TPI-Abuse
2024-08-05 12:32:41
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 05 08:32:32.648697 2024] [security2:error] [pid 32764:tid 32764] [client 64.64.123.53:43517] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||crypto-stamps.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "crypto-stamps.com"] [uri "/restore/sql.sql"] [unique_id "ZrDGYGuPgFGF86gfSB_kLAAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-05 12:08:43
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 05 08:08:36.489587 2024] [security2:error] [pid 32447:tid 32447] [client 64.64.123.53:32601] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||thegoldentether.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "thegoldentether.com"] [uri "/backup/www.sql"] [unique_id "ZrDAxDnlZ_4F9rf8biMRcAAAAB0"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-07-24 15:05:52
(4 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
octageeks.com
2024-07-21 04:08:03
(4 months ago)
Wordpress malicious attack:[octawp]
Web App Attack
octageeks.com
2024-07-19 04:08:06
(4 months ago)
Wordpress malicious attack:[octawp]
Web App Attack
octageeks.com
2024-07-18 04:08:03
(4 months ago)
Wordpress malicious attack:[octawp]
Web App Attack
octageeks.com
2024-07-17 04:07:44
(4 months ago)
Wordpress malicious attack:[octawp]
Web App Attack
Rizzy
2024-07-16 15:36:16
(4 months ago)
Multiple WAF Violations
Brute-Force
Web App Attack
QT
2024-07-15 12:54:18
(4 months ago)
Unauthorised WordPress admin login attempted at 2024-07-15 22:54:15 +1000
Web App Attack
RLDD
2024-07-15 04:56:19
(4 months ago)
WP probing for vulnerabilities -cou
Web App Attack
octageeks.com
2024-07-15 04:08:13
(4 months ago)
Wordpress malicious attack:[octawp]
Web App Attack
cusezar.com
2024-07-14 17:01:28
(4 months ago)
64.64.123.53 /xmlrpc.php
Brute-Force
Linuxmalwarehuntingnl
2024-07-01 10:36:29
(5 months ago)
Unauthorized connection attempt
Brute-Force
10dencehispahard SL
2024-06-30 17:02:45
(5 months ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
TPI-Abuse
2024-06-30 16:51:58
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 30 12:51:54.392911 2024] [security2:error] [pid 11753] [client 64.64.123.53:16767] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pellman-world.com"] [uri "/restore/sftp-config.json"] [unique_id "ZoGNKqoL4Laoy3IRWnYhuQAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack