TPI-Abuse
2024-10-03 13:41:53
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 03 09:41:48.405287 2024] [security2:error] [pid 1388:tid 1388] [client 64.64.123.53:60345] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||cvgandhes.investments|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cvgandhes.investments"] [uri "/bak/sql.sql"] [unique_id "Zv6fHN_QJR-qq5ylK-ww1wAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-10-03 09:56:33
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 03 05:56:29.221463 2024] [security2:error] [pid 32422:tid 32422] [client 64.64.123.53:18149] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.ixd.net|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.ixd.net"] [uri "/old/wallet.dat"] [unique_id "Zv5qTWzNy2LL3cI8N2iW1QAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-28 11:18:54
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 28 07:18:45.948451 2024] [security2:error] [pid 565:tid 565] [client 64.64.123.53:3125] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mjkhan.com"] [uri "/back/sftp-config.json"] [unique_id "ZvfmFQssMFC2jZTfI_cEeQAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-27 22:58:49
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 27 18:58:41.018132 2024] [security2:error] [pid 15500:tid 15500] [client 64.64.123.53:30363] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mapleleaf-marketing.com"] [uri "/old/sftp-config.json"] [unique_id "Zvc4oZngChsWyVjoy8NeSgAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-27 22:29:47
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 27 18:29:43.004775 2024] [security2:error] [pid 1323:tid 1323] [client 64.64.123.53:60343] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ibeautyexchange.com"] [uri "/backup/sftp-config.json"] [unique_id "Zvcx1ycbSVu19ENre_kHTgAAABY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-27 14:20:05
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 27 10:19:59.538016 2024] [security2:error] [pid 19545:tid 19545] [client 64.64.123.53:13469] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||prostar.industries|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "prostar.industries"] [uri "/www.sql"] [unique_id "Zva_D2_PaZQGt2BHh_NlrgAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-25 04:53:46
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 25 00:53:38.114872 2024] [security2:error] [pid 27362:tid 27362] [client 64.64.123.53:7345] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||swhowell.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "swhowell.com"] [uri "/backup/backup.sql"] [unique_id "ZvOXUj8KUWmhB4xCAjEVugAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-24 23:27:54
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 24 19:27:50.067784 2024] [security2:error] [pid 6162:tid 6162] [client 64.64.123.53:39297] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||ourhotmail.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ourhotmail.com"] [uri "/restore/dump.sql"] [unique_id "ZvNK9iMuD7dpbyp8EN0dhwAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-12 21:45:18
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 12 17:45:10.845664 2024] [security2:error] [pid 2617108:tid 2617147] [client 64.64.123.53:31667] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||blastfuturepress.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "blastfuturepress.com"] [uri "/back/backup.sql"] [unique_id "ZuNg5gV6H_SA6Ajjwt7rWwAAAcM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-12 21:24:29
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 12 17:24:23.956329 2024] [security2:error] [pid 5410:tid 5410] [client 64.64.123.53:6705] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.mindtoken.app|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.mindtoken.app"] [uri "/old/dump.sql"] [unique_id "ZuNcBx3h-CtB88Z1fpiWgwAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-09-04 00:10:42
(3 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
diego
2024-08-14 08:17:44
(3 months ago)
Events: TCP SYN Discovery or Flooding, Seen 3 times in the last 10800 seconds
DDoS Attack
diego
2024-08-10 05:24:43
(4 months ago)
Events: TCP SYN Discovery or Flooding, Seen 3 times in the last 10800 seconds
DDoS Attack
TPI-Abuse
2024-08-06 05:00:07
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 06 01:00:00.290896 2024] [security2:error] [pid 4299:tid 4299] [client 64.64.123.53:61701] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||boat-accessories.net|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "boat-accessories.net"] [uri "/backups/mysql.sql"] [unique_id "ZrGt0PAPzmupMhg7_6yAzgAAABo"] show less
Brute-Force
Bad Web Bot
Web App Attack
Hydra-Shield.fr
2024-08-05 15:19:59
(4 months ago)
Directory Traversal on: /.env
Web App Attack