TPI-Abuse
2024-11-30 13:44:36
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 51.107.6.208 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 51.107.6.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 08:44:28.882188 2024] [security2:error] [pid 32252:tid 32252] [client 51.107.6.208:62009] [client 51.107.6.208] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.34thprs.org"] [uri "/.env"] [unique_id "Z0sWvOLxgk8D8ArWyZBHMAAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-30 13:43:16
(2 days ago)
Ports: 80,443; Direction: 0; Trigger: LF_MODSEC
Brute-Force
SSH
TPI-Abuse
2024-11-30 13:29:24
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 51.107.6.208 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 51.107.6.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 08:29:17.817832 2024] [security2:error] [pid 5240:tid 5240] [client 51.107.6.208:63134] [client 51.107.6.208] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.anenchantingevening.com"] [uri "/.env"] [unique_id "Z0sTLW_c4Iru5qtmrCi0CgAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-30 13:24:33
(2 days ago)
Trolling and Banned:CE
Hacking
Web App Attack
TPI-Abuse
2024-11-30 09:55:22
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 51.107.6.208 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 51.107.6.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 04:55:19.240703 2024] [security2:error] [pid 4015690:tid 4015690] [client 51.107.6.208:60528] [client 51.107.6.208] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nccb.org"] [uri "/.env"] [unique_id "Z0rhBy8NV_AOYYasGwz1nQAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
netclix.gr
2024-11-30 09:40:58
(2 days ago)
(CT) IP 51.107.6.208 (CH/Switzerland/Zurich/Zurich/-) found to have 11 connections; Ports: *; Direct ... show more (CT) IP 51.107.6.208 (CH/Switzerland/Zurich/Zurich/-) found to have 11 connections; Ports: *; Direction: inout; Trigger: CT_LIMIT; Logs: tcp: 51.107.6.208:50787 -> 148.251.44.120:443 (ESTABLISHED)
tcp: 51.107.6.208:52839 -> 148.251.44.120:443 (TIME_WAIT)
tcp: 51.107.6.208:55721 -> 148.251.44.120:443 (ESTABLISHED)
tcp: 51.107.6.208:58353 -> 148.251.44.120:443 (ESTABLISHED)
tcp: 51.107.6.208:57287 -> 148.251.44.120:443 (TIME_WAIT)
tcp: 51.107.6.208:51972 -> 148.251.44.120:443 (ESTABLISHED)
tcp: 51.107.6.208:53131 -> 148.251.44.120:443 (TIME_WAIT)
tcp: 51.107.6.208:57205 -> 148.251.44.120:443 (TIME_WAIT)
tcp: 51.107.6.208:57995 -> 148.251.44.120:443 (ESTABLISHED)
tcp: 51.107.6.208:52603 -> 148.251.44.120:443 (ESTABLISHED)
tcp: 51.107.6.208:57313 -> 148.251.44.120:443 (TIME_WAIT) show less
Port Scan
TPI-Abuse
2024-11-30 09:35:46
(2 days ago)
(mod_security) mod_security (id:212620) triggered by 51.107.6.208 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:212620) triggered by 51.107.6.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 04:35:41.051547 2024] [security2:error] [pid 28693:tid 28693] [client 51.107.6.208:53995] [client 51.107.6.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||old.renju.net|F|2"] [data "Matched Data: <script found within REQUEST_URI: /blog/index.php?showcomment=<script>alert('xss')</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "old.renju.net"] [uri "/blog/index.php"] [unique_id "Z0rcbWdcvoEo4Gc_yrN2qAAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-30 09:32:35
(2 days ago)
fail2ban_mm apache-modsecurity [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Ch ... show more fail2ban_mm apache-modsecurity [msg "Meta-Character Anomaly Detection Alert - Repetative Non-Word Characters"] [uri "/cgi-bin/new.cgi"] show less
Web App Attack
Aetherweb Ark
2024-11-30 09:10:53
(2 days ago)
(mod_security) mod_security (id:210580) triggered by 51.107.6.208 (CH/Switzerland/-): N in the last ... show more (mod_security) mod_security (id:210580) triggered by 51.107.6.208 (CH/Switzerland/-): N in the last X secs show less
Web App Attack
TPI-Abuse
2024-11-30 09:07:29
(2 days ago)
(mod_security) mod_security (id:212620) triggered by 51.107.6.208 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:212620) triggered by 51.107.6.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 04:07:24.275533 2024] [security2:error] [pid 2826731:tid 2826731] [client 51.107.6.208:56386] [client 51.107.6.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||needtoorder.com|F|2"] [data "Matched Data: <script found within REQUEST_URI: /snap-apart-forms-m-1.html?page=<script>alert('xss')</script>&sort=2a"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "needtoorder.com"] [uri "/snap-apart-forms-m-1.html"] [unique_id "Z0rVzCOBHh5eyMzBKFTFIwAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-30 08:46:41
(2 days ago)
(mod_security) mod_security (id:212620) triggered by 51.107.6.208 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:212620) triggered by 51.107.6.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 03:46:37.754433 2024] [security2:error] [pid 21509:tid 21509] [client 51.107.6.208:50182] [client 51.107.6.208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack||www.csme-eprr.com|F|2"] [data "Matched Data: <script found within REQUEST_URI: /membership.htm?a=<script>alert('xss')</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.csme-eprr.com"] [uri "/membership.htm"] [unique_id "Z0rQ7bdul_mUEGKDBpl2wwAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
Sklurk
2024-11-30 08:34:58
(2 days ago)
Web App Attack
Web App Attack
el-brujo
2024-11-30 08:23:11
(2 days ago)
Cloudflare WAF: Request Path: /.env Request Query: Host: www.elhacker.net userAgent: Mozilla/5.0 (W ... show more Cloudflare WAF: Request Path: /.env Request Query: Host: www.elhacker.net userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Action: block Source: firewallManaged ASN Description: MICROSOFT-CORP-MSN-AS-BLOCK Country: CH Method: GET Timestamp: 2024-11-30T08:23:11Z ruleId: 23548ee2b36547a1be09bb2c0550c529. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less
Hacking
SQL Injection
Web App Attack
TPI-Abuse
2024-11-30 08:17:04
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 51.107.6.208 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 51.107.6.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 30 03:17:01.394896 2024] [security2:error] [pid 4154322:tid 4154322] [client 51.107.6.208:57966] [client 51.107.6.208] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.yarbroughfamily.org"] [uri "/.env"] [unique_id "Z0rJ_YnNr68meqM0rc3E5QAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
AvonleaConsulting
2024-11-30 08:11:31
(2 days ago)
Scanning unused Default website or suspicious access to valid sites from IP marked as abusive
Bad Web Bot
Web App Attack