MSZ
2024-10-16 02:16:06
(1 month ago)
Blocked by Fail2Ban (recidive)
Brute-Force
TPI-Abuse
2024-10-15 14:27:35
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 15 10:27:29.796724 2024] [security2:error] [pid 32415:tid 32415] [client 64.64.123.53:51971] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.pcga.golf|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.pcga.golf"] [uri "/restore/backup.sql"] [unique_id "Zw570VIvy9MklZjcLsC96AAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
MSZ
2024-10-15 01:48:13
(1 month ago)
Blocked by Fail2Ban (recidive)
Brute-Force
MSZ
2024-10-14 01:32:27
(1 month ago)
Blocked by Fail2Ban (recidive)
Brute-Force
TPI-Abuse
2024-10-13 01:52:18
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 12 21:52:11.574376 2024] [security2:error] [pid 25904:tid 25904] [client 64.64.123.53:51721] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||fxztrader.com|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "fxztrader.com"] [uri "/backups/wallet.dat"] [unique_id "Zwsny6uZzpBzZDHSQ103NwAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
MSZ
2024-10-13 01:16:42
(1 month ago)
Blocked by Fail2Ban (recidive)
Brute-Force
MSZ
2024-10-12 00:48:52
(1 month ago)
Blocked by Fail2Ban (recidive)
Brute-Force
MSZ
2024-10-11 00:33:06
(1 month ago)
Blocked by Fail2Ban (recidive)
Brute-Force
TPI-Abuse
2024-10-10 06:56:06
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 10 02:56:03.128932 2024] [security2:error] [pid 21356:tid 21356] [client 64.64.123.53:1299] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bitcointoolshop.com"] [uri "/back/sftp-config.json"] [unique_id "Zwd6g6o5FlfIzSihPr91lAAAAB4"] show less
Brute-Force
Bad Web Bot
Web App Attack
MSZ
2024-10-10 00:01:59
(2 months ago)
Blocked by Fail2Ban (recidive)
Brute-Force
TPI-Abuse
2024-10-09 19:35:36
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 09 15:35:28.130953 2024] [security2:error] [pid 5153:tid 5153] [client 64.64.123.53:31051] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||firejasstrio.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "firejasstrio.com"] [uri "/bak/backup.sql"] [unique_id "ZwbbAGRRMalpcHYWHGaaYQAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-10-09 09:07:07
(2 months ago)
Account archive download attempts
Hacking
Brute-Force
TPI-Abuse
2024-10-07 14:33:52
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 07 10:33:48.598138 2024] [security2:error] [pid 10919:tid 10919] [client 64.64.123.53:63133] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||qcryptocoin.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "qcryptocoin.com"] [uri "/backup/mysql.sql"] [unique_id "ZwPxTKm--4K3QDcgBITiAQAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
guillaume illien
2024-10-07 14:09:25
(2 months ago)
64.64.123.53 - - [07/Oct/2024:14:09:21 +0000] "HEAD /bak/backup.tar HTTP/1.1" 301 0 "-" "-"
64 ... show more 64.64.123.53 - - [07/Oct/2024:14:09:21 +0000] "HEAD /bak/backup.tar HTTP/1.1" 301 0 "-" "-"
64.64.123.53 - - [07/Oct/2024:14:09:23 +0000] "HEAD /restore/website.tar.gz HTTP/1.1" 301 0 "-" "-"
64.64.123.53 - - [07/Oct/2024:14:09:23 +0000] "HEAD /old/credentials.txt HTTP/1.1" 301 0 "-" "-"
64.64.123.53 - - [07/Oct/2024:14:09:23 +0000] "HEAD /old/backup.gz HTTP/1.1" 301 0 "-" "-"
64.64.123.53 - - [07/Oct/2024:14:09:23 +0000] "HEAD /bak/backup.zip HTTP/1.1" 301 0 "-" "-"
64.64.123.53 - - [07/Oct/2024:14:09:24 +0000] "HEAD /backups/credentials.txt HTTP/1.1" 301 0 "-" "-"
64.64.123.53 - - [07/Oct/2024:14:09:24 +0000] "HEAD /old/www.rar HTTP/1.1" 301 0 "-" "-"
... show less
Hacking
Brute-Force
Web App Attack
SSH
MAGIC
2024-10-04 21:07:17
(2 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot