nowyouknow
2024-11-01 22:36:44
(23 hours ago)
Phishing
Web Spam
TPI-Abuse
2024-11-01 13:43:34
(1 day ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 01 09:43:29.941173 2024] [security2:error] [pid 25252:tid 25252] [client 64.64.123.53:63679] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||sptzr.net|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "sptzr.net"] [uri "/back/mysql.sql"] [unique_id "ZyTbAT7hw6tqPqnzFxRoIAAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-11-01 08:08:35
(1 day ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TPI-Abuse
2024-10-30 22:36:08
(2 days ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 30 18:36:03.196753 2024] [security2:error] [pid 11241:tid 11241] [client 64.64.123.53:32259] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||lundtrading.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lundtrading.com"] [uri "/backup/sql.sql"] [unique_id "ZyK00_YKX2ndmu9hMbO2XgAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
MSZ
2024-10-30 22:32:15
(2 days ago)
Blocked by Fail2Ban (plesk-modsecurity)
Hacking
Brute-Force
Web App Attack
Anonymous
2024-10-30 22:20:16
(2 days ago)
Account archive download attempts
Hacking
Brute-Force
TPI-Abuse
2024-10-26 00:46:56
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 25 20:46:51.389461 2024] [security2:error] [pid 12779:tid 12779] [client 64.64.123.53:39223] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||gcigmbh.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gcigmbh.com"] [uri "/bak/sql.sql"] [unique_id "Zxw7-3rPKJ9tSisv3cDfkAAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-25 06:42:22
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 25 02:42:14.653837 2024] [security2:error] [pid 32553:tid 32553] [client 64.64.123.53:21841] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||pigspolygon.xyz|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "pigspolygon.xyz"] [uri "/old/www.sql"] [unique_id "Zxs9xu0CIZ7e7Wo5CgC-tQAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
abusiveIntelligence
2024-10-21 04:10:00
(1 week ago)
RDP Local Account Slowly Brute-force Attempt
Brute-Force
abusiveIntelligence
2024-10-20 15:50:00
(1 week ago)
RDP Local Account Slowly Brute-force Attempt
Brute-Force
abusiveIntelligence
2024-10-20 03:30:00
(1 week ago)
RDP Local Account Slowly Brute-force Attempt
Brute-Force
abusiveIntelligence
2024-10-19 18:40:00
(2 weeks ago)
RDP Local Account Slowly Brute-force Attempt
Brute-Force
abusiveIntelligence
2024-10-19 04:30:00
(2 weeks ago)
RDP Local Account Slowly Brute-force Attempt
Brute-Force
Anonymous
2024-10-19 03:36:12
(2 weeks ago)
RDP brute force attack.
Port Scan
Brute-Force
TPI-Abuse
2024-10-19 00:26:45
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 18 20:26:40.232879 2024] [security2:error] [pid 20231:tid 20231] [client 64.64.123.53:21037] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.domainexecs.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.domainexecs.com"] [uri "/back/sql.sql"] [unique_id "ZxL8wHQPLdiGvhBwZbnWpAAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack