TPI-Abuse
2024-06-03 13:32:03
(6 months ago)
(mod_security) mod_security (id:225170) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 03 09:31:45.544200 2024] [security2:error] [pid 13246] [client 64.64.123.53:1809] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.freemanfoundationcle.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.freemanfoundationcle.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "Zl3FwfbqnTWw9aOkkElaawAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
cmbplf
2024-06-03 13:25:13
(6 months ago)
4.325 requests to */xmlrpc.php
364 requests to */wp-includes/wlwmanifest.xml
Brute-Force
Bad Web Bot
TPI-Abuse
2024-06-03 09:45:52
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 03 05:45:36.175315 2024] [security2:error] [pid 10796:tid 47703871018752] [client 64.64.123.53:25483] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||aviador.xyz|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "aviador.xyz"] [uri "/backup/mysql.sql"] [unique_id "Zl2QwC4uLi4IVAHXIEV0KgAAAQA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-05-30 15:45:31
(6 months ago)
(mod_security) mod_security (id:210492) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 30 11:45:17.041007 2024] [security2:error] [pid 23734] [client 64.64.123.53:60409] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ourhotmail.com"] [uri "/.env"] [unique_id "ZlifDR9YE49TctRqdyvhrAAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
hbrks
2024-05-29 23:58:48
(6 months ago)
HEAD http://techtronicgambia.com/back/directory.tar.gz
Web Spam
Hacking
Bad Web Bot
TPI-Abuse
2024-05-29 23:13:16
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 29 19:12:58.831299 2024] [security2:error] [pid 11874] [client 64.64.123.53:10213] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||pigspolygon.xyz|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "pigspolygon.xyz"] [uri "/www.sql"] [unique_id "Zle2erUa-bV89ODXv3ZfowAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
diego
2024-05-27 19:30:11
(6 months ago)
Events: TCP SYN Discovery or Flooding, Seen 3 times in the last 10800 seconds
DDoS Attack
10dencehispahard SL
2024-05-26 16:00:18
(6 months ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
TPI-Abuse
2024-05-26 15:21:10
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 26 11:20:55.618406 2024] [security2:error] [pid 31915:tid 47963425027840] [client 64.64.123.53:61785] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.fishrapper.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.fishrapper.com"] [uri "/backup/dump.sql"] [unique_id "ZlNTV6CSobKD9VH7IbwawwAAAQA"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-05-24 04:14:40
(6 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
CTK
2024-05-20 07:16:45
(6 months ago)
Customer Site (Grieskirchen FP)
Brute-Force
Anonymous
2024-05-15 06:52:26
(6 months ago)
Ports: *; Direction: 0; Trigger: CT_LIMIT
Brute-Force
SSH
Anonymous
2024-05-15 00:01:54
(6 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
bryth
2024-05-14 23:36:44
(6 months ago)
Wordpress login/xmlrpc abuse (Tue 14 May 2024 11:36:42 PM UTC)
Hacking
Web App Attack
TPI-Abuse
2024-05-09 05:08:35
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 09 01:08:21.106666 2024] [security2:error] [pid 15946:tid 47847506495232] [client 64.64.123.53:17397] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bluetigertees.com"] [uri "/.env"] [unique_id "ZjxaRaAGWtjpAyLRH7iveAAAAVQ"] show less
Brute-Force
Bad Web Bot
Web App Attack