Anonymous
2024-09-14 01:17:53
(2 days ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
niceshops.com
2024-09-13 20:40:45
(2 days ago)
Web Attack ([13/Sep/2024:22:40:43 +0200] )
Brute-Force
Bad Web Bot
Web App Attack
oncord
2024-09-09 17:09:04
(6 days ago)
Form spam
Web Spam
TPI-Abuse
2024-09-09 11:12:58
(6 days ago)
(mod_security) mod_security (id:210730) triggered by 5.255.127.222 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 5.255.127.222 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 09 07:12:52.332480 2024] [security2:error] [pid 23819:tid 23819] [client 5.255.127.222:47568] [client 5.255.127.222] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||sandiegoautostarsmog.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "sandiegoautostarsmog.com"] [uri "/sa.sql"] [unique_id "Zt7YNGHD0LxfwgUOSFQAjgAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Sefinek
2024-09-08 22:48:56
(1 week ago)
IP 5.255.127.222 [T1] triggered Cloudflare WAF (securitylevel).
Action taken: MANAGED_CHALLENG ... show more IP 5.255.127.222 [T1] triggered Cloudflare WAF (securitylevel).
Action taken: MANAGED_CHALLENGE
ASN: 60404 (LITESERVER)
Protocol: HTTP/1.0 (method GET)
Domain: blocklist.sefinek.net
Endpoint: /
Timestamp: 2024-09-08T13:58:46Z
Ray ID: 8bff748a78ff667a
Rule ID: badscore
User agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36
Report generated by Node-Cloudflare-WAF-AbuseIPDB (https://github.com/sefinek24/Node-Cloudflare-WAF-AbuseIPDB) show less
Bad Web Bot
seoxan.es
2024-09-08 21:07:26
(1 week ago)
SQL Injection attempt detected
SQL Injection
Anonymous
2024-09-06 18:29:17
(1 week ago)
multiple unauthorized attempts at Fri, 06 Sep 2024 05:40:10 +0000 a total of 1 times.
Brute-Force
oncord
2024-09-05 03:58:37
(1 week ago)
Form spam
Web Spam
TPI-Abuse
2024-09-04 07:29:07
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 5.255.127.222 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 5.255.127.222 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 04 03:29:01.831252 2024] [security2:error] [pid 11399:tid 11399] [client 5.255.127.222:34412] [client 5.255.127.222] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||cgautomatizacion.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "cgautomatizacion.com"] [uri "/blog/wp-json/wp/v2/users/"] [unique_id "ZtgMPXcXRCBSYCC9wtnD9gAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
quicksand
2024-09-03 17:50:29
(1 week ago)
Malicious URI path [GET /.git/config] [Go-http-client/1.1] **Reported from WAF sampled requests**
Bad Web Bot
Web App Attack
Swiptly
2024-08-30 19:39:44
(2 weeks ago)
WordPress xmlrpc spam or enumeration
...
Web Spam
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-30 01:14:31
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 5.255.127.222 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 5.255.127.222 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 29 21:14:25.368584 2024] [security2:error] [pid 20776:tid 20779] [client 5.255.127.222:36216] [client 5.255.127.222] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||cheqs.org|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cheqs.org"] [uri "/eqs.sql"] [unique_id "ZtEc8T45-7eTGm_n_LgXTQAAAME"] show less
Brute-Force
Bad Web Bot
Web App Attack
rtbh.com.tr
2024-08-27 20:55:13
(2 weeks ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
TPI-Abuse
2024-08-26 22:16:55
(2 weeks ago)
(mod_security) mod_security (id:211190) triggered by 5.255.127.222 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:211190) triggered by 5.255.127.222 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 26 18:16:50.885345 2024] [security2:error] [pid 1931:tid 1931] [client 5.255.127.222:59008] [client 5.255.127.222] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||arthuryeung.net|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?rest_route=%2Fessential-blocks%2Fv1%2Fproducts&is_frontend=true&attributes={\\x22__file\\x22:\\x22/etc%2fpasswd\\x22}"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arthuryeung.net"] [uri "/index.php"] [unique_id "Zsz-0jDEgf5dHSGeQ_8UdgAAACY"] show less
Brute-Force
Bad Web Bot
Web App Attack
oncord
2024-08-26 03:53:30
(2 weeks ago)
Form spam
Web Spam