Aetherweb Ark
2024-05-09 04:49:27
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (GB/United Kingdom/-): N in the la ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (GB/United Kingdom/-): N in the last X secs show less
Web App Attack
TPI-Abuse
2024-05-06 02:04:19
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 05 22:04:06.667839 2024] [security2:error] [pid 2970553:tid 47510393456384] [client 64.64.123.53:49157] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||dpscsde.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dpscsde.com"] [uri "/backups/mysql.sql"] [unique_id "Zjg6luMLWEvVfNf-h7WDSQAAAIk"] show less
Brute-Force
Bad Web Bot
Web App Attack
diego
2024-05-02 13:30:55
(7 months ago)
Events: TCP SYN Discovery or Flooding, Seen 4 times in the last 10800 seconds
DDoS Attack
hbrks
2024-04-25 17:24:18
(7 months ago)
HEAD http://techtronicgambia.com/back/www.zip * statusCode: 503 *
Web Spam
Hacking
Bad Web Bot
TPI-Abuse
2024-04-25 17:19:25
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 25 13:19:08.000227 2024] [security2:error] [pid 20737] [client 64.64.123.53:8791] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||boat-accessories.net|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "boat-accessories.net"] [uri "/restore/www.sql"] [unique_id "ZiqQi72mrq_n3HYdF2Kg6wAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-04-25 10:06:13
(7 months ago)
(mod_security) mod_security (id:210492) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 25 06:05:55.704496 2024] [security2:error] [pid 13026] [client 64.64.123.53:8753] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "symbarenewables.com"] [uri "/sftp-config.json"] [unique_id "ZiorAwhuHBw9mjQbN2eXnAAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-04-23 21:27:10
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 23 17:26:56.790077 2024] [security2:error] [pid 1228] [client 64.64.123.53:15873] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||isitel.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "isitel.com"] [uri "/back/sql.sql"] [unique_id "ZignoBJO_sUffwy2jbEtvAAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
hbrks
2024-04-12 23:35:59
(7 months ago)
HEAD http://leralmedia.com/backup/bak.rar * statusCode: 503 *
Web Spam
Hacking
Bad Web Bot
TPI-Abuse
2024-04-12 19:22:35
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 12 15:22:18.759755 2024] [security2:error] [pid 11710] [client 64.64.123.53:22763] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||wethepeoplealliance.network|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "wethepeoplealliance.network"] [uri "/backup/wallet.dat"] [unique_id "ZhmJ6sOtut6xAIwzUQHymwAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
hbrks
2024-04-12 17:45:04
(7 months ago)
HEAD http://leralmedia.com/restore/backup.rar * statusCode: 503 *
Web Spam
Hacking
Bad Web Bot
hbrks
2024-04-12 17:22:44
(7 months ago)
HEAD http://leralmedia.com/back/www.sql * statusCode: 503 *
Web Spam
Hacking
Bad Web Bot
hbrks
2024-04-12 16:56:26
(7 months ago)
HEAD http://leralmedia.com/restore/directory.rar * statusCode: 503 *
Web Spam
Hacking
Bad Web Bot
TPI-Abuse
2024-04-12 07:42:28
(7 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 12 03:42:14.575715 2024] [security2:error] [pid 24393] [client 64.64.123.53:15625] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||cryptoedge.net|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cryptoedge.net"] [uri "/restore/wallet.dat"] [unique_id "Zhjl1jyqGWnMMFBxgAMNNgAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-04-10 07:30:51
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 64.64.123.53 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 10 03:30:32.981606 2024] [security2:error] [pid 21886] [client 64.64.123.53:55465] [client 64.64.123.53] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||thegoldentether.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "thegoldentether.com"] [uri "/backup/dump.sql"] [unique_id "ZhZAGFRf8Hxilk51CvFiPwAAAAw"] show less
Brute-Force
Bad Web Bot
Web App Attack
MAGIC
2024-04-10 01:03:29
(8 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot