Anonymous
2024-10-30 22:20:16
(1 month ago)
Account archive download attempts
Hacking
Brute-Force
TPI-Abuse
2024-10-26 00:46:56
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 25 20:46:51.389461 2024] [security2:error] [pid 12779:tid 12779] [client 64.64.123.53:39223] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||gcigmbh.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gcigmbh.com"] [uri "/bak/sql.sql"] [unique_id "Zxw7-3rPKJ9tSisv3cDfkAAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-25 06:42:22
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 25 02:42:14.653837 2024] [security2:error] [pid 32553:tid 32553] [client 64.64.123.53:21841] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||pigspolygon.xyz|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "pigspolygon.xyz"] [uri "/old/www.sql"] [unique_id "Zxs9xu0CIZ7e7Wo5CgC-tQAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
abusiveIntelligence
2024-10-21 04:10:00
(1 month ago)
RDP Local Account Slowly Brute-force Attempt
Brute-Force
abusiveIntelligence
2024-10-20 15:50:00
(1 month ago)
RDP Local Account Slowly Brute-force Attempt
Brute-Force
abusiveIntelligence
2024-10-20 03:30:00
(1 month ago)
RDP Local Account Slowly Brute-force Attempt
Brute-Force
abusiveIntelligence
2024-10-19 18:40:00
(1 month ago)
RDP Local Account Slowly Brute-force Attempt
Brute-Force
abusiveIntelligence
2024-10-19 04:30:00
(1 month ago)
RDP Local Account Slowly Brute-force Attempt
Brute-Force
Anonymous
2024-10-19 03:36:12
(1 month ago)
RDP brute force attack.
Port Scan
Brute-Force
TPI-Abuse
2024-10-19 00:26:45
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 18 20:26:40.232879 2024] [security2:error] [pid 20231:tid 20231] [client 64.64.123.53:21037] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.domainexecs.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.domainexecs.com"] [uri "/back/sql.sql"] [unique_id "ZxL8wHQPLdiGvhBwZbnWpAAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-18 11:26:37
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 18 07:26:30.820554 2024] [security2:error] [pid 23376:tid 23376] [client 64.64.123.53:57015] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||powderriverinc.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "powderriverinc.com"] [uri "/www.sql"] [unique_id "ZxJF5oeTCP03YI3ISvIesQAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
MSZ
2024-10-18 11:16:06
(1 month ago)
Blocked by Fail2Ban (plesk-modsecurity)
Hacking
Brute-Force
Web App Attack
TPI-Abuse
2024-10-18 11:04:38
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 18 07:04:33.105784 2024] [security2:error] [pid 19865:tid 19865] [client 64.64.123.53:11121] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||intercotrading.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "intercotrading.com"] [uri "/bak/backup.sql"] [unique_id "ZxJAwU55cMr-6O0jfPTBqgAAACY"] show less
Brute-Force
Bad Web Bot
Web App Attack
MSZ
2024-10-17 01:48:04
(1 month ago)
Blocked by Fail2Ban (plesk-modsecurity)
Hacking
Brute-Force
Web App Attack
MSZ
2024-10-16 02:16:06
(1 month ago)
Blocked by Fail2Ban (recidive)
Brute-Force