TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 81.25.112.49 (cl2023030814002.dnssw.net): 1 in ... show more(mod_security) mod_security (id:210730) triggered by 81.25.112.49 (cl2023030814002.dnssw.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 02 12:17:32.669125 2024] [security2:error] [pid 29866:tid 29866] [client 81.25.112.49:58922] [client 81.25.112.49] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||johnatuttle.us|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "johnatuttle.us"] [uri "/test.bak"] [unique_id "Zq0GnBTHEpcllng5Mt9MVwAAABI"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 81.25.112.49 (cl2023030814002.dnssw.net): 1 in ... show more(mod_security) mod_security (id:210492) triggered by 81.25.112.49 (cl2023030814002.dnssw.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 28 07:10:34.736515 2024] [security2:error] [pid 11949:tid 11949] [client 81.25.112.49:57364] [client 81.25.112.49] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "73.org"] [uri "/.env"] [unique_id "ZqYnKuHFNJWkzWjSd0gSEAAAAAY"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 81.25.112.49 (cl2023030814002.dnssw.net): 1 in ... show more(mod_security) mod_security (id:225170) triggered by 81.25.112.49 (cl2023030814002.dnssw.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 28 06:53:24.532985 2024] [security2:error] [pid 27538:tid 27538] [client 81.25.112.49:44664] [client 81.25.112.49] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||modestosoftwater.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "modestosoftwater.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ZqYjJIuoJQGy4UzfX_vq2QAAAAQ"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
10dencehispahard SL
|
|
Unauthorized login attempts [ bot_accesslogs, accesslogs]
|
Brute-Force
|
|
mnsf
|
|
Too many Status 40X (15)
|
Brute-Force
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 81.25.112.49 (cl2023030814002.dnssw.net): 1 in ... show more(mod_security) mod_security (id:210730) triggered by 81.25.112.49 (cl2023030814002.dnssw.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 12 00:50:21.680109 2024] [security2:error] [pid 13619] [client 81.25.112.49:51182] [client 81.25.112.49] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||kalvannastudios.com|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kalvannastudios.com"] [uri "/wp-admin.bak"] [unique_id "ZpC2DQho1bdq4AkJOBUFCQAAABA"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
HoneyPotEU02
|
|
wordpress-trap
|
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 81.25.112.49 (cl2023030814002.dnssw.net): 1 in ... show more(mod_security) mod_security (id:225170) triggered by 81.25.112.49 (cl2023030814002.dnssw.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 07 16:52:10.596687 2024] [security2:error] [pid 2265] [client 81.25.112.49:38482] [client 81.25.112.49] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||ahhhha.nl|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ahhhha.nl"] [uri "/wp-json/wp/v2/users"] [unique_id "Zor_-qkW9SRr3uqcmowkkAAAAAU"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
applemooz
|
|
<abuseipdb_matches>
...
|
Brute-Force
Web App Attack
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
10dencehispahard SL
|
|
Unauthorized login attempts [ bot_accesslogs, accesslogs]
|
Brute-Force
Brute-Force
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
Brute-Force
SSH
SSH
|
|