unique_id "Z2PzdtJOInBKfXWx8-G0WgAAAQg"], referer: http://uke.services show less
|
Brute-Force
SSH
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:220020) triggered by 45.94.236.121 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:220020) triggered by 45.94.236.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 19 02:03:32.553462 2024] [security2:error] [pid 10184:tid 10205] [client 45.94.236.121:36851] [client 45.94.236.121] ModSecurity: Access denied with code 403 (phase 1). Pattern match "(^|;)=(;|$)" at REQUEST_HEADERS:Cookie. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "74"] [id "220020"] [rev "2"] [msg "COMODO WAF: DoS vulnerability in Apache 2.2.17 - 2.2.21 (CVE-2012-0021)||www.fiefblondel.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.fiefblondel.com"] [uri "/"] [unique_id "Z2PFRAFjpIYG6GqG3WvavwAAABM"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:220020) triggered by 45.94.236.121 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:220020) triggered by 45.94.236.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 17 20:44:17.630439 2024] [security2:error] [pid 27519:tid 27519] [client 45.94.236.121:14435] [client 45.94.236.121] ModSecurity: Access denied with code 403 (phase 1). Pattern match "(^|;)=(;|$)" at REQUEST_HEADERS:Cookie. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "74"] [id "220020"] [rev "2"] [msg "COMODO WAF: DoS vulnerability in Apache 2.2.17 - 2.2.21 (CVE-2012-0021)||triangleanchor.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "triangleanchor.com"] [uri "/"] [unique_id "Z2Io8URQ6VOjrYLt_pepIwAAAAo"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:220020) triggered by 45.94.236.121 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:220020) triggered by 45.94.236.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 17 16:03:30.668589 2024] [security2:error] [pid 19392:tid 19392] [client 45.94.236.121:56163] [client 45.94.236.121] ModSecurity: Access denied with code 403 (phase 1). Pattern match "(^|;)=(;|$)" at REQUEST_HEADERS:Cookie. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "74"] [id "220020"] [rev "2"] [msg "COMODO WAF: DoS vulnerability in Apache 2.2.17 - 2.2.21 (CVE-2012-0021)||worldchat.global|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "worldchat.global"] [uri "/"] [unique_id "Z2HnIg_qHO6tTu4pcoC_7gAAAAU"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
MAGIC
|
|
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
|
DDoS Attack
Bad Web Bot
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:220020) triggered by 45.94.236.121 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:220020) triggered by 45.94.236.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 16 11:11:53.547712 2024] [security2:error] [pid 13151:tid 13151] [client 45.94.236.121:14679] [client 45.94.236.121] ModSecurity: Access denied with code 403 (phase 1). Pattern match "(^|;)=(;|$)" at REQUEST_HEADERS:Cookie. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "74"] [id "220020"] [rev "2"] [msg "COMODO WAF: DoS vulnerability in Apache 2.2.17 - 2.2.21 (CVE-2012-0021)||artbytracyjane.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "artbytracyjane.com"] [uri "/"] [unique_id "Z2BRSeomARDIL37ZS_4dPwAAAAA"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:220020) triggered by 45.94.236.121 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:220020) triggered by 45.94.236.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 16 07:58:35.077027 2024] [security2:error] [pid 21451:tid 21451] [client 45.94.236.121:53823] [client 45.94.236.121] ModSecurity: Access denied with code 403 (phase 1). Pattern match "(^|;)=(;|$)" at REQUEST_HEADERS:Cookie. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "74"] [id "220020"] [rev "2"] [msg "COMODO WAF: DoS vulnerability in Apache 2.2.17 - 2.2.21 (CVE-2012-0021)||toppress.ca|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "toppress.ca"] [uri "/"] [unique_id "Z2Aj-1jeHvN6dcs01z_JeAAAAAo"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:220020) triggered by 45.94.236.121 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:220020) triggered by 45.94.236.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 16 07:10:02.767215 2024] [security2:error] [pid 9800:tid 9800] [client 45.94.236.121:62213] [client 45.94.236.121] ModSecurity: Access denied with code 403 (phase 1). Pattern match "(^|;)=(;|$)" at REQUEST_HEADERS:Cookie. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "74"] [id "220020"] [rev "2"] [msg "COMODO WAF: DoS vulnerability in Apache 2.2.17 - 2.2.21 (CVE-2012-0021)||www.nashes.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.nashes.net"] [uri "/"] [unique_id "Z2AYmtvotOveSrP0aKPKwAAAAAY"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:220020) triggered by 45.94.236.121 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:220020) triggered by 45.94.236.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 15 08:10:05.343197 2024] [security2:error] [pid 1349716:tid 1349716] [client 45.94.236.121:12025] [client 45.94.236.121] ModSecurity: Access denied with code 403 (phase 1). Pattern match "(^|;)=(;|$)" at REQUEST_HEADERS:Cookie. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "74"] [id "220020"] [rev "2"] [msg "COMODO WAF: DoS vulnerability in Apache 2.2.17 - 2.2.21 (CVE-2012-0021)||www.proprocessor.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.proprocessor.com"] [uri "/deerprocessingequipment.htm"] [unique_id "Z17VLeV-exbxse2QS067sgAAABI"], referer: http://bauernhofmieten.de show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:217291) triggered by 45.94.236.121 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:217291) triggered by 45.94.236.121 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 14 23:21:53.473078 2024] [security2:error] [pid 13432:tid 13432] [client 45.94.236.121:41747] [client 45.94.236.121] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(\\\\n|\\\\r)" at ARGS_NAMES:\\r\\nfromwhere. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "145"] [id "217291"] [rev "2"] [msg "HTTP Header Injection Attack via payload (CR/LF detected)||jeffersonlynn.com|F|2"] [data "Matched Data: \\x0d found within ARGS_NAMES:\\x5cr\\x5cnfromwhere: \\x0d\\x0afromwhere"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "jeffersonlynn.com"] [uri "/g12terms.php"] [unique_id "Z15ZYQgzkIBpcazqXm3SdQAAAAk"], referer: https://jeffersonlynn.com show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|